workos 6.1.0 → 7.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1353) hide show
  1. checksums.yaml +4 -4
  2. data/.github/CODEOWNERS +2 -2
  3. data/.github/workflows/ci.yml +7 -10
  4. data/.github/workflows/lint-pr-title.yml +1 -1
  5. data/.github/workflows/lint.yml +25 -0
  6. data/.github/workflows/release-please.yml +2 -2
  7. data/.github/workflows/release.yml +3 -7
  8. data/.oagen-manifest.json +1015 -0
  9. data/.release-please-manifest.json +1 -1
  10. data/.ruby-version +1 -1
  11. data/.standard.yml +1 -0
  12. data/CHANGELOG.md +38 -0
  13. data/Gemfile +1 -1
  14. data/Gemfile.lock +93 -47
  15. data/README.md +162 -14
  16. data/Rakefile +8 -4
  17. data/docs/V7_MIGRATION_GUIDE.md +780 -0
  18. data/lib/workos/actions.rb +93 -0
  19. data/lib/workos/admin_portal/generate_link.rb +34 -0
  20. data/lib/workos/admin_portal/intent_options.rb +18 -0
  21. data/lib/workos/admin_portal/portal_link_response.rb +18 -0
  22. data/lib/workos/admin_portal/sso_intent_options.rb +22 -0
  23. data/lib/workos/admin_portal.rb +51 -0
  24. data/lib/workos/api_keys/api_key.rb +43 -0
  25. data/lib/workos/api_keys/api_key_created.rb +34 -0
  26. data/lib/workos/api_keys/api_key_created_data.rb +43 -0
  27. data/lib/workos/api_keys/api_key_created_data_owner.rb +22 -0
  28. data/lib/workos/api_keys/api_key_owner.rb +7 -0
  29. data/lib/workos/api_keys/api_key_revoked.rb +34 -0
  30. data/lib/workos/api_keys/api_key_revoked_data.rb +7 -0
  31. data/lib/workos/api_keys/api_key_revoked_data_owner.rb +7 -0
  32. data/lib/workos/api_keys/api_key_validation_response.rb +18 -0
  33. data/lib/workos/api_keys/api_key_with_value.rb +46 -0
  34. data/lib/workos/api_keys/api_key_with_value_owner.rb +7 -0
  35. data/lib/workos/api_keys/create_organization_api_key.rb +22 -0
  36. data/lib/workos/api_keys/validate_api_key.rb +18 -0
  37. data/lib/workos/api_keys.rb +128 -0
  38. data/lib/workos/audit_logs/audit_log_action.rb +36 -0
  39. data/lib/workos/audit_logs/audit_log_action_json.rb +31 -0
  40. data/lib/workos/audit_logs/audit_log_event.rb +37 -0
  41. data/lib/workos/audit_logs/audit_log_event_actor.rb +28 -0
  42. data/lib/workos/audit_logs/audit_log_event_context.rb +22 -0
  43. data/lib/workos/audit_logs/audit_log_event_create_response.rb +18 -0
  44. data/lib/workos/audit_logs/audit_log_event_ingestion.rb +22 -0
  45. data/lib/workos/audit_logs/audit_log_event_target.rb +7 -0
  46. data/lib/workos/audit_logs/audit_log_export.rb +39 -0
  47. data/lib/workos/audit_logs/audit_log_export_creation.rb +49 -0
  48. data/lib/workos/audit_logs/audit_log_export_json.rb +34 -0
  49. data/lib/workos/audit_logs/audit_log_schema.rb +25 -0
  50. data/lib/workos/audit_logs/audit_log_schema_actor.rb +18 -0
  51. data/lib/workos/audit_logs/audit_log_schema_json.rb +34 -0
  52. data/lib/workos/audit_logs/audit_log_schema_json_actor.rb +7 -0
  53. data/lib/workos/audit_logs/audit_log_schema_json_target.rb +22 -0
  54. data/lib/workos/audit_logs/audit_log_schema_target.rb +7 -0
  55. data/lib/workos/audit_logs.rb +252 -72
  56. data/lib/workos/authorization/add_role_permission.rb +18 -0
  57. data/lib/workos/authorization/assign_role.rb +28 -0
  58. data/lib/workos/authorization/authorization_check.rb +18 -0
  59. data/lib/workos/authorization/authorization_permission.rb +43 -0
  60. data/lib/workos/authorization/authorization_resource.rb +46 -0
  61. data/lib/workos/authorization/check_authorization.rb +28 -0
  62. data/lib/workos/authorization/create_authorization_permission.rb +28 -0
  63. data/lib/workos/authorization/create_authorization_resource.rb +40 -0
  64. data/lib/workos/authorization/create_organization_role.rb +28 -0
  65. data/lib/workos/authorization/create_role.rb +7 -0
  66. data/lib/workos/authorization/permission.rb +7 -0
  67. data/lib/workos/authorization/permission_created.rb +34 -0
  68. data/lib/workos/authorization/permission_created_data.rb +40 -0
  69. data/lib/workos/authorization/permission_deleted.rb +34 -0
  70. data/lib/workos/authorization/permission_deleted_data.rb +7 -0
  71. data/lib/workos/authorization/permission_updated.rb +34 -0
  72. data/lib/workos/authorization/permission_updated_data.rb +7 -0
  73. data/lib/workos/authorization/remove_role.rb +7 -0
  74. data/lib/workos/authorization/role.rb +46 -0
  75. data/lib/workos/authorization/role_assignment.rb +34 -0
  76. data/lib/workos/authorization/role_assignment_resource.rb +25 -0
  77. data/lib/workos/authorization/role_created.rb +34 -0
  78. data/lib/workos/authorization/role_created_data.rb +34 -0
  79. data/lib/workos/authorization/role_deleted.rb +34 -0
  80. data/lib/workos/authorization/role_deleted_data.rb +7 -0
  81. data/lib/workos/authorization/role_list.rb +22 -0
  82. data/lib/workos/authorization/role_updated.rb +34 -0
  83. data/lib/workos/authorization/role_updated_data.rb +7 -0
  84. data/lib/workos/authorization/set_role_permissions.rb +18 -0
  85. data/lib/workos/authorization/slim_role.rb +7 -0
  86. data/lib/workos/authorization/update_authorization_permission.rb +22 -0
  87. data/lib/workos/authorization/update_authorization_resource.rb +31 -0
  88. data/lib/workos/authorization/update_organization_role.rb +7 -0
  89. data/lib/workos/authorization/update_role.rb +7 -0
  90. data/lib/workos/authorization/user_organization_membership_base_list_data.rb +46 -0
  91. data/lib/workos/authorization.rb +1289 -0
  92. data/lib/workos/base_client.rb +350 -0
  93. data/lib/workos/client.rb +94 -159
  94. data/lib/workos/configuration.rb +56 -5
  95. data/lib/workos/connect/application_credentials_list_item.rb +34 -0
  96. data/lib/workos/connect/connect_application.rb +46 -0
  97. data/lib/workos/connect/create_application_secret.rb +13 -0
  98. data/lib/workos/connect/create_m2m_application.rb +31 -0
  99. data/lib/workos/connect/create_oauth_application.rb +40 -0
  100. data/lib/workos/connect/external_auth_complete_response.rb +18 -0
  101. data/lib/workos/connect/new_connect_application_secret.rb +37 -0
  102. data/lib/workos/connect/redirect_uri_input.rb +22 -0
  103. data/lib/workos/connect/update_oauth_application.rb +28 -0
  104. data/lib/workos/connect/user_consent_option.rb +28 -0
  105. data/lib/workos/connect/user_consent_option_choice.rb +22 -0
  106. data/lib/workos/connect/user_management_login_request.rb +25 -0
  107. data/lib/workos/connect/user_object.rb +31 -0
  108. data/lib/workos/connect.rb +329 -0
  109. data/lib/workos/directory_sync/directory.rb +49 -0
  110. data/lib/workos/directory_sync/directory_group.rb +43 -0
  111. data/lib/workos/directory_sync/directory_metadata.rb +22 -0
  112. data/lib/workos/directory_sync/directory_metadata_user.rb +22 -0
  113. data/lib/workos/directory_sync/directory_user.rb +103 -0
  114. data/lib/workos/directory_sync/directory_user_email.rb +25 -0
  115. data/lib/workos/directory_sync/directory_user_with_groups.rb +106 -0
  116. data/lib/workos/directory_sync/directory_user_with_groups_email.rb +7 -0
  117. data/lib/workos/directory_sync/dsync_activated.rb +34 -0
  118. data/lib/workos/directory_sync/dsync_activated_data.rb +46 -0
  119. data/lib/workos/directory_sync/dsync_activated_data_domain.rb +25 -0
  120. data/lib/workos/directory_sync/dsync_deactivated.rb +34 -0
  121. data/lib/workos/directory_sync/dsync_deactivated_data.rb +46 -0
  122. data/lib/workos/directory_sync/dsync_deactivated_data_domain.rb +7 -0
  123. data/lib/workos/directory_sync/dsync_deleted.rb +34 -0
  124. data/lib/workos/directory_sync/dsync_deleted_data.rb +40 -0
  125. data/lib/workos/directory_sync/dsync_group_created.rb +34 -0
  126. data/lib/workos/directory_sync/dsync_group_deleted.rb +34 -0
  127. data/lib/workos/directory_sync/dsync_group_updated.rb +34 -0
  128. data/lib/workos/directory_sync/dsync_group_updated_data.rb +46 -0
  129. data/lib/workos/directory_sync/dsync_group_user_added.rb +34 -0
  130. data/lib/workos/directory_sync/dsync_group_user_added_data.rb +25 -0
  131. data/lib/workos/directory_sync/dsync_group_user_removed.rb +34 -0
  132. data/lib/workos/directory_sync/dsync_group_user_removed_data.rb +7 -0
  133. data/lib/workos/directory_sync/dsync_user_created.rb +34 -0
  134. data/lib/workos/directory_sync/dsync_user_deleted.rb +34 -0
  135. data/lib/workos/directory_sync/dsync_user_updated.rb +34 -0
  136. data/lib/workos/directory_sync/dsync_user_updated_data.rb +106 -0
  137. data/lib/workos/directory_sync/dsync_user_updated_data_email.rb +7 -0
  138. data/lib/workos/directory_sync.rb +230 -181
  139. data/lib/workos/encryptors/aes_gcm.rb +40 -33
  140. data/lib/workos/encryptors.rb +3 -3
  141. data/lib/workos/errors.rb +17 -75
  142. data/lib/workos/events/event_list_list_metadata.rb +18 -0
  143. data/lib/workos/events/event_schema.rb +34 -0
  144. data/lib/workos/events.rb +64 -38
  145. data/lib/workos/feature_flags/feature_flag.rb +49 -0
  146. data/lib/workos/feature_flags/feature_flag_owner.rb +25 -0
  147. data/lib/workos/feature_flags/flag.rb +7 -0
  148. data/lib/workos/feature_flags/flag_created.rb +34 -0
  149. data/lib/workos/feature_flags/flag_created_context.rb +22 -0
  150. data/lib/workos/feature_flags/flag_created_context_actor.rb +25 -0
  151. data/lib/workos/feature_flags/flag_created_data.rb +52 -0
  152. data/lib/workos/feature_flags/flag_created_data_owner.rb +7 -0
  153. data/lib/workos/feature_flags/flag_deleted.rb +34 -0
  154. data/lib/workos/feature_flags/flag_deleted_context.rb +22 -0
  155. data/lib/workos/feature_flags/flag_deleted_context_actor.rb +25 -0
  156. data/lib/workos/feature_flags/flag_deleted_data.rb +7 -0
  157. data/lib/workos/feature_flags/flag_deleted_data_owner.rb +7 -0
  158. data/lib/workos/feature_flags/flag_owner.rb +7 -0
  159. data/lib/workos/feature_flags/flag_rule_updated.rb +34 -0
  160. data/lib/workos/feature_flags/flag_rule_updated_context.rb +31 -0
  161. data/lib/workos/feature_flags/flag_rule_updated_context_actor.rb +25 -0
  162. data/lib/workos/feature_flags/flag_rule_updated_context_configured_target.rb +22 -0
  163. data/lib/workos/feature_flags/flag_rule_updated_context_configured_target_organization.rb +22 -0
  164. data/lib/workos/feature_flags/flag_rule_updated_context_configured_target_user.rb +22 -0
  165. data/lib/workos/feature_flags/flag_rule_updated_context_previous_attribute.rb +22 -0
  166. data/lib/workos/feature_flags/flag_rule_updated_context_previous_attribute_context.rb +22 -0
  167. data/lib/workos/feature_flags/flag_rule_updated_context_previous_attribute_context_configured_target.rb +7 -0
  168. data/lib/workos/feature_flags/flag_rule_updated_context_previous_attribute_context_configured_target_organization.rb +7 -0
  169. data/lib/workos/feature_flags/flag_rule_updated_context_previous_attribute_context_configured_target_user.rb +7 -0
  170. data/lib/workos/feature_flags/flag_rule_updated_context_previous_attribute_data.rb +22 -0
  171. data/lib/workos/feature_flags/flag_rule_updated_data.rb +7 -0
  172. data/lib/workos/feature_flags/flag_rule_updated_data_owner.rb +7 -0
  173. data/lib/workos/feature_flags/flag_updated.rb +34 -0
  174. data/lib/workos/feature_flags/flag_updated_context.rb +25 -0
  175. data/lib/workos/feature_flags/flag_updated_context_actor.rb +25 -0
  176. data/lib/workos/feature_flags/flag_updated_context_previous_attribute.rb +18 -0
  177. data/lib/workos/feature_flags/flag_updated_context_previous_attribute_data.rb +31 -0
  178. data/lib/workos/feature_flags/flag_updated_data.rb +7 -0
  179. data/lib/workos/feature_flags/flag_updated_data_owner.rb +7 -0
  180. data/lib/workos/feature_flags.rb +246 -0
  181. data/lib/workos/hash_provider.rb +34 -8
  182. data/lib/workos/inflections.rb +64 -0
  183. data/lib/workos/multi_factor_auth/authentication_challenge.rb +37 -0
  184. data/lib/workos/multi_factor_auth/authentication_challenge_verify_response.rb +22 -0
  185. data/lib/workos/multi_factor_auth/authentication_challenges_verify_request.rb +18 -0
  186. data/lib/workos/multi_factor_auth/authentication_factor.rb +40 -0
  187. data/lib/workos/multi_factor_auth/authentication_factor_enrolled.rb +40 -0
  188. data/lib/workos/multi_factor_auth/authentication_factor_enrolled_sms.rb +18 -0
  189. data/lib/workos/multi_factor_auth/authentication_factor_enrolled_totp.rb +31 -0
  190. data/lib/workos/multi_factor_auth/authentication_factor_sms.rb +7 -0
  191. data/lib/workos/multi_factor_auth/authentication_factor_totp.rb +22 -0
  192. data/lib/workos/multi_factor_auth/authentication_factors_create_request.rb +31 -0
  193. data/lib/workos/multi_factor_auth/challenge_authentication_factor.rb +18 -0
  194. data/lib/workos/multi_factor_auth/enroll_user_authentication_factor.rb +28 -0
  195. data/lib/workos/multi_factor_auth/user_authentication_factor_enroll_response.rb +22 -0
  196. data/lib/workos/multi_factor_auth.rb +215 -0
  197. data/lib/workos/organization_domains/create_organization_domain.rb +22 -0
  198. data/lib/workos/organization_domains/organization_domain.rb +46 -0
  199. data/lib/workos/organization_domains/organization_domain_created.rb +34 -0
  200. data/lib/workos/organization_domains/organization_domain_created_data.rb +46 -0
  201. data/lib/workos/organization_domains/organization_domain_deleted.rb +34 -0
  202. data/lib/workos/organization_domains/organization_domain_deleted_data.rb +46 -0
  203. data/lib/workos/organization_domains/organization_domain_stand_alone.rb +46 -0
  204. data/lib/workos/organization_domains/organization_domain_updated.rb +34 -0
  205. data/lib/workos/organization_domains/organization_domain_updated_data.rb +46 -0
  206. data/lib/workos/organization_domains/organization_domain_verification_failed.rb +34 -0
  207. data/lib/workos/organization_domains/organization_domain_verification_failed_data.rb +22 -0
  208. data/lib/workos/organization_domains/organization_domain_verification_failed_data_organization_domain.rb +46 -0
  209. data/lib/workos/organization_domains/organization_domain_verified.rb +34 -0
  210. data/lib/workos/organization_domains/organization_domain_verified_data.rb +46 -0
  211. data/lib/workos/organization_domains.rb +94 -0
  212. data/lib/workos/organizations/audit_log_configuration.rb +28 -0
  213. data/lib/workos/organizations/audit_log_configuration_log_stream.rb +31 -0
  214. data/lib/workos/organizations/audit_logs_retention.rb +23 -0
  215. data/lib/workos/organizations/audit_logs_retention_json.rb +18 -0
  216. data/lib/workos/organizations/organization.rb +55 -0
  217. data/lib/workos/organizations/organization_created.rb +34 -0
  218. data/lib/workos/organizations/organization_created_data.rb +43 -0
  219. data/lib/workos/organizations/organization_created_data_domain.rb +46 -0
  220. data/lib/workos/organizations/organization_deleted.rb +34 -0
  221. data/lib/workos/organizations/organization_deleted_data.rb +43 -0
  222. data/lib/workos/organizations/organization_deleted_data_domain.rb +46 -0
  223. data/lib/workos/organizations/organization_domain_data.rb +22 -0
  224. data/lib/workos/organizations/organization_input.rb +34 -0
  225. data/lib/workos/organizations/organization_membership_created.rb +34 -0
  226. data/lib/workos/organizations/organization_membership_created_data.rb +49 -0
  227. data/lib/workos/organizations/organization_membership_deleted.rb +34 -0
  228. data/lib/workos/organizations/organization_membership_deleted_data.rb +49 -0
  229. data/lib/workos/organizations/organization_membership_updated.rb +34 -0
  230. data/lib/workos/organizations/organization_membership_updated_data.rb +49 -0
  231. data/lib/workos/organizations/organization_role_created.rb +34 -0
  232. data/lib/workos/organizations/organization_role_created_data.rb +43 -0
  233. data/lib/workos/organizations/organization_role_deleted.rb +34 -0
  234. data/lib/workos/organizations/organization_role_deleted_data.rb +7 -0
  235. data/lib/workos/organizations/organization_role_updated.rb +34 -0
  236. data/lib/workos/organizations/organization_role_updated_data.rb +7 -0
  237. data/lib/workos/organizations/organization_updated.rb +34 -0
  238. data/lib/workos/organizations/organization_updated_data.rb +43 -0
  239. data/lib/workos/organizations/organization_updated_data_domain.rb +46 -0
  240. data/lib/workos/organizations/update_audit_logs_retention.rb +18 -0
  241. data/lib/workos/organizations/update_organization.rb +46 -0
  242. data/lib/workos/organizations.rb +203 -271
  243. data/lib/workos/passwordless.rb +63 -58
  244. data/lib/workos/pipes/connected_account.rb +40 -0
  245. data/lib/workos/pipes/data_integration_access_token_response.rb +25 -0
  246. data/lib/workos/pipes/data_integration_access_token_response_access_token.rb +31 -0
  247. data/lib/workos/pipes/data_integration_authorize_url_response.rb +18 -0
  248. data/lib/workos/pipes/data_integrations_get_data_integration_authorize_url_request.rb +25 -0
  249. data/lib/workos/pipes/data_integrations_get_user_token_request.rb +22 -0
  250. data/lib/workos/pipes/data_integrations_list_response.rb +22 -0
  251. data/lib/workos/pipes/data_integrations_list_response_data.rb +52 -0
  252. data/lib/workos/pipes/data_integrations_list_response_data_connected_account.rb +52 -0
  253. data/lib/workos/pipes.rb +149 -0
  254. data/lib/workos/pkce.rb +42 -0
  255. data/lib/workos/public_client.rb +27 -0
  256. data/lib/workos/radar/radar_list_entry_already_present_response.rb +18 -0
  257. data/lib/workos/radar/radar_standalone_assess_request.rb +37 -0
  258. data/lib/workos/radar/radar_standalone_delete_radar_list_entry_request.rb +18 -0
  259. data/lib/workos/radar/radar_standalone_response.rb +31 -0
  260. data/lib/workos/radar/radar_standalone_update_radar_attempt_request.rb +22 -0
  261. data/lib/workos/radar/radar_standalone_update_radar_list_request.rb +7 -0
  262. data/lib/workos/radar.rb +132 -0
  263. data/lib/workos/session.rb +108 -160
  264. data/lib/workos/session_manager.rb +196 -0
  265. data/lib/workos/shared/event_context.rb +34 -0
  266. data/lib/workos/shared/event_context_actor.rb +25 -0
  267. data/lib/workos/shared/event_context_google_analytics_session.rb +25 -0
  268. data/lib/workos/shared/group.rb +37 -0
  269. data/lib/workos/shared/group_created.rb +34 -0
  270. data/lib/workos/shared/group_deleted.rb +34 -0
  271. data/lib/workos/shared/group_member_added.rb +34 -0
  272. data/lib/workos/shared/group_member_added_data.rb +22 -0
  273. data/lib/workos/shared/group_member_removed.rb +34 -0
  274. data/lib/workos/shared/group_member_removed_data.rb +7 -0
  275. data/lib/workos/shared/group_updated.rb +34 -0
  276. data/lib/workos/sso/connection.rb +58 -0
  277. data/lib/workos/sso/connection_activated.rb +34 -0
  278. data/lib/workos/sso/connection_activated_data.rb +49 -0
  279. data/lib/workos/sso/connection_activated_data_domain.rb +25 -0
  280. data/lib/workos/sso/connection_deactivated.rb +34 -0
  281. data/lib/workos/sso/connection_deactivated_data.rb +49 -0
  282. data/lib/workos/sso/connection_deactivated_data_domain.rb +7 -0
  283. data/lib/workos/sso/connection_deleted.rb +34 -0
  284. data/lib/workos/sso/connection_deleted_data.rb +40 -0
  285. data/lib/workos/sso/connection_domain.rb +7 -0
  286. data/lib/workos/sso/connection_option.rb +18 -0
  287. data/lib/workos/sso/connection_saml_certificate_renewal_required.rb +34 -0
  288. data/lib/workos/sso/connection_saml_certificate_renewal_required_data.rb +25 -0
  289. data/lib/workos/sso/connection_saml_certificate_renewal_required_data_certificate.rb +25 -0
  290. data/lib/workos/sso/connection_saml_certificate_renewal_required_data_connection.rb +22 -0
  291. data/lib/workos/sso/connection_saml_certificate_renewed.rb +34 -0
  292. data/lib/workos/sso/connection_saml_certificate_renewed_data.rb +25 -0
  293. data/lib/workos/sso/connection_saml_certificate_renewed_data_certificate.rb +22 -0
  294. data/lib/workos/sso/connection_saml_certificate_renewed_data_connection.rb +7 -0
  295. data/lib/workos/sso/profile.rb +58 -0
  296. data/lib/workos/sso/sso_authorize_url_response.rb +18 -0
  297. data/lib/workos/sso/sso_logout_authorize_request.rb +18 -0
  298. data/lib/workos/sso/sso_logout_authorize_response.rb +22 -0
  299. data/lib/workos/sso/sso_token_response.rb +31 -0
  300. data/lib/workos/sso/sso_token_response_oauth_token.rb +7 -0
  301. data/lib/workos/sso/token_query.rb +28 -0
  302. data/lib/workos/sso.rb +231 -212
  303. data/lib/workos/types/api_response.rb +10 -0
  304. data/lib/workos/types/applications_order.rb +14 -0
  305. data/lib/workos/types/audit_log_configuration_log_stream_state.rb +15 -0
  306. data/lib/workos/types/audit_log_configuration_log_stream_type.rb +17 -0
  307. data/lib/workos/types/audit_log_configuration_state.rb +14 -0
  308. data/lib/workos/types/audit_log_export_json_state.rb +14 -0
  309. data/lib/workos/types/audit_log_export_state.rb +14 -0
  310. data/lib/workos/types/audit_logs_order.rb +9 -0
  311. data/lib/workos/types/authenticate_response_authentication_method.rb +33 -0
  312. data/lib/workos/types/authentication_factor_enrolled_type.rb +15 -0
  313. data/lib/workos/types/authentication_factor_type.rb +9 -0
  314. data/lib/workos/types/authentication_factors_create_request_type.rb +14 -0
  315. data/lib/workos/types/authentication_radar_risk_detected_data_action.rb +13 -0
  316. data/lib/workos/types/authorization_assignment.rb +13 -0
  317. data/lib/workos/types/authorization_order.rb +9 -0
  318. data/lib/workos/types/base_model.rb +35 -0
  319. data/lib/workos/types/connected_account_state.rb +14 -0
  320. data/lib/workos/types/connection_activated_data_connection_type.rb +61 -0
  321. data/lib/workos/types/connection_activated_data_state.rb +16 -0
  322. data/lib/workos/types/connection_activated_data_status.rb +13 -0
  323. data/lib/workos/types/connection_deactivated_data_connection_type.rb +9 -0
  324. data/lib/workos/types/connection_deactivated_data_state.rb +9 -0
  325. data/lib/workos/types/connection_deactivated_data_status.rb +9 -0
  326. data/lib/workos/types/connection_deleted_data_connection_type.rb +9 -0
  327. data/lib/workos/types/connection_deleted_data_state.rb +9 -0
  328. data/lib/workos/types/connection_saml_certificate_renewal_required_data_certificate_certificate_type.rb +14 -0
  329. data/lib/workos/types/connection_saml_certificate_renewed_data_certificate_certificate_type.rb +9 -0
  330. data/lib/workos/types/connection_state.rb +17 -0
  331. data/lib/workos/types/connection_status.rb +9 -0
  332. data/lib/workos/types/connection_type.rb +62 -0
  333. data/lib/workos/types/connections_connection_type.rb +59 -0
  334. data/lib/workos/types/connections_order.rb +9 -0
  335. data/lib/workos/types/create_user_invite_options_locale.rb +101 -0
  336. data/lib/workos/types/create_user_password_hash_type.rb +17 -0
  337. data/lib/workos/types/create_webhook_endpoint_events.rb +85 -0
  338. data/lib/workos/types/data_integration_access_token_response_error.rb +13 -0
  339. data/lib/workos/types/data_integrations_list_response_data_connected_account_state.rb +9 -0
  340. data/lib/workos/types/data_integrations_list_response_data_ownership.rb +13 -0
  341. data/lib/workos/types/directories_order.rb +9 -0
  342. data/lib/workos/types/directory_groups_order.rb +9 -0
  343. data/lib/workos/types/directory_state.rb +16 -0
  344. data/lib/workos/types/directory_type.rb +32 -0
  345. data/lib/workos/types/directory_user_state.rb +14 -0
  346. data/lib/workos/types/directory_user_with_groups_state.rb +9 -0
  347. data/lib/workos/types/directory_users_order.rb +9 -0
  348. data/lib/workos/types/dsync_activated_data_state.rb +16 -0
  349. data/lib/workos/types/dsync_activated_data_type.rb +34 -0
  350. data/lib/workos/types/dsync_deactivated_data_state.rb +9 -0
  351. data/lib/workos/types/dsync_deactivated_data_type.rb +9 -0
  352. data/lib/workos/types/dsync_deleted_data_state.rb +9 -0
  353. data/lib/workos/types/dsync_deleted_data_type.rb +9 -0
  354. data/lib/workos/types/dsync_user_updated_data_state.rb +9 -0
  355. data/lib/workos/types/event_context_actor_source.rb +14 -0
  356. data/lib/workos/types/events_order.rb +9 -0
  357. data/lib/workos/types/feature_flags_order.rb +9 -0
  358. data/lib/workos/types/flag_created_context_actor_source.rb +9 -0
  359. data/lib/workos/types/flag_deleted_context_actor_source.rb +9 -0
  360. data/lib/workos/types/flag_rule_updated_context_access_type.rb +14 -0
  361. data/lib/workos/types/flag_rule_updated_context_actor_source.rb +9 -0
  362. data/lib/workos/types/flag_rule_updated_context_previous_attribute_context_access_type.rb +9 -0
  363. data/lib/workos/types/flag_updated_context_actor_source.rb +9 -0
  364. data/lib/workos/types/generate_link_intent.rb +18 -0
  365. data/lib/workos/types/invitation_accepted_data_state.rb +15 -0
  366. data/lib/workos/types/invitation_created_data_state.rb +9 -0
  367. data/lib/workos/types/invitation_resent_data_state.rb +9 -0
  368. data/lib/workos/types/invitation_revoked_data_state.rb +9 -0
  369. data/lib/workos/types/invitation_state.rb +9 -0
  370. data/lib/workos/types/list_struct.rb +122 -6
  371. data/lib/workos/types/organization_created_data_domain_state.rb +16 -0
  372. data/lib/workos/types/organization_created_data_domain_verification_strategy.rb +13 -0
  373. data/lib/workos/types/organization_deleted_data_domain_state.rb +9 -0
  374. data/lib/workos/types/organization_deleted_data_domain_verification_strategy.rb +9 -0
  375. data/lib/workos/types/organization_domain_created_data_state.rb +9 -0
  376. data/lib/workos/types/organization_domain_created_data_verification_strategy.rb +9 -0
  377. data/lib/workos/types/organization_domain_data_state.rb +13 -0
  378. data/lib/workos/types/organization_domain_deleted_data_state.rb +9 -0
  379. data/lib/workos/types/organization_domain_deleted_data_verification_strategy.rb +9 -0
  380. data/lib/workos/types/organization_domain_stand_alone_state.rb +9 -0
  381. data/lib/workos/types/organization_domain_stand_alone_verification_strategy.rb +9 -0
  382. data/lib/workos/types/organization_domain_state.rb +9 -0
  383. data/lib/workos/types/organization_domain_updated_data_state.rb +9 -0
  384. data/lib/workos/types/organization_domain_updated_data_verification_strategy.rb +9 -0
  385. data/lib/workos/types/organization_domain_verification_failed_data_organization_domain_state.rb +9 -0
  386. data/lib/workos/types/organization_domain_verification_failed_data_organization_domain_verification_strategy.rb +9 -0
  387. data/lib/workos/types/organization_domain_verification_failed_data_reason.rb +13 -0
  388. data/lib/workos/types/organization_domain_verification_strategy.rb +9 -0
  389. data/lib/workos/types/organization_domain_verified_data_state.rb +9 -0
  390. data/lib/workos/types/organization_domain_verified_data_verification_strategy.rb +9 -0
  391. data/lib/workos/types/organization_membership_created_data_status.rb +14 -0
  392. data/lib/workos/types/organization_membership_deleted_data_status.rb +9 -0
  393. data/lib/workos/types/organization_membership_status.rb +9 -0
  394. data/lib/workos/types/organization_membership_updated_data_status.rb +9 -0
  395. data/lib/workos/types/organization_updated_data_domain_state.rb +9 -0
  396. data/lib/workos/types/organization_updated_data_domain_verification_strategy.rb +9 -0
  397. data/lib/workos/types/organizations_api_keys_order.rb +9 -0
  398. data/lib/workos/types/organizations_feature_flags_order.rb +9 -0
  399. data/lib/workos/types/organizations_order.rb +9 -0
  400. data/lib/workos/types/permissions_order.rb +9 -0
  401. data/lib/workos/types/profile_connection_type.rb +9 -0
  402. data/lib/workos/types/radar_action.rb +13 -0
  403. data/lib/workos/types/radar_standalone_assess_request_action.rb +19 -0
  404. data/lib/workos/types/radar_standalone_assess_request_auth_method.rb +19 -0
  405. data/lib/workos/types/radar_standalone_response_blocklist_type.rb +18 -0
  406. data/lib/workos/types/radar_standalone_response_control.rb +21 -0
  407. data/lib/workos/types/radar_standalone_response_verdict.rb +14 -0
  408. data/lib/workos/types/radar_type.rb +9 -0
  409. data/lib/workos/types/request_options.rb +33 -0
  410. data/lib/workos/types/resend_user_invite_options_locale.rb +9 -0
  411. data/lib/workos/types/role_type.rb +13 -0
  412. data/lib/workos/types/session_created_data_auth_method.rb +21 -0
  413. data/lib/workos/types/session_created_data_status.rb +14 -0
  414. data/lib/workos/types/session_revoked_data_auth_method.rb +9 -0
  415. data/lib/workos/types/session_revoked_data_status.rb +9 -0
  416. data/lib/workos/types/sso_provider.rb +15 -0
  417. data/lib/workos/types/update_user_password_hash_type.rb +9 -0
  418. data/lib/workos/types/update_webhook_endpoint_events.rb +9 -0
  419. data/lib/workos/types/update_webhook_endpoint_status.rb +13 -0
  420. data/lib/workos/types/user_identities_get_item_provider.rb +25 -0
  421. data/lib/workos/types/user_invite_state.rb +9 -0
  422. data/lib/workos/types/user_management_authentication_provider.rb +16 -0
  423. data/lib/workos/types/user_management_authentication_screen_hint.rb +13 -0
  424. data/lib/workos/types/user_management_invitations_order.rb +9 -0
  425. data/lib/workos/types/user_management_multi_factor_authentication_order.rb +9 -0
  426. data/lib/workos/types/user_management_organization_membership_order.rb +9 -0
  427. data/lib/workos/types/user_management_organization_membership_statuses.rb +9 -0
  428. data/lib/workos/types/user_management_users_authorized_applications_order.rb +9 -0
  429. data/lib/workos/types/user_management_users_feature_flags_order.rb +9 -0
  430. data/lib/workos/types/user_management_users_order.rb +9 -0
  431. data/lib/workos/types/user_organization_membership_base_list_data_status.rb +9 -0
  432. data/lib/workos/types/user_organization_membership_status.rb +9 -0
  433. data/lib/workos/types/user_sessions_auth_method.rb +9 -0
  434. data/lib/workos/types/user_sessions_status.rb +9 -0
  435. data/lib/workos/types/vault_byok_key_verification_completed_data_key_provider.rb +14 -0
  436. data/lib/workos/types/vault_data_created_data_actor_source.rb +13 -0
  437. data/lib/workos/types/vault_data_deleted_data_actor_source.rb +9 -0
  438. data/lib/workos/types/vault_data_read_data_actor_source.rb +9 -0
  439. data/lib/workos/types/vault_data_updated_data_actor_source.rb +9 -0
  440. data/lib/workos/types/vault_dek_decrypted_data_actor_source.rb +9 -0
  441. data/lib/workos/types/vault_dek_read_data_actor_source.rb +9 -0
  442. data/lib/workos/types/vault_kek_created_data_actor_source.rb +9 -0
  443. data/lib/workos/types/vault_metadata_read_data_actor_source.rb +9 -0
  444. data/lib/workos/types/vault_names_listed_data_actor_source.rb +9 -0
  445. data/lib/workos/types/webhook_endpoint_json_status.rb +9 -0
  446. data/lib/workos/types/webhook_endpoint_status.rb +13 -0
  447. data/lib/workos/types/webhooks_order.rb +9 -0
  448. data/lib/workos/types/widget_session_token_scopes.rb +17 -0
  449. data/lib/workos/user_management/action_authentication_denied.rb +34 -0
  450. data/lib/workos/user_management/action_authentication_denied_data.rb +43 -0
  451. data/lib/workos/user_management/action_user_registration_denied.rb +34 -0
  452. data/lib/workos/user_management/action_user_registration_denied_data.rb +40 -0
  453. data/lib/workos/user_management/authenticate_response.rb +40 -0
  454. data/lib/workos/user_management/authenticate_response_impersonator.rb +22 -0
  455. data/lib/workos/user_management/authenticate_response_oauth_token.rb +31 -0
  456. data/lib/workos/user_management/authentication_email_verification_failed.rb +34 -0
  457. data/lib/workos/user_management/authentication_email_verification_failed_data.rb +37 -0
  458. data/lib/workos/user_management/authentication_email_verification_failed_data_error.rb +22 -0
  459. data/lib/workos/user_management/authentication_email_verification_succeeded.rb +34 -0
  460. data/lib/workos/user_management/authentication_email_verification_succeeded_data.rb +34 -0
  461. data/lib/workos/user_management/authentication_magic_auth_failed.rb +34 -0
  462. data/lib/workos/user_management/authentication_magic_auth_failed_data.rb +37 -0
  463. data/lib/workos/user_management/authentication_magic_auth_failed_data_error.rb +7 -0
  464. data/lib/workos/user_management/authentication_magic_auth_succeeded.rb +34 -0
  465. data/lib/workos/user_management/authentication_magic_auth_succeeded_data.rb +34 -0
  466. data/lib/workos/user_management/authentication_mfa_failed.rb +34 -0
  467. data/lib/workos/user_management/authentication_mfa_failed_data.rb +37 -0
  468. data/lib/workos/user_management/authentication_mfa_failed_data_error.rb +7 -0
  469. data/lib/workos/user_management/authentication_mfa_succeeded.rb +34 -0
  470. data/lib/workos/user_management/authentication_mfa_succeeded_data.rb +34 -0
  471. data/lib/workos/user_management/authentication_oauth_failed.rb +34 -0
  472. data/lib/workos/user_management/authentication_oauth_failed_data.rb +37 -0
  473. data/lib/workos/user_management/authentication_oauth_failed_data_error.rb +7 -0
  474. data/lib/workos/user_management/authentication_oauth_succeeded.rb +34 -0
  475. data/lib/workos/user_management/authentication_oauth_succeeded_data.rb +34 -0
  476. data/lib/workos/user_management/authentication_passkey_failed.rb +34 -0
  477. data/lib/workos/user_management/authentication_passkey_failed_data.rb +37 -0
  478. data/lib/workos/user_management/authentication_passkey_failed_data_error.rb +7 -0
  479. data/lib/workos/user_management/authentication_passkey_succeeded.rb +34 -0
  480. data/lib/workos/user_management/authentication_passkey_succeeded_data.rb +34 -0
  481. data/lib/workos/user_management/authentication_password_failed.rb +34 -0
  482. data/lib/workos/user_management/authentication_password_failed_data.rb +37 -0
  483. data/lib/workos/user_management/authentication_password_failed_data_error.rb +7 -0
  484. data/lib/workos/user_management/authentication_password_succeeded.rb +34 -0
  485. data/lib/workos/user_management/authentication_password_succeeded_data.rb +34 -0
  486. data/lib/workos/user_management/authentication_radar_risk_detected.rb +34 -0
  487. data/lib/workos/user_management/authentication_radar_risk_detected_data.rb +40 -0
  488. data/lib/workos/user_management/authentication_sso_failed.rb +34 -0
  489. data/lib/workos/user_management/authentication_sso_failed_data.rb +40 -0
  490. data/lib/workos/user_management/authentication_sso_failed_data_error.rb +7 -0
  491. data/lib/workos/user_management/authentication_sso_failed_data_sso.rb +25 -0
  492. data/lib/workos/user_management/authentication_sso_started.rb +34 -0
  493. data/lib/workos/user_management/authentication_sso_started_data.rb +37 -0
  494. data/lib/workos/user_management/authentication_sso_started_data_sso.rb +7 -0
  495. data/lib/workos/user_management/authentication_sso_succeeded.rb +34 -0
  496. data/lib/workos/user_management/authentication_sso_succeeded_data.rb +37 -0
  497. data/lib/workos/user_management/authentication_sso_succeeded_data_sso.rb +7 -0
  498. data/lib/workos/user_management/authentication_sso_timed_out.rb +34 -0
  499. data/lib/workos/user_management/authentication_sso_timed_out_data.rb +40 -0
  500. data/lib/workos/user_management/authentication_sso_timed_out_data_error.rb +7 -0
  501. data/lib/workos/user_management/authentication_sso_timed_out_data_sso.rb +7 -0
  502. data/lib/workos/user_management/authorization_code_session_authenticate_request.rb +43 -0
  503. data/lib/workos/user_management/authorized_connect_application_list_data.rb +31 -0
  504. data/lib/workos/user_management/confirm_email_change.rb +7 -0
  505. data/lib/workos/user_management/cors_origin_response.rb +31 -0
  506. data/lib/workos/user_management/create_cors_origin.rb +18 -0
  507. data/lib/workos/user_management/create_magic_code_and_return.rb +22 -0
  508. data/lib/workos/user_management/create_password_reset.rb +22 -0
  509. data/lib/workos/user_management/create_password_reset_token.rb +18 -0
  510. data/lib/workos/user_management/create_redirect_uri.rb +18 -0
  511. data/lib/workos/user_management/create_user.rb +43 -0
  512. data/lib/workos/user_management/create_user_invite_options.rb +34 -0
  513. data/lib/workos/user_management/create_user_organization_membership.rb +28 -0
  514. data/lib/workos/user_management/device_authorization_response.rb +34 -0
  515. data/lib/workos/user_management/device_code_session_authenticate_request.rb +34 -0
  516. data/lib/workos/user_management/email_change.rb +31 -0
  517. data/lib/workos/user_management/email_change_confirmation.rb +22 -0
  518. data/lib/workos/user_management/email_change_confirmation_user.rb +55 -0
  519. data/lib/workos/user_management/email_verification.rb +40 -0
  520. data/lib/workos/user_management/email_verification_code_session_authenticate_request.rb +40 -0
  521. data/lib/workos/user_management/email_verification_created.rb +34 -0
  522. data/lib/workos/user_management/email_verification_created_data.rb +37 -0
  523. data/lib/workos/user_management/invitation.rb +58 -0
  524. data/lib/workos/user_management/invitation_accepted.rb +34 -0
  525. data/lib/workos/user_management/invitation_accepted_data.rb +52 -0
  526. data/lib/workos/user_management/invitation_created.rb +34 -0
  527. data/lib/workos/user_management/invitation_created_data.rb +52 -0
  528. data/lib/workos/user_management/invitation_resent.rb +34 -0
  529. data/lib/workos/user_management/invitation_resent_data.rb +52 -0
  530. data/lib/workos/user_management/invitation_revoked.rb +34 -0
  531. data/lib/workos/user_management/invitation_revoked_data.rb +52 -0
  532. data/lib/workos/user_management/jwks_response.rb +18 -0
  533. data/lib/workos/user_management/jwks_response_keys.rb +40 -0
  534. data/lib/workos/user_management/jwt_template_response.rb +28 -0
  535. data/lib/workos/user_management/magic_auth.rb +40 -0
  536. data/lib/workos/user_management/magic_auth_code_session_authenticate_request.rb +43 -0
  537. data/lib/workos/user_management/magic_auth_created.rb +34 -0
  538. data/lib/workos/user_management/magic_auth_created_data.rb +37 -0
  539. data/lib/workos/user_management/mfa_totp_session_authenticate_request.rb +43 -0
  540. data/lib/workos/user_management/organization_membership.rb +49 -0
  541. data/lib/workos/user_management/organization_selection_session_authenticate_request.rb +40 -0
  542. data/lib/workos/user_management/password_reset.rb +40 -0
  543. data/lib/workos/user_management/password_reset_created.rb +34 -0
  544. data/lib/workos/user_management/password_reset_created_data.rb +34 -0
  545. data/lib/workos/user_management/password_reset_succeeded.rb +34 -0
  546. data/lib/workos/user_management/password_reset_succeeded_data.rb +7 -0
  547. data/lib/workos/user_management/password_session_authenticate_request.rb +43 -0
  548. data/lib/workos/user_management/redirect_uri.rb +34 -0
  549. data/lib/workos/user_management/refresh_token_session_authenticate_request.rb +40 -0
  550. data/lib/workos/user_management/resend_user_invite_options.rb +18 -0
  551. data/lib/workos/user_management/reset_password_response.rb +18 -0
  552. data/lib/workos/user_management/revoke_session.rb +22 -0
  553. data/lib/workos/user_management/send_email_change.rb +18 -0
  554. data/lib/workos/user_management/send_verification_email_response.rb +7 -0
  555. data/lib/workos/user_management/session_created.rb +34 -0
  556. data/lib/workos/user_management/session_created_data.rb +55 -0
  557. data/lib/workos/user_management/session_created_data_impersonator.rb +7 -0
  558. data/lib/workos/user_management/session_revoked.rb +34 -0
  559. data/lib/workos/user_management/session_revoked_data.rb +55 -0
  560. data/lib/workos/user_management/session_revoked_data_impersonator.rb +7 -0
  561. data/lib/workos/user_management/sso_device_authorization_request.rb +18 -0
  562. data/lib/workos/user_management/update_jwt_template.rb +18 -0
  563. data/lib/workos/user_management/update_user.rb +46 -0
  564. data/lib/workos/user_management/update_user_organization_membership.rb +22 -0
  565. data/lib/workos/user_management/urn_ietf_params_oauth_grant_type_device_code_session_authenticate_request.rb +8 -0
  566. data/lib/workos/user_management/urn_workos_oauth_grant_type_email_verification_code_session_authenticate_request.rb +8 -0
  567. data/lib/workos/user_management/urn_workos_oauth_grant_type_magic_auth_code_session_authenticate_request.rb +8 -0
  568. data/lib/workos/user_management/urn_workos_oauth_grant_type_mfa_totp_session_authenticate_request.rb +8 -0
  569. data/lib/workos/user_management/urn_workos_oauth_grant_type_organization_selection_session_authenticate_request.rb +8 -0
  570. data/lib/workos/user_management/user.rb +7 -0
  571. data/lib/workos/user_management/user_created.rb +34 -0
  572. data/lib/workos/user_management/user_deleted.rb +34 -0
  573. data/lib/workos/user_management/user_identities_get_item.rb +25 -0
  574. data/lib/workos/user_management/user_invite.rb +58 -0
  575. data/lib/workos/user_management/user_organization_membership.rb +49 -0
  576. data/lib/workos/user_management/user_sessions_impersonator.rb +7 -0
  577. data/lib/workos/user_management/user_sessions_list_item.rb +55 -0
  578. data/lib/workos/user_management/user_updated.rb +34 -0
  579. data/lib/workos/user_management/verify_email_address.rb +7 -0
  580. data/lib/workos/user_management/verify_email_response.rb +7 -0
  581. data/lib/workos/user_management.rb +1522 -1154
  582. data/lib/workos/util/signature.rb +55 -0
  583. data/lib/workos/util.rb +16 -0
  584. data/lib/workos/vault/vault_byok_key_verification_completed.rb +34 -0
  585. data/lib/workos/vault/vault_byok_key_verification_completed_data.rb +25 -0
  586. data/lib/workos/vault/vault_data_created.rb +34 -0
  587. data/lib/workos/vault/vault_data_created_data.rb +34 -0
  588. data/lib/workos/vault/vault_data_deleted.rb +34 -0
  589. data/lib/workos/vault/vault_data_deleted_data.rb +28 -0
  590. data/lib/workos/vault/vault_data_read.rb +34 -0
  591. data/lib/workos/vault/vault_data_read_data.rb +31 -0
  592. data/lib/workos/vault/vault_data_updated.rb +34 -0
  593. data/lib/workos/vault/vault_data_updated_data.rb +34 -0
  594. data/lib/workos/vault/vault_dek_decrypted.rb +34 -0
  595. data/lib/workos/vault/vault_dek_decrypted_data.rb +28 -0
  596. data/lib/workos/vault/vault_dek_read.rb +34 -0
  597. data/lib/workos/vault/vault_dek_read_data.rb +31 -0
  598. data/lib/workos/vault/vault_kek_created.rb +34 -0
  599. data/lib/workos/vault/vault_kek_created_data.rb +31 -0
  600. data/lib/workos/vault/vault_metadata_read.rb +34 -0
  601. data/lib/workos/vault/vault_metadata_read_data.rb +28 -0
  602. data/lib/workos/vault/vault_names_listed.rb +34 -0
  603. data/lib/workos/vault/vault_names_listed_data.rb +25 -0
  604. data/lib/workos/vault.rb +241 -0
  605. data/lib/workos/version.rb +2 -1
  606. data/lib/workos/webhook_event.rb +120 -0
  607. data/lib/workos/webhooks/create_webhook_endpoint.rb +22 -0
  608. data/lib/workos/webhooks/update_webhook_endpoint.rb +25 -0
  609. data/lib/workos/webhooks/webhook_endpoint.rb +45 -0
  610. data/lib/workos/webhooks/webhook_endpoint_json.rb +40 -0
  611. data/lib/workos/webhooks.rb +213 -159
  612. data/lib/workos/widgets/widget_session_token.rb +25 -0
  613. data/lib/workos/widgets/widget_session_token_response.rb +18 -0
  614. data/lib/workos/widgets.rb +34 -38
  615. data/lib/workos.rb +30 -96
  616. data/rbi/workos/action_authentication_denied.rbi +54 -0
  617. data/rbi/workos/action_authentication_denied_data.rbi +72 -0
  618. data/rbi/workos/action_user_registration_denied.rbi +54 -0
  619. data/rbi/workos/action_user_registration_denied_data.rbi +66 -0
  620. data/rbi/workos/actions.rbi +48 -0
  621. data/rbi/workos/add_role_permission.rbi +24 -0
  622. data/rbi/workos/admin_portal.rbi +26 -0
  623. data/rbi/workos/api_key.rbi +72 -0
  624. data/rbi/workos/api_key_created.rbi +54 -0
  625. data/rbi/workos/api_key_created_data.rbi +72 -0
  626. data/rbi/workos/api_key_created_data_owner.rbi +30 -0
  627. data/rbi/workos/api_key_owner.rbi +30 -0
  628. data/rbi/workos/api_key_revoked.rbi +54 -0
  629. data/rbi/workos/api_key_revoked_data.rbi +72 -0
  630. data/rbi/workos/api_key_revoked_data_owner.rbi +30 -0
  631. data/rbi/workos/api_key_validation_response.rbi +24 -0
  632. data/rbi/workos/api_key_with_value.rbi +78 -0
  633. data/rbi/workos/api_key_with_value_owner.rbi +30 -0
  634. data/rbi/workos/api_keys.rbi +51 -0
  635. data/rbi/workos/application_credentials_list_item.rbi +54 -0
  636. data/rbi/workos/assign_role.rbi +42 -0
  637. data/rbi/workos/audit_log_action.rbi +47 -0
  638. data/rbi/workos/audit_log_action_json.rbi +48 -0
  639. data/rbi/workos/audit_log_configuration.rbi +42 -0
  640. data/rbi/workos/audit_log_configuration_log_stream.rbi +48 -0
  641. data/rbi/workos/audit_log_event.rbi +60 -0
  642. data/rbi/workos/audit_log_event_actor.rbi +42 -0
  643. data/rbi/workos/audit_log_event_context.rbi +30 -0
  644. data/rbi/workos/audit_log_event_create_response.rbi +24 -0
  645. data/rbi/workos/audit_log_event_ingestion.rbi +30 -0
  646. data/rbi/workos/audit_log_event_target.rbi +42 -0
  647. data/rbi/workos/audit_log_export.rbi +53 -0
  648. data/rbi/workos/audit_log_export_creation.rbi +66 -0
  649. data/rbi/workos/audit_log_export_json.rbi +54 -0
  650. data/rbi/workos/audit_log_schema.rbi +36 -0
  651. data/rbi/workos/audit_log_schema_actor.rbi +24 -0
  652. data/rbi/workos/audit_log_schema_json.rbi +54 -0
  653. data/rbi/workos/audit_log_schema_json_actor.rbi +24 -0
  654. data/rbi/workos/audit_log_schema_json_target.rbi +30 -0
  655. data/rbi/workos/audit_log_schema_target.rbi +30 -0
  656. data/rbi/workos/audit_logs.rbi +96 -0
  657. data/rbi/workos/audit_logs_retention.rbi +23 -0
  658. data/rbi/workos/audit_logs_retention_json.rbi +24 -0
  659. data/rbi/workos/authenticate_response.rbi +66 -0
  660. data/rbi/workos/authenticate_response_impersonator.rbi +30 -0
  661. data/rbi/workos/authenticate_response_oauth_token.rbi +48 -0
  662. data/rbi/workos/authentication_challenge.rbi +60 -0
  663. data/rbi/workos/authentication_challenge_verify_response.rbi +30 -0
  664. data/rbi/workos/authentication_challenges_verify_request.rbi +24 -0
  665. data/rbi/workos/authentication_email_verification_failed.rbi +54 -0
  666. data/rbi/workos/authentication_email_verification_failed_data.rbi +60 -0
  667. data/rbi/workos/authentication_email_verification_failed_data_error.rbi +30 -0
  668. data/rbi/workos/authentication_email_verification_succeeded.rbi +54 -0
  669. data/rbi/workos/authentication_email_verification_succeeded_data.rbi +54 -0
  670. data/rbi/workos/authentication_factor.rbi +66 -0
  671. data/rbi/workos/authentication_factor_enrolled.rbi +66 -0
  672. data/rbi/workos/authentication_factor_enrolled_sms.rbi +24 -0
  673. data/rbi/workos/authentication_factor_enrolled_totp.rbi +48 -0
  674. data/rbi/workos/authentication_factor_sms.rbi +24 -0
  675. data/rbi/workos/authentication_factor_totp.rbi +30 -0
  676. data/rbi/workos/authentication_factors_create_request.rbi +48 -0
  677. data/rbi/workos/authentication_magic_auth_failed.rbi +54 -0
  678. data/rbi/workos/authentication_magic_auth_failed_data.rbi +60 -0
  679. data/rbi/workos/authentication_magic_auth_failed_data_error.rbi +30 -0
  680. data/rbi/workos/authentication_magic_auth_succeeded.rbi +54 -0
  681. data/rbi/workos/authentication_magic_auth_succeeded_data.rbi +54 -0
  682. data/rbi/workos/authentication_mfa_failed.rbi +54 -0
  683. data/rbi/workos/authentication_mfa_failed_data.rbi +60 -0
  684. data/rbi/workos/authentication_mfa_failed_data_error.rbi +30 -0
  685. data/rbi/workos/authentication_mfa_succeeded.rbi +54 -0
  686. data/rbi/workos/authentication_mfa_succeeded_data.rbi +54 -0
  687. data/rbi/workos/authentication_oauth_failed.rbi +54 -0
  688. data/rbi/workos/authentication_oauth_failed_data.rbi +60 -0
  689. data/rbi/workos/authentication_oauth_failed_data_error.rbi +30 -0
  690. data/rbi/workos/authentication_oauth_succeeded.rbi +54 -0
  691. data/rbi/workos/authentication_oauth_succeeded_data.rbi +54 -0
  692. data/rbi/workos/authentication_passkey_failed.rbi +54 -0
  693. data/rbi/workos/authentication_passkey_failed_data.rbi +60 -0
  694. data/rbi/workos/authentication_passkey_failed_data_error.rbi +30 -0
  695. data/rbi/workos/authentication_passkey_succeeded.rbi +54 -0
  696. data/rbi/workos/authentication_passkey_succeeded_data.rbi +54 -0
  697. data/rbi/workos/authentication_password_failed.rbi +54 -0
  698. data/rbi/workos/authentication_password_failed_data.rbi +60 -0
  699. data/rbi/workos/authentication_password_failed_data_error.rbi +30 -0
  700. data/rbi/workos/authentication_password_succeeded.rbi +54 -0
  701. data/rbi/workos/authentication_password_succeeded_data.rbi +54 -0
  702. data/rbi/workos/authentication_radar_risk_detected.rbi +54 -0
  703. data/rbi/workos/authentication_radar_risk_detected_data.rbi +66 -0
  704. data/rbi/workos/authentication_sso_failed.rbi +54 -0
  705. data/rbi/workos/authentication_sso_failed_data.rbi +66 -0
  706. data/rbi/workos/authentication_sso_failed_data_error.rbi +30 -0
  707. data/rbi/workos/authentication_sso_failed_data_sso.rbi +36 -0
  708. data/rbi/workos/authentication_sso_started.rbi +54 -0
  709. data/rbi/workos/authentication_sso_started_data.rbi +60 -0
  710. data/rbi/workos/authentication_sso_started_data_sso.rbi +36 -0
  711. data/rbi/workos/authentication_sso_succeeded.rbi +54 -0
  712. data/rbi/workos/authentication_sso_succeeded_data.rbi +60 -0
  713. data/rbi/workos/authentication_sso_succeeded_data_sso.rbi +36 -0
  714. data/rbi/workos/authentication_sso_timed_out.rbi +54 -0
  715. data/rbi/workos/authentication_sso_timed_out_data.rbi +66 -0
  716. data/rbi/workos/authentication_sso_timed_out_data_error.rbi +30 -0
  717. data/rbi/workos/authentication_sso_timed_out_data_sso.rbi +36 -0
  718. data/rbi/workos/authorization.rbi +414 -0
  719. data/rbi/workos/authorization_check.rbi +24 -0
  720. data/rbi/workos/authorization_code_session_authenticate_request.rbi +72 -0
  721. data/rbi/workos/authorization_permission.rbi +72 -0
  722. data/rbi/workos/authorization_resource.rbi +78 -0
  723. data/rbi/workos/authorized_connect_application_list_data.rbi +48 -0
  724. data/rbi/workos/base_client.rbi +132 -0
  725. data/rbi/workos/challenge_authentication_factor.rbi +24 -0
  726. data/rbi/workos/check_authorization.rbi +42 -0
  727. data/rbi/workos/client.rbi +61 -0
  728. data/rbi/workos/configuration.rbi +68 -0
  729. data/rbi/workos/confirm_email_change.rbi +24 -0
  730. data/rbi/workos/connect.rbi +102 -0
  731. data/rbi/workos/connect_application.rbi +78 -0
  732. data/rbi/workos/connected_account.rbi +66 -0
  733. data/rbi/workos/connection.rbi +84 -0
  734. data/rbi/workos/connection_activated.rbi +54 -0
  735. data/rbi/workos/connection_activated_data.rbi +84 -0
  736. data/rbi/workos/connection_activated_data_domain.rbi +36 -0
  737. data/rbi/workos/connection_deactivated.rbi +54 -0
  738. data/rbi/workos/connection_deactivated_data.rbi +84 -0
  739. data/rbi/workos/connection_deactivated_data_domain.rbi +36 -0
  740. data/rbi/workos/connection_deleted.rbi +54 -0
  741. data/rbi/workos/connection_deleted_data.rbi +66 -0
  742. data/rbi/workos/connection_domain.rbi +36 -0
  743. data/rbi/workos/connection_option.rbi +24 -0
  744. data/rbi/workos/connection_saml_certificate_renewal_required.rbi +54 -0
  745. data/rbi/workos/connection_saml_certificate_renewal_required_data.rbi +36 -0
  746. data/rbi/workos/connection_saml_certificate_renewal_required_data_certificate.rbi +36 -0
  747. data/rbi/workos/connection_saml_certificate_renewal_required_data_connection.rbi +30 -0
  748. data/rbi/workos/connection_saml_certificate_renewed.rbi +54 -0
  749. data/rbi/workos/connection_saml_certificate_renewed_data.rbi +36 -0
  750. data/rbi/workos/connection_saml_certificate_renewed_data_certificate.rbi +30 -0
  751. data/rbi/workos/connection_saml_certificate_renewed_data_connection.rbi +30 -0
  752. data/rbi/workos/cors_origin_response.rbi +48 -0
  753. data/rbi/workos/create_application_secret.rbi +18 -0
  754. data/rbi/workos/create_authorization_permission.rbi +42 -0
  755. data/rbi/workos/create_authorization_resource.rbi +66 -0
  756. data/rbi/workos/create_cors_origin.rbi +24 -0
  757. data/rbi/workos/create_m2m_application.rbi +48 -0
  758. data/rbi/workos/create_magic_code_and_return.rbi +30 -0
  759. data/rbi/workos/create_oauth_application.rbi +66 -0
  760. data/rbi/workos/create_organization_api_key.rbi +30 -0
  761. data/rbi/workos/create_organization_domain.rbi +30 -0
  762. data/rbi/workos/create_organization_role.rbi +42 -0
  763. data/rbi/workos/create_password_reset.rbi +30 -0
  764. data/rbi/workos/create_password_reset_token.rbi +24 -0
  765. data/rbi/workos/create_redirect_uri.rbi +24 -0
  766. data/rbi/workos/create_role.rbi +42 -0
  767. data/rbi/workos/create_user.rbi +72 -0
  768. data/rbi/workos/create_user_invite_options.rbi +54 -0
  769. data/rbi/workos/create_user_organization_membership.rbi +42 -0
  770. data/rbi/workos/create_webhook_endpoint.rbi +30 -0
  771. data/rbi/workos/data_integration_access_token_response.rbi +36 -0
  772. data/rbi/workos/data_integration_access_token_response_access_token.rbi +48 -0
  773. data/rbi/workos/data_integration_authorize_url_response.rbi +24 -0
  774. data/rbi/workos/data_integrations_get_data_integration_authorize_url_request.rbi +36 -0
  775. data/rbi/workos/data_integrations_get_user_token_request.rbi +30 -0
  776. data/rbi/workos/data_integrations_list_response.rbi +30 -0
  777. data/rbi/workos/data_integrations_list_response_data.rbi +90 -0
  778. data/rbi/workos/data_integrations_list_response_data_connected_account.rbi +72 -0
  779. data/rbi/workos/device_authorization_response.rbi +54 -0
  780. data/rbi/workos/device_code_session_authenticate_request.rbi +54 -0
  781. data/rbi/workos/directory.rbi +84 -0
  782. data/rbi/workos/directory_group.rbi +72 -0
  783. data/rbi/workos/directory_metadata.rbi +30 -0
  784. data/rbi/workos/directory_metadata_user.rbi +30 -0
  785. data/rbi/workos/directory_sync.rbi +85 -0
  786. data/rbi/workos/directory_user.rbi +126 -0
  787. data/rbi/workos/directory_user_email.rbi +36 -0
  788. data/rbi/workos/directory_user_with_groups.rbi +132 -0
  789. data/rbi/workos/directory_user_with_groups_email.rbi +36 -0
  790. data/rbi/workos/dsync_activated.rbi +54 -0
  791. data/rbi/workos/dsync_activated_data.rbi +78 -0
  792. data/rbi/workos/dsync_activated_data_domain.rbi +36 -0
  793. data/rbi/workos/dsync_deactivated.rbi +54 -0
  794. data/rbi/workos/dsync_deactivated_data.rbi +78 -0
  795. data/rbi/workos/dsync_deactivated_data_domain.rbi +36 -0
  796. data/rbi/workos/dsync_deleted.rbi +54 -0
  797. data/rbi/workos/dsync_deleted_data.rbi +66 -0
  798. data/rbi/workos/dsync_group_created.rbi +54 -0
  799. data/rbi/workos/dsync_group_deleted.rbi +54 -0
  800. data/rbi/workos/dsync_group_updated.rbi +54 -0
  801. data/rbi/workos/dsync_group_updated_data.rbi +78 -0
  802. data/rbi/workos/dsync_group_user_added.rbi +54 -0
  803. data/rbi/workos/dsync_group_user_added_data.rbi +36 -0
  804. data/rbi/workos/dsync_group_user_removed.rbi +54 -0
  805. data/rbi/workos/dsync_group_user_removed_data.rbi +36 -0
  806. data/rbi/workos/dsync_user_created.rbi +54 -0
  807. data/rbi/workos/dsync_user_deleted.rbi +54 -0
  808. data/rbi/workos/dsync_user_updated.rbi +54 -0
  809. data/rbi/workos/dsync_user_updated_data.rbi +132 -0
  810. data/rbi/workos/dsync_user_updated_data_email.rbi +36 -0
  811. data/rbi/workos/email_change.rbi +48 -0
  812. data/rbi/workos/email_change_confirmation.rbi +30 -0
  813. data/rbi/workos/email_change_confirmation_user.rbi +96 -0
  814. data/rbi/workos/email_verification.rbi +66 -0
  815. data/rbi/workos/email_verification_code_session_authenticate_request.rbi +66 -0
  816. data/rbi/workos/email_verification_created.rbi +54 -0
  817. data/rbi/workos/email_verification_created_data.rbi +60 -0
  818. data/rbi/workos/encryptors/aes_gcm.rbi +19 -0
  819. data/rbi/workos/enroll_user_authentication_factor.rbi +42 -0
  820. data/rbi/workos/errors.rbi +43 -0
  821. data/rbi/workos/event_context.rbi +54 -0
  822. data/rbi/workos/event_context_actor.rbi +36 -0
  823. data/rbi/workos/event_context_google_analytics_session.rbi +36 -0
  824. data/rbi/workos/event_list_list_metadata.rbi +24 -0
  825. data/rbi/workos/event_schema.rbi +54 -0
  826. data/rbi/workos/events.rbi +28 -0
  827. data/rbi/workos/external_auth_complete_response.rbi +24 -0
  828. data/rbi/workos/feature_flag.rbi +84 -0
  829. data/rbi/workos/feature_flag_owner.rbi +36 -0
  830. data/rbi/workos/feature_flags.rbi +90 -0
  831. data/rbi/workos/flag.rbi +84 -0
  832. data/rbi/workos/flag_created.rbi +54 -0
  833. data/rbi/workos/flag_created_context.rbi +30 -0
  834. data/rbi/workos/flag_created_context_actor.rbi +36 -0
  835. data/rbi/workos/flag_created_data.rbi +90 -0
  836. data/rbi/workos/flag_created_data_owner.rbi +36 -0
  837. data/rbi/workos/flag_deleted.rbi +54 -0
  838. data/rbi/workos/flag_deleted_context.rbi +30 -0
  839. data/rbi/workos/flag_deleted_context_actor.rbi +36 -0
  840. data/rbi/workos/flag_deleted_data.rbi +90 -0
  841. data/rbi/workos/flag_deleted_data_owner.rbi +36 -0
  842. data/rbi/workos/flag_owner.rbi +36 -0
  843. data/rbi/workos/flag_rule_updated.rbi +54 -0
  844. data/rbi/workos/flag_rule_updated_context.rbi +48 -0
  845. data/rbi/workos/flag_rule_updated_context_actor.rbi +36 -0
  846. data/rbi/workos/flag_rule_updated_context_configured_target.rbi +30 -0
  847. data/rbi/workos/flag_rule_updated_context_configured_target_organization.rbi +30 -0
  848. data/rbi/workos/flag_rule_updated_context_configured_target_user.rbi +30 -0
  849. data/rbi/workos/flag_rule_updated_context_previous_attribute.rbi +30 -0
  850. data/rbi/workos/flag_rule_updated_context_previous_attribute_context.rbi +30 -0
  851. data/rbi/workos/flag_rule_updated_context_previous_attribute_context_configured_target.rbi +30 -0
  852. data/rbi/workos/flag_rule_updated_context_previous_attribute_context_configured_target_organization.rbi +30 -0
  853. data/rbi/workos/flag_rule_updated_context_previous_attribute_context_configured_target_user.rbi +30 -0
  854. data/rbi/workos/flag_rule_updated_context_previous_attribute_data.rbi +30 -0
  855. data/rbi/workos/flag_rule_updated_data.rbi +90 -0
  856. data/rbi/workos/flag_rule_updated_data_owner.rbi +36 -0
  857. data/rbi/workos/flag_updated.rbi +54 -0
  858. data/rbi/workos/flag_updated_context.rbi +36 -0
  859. data/rbi/workos/flag_updated_context_actor.rbi +36 -0
  860. data/rbi/workos/flag_updated_context_previous_attribute.rbi +24 -0
  861. data/rbi/workos/flag_updated_context_previous_attribute_data.rbi +48 -0
  862. data/rbi/workos/flag_updated_data.rbi +90 -0
  863. data/rbi/workos/flag_updated_data_owner.rbi +36 -0
  864. data/rbi/workos/generate_link.rbi +54 -0
  865. data/rbi/workos/group.rbi +60 -0
  866. data/rbi/workos/group_created.rbi +54 -0
  867. data/rbi/workos/group_deleted.rbi +54 -0
  868. data/rbi/workos/group_member_added.rbi +54 -0
  869. data/rbi/workos/group_member_added_data.rbi +30 -0
  870. data/rbi/workos/group_member_removed.rbi +54 -0
  871. data/rbi/workos/group_member_removed_data.rbi +30 -0
  872. data/rbi/workos/group_updated.rbi +54 -0
  873. data/rbi/workos/hash_provider.rbi +18 -0
  874. data/rbi/workos/intent_options.rbi +24 -0
  875. data/rbi/workos/invitation.rbi +102 -0
  876. data/rbi/workos/invitation_accepted.rbi +54 -0
  877. data/rbi/workos/invitation_accepted_data.rbi +90 -0
  878. data/rbi/workos/invitation_created.rbi +54 -0
  879. data/rbi/workos/invitation_created_data.rbi +90 -0
  880. data/rbi/workos/invitation_resent.rbi +54 -0
  881. data/rbi/workos/invitation_resent_data.rbi +90 -0
  882. data/rbi/workos/invitation_revoked.rbi +54 -0
  883. data/rbi/workos/invitation_revoked_data.rbi +90 -0
  884. data/rbi/workos/jwks_response.rbi +24 -0
  885. data/rbi/workos/jwks_response_keys.rbi +66 -0
  886. data/rbi/workos/jwt_template_response.rbi +42 -0
  887. data/rbi/workos/magic_auth.rbi +66 -0
  888. data/rbi/workos/magic_auth_code_session_authenticate_request.rbi +72 -0
  889. data/rbi/workos/magic_auth_created.rbi +54 -0
  890. data/rbi/workos/magic_auth_created_data.rbi +60 -0
  891. data/rbi/workos/mfa_totp_session_authenticate_request.rbi +72 -0
  892. data/rbi/workos/multi_factor_auth.rbi +83 -0
  893. data/rbi/workos/new_connect_application_secret.rbi +60 -0
  894. data/rbi/workos/organization.rbi +78 -0
  895. data/rbi/workos/organization_created.rbi +54 -0
  896. data/rbi/workos/organization_created_data.rbi +72 -0
  897. data/rbi/workos/organization_created_data_domain.rbi +78 -0
  898. data/rbi/workos/organization_deleted.rbi +54 -0
  899. data/rbi/workos/organization_deleted_data.rbi +72 -0
  900. data/rbi/workos/organization_deleted_data_domain.rbi +78 -0
  901. data/rbi/workos/organization_domain.rbi +78 -0
  902. data/rbi/workos/organization_domain_created.rbi +54 -0
  903. data/rbi/workos/organization_domain_created_data.rbi +78 -0
  904. data/rbi/workos/organization_domain_data.rbi +30 -0
  905. data/rbi/workos/organization_domain_deleted.rbi +54 -0
  906. data/rbi/workos/organization_domain_deleted_data.rbi +78 -0
  907. data/rbi/workos/organization_domain_stand_alone.rbi +78 -0
  908. data/rbi/workos/organization_domain_updated.rbi +54 -0
  909. data/rbi/workos/organization_domain_updated_data.rbi +78 -0
  910. data/rbi/workos/organization_domain_verification_failed.rbi +54 -0
  911. data/rbi/workos/organization_domain_verification_failed_data.rbi +30 -0
  912. data/rbi/workos/organization_domain_verification_failed_data_organization_domain.rbi +78 -0
  913. data/rbi/workos/organization_domain_verified.rbi +54 -0
  914. data/rbi/workos/organization_domain_verified_data.rbi +78 -0
  915. data/rbi/workos/organization_domains.rbi +46 -0
  916. data/rbi/workos/organization_input.rbi +54 -0
  917. data/rbi/workos/organization_membership.rbi +84 -0
  918. data/rbi/workos/organization_membership_created.rbi +54 -0
  919. data/rbi/workos/organization_membership_created_data.rbi +84 -0
  920. data/rbi/workos/organization_membership_deleted.rbi +54 -0
  921. data/rbi/workos/organization_membership_deleted_data.rbi +84 -0
  922. data/rbi/workos/organization_membership_updated.rbi +54 -0
  923. data/rbi/workos/organization_membership_updated_data.rbi +84 -0
  924. data/rbi/workos/organization_role_created.rbi +54 -0
  925. data/rbi/workos/organization_role_created_data.rbi +72 -0
  926. data/rbi/workos/organization_role_deleted.rbi +54 -0
  927. data/rbi/workos/organization_role_deleted_data.rbi +72 -0
  928. data/rbi/workos/organization_role_updated.rbi +54 -0
  929. data/rbi/workos/organization_role_updated_data.rbi +72 -0
  930. data/rbi/workos/organization_selection_session_authenticate_request.rbi +66 -0
  931. data/rbi/workos/organization_updated.rbi +54 -0
  932. data/rbi/workos/organization_updated_data.rbi +72 -0
  933. data/rbi/workos/organization_updated_data_domain.rbi +78 -0
  934. data/rbi/workos/organizations.rbi +86 -0
  935. data/rbi/workos/password_reset.rbi +66 -0
  936. data/rbi/workos/password_reset_created.rbi +54 -0
  937. data/rbi/workos/password_reset_created_data.rbi +54 -0
  938. data/rbi/workos/password_reset_succeeded.rbi +54 -0
  939. data/rbi/workos/password_reset_succeeded_data.rbi +54 -0
  940. data/rbi/workos/password_session_authenticate_request.rbi +72 -0
  941. data/rbi/workos/passwordless.rbi +47 -0
  942. data/rbi/workos/permission.rbi +72 -0
  943. data/rbi/workos/permission_created.rbi +54 -0
  944. data/rbi/workos/permission_created_data.rbi +66 -0
  945. data/rbi/workos/permission_deleted.rbi +54 -0
  946. data/rbi/workos/permission_deleted_data.rbi +66 -0
  947. data/rbi/workos/permission_updated.rbi +54 -0
  948. data/rbi/workos/permission_updated_data.rbi +66 -0
  949. data/rbi/workos/pipes.rbi +63 -0
  950. data/rbi/workos/portal_link_response.rbi +24 -0
  951. data/rbi/workos/profile.rbi +102 -0
  952. data/rbi/workos/public_client.rbi +12 -0
  953. data/rbi/workos/radar.rbi +57 -0
  954. data/rbi/workos/radar_list_entry_already_present_response.rbi +24 -0
  955. data/rbi/workos/radar_standalone_assess_request.rbi +60 -0
  956. data/rbi/workos/radar_standalone_delete_radar_list_entry_request.rbi +24 -0
  957. data/rbi/workos/radar_standalone_response.rbi +48 -0
  958. data/rbi/workos/radar_standalone_update_radar_attempt_request.rbi +30 -0
  959. data/rbi/workos/radar_standalone_update_radar_list_request.rbi +24 -0
  960. data/rbi/workos/redirect_uri.rbi +54 -0
  961. data/rbi/workos/redirect_uri_input.rbi +30 -0
  962. data/rbi/workos/refresh_token_session_authenticate_request.rbi +66 -0
  963. data/rbi/workos/remove_role.rbi +42 -0
  964. data/rbi/workos/resend_user_invite_options.rbi +24 -0
  965. data/rbi/workos/reset_password_response.rbi +24 -0
  966. data/rbi/workos/revoke_session.rbi +30 -0
  967. data/rbi/workos/role.rbi +78 -0
  968. data/rbi/workos/role_assignment.rbi +54 -0
  969. data/rbi/workos/role_assignment_resource.rbi +36 -0
  970. data/rbi/workos/role_created.rbi +54 -0
  971. data/rbi/workos/role_created_data.rbi +54 -0
  972. data/rbi/workos/role_deleted.rbi +54 -0
  973. data/rbi/workos/role_deleted_data.rbi +54 -0
  974. data/rbi/workos/role_list.rbi +30 -0
  975. data/rbi/workos/role_updated.rbi +54 -0
  976. data/rbi/workos/role_updated_data.rbi +54 -0
  977. data/rbi/workos/send_email_change.rbi +24 -0
  978. data/rbi/workos/send_verification_email_response.rbi +24 -0
  979. data/rbi/workos/session.rbi +43 -0
  980. data/rbi/workos/session_created.rbi +54 -0
  981. data/rbi/workos/session_created_data.rbi +96 -0
  982. data/rbi/workos/session_created_data_impersonator.rbi +30 -0
  983. data/rbi/workos/session_manager.rbi +154 -0
  984. data/rbi/workos/session_revoked.rbi +54 -0
  985. data/rbi/workos/session_revoked_data.rbi +96 -0
  986. data/rbi/workos/session_revoked_data_impersonator.rbi +30 -0
  987. data/rbi/workos/set_role_permissions.rbi +24 -0
  988. data/rbi/workos/slim_role.rbi +24 -0
  989. data/rbi/workos/sso.rbi +67 -0
  990. data/rbi/workos/sso_authorize_url_response.rbi +24 -0
  991. data/rbi/workos/sso_device_authorization_request.rbi +24 -0
  992. data/rbi/workos/sso_intent_options.rbi +30 -0
  993. data/rbi/workos/sso_logout_authorize_request.rbi +24 -0
  994. data/rbi/workos/sso_logout_authorize_response.rbi +30 -0
  995. data/rbi/workos/sso_token_response.rbi +48 -0
  996. data/rbi/workos/sso_token_response_oauth_token.rbi +48 -0
  997. data/rbi/workos/token_query.rbi +42 -0
  998. data/rbi/workos/types/api_response.rbi +29 -0
  999. data/rbi/workos/types/base_model.rbi +22 -0
  1000. data/rbi/workos/types/list_struct.rbi +89 -0
  1001. data/rbi/workos/types/request_options.rbi +12 -0
  1002. data/rbi/workos/update_audit_logs_retention.rbi +24 -0
  1003. data/rbi/workos/update_authorization_permission.rbi +30 -0
  1004. data/rbi/workos/update_authorization_resource.rbi +48 -0
  1005. data/rbi/workos/update_jwt_template.rbi +24 -0
  1006. data/rbi/workos/update_oauth_application.rbi +42 -0
  1007. data/rbi/workos/update_organization.rbi +60 -0
  1008. data/rbi/workos/update_organization_role.rbi +30 -0
  1009. data/rbi/workos/update_role.rbi +30 -0
  1010. data/rbi/workos/update_user.rbi +78 -0
  1011. data/rbi/workos/update_user_organization_membership.rbi +30 -0
  1012. data/rbi/workos/update_webhook_endpoint.rbi +36 -0
  1013. data/rbi/workos/user.rbi +96 -0
  1014. data/rbi/workos/user_authentication_factor_enroll_response.rbi +30 -0
  1015. data/rbi/workos/user_consent_option.rbi +42 -0
  1016. data/rbi/workos/user_consent_option_choice.rbi +30 -0
  1017. data/rbi/workos/user_created.rbi +54 -0
  1018. data/rbi/workos/user_deleted.rbi +54 -0
  1019. data/rbi/workos/user_identities_get_item.rbi +36 -0
  1020. data/rbi/workos/user_invite.rbi +102 -0
  1021. data/rbi/workos/user_management.rbi +410 -0
  1022. data/rbi/workos/user_management_login_request.rbi +36 -0
  1023. data/rbi/workos/user_object.rbi +48 -0
  1024. data/rbi/workos/user_organization_membership.rbi +84 -0
  1025. data/rbi/workos/user_organization_membership_base_list_data.rbi +78 -0
  1026. data/rbi/workos/user_sessions_impersonator.rbi +30 -0
  1027. data/rbi/workos/user_sessions_list_item.rbi +96 -0
  1028. data/rbi/workos/user_updated.rbi +54 -0
  1029. data/rbi/workos/util.rbi +12 -0
  1030. data/rbi/workos/validate_api_key.rbi +24 -0
  1031. data/rbi/workos/vault.rbi +137 -0
  1032. data/rbi/workos/vault_byok_key_verification_completed.rbi +54 -0
  1033. data/rbi/workos/vault_byok_key_verification_completed_data.rbi +36 -0
  1034. data/rbi/workos/vault_data_created.rbi +54 -0
  1035. data/rbi/workos/vault_data_created_data.rbi +54 -0
  1036. data/rbi/workos/vault_data_deleted.rbi +54 -0
  1037. data/rbi/workos/vault_data_deleted_data.rbi +42 -0
  1038. data/rbi/workos/vault_data_read.rbi +54 -0
  1039. data/rbi/workos/vault_data_read_data.rbi +48 -0
  1040. data/rbi/workos/vault_data_updated.rbi +54 -0
  1041. data/rbi/workos/vault_data_updated_data.rbi +54 -0
  1042. data/rbi/workos/vault_dek_decrypted.rbi +54 -0
  1043. data/rbi/workos/vault_dek_decrypted_data.rbi +42 -0
  1044. data/rbi/workos/vault_dek_read.rbi +54 -0
  1045. data/rbi/workos/vault_dek_read_data.rbi +48 -0
  1046. data/rbi/workos/vault_kek_created.rbi +54 -0
  1047. data/rbi/workos/vault_kek_created_data.rbi +48 -0
  1048. data/rbi/workos/vault_metadata_read.rbi +54 -0
  1049. data/rbi/workos/vault_metadata_read_data.rbi +42 -0
  1050. data/rbi/workos/vault_names_listed.rbi +54 -0
  1051. data/rbi/workos/vault_names_listed_data.rbi +36 -0
  1052. data/rbi/workos/verify_email_address.rbi +24 -0
  1053. data/rbi/workos/verify_email_response.rbi +24 -0
  1054. data/rbi/workos/webhook_endpoint.rbi +65 -0
  1055. data/rbi/workos/webhook_endpoint_json.rbi +66 -0
  1056. data/rbi/workos/webhooks.rbi +52 -0
  1057. data/rbi/workos/widget_session_token.rbi +36 -0
  1058. data/rbi/workos/widget_session_token_response.rbi +24 -0
  1059. data/rbi/workos/widgets.rbi +23 -0
  1060. data/renovate.json +66 -0
  1061. data/script/ci +16 -0
  1062. data/test/test_helper.rb +20 -0
  1063. data/test/workos/test_actions.rb +78 -0
  1064. data/test/workos/test_admin_portal.rb +33 -0
  1065. data/test/workos/test_api_keys.rb +57 -0
  1066. data/test/workos/test_audit_logs.rb +89 -0
  1067. data/test/workos/test_authkit_helpers.rb +109 -0
  1068. data/test/workos/test_authorization.rb +321 -0
  1069. data/test/workos/test_base_client.rb +173 -0
  1070. data/test/workos/test_connect.rb +127 -0
  1071. data/test/workos/test_directory_sync.rb +81 -0
  1072. data/test/workos/test_encryptors_aes_gcm.rb +54 -0
  1073. data/test/workos/test_events.rb +33 -0
  1074. data/test/workos/test_feature_flags.rb +89 -0
  1075. data/test/workos/test_list_struct.rb +39 -0
  1076. data/test/workos/test_model_round_trip.rb +7013 -0
  1077. data/test/workos/test_multi_factor_auth.rb +81 -0
  1078. data/test/workos/test_organization_domains.rb +57 -0
  1079. data/test/workos/test_organizations.rb +81 -0
  1080. data/test/workos/test_passwordless.rb +59 -0
  1081. data/test/workos/test_pipes.rb +65 -0
  1082. data/test/workos/test_pkce.rb +40 -0
  1083. data/test/workos/test_public_client.rb +38 -0
  1084. data/test/workos/test_radar.rb +57 -0
  1085. data/test/workos/test_session.rb +261 -0
  1086. data/test/workos/test_sso.rb +73 -0
  1087. data/test/workos/test_sso_helpers.rb +80 -0
  1088. data/test/workos/test_sso_runtime.rb +45 -0
  1089. data/test/workos/test_user_management.rb +473 -0
  1090. data/test/workos/test_vault.rb +151 -0
  1091. data/test/workos/test_webhook_verify.rb +84 -0
  1092. data/test/workos/test_webhooks.rb +57 -0
  1093. data/test/workos/test_widgets.rb +33 -0
  1094. data/workos.gemspec +22 -21
  1095. metadata +1097 -509
  1096. data/.github/renovate.json +0 -5
  1097. data/.rspec +0 -1
  1098. data/.rubocop.yml +0 -34
  1099. data/.rubocop_todo.yml +0 -94
  1100. data/lib/workos/audit_log_export.rb +0 -32
  1101. data/lib/workos/authentication_factor_and_challenge.rb +0 -28
  1102. data/lib/workos/authentication_response.rb +0 -62
  1103. data/lib/workos/cache.rb +0 -94
  1104. data/lib/workos/challenge.rb +0 -36
  1105. data/lib/workos/connection.rb +0 -42
  1106. data/lib/workos/deprecated_hash_wrapper.rb +0 -76
  1107. data/lib/workos/deprecation.rb +0 -16
  1108. data/lib/workos/directory.rb +0 -38
  1109. data/lib/workos/directory_group.rb +0 -41
  1110. data/lib/workos/directory_user.rb +0 -93
  1111. data/lib/workos/email_verification.rb +0 -37
  1112. data/lib/workos/event.rb +0 -30
  1113. data/lib/workos/factor.rb +0 -35
  1114. data/lib/workos/feature_flag.rb +0 -34
  1115. data/lib/workos/impersonator.rb +0 -23
  1116. data/lib/workos/invitation.rb +0 -49
  1117. data/lib/workos/magic_auth.rb +0 -37
  1118. data/lib/workos/mfa.rb +0 -136
  1119. data/lib/workos/oauth_tokens.rb +0 -29
  1120. data/lib/workos/organization.rb +0 -47
  1121. data/lib/workos/organization_membership.rb +0 -40
  1122. data/lib/workos/password_reset.rb +0 -37
  1123. data/lib/workos/portal.rb +0 -54
  1124. data/lib/workos/profile.rb +0 -57
  1125. data/lib/workos/profile_and_token.rb +0 -26
  1126. data/lib/workos/refresh_authentication_response.rb +0 -51
  1127. data/lib/workos/role.rb +0 -38
  1128. data/lib/workos/types/intent.rb +0 -18
  1129. data/lib/workos/types/passwordless_session_struct.rb +0 -18
  1130. data/lib/workos/types/provider.rb +0 -16
  1131. data/lib/workos/types/widget_scope.rb +0 -15
  1132. data/lib/workos/types.rb +0 -12
  1133. data/lib/workos/user.rb +0 -45
  1134. data/lib/workos/user_and_token.rb +0 -26
  1135. data/lib/workos/user_management/session.rb +0 -57
  1136. data/lib/workos/user_response.rb +0 -22
  1137. data/lib/workos/verify_challenge.rb +0 -25
  1138. data/lib/workos/webhook.rb +0 -30
  1139. data/spec/lib/workos/audit_logs_spec.rb +0 -150
  1140. data/spec/lib/workos/cache_spec.rb +0 -94
  1141. data/spec/lib/workos/client.rb +0 -67
  1142. data/spec/lib/workos/configuration_spec.rb +0 -60
  1143. data/spec/lib/workos/directory_sync_spec.rb +0 -483
  1144. data/spec/lib/workos/directory_user_spec.rb +0 -61
  1145. data/spec/lib/workos/encryptors/aes_gcm_spec.rb +0 -41
  1146. data/spec/lib/workos/event_spec.rb +0 -109
  1147. data/spec/lib/workos/mfa_spec.rb +0 -285
  1148. data/spec/lib/workos/organizations_spec.rb +0 -569
  1149. data/spec/lib/workos/passwordless_spec.rb +0 -76
  1150. data/spec/lib/workos/portal_spec.rb +0 -116
  1151. data/spec/lib/workos/role_spec.rb +0 -142
  1152. data/spec/lib/workos/session_spec.rb +0 -475
  1153. data/spec/lib/workos/sso_spec.rb +0 -756
  1154. data/spec/lib/workos/user_management_spec.rb +0 -1924
  1155. data/spec/lib/workos/webhooks_spec.rb +0 -235
  1156. data/spec/lib/workos/widgets_spec.rb +0 -73
  1157. data/spec/spec_helper.rb +0 -53
  1158. data/spec/support/fixtures/vcr_cassettes/audit_logs/create_event.yml +0 -59
  1159. data/spec/support/fixtures/vcr_cassettes/audit_logs/create_event_custom_idempotency_key.yml +0 -60
  1160. data/spec/support/fixtures/vcr_cassettes/audit_logs/create_event_invalid.yml +0 -59
  1161. data/spec/support/fixtures/vcr_cassettes/audit_logs/create_export.yml +0 -76
  1162. data/spec/support/fixtures/vcr_cassettes/audit_logs/create_export_with_filters.yml +0 -77
  1163. data/spec/support/fixtures/vcr_cassettes/audit_logs/get_export.yml +0 -73
  1164. data/spec/support/fixtures/vcr_cassettes/audit_trail/create_event.yml +0 -65
  1165. data/spec/support/fixtures/vcr_cassettes/audit_trail/create_event_custom_idempotency_key.yml +0 -67
  1166. data/spec/support/fixtures/vcr_cassettes/audit_trail/create_event_invalid.yml +0 -68
  1167. data/spec/support/fixtures/vcr_cassettes/audit_trail/create_events_duplicate_idempotency_key_and_payload.yml +0 -131
  1168. data/spec/support/fixtures/vcr_cassettes/audit_trail/create_events_duplicate_idempotency_key_different_payload.yml +0 -134
  1169. data/spec/support/fixtures/vcr_cassettes/audit_trail/get_events.yml +0 -61
  1170. data/spec/support/fixtures/vcr_cassettes/base/execute_request_unauthenticated.yml +0 -66
  1171. data/spec/support/fixtures/vcr_cassettes/directory_sync/delete_directory.yml +0 -72
  1172. data/spec/support/fixtures/vcr_cassettes/directory_sync/get_directory_with_invalid_id.yml +0 -83
  1173. data/spec/support/fixtures/vcr_cassettes/directory_sync/get_directory_with_valid_id.yml +0 -84
  1174. data/spec/support/fixtures/vcr_cassettes/directory_sync/get_group.yml +0 -80
  1175. data/spec/support/fixtures/vcr_cassettes/directory_sync/get_group_with_invalid_id.yml +0 -62
  1176. data/spec/support/fixtures/vcr_cassettes/directory_sync/get_user.yml +0 -83
  1177. data/spec/support/fixtures/vcr_cassettes/directory_sync/get_user_with_invalid_id.yml +0 -62
  1178. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories/with_after.yml +0 -87
  1179. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories/with_before.yml +0 -89
  1180. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories/with_domain.yml +0 -84
  1181. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories/with_limit.yml +0 -85
  1182. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories/with_no_options.yml +0 -93
  1183. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories/with_search.yml +0 -85
  1184. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_groups/with_after.yml +0 -90
  1185. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_groups/with_before.yml +0 -90
  1186. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_groups/with_directory.yml +0 -90
  1187. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_groups/with_limit.yml +0 -84
  1188. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_groups/with_no_options.yml +0 -84
  1189. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_groups/with_user.yml +0 -82
  1190. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_users/with_after.yml +0 -186
  1191. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_users/with_before.yml +0 -88
  1192. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_users/with_directory.yml +0 -194
  1193. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_users/with_group.yml +0 -186
  1194. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_users/with_limit.yml +0 -189
  1195. data/spec/support/fixtures/vcr_cassettes/directory_sync/list_users/with_no_options.yml +0 -75
  1196. data/spec/support/fixtures/vcr_cassettes/events/list_events_with_after.yml +0 -80
  1197. data/spec/support/fixtures/vcr_cassettes/events/list_events_with_event.yml +0 -80
  1198. data/spec/support/fixtures/vcr_cassettes/events/list_events_with_no_options.yml +0 -81
  1199. data/spec/support/fixtures/vcr_cassettes/events/list_events_with_organization_id.yml +0 -80
  1200. data/spec/support/fixtures/vcr_cassettes/events/list_events_with_range.yml +0 -80
  1201. data/spec/support/fixtures/vcr_cassettes/mfa/challenge_factor_generic_valid.yml +0 -82
  1202. data/spec/support/fixtures/vcr_cassettes/mfa/challenge_factor_sms_valid.yml +0 -82
  1203. data/spec/support/fixtures/vcr_cassettes/mfa/challenge_factor_totp_valid.yml +0 -82
  1204. data/spec/support/fixtures/vcr_cassettes/mfa/delete_factor.yml +0 -80
  1205. data/spec/support/fixtures/vcr_cassettes/mfa/enroll_factor_generic_valid.yml +0 -82
  1206. data/spec/support/fixtures/vcr_cassettes/mfa/enroll_factor_sms_valid.yml +0 -82
  1207. data/spec/support/fixtures/vcr_cassettes/mfa/enroll_factor_totp_valid.yml +0 -82
  1208. data/spec/support/fixtures/vcr_cassettes/mfa/get_factor_invalid.yml +0 -82
  1209. data/spec/support/fixtures/vcr_cassettes/mfa/get_factor_valid.yml +0 -82
  1210. data/spec/support/fixtures/vcr_cassettes/mfa/verify_challenge_generic_expired.yml +0 -84
  1211. data/spec/support/fixtures/vcr_cassettes/mfa/verify_challenge_generic_invalid.yml +0 -84
  1212. data/spec/support/fixtures/vcr_cassettes/mfa/verify_challenge_generic_valid.yml +0 -82
  1213. data/spec/support/fixtures/vcr_cassettes/mfa/verify_challenge_generic_valid_is_false.yml +0 -82
  1214. data/spec/support/fixtures/vcr_cassettes/organization/create.yml +0 -84
  1215. data/spec/support/fixtures/vcr_cassettes/organization/create_invalid.yml +0 -72
  1216. data/spec/support/fixtures/vcr_cassettes/organization/create_with_domain_data.yml +0 -82
  1217. data/spec/support/fixtures/vcr_cassettes/organization/create_with_domains.yml +0 -81
  1218. data/spec/support/fixtures/vcr_cassettes/organization/create_with_duplicate_idempotency_key_and_different_payload.yml +0 -155
  1219. data/spec/support/fixtures/vcr_cassettes/organization/create_with_duplicate_idempotency_key_and_payload.yml +0 -154
  1220. data/spec/support/fixtures/vcr_cassettes/organization/create_with_external_id.yml +0 -83
  1221. data/spec/support/fixtures/vcr_cassettes/organization/create_with_idempotency_key.yml +0 -79
  1222. data/spec/support/fixtures/vcr_cassettes/organization/create_without_domains.yml +0 -86
  1223. data/spec/support/fixtures/vcr_cassettes/organization/delete.yml +0 -72
  1224. data/spec/support/fixtures/vcr_cassettes/organization/delete_invalid.yml +0 -72
  1225. data/spec/support/fixtures/vcr_cassettes/organization/get.yml +0 -84
  1226. data/spec/support/fixtures/vcr_cassettes/organization/get_invalid.yml +0 -72
  1227. data/spec/support/fixtures/vcr_cassettes/organization/list.yml +0 -87
  1228. data/spec/support/fixtures/vcr_cassettes/organization/list_organization_feature_flags.yml +0 -78
  1229. data/spec/support/fixtures/vcr_cassettes/organization/list_organization_roles.yml +0 -82
  1230. data/spec/support/fixtures/vcr_cassettes/organization/update.yml +0 -84
  1231. data/spec/support/fixtures/vcr_cassettes/organization/update_with_external_id.yml +0 -78
  1232. data/spec/support/fixtures/vcr_cassettes/organization/update_with_external_id_null.yml +0 -78
  1233. data/spec/support/fixtures/vcr_cassettes/organization/update_with_stripe_customer_id.yml +0 -78
  1234. data/spec/support/fixtures/vcr_cassettes/organization/update_without_name.yml +0 -85
  1235. data/spec/support/fixtures/vcr_cassettes/passwordless/create_session.yml +0 -72
  1236. data/spec/support/fixtures/vcr_cassettes/passwordless/create_session_invalid.yml +0 -73
  1237. data/spec/support/fixtures/vcr_cassettes/passwordless/send_session.yml +0 -72
  1238. data/spec/support/fixtures/vcr_cassettes/passwordless/send_session_invalid.yml +0 -73
  1239. data/spec/support/fixtures/vcr_cassettes/portal/generate_link_audit_logs.yml +0 -72
  1240. data/spec/support/fixtures/vcr_cassettes/portal/generate_link_certificate_renewal.yml +0 -72
  1241. data/spec/support/fixtures/vcr_cassettes/portal/generate_link_domain_verification.yml +0 -72
  1242. data/spec/support/fixtures/vcr_cassettes/portal/generate_link_dsync.yml +0 -72
  1243. data/spec/support/fixtures/vcr_cassettes/portal/generate_link_invalid.yml +0 -72
  1244. data/spec/support/fixtures/vcr_cassettes/portal/generate_link_sso.yml +0 -72
  1245. data/spec/support/fixtures/vcr_cassettes/sso/delete_connection_with_invalid_id.yml +0 -72
  1246. data/spec/support/fixtures/vcr_cassettes/sso/delete_connection_with_valid_id.yml +0 -70
  1247. data/spec/support/fixtures/vcr_cassettes/sso/get_connection_with_invalid_id.yml +0 -72
  1248. data/spec/support/fixtures/vcr_cassettes/sso/get_connection_with_valid_id.yml +0 -86
  1249. data/spec/support/fixtures/vcr_cassettes/sso/list_connections/with_after.yml +0 -83
  1250. data/spec/support/fixtures/vcr_cassettes/sso/list_connections/with_before.yml +0 -86
  1251. data/spec/support/fixtures/vcr_cassettes/sso/list_connections/with_connection_type.yml +0 -90
  1252. data/spec/support/fixtures/vcr_cassettes/sso/list_connections/with_domain.yml +0 -86
  1253. data/spec/support/fixtures/vcr_cassettes/sso/list_connections/with_limit.yml +0 -83
  1254. data/spec/support/fixtures/vcr_cassettes/sso/list_connections/with_no_options.yml +0 -89
  1255. data/spec/support/fixtures/vcr_cassettes/sso/list_connections/with_organization_id.yml +0 -86
  1256. data/spec/support/fixtures/vcr_cassettes/sso/profile.yml +0 -74
  1257. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/invalid.yml +0 -84
  1258. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid.yml +0 -82
  1259. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid_with_impersonator.yml +0 -80
  1260. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid_with_oauth_tokens.yml +0 -82
  1261. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_email_verification/invalid.yml +0 -83
  1262. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_email_verification/valid.yml +0 -81
  1263. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_magic_auth/invalid.yml +0 -82
  1264. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_magic_auth/valid.yml +0 -82
  1265. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/invalid.yml +0 -81
  1266. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/valid.yml +0 -82
  1267. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/invalid.yml +0 -82
  1268. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/unverified.yml +0 -82
  1269. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/valid.yml +0 -82
  1270. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_code/invalid.yml +0 -81
  1271. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_token/valid.yml +0 -82
  1272. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_totp/invalid.yml +0 -83
  1273. data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_totp/valid.yml +0 -81
  1274. data/spec/support/fixtures/vcr_cassettes/user_management/confirm_password_reset/invalid.yml +0 -82
  1275. data/spec/support/fixtures/vcr_cassettes/user_management/confirm_password_reset/valid.yml +0 -82
  1276. data/spec/support/fixtures/vcr_cassettes/user_management/create_magic_auth/valid.yml +0 -80
  1277. data/spec/support/fixtures/vcr_cassettes/user_management/create_organization_membership/invalid.yml +0 -83
  1278. data/spec/support/fixtures/vcr_cassettes/user_management/create_organization_membership/valid.yml +0 -82
  1279. data/spec/support/fixtures/vcr_cassettes/user_management/create_organization_membership/valid_multiple_roles.yml +0 -76
  1280. data/spec/support/fixtures/vcr_cassettes/user_management/create_password_reset/valid.yml +0 -80
  1281. data/spec/support/fixtures/vcr_cassettes/user_management/create_user_invalid.yml +0 -83
  1282. data/spec/support/fixtures/vcr_cassettes/user_management/create_user_valid.yml +0 -82
  1283. data/spec/support/fixtures/vcr_cassettes/user_management/create_user_with_external_id.yml +0 -77
  1284. data/spec/support/fixtures/vcr_cassettes/user_management/deactivate_organization_membership.yml +0 -64
  1285. data/spec/support/fixtures/vcr_cassettes/user_management/delete_organization_membership/invalid.yml +0 -82
  1286. data/spec/support/fixtures/vcr_cassettes/user_management/delete_organization_membership/valid.yml +0 -78
  1287. data/spec/support/fixtures/vcr_cassettes/user_management/delete_user/invalid.yml +0 -82
  1288. data/spec/support/fixtures/vcr_cassettes/user_management/delete_user/valid.yml +0 -78
  1289. data/spec/support/fixtures/vcr_cassettes/user_management/enroll_auth_factor/invalid.yml +0 -82
  1290. data/spec/support/fixtures/vcr_cassettes/user_management/enroll_auth_factor/valid.yml +0 -82
  1291. data/spec/support/fixtures/vcr_cassettes/user_management/find_invitation_by_token/invalid.yml +0 -80
  1292. data/spec/support/fixtures/vcr_cassettes/user_management/find_invitation_by_token/valid.yml +0 -80
  1293. data/spec/support/fixtures/vcr_cassettes/user_management/get_email_verification/invalid.yml +0 -80
  1294. data/spec/support/fixtures/vcr_cassettes/user_management/get_email_verification/valid.yml +0 -80
  1295. data/spec/support/fixtures/vcr_cassettes/user_management/get_invitation/invalid.yml +0 -82
  1296. data/spec/support/fixtures/vcr_cassettes/user_management/get_invitation/valid.yml +0 -82
  1297. data/spec/support/fixtures/vcr_cassettes/user_management/get_magic_auth/invalid.yml +0 -80
  1298. data/spec/support/fixtures/vcr_cassettes/user_management/get_magic_auth/valid.yml +0 -80
  1299. data/spec/support/fixtures/vcr_cassettes/user_management/get_organization_membership.yml +0 -82
  1300. data/spec/support/fixtures/vcr_cassettes/user_management/get_password_reset/invalid.yml +0 -80
  1301. data/spec/support/fixtures/vcr_cassettes/user_management/get_password_reset/valid.yml +0 -80
  1302. data/spec/support/fixtures/vcr_cassettes/user_management/get_user.yml +0 -82
  1303. data/spec/support/fixtures/vcr_cassettes/user_management/list_auth_factors/invalid.yml +0 -82
  1304. data/spec/support/fixtures/vcr_cassettes/user_management/list_auth_factors/valid.yml +0 -82
  1305. data/spec/support/fixtures/vcr_cassettes/user_management/list_invitations/with_after.yml +0 -83
  1306. data/spec/support/fixtures/vcr_cassettes/user_management/list_invitations/with_before.yml +0 -83
  1307. data/spec/support/fixtures/vcr_cassettes/user_management/list_invitations/with_limit.yml +0 -83
  1308. data/spec/support/fixtures/vcr_cassettes/user_management/list_invitations/with_no_options.yml +0 -83
  1309. data/spec/support/fixtures/vcr_cassettes/user_management/list_invitations/with_organization_id.yml +0 -83
  1310. data/spec/support/fixtures/vcr_cassettes/user_management/list_organization_memberships/no_options.yml +0 -82
  1311. data/spec/support/fixtures/vcr_cassettes/user_management/list_organization_memberships/with_options.yml +0 -82
  1312. data/spec/support/fixtures/vcr_cassettes/user_management/list_organization_memberships/with_statuses_option.yml +0 -64
  1313. data/spec/support/fixtures/vcr_cassettes/user_management/list_sessions/valid.yml +0 -38
  1314. data/spec/support/fixtures/vcr_cassettes/user_management/list_users/no_options.yml +0 -82
  1315. data/spec/support/fixtures/vcr_cassettes/user_management/list_users/with_options.yml +0 -82
  1316. data/spec/support/fixtures/vcr_cassettes/user_management/reactivate_organization_membership.yml +0 -64
  1317. data/spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/accepted.yml +0 -83
  1318. data/spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/expired.yml +0 -83
  1319. data/spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/invalid.yml +0 -83
  1320. data/spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/revoked.yml +0 -83
  1321. data/spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/valid.yml +0 -83
  1322. data/spec/support/fixtures/vcr_cassettes/user_management/reset_password/invalid.yml +0 -82
  1323. data/spec/support/fixtures/vcr_cassettes/user_management/reset_password/valid.yml +0 -82
  1324. data/spec/support/fixtures/vcr_cassettes/user_management/revoke_invitation/invalid.yml +0 -82
  1325. data/spec/support/fixtures/vcr_cassettes/user_management/revoke_invitation/valid.yml +0 -82
  1326. data/spec/support/fixtures/vcr_cassettes/user_management/revoke_session/not_found.yml +0 -80
  1327. data/spec/support/fixtures/vcr_cassettes/user_management/revoke_session/valid.yml +0 -76
  1328. data/spec/support/fixtures/vcr_cassettes/user_management/send_invitation/invalid.yml +0 -82
  1329. data/spec/support/fixtures/vcr_cassettes/user_management/send_invitation/valid.yml +0 -82
  1330. data/spec/support/fixtures/vcr_cassettes/user_management/send_magic_auth_code/valid.yml +0 -82
  1331. data/spec/support/fixtures/vcr_cassettes/user_management/send_password_reset_email/invalid.yml +0 -83
  1332. data/spec/support/fixtures/vcr_cassettes/user_management/send_password_reset_email/valid.yml +0 -82
  1333. data/spec/support/fixtures/vcr_cassettes/user_management/send_verification_email/invalid.yml +0 -82
  1334. data/spec/support/fixtures/vcr_cassettes/user_management/send_verification_email/valid.yml +0 -82
  1335. data/spec/support/fixtures/vcr_cassettes/user_management/update_organization_membership/invalid.yml +0 -82
  1336. data/spec/support/fixtures/vcr_cassettes/user_management/update_organization_membership/valid.yml +0 -83
  1337. data/spec/support/fixtures/vcr_cassettes/user_management/update_organization_membership/valid_multiple_roles.yml +0 -76
  1338. data/spec/support/fixtures/vcr_cassettes/user_management/update_user/email.yml +0 -82
  1339. data/spec/support/fixtures/vcr_cassettes/user_management/update_user/invalid.yml +0 -82
  1340. data/spec/support/fixtures/vcr_cassettes/user_management/update_user/locale.yml +0 -76
  1341. data/spec/support/fixtures/vcr_cassettes/user_management/update_user/valid.yml +0 -82
  1342. data/spec/support/fixtures/vcr_cassettes/user_management/update_user_external_id_null.yml +0 -77
  1343. data/spec/support/fixtures/vcr_cassettes/user_management/update_user_password/invalid.yml +0 -82
  1344. data/spec/support/fixtures/vcr_cassettes/user_management/update_user_password/valid.yml +0 -82
  1345. data/spec/support/fixtures/vcr_cassettes/user_management/verify_email/invalid_code.yml +0 -83
  1346. data/spec/support/fixtures/vcr_cassettes/user_management/verify_email/invalid_magic_auth_challenge.yml +0 -82
  1347. data/spec/support/fixtures/vcr_cassettes/user_management/verify_email/valid.yml +0 -82
  1348. data/spec/support/fixtures/vcr_cassettes/widgets/get_token.yml +0 -82
  1349. data/spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_organization_id.yml +0 -74
  1350. data/spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_user_id.yml +0 -74
  1351. data/spec/support/profile.txt +0 -1
  1352. data/spec/support/shared_examples/client.rb +0 -29
  1353. data/spec/support/webhook_payload.txt +0 -1
data/lib/workos/radar.rb ADDED
@@ -0,0 +1,132 @@
1
+ # frozen_string_literal: true
2
+
3
+ # This file is auto-generated by oagen. Do not edit.
4
+
5
+ require "json"
6
+
7
+ module WorkOS
8
+ class Radar
9
+ def initialize(client)
10
+ @client = client
11
+ end
12
+
13
+ # Create an attempt
14
+ # @param ip_address [String] The IP address of the request to assess.
15
+ # @param user_agent [String] The user agent string of the request to assess.
16
+ # @param email [String] The email address of the user making the request.
17
+ # @param auth_method [WorkOS::Types::RadarStandaloneAssessRequestAuthMethod] The authentication method being used.
18
+ # @param action [WorkOS::Types::RadarStandaloneAssessRequestAction] The action being performed.
19
+ # @param device_fingerprint [String, nil] An optional device fingerprint for the request.
20
+ # @param bot_score [String, nil] An optional bot detection score for the request.
21
+ # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
22
+ # @return [WorkOS::RadarStandaloneResponse]
23
+ def create_attempt(
24
+ ip_address:,
25
+ user_agent:,
26
+ email:,
27
+ auth_method:,
28
+ action:,
29
+ device_fingerprint: nil,
30
+ bot_score: nil,
31
+ request_options: {}
32
+ )
33
+ body = {
34
+ "ip_address" => ip_address,
35
+ "user_agent" => user_agent,
36
+ "email" => email,
37
+ "auth_method" => auth_method,
38
+ "action" => action,
39
+ "device_fingerprint" => device_fingerprint,
40
+ "bot_score" => bot_score
41
+ }.compact
42
+ response = @client.request(
43
+ method: :post,
44
+ path: "/radar/attempts",
45
+ auth: true,
46
+ body: body,
47
+ request_options: request_options
48
+ )
49
+ result = WorkOS::RadarStandaloneResponse.new(response.body)
50
+ result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
51
+ result
52
+ end
53
+
54
+ # Update a Radar attempt
55
+ # @param id [String] The unique identifier of the Radar attempt to update.
56
+ # @param challenge_status [String, nil] Set to `"success"` to mark the challenge as completed.
57
+ # @param attempt_status [String, nil] Set to `"success"` to mark the authentication attempt as successful.
58
+ # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
59
+ # @return [void]
60
+ def update_attempt(
61
+ id:,
62
+ challenge_status: nil,
63
+ attempt_status: nil,
64
+ request_options: {}
65
+ )
66
+ body = {
67
+ "challenge_status" => challenge_status,
68
+ "attempt_status" => attempt_status
69
+ }.compact
70
+ @client.request(
71
+ method: :put,
72
+ path: "/radar/attempts/#{WorkOS::Util.encode_path(id)}",
73
+ auth: true,
74
+ body: body,
75
+ request_options: request_options
76
+ )
77
+ nil
78
+ end
79
+
80
+ # Add an entry to a Radar list
81
+ # @param type [WorkOS::Types::RadarType] The type of the Radar list (e.g. ip_address, domain, email).
82
+ # @param action [WorkOS::Types::RadarAction] The list action indicating whether to add the entry to the allow or block list.
83
+ # @param entry [String] The value to add to the list. Must match the format of the list type (e.g. a valid IP address for `ip_address`, a valid email for `email`).
84
+ # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
85
+ # @return [WorkOS::RadarListEntryAlreadyPresentResponse]
86
+ def add_list_entry(
87
+ type:,
88
+ action:,
89
+ entry:,
90
+ request_options: {}
91
+ )
92
+ body = {
93
+ "entry" => entry
94
+ }.compact
95
+ response = @client.request(
96
+ method: :post,
97
+ path: "/radar/lists/#{WorkOS::Util.encode_path(type)}/#{WorkOS::Util.encode_path(action)}",
98
+ auth: true,
99
+ body: body,
100
+ request_options: request_options
101
+ )
102
+ result = WorkOS::RadarListEntryAlreadyPresentResponse.new(response.body)
103
+ result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
104
+ result
105
+ end
106
+
107
+ # Remove an entry from a Radar list
108
+ # @param type [WorkOS::Types::RadarType] The type of the Radar list (e.g. ip_address, domain, email).
109
+ # @param action [WorkOS::Types::RadarAction] The list action indicating whether to remove the entry from the allow or block list.
110
+ # @param entry [String] The value to remove from the list. Must match an existing entry.
111
+ # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
112
+ # @return [void]
113
+ def remove_list_entry(
114
+ type:,
115
+ action:,
116
+ entry:,
117
+ request_options: {}
118
+ )
119
+ body = {
120
+ "entry" => entry
121
+ }.compact
122
+ @client.request(
123
+ method: :delete,
124
+ path: "/radar/lists/#{WorkOS::Util.encode_path(type)}/#{WorkOS::Util.encode_path(action)}",
125
+ auth: true,
126
+ body: body,
127
+ request_options: request_options
128
+ )
129
+ nil
130
+ end
131
+ end
132
+ end
data/lib/workos/session.rb CHANGED
@@ -1,187 +1,135 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'jwt'
4
- require 'uri'
5
- require 'net/http'
6
- require 'encryptor'
7
- require 'securerandom'
8
- require 'json'
9
- require 'uri'
3
+ # @oagen-ignore-file
4
+ # Hand-maintained Session object. Constructed by SessionManager#load.
5
+ require "json"
6
+ require "jwt"
7
+ require "openssl"
8
+ require "uri"
10
9
 
11
10
  module WorkOS
12
- # The Session class provides helper methods for working with WorkOS sessions
13
- # This class is not meant to be instantiated in a user space, and is instantiated internally but exposed.
11
+ # Wraps a sealed session cookie for authentication, refresh, and logout.
12
+ # Constructed by {SessionManager#load}; not intended for direct instantiation.
13
+ #
14
+ # @example Authenticate and refresh
15
+ # session = client.session_manager.load(seal_data: cookie, cookie_password: pw)
16
+ # result = session.authenticate
17
+ # if result.is_a?(SessionManager::AuthError) && result.reason == SessionManager::EXPIRED_JWT
18
+ # refresh = session.refresh
19
+ # end
20
+ #
21
+ # @example Build a logout URL
22
+ # url = session.get_logout_url(return_to: "https://app.example.com")
14
23
  class Session
15
- attr_accessor :jwks, :jwks_algorithms, :user_management, :cookie_password, :session_data, :client_id, :encryptor
16
-
17
- def initialize(user_management:, client_id:, session_data:, cookie_password:, encryptor: nil)
18
- raise ArgumentError, 'cookiePassword is required' if cookie_password.nil? || cookie_password.empty?
19
-
20
- @encryptor = encryptor || WorkOS::Encryptors::AesGcm.new
21
- validate_encryptor!(@encryptor)
22
-
23
- @user_management = user_management
24
+ def initialize(manager, seal_data:, cookie_password:)
25
+ raise ArgumentError, "cookie_password is required" if cookie_password.nil? || cookie_password.empty?
26
+ @manager = manager
27
+ @client = manager.client
28
+ @seal_data = seal_data
24
29
  @cookie_password = cookie_password
25
- @session_data = session_data
26
- @client_id = client_id
27
-
28
- @jwks = Cache.fetch("jwks_#{client_id}", expires_in: 5 * 60) do
29
- create_remote_jwk_set(URI(@user_management.get_jwks_url(client_id)))
30
- end
31
- @jwks_algorithms = @jwks.map { |key| key[:alg] }.compact.uniq
32
30
  end
33
31
 
32
+ attr_reader :seal_data, :cookie_password
33
+
34
34
  # Authenticates the user based on the session data
35
35
  # @param include_expired [Boolean] If true, returns decoded token data even when expired (default: false)
36
36
  # @param block [Proc] Optional block to call to extract additional claims from the decoded JWT
37
37
  # @return [Hash] A hash containing the authentication response and a reason if the authentication failed
38
- # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
39
38
  def authenticate(include_expired: false, &claim_extractor)
40
- return { authenticated: false, reason: 'NO_SESSION_COOKIE_PROVIDED' } if @session_data.nil?
39
+ return SessionManager::AuthError.new(authenticated: false, reason: SessionManager::NO_SESSION_COOKIE_PROVIDED) if @seal_data.nil? || @seal_data.empty?
41
40
 
42
- begin
43
- session = Session.unseal_data(@session_data, @cookie_password, encryptor: @encryptor)
44
- rescue StandardError
45
- return { authenticated: false, reason: 'INVALID_SESSION_COOKIE' }
41
+ session = begin
42
+ @manager.unseal_data(@seal_data, @cookie_password)
43
+ rescue ArgumentError, OpenSSL::Cipher::CipherError
44
+ return SessionManager::AuthError.new(authenticated: false, reason: SessionManager::INVALID_SESSION_COOKIE)
46
45
  end
47
-
48
- return { authenticated: false, reason: 'INVALID_SESSION_COOKIE' } unless session[:access_token]
49
-
50
- begin
51
- decoded = JWT.decode(
52
- session[:access_token],
53
- nil,
54
- true,
55
- algorithms: @jwks_algorithms,
56
- jwks: @jwks,
57
- verify_expiration: false,
58
- ).first
59
-
60
- expired = decoded['exp'] && decoded['exp'] < Time.now.to_i
61
-
62
- # Early return for expired tokens when not including expired data (backward compatible)
63
- return { authenticated: false, reason: 'INVALID_JWT' } if expired && !include_expired
64
-
65
- # Return full data for valid tokens or when include_expired is true
66
- result = {
67
- authenticated: !expired,
68
- session_id: decoded['sid'],
69
- organization_id: decoded['org_id'],
70
- role: decoded['role'],
71
- roles: decoded['roles'],
72
- permissions: decoded['permissions'],
73
- entitlements: decoded['entitlements'],
74
- feature_flags: decoded['feature_flags'],
75
- user: session[:user],
76
- impersonator: session[:impersonator],
77
- reason: expired ? 'INVALID_JWT' : nil,
78
- }
79
- result.merge!(claim_extractor.call(decoded)) if block_given?
80
- result
46
+ return SessionManager::AuthError.new(authenticated: false, reason: SessionManager::INVALID_SESSION_COOKIE) unless session.is_a?(Hash) && session["access_token"]
47
+
48
+ decoded = begin
49
+ @manager.decode_jwt(session["access_token"], verify_expiration: !include_expired)
50
+ rescue JWT::ExpiredSignature
51
+ return SessionManager::AuthError.new(authenticated: false, reason: SessionManager::EXPIRED_JWT)
52
+ rescue JWT::IncorrectAlgorithm
53
+ return SessionManager::AuthError.new(authenticated: false, reason: SessionManager::INVALID_JWT_ALGORITHM)
54
+ rescue JWT::VerificationError
55
+ return SessionManager::AuthError.new(authenticated: false, reason: SessionManager::INVALID_JWT_SIGNATURE)
81
56
  rescue JWT::DecodeError
82
- { authenticated: false, reason: 'INVALID_JWT' }
83
- rescue StandardError => e
84
- { authenticated: false, reason: e.message }
85
- end
86
- end
87
-
88
- # Refreshes the session data using the refresh token stored in the session data
89
- # @param options [Hash] Options for refreshing the session
90
- # @option options [String] :cookie_password The password to use for unsealing the session data
91
- # @option options [String] :organization_id The organization ID to use for refreshing the session
92
- # @return [Hash] A hash containing a new sealed session, the authentication response,
93
- # and a reason if the refresh failed
94
- def refresh(options = nil)
95
- cookie_password = options.nil? || options[:cookie_password].nil? ? @cookie_password : options[:cookie_password]
96
-
97
- begin
98
- session = Session.unseal_data(@session_data, cookie_password, encryptor: @encryptor)
99
- rescue StandardError
100
- return { authenticated: false, reason: 'INVALID_SESSION_COOKIE' }
57
+ return SessionManager::AuthError.new(authenticated: false, reason: SessionManager::INVALID_JWT)
101
58
  end
102
59
 
103
- return { authenticated: false, reason: 'INVALID_SESSION_COOKIE' } unless session[:refresh_token] && session[:user]
104
-
105
- begin
106
- auth_response = @user_management.authenticate_with_refresh_token(
107
- client_id: @client_id,
108
- refresh_token: session[:refresh_token],
109
- organization_id: options.nil? || options[:organization_id].nil? ? nil : options[:organization_id],
110
- session: { seal_session: true, cookie_password: cookie_password, encryptor: @encryptor },
111
- )
112
-
113
- @session_data = auth_response.sealed_session
114
- @cookie_password = cookie_password
115
-
116
- {
117
- authenticated: true,
118
- sealed_session: auth_response.sealed_session,
119
- session: auth_response,
120
- reason: nil,
121
- }
122
- rescue StandardError => e
123
- { authenticated: false, reason: e.message }
124
- end
60
+ is_expired = decoded["exp"] && decoded["exp"] < Time.now.to_i
61
+
62
+ SessionManager::AuthSuccess.new(
63
+ authenticated: !is_expired,
64
+ reason: is_expired ? SessionManager::EXPIRED_JWT : nil,
65
+ session_id: decoded["sid"],
66
+ organization_id: decoded["org_id"],
67
+ role: decoded["role"],
68
+ roles: decoded["roles"],
69
+ permissions: decoded["permissions"],
70
+ entitlements: decoded["entitlements"],
71
+ user: session["user"],
72
+ impersonator: session["impersonator"],
73
+ feature_flags: decoded["feature_flags"],
74
+ custom_claims: claim_extractor&.call(decoded)
75
+ )
125
76
  end
126
- # rubocop:enable Metrics/AbcSize
127
- # rubocop:enable Metrics/CyclomaticComplexity
128
- # rubocop:enable Metrics/PerceivedComplexity
129
77
 
130
- # Returns a URL to redirect the user to for logging out
131
- # @param return_to [String] The URL to redirect the user to after logging out
132
- # @return [String] The URL to redirect the user to for logging out
133
- def get_logout_url(return_to: nil)
134
- auth_response = authenticate
78
+ def refresh(organization_id: nil, cookie_password: nil)
79
+ effective_password = cookie_password || @cookie_password
135
80
 
136
- unless auth_response[:authenticated]
137
- raise "Failed to extract session ID for logout URL: #{auth_response[:reason]}"
81
+ session = begin
82
+ @manager.unseal_data(@seal_data, effective_password)
83
+ rescue ArgumentError, OpenSSL::Cipher::CipherError
84
+ return SessionManager::RefreshError.new(authenticated: false, reason: SessionManager::INVALID_SESSION_COOKIE)
138
85
  end
139
-
140
- @user_management.get_logout_url(session_id: auth_response[:session_id], return_to: return_to)
141
- end
142
-
143
- # Encrypts and seals data using the provided encryptor (defaults to AES-256-GCM)
144
- # @param data [Hash] The data to seal
145
- # @param key [String] The key to use for encryption
146
- # @param encryptor [Object] Optional encryptor that responds to #seal(data, key)
147
- # @return [String] The sealed data
148
- def self.seal_data(data, key, encryptor: nil)
149
- enc = encryptor || WorkOS::Encryptors::AesGcm.new
150
- enc.seal(data, key)
151
- end
152
-
153
- # Decrypts and unseals data using the provided encryptor (defaults to AES-256-GCM)
154
- # @param sealed_data [String] The sealed data to unseal
155
- # @param key [String] The key to use for decryption
156
- # @param encryptor [Object] Optional encryptor that responds to #unseal(sealed_data, key)
157
- # @return [Hash] The unsealed data
158
- def self.unseal_data(sealed_data, key, encryptor: nil)
159
- enc = encryptor || WorkOS::Encryptors::AesGcm.new
160
- enc.unseal(sealed_data, key)
86
+ return SessionManager::RefreshError.new(authenticated: false, reason: SessionManager::INVALID_SESSION_COOKIE) unless session.is_a?(Hash) && session["refresh_token"]
87
+
88
+ # Uses auth: true (Bearer token) to match authenticate_with_refresh_token.
89
+ # client_id is included in the body as required by the OAuth2 token exchange.
90
+ body = {
91
+ "grant_type" => "refresh_token",
92
+ "client_id" => @client.client_id,
93
+ "refresh_token" => session["refresh_token"],
94
+ "session" => {"seal_session" => true, "cookie_password" => effective_password}
95
+ }
96
+ body["organization_id"] = organization_id if organization_id
97
+
98
+ response = @client.request(method: :post, path: "/user_management/authenticate", auth: true, body: body)
99
+ auth_response = JSON.parse(response.body)
100
+ sealed = auth_response["sealed_session"].to_s
101
+ @seal_data = sealed
102
+ @cookie_password = effective_password
103
+
104
+ decoded = @manager.decode_jwt(auth_response["access_token"])
105
+ SessionManager::RefreshSuccess.new(
106
+ authenticated: true,
107
+ sealed_session: sealed,
108
+ session_id: decoded["sid"],
109
+ organization_id: decoded["org_id"],
110
+ role: decoded["role"],
111
+ roles: decoded["roles"],
112
+ permissions: decoded["permissions"],
113
+ entitlements: decoded["entitlements"],
114
+ user: auth_response["user"],
115
+ impersonator: auth_response["impersonator"],
116
+ feature_flags: decoded["feature_flags"]
117
+ )
118
+ rescue WorkOS::AuthenticationError, WorkOS::InvalidRequestError => e
119
+ SessionManager::RefreshError.new(authenticated: false, reason: e.message)
161
120
  end
162
121
 
163
- private
164
-
165
- def validate_encryptor!(enc)
166
- return if enc.respond_to?(:seal) && enc.respond_to?(:unseal)
167
-
168
- raise ArgumentError, 'encryptor must respond to #seal(data, key) and #unseal(sealed_data, key)'
169
- end
170
-
171
- # Creates a JWKS set from a remote JWKS URL
172
- # @param uri [URI] The URI of the JWKS
173
- # @return [JWT::JWK::Set] The JWKS set
174
- def create_remote_jwk_set(uri)
175
- # Fetch the JWKS from the remote URL
176
- response = Net::HTTP.get(uri)
177
-
178
- jwks_hash = JSON.parse(response)
179
- jwks = JWT::JWK::Set.new(jwks_hash)
180
-
181
- # filter jwks so it only returns the keys where 'use' is equal to 'sig'
182
- jwks.keys.select! { |key| key[:use] == 'sig' }
183
-
184
- jwks
122
+ # Build the WorkOS session-logout URL for the currently authenticated session.
123
+ # Requires #authenticate to succeed (so we have the session_id).
124
+ def get_logout_url(return_to: nil)
125
+ result = authenticate
126
+ raise WorkOS::Error.new(message: "Failed to extract session ID for logout URL: #{result.reason}") if result.is_a?(SessionManager::AuthError)
127
+ base = @client.base_url
128
+ params = {"session_id" => result.session_id}
129
+ params["return_to"] = return_to if return_to
130
+ uri = URI.join(base, "/user_management/sessions/logout")
131
+ uri.query = URI.encode_www_form(params)
132
+ uri.to_s
185
133
  end
186
134
  end
187
135
  end
data/lib/workos/session_manager.rb ADDED
@@ -0,0 +1,196 @@
1
+ # frozen_string_literal: true
2
+
3
+ # @oagen-ignore-file
4
+ # Hand-maintained session-cookie helpers (H04-H07, H13):
5
+ # - SessionManager#load(seal_data:, cookie_password:) -> Session (H04)
6
+ # - SessionManager#authenticate / #refresh -> inline convenience (H05)
7
+ # - SessionManager#seal_data / #unseal_data -> raw seal/unseal (H06)
8
+ # - SessionManager#seal_session_from_auth_response -> H07
9
+ # - Session#authenticate / #refresh / #get_logout_url
10
+ #
11
+ # Symmetric encryption: AES-256-GCM by default. Users may supply a custom
12
+ # encryptor (any object responding to `seal(data, key)` and `unseal(sealed, key)`)
13
+ # for compatibility with other sealing formats (e.g. Iron/Next.js).
14
+
15
+ require "json"
16
+ require "jwt"
17
+
18
+ module WorkOS
19
+ # Manages sealed-session lifecycle: loading, authenticating, refreshing,
20
+ # and sealing sessions from authentication responses.
21
+ #
22
+ # @example Load and authenticate a session
23
+ # session = client.session_manager.load(
24
+ # seal_data: cookies["wos-session"],
25
+ # cookie_password: ENV["COOKIE_PASSWORD"]
26
+ # )
27
+ # result = session.authenticate
28
+ #
29
+ # @example Seal a session from an auth response
30
+ # sealed = client.session_manager.seal_session_from_auth_response(
31
+ # access_token: response.access_token,
32
+ # refresh_token: response.refresh_token,
33
+ # cookie_password: ENV["COOKIE_PASSWORD"]
34
+ # )
35
+ class SessionManager
36
+ JWK_ALGORITHMS = ["RS256"].freeze
37
+
38
+ # H04 success / failure shapes — kept minimal & frozen.
39
+ class AuthSuccess
40
+ RESERVED_KEYS = [
41
+ :authenticated, :reason, :session_id, :organization_id, :role, :roles,
42
+ :permissions, :entitlements, :user, :impersonator, :feature_flags
43
+ ].freeze
44
+
45
+ attr_reader(*RESERVED_KEYS)
46
+
47
+ def initialize(
48
+ authenticated:,
49
+ session_id:, organization_id:, role:, roles:, permissions:, entitlements:, user:, impersonator:, feature_flags:, reason: nil,
50
+ custom_claims: nil
51
+ )
52
+ @authenticated = authenticated
53
+ @reason = reason
54
+ @session_id = session_id
55
+ @organization_id = organization_id
56
+ @role = role
57
+ @roles = roles
58
+ @permissions = permissions
59
+ @entitlements = entitlements
60
+ @user = user
61
+ @impersonator = impersonator
62
+ @feature_flags = feature_flags
63
+ @custom_claims = normalize_custom_claims(custom_claims)
64
+ define_custom_claim_readers(@custom_claims)
65
+ end
66
+
67
+ def [](key)
68
+ sym_key = key.to_sym
69
+ return public_send(sym_key) if RESERVED_KEYS.include?(sym_key)
70
+
71
+ @custom_claims[sym_key]
72
+ end
73
+
74
+ def to_h
75
+ RESERVED_KEYS.to_h { |key| [key, public_send(key)] }.merge(@custom_claims)
76
+ end
77
+
78
+ private
79
+
80
+ def define_custom_claim_readers(claims)
81
+ claims.each_key do |key|
82
+ next if respond_to?(key)
83
+
84
+ define_singleton_method(key) { @custom_claims[key] }
85
+ end
86
+ end
87
+
88
+ def normalize_custom_claims(custom_claims)
89
+ return {} if custom_claims.nil?
90
+ raise ArgumentError, "claim_extractor must return a Hash" unless custom_claims.is_a?(Hash)
91
+
92
+ claims = custom_claims.each_with_object({}) do |(key, value), memo|
93
+ sym_key = key.to_sym
94
+ if RESERVED_KEYS.include?(sym_key)
95
+ raise ArgumentError, "claim_extractor cannot overwrite reserved key #{sym_key.inspect}"
96
+ end
97
+
98
+ memo[sym_key] = value
99
+ end
100
+ claims.freeze
101
+ end
102
+ end
103
+ AuthError = Struct.new(:authenticated, :reason, keyword_init: true)
104
+
105
+ RefreshSuccess = Struct.new(
106
+ :authenticated, :sealed_session, :session_id, :organization_id, :role,
107
+ :roles, :permissions, :entitlements, :user, :impersonator, :feature_flags,
108
+ keyword_init: true
109
+ )
110
+ RefreshError = Struct.new(:authenticated, :reason, keyword_init: true)
111
+
112
+ # Failure reason constants
113
+ NO_SESSION_COOKIE_PROVIDED = "no_session_cookie_provided"
114
+ INVALID_SESSION_COOKIE = "invalid_session_cookie"
115
+ INVALID_JWT = "invalid_jwt"
116
+ INVALID_JWT_ALGORITHM = "invalid_jwt_algorithm"
117
+ INVALID_JWT_SIGNATURE = "invalid_jwt_signature"
118
+ EXPIRED_JWT = "expired_jwt"
119
+
120
+ # @param client [WorkOS::Client]
121
+ # @param encryptor [#seal, #unseal] Optional custom encryptor. Defaults to
122
+ # {WorkOS::Encryptors::AesGcm}. A custom encryptor must respond to
123
+ # `seal(data, key) -> String` and `unseal(sealed_string, key) -> Hash`.
124
+ def initialize(client, encryptor: nil)
125
+ @client = client
126
+ @encryptor = encryptor || Encryptors::AesGcm.new
127
+ @jwks_cache = nil
128
+ @jwks_cache_at = nil
129
+ @jwks_mutex = Mutex.new
130
+ end
131
+
132
+ attr_reader :client
133
+
134
+ # H04 — Load a Session object from a sealed cookie.
135
+ def load(seal_data:, cookie_password:)
136
+ Session.new(self, seal_data: seal_data, cookie_password: cookie_password)
137
+ end
138
+
139
+ # H05 — Inline convenience: authenticate without manual Session construction.
140
+ def authenticate(seal_data:, cookie_password:, include_expired: false, &claim_extractor)
141
+ load(seal_data: seal_data, cookie_password: cookie_password).authenticate(include_expired: include_expired, &claim_extractor)
142
+ end
143
+
144
+ # H05 — Inline convenience: refresh without manual Session construction.
145
+ def refresh(seal_data:, cookie_password:, organization_id: nil)
146
+ load(seal_data: seal_data, cookie_password: cookie_password)
147
+ .refresh(organization_id: organization_id)
148
+ end
149
+
150
+ # H06 — Raw seal: encrypt arbitrary data with a key string.
151
+ # Delegates to the configured encryptor (default: AES-256-GCM).
152
+ def seal_data(data, key)
153
+ @encryptor.seal(data, key)
154
+ end
155
+
156
+ # H06 — Raw unseal: returns parsed JSON (Hash) or raw string if not JSON.
157
+ # Delegates to the configured encryptor (default: AES-256-GCM).
158
+ def unseal_data(sealed, key)
159
+ @encryptor.unseal(sealed, key)
160
+ end
161
+
162
+ # H07 — Build a sealed session string directly from auth-response fields.
163
+ def seal_session_from_auth_response(access_token:, refresh_token:, cookie_password:, user: nil, impersonator: nil)
164
+ payload = {"access_token" => access_token, "refresh_token" => refresh_token}
165
+ payload["user"] = user if user
166
+ payload["impersonator"] = impersonator if impersonator
167
+ seal_data(payload, cookie_password)
168
+ end
169
+
170
+ # Verify an access-token JWT against the WorkOS JWKS for this client.
171
+ # Used by Session#authenticate; exposed publicly for advanced cases.
172
+ def decode_jwt(access_token, verify_expiration: true)
173
+ jwks = fetch_jwks
174
+ JWT.decode(
175
+ access_token,
176
+ nil,
177
+ true,
178
+ algorithms: JWK_ALGORITHMS,
179
+ jwks: jwks,
180
+ verify_aud: false,
181
+ verify_expiration: verify_expiration
182
+ ).first
183
+ end
184
+
185
+ # Cached JWKS fetch (5-minute TTL, thread-safe).
186
+ def fetch_jwks(now: Time.now)
187
+ @jwks_mutex.synchronize do
188
+ return @jwks_cache if @jwks_cache && @jwks_cache_at && (now - @jwks_cache_at) < 300
189
+ response = @client.user_management.get_jwks(client_id: @client.client_id)
190
+ @jwks_cache = {"keys" => response.keys.map(&:to_h)}
191
+ @jwks_cache_at = now
192
+ @jwks_cache
193
+ end
194
+ end
195
+ end
196
+ end
data/lib/workos/shared/event_context.rb ADDED
@@ -0,0 +1,34 @@
1
+ # frozen_string_literal: true
2
+
3
+ # This file is auto-generated by oagen. Do not edit.
4
+
5
+ module WorkOS
6
+ class EventContext < WorkOS::Types::BaseModel
7
+ HASH_ATTRS = {
8
+ google_analytics_client_id: :google_analytics_client_id,
9
+ google_analytics_sessions: :google_analytics_sessions,
10
+ ajs_anonymous_id: :ajs_anonymous_id,
11
+ client_id: :client_id,
12
+ actor: :actor,
13
+ previous_attributes: :previous_attributes
14
+ }.freeze
15
+
16
+ attr_accessor \
17
+ :google_analytics_client_id,
18
+ :google_analytics_sessions,
19
+ :ajs_anonymous_id,
20
+ :client_id,
21
+ :actor,
22
+ :previous_attributes
23
+
24
+ def initialize(json)
25
+ hash = self.class.normalize(json)
26
+ @google_analytics_client_id = hash[:google_analytics_client_id]
27
+ @google_analytics_sessions = (hash[:google_analytics_sessions] || []).map { |item| item ? WorkOS::EventContextGoogleAnalyticsSession.new(item) : nil }
28
+ @ajs_anonymous_id = hash[:ajs_anonymous_id]
29
+ @client_id = hash[:client_id]
30
+ @actor = hash[:actor] ? WorkOS::EventContextActor.new(hash[:actor]) : nil
31
+ @previous_attributes = hash[:previous_attributes] || {}
32
+ end
33
+ end
34
+ end