workos 6.2.0 → 7.1.0

data/spec/lib/workos/user_management_spec.rb

@@ -1,1999 +0,0 @@
-# frozen_string_literal: true
-
-describe WorkOS::UserManagement do
-  it_behaves_like 'client'
-
-  describe '.authorization_url' do
-    context 'with a provider' do
-      let(:args) do
-        {
-          provider: 'authkit',
-          client_id: 'workos-proj-123',
-          redirect_uri: 'foo.com/auth/callback',
-          state: {
-            next_page: '/dashboard/edit',
-          }.to_s,
-        }
-      end
-      it 'returns a valid URL' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url)).to be_a URI
-      end
-
-      it 'returns the expected hostname' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url).host).to eq(WorkOS.config.api_hostname)
-      end
-
-      it 'returns the expected query string' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url).query).to eq(
-          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
-          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2F' \
-          'edit%22%7D&provider=authkit',
-        )
-      end
-
-      context 'with provider_scopes' do
-        it 'returns a valid authorization URL that includes provider_scopes' do
-          url = WorkOS::UserManagement.authorization_url(
-            provider: 'GoogleOAuth',
-            provider_scopes: %w[custom-scope-1 custom-scope-2],
-            client_id: 'workos-proj-123',
-            redirect_uri: 'foo.com/auth/callback',
-            state: {
-              next_page: '/dashboard/edit',
-            }.to_s,
-          )
-
-          expect(url).to eq(
-            'https://api.workos.com/user_management/authorize?' \
-            'client_id=workos-proj-123' \
-            '&redirect_uri=foo.com%2Fauth%2Fcallback' \
-            '&response_type=code' \
-            '&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2F' \
-            'edit%22%7D' \
-            '&provider=GoogleOAuth' \
-            '&provider_scopes=custom-scope-1' \
-            '&provider_scopes=custom-scope-2',
-          )
-        end
-      end
-    end
-
-    context 'with a connection selector' do
-      let(:args) do
-        {
-          connection_id: 'connection_123',
-          client_id: 'workos-proj-123',
-          redirect_uri: 'foo.com/auth/callback',
-          state: {
-            next_page: '/dashboard/edit',
-          }.to_s,
-        }
-      end
-      it 'returns a valid URL' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url)).to be_a URI
-      end
-
-      it 'returns the expected hostname' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url).host).to eq(WorkOS.config.api_hostname)
-      end
-
-      it 'returns the expected query string' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url).query).to eq(
-          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
-          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2F' \
-          'edit%22%7D&connection_id=connection_123',
-        )
-      end
-    end
-
-    context 'with an organization selector' do
-      let(:args) do
-        {
-          organization_id: 'org_123',
-          client_id: 'workos-proj-123',
-          redirect_uri: 'foo.com/auth/callback',
-          state: {
-            next_page: '/dashboard/edit',
-          }.to_s,
-        }
-      end
-      it 'returns a valid URL' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url)).to be_a URI
-      end
-
-      it 'returns the expected hostname' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url).host).to eq(WorkOS.config.api_hostname)
-      end
-
-      it 'returns the expected query string' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url).query).to eq(
-          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
-          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2F' \
-          'edit%22%7D&organization_id=org_123',
-        )
-      end
-    end
-
-    context 'with a domain hint' do
-      let(:args) do
-        {
-          connection_id: 'connection_123',
-          domain_hint: 'foo.com',
-          client_id: 'workos-proj-123',
-          redirect_uri: 'foo.com/auth/callback',
-          state: {
-            next_page: '/dashboard/edit',
-          }.to_s,
-        }
-      end
-      it 'returns a valid URL' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url)).to be_a URI
-      end
-
-      it 'returns the expected hostname' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url).host).to eq(WorkOS.config.api_hostname)
-      end
-
-      it 'returns the expected query string' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url).query).to eq(
-          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
-          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2' \
-          'Fedit%22%7D&domain_hint=foo.com&connection_id=connection_123',
-        )
-      end
-    end
-
-    context 'with a login hint' do
-      let(:args) do
-        {
-          connection_id: 'connection_123',
-          login_hint: 'foo@workos.com',
-          client_id: 'workos-proj-123',
-          redirect_uri: 'foo.com/auth/callback',
-          state: {
-            next_page: '/dashboard/edit',
-          }.to_s,
-        }
-      end
-      it 'returns a valid URL' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url)).to be_a URI
-      end
-
-      it 'returns the expected hostname' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url).host).to eq(WorkOS.config.api_hostname)
-      end
-
-      it 'returns the expected query string' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url).query).to eq(
-          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
-          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2' \
-          'Fedit%22%7D&login_hint=foo%40workos.com&connection_id=connection_123',
-        )
-      end
-    end
-
-    context 'with a screen hint' do
-      let(:args) do
-        {
-          provider: 'authkit',
-          screen_hint: 'sign_up',
-          client_id: 'workos-proj-123',
-          redirect_uri: 'foo.com/auth/callback',
-          state: {
-            next_page: '/dashboard/edit',
-          }.to_s,
-        }
-      end
-      it 'returns a valid URL' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url)).to be_a URI
-      end
-
-      it 'returns the expected hostname' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url).host).to eq(WorkOS.config.api_hostname)
-      end
-
-      it 'returns the expected query string' do
-        authorization_url = described_class.authorization_url(**args)
-
-        expect(URI.parse(authorization_url).query).to eq(
-          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
-          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2F' \
-          'edit%22%7D&screen_hint=sign_up&provider=authkit',
-        )
-      end
-    end
-
-    context 'with neither connection_id, organization_id or provider' do
-      let(:args) do
-        {
-          client_id: 'workos-proj-123',
-          redirect_uri: 'foo.com/auth/callback',
-          state: {
-            next_page: '/dashboard/edit',
-          }.to_s,
-        }
-      end
-      it 'raises an error' do
-        expect do
-          described_class.authorization_url(**args)
-        end.to raise_error(
-          ArgumentError,
-          'Either connection ID, organization ID, or provider is required.',
-        )
-      end
-    end
-
-    context 'with an invalid provider' do
-      let(:args) do
-        {
-          provider: 'Okta',
-          client_id: 'workos-proj-123',
-          redirect_uri: 'foo.com/auth/callback',
-          state: {
-            next_page: '/dashboard/edit',
-          }.to_s,
-        }
-      end
-      it 'raises an error' do
-        expect do
-          described_class.authorization_url(**args)
-        end.to raise_error(
-          ArgumentError,
-          'Okta is not a valid value. `provider` must be in ' \
-          '["AppleOAuth", "GitHubOAuth", "GoogleOAuth", "MicrosoftOAuth", "authkit"]',
-        )
-      end
-    end
-  end
-
-  describe '.get_user' do
-    context 'with a valid id' do
-      it 'returns a user' do
-        VCR.use_cassette 'user_management/get_user' do
-          user = described_class.get_user(
-            id: 'user_01HP0B4ZV2FWWVY0BF16GFDAER',
-          )
-
-          expect(user.id.instance_of?(String))
-          expect(user.instance_of?(WorkOS::User))
-          expect(user.first_name).to eq('Bob')
-          expect(user.last_name).to eq('Loblaw')
-          expect(user.email).to eq('bob@example.com')
-          expect(user.email_verified).to eq(false)
-          expect(user.profile_picture_url).to eq(nil)
-          expect(user.last_sign_in_at).to eq('2024-02-06T23:13:18.137Z')
-        end
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'returns an error' do
-        expect do
-          described_class.get_user(
-            id: 'invalid_user_id',
-          ).to raise_error(WorkOS::APIError)
-        end
-      end
-    end
-  end
-
-  describe '.list_users' do
-    context 'with no options' do
-      it 'returns a list of users' do
-        expected_metadata = {
-          'after' => nil,
-          'before' => 'before-id',
-        }
-
-        VCR.use_cassette 'user_management/list_users/no_options' do
-          users = described_class.list_users
-
-          expect(users.data.size).to eq(2)
-          expect(users.list_metadata).to eq(expected_metadata)
-        end
-      end
-    end
-
-    context 'with options' do
-      it 'returns a list of matching users' do
-        request_args = [
-          '/user_management/users?email=lucy.lawless%40example.com&'\
-          'order=desc&'\
-          'limit=5',
-          'Content-Type' => 'application/json'
-        ]
-
-        expected_request = Net::HTTP::Get.new(*request_args)
-
-        expect(Net::HTTP::Get).to receive(:new).with(*request_args).
-          and_return(expected_request)
-
-        VCR.use_cassette 'user_management/list_users/with_options' do
-          users = described_class.list_users(
-            email: 'lucy.lawless@example.com',
-            order: 'desc',
-            limit: '5',
-          )
-
-          expect(users.data.size).to eq(1)
-          expect(users.data[0].email).to eq('lucy.lawless@example.com')
-        end
-      end
-    end
-  end
-
-  describe '.create_user' do
-    context 'with a valid payload' do
-      it 'creates a user' do
-        VCR.use_cassette 'user_management/create_user_valid' do
-          user = described_class.create_user(
-            email: 'foo@example.com',
-            first_name: 'Foo',
-            last_name: 'Bar',
-            email_verified: true,
-          )
-
-          expect(user.first_name).to eq('Foo')
-          expect(user.last_name).to eq('Bar')
-          expect(user.email).to eq('foo@example.com')
-        end
-      end
-
-      it 'only sends non-nil values in request body' do
-        expect(described_class).to receive(:post_request) do |options|
-          body = options[:body]
-          expect(body).to eq({ email: 'test@example.com', first_name: 'John' })
-          expect(body).not_to have_key(:last_name)
-          expect(body).not_to have_key(:email_verified)
-
-          double('request')
-        end.and_return(double('request'))
-
-        expect(described_class).to receive(:execute_request).and_return(
-          double('response', body: '{"id": "test_user", "email": "test@example.com"}'),
-        )
-
-        described_class.create_user(
-          email: 'test@example.com',
-          first_name: 'John',
-        )
-      end
-
-      it 'creates a user with external_id' do
-        VCR.use_cassette 'user_management/create_user_with_external_id' do
-          user = described_class.create_user(
-            email: 'external@example.com',
-            first_name: 'External',
-            last_name: 'User',
-            external_id: 'ext_user_123',
-          )
-
-          expect(user.first_name).to eq('External')
-          expect(user.last_name).to eq('User')
-          expect(user.email).to eq('external@example.com')
-          expect(user.external_id).to eq('ext_user_123')
-        end
-      end
-
-      context 'with an invalid payload' do
-        it 'returns an error' do
-          VCR.use_cassette 'user_management/create_user_invalid' do
-            expect do
-              described_class.create_user(email: '')
-            end.to raise_error(
-              WorkOS::UnprocessableEntityError,
-              /email_string_required/,
-            )
-          end
-        end
-      end
-    end
-  end
-
-  describe '.update_user' do
-    context 'with a valid payload' do
-      it 'update_user a user' do
-        VCR.use_cassette 'user_management/update_user/valid' do
-          user = described_class.update_user(
-            id: 'user_01H7TVSKS45SDHN5V9XPSM6H44',
-            first_name: 'Jane',
-            last_name: 'Doe',
-            email_verified: false,
-            external_id: '123',
-          )
-          expect(user.first_name).to eq('Jane')
-          expect(user.last_name).to eq('Doe')
-          expect(user.email_verified).to eq(false)
-          expect(user.external_id).to eq('123')
-        end
-      end
-
-      it 'can update user locale' do
-        VCR.use_cassette 'user_management/update_user/locale' do
-          user = described_class.update_user(
-            id: 'user_01K78B3ZB5B7119MYEXTQE5KNE',
-            locale: 'en-US',
-          )
-          expect(user.locale).to eq('en-US')
-        end
-      end
-
-      it 'can update email addresses' do
-        VCR.use_cassette 'user_management/update_user/email' do
-          user = described_class.update_user(
-            id: 'user_01H7TVSKS45SDHN5V9XPSM6H44',
-            email: 'jane@example.com',
-          )
-          expect(user.email).to eq('jane@example.com')
-          expect(user.email_verified).to eq(false)
-        end
-      end
-
-      it 'only sends non-nil values in request body' do
-        # Mock the request to inspect what's being sent
-        expect(described_class).to receive(:put_request) do |options|
-          # Verify that the body only contains non-nil values
-          body = options[:body]
-          expect(body).to eq({ email_verified: true })
-          expect(body).not_to have_key(:first_name)
-          expect(body).not_to have_key(:last_name)
-          expect(body).not_to have_key(:email)
-          expect(body).not_to have_key(:locale)
-
-          # Return a mock request object
-          double('request')
-        end.and_return(double('request'))
-
-        expect(described_class).to receive(:execute_request).and_return(
-          double('response', body: '{"id": "test_user", "email_verified": true}'),
-        )
-
-        described_class.update_user(
-          id: 'user_01H7TVSKS45SDHN5V9XPSM6H44',
-          email_verified: true,
-        )
-      end
-
-      it 'can set external_id to null explicitly' do
-        original_method = described_class.method(:put_request)
-        allow(described_class).to receive(:put_request) do |kwargs|
-          original_method.call(**kwargs)
-        end
-
-        VCR.use_cassette 'user_management/update_user_external_id_null' do
-          described_class.update_user(
-            id: 'user_01K0SR53HJ58M957MYAB6TDZ9X',
-            first_name: 'John',
-            external_id: nil,
-          )
-        end
-
-        expect(described_class).to have_received(:put_request).with(
-          hash_including(body: hash_including(external_id: nil)),
-        )
-      end
-
-      context 'with an invalid payload' do
-        it 'returns an error' do
-          VCR.use_cassette 'user_management/update_user/invalid' do
-            expect do
-              described_class.update_user(id: 'invalid')
-            end.to raise_error(WorkOS::NotFoundError, /User not found/)
-          end
-        end
-      end
-    end
-  end
-
-  describe '.delete_user' do
-    context 'with a valid id' do
-      it 'returns true' do
-        VCR.use_cassette('user_management/delete_user/valid') do
-          response = WorkOS::UserManagement.delete_user(
-            id: 'user_01H7WRJBPAAHX1BYRQHEK7QC4A',
-          )
-
-          expect(response).to be(true)
-        end
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/delete_user/invalid') do
-          expect do
-            WorkOS::UserManagement.delete_user(id: 'invalid')
-          end.to raise_error(WorkOS::NotFoundError, /User not found/)
-        end
-      end
-    end
-  end
-
-  describe '.authenticate_with_password' do
-    context 'with a valid password' do
-      it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_password/valid', tag: :token) do
-          authentication_response = WorkOS::UserManagement.authenticate_with_password(
-            email: 'test@workos.app',
-            password: '7YtYic00VWcXatPb',
-            client_id: 'client_123',
-            ip_address: '200.240.210.16',
-            user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-          )
-          expect(authentication_response.user.id).to eq('user_01H7TVSKS45SDHN5V9XPSM6H44')
-        end
-      end
-    end
-
-    context 'with an invalid user' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/authenticate_with_password/invalid') do
-          expect do
-            WorkOS::UserManagement.authenticate_with_password(
-              email: 'invalid@workos.app',
-              password: 'invalid',
-              client_id: 'client_123',
-              ip_address: '200.240.210.16',
-              user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-            )
-          end.to raise_error(WorkOS::NotFoundError, /User not found/)
-        end
-      end
-    end
-
-    context 'with an unverified user' do
-      it 'raises a ForbiddenRequestError' do
-        VCR.use_cassette('user_management/authenticate_with_password/unverified') do
-          expect do
-            WorkOS::UserManagement.authenticate_with_password(
-              email: 'unverified@workos.app',
-              password: '7YtYic00VWcXatPb',
-              client_id: 'client_123',
-            )
-          end.to raise_error(WorkOS::ForbiddenRequestError, /Email ownership must be verified before authentication/)
-        end
-      end
-    end
-
-    context 'with an invitation_token' do
-      it 'includes invitation_token in the request body' do
-        expect(described_class).to receive(:post_request) do |options|
-          body = options[:body]
-          expect(body[:invitation_token]).to eq('invitation_token_123')
-
-          double('request')
-        end.and_return(double('request'))
-
-        expect(described_class).to receive(:execute_request).and_return(
-          double('response', body: '{"user": {"id": "user_123"}, "access_token": "token", "refresh_token": "refresh"}'),
-        )
-
-        described_class.authenticate_with_password(
-          email: 'test@workos.app',
-          password: 'password123',
-          client_id: 'client_123',
-          invitation_token: 'invitation_token_123',
-        )
-      end
-    end
-  end
-
-  describe '.authenticate_with_code' do
-    context 'with a valid code' do
-      it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_code/valid') do
-          authentication_response = WorkOS::UserManagement.authenticate_with_code(
-            code: '01H93ZZHA0JBHFJH9RR11S83YN',
-            client_id: 'client_123',
-            ip_address: '200.240.210.16',
-            user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-          )
-          expect(authentication_response.user.id).to eq('user_01H93ZY4F80YZRRS6N59Z2HFVS')
-          expect(authentication_response.access_token).to eq('<ACCESS_TOKEN>')
-          expect(authentication_response.refresh_token).to eq('<REFRESH_TOKEN>')
-        end
-      end
-
-      context 'when oauth_tokens is present in the api response' do
-        it 'returns an oauth_tokens object' do
-          VCR.use_cassette('user_management/authenticate_with_code/valid_with_oauth_tokens') do
-            authentication_response = WorkOS::UserManagement.authenticate_with_code(
-              code: '01H93ZZHA0JBHFJH9RR11S83YN',
-              client_id: 'client_123',
-              ip_address: '200.240.210.16',
-              user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-            )
-
-            expect(authentication_response.oauth_tokens).to be_a(WorkOS::OAuthTokens)
-            expect(authentication_response.oauth_tokens.access_token).to eq('oauth_access_token')
-            expect(authentication_response.oauth_tokens.refresh_token).to eq('oauth_refresh_token')
-            expect(authentication_response.oauth_tokens.scopes).to eq(%w[read write])
-            expect(authentication_response.oauth_tokens.expires_at).to eq(1_234_567_890)
-          end
-        end
-      end
-
-      context 'when oauth_tokens is not present in the api response' do
-        it 'returns nil oauth_tokens' do
-          VCR.use_cassette('user_management/authenticate_with_code/valid') do
-            authentication_response = WorkOS::UserManagement.authenticate_with_code(
-              code: '01H93ZZHA0JBHFJH9RR11S83YN',
-              client_id: 'client_123',
-              ip_address: '200.240.210.16',
-              user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-            )
-
-            expect(authentication_response.oauth_tokens).to be_nil
-          end
-        end
-      end
-
-      context 'when the user is being impersonated' do
-        it 'contains the impersonator metadata' do
-          VCR.use_cassette('user_management/authenticate_with_code/valid_with_impersonator') do
-            authentication_response = WorkOS::UserManagement.authenticate_with_code(
-              code: '01HRX85ATQB2MN40K4FZ9C2HFR',
-              client_id: 'client_01GS91XFB2YPR1C0NR5SH758Q0',
-            )
-
-            expect(authentication_response.impersonator).to have_attributes(
-              email: 'admin@foocorp.com',
-              reason: 'For testing.',
-            )
-          end
-        end
-      end
-    end
-
-    context 'with an invalid code' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/authenticate_with_code/invalid') do
-          expect do
-            WorkOS::UserManagement.authenticate_with_code(
-              code: 'invalid',
-              client_id: 'client_123',
-              ip_address: '200.240.210.16',
-              user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-            )
-          end.to raise_error(WorkOS::InvalidRequestError, /Status 400/)
-        end
-      end
-    end
-
-    context 'with an invitation_token' do
-      it 'includes invitation_token in the request body' do
-        expect(described_class).to receive(:post_request) do |options|
-          body = options[:body]
-          expect(body[:invitation_token]).to eq('invitation_token_123')
-
-          double('request')
-        end.and_return(double('request'))
-
-        expect(described_class).to receive(:execute_request).and_return(
-          double('response', body: '{"user": {"id": "user_123"}, "access_token": "token", "refresh_token": "refresh"}'),
-        )
-
-        described_class.authenticate_with_code(
-          code: '01H93ZZHA0JBHFJH9RR11S83YN',
-          client_id: 'client_123',
-          invitation_token: 'invitation_token_123',
-        )
-      end
-    end
-  end
-
-  describe '.authenticate_with_refresh_token' do
-    context 'with a valid refresh_token' do
-      it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_refresh_token/valid', tag: :token) do
-          authentication_response = WorkOS::UserManagement.authenticate_with_refresh_token(
-            refresh_token: 'some_refresh_token',
-            client_id: 'client_123',
-            ip_address: '200.240.210.16',
-            user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-          )
-          expect(authentication_response.access_token).to eq('<ACCESS_TOKEN>')
-          expect(authentication_response.refresh_token).to eq('<REFRESH_TOKEN>')
-          expect(authentication_response.user.id).to eq('user_01H93WD0R0KWF8Q7BK02C0RPYJ')
-        end
-      end
-    end
-
-    context 'with an invalid refresh_token' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/authenticate_with_refresh_code/invalid', tag: :token) do
-          expect do
-            WorkOS::UserManagement.authenticate_with_refresh_token(
-              refresh_token: 'invalid',
-              client_id: 'client_123',
-              ip_address: '200.240.210.16',
-              user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-            )
-          end.to raise_error(WorkOS::InvalidRequestError, /Status 400/)
-        end
-      end
-    end
-  end
-
-  describe '.authenticate_with_magic_auth' do
-    context 'with a valid code' do
-      it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_magic_auth/valid', tag: :token) do
-          authentication_response = WorkOS::UserManagement.authenticate_with_magic_auth(
-            code: '452079',
-            client_id: 'project_01EGKAEB7G5N88E83MF99J785F',
-            email: 'test@workos.com',
-            ip_address: '200.240.210.16',
-            user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-          )
-          expect(authentication_response.user.id).to eq('user_01H93WD0R0KWF8Q7BK02C0RPYJ')
-        end
-      end
-    end
-
-    context 'with an invalid code' do
-      it 'returns an error' do
-        VCR.use_cassette('user_management/authenticate_with_magic_auth/invalid', tag: :token) do
-          expect do
-            WorkOS::UserManagement.authenticate_with_magic_auth(
-              code: 'invalid',
-              client_id: 'client_123',
-              email: 'test@workos.com',
-            )
-          end.to raise_error(WorkOS::NotFoundError, /User not found/)
-        end
-      end
-    end
-
-    context 'with an invitation_token' do
-      it 'includes invitation_token in the request body' do
-        expect(described_class).to receive(:post_request) do |options|
-          body = options[:body]
-          expect(body[:invitation_token]).to eq('invitation_token_123')
-
-          double('request')
-        end.and_return(double('request'))
-
-        expect(described_class).to receive(:execute_request).and_return(
-          double('response', body: '{"user": {"id": "user_123"}, "access_token": "token", "refresh_token": "refresh"}'),
-        )
-
-        described_class.authenticate_with_magic_auth(
-          code: '452079',
-          client_id: 'client_123',
-          email: 'test@workos.com',
-          invitation_token: 'invitation_token_123',
-        )
-      end
-    end
-  end
-
-  describe '.authenticate_with_organization_selection' do
-    context 'with a valid code' do
-      it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_organization_selection/valid', tag: :token) do
-          authentication_response = WorkOS::UserManagement.authenticate_with_organization_selection(
-            client_id: 'project_01EGKAEB7G5N88E83MF99J785F',
-            organization_id: 'org_01H5JQDV7R7ATEYZDEG0W5PRYS',
-            pending_authentication_token: 'pending_authentication_token_1234',
-            ip_address: '200.240.210.16',
-            user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-          )
-          expect(authentication_response.user.id).to eq('user_01H93WD0R0KWF8Q7BK02C0RPYJ')
-          expect(authentication_response.organization_id).to eq('org_01H5JQDV7R7ATEYZDEG0W5PRYS')
-        end
-      end
-    end
-
-    context 'with an invalid token' do
-      it 'returns an error' do
-        VCR.use_cassette('user_management/authenticate_with_organization_selection/invalid', tag: :token) do
-          expect do
-            WorkOS::UserManagement.authenticate_with_organization_selection(
-              organization_id: 'invalid_org_id',
-              client_id: 'project_01EGKAEB7G5N88E83MF99J785F',
-              pending_authentication_token: 'pending_authentication_token_1234',
-            )
-          end.to raise_error(WorkOS::InvalidRequestError, /Status 400/)
-        end
-      end
-    end
-  end
-
-  describe '.authenticate_with_totp' do
-    context 'with a valid code' do
-      it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_totp/valid', tag: :token) do
-          authentication_response = WorkOS::UserManagement.authenticate_with_totp(
-            code: '01H93ZZHA0JBHFJH9RR11S83YN',
-            client_id: 'client_123',
-            pending_authentication_token: 'pending_authentication_token_1234',
-            authentication_challenge_id: 'authentication_challenge_id',
-            ip_address: '200.240.210.16',
-            user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-          )
-          expect(authentication_response.user.id).to eq('user_01H93ZY4F80YZRRS6N59Z2HFVS')
-        end
-      end
-    end
-
-    context 'with an invalid code' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/authenticate_with_totp/invalid', tag: :token) do
-          expect do
-            WorkOS::UserManagement.authenticate_with_totp(
-              code: 'invalid',
-              client_id: 'client_123',
-              pending_authentication_token: 'pending_authentication_token_1234',
-              authentication_challenge_id: 'authentication_challenge_id',
-              ip_address: '200.240.210.16',
-              user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-            )
-          end.to raise_error(WorkOS::InvalidRequestError, /Status 400/)
-        end
-      end
-    end
-  end
-
-  describe '.authenticate_with_email_verification' do
-    context 'with a valid code' do
-      it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_email_verification/valid', tag: :token) do
-          authentication_response = WorkOS::UserManagement.authenticate_with_email_verification(
-            code: '01H93ZZHA0JBHFJH9RR11S83YN',
-            client_id: 'client_123',
-            pending_authentication_token: 'pending_authentication_token_1234',
-            ip_address: '200.240.210.16',
-            user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-          )
-          expect(authentication_response.user.id).to eq('user_01H93ZY4F80YZRRS6N59Z2HFVS')
-        end
-      end
-    end
-
-    context 'with an invalid code' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/authenticate_with_email_verification/invalid', tag: :token) do
-          expect do
-            WorkOS::UserManagement.authenticate_with_email_verification(
-              code: 'invalid',
-              client_id: 'client_123',
-              pending_authentication_token: 'pending_authentication_token_1234',
-              ip_address: '200.240.210.16',
-              user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
-            )
-          end.to raise_error(WorkOS::InvalidRequestError, /Status 400/)
-        end
-      end
-    end
-  end
-
-  describe '.get_magic_auth' do
-    context 'with a valid id' do
-      it 'returns a magic_auth object' do
-        VCR.use_cassette 'user_management/get_magic_auth/valid' do
-          magic_auth = described_class.get_magic_auth(
-            id: 'magic_auth_01HWXVEWWSMR5HS8M6FBGMBJJ9',
-          )
-
-          expect(magic_auth.id.instance_of?(String))
-          expect(magic_auth.instance_of?(WorkOS::MagicAuth))
-        end
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/get_magic_auth/invalid') do
-          expect do
-            WorkOS::UserManagement.get_magic_auth(id: 'invalid')
-          end.to raise_error(WorkOS::NotFoundError, /MagicAuth not found/)
-        end
-      end
-    end
-  end
-
-  describe '.create_magic_auth' do
-    context 'with valid payload' do
-      it 'creates a magic_auth' do
-        VCR.use_cassette 'user_management/create_magic_auth/valid' do
-          magic_auth = described_class.create_magic_auth(
-            email: 'test@workos.com',
-          )
-
-          expect(magic_auth.id).to eq('magic_auth_01HWXVEWWSMR5HS8M6FBGMBJJ9')
-          expect(magic_auth.email).to eq('test@workos.com')
-        end
-      end
-    end
-  end
-
-  describe '.send_magic_auth_code' do
-    context 'with valid parameters' do
-      it 'sends a magic link to the email address' do
-        VCR.use_cassette 'user_management/send_magic_auth_code/valid' do
-          described_class.send_magic_auth_code(
-            email: 'test@gmail.com',
-          )
-        end
-      end
-    end
-  end
-
-  describe '.enroll_auth_factor' do
-    context 'with a valid user_id and auth factor type' do
-      it 'returns an auth factor and challenge' do
-        VCR.use_cassette('user_management/enroll_auth_factor/valid') do
-          authentication_response = WorkOS::UserManagement.enroll_auth_factor(
-            user_id: 'user_01H7TVSKS45SDHN5V9XPSM6H44',
-            type: 'totp',
-            totp_secret: 'secret-test',
-          )
-
-          expect(authentication_response.authentication_factor.id).to eq('auth_factor_01H96FETXENNY99ARX0GRC804C')
-          expect(authentication_response.authentication_challenge.id).to eq('auth_challenge_01H96FETXGTW1QMBSBT2T36PW0')
-        end
-      end
-
-      it 'only sends non-nil values in request body' do
-        expect(described_class).to receive(:post_request) do |options|
-          body = options[:body]
-          expect(body).to eq({ type: 'totp', totp_issuer: 'Test App' })
-          expect(body).not_to have_key(:totp_user)
-          expect(body).not_to have_key(:totp_secret)
-
-          double('request')
-        end.and_return(double('request'))
-
-        expect(described_class).to receive(:execute_request).and_return(
-          double('response',
-                 body: '{"authentication_factor": {"id": "test"}, "authentication_challenge": {"id": "test"}}',),
-        )
-
-        described_class.enroll_auth_factor(
-          user_id: 'user_123',
-          type: 'totp',
-          totp_issuer: 'Test App',
-        )
-      end
-    end
-
-    context 'with an incorrect user id' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/enroll_auth_factor/invalid') do
-          expect do
-            WorkOS::UserManagement.enroll_auth_factor(
-              user_id: 'user_01H7TVSKS45SDHN5V9XPSM6H44',
-              type: 'totp',
-            )
-          end.to raise_error(WorkOS::InvalidRequestError, /Status 400/)
-        end
-      end
-    end
-
-    context 'with an invalid auth factor type' do
-      it 'raises an error' do
-        expect do
-          described_class.enroll_auth_factor(user_id: 'user_01H7TVSKS45SDHN5V9XPSM6H44',
-                                             type: 'invalid-factor',)
-        end.to raise_error(
-          ArgumentError,
-          'invalid-factor is not a valid value. `type` must be in ["totp"]',
-        )
-      end
-    end
-  end
-
-  describe '.list_auth_factors' do
-    context 'with a valid user_id' do
-      it 'returns a list of auth factors' do
-        VCR.use_cassette('user_management/list_auth_factors/valid') do
-          authentication_response = WorkOS::UserManagement.list_auth_factors(
-            user_id: 'user_01H7TVSKS45SDHN5V9XPSM6H44',
-          )
-
-          expect(authentication_response.data.first.id).to eq('auth_factor_01H96FETXENNY99ARX0GRC804C')
-        end
-      end
-    end
-    context 'with an incorrect user id' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/list_auth_factors/invalid') do
-          expect do
-            WorkOS::UserManagement.list_auth_factors(
-              user_id: 'user_01H7TVSKS45SDHN5V9XPSM6H44',
-            )
-          end.to raise_error(WorkOS::InvalidRequestError, /Status 400/)
-        end
-      end
-    end
-  end
-
-  describe '.get_email_verification' do
-    context 'with a valid id' do
-      it 'returns an email_verification object' do
-        VCR.use_cassette 'user_management/get_email_verification/valid' do
-          email_verification = described_class.get_email_verification(
-            id: 'email_verification_01HYK9VKNJQ0MJDXEXQP0DA1VK',
-          )
-
-          expect(email_verification.id.instance_of?(String))
-          expect(email_verification.instance_of?(WorkOS::EmailVerification))
-        end
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/get_email_verification/invalid') do
-          expect do
-            WorkOS::UserManagement.get_email_verification(id: 'invalid')
-          end.to raise_error(WorkOS::NotFoundError, /Email Verification not found/)
-        end
-      end
-    end
-  end
-
-  describe '.send_verification_email' do
-    context 'with valid parameters' do
-      it 'sends an email to that user and the magic auth challenge' do
-        VCR.use_cassette 'user_management/send_verification_email/valid' do
-          verification_response = described_class.send_verification_email(
-            user_id: 'user_01H93WD0R0KWF8Q7BK02C0RPYJ',
-          )
-          expect(verification_response.user.id).to eq('user_01H93WD0R0KWF8Q7BK02C0RPYJ')
-        end
-      end
-    end
-
-    context 'when the user does not exist' do
-      it 'returns an error' do
-        VCR.use_cassette 'user_management/send_verification_email/invalid' do
-          expect do
-            described_class.send_verification_email(
-              user_id: 'bad_id',
-            )
-          end.to raise_error(WorkOS::NotFoundError, /User not found/)
-        end
-      end
-    end
-  end
-
-  describe '.verify_email' do
-    context 'with valid parameters' do
-      it 'verifies the email and returns the user' do
-        VCR.use_cassette 'user_management/verify_email/valid' do
-          verify_response = described_class.verify_email(
-            code: '333495',
-            user_id: 'user_01H968BR1R84DSPYS9QR5PM6RZ',
-          )
-
-          expect(verify_response.user.id).to eq('user_01H968BR1R84DSPYS9QR5PM6RZ')
-        end
-      end
-    end
-
-    context 'with invalid parameters' do
-      context 'when the id does not exist' do
-        it 'raises an error' do
-          VCR.use_cassette 'user_management/verify_email/invalid_magic_auth_challenge' do
-            expect do
-              described_class.verify_email(
-                code: '659770',
-                user_id: 'bad_id',
-              )
-            end.to raise_error(WorkOS::NotFoundError, /User not found/)
-          end
-        end
-      end
-
-      context 'when the code is incorrect' do
-        it 'raises an error' do
-          VCR.use_cassette 'user_management/verify_email/invalid_code' do
-            expect do
-              described_class.verify_email(
-                code: '000000',
-                user_id: 'user_01H93WD0R0KWF8Q7BK02C0RPYJ',
-              )
-            end.to raise_error(WorkOS::InvalidRequestError, /Email verification code is incorrect/)
-          end
-        end
-      end
-    end
-  end
-
-  describe '.get_password_reset' do
-    context 'with a valid id' do
-      it 'returns a password_reset object' do
-        VCR.use_cassette 'user_management/get_password_reset/valid' do
-          password_reset = described_class.get_password_reset(
-            id: 'password_reset_01HYKA8DTF8TW5YD30MF0ZXZKT',
-          )
-
-          expect(password_reset.id.instance_of?(String))
-          expect(password_reset.instance_of?(WorkOS::PasswordReset))
-        end
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/get_password_reset/invalid') do
-          expect do
-            WorkOS::UserManagement.get_password_reset(id: 'invalid')
-          end.to raise_error(WorkOS::NotFoundError, /Password Reset not found/)
-        end
-      end
-    end
-  end
-
-  describe '.create_password_reset' do
-    context 'with valid payload' do
-      it 'creates a password_reset object' do
-        VCR.use_cassette 'user_management/create_password_reset/valid' do
-          password_reset = described_class.create_password_reset(
-            email: 'test@workos.com',
-          )
-
-          expect(password_reset.id).to eq('password_reset_01HYKA8DTF8TW5YD30MF0ZXZKT')
-          expect(password_reset.email).to eq('test@workos.com')
-        end
-      end
-    end
-  end
-
-  describe '.send_password_reset_email' do
-    context 'with a valid payload' do
-      it 'sends a password reset email' do
-        VCR.use_cassette 'user_management/send_password_reset_email/valid' do
-          response = described_class.send_password_reset_email(
-            email: 'lucy.lawless@example.com',
-            password_reset_url: 'https://example.com/reset',
-          )
-
-          expect(response).to be(true)
-        end
-      end
-    end
-
-    context 'with an invalid payload' do
-      it 'returns an error' do
-        VCR.use_cassette 'user_management/send_password_reset_email/invalid' do
-          expect do
-            described_class.send_password_reset_email(
-              email: 'foo@bar.com',
-              password_reset_url: '',
-            )
-          end.to raise_error(
-            WorkOS::UnprocessableEntityError,
-            /password_reset_url_string_required/,
-          )
-        end
-      end
-    end
-  end
-
-  describe '.reset_password' do
-    context 'with a valid payload' do
-      it 'resets the password and returns the user' do
-        VCR.use_cassette 'user_management/reset_password/valid' do
-          user = described_class.reset_password(
-            token: 'eEgAgvAE0blvU1zWV3yWVAD22',
-            new_password: 'very_cool_new_pa$$word',
-          )
-
-          expect(user.email).to eq('lucy.lawless@example.com')
-        end
-      end
-    end
-
-    context 'with an invalid payload' do
-      it 'returns an error' do
-        VCR.use_cassette 'user_management/reset_password/invalid' do
-          expect do
-            described_class.reset_password(
-              token: 'bogus_token',
-              new_password: 'new_password',
-            )
-          end.to raise_error(
-            WorkOS::NotFoundError,
-            /Could not locate user with provided token/,
-          )
-        end
-      end
-    end
-  end
-
-  describe '.get_organization_membership' do
-    context 'with a valid id' do
-      it 'returns a organization membership' do
-        VCR.use_cassette 'user_management/get_organization_membership' do
-          organization_membership = described_class.get_organization_membership(
-            id: 'om_01H5JQDV7R7ATEYZDEG0W5PRYS',
-          )
-
-          expect(organization_membership.id.instance_of?(String))
-          expect(organization_membership.instance_of?(WorkOS::OrganizationMembership))
-        end
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'returns an error' do
-        expect do
-          described_class.get_organization_membership(
-            id: 'invalid_organization_membership_id',
-          ).to raise_error(WorkOS::APIError)
-        end
-      end
-    end
-  end
-
-  describe '.list_organization_memberships' do
-    context 'with no options' do
-      it 'returns a list of users' do
-        expected_metadata = {
-          'after' => nil,
-          'before' => 'before-id',
-        }
-
-        VCR.use_cassette 'user_management/list_organization_memberships/no_options' do
-          organization_memberships = described_class.list_organization_memberships
-
-          expect(organization_memberships.data.size).to eq(2)
-          expect(organization_memberships.list_metadata).to eq(expected_metadata)
-        end
-      end
-    end
-
-    context 'with options' do
-      it 'returns a list of matching users' do
-        request_args = [
-          '/user_management/organization_memberships?user_id=user_01H5JQDV7R7ATEYZDEG0W5PRYS&'\
-          'order=desc&limit=5',
-          'Content-Type' => 'application/json'
-        ]
-
-        expected_request = Net::HTTP::Get.new(*request_args)
-
-        expect(Net::HTTP::Get).to receive(:new).with(*request_args).
-          and_return(expected_request)
-
-        VCR.use_cassette 'user_management/list_organization_memberships/with_options' do
-          organization_memberships = described_class.list_organization_memberships(
-            user_id: 'user_01H5JQDV7R7ATEYZDEG0W5PRYS',
-            order: 'desc',
-            limit: '5',
-          )
-
-          expect(organization_memberships.data.size).to eq(1)
-          expect(organization_memberships.data[0].user_id).to eq('user_01H5JQDV7R7ATEYZDEG0W5PRYS')
-        end
-      end
-    end
-
-    context 'with statuses option' do
-      it 'returns a list of matching users' do
-        request_args = [
-          '/user_management/organization_memberships?user_id=user_01HXYSZBKQE2N3NHBKZHDP1X5X&'\
-          'statuses=active&statuses=inactive&order=desc&limit=5',
-          'Content-Type' => 'application/json'
-        ]
-
-        expected_request = Net::HTTP::Get.new(*request_args)
-
-        expect(Net::HTTP::Get).to receive(:new).with(*request_args).
-          and_return(expected_request)
-
-        VCR.use_cassette 'user_management/list_organization_memberships/with_statuses_option' do
-          organization_memberships = described_class.list_organization_memberships(
-            user_id: 'user_01HXYSZBKQE2N3NHBKZHDP1X5X',
-            statuses: %w[active inactive],
-            order: 'desc',
-            limit: '5',
-          )
-
-          expect(organization_memberships.data.size).to eq(1)
-          expect(organization_memberships.data[0].user_id).to eq('user_01HXYSZBKQE2N3NHBKZHDP1X5X')
-        end
-      end
-    end
-  end
-
-  describe '.create_organization_membership' do
-    context 'with a valid payload' do
-      it 'creates an organization membership' do
-        VCR.use_cassette 'user_management/create_organization_membership/valid' do
-          organization_membership = described_class.create_organization_membership(
-            user_id: 'user_01H5JQDV7R7ATEYZDEG0W5PRYS',
-            organization_id: 'org_01H5JQDV7R7ATEYZDEG0W5PRYS',
-          )
-
-          expect(organization_membership.organization_id).to eq('organization_01H5JQDV7R7ATEYZDEG0W5PRYS')
-          expect(organization_membership.user_id).to eq('user_01H5JQDV7R7ATEYZDEG0W5PRYS')
-          expect(organization_membership.role).to eq({ slug: 'member' })
-        end
-      end
-    end
-
-    context 'with an invalid payload' do
-      it 'returns an error' do
-        VCR.use_cassette 'user_management/create_organization_membership/invalid' do
-          expect do
-            described_class.create_organization_membership(user_id: '', organization_id: '')
-          end.to raise_error(
-            WorkOS::UnprocessableEntityError,
-            /user_id_string_required/,
-          )
-        end
-      end
-    end
-
-    context 'with a role slug' do
-      it 'creates an organization with the given role slug ' do
-        VCR.use_cassette 'user_management/create_organization_membership/valid' do
-          organization_membership = described_class.create_organization_membership(
-            user_id: 'user_01H5JQDV7R7ATEYZDEG0W5PRYS',
-            organization_id: 'org_01H5JQDV7R7ATEYZDEG0W5PRYS',
-            role_slug: 'member',
-          )
-
-          expect(organization_membership.organization_id).to eq('organization_01H5JQDV7R7ATEYZDEG0W5PRYS')
-          expect(organization_membership.user_id).to eq('user_01H5JQDV7R7ATEYZDEG0W5PRYS')
-          expect(organization_membership.role).to eq({ slug: 'member' })
-        end
-      end
-    end
-
-    context 'with role slugs' do
-      it 'creates an organization membership with multiple roles' do
-        VCR.use_cassette 'user_management/create_organization_membership/valid_multiple_roles' do
-          organization_membership = described_class.create_organization_membership(
-            user_id: 'user_01H5JQDV7R7ATEYZDEG0W5PRYS',
-            organization_id: 'org_01H5JQDV7R7ATEYZDEG0W5PRYS',
-            role_slugs: %w[admin member],
-          )
-
-          expect(organization_membership.organization_id).to eq('organization_01H5JQDV7R7ATEYZDEG0W5PRYS')
-          expect(organization_membership.user_id).to eq('user_01H5JQDV7R7ATEYZDEG0W5PRYS')
-          expect(organization_membership.roles).to be_an(Array)
-          expect(organization_membership.roles.length).to eq(2)
-        end
-      end
-    end
-  end
-
-  describe '.update_organization_membership' do
-    context 'with a valid id' do
-      it 'returns true' do
-        VCR.use_cassette('user_management/update_organization_membership/valid') do
-          organization_membership = WorkOS::UserManagement.update_organization_membership(
-            id: 'om_01H5JQDV7R7ATEYZDEG0W5PRYS',
-            role_slug: 'admin',
-          )
-
-          expect(organization_membership.organization_id).to eq('organization_01H5JQDV7R7ATEYZDEG0W5PRYS')
-          expect(organization_membership.user_id).to eq('user_01H5JQDV7R7ATEYZDEG0W5PRYS')
-          expect(organization_membership.role).to eq({ slug: 'admin' })
-        end
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/update_organization_membership/invalid') do
-          expect do
-            WorkOS::UserManagement.update_organization_membership(id: 'invalid', role_slug: 'admin')
-          end.to raise_error(WorkOS::NotFoundError, /Organization Membership not found/)
-        end
-      end
-    end
-
-    context 'with role slugs' do
-      it 'updates an organization membership with multiple roles' do
-        VCR.use_cassette('user_management/update_organization_membership/valid_multiple_roles') do
-          organization_membership = WorkOS::UserManagement.update_organization_membership(
-            id: 'om_01H5JQDV7R7ATEYZDEG0W5PRYS',
-            role_slugs: %w[admin editor],
-          )
-
-          expect(organization_membership.organization_id).to eq('organization_01H5JQDV7R7ATEYZDEG0W5PRYS')
-          expect(organization_membership.user_id).to eq('user_01H5JQDV7R7ATEYZDEG0W5PRYS')
-          expect(organization_membership.roles).to be_an(Array)
-          expect(organization_membership.roles.length).to eq(2)
-        end
-      end
-    end
-  end
-
-  describe '.delete_organization_membership' do
-    context 'with a valid id' do
-      it 'returns true' do
-        VCR.use_cassette('user_management/delete_organization_membership/valid') do
-          response = WorkOS::UserManagement.delete_organization_membership(
-            id: 'om_01H5JQDV7R7ATEYZDEG0W5PRYS',
-          )
-
-          expect(response).to be(true)
-        end
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/delete_organization_membership/invalid') do
-          expect do
-            WorkOS::UserManagement.delete_organization_membership(id: 'invalid')
-          end.to raise_error(WorkOS::NotFoundError, /Organization Membership not found/)
-        end
-      end
-    end
-  end
-
-  describe '.deactivate_organization_membership' do
-    context 'with a valid id' do
-      it 'returns a organization membership' do
-        VCR.use_cassette 'user_management/deactivate_organization_membership' do
-          organization_membership = described_class.deactivate_organization_membership(
-            id: 'om_01HXYT0G3H5QG9YTSHSHFZQE6D',
-          )
-
-          expect(organization_membership.id.instance_of?(String))
-          expect(organization_membership.instance_of?(WorkOS::OrganizationMembership))
-        end
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'returns an error' do
-        expect do
-          described_class.deactivate_organization_membership(
-            id: 'invalid_organization_membership_id',
-          ).to raise_error(WorkOS::APIError)
-        end
-      end
-    end
-  end
-
-  describe '.reactivate_organization_membership' do
-    context 'with a valid id' do
-      it 'returns a organization membership' do
-        VCR.use_cassette 'user_management/reactivate_organization_membership' do
-          organization_membership = described_class.reactivate_organization_membership(
-            id: 'om_01HXYT0G3H5QG9YTSHSHFZQE6D',
-          )
-
-          expect(organization_membership.id.instance_of?(String))
-          expect(organization_membership.instance_of?(WorkOS::OrganizationMembership))
-        end
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'returns an error' do
-        expect do
-          described_class.reactivate_organization_membership(
-            id: 'invalid_organization_membership_id',
-          ).to raise_error(WorkOS::APIError)
-        end
-      end
-    end
-  end
-
-  describe '.get_invitation' do
-    context 'with a valid id' do
-      it 'returns an invitation' do
-        VCR.use_cassette 'user_management/get_invitation/valid' do
-          invitation = described_class.get_invitation(
-            id: 'invitation_01H5JQDV7R7ATEYZDEG0W5PRYS',
-          )
-
-          expect(invitation.id.instance_of?(String))
-          expect(invitation.instance_of?(WorkOS::Invitation))
-        end
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/get_invitation/invalid') do
-          expect do
-            WorkOS::UserManagement.get_invitation(id: 'invalid')
-          end.to raise_error(WorkOS::NotFoundError, /Invitation not found/)
-        end
-      end
-    end
-  end
-
-  describe '.find_invitation_by_token' do
-    context 'with a valid id' do
-      it 'returns an invitation' do
-        VCR.use_cassette 'user_management/find_invitation_by_token/valid' do
-          invitation = described_class.find_invitation_by_token(
-            token: 'iUV3XbYajpJlbpw1Qt3ZKlaKx',
-          )
-
-          expect(invitation.id.instance_of?(String))
-          expect(invitation.instance_of?(WorkOS::Invitation))
-        end
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'raises an error' do
-        VCR.use_cassette('user_management/find_invitation_by_token/invalid') do
-          expect do
-            WorkOS::UserManagement.find_invitation_by_token(token: 'invalid')
-          end.to raise_error(WorkOS::NotFoundError, /Invitation not found/)
-        end
-      end
-    end
-  end
-
-  describe '.list_invitations' do
-    context 'with no options' do
-      it 'returns invitations and metadata' do
-        expected_metadata = {
-          'after' => nil,
-          'before' => 'before_id',
-        }
-
-        VCR.use_cassette 'user_management/list_invitations/with_no_options' do
-          invitations = described_class.list_invitations
-
-          expect(invitations.data.size).to eq(5)
-          expect(invitations.list_metadata).to eq(expected_metadata)
-        end
-      end
-    end
-
-    context 'with organization_id option' do
-      it 'forms the proper request to the API' do
-        request_args = [
-          '/user_management/invitations?organization_id=org_01H5JQDV7R7ATEYZDEG0W5PRYS&'\
-          'order=desc',
-          'Content-Type' => 'application/json'
-        ]
-
-        expected_request = Net::HTTP::Get.new(*request_args)
-
-        expect(Net::HTTP::Get).to receive(:new).with(*request_args).
-          and_return(expected_request)
-
-        VCR.use_cassette 'user_management/list_invitations/with_organization_id' do
-          invitations = described_class.list_invitations(
-            organization_id: 'org_01H5JQDV7R7ATEYZDEG0W5PRYS',
-          )
-
-          expect(invitations.data.size).to eq(1)
-          expect(invitations.data.first.organization_id).to eq(
-            'org_01H5JQDV7R7ATEYZDEG0W5PRYS',
-          )
-        end
-      end
-    end
-
-    context 'with limit option' do
-      it 'forms the proper request to the API' do
-        request_args = [
-          '/user_management/invitations?limit=2&'\
-          'order=desc',
-          'Content-Type' => 'application/json'
-        ]
-
-        expected_request = Net::HTTP::Get.new(*request_args)
-
-        expect(Net::HTTP::Get).to receive(:new).with(*request_args).
-          and_return(expected_request)
-
-        VCR.use_cassette 'user_management/list_invitations/with_limit' do
-          invitations = described_class.list_invitations(
-            limit: 2,
-          )
-
-          expect(invitations.data.size).to eq(3)
-        end
-      end
-    end
-
-    context 'with before option' do
-      it 'forms the proper request to the API' do
-        request_args = [
-          '/user_management/invitations?before=invitation_01H5JQDV7R7ATEYZDEG0W5PRYS&'\
-          'order=desc',
-          'Content-Type' => 'application/json'
-        ]
-
-        expected_request = Net::HTTP::Get.new(*request_args)
-
-        expect(Net::HTTP::Get).to receive(:new).with(*request_args).
-          and_return(expected_request)
-
-        VCR.use_cassette 'user_management/list_invitations/with_before' do
-          invitations = described_class.list_invitations(
-            before: 'invitation_01H5JQDV7R7ATEYZDEG0W5PRYS',
-          )
-
-          expect(invitations.data.size).to eq(2)
-        end
-      end
-    end
-
-    context 'with after option' do
-      it 'forms the proper request to the API' do
-        request_args = [
-          '/user_management/invitations?after=invitation_01H5JQDV7R7ATEYZDEG0W5PRYS&'\
-          'order=desc',
-          'Content-Type' => 'application/json'
-        ]
-
-        expected_request = Net::HTTP::Get.new(*request_args)
-
-        expect(Net::HTTP::Get).to receive(:new).with(*request_args).
-          and_return(expected_request)
-
-        VCR.use_cassette 'user_management/list_invitations/with_after' do
-          invitations = described_class.list_invitations(
-            after: 'invitation_01H5JQDV7R7ATEYZDEG0W5PRYS',
-          )
-
-          expect(invitations.data.size).to eq(2)
-        end
-      end
-    end
-  end
-
-  describe '.send_invitation' do
-    context 'with valid payload' do
-      it 'sends an invitation' do
-        VCR.use_cassette 'user_management/send_invitation/valid' do
-          invitation = described_class.send_invitation(
-            email: 'test@workos.com',
-          )
-
-          expect(invitation.id).to eq('invitation_01H5JQDV7R7ATEYZDEG0W5PRYS')
-          expect(invitation.email).to eq('test@workos.com')
-        end
-      end
-
-      it 'only sends non-nil values in request body' do
-        expect(described_class).to receive(:post_request) do |options|
-          body = options[:body]
-          expect(body).to eq({ email: 'test@workos.com', organization_id: 'org_123' })
-          expect(body).not_to have_key(:expires_in_days)
-          expect(body).not_to have_key(:inviter_user_id)
-          expect(body).not_to have_key(:role_slug)
-
-          double('request')
-        end.and_return(double('request'))
-
-        expect(described_class).to receive(:execute_request).and_return(
-          double('response', body: '{"id": "test_invitation"}'),
-        )
-
-        described_class.send_invitation(
-          email: 'test@workos.com',
-          organization_id: 'org_123',
-        )
-      end
-    end
-
-    context 'with an invalid payload' do
-      it 'returns an error' do
-        VCR.use_cassette 'user_management/send_invitation/invalid' do
-          expect do
-            described_class.send_invitation(
-              email: 'invalid@workos.com',
-            )
-          end.to raise_error(
-            WorkOS::APIError,
-            /An Invitation with the email invalid@workos.com already exists/,
-          )
-        end
-      end
-    end
-  end
-
-  describe '.accept_invitation' do
-    context 'with a valid id' do
-      it 'accepts invitation' do
-        expect(described_class).to receive(:post_request) do |options|
-          expect(options[:path]).to eq('/user_management/invitations/invitation_123/accept')
-          expect(options[:auth]).to be true
-
-          double('request')
-        end.and_return(double('request'))
-
-        response_body = {
-          id: 'invitation_123',
-          email: 'test@workos.com',
-          state: 'accepted',
-        }.to_json
-
-        expect(described_class).to receive(:execute_request).and_return(
-          double('response', body: response_body),
-        )
-
-        invitation = described_class.accept_invitation(
-          id: 'invitation_123',
-        )
-
-        expect(invitation.id).to eq('invitation_123')
-        expect(invitation.email).to eq('test@workos.com')
-        expect(invitation.state).to eq('accepted')
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'returns an error' do
-        expect(described_class).to receive(:post_request) do |options|
-          expect(options[:path]).to eq('/user_management/invitations/invalid_id/accept')
-          expect(options[:auth]).to be true
-
-          double('request')
-        end.and_return(double('request'))
-
-        expect(described_class).to receive(:execute_request).and_raise(
-          WorkOS::NotFoundError.new(message: 'Invitation not found'),
-        )
-
-        expect do
-          described_class.accept_invitation(id: 'invalid_id')
-        end.to raise_error(
-          WorkOS::NotFoundError,
-          /Invitation not found/,
-        )
-      end
-    end
-
-    context 'when invitation has already been accepted' do
-      it 'returns an error' do
-        expect(described_class).to receive(:post_request) do |options|
-          expect(options[:path]).to eq('/user_management/invitations/invitation_123/accept')
-          expect(options[:auth]).to be true
-
-          double('request')
-        end.and_return(double('request'))
-
-        expect(described_class).to receive(:execute_request).and_raise(
-          WorkOS::InvalidRequestError.new(message: 'Invite has already been accepted'),
-        )
-
-        expect do
-          described_class.accept_invitation(id: 'invitation_123')
-        end.to raise_error(
-          WorkOS::InvalidRequestError,
-          /Invite has already been accepted/,
-        )
-      end
-    end
-  end
-
-  describe '.revoke_invitation' do
-    context 'with valid payload' do
-      it 'revokes invitation' do
-        VCR.use_cassette 'user_management/revoke_invitation/valid' do
-          invitation = described_class.revoke_invitation(
-            id: 'invitation_01H5JQDV7R7ATEYZDEG0W5PRYS',
-          )
-
-          expect(invitation.id).to eq('invitation_01H5JQDV7R7ATEYZDEG0W5PRYS')
-          expect(invitation.email).to eq('test@workos.com')
-        end
-      end
-    end
-
-    context 'with an invalid payload' do
-      it 'returns an error' do
-        VCR.use_cassette 'user_management/revoke_invitation/invalid' do
-          expect do
-            described_class.revoke_invitation(
-              id: 'invalid_id',
-            )
-          end.to raise_error(
-            WorkOS::NotFoundError,
-            /Invitation not found/,
-          )
-        end
-      end
-    end
-  end
-
-  describe '.resend_invitation' do
-    context 'with valid payload' do
-      it 'resends invitation' do
-        VCR.use_cassette 'user_management/resend_invitation/valid' do
-          invitation = described_class.resend_invitation(
-            id: 'invitation_01H5JQDV7R7ATEYZDEG0W5PRYS',
-          )
-
-          expect(invitation.id).to eq('invitation_01H5JQDV7R7ATEYZDEG0W5PRYS')
-          expect(invitation.email).to eq('test@workos.com')
-        end
-      end
-    end
-
-    context 'with an invalid id' do
-      it 'returns an error' do
-        VCR.use_cassette 'user_management/resend_invitation/invalid' do
-          expect do
-            described_class.resend_invitation(
-              id: 'invalid_id',
-            )
-          end.to raise_error(
-            WorkOS::NotFoundError,
-            /Invitation not found/,
-          )
-        end
-      end
-    end
-
-    context 'when invitation has expired' do
-      it 'returns an error' do
-        VCR.use_cassette 'user_management/resend_invitation/expired' do
-          expect do
-            described_class.resend_invitation(
-              id: 'invitation_01H5JQDV7R7ATEYZDEG0W5PRYS',
-            )
-          end.to raise_error(
-            WorkOS::InvalidRequestError,
-            /Invite has expired/,
-          )
-        end
-      end
-    end
-
-    context 'when invitation has been revoked' do
-      it 'returns an error' do
-        VCR.use_cassette 'user_management/resend_invitation/revoked' do
-          expect do
-            described_class.resend_invitation(
-              id: 'invitation_01H5JQDV7R7ATEYZDEG0W5PRYS',
-            )
-          end.to raise_error(
-            WorkOS::InvalidRequestError,
-            /Invite has been revoked/,
-          )
-        end
-      end
-    end
-
-    context 'when invitation has already been accepted' do
-      it 'returns an error' do
-        VCR.use_cassette 'user_management/resend_invitation/accepted' do
-          expect do
-            described_class.resend_invitation(
-              id: 'invitation_01H5JQDV7R7ATEYZDEG0W5PRYS',
-            )
-          end.to raise_error(
-            WorkOS::InvalidRequestError,
-            /Invite has already been accepted/,
-          )
-        end
-      end
-    end
-  end
-
-  describe '.revoke_session' do
-    context 'with valid payload' do
-      it 'revokes session' do
-        VCR.use_cassette 'user_management/revoke_session/valid' do
-          result = described_class.revoke_session(
-            session_id: 'session_01HRX85ATNADY1GQ053AHRFFN6',
-          )
-
-          expect(result).to be true
-        end
-      end
-    end
-
-    context 'with a non-existant session' do
-      it 'returns an error' do
-        VCR.use_cassette 'user_management/revoke_session/not_found' do
-          expect do
-            described_class.revoke_session(
-              session_id: 'session_01H5JQDV7R7ATEYZDEG0W5PRYS',
-            )
-          end.to raise_error(
-            WorkOS::NotFoundError,
-            /Session not found/,
-          )
-        end
-      end
-    end
-  end
-
-  describe '.list_sessions' do
-    context 'with a valid user_id' do
-      it 'returns a list of sessions' do
-        VCR.use_cassette('user_management/list_sessions/valid') do
-          result = described_class.list_sessions(
-            user_id: 'user_01H7TVSKS45SDHN5V9XPSM6H44',
-          )
-
-          expect(result.data).to be_an(Array)
-          expect(result.data.first).to be_a(WorkOS::UserManagement::Session)
-          expect(result.data.first.id).to eq('session_01H96FETXGTW2S0V5V9XPSM6H44')
-          expect(result.data.first.status).to eq('active')
-          expect(result.data.first.auth_method).to eq('password')
-        end
-      end
-
-      it 'returns sessions that can be revoked' do
-        VCR.use_cassette('user_management/list_sessions/valid') do
-          result = described_class.list_sessions(
-            user_id: 'user_01H7TVSKS45SDHN5V9XPSM6H44',
-          )
-          session = result.data.first
-
-          expect(described_class).to receive(:post_request) do |options|
-            expect(options[:path]).to eq('/user_management/sessions/revoke')
-            expect(options[:body]).to eq({ session_id: 'session_01H96FETXGTW2S0V5V9XPSM6H44' })
-            expect(options[:auth]).to be true
-          end.and_return(double('request'))
-
-          expect(described_class).to receive(:execute_request).and_return(
-            double('response', is_a?: true),
-          )
-
-          expect(session.revoke).to be true
-        end
-      end
-    end
-  end
-
-  describe '.get_logout_url' do
-    it 'returns a logout url for the given session ID' do
-      result = described_class.get_logout_url(
-        session_id: 'session_01HRX85ATNADY1GQ053AHRFFN6',
-      )
-
-      expect(result).to eq 'https://api.workos.com/user_management/sessions/logout?session_id=session_01HRX85ATNADY1GQ053AHRFFN6'
-    end
-
-    context 'when a `return_to` is given' do
-      it 'returns a logout url with the `return_to` query parameter' do
-        result = described_class.get_logout_url(
-          session_id: 'session_01HRX85ATNADY1GQ053AHRFFN6',
-          return_to: 'https://example.com/signed-out',
-        )
-
-        expect(result).to eq 'https://api.workos.com/user_management/sessions/logout?session_id=session_01HRX85ATNADY1GQ053AHRFFN6&return_to=https%3A%2F%2Fexample.com%2Fsigned-out'
-      end
-    end
-  end
-end