workos 7.0.0 → 7.1.1

data/test/workos/test_model_round_trip.rb

@@ -459,6 +459,40 @@ class ModelRoundTripTest < Minitest::Test
     fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
   end
 
+  def test_create_group_membership_round_trip
+    fixture = {
+      "organization_membership_id" => "stub"
+    }
+    model = WorkOS::CreateGroupMembership.new(fixture.to_json)
+    json = model.to_h
+    assert_kind_of Hash, json
+    assert_equal fixture["organization_membership_id"], json[:organization_membership_id]
+    fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
+  end
+
+  def test_create_group_round_trip
+    fixture = {
+      "name" => "stub",
+      "description" => nil
+    }
+    model = WorkOS::CreateGroup.new(fixture.to_json)
+    json = model.to_h
+    assert_kind_of Hash, json
+    assert_equal fixture["name"], json[:name]
+    fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
+  end
+
+  def test_update_group_round_trip
+    fixture = {
+      "name" => "stub",
+      "description" => nil
+    }
+    model = WorkOS::UpdateGroup.new(fixture.to_json)
+    json = model.to_h
+    assert_kind_of Hash, json
+    fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
+  end
+
   def test_update_jwt_template_round_trip
     fixture = {
       "content" => "stub"
@@ -550,9 +584,20 @@ class ModelRoundTripTest < Minitest::Test
     fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
   end
 
+  def test_domain_verification_intent_options_round_trip
+    fixture = {
+      "domain_name" => "stub"
+    }
+    model = WorkOS::DomainVerificationIntentOptions.new(fixture.to_json)
+    json = model.to_h
+    assert_kind_of Hash, json
+    fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
+  end
+
   def test_intent_options_round_trip
     fixture = {
-      "sso" => {}
+      "sso" => {},
+      "domain_verification" => {}
     }
     model = WorkOS::IntentOptions.new(fixture.to_json)
     json = model.to_h
@@ -567,7 +612,7 @@ class ModelRoundTripTest < Minitest::Test
       "organization" => "stub",
       "intent" => "stub",
       "intent_options" => {},
-      "admin_emails" => []
+      "it_contact_emails" => []
     }
     model = WorkOS::GenerateLink.new(fixture.to_json)
     json = model.to_h
@@ -1321,6 +1366,28 @@ class ModelRoundTripTest < Minitest::Test
     fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
   end
 
+  def test_group_round_trip
+    fixture = {
+      "object" => "group",
+      "id" => "stub",
+      "organization_id" => "stub",
+      "name" => "stub",
+      "description" => nil,
+      "created_at" => "stub",
+      "updated_at" => "stub"
+    }
+    model = WorkOS::Group.new(fixture.to_json)
+    json = model.to_h
+    assert_kind_of Hash, json
+    assert_equal fixture["id"], json[:id]
+    assert_equal fixture["organization_id"], json[:organization_id]
+    assert_equal fixture["name"], json[:name]
+    assert_nil json[:description]
+    assert_equal fixture["created_at"], json[:created_at]
+    assert_equal fixture["updated_at"], json[:updated_at]
+    fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
+  end
+
   def test_event_context_actor_round_trip
     fixture = {
       "id" => "stub",
@@ -1384,28 +1451,6 @@ class ModelRoundTripTest < Minitest::Test
     fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
   end
 
-  def test_group_round_trip
-    fixture = {
-      "object" => "group",
-      "id" => "stub",
-      "organization_id" => "stub",
-      "name" => "stub",
-      "description" => nil,
-      "created_at" => "stub",
-      "updated_at" => "stub"
-    }
-    model = WorkOS::Group.new(fixture.to_json)
-    json = model.to_h
-    assert_kind_of Hash, json
-    assert_equal fixture["id"], json[:id]
-    assert_equal fixture["organization_id"], json[:organization_id]
-    assert_equal fixture["name"], json[:name]
-    assert_nil json[:description]
-    assert_equal fixture["created_at"], json[:created_at]
-    assert_equal fixture["updated_at"], json[:updated_at]
-    fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
-  end
-
   def test_user_round_trip
     fixture = {
       "object" => "user",
@@ -1438,6 +1483,27 @@ class ModelRoundTripTest < Minitest::Test
     fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
   end
 
+  def test_waitlist_user_round_trip
+    fixture = {
+      "object" => "waitlist_user",
+      "id" => "stub",
+      "email" => "stub",
+      "state" => "stub",
+      "approved_at" => nil,
+      "created_at" => "stub",
+      "updated_at" => "stub"
+    }
+    model = WorkOS::WaitlistUser.new(fixture.to_json)
+    json = model.to_h
+    assert_kind_of Hash, json
+    assert_equal fixture["id"], json[:id]
+    assert_equal fixture["email"], json[:email]
+    assert_nil json[:approved_at]
+    assert_equal fixture["created_at"], json[:created_at]
+    assert_equal fixture["updated_at"], json[:updated_at]
+    fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
+  end
+
   def test_event_schema_round_trip
     fixture = {
       "object" => "event",
@@ -3746,6 +3812,7 @@ class ModelRoundTripTest < Minitest::Test
       "organization_id" => nil,
       "inviter_user_id" => nil,
       "accepted_user_id" => nil,
+      "role_slug" => nil,
       "created_at" => "stub",
       "updated_at" => "stub"
     }
@@ -3760,6 +3827,7 @@ class ModelRoundTripTest < Minitest::Test
     assert_nil json[:organization_id]
     assert_nil json[:inviter_user_id]
     assert_nil json[:accepted_user_id]
+    assert_nil json[:role_slug]
     assert_equal fixture["created_at"], json[:created_at]
     assert_equal fixture["updated_at"], json[:updated_at]
     fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
@@ -3794,6 +3862,7 @@ class ModelRoundTripTest < Minitest::Test
       "organization_id" => nil,
       "inviter_user_id" => nil,
       "accepted_user_id" => nil,
+      "role_slug" => nil,
       "created_at" => "stub",
       "updated_at" => "stub"
     }
@@ -3808,6 +3877,7 @@ class ModelRoundTripTest < Minitest::Test
     assert_nil json[:organization_id]
     assert_nil json[:inviter_user_id]
     assert_nil json[:accepted_user_id]
+    assert_nil json[:role_slug]
     assert_equal fixture["created_at"], json[:created_at]
     assert_equal fixture["updated_at"], json[:updated_at]
     fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
@@ -3842,6 +3912,7 @@ class ModelRoundTripTest < Minitest::Test
       "organization_id" => nil,
       "inviter_user_id" => nil,
       "accepted_user_id" => nil,
+      "role_slug" => nil,
       "created_at" => "stub",
       "updated_at" => "stub"
     }
@@ -3856,6 +3927,7 @@ class ModelRoundTripTest < Minitest::Test
     assert_nil json[:organization_id]
     assert_nil json[:inviter_user_id]
     assert_nil json[:accepted_user_id]
+    assert_nil json[:role_slug]
     assert_equal fixture["created_at"], json[:created_at]
     assert_equal fixture["updated_at"], json[:updated_at]
     fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
@@ -3890,6 +3962,7 @@ class ModelRoundTripTest < Minitest::Test
       "organization_id" => nil,
       "inviter_user_id" => nil,
       "accepted_user_id" => nil,
+      "role_slug" => nil,
       "created_at" => "stub",
       "updated_at" => "stub"
     }
@@ -3904,6 +3977,7 @@ class ModelRoundTripTest < Minitest::Test
     assert_nil json[:organization_id]
     assert_nil json[:inviter_user_id]
     assert_nil json[:accepted_user_id]
+    assert_nil json[:role_slug]
     assert_equal fixture["created_at"], json[:created_at]
     assert_equal fixture["updated_at"], json[:updated_at]
     fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
@@ -5423,6 +5497,57 @@ class ModelRoundTripTest < Minitest::Test
     fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
   end
 
+  def test_waitlist_user_approved_round_trip
+    fixture = {
+      "id" => "stub",
+      "event" => "waitlist_user.approved",
+      "data" => {},
+      "created_at" => "stub",
+      "context" => {},
+      "object" => "event"
+    }
+    model = WorkOS::WaitlistUserApproved.new(fixture.to_json)
+    json = model.to_h
+    assert_kind_of Hash, json
+    assert_equal fixture["id"], json[:id]
+    assert_equal fixture["created_at"], json[:created_at]
+    fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
+  end
+
+  def test_waitlist_user_created_round_trip
+    fixture = {
+      "id" => "stub",
+      "event" => "waitlist_user.created",
+      "data" => {},
+      "created_at" => "stub",
+      "context" => {},
+      "object" => "event"
+    }
+    model = WorkOS::WaitlistUserCreated.new(fixture.to_json)
+    json = model.to_h
+    assert_kind_of Hash, json
+    assert_equal fixture["id"], json[:id]
+    assert_equal fixture["created_at"], json[:created_at]
+    fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
+  end
+
+  def test_waitlist_user_denied_round_trip
+    fixture = {
+      "id" => "stub",
+      "event" => "waitlist_user.denied",
+      "data" => {},
+      "created_at" => "stub",
+      "context" => {},
+      "object" => "event"
+    }
+    model = WorkOS::WaitlistUserDenied.new(fixture.to_json)
+    json = model.to_h
+    assert_kind_of Hash, json
+    assert_equal fixture["id"], json[:id]
+    assert_equal fixture["created_at"], json[:created_at]
+    fixture.each_key { |k| assert json.key?(k.to_sym) || json.key?(k), "Expected to_h to include key #{k}" }
+  end
+
   def test_jwt_template_response_round_trip
     fixture = {
       "object" => "jwt_template",
@@ -5717,6 +5842,7 @@ class ModelRoundTripTest < Minitest::Test
       "organization_id" => nil,
       "inviter_user_id" => nil,
       "accepted_user_id" => nil,
+      "role_slug" => nil,
       "created_at" => "stub",
       "updated_at" => "stub",
       "token" => "stub",
@@ -5733,6 +5859,7 @@ class ModelRoundTripTest < Minitest::Test
     assert_nil json[:organization_id]
     assert_nil json[:inviter_user_id]
     assert_nil json[:accepted_user_id]
+    assert_nil json[:role_slug]
     assert_equal fixture["created_at"], json[:created_at]
     assert_equal fixture["updated_at"], json[:updated_at]
     assert_equal fixture["token"], json[:token]
@@ -6826,6 +6953,7 @@ class ModelRoundTripTest < Minitest::Test
       "organization_id" => nil,
       "inviter_user_id" => nil,
       "accepted_user_id" => nil,
+      "role_slug" => nil,
       "created_at" => "stub",
       "updated_at" => "stub",
       "token" => "stub",
@@ -6842,6 +6970,7 @@ class ModelRoundTripTest < Minitest::Test
     assert_nil json[:organization_id]
     assert_nil json[:inviter_user_id]
     assert_nil json[:accepted_user_id]
+    assert_nil json[:role_slug]
     assert_equal fixture["created_at"], json[:created_at]
     assert_equal fixture["updated_at"], json[:updated_at]
     assert_equal fixture["token"], json[:token]

data/test/workos/test_session.rb

@@ -206,6 +206,131 @@ class SessionTest < Minitest::Test
     assert_equal "https://app/cb", params["return_to"]
   end
 
+  # --- Session#refresh -------------------------------------------------------
+
+  def test_refresh_seals_session_client_side_and_returns_refresh_success
+    rsa, pub = signing_key_pair
+    old_access = make_jwt({"sid" => "session_old", "exp" => Time.now.to_i - 60}, rsa)
+    sealed = @sm.seal_data({"access_token" => old_access, "refresh_token" => "rt_old", "user" => {"id" => "u_1"}}, PASSWORD)
+
+    new_access = make_jwt({"sid" => "session_new", "org_id" => "org_1", "role" => "admin", "exp" => Time.now.to_i + 300}, rsa)
+    api_response = {
+      "access_token" => new_access,
+      "refresh_token" => "rt_new",
+      "user" => {"id" => "u_1", "email" => "a@b.com"},
+      "impersonator" => nil
+    }
+
+    stub_request(:post, "https://api.workos.com/user_management/authenticate")
+      .with(body: hash_including("grant_type" => "refresh_token", "refresh_token" => "rt_old"))
+      .to_return(status: 200, body: api_response.to_json)
+    stub_request(:get, "https://api.workos.com/sso/jwks/client_001")
+      .to_return(status: 200, body: jwks_payload(pub).to_json)
+
+    session = @sm.load(seal_data: sealed, cookie_password: PASSWORD)
+    result = session.refresh
+
+    assert_kind_of WorkOS::SessionManager::RefreshSuccess, result
+    assert result.authenticated
+    assert_equal "session_new", result.session_id
+    assert_equal "org_1", result.organization_id
+    assert_equal "admin", result.role
+    assert_equal "u_1", result.user["id"]
+
+    # sealed_session should be a non-empty string that round-trips
+    refute_empty result.sealed_session
+    unsealed = @sm.unseal_data(result.sealed_session, PASSWORD)
+    assert_equal new_access, unsealed["access_token"]
+    assert_equal "rt_new", unsealed["refresh_token"]
+  end
+
+  def test_refresh_updates_internal_seal_data_for_subsequent_authenticate
+    rsa, pub = signing_key_pair
+    old_access = make_jwt({"sid" => "session_old", "exp" => Time.now.to_i - 60}, rsa)
+    sealed = @sm.seal_data({"access_token" => old_access, "refresh_token" => "rt_old", "user" => {"id" => "u_1"}}, PASSWORD)
+
+    new_access = make_jwt({"sid" => "session_refreshed", "org_id" => "org_2", "exp" => Time.now.to_i + 300}, rsa)
+    api_response = {
+      "access_token" => new_access,
+      "refresh_token" => "rt_new",
+      "user" => {"id" => "u_1"}
+    }
+
+    stub_request(:post, "https://api.workos.com/user_management/authenticate")
+      .to_return(status: 200, body: api_response.to_json)
+    stub_request(:get, "https://api.workos.com/sso/jwks/client_001")
+      .to_return(status: 200, body: jwks_payload(pub).to_json)
+
+    session = @sm.load(seal_data: sealed, cookie_password: PASSWORD)
+    session.refresh
+
+    # A subsequent authenticate should use the refreshed token
+    auth = session.authenticate
+    assert_kind_of WorkOS::SessionManager::AuthSuccess, auth
+    assert auth.authenticated
+    assert_equal "session_refreshed", auth.session_id
+  end
+
+  def test_refresh_returns_error_on_invalid_cookie
+    result = @sm.refresh(seal_data: "garbage", cookie_password: PASSWORD)
+    assert_kind_of WorkOS::SessionManager::RefreshError, result
+    refute result.authenticated
+    assert_equal WorkOS::SessionManager::INVALID_SESSION_COOKIE, result.reason
+  end
+
+  def test_refresh_returns_error_when_no_refresh_token
+    sealed = @sm.seal_data({"access_token" => "at_only"}, PASSWORD)
+    result = @sm.refresh(seal_data: sealed, cookie_password: PASSWORD)
+    assert_kind_of WorkOS::SessionManager::RefreshError, result
+    assert_equal WorkOS::SessionManager::INVALID_SESSION_COOKIE, result.reason
+  end
+
+  def test_refresh_does_not_send_session_param_to_api
+    rsa, pub = signing_key_pair
+    old_access = make_jwt({"sid" => "s", "exp" => Time.now.to_i - 60}, rsa)
+    sealed = @sm.seal_data({"access_token" => old_access, "refresh_token" => "rt_x", "user" => {"id" => "u"}}, PASSWORD)
+
+    new_access = make_jwt({"sid" => "s2", "exp" => Time.now.to_i + 300}, rsa)
+    api_response = {"access_token" => new_access, "refresh_token" => "rt_y", "user" => {"id" => "u"}}
+
+    stub = stub_request(:post, "https://api.workos.com/user_management/authenticate")
+      .with { |req| !req.body.include?("seal_session") }
+      .to_return(status: 200, body: api_response.to_json)
+    stub_request(:get, "https://api.workos.com/sso/jwks/client_001")
+      .to_return(status: 200, body: jwks_payload(pub).to_json)
+
+    session = @sm.load(seal_data: sealed, cookie_password: PASSWORD)
+    session.refresh
+
+    assert_requested(stub)
+  end
+
+  def test_refresh_returns_error_on_malformed_access_token_without_mutating_state
+    rsa, pub = signing_key_pair
+    old_access = make_jwt({"sid" => "session_old", "exp" => Time.now.to_i - 60}, rsa)
+    sealed = @sm.seal_data({"access_token" => old_access, "refresh_token" => "rt_old", "user" => {"id" => "u_1"}}, PASSWORD)
+
+    api_response = {
+      "access_token" => "not-a-valid-jwt",
+      "refresh_token" => "rt_new",
+      "user" => {"id" => "u_1"}
+    }
+
+    stub_request(:post, "https://api.workos.com/user_management/authenticate")
+      .to_return(status: 200, body: api_response.to_json)
+    stub_request(:get, "https://api.workos.com/sso/jwks/client_001")
+      .to_return(status: 200, body: jwks_payload(pub).to_json)
+
+    session = @sm.load(seal_data: sealed, cookie_password: PASSWORD)
+    result = session.refresh
+
+    assert_kind_of WorkOS::SessionManager::RefreshError, result
+    refute result.authenticated
+
+    # Session state should not have been mutated
+    assert_equal sealed, session.seal_data
+  end
+
   # --- Session constructor validation ---------------------------------------
 
   def test_session_load_requires_cookie_password

data/test/workos/test_user_management_organization_membership_groups.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+require "test_helper"
+
+class UserManagementOrganizationMembershipGroupsTest < Minitest::Test
+  include FixtureHelper
+
+  def setup
+    @client = WorkOS::Client.new(api_key: "sk_test_123")
+  end
+
+  def test_list_organization_membership_groups_returns_expected_result
+    stub_request(:get, %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub/groups(\?|\z)})
+      .to_return(body: '{"data": [], "list_metadata": {}}', status: 200)
+    result = @client.user_management_organization_membership_groups.list_organization_membership_groups(om_id: "stub")
+    assert_kind_of WorkOS::Types::ListStruct, result
+  end
+
+  # Parameterized authentication error tests (one per endpoint).
+  [
+    {name: :list_organization_membership_groups, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub/groups(\?|\z)}, args: {om_id: "stub"}}
+  ].each do |spec|
+    define_method("test_#{spec[:name]}_raises_authentication_error_on_401") do
+      stub_request(spec[:verb], spec[:url])
+        .to_return(body: '{"message": "Unauthorized"}', status: 401)
+      assert_raises(WorkOS::AuthenticationError) do
+        @client.user_management_organization_membership_groups.send(spec[:name], **(spec[:args] || {}))
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: workos
 version: !ruby/object:Gem::Version
-  version: 7.0.0
+  version: 7.1.1
 platform: ruby
 authors:
 - WorkOS
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-04-20 00:00:00.000000000 Z
+date: 2026-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -137,6 +137,7 @@ files:
 - ".github/workflows/release-please.yml"
 - ".github/workflows/release.yml"
 - ".gitignore"
+- ".last-synced-sha"
 - ".oagen-manifest.json"
 - ".release-please-manifest.json"
 - ".ruby-version"
@@ -155,6 +156,7 @@ files:
 - lib/workos.rb
 - lib/workos/actions.rb
 - lib/workos/admin_portal.rb
+- lib/workos/admin_portal/domain_verification_intent_options.rb
 - lib/workos/admin_portal/generate_link.rb
 - lib/workos/admin_portal/intent_options.rb
 - lib/workos/admin_portal/portal_link_response.rb
@@ -316,6 +318,11 @@ files:
 - lib/workos/feature_flags/flag_updated_context_previous_attribute_data.rb
 - lib/workos/feature_flags/flag_updated_data.rb
 - lib/workos/feature_flags/flag_updated_data_owner.rb
+- lib/workos/groups.rb
+- lib/workos/groups/create_group.rb
+- lib/workos/groups/create_group_membership.rb
+- lib/workos/groups/group.rb
+- lib/workos/groups/update_group.rb
 - lib/workos/hash_provider.rb
 - lib/workos/inflections.rb
 - lib/workos/multi_factor_auth.rb
@@ -403,7 +410,6 @@ files:
 - lib/workos/shared/event_context.rb
 - lib/workos/shared/event_context_actor.rb
 - lib/workos/shared/event_context_google_analytics_session.rb
-- lib/workos/shared/group.rb
 - lib/workos/shared/group_created.rb
 - lib/workos/shared/group_deleted.rb
 - lib/workos/shared/group_member_added.rb
@@ -411,6 +417,10 @@ files:
 - lib/workos/shared/group_member_removed.rb
 - lib/workos/shared/group_member_removed_data.rb
 - lib/workos/shared/group_updated.rb
+- lib/workos/shared/waitlist_user.rb
+- lib/workos/shared/waitlist_user_approved.rb
+- lib/workos/shared/waitlist_user_created.rb
+- lib/workos/shared/waitlist_user_denied.rb
 - lib/workos/sso.rb
 - lib/workos/sso/connection.rb
 - lib/workos/sso/connection_activated.rb
@@ -500,6 +510,7 @@ files:
 - lib/workos/types/flag_rule_updated_context_previous_attribute_context_access_type.rb
 - lib/workos/types/flag_updated_context_actor_source.rb
 - lib/workos/types/generate_link_intent.rb
+- lib/workos/types/groups_order.rb
 - lib/workos/types/invitation_accepted_data_state.rb
 - lib/workos/types/invitation_created_data_state.rb
 - lib/workos/types/invitation_resent_data_state.rb
@@ -561,6 +572,7 @@ files:
 - lib/workos/types/user_management_authentication_screen_hint.rb
 - lib/workos/types/user_management_invitations_order.rb
 - lib/workos/types/user_management_multi_factor_authentication_order.rb
+- lib/workos/types/user_management_organization_membership_groups_order.rb
 - lib/workos/types/user_management_organization_membership_order.rb
 - lib/workos/types/user_management_organization_membership_statuses.rb
 - lib/workos/types/user_management_users_authorized_applications_order.rb
@@ -580,6 +592,7 @@ files:
 - lib/workos/types/vault_kek_created_data_actor_source.rb
 - lib/workos/types/vault_metadata_read_data_actor_source.rb
 - lib/workos/types/vault_names_listed_data_actor_source.rb
+- lib/workos/types/waitlist_user_state.rb
 - lib/workos/types/webhook_endpoint_json_status.rb
 - lib/workos/types/webhook_endpoint_status.rb
 - lib/workos/types/webhooks_order.rb
@@ -701,11 +714,6 @@ files:
 - lib/workos/user_management/update_jwt_template.rb
 - lib/workos/user_management/update_user.rb
 - lib/workos/user_management/update_user_organization_membership.rb
-- lib/workos/user_management/urn_ietf_params_oauth_grant_type_device_code_session_authenticate_request.rb
-- lib/workos/user_management/urn_workos_oauth_grant_type_email_verification_code_session_authenticate_request.rb
-- lib/workos/user_management/urn_workos_oauth_grant_type_magic_auth_code_session_authenticate_request.rb
-- lib/workos/user_management/urn_workos_oauth_grant_type_mfa_totp_session_authenticate_request.rb
-- lib/workos/user_management/urn_workos_oauth_grant_type_organization_selection_session_authenticate_request.rb
 - lib/workos/user_management/user.rb
 - lib/workos/user_management/user_created.rb
 - lib/workos/user_management/user_deleted.rb
@@ -717,6 +725,7 @@ files:
 - lib/workos/user_management/user_updated.rb
 - lib/workos/user_management/verify_email_address.rb
 - lib/workos/user_management/verify_email_response.rb
+- lib/workos/user_management_organization_membership_groups.rb
 - lib/workos/util.rb
 - lib/workos/util/signature.rb
 - lib/workos/vault.rb
@@ -891,6 +900,8 @@ files:
 - rbi/workos/create_authorization_permission.rbi
 - rbi/workos/create_authorization_resource.rbi
 - rbi/workos/create_cors_origin.rbi
+- rbi/workos/create_group.rbi
+- rbi/workos/create_group_membership.rbi
 - rbi/workos/create_m2m_application.rbi
 - rbi/workos/create_magic_code_and_return.rbi
 - rbi/workos/create_oauth_application.rbi
@@ -924,6 +935,7 @@ files:
 - rbi/workos/directory_user_email.rbi
 - rbi/workos/directory_user_with_groups.rbi
 - rbi/workos/directory_user_with_groups_email.rbi
+- rbi/workos/domain_verification_intent_options.rbi
 - rbi/workos/dsync_activated.rbi
 - rbi/workos/dsync_activated_data.rbi
 - rbi/workos/dsync_activated_data_domain.rbi
@@ -1007,6 +1019,7 @@ files:
 - rbi/workos/group_member_removed.rbi
 - rbi/workos/group_member_removed_data.rbi
 - rbi/workos/group_updated.rbi
+- rbi/workos/groups.rbi
 - rbi/workos/hash_provider.rbi
 - rbi/workos/intent_options.rbi
 - rbi/workos/invitation.rbi
@@ -1139,6 +1152,7 @@ files:
 - rbi/workos/update_audit_logs_retention.rbi
 - rbi/workos/update_authorization_permission.rbi
 - rbi/workos/update_authorization_resource.rbi
+- rbi/workos/update_group.rbi
 - rbi/workos/update_jwt_template.rbi
 - rbi/workos/update_oauth_application.rbi
 - rbi/workos/update_organization.rbi
@@ -1157,6 +1171,7 @@ files:
 - rbi/workos/user_invite.rbi
 - rbi/workos/user_management.rbi
 - rbi/workos/user_management_login_request.rbi
+- rbi/workos/user_management_organization_membership_groups.rbi
 - rbi/workos/user_object.rbi
 - rbi/workos/user_organization_membership.rbi
 - rbi/workos/user_organization_membership_base_list_data.rbi
@@ -1188,6 +1203,10 @@ files:
 - rbi/workos/vault_names_listed_data.rbi
 - rbi/workos/verify_email_address.rbi
 - rbi/workos/verify_email_response.rbi
+- rbi/workos/waitlist_user.rbi
+- rbi/workos/waitlist_user_approved.rbi
+- rbi/workos/waitlist_user_created.rbi
+- rbi/workos/waitlist_user_denied.rbi
 - rbi/workos/webhook_endpoint.rbi
 - rbi/workos/webhook_endpoint_json.rbi
 - rbi/workos/webhooks.rbi
@@ -1210,6 +1229,7 @@ files:
 - test/workos/test_encryptors_aes_gcm.rb
 - test/workos/test_events.rb
 - test/workos/test_feature_flags.rb
+- test/workos/test_groups.rb
 - test/workos/test_list_struct.rb
 - test/workos/test_model_round_trip.rb
 - test/workos/test_multi_factor_auth.rb
@@ -1225,6 +1245,7 @@ files:
 - test/workos/test_sso_helpers.rb
 - test/workos/test_sso_runtime.rb
 - test/workos/test_user_management.rb
+- test/workos/test_user_management_organization_membership_groups.rb
 - test/workos/test_vault.rb
 - test/workos/test_webhook_verify.rb
 - test/workos/test_webhooks.rb

data/lib/workos/user_management/urn_ietf_params_oauth_grant_type_device_code_session_authenticate_request.rb

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-# This file is auto-generated by oagen. Do not edit.
-
-module WorkOS
-  # @deprecated Use WorkOS::DeviceCodeSessionAuthenticateRequest instead.
-  UrnIetfParamsOAuthGrantTypeDeviceCodeSessionAuthenticateRequest = DeviceCodeSessionAuthenticateRequest
-end

data/lib/workos/user_management/urn_workos_oauth_grant_type_email_verification_code_session_authenticate_request.rb

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-# This file is auto-generated by oagen. Do not edit.
-
-module WorkOS
-  # @deprecated Use WorkOS::EmailVerificationCodeSessionAuthenticateRequest instead.
-  UrnWorkosOAuthGrantTypeEmailVerificationCodeSessionAuthenticateRequest = EmailVerificationCodeSessionAuthenticateRequest
-end

data/lib/workos/user_management/urn_workos_oauth_grant_type_magic_auth_code_session_authenticate_request.rb

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-# This file is auto-generated by oagen. Do not edit.
-
-module WorkOS
-  # @deprecated Use WorkOS::MagicAuthCodeSessionAuthenticateRequest instead.
-  UrnWorkosOAuthGrantTypeMagicAuthCodeSessionAuthenticateRequest = MagicAuthCodeSessionAuthenticateRequest
-end

data/lib/workos/user_management/urn_workos_oauth_grant_type_mfa_totp_session_authenticate_request.rb

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-# This file is auto-generated by oagen. Do not edit.
-
-module WorkOS
-  # @deprecated Use WorkOS::MFATotpSessionAuthenticateRequest instead.
-  UrnWorkosOAuthGrantTypeMfaTotpSessionAuthenticateRequest = MFATotpSessionAuthenticateRequest
-end