workos 7.1.1 → 8.0.0

data/lib/workos/user_management/user_api_key_created_data_owner.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  class UserApiKeyCreatedDataOwner < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      type: :type,
+      id: :id,
+      organization_id: :organization_id
+    }.freeze
+
+    attr_accessor \
+      :type,
+      :id,
+      :organization_id
+
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @type = hash[:type]
+      @id = hash[:id]
+      @organization_id = hash[:organization_id]
+    end
+  end
+end

data/lib/workos/{api_keys/api_key_with_value_owner.rb → user_management/user_api_key_owner.rb}

@@ -3,5 +3,5 @@
 # This file is auto-generated by oagen. Do not edit.
 
 module WorkOS
-  ApiKeyWithValueOwner = ApiKeyCreatedDataOwner
+  UserApiKeyOwner = UserApiKeyCreatedDataOwner
 end

data/lib/workos/{types/webhooks_order.rb → user_management/user_api_key_revoked_data_owner.rb}

@@ -3,7 +3,5 @@
 # This file is auto-generated by oagen. Do not edit.
 
 module WorkOS
-  module Types
-    WebhooksOrder = ApplicationsOrder
-  end
+  UserApiKeyRevokedDataOwner = UserApiKeyCreatedDataOwner
 end

data/lib/workos/{api_keys/api_key_with_value.rb → user_management/user_api_key_with_value.rb}

@@ -3,7 +3,7 @@
 # This file is auto-generated by oagen. Do not edit.
 
 module WorkOS
-  class ApiKeyWithValue < WorkOS::Types::BaseModel
+  class UserApiKeyWithValue < WorkOS::Types::BaseModel
     HASH_ATTRS = {
       object: :object,
       id: :id,
@@ -33,7 +33,7 @@ module WorkOS
       hash = self.class.normalize(json)
       @object = hash[:object]
       @id = hash[:id]
-      @owner = hash[:owner] ? WorkOS::ApiKeyWithValueOwner.new(hash[:owner]) : nil
+      @owner = hash[:owner] ? WorkOS::UserApiKeyWithValueOwner.new(hash[:owner]) : nil
       @name = hash[:name]
       @obfuscated_value = hash[:obfuscated_value]
       @last_used_at = hash[:last_used_at]

data/lib/workos/{types/groups_order.rb → user_management/user_api_key_with_value_owner.rb}

@@ -3,7 +3,5 @@
 # This file is auto-generated by oagen. Do not edit.
 
 module WorkOS
-  module Types
-    GroupsOrder = ApplicationsOrder
-  end
+  UserApiKeyWithValueOwner = UserApiKeyCreatedDataOwner
 end

data/lib/workos/user_management/user_organization_membership.rb

@@ -15,7 +15,8 @@ module WorkOS
       custom_attributes: :custom_attributes,
       created_at: :created_at,
       updated_at: :updated_at,
-      role: :role
+      role: :role,
+      user: :user
     }.freeze
 
     attr_accessor \
@@ -29,7 +30,8 @@ module WorkOS
       :custom_attributes,
       :created_at,
       :updated_at,
-      :role
+      :role,
+      :user
 
     def initialize(json)
       hash = self.class.normalize(json)
@@ -44,6 +46,7 @@ module WorkOS
       @created_at = hash[:created_at]
       @updated_at = hash[:updated_at]
       @role = hash[:role] ? WorkOS::SlimRole.new(hash[:role]) : nil
+      @user = hash[:user] ? WorkOS::User.new(hash[:user]) : nil
     end
   end
 end

data/lib/workos/user_management.rb

@@ -6,6 +6,32 @@ require "json"
 
 module WorkOS
   class UserManagement
+    # Identifies the password (plaintext variant).
+    #
+    # @!attribute [r] password
+    #   @return [String]
+    PasswordPlaintext = Data.define(:password)
+
+    # Identifies the password (hashed variant).
+    #
+    # @!attribute [r] password_hash
+    #   @return [String]
+    # @!attribute [r] password_hash_type
+    #   @return [WorkOS::Types::CreateUserPasswordHashType]
+    PasswordHashed = Data.define(:password_hash, :password_hash_type)
+
+    # Identifies the role (single variant).
+    #
+    # @!attribute [r] role_slug
+    #   @return [String]
+    RoleSingle = Data.define(:role_slug)
+
+    # Identifies the role (multiple variant).
+    #
+    # @!attribute [r] role_slugs
+    #   @return [Array<String>]
+    RoleMultiple = Data.define(:role_slugs)
+
     def initialize(client)
       @client = client
     end
@@ -403,7 +429,7 @@ module WorkOS
     )
       body = {
         "client_id" => client_id
-      }.compact
+      }
       response = @client.request(
         method: :post,
         path: "/user_management/authorize/device",
@@ -450,7 +476,7 @@ module WorkOS
     )
       body = {
         "origin" => origin
-      }.compact
+      }
       response = @client.request(
         method: :post,
         path: "/user_management/cors_origins",
@@ -492,7 +518,7 @@ module WorkOS
     )
       body = {
         "email" => email
-      }.compact
+      }
       response = @client.request(
         method: :post,
         path: "/user_management/password_reset",
@@ -518,7 +544,7 @@ module WorkOS
       body = {
         "token" => token,
         "new_password" => new_password
-      }.compact
+      }
       response = @client.request(
         method: :post,
         path: "/user_management/password_reset/confirm",
@@ -554,7 +580,7 @@ module WorkOS
     # @param before [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
     # @param after [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
     # @param limit [Integer, nil] Upper limit on the number of objects to return, between `1` and `100`.
-    # @param order [WorkOS::Types::UserManagementUsersOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
+    # @param order [WorkOS::Types::PaginationOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
     # @param organization [String, nil] (deprecated) Filter users by the organization they are a member of. Deprecated in favor of `organization_id`.
     # @param organization_id [String, nil] Filter users by the organization they are a member of.
     # @param email [String, nil] Filter users by their email address.
@@ -563,7 +589,7 @@ module WorkOS
     def list_users(
       before: nil,
       after: nil,
-      limit: nil,
+      limit: 10,
       order: "desc",
       organization: nil,
       organization_id: nil,
@@ -613,9 +639,7 @@ module WorkOS
     # @param email_verified [Boolean, nil] Whether the user's email has been verified.
     # @param metadata [Hash{String => String}, nil] Object containing metadata key/value pairs associated with the user.
     # @param external_id [String, nil] The external ID of the user.
-    # @param password [String, nil] The password to set for the user. Mutually exclusive with `password_hash` and `password_hash_type`.
-    # @param password_hash [String, nil] The hashed password to set for the user. Required with `password_hash_type`. Mutually exclusive with `password`.
-    # @param password_hash_type [WorkOS::Types::CreateUserPasswordHashType, nil] The algorithm originally used to hash the password, used when providing a `password_hash`. Required with `password_hash`. Mutually exclusive with `password`.
+    # @param password [WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed, nil] Identifies the password.
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
     # @return [WorkOS::User]
     def create_user(
@@ -626,8 +650,6 @@ module WorkOS
       metadata: nil,
       external_id: nil,
       password: nil,
-      password_hash: nil,
-      password_hash_type: nil,
       request_options: {}
     )
       body = {
@@ -636,18 +658,17 @@ module WorkOS
         "last_name" => last_name,
         "email_verified" => email_verified,
         "metadata" => metadata,
-        "external_id" => external_id,
-        "password" => password,
-        "password_hash" => password_hash,
-        "password_hash_type" => password_hash_type
+        "external_id" => external_id
       }.compact
       if password
-        case password[:type]
-        when "plaintext"
-          body["password"] = password[:password]
-        when "hashed"
-          body["password_hash"] = password[:password_hash]
-          body["password_hash_type"] = password[:password_hash_type]
+        case password
+        when WorkOS::UserManagement::PasswordPlaintext
+          body["password"] = password.password
+        when WorkOS::UserManagement::PasswordHashed
+          body["password_hash"] = password.password_hash
+          body["password_hash_type"] = password.password_hash_type
+        else
+          raise ArgumentError, "expected password to be one of: WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed, got #{password.class}"
         end
       end
       response = @client.request(
@@ -709,9 +730,7 @@ module WorkOS
     # @param metadata [Hash{String => String}, nil] Object containing metadata key/value pairs associated with the user.
     # @param external_id [String, nil] The external ID of the user.
     # @param locale [String, nil] The user's preferred locale.
-    # @param password [String, nil] The password to set for the user. Mutually exclusive with `password_hash` and `password_hash_type`.
-    # @param password_hash [String, nil] The hashed password to set for the user. Required with `password_hash_type`. Mutually exclusive with `password`.
-    # @param password_hash_type [WorkOS::Types::UpdateUserPasswordHashType, nil] The algorithm originally used to hash the password, used when providing a `password_hash`. Required with `password_hash`. Mutually exclusive with `password`.
+    # @param password [WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed, nil] Identifies the password.
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
     # @return [WorkOS::User]
     def update_user(
@@ -724,8 +743,6 @@ module WorkOS
       external_id: nil,
       locale: nil,
       password: nil,
-      password_hash: nil,
-      password_hash_type: nil,
       request_options: {}
     )
       body = {
@@ -735,18 +752,17 @@ module WorkOS
         "email_verified" => email_verified,
         "metadata" => metadata,
         "external_id" => external_id,
-        "locale" => locale,
-        "password" => password,
-        "password_hash" => password_hash,
-        "password_hash_type" => password_hash_type
+        "locale" => locale
       }.compact
       if password
-        case password[:type]
-        when "plaintext"
-          body["password"] = password[:password]
-        when "hashed"
-          body["password_hash"] = password[:password_hash]
-          body["password_hash_type"] = password[:password_hash_type]
+        case password
+        when WorkOS::UserManagement::PasswordPlaintext
+          body["password"] = password.password
+        when WorkOS::UserManagement::PasswordHashed
+          body["password_hash"] = password.password_hash
+          body["password_hash_type"] = password.password_hash_type
+        else
+          raise ArgumentError, "expected password to be one of: WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed, got #{password.class}"
         end
       end
       response = @client.request(
@@ -790,7 +806,7 @@ module WorkOS
     )
       body = {
         "code" => code
-      }.compact
+      }
       response = @client.request(
         method: :post,
         path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_change/confirm",
@@ -815,7 +831,7 @@ module WorkOS
     )
       body = {
         "new_email" => new_email
-      }.compact
+      }
       response = @client.request(
         method: :post,
         path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_change/send",
@@ -840,7 +856,7 @@ module WorkOS
     )
       body = {
         "code" => code
-      }.compact
+      }
       response = @client.request(
         method: :post,
         path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_verification/confirm",
@@ -895,14 +911,14 @@ module WorkOS
     # @param before [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
     # @param after [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
     # @param limit [Integer, nil] Upper limit on the number of objects to return, between `1` and `100`.
-    # @param order [WorkOS::Types::UserManagementUsersOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
+    # @param order [WorkOS::Types::PaginationOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
     # @return [WorkOS::Types::ListStruct<WorkOS::UserSessionsListItem>]
     def list_sessions(
       id:,
       before: nil,
       after: nil,
-      limit: nil,
+      limit: 10,
       order: "desc",
       request_options: {}
     )
@@ -941,7 +957,7 @@ module WorkOS
     # @param before [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
     # @param after [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
     # @param limit [Integer, nil] Upper limit on the number of objects to return, between `1` and `100`.
-    # @param order [WorkOS::Types::UserManagementInvitationsOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
+    # @param order [WorkOS::Types::PaginationOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
     # @param organization_id [String, nil] The ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join.
     # @param email [String, nil] The email address of the recipient.
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
@@ -949,7 +965,7 @@ module WorkOS
     def list_invitations(
       before: nil,
       after: nil,
-      limit: nil,
+      limit: 10,
       order: "desc",
       organization_id: nil,
       email: nil,
@@ -1128,6 +1144,21 @@ module WorkOS
       result
     end
 
+    # Get JWT template
+    # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
+    # @return [WorkOS::JWTTemplateResponse]
+    def list_jwt_template(request_options: {})
+      response = @client.request(
+        method: :get,
+        path: "/user_management/jwt_template",
+        auth: true,
+        request_options: request_options
+      )
+      result = WorkOS::JWTTemplateResponse.new(response.body)
+      result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
+      result
+    end
+
     # Update JWT template
     # @param content [String] The JWT template content as a Liquid template string.
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
@@ -1138,7 +1169,7 @@ module WorkOS
     )
       body = {
         "content" => content
-      }.compact
+      }
       response = @client.request(
         method: :put,
         path: "/user_management/jwt_template",
@@ -1200,7 +1231,7 @@ module WorkOS
     # @param before [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
     # @param after [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
     # @param limit [Integer, nil] Upper limit on the number of objects to return, between `1` and `100`.
-    # @param order [WorkOS::Types::UserManagementOrganizationMembershipOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
+    # @param order [WorkOS::Types::PaginationOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
     # @param organization_id [String, nil] The ID of the [organization](https://workos.com/docs/reference/organization) which the user belongs to.
     # @param statuses [Array<WorkOS::Types::UserManagementOrganizationMembershipStatuses>, nil] Filter by the status of the organization membership. Array including any of `active`, `inactive`, or `pending`.
     # @param user_id [String, nil] The ID of the [user](https://workos.com/docs/reference/authkit/user).
@@ -1209,7 +1240,7 @@ module WorkOS
     def list_organization_memberships(
       before: nil,
       after: nil,
-      limit: nil,
+      limit: 10,
       order: "desc",
       organization_id: nil,
       statuses: nil,
@@ -1255,30 +1286,27 @@ module WorkOS
     # Create an organization membership
     # @param user_id [String] The ID of the [user](https://workos.com/docs/reference/authkit/user).
     # @param organization_id [String] The ID of the [organization](https://workos.com/docs/reference/organization) which the user belongs to.
-    # @param role_slug [String, nil] A single role identifier. Defaults to `member` or the explicit default role. Mutually exclusive with `role_slugs`.
-    # @param role_slugs [Array<String>, nil] An array of role identifiers. Limited to one role when Multiple Roles is disabled. Mutually exclusive with `role_slug`.
+    # @param role [WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple, nil] Identifies the role.
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
     # @return [WorkOS::OrganizationMembership]
     def create_organization_membership(
       user_id:,
       organization_id:,
-      role_slug: nil,
-      role_slugs: nil,
       role: nil,
       request_options: {}
     )
       body = {
         "user_id" => user_id,
-        "organization_id" => organization_id,
-        "role_slug" => role_slug,
-        "role_slugs" => role_slugs
-      }.compact
+        "organization_id" => organization_id
+      }
       if role
-        case role[:type]
-        when "single"
-          body["role_slug"] = role[:role_slug]
-        when "multiple"
-          body["role_slugs"] = role[:role_slugs]
+        case role
+        when WorkOS::UserManagement::RoleSingle
+          body["role_slug"] = role.role_slug
+        when WorkOS::UserManagement::RoleMultiple
+          body["role_slugs"] = role.role_slugs
+        else
+          raise ArgumentError, "expected role to be one of: WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple, got #{role.class}"
         end
       end
       response = @client.request(
@@ -1314,27 +1342,23 @@ module WorkOS
 
     # Update an organization membership
     # @param id [String] The unique ID of the organization membership.
-    # @param role_slug [String, nil] A single role identifier. Defaults to `member` or the explicit default role. Mutually exclusive with `role_slugs`.
-    # @param role_slugs [Array<String>, nil] An array of role identifiers. Limited to one role when Multiple Roles is disabled. Mutually exclusive with `role_slug`.
+    # @param role [WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple, nil] Identifies the role.
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
     # @return [WorkOS::UserOrganizationMembership]
     def update_organization_membership(
       id:,
-      role_slug: nil,
-      role_slugs: nil,
       role: nil,
       request_options: {}
     )
-      body = {
-        "role_slug" => role_slug,
-        "role_slugs" => role_slugs
-      }.compact
+      body = {}
       if role
-        case role[:type]
-        when "single"
-          body["role_slug"] = role[:role_slug]
-        when "multiple"
-          body["role_slugs"] = role[:role_slugs]
+        case role
+        when WorkOS::UserManagement::RoleSingle
+          body["role_slug"] = role.role_slug
+        when WorkOS::UserManagement::RoleMultiple
+          body["role_slugs"] = role.role_slugs
+        else
+          raise ArgumentError, "expected role to be one of: WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple, got #{role.class}"
         end
       end
       response = @client.request(
@@ -1414,7 +1438,7 @@ module WorkOS
     )
       body = {
         "uri" => uri
-      }.compact
+      }
       response = @client.request(
         method: :post,
         path: "/user_management/redirect_uris",
@@ -1432,14 +1456,14 @@ module WorkOS
     # @param before [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
     # @param after [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
     # @param limit [Integer, nil] Upper limit on the number of objects to return, between `1` and `100`.
-    # @param order [WorkOS::Types::UserManagementUsersAuthorizedApplicationsOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
+    # @param order [WorkOS::Types::PaginationOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
     # @return [WorkOS::Types::ListStruct<WorkOS::AuthorizedConnectApplicationListData>]
     def list_user_authorized_applications(
       user_id:,
       before: nil,
       after: nil,
-      limit: nil,
+      limit: 10,
       order: "desc",
       request_options: {}
     )
@@ -1493,6 +1517,88 @@ module WorkOS
       nil
     end
 
+    # List API keys for a user
+    # @param user_id [String] Unique identifier of the user.
+    # @param before [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list.
+    # @param after [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list.
+    # @param limit [Integer, nil] Upper limit on the number of objects to return, between `1` and `100`.
+    # @param order [WorkOS::Types::PaginationOrder, nil] Order the results by the creation time.
+    # @param organization_id [String, nil] The ID of the organization to filter user API keys by. When provided, only API keys created against that organization membership are returned.
+    # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
+    # @return [WorkOS::Types::ListStruct<WorkOS::UserApiKey>]
+    def list_user_api_keys(
+      user_id:,
+      before: nil,
+      after: nil,
+      limit: 10,
+      order: "desc",
+      organization_id: nil,
+      request_options: {}
+    )
+      params = {
+        "before" => before,
+        "after" => after,
+        "limit" => limit,
+        "order" => order,
+        "organization_id" => organization_id
+      }.compact
+      response = @client.request(
+        method: :get,
+        path: "/user_management/users/#{WorkOS::Util.encode_path(user_id)}/api_keys",
+        auth: true,
+        params: params,
+        request_options: request_options
+      )
+      fetch_next = ->(cursor) {
+        list_user_api_keys(
+          user_id: user_id,
+          before: before,
+          after: cursor,
+          limit: limit,
+          order: order,
+          organization_id: organization_id,
+          request_options: request_options
+        )
+      }
+      WorkOS::Types::ListStruct.from_response(
+        response,
+        model: WorkOS::UserApiKey,
+        filters: {user_id: user_id, before: before, limit: limit, order: order, organization_id: organization_id},
+        fetch_next: fetch_next
+      )
+    end
+
+    # Create an API key for a user
+    # @param user_id [String] Unique identifier of the user.
+    # @param name [String] A descriptive name for the API key.
+    # @param organization_id [String] The ID of the organization the user API key is associated with. The user must have an active membership in this organization.
+    # @param permissions [Array<String>, nil] The permission slugs to assign to the API key. Each permission must be enabled for user API keys.
+    # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
+    # @return [WorkOS::UserApiKeyWithValue]
+    def create_user_api_key(
+      user_id:,
+      name:,
+      organization_id:,
+      permissions: nil,
+      request_options: {}
+    )
+      body = {
+        "name" => name,
+        "organization_id" => organization_id,
+        "permissions" => permissions
+      }.compact
+      response = @client.request(
+        method: :post,
+        path: "/user_management/users/#{WorkOS::Util.encode_path(user_id)}/api_keys",
+        auth: true,
+        body: body,
+        request_options: request_options
+      )
+      result = WorkOS::UserApiKeyWithValue.new(response.body)
+      result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
+      result
+    end
+
     # @oagen-ignore-start — non-spec helpers (hand-maintained)
     # H13 — Build the JWKS URL for a given client_id (no HTTP call).
     # Pair with #get_jwks (generated) to fetch the keyset.

data/lib/workos/user_management_organization_membership_groups.rb

@@ -15,14 +15,14 @@ module WorkOS
     # @param before [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
     # @param after [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
     # @param limit [Integer, nil] Upper limit on the number of objects to return, between `1` and `100`.
-    # @param order [WorkOS::Types::UserManagementOrganizationMembershipGroupsOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
+    # @param order [WorkOS::Types::PaginationOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
     # @return [WorkOS::Types::ListStruct<WorkOS::Group>]
     def list_organization_membership_groups(
       om_id:,
       before: nil,
       after: nil,
-      limit: nil,
+      limit: 10,
       order: "desc",
       request_options: {}
     )

data/lib/workos/vault/vault_byok_key_deleted.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  class VaultByokKeyDeleted < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      id: :id,
+      event: :event,
+      data: :data,
+      created_at: :created_at,
+      context: :context,
+      object: :object
+    }.freeze
+
+    attr_accessor \
+      :id,
+      :event,
+      :data,
+      :created_at,
+      :context,
+      :object
+
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @id = hash[:id]
+      @event = hash[:event]
+      @data = hash[:data] ? WorkOS::VaultByokKeyDeletedData.new(hash[:data]) : nil
+      @created_at = hash[:created_at]
+      @context = hash[:context] ? WorkOS::EventContext.new(hash[:context]) : nil
+      @object = hash[:object]
+    end
+  end
+end

data/lib/workos/vault/vault_byok_key_deleted_data.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  class VaultByokKeyDeletedData < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      organization_id: :organization_id,
+      key_provider: :key_provider
+    }.freeze
+
+    attr_accessor \
+      :organization_id,
+      :key_provider
+
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @organization_id = hash[:organization_id]
+      @key_provider = hash[:key_provider]
+    end
+  end
+end

data/lib/workos/version.rb

@@ -2,5 +2,5 @@
 
 # @oagen-ignore-file
 module WorkOS
-  VERSION = "7.1.1"
+  VERSION = "8.0.0"
 end