RubyGems - workos - Versions diffs - 7.1.2 → 8.0.1 - Mend

workos 7.1.2 → 8.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (120) hide show

checksums.yaml +4 -4
data/.github/workflows/docs.yml +49 -0
data/.github/workflows/release-please.yml +2 -2
data/.gitignore +2 -0
data/.last-synced-sha +1 -1
data/.oagen-manifest.json +61 -40
data/.release-please-manifest.json +1 -1
data/.yardopts +6 -0
data/CHANGELOG.md +36 -0
data/Gemfile +6 -0
data/Gemfile.lock +33 -2
data/README.md +19 -0
data/docs/V7_MIGRATION_GUIDE.md +21 -0
data/lib/workos/actions.rb +1 -1
data/lib/workos/api_keys/api_key.rb +1 -1
data/lib/workos/api_keys/api_key_created_data.rb +1 -1
data/lib/workos/api_keys/organization_api_key.rb +43 -0
data/lib/workos/{types/events_order.rb → api_keys/organization_api_key_owner.rb} +1 -3
data/lib/workos/api_keys/organization_api_key_with_value.rb +46 -0
data/lib/workos/{types/audit_logs_order.rb → api_keys/organization_api_key_with_value_owner.rb} +1 -3
data/lib/workos/api_keys.rb +46 -46
data/lib/workos/audit_logs.rb +4 -4
data/lib/workos/authorization/user_organization_membership_base_list_data.rb +5 -2
data/lib/workos/authorization/{role_assignment.rb → user_role_assignment.rb} +5 -2
data/lib/workos/authorization/{role_assignment_resource.rb → user_role_assignment_resource.rb} +1 -1
data/lib/workos/authorization.rb +122 -22
data/lib/workos/base_client.rb +71 -5
data/lib/workos/client.rb +4 -4
data/lib/workos/connect.rb +2 -2
data/lib/workos/directory_sync/directory_user.rb +3 -0
data/lib/workos/directory_sync/directory_user_with_groups.rb +4 -1
data/lib/workos/directory_sync/dsync_user_updated_data.rb +3 -0
data/lib/workos/directory_sync.rb +6 -6
data/lib/workos/encryptors/aes_gcm.rb +19 -5
data/lib/workos/events.rb +2 -2
data/lib/workos/feature_flags.rb +6 -6
data/lib/workos/groups.rb +4 -4
data/lib/workos/multi_factor_auth.rb +2 -2
data/lib/workos/organizations.rb +2 -2
data/lib/workos/session.rb +28 -7
data/lib/workos/session_manager.rb +24 -1
data/lib/workos/sso/profile.rb +3 -0
data/lib/workos/sso.rb +2 -2
data/lib/workos/types/event_context_actor_source.rb +2 -1
data/lib/workos/types/{applications_order.rb → pagination_order.rb} +1 -1
data/lib/workos/types/{vault_byok_key_verification_completed_data_key_provider.rb → vault_byok_key_provider.rb} +1 -1
data/lib/workos/user_management/create_user_api_key.rb +25 -0
data/lib/workos/user_management/organization_membership.rb +5 -2
data/lib/workos/user_management/user_api_key.rb +43 -0
data/lib/workos/user_management/user_api_key_created_data_owner.rb +25 -0
data/lib/workos/{api_keys/api_key_with_value_owner.rb → user_management/user_api_key_owner.rb} +1 -1
data/lib/workos/{types/webhooks_order.rb → user_management/user_api_key_revoked_data_owner.rb} +1 -3
data/lib/workos/{api_keys/api_key_with_value.rb → user_management/user_api_key_with_value.rb} +2 -2
data/lib/workos/{types/groups_order.rb → user_management/user_api_key_with_value_owner.rb} +1 -3
data/lib/workos/user_management/user_organization_membership.rb +5 -2
data/lib/workos/user_management.rb +114 -10
data/lib/workos/user_management_organization_membership_groups.rb +2 -2
data/lib/workos/vault/vault_byok_key_deleted.rb +34 -0
data/lib/workos/vault/vault_byok_key_deleted_data.rb +22 -0
data/lib/workos/version.rb +1 -1
data/lib/workos/webhooks.rb +3 -3
data/rbi/workos/api_key.rbi +2 -2
data/rbi/workos/api_key_created_data.rbi +2 -2
data/rbi/workos/api_key_revoked_data.rbi +2 -2
data/rbi/workos/api_keys.rbi +17 -17
data/rbi/workos/authorization.rbi +27 -1
data/rbi/workos/client.rbi +3 -3
data/rbi/workos/create_user_api_key.rbi +36 -0
data/rbi/workos/directory_user.rbi +6 -0
data/rbi/workos/directory_user_with_groups.rbi +6 -0
data/rbi/workos/dsync_user_updated_data.rbi +6 -0
data/rbi/workos/organization_api_key.rbi +72 -0
data/rbi/workos/{api_key_with_value_owner.rbi → organization_api_key_owner.rbi} +1 -1
data/rbi/workos/organization_api_key_with_value.rbi +78 -0
data/rbi/workos/organization_api_key_with_value_owner.rbi +30 -0
data/rbi/workos/organization_membership.rbi +6 -0
data/rbi/workos/profile.rbi +6 -0
data/rbi/workos/user_api_key.rbi +72 -0
data/rbi/workos/user_api_key_created_data_owner.rbi +36 -0
data/rbi/workos/user_api_key_owner.rbi +36 -0
data/rbi/workos/user_api_key_revoked_data_owner.rbi +36 -0
data/rbi/workos/{api_key_with_value.rbi → user_api_key_with_value.rbi} +3 -3
data/rbi/workos/user_api_key_with_value_owner.rbi +36 -0
data/rbi/workos/user_management.rbi +31 -0
data/rbi/workos/user_organization_membership.rbi +6 -0
data/rbi/workos/user_organization_membership_base_list_data.rbi +6 -0
data/rbi/workos/{role_assignment.rbi → user_role_assignment.rbi} +9 -3
data/rbi/workos/{role_assignment_resource.rbi → user_role_assignment_resource.rbi} +1 -1
data/rbi/workos/vault_byok_key_deleted.rbi +54 -0
data/rbi/workos/vault_byok_key_deleted_data.rbi +30 -0
data/script/docs +16 -0
data/script/docs-serve +12 -0
data/script/llms-txt +37 -0
data/test/workos/test_actions.rb +9 -0
data/test/workos/test_api_keys.rb +17 -17
data/test/workos/test_authorization.rb +16 -0
data/test/workos/test_base_client.rb +44 -0
data/test/workos/test_encryptors_aes_gcm.rb +16 -1
data/test/workos/test_model_round_trip.rb +278 -83
data/test/workos/test_session.rb +43 -4
data/test/workos/test_user_management.rb +25 -1
data/test/workos/test_webhook_verify.rb +11 -0
metadata +39 -33
data/lib/workos/types/authorization_order.rb +0 -9
data/lib/workos/types/connections_order.rb +0 -9
data/lib/workos/types/directories_order.rb +0 -9
data/lib/workos/types/directory_groups_order.rb +0 -9
data/lib/workos/types/directory_users_order.rb +0 -9
data/lib/workos/types/feature_flags_order.rb +0 -9
data/lib/workos/types/organizations_api_keys_order.rb +0 -9
data/lib/workos/types/organizations_feature_flags_order.rb +0 -9
data/lib/workos/types/organizations_order.rb +0 -9
data/lib/workos/types/permissions_order.rb +0 -9
data/lib/workos/types/user_management_invitations_order.rb +0 -9
data/lib/workos/types/user_management_multi_factor_authentication_order.rb +0 -9
data/lib/workos/types/user_management_organization_membership_groups_order.rb +0 -9
data/lib/workos/types/user_management_organization_membership_order.rb +0 -9
data/lib/workos/types/user_management_users_authorized_applications_order.rb +0 -9
data/lib/workos/types/user_management_users_feature_flags_order.rb +0 -9
data/lib/workos/types/user_management_users_order.rb +0 -9

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6e48d8fb142eca494c5b316c17dd940cfbb2244a5c1589a9b30cc7106f850631
-  data.tar.gz: 1fd7a0f9e75d74109e01e6a54546cf7f83155c78e64ea321e77d032e219a749c
+  metadata.gz: ca01c2ba88ce0aff45ae8689e584ba67896309cefeda715c18b119094e238a7b
+  data.tar.gz: 6733400a815cf3e8274e5eda8f95dbf2bfa9ea65da27fcc8b59e027f85b6182c
 SHA512:
-  metadata.gz: 29c7c96477e7d66be140bee056673e9d5385beb15da8cad3011e9a3335d8d6ebcf902d9547c2188656ed0fdb0cdde724df79a6eb240507e501a46c6c0cded34e
-  data.tar.gz: 34592fb5ecd1d1e52f06338115f3740a02304f1c3d077c06a8038bb8bb009dd769073d2bff0bf782558a945bd3ff9b4270c868a1101ebf2c7ac6443bbaf735cd
+  metadata.gz: 79ed8ec1968491abfdb5d884988176fd02d9b3ddd74e777e59d7f0cf47609a3f9f1c45bfd7e1cca94624f1734b7f2a95c8f71da9c27c32f3a843a98cd720a5bf
+  data.tar.gz: e72fca2d3bf036ee5b134500ba001c7f35db82473edde30c4fcc748e2e492d0450a9d8ce4f1d11c43376672257d7ca51d8ecc0663180e40a3c02d5ab3572d0d4

data/.github/workflows/docs.yml ADDED Viewed

@@ -0,0 +1,49 @@
+name: Publish API Docs
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+permissions:
+  contents: read
+concurrency:
+  group: pages
+  cancel-in-progress: false
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f # v1.306.0
+        with:
+          bundler-cache: true
+      - run: ./script/docs
+      - uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0
+      - name: Archive site
+        run: |
+          tar \
+            --dereference --hard-dereference \
+            --directory docs/_site \
+            -cvf "$RUNNER_TEMP/artifact.tar" \
+            --exclude=.git \
+            --exclude=.github \
+            .
+      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: github-pages
+          path: ${{ runner.temp }}/artifact.tar
+          retention-days: 1
+          if-no-files-found: error
+  deploy:
+    needs: build
+    permissions:
+      pages: write
+      id-token: write
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0
+        id: deployment

data/.github/workflows/release-please.yml CHANGED Viewed

@@ -45,8 +45,8 @@ jobs:
           if git diff --quiet Gemfile.lock; then
             echo "Gemfile.lock is up to date"
           else
-            git config user.name "github-actions[bot]"
-            git config user.email "github-actions[bot]@users.noreply.github.com"
+            git config user.name "workos-sdk-automation[bot]"
+            git config user.email "255426317+workos-sdk-automation[bot]@users.noreply.github.com"
             git add Gemfile.lock
             git commit -m "chore: update Gemfile.lock"
             git push

data/.gitignore CHANGED Viewed

@@ -50,3 +50,5 @@
 .vscode
 .idea/
+docs/_site/
+.yardoc/

data/.last-synced-sha CHANGED Viewed

	@@ -1 +1 @@
1	- ~~92db0495807c86fbbc4d45bd266a6c1f5bcbb59c~~
1	+ a10d9ecb766d2dd996aecb19aa9c801d78bb7c26

data/.oagen-manifest.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 2,
   "language": "ruby",
-  "generatedAt": "2026-04-30T17:41:02.756Z",
+  "generatedAt": "2026-05-06T22:30:35.198Z",
   "files": [
     "lib/workos.rb",
     "lib/workos/admin_portal.rb",
@@ -20,9 +20,11 @@
     "lib/workos/api_keys/api_key_revoked_data.rb",
     "lib/workos/api_keys/api_key_revoked_data_owner.rb",
     "lib/workos/api_keys/api_key_validation_response.rb",
-    "lib/workos/api_keys/api_key_with_value.rb",
-    "lib/workos/api_keys/api_key_with_value_owner.rb",
     "lib/workos/api_keys/create_organization_api_key.rb",
+    "lib/workos/api_keys/organization_api_key.rb",
+    "lib/workos/api_keys/organization_api_key_owner.rb",
+    "lib/workos/api_keys/organization_api_key_with_value.rb",
+    "lib/workos/api_keys/organization_api_key_with_value_owner.rb",
     "lib/workos/api_keys/validate_api_key.rb",
     "lib/workos/audit_logs.rb",
     "lib/workos/audit_logs/audit_log_action_json.rb",
@@ -60,8 +62,6 @@
     "lib/workos/authorization/permission_updated_data.rb",
     "lib/workos/authorization/remove_role.rb",
     "lib/workos/authorization/role.rb",
-    "lib/workos/authorization/role_assignment.rb",
-    "lib/workos/authorization/role_assignment_resource.rb",
     "lib/workos/authorization/role_created.rb",
     "lib/workos/authorization/role_created_data.rb",
     "lib/workos/authorization/role_deleted.rb",
@@ -76,6 +76,8 @@
     "lib/workos/authorization/update_organization_role.rb",
     "lib/workos/authorization/update_role.rb",
     "lib/workos/authorization/user_organization_membership_base_list_data.rb",
+    "lib/workos/authorization/user_role_assignment.rb",
+    "lib/workos/authorization/user_role_assignment_resource.rb",
     "lib/workos/client.rb",
     "lib/workos/connect.rb",
     "lib/workos/connect/application_credentials_list_item.rb",
@@ -283,19 +285,16 @@
     "lib/workos/sso/sso_token_response.rb",
     "lib/workos/sso/sso_token_response_oauth_token.rb",
     "lib/workos/sso/token_query.rb",
-    "lib/workos/types/applications_order.rb",
     "lib/workos/types/audit_log_configuration_log_stream_state.rb",
     "lib/workos/types/audit_log_configuration_log_stream_type.rb",
     "lib/workos/types/audit_log_configuration_state.rb",
     "lib/workos/types/audit_log_export_json_state.rb",
-    "lib/workos/types/audit_logs_order.rb",
     "lib/workos/types/authenticate_response_authentication_method.rb",
     "lib/workos/types/authentication_factor_enrolled_type.rb",
     "lib/workos/types/authentication_factor_type.rb",
     "lib/workos/types/authentication_factors_create_request_type.rb",
     "lib/workos/types/authentication_radar_risk_detected_data_action.rb",
     "lib/workos/types/authorization_assignment.rb",
-    "lib/workos/types/authorization_order.rb",
     "lib/workos/types/connected_account_state.rb",
     "lib/workos/types/connection_activated_data_connection_type.rb",
     "lib/workos/types/connection_activated_data_state.rb",
@@ -311,20 +310,16 @@
     "lib/workos/types/connection_status.rb",
     "lib/workos/types/connection_type.rb",
     "lib/workos/types/connections_connection_type.rb",
-    "lib/workos/types/connections_order.rb",
     "lib/workos/types/create_user_invite_options_locale.rb",
     "lib/workos/types/create_user_password_hash_type.rb",
     "lib/workos/types/create_webhook_endpoint_events.rb",
     "lib/workos/types/data_integration_access_token_response_error.rb",
     "lib/workos/types/data_integrations_list_response_data_connected_account_state.rb",
     "lib/workos/types/data_integrations_list_response_data_ownership.rb",
-    "lib/workos/types/directories_order.rb",
-    "lib/workos/types/directory_groups_order.rb",
     "lib/workos/types/directory_state.rb",
     "lib/workos/types/directory_type.rb",
     "lib/workos/types/directory_user_state.rb",
     "lib/workos/types/directory_user_with_groups_state.rb",
-    "lib/workos/types/directory_users_order.rb",
     "lib/workos/types/dsync_activated_data_state.rb",
     "lib/workos/types/dsync_activated_data_type.rb",
     "lib/workos/types/dsync_deactivated_data_state.rb",
@@ -333,8 +328,6 @@
     "lib/workos/types/dsync_deleted_data_type.rb",
     "lib/workos/types/dsync_user_updated_data_state.rb",
     "lib/workos/types/event_context_actor_source.rb",
-    "lib/workos/types/events_order.rb",
-    "lib/workos/types/feature_flags_order.rb",
     "lib/workos/types/flag_created_context_actor_source.rb",
     "lib/workos/types/flag_deleted_context_actor_source.rb",
     "lib/workos/types/flag_rule_updated_context_access_type.rb",
@@ -342,7 +335,6 @@
     "lib/workos/types/flag_rule_updated_context_previous_attribute_context_access_type.rb",
     "lib/workos/types/flag_updated_context_actor_source.rb",
     "lib/workos/types/generate_link_intent.rb",
-    "lib/workos/types/groups_order.rb",
     "lib/workos/types/invitation_accepted_data_state.rb",
     "lib/workos/types/invitation_created_data_state.rb",
     "lib/workos/types/invitation_resent_data_state.rb",
@@ -374,10 +366,7 @@
     "lib/workos/types/organization_membership_updated_data_status.rb",
     "lib/workos/types/organization_updated_data_domain_state.rb",
     "lib/workos/types/organization_updated_data_domain_verification_strategy.rb",
-    "lib/workos/types/organizations_api_keys_order.rb",
-    "lib/workos/types/organizations_feature_flags_order.rb",
-    "lib/workos/types/organizations_order.rb",
-    "lib/workos/types/permissions_order.rb",
+    "lib/workos/types/pagination_order.rb",
     "lib/workos/types/profile_connection_type.rb",
     "lib/workos/types/radar_action.rb",
     "lib/workos/types/radar_standalone_assess_request_action.rb",
@@ -400,19 +389,12 @@
     "lib/workos/types/user_invite_state.rb",
     "lib/workos/types/user_management_authentication_provider.rb",
     "lib/workos/types/user_management_authentication_screen_hint.rb",
-    "lib/workos/types/user_management_invitations_order.rb",
-    "lib/workos/types/user_management_multi_factor_authentication_order.rb",
-    "lib/workos/types/user_management_organization_membership_groups_order.rb",
-    "lib/workos/types/user_management_organization_membership_order.rb",
     "lib/workos/types/user_management_organization_membership_statuses.rb",
-    "lib/workos/types/user_management_users_authorized_applications_order.rb",
-    "lib/workos/types/user_management_users_feature_flags_order.rb",
-    "lib/workos/types/user_management_users_order.rb",
     "lib/workos/types/user_organization_membership_base_list_data_status.rb",
     "lib/workos/types/user_organization_membership_status.rb",
     "lib/workos/types/user_sessions_auth_method.rb",
     "lib/workos/types/user_sessions_status.rb",
-    "lib/workos/types/vault_byok_key_verification_completed_data_key_provider.rb",
+    "lib/workos/types/vault_byok_key_provider.rb",
     "lib/workos/types/vault_data_created_data_actor_source.rb",
     "lib/workos/types/vault_data_deleted_data_actor_source.rb",
     "lib/workos/types/vault_data_read_data_actor_source.rb",
@@ -424,7 +406,6 @@
     "lib/workos/types/vault_names_listed_data_actor_source.rb",
     "lib/workos/types/waitlist_user_state.rb",
     "lib/workos/types/webhook_endpoint_json_status.rb",
-    "lib/workos/types/webhooks_order.rb",
     "lib/workos/types/widget_session_token_scopes.rb",
     "lib/workos/user_management.rb",
     "lib/workos/user_management/action_authentication_denied.rb",
@@ -490,6 +471,7 @@
     "lib/workos/user_management/create_password_reset_token.rb",
     "lib/workos/user_management/create_redirect_uri.rb",
     "lib/workos/user_management/create_user.rb",
+    "lib/workos/user_management/create_user_api_key.rb",
     "lib/workos/user_management/create_user_invite_options.rb",
     "lib/workos/user_management/create_user_organization_membership.rb",
     "lib/workos/user_management/device_authorization_response.rb",
@@ -544,6 +526,12 @@
     "lib/workos/user_management/update_user.rb",
     "lib/workos/user_management/update_user_organization_membership.rb",
     "lib/workos/user_management/user.rb",
+    "lib/workos/user_management/user_api_key.rb",
+    "lib/workos/user_management/user_api_key_created_data_owner.rb",
+    "lib/workos/user_management/user_api_key_owner.rb",
+    "lib/workos/user_management/user_api_key_revoked_data_owner.rb",
+    "lib/workos/user_management/user_api_key_with_value.rb",
+    "lib/workos/user_management/user_api_key_with_value_owner.rb",
     "lib/workos/user_management/user_created.rb",
     "lib/workos/user_management/user_deleted.rb",
     "lib/workos/user_management/user_identities_get_item.rb",
@@ -555,6 +543,8 @@
     "lib/workos/user_management/verify_email_address.rb",
     "lib/workos/user_management/verify_email_response.rb",
     "lib/workos/user_management_organization_membership_groups.rb",
+    "lib/workos/vault/vault_byok_key_deleted.rb",
+    "lib/workos/vault/vault_byok_key_deleted_data.rb",
     "lib/workos/vault/vault_byok_key_verification_completed.rb",
     "lib/workos/vault/vault_byok_key_verification_completed_data.rb",
     "lib/workos/vault/vault_data_created.rb",
@@ -597,8 +587,6 @@
     "rbi/workos/api_key_revoked_data.rbi",
     "rbi/workos/api_key_revoked_data_owner.rbi",
     "rbi/workos/api_key_validation_response.rbi",
-    "rbi/workos/api_key_with_value.rbi",
-    "rbi/workos/api_key_with_value_owner.rbi",
     "rbi/workos/api_keys.rbi",
     "rbi/workos/application_credentials_list_item.rbi",
     "rbi/workos/assign_role.rbi",
@@ -730,6 +718,7 @@
     "rbi/workos/create_redirect_uri.rbi",
     "rbi/workos/create_role.rbi",
     "rbi/workos/create_user.rbi",
+    "rbi/workos/create_user_api_key.rbi",
     "rbi/workos/create_user_invite_options.rbi",
     "rbi/workos/create_user_organization_membership.rbi",
     "rbi/workos/create_webhook_endpoint.rbi",
@@ -856,6 +845,10 @@
     "rbi/workos/multi_factor_auth.rbi",
     "rbi/workos/new_connect_application_secret.rbi",
     "rbi/workos/organization.rbi",
+    "rbi/workos/organization_api_key.rbi",
+    "rbi/workos/organization_api_key_owner.rbi",
+    "rbi/workos/organization_api_key_with_value.rbi",
+    "rbi/workos/organization_api_key_with_value_owner.rbi",
     "rbi/workos/organization_created.rbi",
     "rbi/workos/organization_created_data.rbi",
     "rbi/workos/organization_created_data_domain.rbi",
@@ -927,8 +920,6 @@
     "rbi/workos/reset_password_response.rbi",
     "rbi/workos/revoke_session.rbi",
     "rbi/workos/role.rbi",
-    "rbi/workos/role_assignment.rbi",
-    "rbi/workos/role_assignment_resource.rbi",
     "rbi/workos/role_created.rbi",
     "rbi/workos/role_created_data.rbi",
     "rbi/workos/role_deleted.rbi",
@@ -968,6 +959,12 @@
     "rbi/workos/update_user_organization_membership.rbi",
     "rbi/workos/update_webhook_endpoint.rbi",
     "rbi/workos/user.rbi",
+    "rbi/workos/user_api_key.rbi",
+    "rbi/workos/user_api_key_created_data_owner.rbi",
+    "rbi/workos/user_api_key_owner.rbi",
+    "rbi/workos/user_api_key_revoked_data_owner.rbi",
+    "rbi/workos/user_api_key_with_value.rbi",
+    "rbi/workos/user_api_key_with_value_owner.rbi",
     "rbi/workos/user_authentication_factor_enroll_response.rbi",
     "rbi/workos/user_consent_option.rbi",
     "rbi/workos/user_consent_option_choice.rbi",
@@ -981,10 +978,14 @@
     "rbi/workos/user_object.rbi",
     "rbi/workos/user_organization_membership.rbi",
     "rbi/workos/user_organization_membership_base_list_data.rbi",
+    "rbi/workos/user_role_assignment.rbi",
+    "rbi/workos/user_role_assignment_resource.rbi",
     "rbi/workos/user_sessions_impersonator.rbi",
     "rbi/workos/user_sessions_list_item.rbi",
     "rbi/workos/user_updated.rbi",
     "rbi/workos/validate_api_key.rbi",
+    "rbi/workos/vault_byok_key_deleted.rbi",
+    "rbi/workos/vault_byok_key_deleted_data.rbi",
     "rbi/workos/vault_byok_key_verification_completed.rbi",
     "rbi/workos/vault_byok_key_verification_completed_data.rbi",
     "rbi/workos/vault_data_created.rbi",
@@ -1038,14 +1039,6 @@
     "test/workos/test_widgets.rb"
   ],
   "operations": {
-    "POST /api_keys/validations": {
-      "sdkMethod": "create_validation",
-      "service": "api_keys"
-    },
-    "DELETE /api_keys/{id}": {
-      "sdkMethod": "delete_api_key",
-      "service": "api_keys"
-    },
     "POST /auth/challenges/{id}/verify": {
       "sdkMethod": "verify_challenge",
       "service": "multi_factor_auth"
@@ -1150,6 +1143,10 @@
       "sdkMethod": "list_memberships_for_resource_by_external_id",
       "service": "authorization"
     },
+    "GET /authorization/organizations/{organization_id}/resources/{resource_type_slug}/{external_id}/role_assignments": {
+      "sdkMethod": "list_role_assignments_for_resource_by_external_id",
+      "service": "authorization"
+    },
     "GET /authorization/resources": {
       "sdkMethod": "list_resources",
       "service": "authorization"
@@ -1174,6 +1171,10 @@
       "sdkMethod": "list_memberships_for_resource",
       "service": "authorization"
     },
+    "GET /authorization/resources/{resource_id}/role_assignments": {
+      "sdkMethod": "list_role_assignments_for_resource",
+      "service": "authorization"
+    },
     "GET /authorization/roles": {
       "sdkMethod": "list_environment_roles",
       "service": "authorization"
@@ -1622,6 +1623,10 @@
       "sdkMethod": "revoke_invitation",
       "service": "user_management"
     },
+    "GET /user_management/jwt_template": {
+      "sdkMethod": "list_jwt_template",
+      "service": "user_management"
+    },
     "PUT /user_management/jwt_template": {
       "sdkMethod": "update_jwt_template",
       "service": "user_management"
@@ -1722,6 +1727,22 @@
       "sdkMethod": "create_token",
       "service": "widgets"
     },
+    "POST /api_keys/validations": {
+      "sdkMethod": "create_validation",
+      "service": "api_keys"
+    },
+    "DELETE /api_keys/{id}": {
+      "sdkMethod": "delete_api_key",
+      "service": "api_keys"
+    },
+    "GET /user_management/users/{userId}/api_keys": {
+      "sdkMethod": "list_user_api_keys",
+      "service": "user_management"
+    },
+    "POST /user_management/users/{userId}/api_keys": {
+      "sdkMethod": "create_user_api_key",
+      "service": "user_management"
+    },
     "GET /audit_logs/actions": {
       "sdkMethod": "list_actions",
       "service": "audit_logs"

data/.release-please-manifest.json CHANGED Viewed

@@ -1,3 +1,3 @@
 {
-  ".": "7.1.2"
+  ".": "8.0.1"
 }

data/.yardopts ADDED Viewed

@@ -0,0 +1,6 @@
+--output-dir docs/_site
+--markup markdown
+lib/**/*.rb
+-
+README.md
+CHANGELOG.md

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,41 @@
 # Changelog
+## [8.0.1](https://github.com/workos/workos-ruby/compare/v8.0.0...v8.0.1) (2026-05-12)
+### Bug Fixes
+* harden session sealing, log redaction, and webhook tolerance checks ([#482](https://github.com/workos/workos-ruby/issues/482)) ([347fe1e](https://github.com/workos/workos-ruby/commit/347fe1edf296778d7ea331e666a7957870074b9f))
+## [8.0.0](https://github.com/workos/workos-ruby/compare/v7.1.2...v8.0.0) (2026-05-06)
+### ⚠ BREAKING CHANGES
+* **authorization:** Consolidate order enums to PaginationOrder
+* **api_keys:** Separate organization and user API key types
+* **user_management:** Consolidate order enums to PaginationOrder
+* **vault:** Add BYOK key deleted event and consolidate key provider enum
+* **types:** Consolidate pagination order enums
+* **authorization:** Rename RoleAssignment to UserRoleAssignment
+### Features
+* **api_keys:** Separate organization and user API key types ([956386a](https://github.com/workos/workos-ruby/commit/956386a27cb0f8a8707442fa98b74a317f3f9920))
+* **authorization:** Add new role assignment listing endpoints ([956386a](https://github.com/workos/workos-ruby/commit/956386a27cb0f8a8707442fa98b74a317f3f9920))
+* **authorization:** Consolidate order enums to PaginationOrder ([956386a](https://github.com/workos/workos-ruby/commit/956386a27cb0f8a8707442fa98b74a317f3f9920))
+* **authorization:** Rename RoleAssignment to UserRoleAssignment ([956386a](https://github.com/workos/workos-ruby/commit/956386a27cb0f8a8707442fa98b74a317f3f9920))
+* **directory_sync:** Add name field to directory users ([956386a](https://github.com/workos/workos-ruby/commit/956386a27cb0f8a8707442fa98b74a317f3f9920))
+* **docs:** publish YARD API docs + llms.txt to GitHub Pages ([#480](https://github.com/workos/workos-ruby/issues/480)) ([117eeac](https://github.com/workos/workos-ruby/commit/117eeac5d25c896c7a9b989592f3525f51e52a3d))
+* **events:** Add admin_portal source to event context actor ([956386a](https://github.com/workos/workos-ruby/commit/956386a27cb0f8a8707442fa98b74a317f3f9920))
+* **sso:** Add name field to SSO profile ([956386a](https://github.com/workos/workos-ruby/commit/956386a27cb0f8a8707442fa98b74a317f3f9920))
+* **types:** Consolidate pagination order enums ([956386a](https://github.com/workos/workos-ruby/commit/956386a27cb0f8a8707442fa98b74a317f3f9920))
+* **user_management:** Add get JWT template endpoint ([956386a](https://github.com/workos/workos-ruby/commit/956386a27cb0f8a8707442fa98b74a317f3f9920))
+* **user_management:** Add user API key management ([956386a](https://github.com/workos/workos-ruby/commit/956386a27cb0f8a8707442fa98b74a317f3f9920))
+* **user_management:** Add user field to membership and organization membership ([956386a](https://github.com/workos/workos-ruby/commit/956386a27cb0f8a8707442fa98b74a317f3f9920))
+* **user_management:** Consolidate order enums to PaginationOrder ([956386a](https://github.com/workos/workos-ruby/commit/956386a27cb0f8a8707442fa98b74a317f3f9920))
+* **vault:** Add BYOK key deleted event and consolidate key provider enum ([956386a](https://github.com/workos/workos-ruby/commit/956386a27cb0f8a8707442fa98b74a317f3f9920))
 ## [7.1.2](https://github.com/workos/workos-ruby/compare/v7.1.1...v7.1.2) (2026-05-06)

data/Gemfile CHANGED Viewed

@@ -3,3 +3,9 @@
 source "https://rubygems.org"
 gemspec
+group :docs do
+  gem "yard"
+  gem "yard-markdown"
+  gem "webrick"
+end

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (7.1.2)
+    workos (8.0.1)
       jwt (~> 3.1)
       logger (~> 1.7)
       zeitwerk (~> 2.6)
@@ -17,7 +17,10 @@ GEM
     crack (1.0.1)
       bigdecimal
       rexml
+    csv (3.3.5)
+    date (3.5.1)
     drb (2.2.3)
+    erb (6.0.4)
     hashdiff (1.2.1)
     json (2.19.4)
     jwt (3.1.2)
@@ -33,10 +36,17 @@ GEM
       ast (~> 2.4.1)
       racc
     prism (1.9.0)
+    psych (5.3.1)
+      date
+      stringio
     public_suffix (7.0.5)
     racc (1.8.1)
     rainbow (3.1.1)
     rake (13.4.2)
+    rdoc (7.2.0)
+      erb
+      psych (>= 4.0.0)
+      tsort
     regexp_parser (2.12.0)
     rexml (3.4.4)
     rubocop (1.84.2)
@@ -70,6 +80,8 @@ GEM
     standard-performance (1.9.0)
       lint_roller (~> 1.1)
       rubocop-performance (~> 1.26.0)
+    stringio (3.2.0)
+    tsort (0.2.0)
     unicode-display_width (3.2.0)
       unicode-emoji (~> 4.1)
     unicode-emoji (4.2.0)
@@ -77,6 +89,12 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
+    webrick (1.9.2)
+    yard (0.9.43)
+    yard-markdown (0.7.1)
+      csv
+      rdoc
+      yard
     zeitwerk (2.7.5)
 PLATFORMS
@@ -89,7 +107,10 @@ DEPENDENCIES
   rake
   standard (~> 1.49)
   webmock (~> 3.26)
+  webrick
   workos!
+  yard
+  yard-markdown
 CHECKSUMS
   addressable (2.9.0) sha256=7fdf6ac3660f7f4e867a0838be3f6cf722ace541dd97767fa42bc6cfa980c7af
@@ -97,7 +118,10 @@ CHECKSUMS
   base64 (0.3.0) sha256=27337aeabad6ffae05c265c450490628ef3ebd4b67be58257393227588f5a97b
   bigdecimal (4.1.2) sha256=53d217666027eab4280346fba98e7d5b66baaae1b9c3c1c0ffe89d48188a3fbd
   crack (1.0.1) sha256=ff4a10390cd31d66440b7524eb1841874db86201d5b70032028553130b6d4c7e
+  csv (3.3.5) sha256=6e5134ac3383ef728b7f02725d9872934f523cb40b961479f69cf3afa6c8e73f
+  date (3.5.1) sha256=750d06384d7b9c15d562c76291407d89e368dda4d4fff957eb94962d325a0dc0
   drb (2.2.3) sha256=0b00d6fdb50995fe4a45dea13663493c841112e4068656854646f418fda13373
+  erb (6.0.4) sha256=38e3803694be357fe2bfe312487c74beaf9fb4e5beb3e22498952fe1645b95d9
   hashdiff (1.2.1) sha256=9c079dbc513dfc8833ab59c0c2d8f230fa28499cc5efb4b8dd276cf931457cd1
   json (2.19.4) sha256=670a7d333fb3b18ca5b29cb255eb7bef099e40d88c02c80bd42a3f30fe5239ac
   jwt (3.1.2) sha256=af6991f19a6bb4060d618d9add7a66f0eeb005ac0bc017cd01f63b42e122d535
@@ -108,10 +132,12 @@ CHECKSUMS
   parallel (1.28.0) sha256=33e6de1484baf2524792d178b0913fc8eb94c628d6cfe45599ad4458c638c970
   parser (3.3.11.1) sha256=d17ace7aabe3e72c3cc94043714be27cc6f852f104d81aa284c2281aecc65d54
   prism (1.9.0) sha256=7b530c6a9f92c24300014919c9dcbc055bf4cdf51ec30aed099b06cd6674ef85
+  psych (5.3.1) sha256=eb7a57cef10c9d70173ff74e739d843ac3b2c019a003de48447b2963d81b1974
   public_suffix (7.0.5) sha256=1a8bb08f1bbea19228d3bed6e5ed908d1cb4f7c2726d18bd9cadf60bc676f623
   racc (1.8.1) sha256=4a7f6929691dbec8b5209a0b373bc2614882b55fc5d2e447a21aaa691303d62f
   rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a
   rake (13.4.2) sha256=cb825b2bd5f1f8e91ca37bddb4b9aaf345551b4731da62949be002fa89283701
+  rdoc (7.2.0) sha256=8650f76cd4009c3b54955eb5d7e3a075c60a57276766ebf36f9085e8c9f23192
   regexp_parser (2.12.0) sha256=35a916a1d63190ab5c9009457136ae5f3c0c7512d60291d0d1378ba18ce08ebb
   rexml (3.4.4) sha256=19e0a2c3425dfbf2d4fc1189747bdb2f849b6c5e74180401b15734bc97b5d142
   rubocop (1.84.2) sha256=5692cea54168f3dc8cb79a6fe95c5424b7ea893c707ad7a4307b0585e88dbf5f
@@ -121,10 +147,15 @@ CHECKSUMS
   standard (1.54.0) sha256=7a4b08f83d9893083c8f03bc486f0feeb6a84d48233b40829c03ef4767ea0100
   standard-custom (1.0.2) sha256=424adc84179a074f1a2a309bb9cf7cd6bfdb2b6541f20c6bf9436c0ba22a652b
   standard-performance (1.9.0) sha256=49483d31be448292951d80e5e67cdcb576c2502103c7b40aec6f1b6e9c88e3f2
+  stringio (3.2.0) sha256=c37cb2e58b4ffbd33fe5cd948c05934af997b36e0b6ca6fdf43afa234cf222e1
+  tsort (0.2.0) sha256=9650a793f6859a43b6641671278f79cfead60ac714148aabe4e3f0060480089f
   unicode-display_width (3.2.0) sha256=0cdd96b5681a5949cdbc2c55e7b420facae74c4aaf9a9815eee1087cb1853c42
   unicode-emoji (4.2.0) sha256=519e69150f75652e40bf736106cfbc8f0f73aa3fb6a65afe62fefa7f80b0f80f
   webmock (3.26.2) sha256=774556f2ea6371846cca68c01769b2eac0d134492d21f6d0ab5dd643965a4c90
-  workos (7.1.2)
+  webrick (1.9.2) sha256=beb4a15fc474defed24a3bda4ffd88a490d517c9e4e6118c3edce59e45864131
+  workos (8.0.1)
+  yard (0.9.43) sha256=cf8733a8f0485df2a162927e9b5f182215a61f6d22de096b8f402c726a1c5821
+  yard-markdown (0.7.1) sha256=06c378632dfe7ba053be9ba469eb4701aa0470e36bcf7e5546f353eb90c1bfd1
   zeitwerk (2.7.5) sha256=d8da92128c09ea6ec62c949011b00ed4a20242b255293dd66bf41545398f73dd
 BUNDLED WITH

data/README.md CHANGED Viewed

@@ -139,6 +139,25 @@ user = WorkOS.client.user_management.create_user(
 puts user.id
 ```
+### Sealed sessions (cookie_password requirements)
+When you use `client.session_manager` to seal session cookies, the
+`cookie_password` you supply must be **at least 32 bytes** of high-entropy
+secret material (typically 32 random bytes encoded as base64 or a 64-char
+hex string). The SDK derives the AES-256-GCM key from this password via
+SHA-256, and a passphrase shorter than 32 bytes makes the resulting key
+materially easier to brute-force offline.
+Generate a suitable secret once and store it as an environment variable:
+```sh
+ruby -rsecurerandom -e 'puts SecureRandom.base64(32)'
+```
+Anything shorter than 32 bytes (including `nil` or `""`) raises
+`ArgumentError` at SDK init time — sealing or unsealing will not silently
+proceed with a weakened key.
 ### Verify a webhook
 ```ruby

data/docs/V7_MIGRATION_GUIDE.md CHANGED Viewed

@@ -501,6 +501,27 @@ Session management was one of the largest refactors in v7. The old `WorkOS::Sess
 If your application seals session cookies, refreshes access tokens, or decodes the access-token JWT, every one of these call sites needs to be updated.
+#### `cookie_password` minimum length (32 bytes)
+v7 enforces a **minimum 32-byte length** on every `cookie_password` you supply
+to the session manager (`load`, `seal_data`, `unseal_data`,
+`seal_session_from_auth_response`, and the underlying `Encryptors::AesGcm`).
+Anything shorter — including `nil` or `""` — now raises `ArgumentError` at the
+moment the SDK is asked to seal or unseal. Older deployments that used a
+short passphrase (e.g. a 16-character secret) will start erroring at app
+boot or the next sealed-session request.
+Pick a 32+ byte secret once and store it as an environment variable:
+```sh
+ruby -rsecurerandom -e 'puts SecureRandom.base64(32)'
+```
+The KDF itself (single-pass SHA-256) is unchanged in this release, so
+existing sealed cookies continue to round-trip as long as the same
+(now-length-validated) password is in use.
 #### Sealing a cookie from an authentication response
 In v6, you asked `authenticate_with_*` to seal the cookie for you:

data/lib/workos/actions.rb CHANGED Viewed

@@ -35,7 +35,7 @@ module WorkOS
     def verify_header(payload:, sig_header:, secret:, tolerance: DEFAULT_TOLERANCE_SECONDS)
       timestamp_ms, signature_hash = parse_signature_header(sig_header)
       issued_at = timestamp_ms.to_i / 1000.0
-      if (Time.now.to_f - issued_at) > tolerance
+      if (Time.now.to_f - issued_at).abs > tolerance
         raise WorkOS::SignatureVerificationError.new(
           message: "Timestamp outside the tolerance zone",
           http_status: nil

data/lib/workos/api_keys/api_key.rb CHANGED Viewed

@@ -31,7 +31,7 @@ module WorkOS
       hash = self.class.normalize(json)
       @object = hash[:object]
       @id = hash[:id]
-      @owner = hash[:owner] ? WorkOS::ApiKeyOwner.new(hash[:owner]) : nil
+      @owner = hash[:owner] ? (case hash[:owner][:type] when "organization" then WorkOS::ApiKeyOwner.new(hash[:owner]) when "user" then WorkOS::UserApiKeyOwner.new(hash[:owner]) else hash[:owner] end) : nil
       @name = hash[:name]
       @obfuscated_value = hash[:obfuscated_value]
       @last_used_at = hash[:last_used_at]

data/lib/workos/api_keys/api_key_created_data.rb CHANGED Viewed

@@ -31,7 +31,7 @@ module WorkOS
       hash = self.class.normalize(json)
       @object = hash[:object]
       @id = hash[:id]
-      @owner = hash[:owner] ? WorkOS::ApiKeyCreatedDataOwner.new(hash[:owner]) : nil
+      @owner = hash[:owner] ? (case hash[:owner][:type] when "organization" then WorkOS::ApiKeyCreatedDataOwner.new(hash[:owner]) when "user" then WorkOS::UserApiKeyCreatedDataOwner.new(hash[:owner]) else hash[:owner] end) : nil
       @name = hash[:name]
       @obfuscated_value = hash[:obfuscated_value]
       @last_used_at = hash[:last_used_at]