RubyGems - workos - Versions diffs - 8.0.0 → 9.0.0 - Mend

workos 8.0.0 → 9.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (359) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +1 -1
data/.github/workflows/docs.yml +5 -2
data/.github/workflows/lint.yml +1 -1
data/.github/workflows/release-please.yml +176 -5
data/.github/workflows/release.yml +1 -1
data/.last-synced-sha +1 -1
data/.oagen-manifest.json +129 -34
data/.release-please-manifest.json +1 -1
data/CHANGELOG.md +66 -0
data/Gemfile.lock +4 -4
data/README.md +19 -0
data/docs/V7_MIGRATION_GUIDE.md +21 -0
data/lib/workos/actions.rb +1 -1
data/lib/workos/api_keys/api_key.rb +3 -0
data/lib/workos/api_keys/api_key_created.rb +5 -5
data/lib/workos/api_keys/api_key_created_data.rb +3 -0
data/lib/workos/api_keys/api_key_revoked.rb +5 -5
data/lib/workos/api_keys/create_organization_api_key.rb +5 -2
data/lib/workos/api_keys/organization_api_key.rb +3 -0
data/lib/workos/api_keys/organization_api_key_with_value.rb +3 -0
data/lib/workos/api_keys.rb +4 -1
data/lib/workos/audit_logs/audit_log_action.rb +2 -7
data/lib/workos/audit_logs/audit_log_export.rb +2 -7
data/lib/workos/audit_logs/audit_log_schema.rb +11 -2
data/lib/workos/audit_logs/{audit_log_schema_json_actor.rb → audit_log_schema_actor_input.rb} +1 -1
data/lib/workos/audit_logs/audit_log_schema_input.rb +25 -0
data/lib/workos/audit_logs/audit_log_schema_target.rb +16 -1
data/lib/workos/{types/radar_type.rb → audit_logs/audit_log_schema_target_input.rb} +1 -3
data/lib/workos/audit_logs.rb +16 -16
data/lib/workos/authorization/permission_created.rb +5 -5
data/lib/workos/authorization/permission_deleted.rb +5 -5
data/lib/workos/authorization/permission_updated.rb +5 -5
data/lib/workos/authorization/role_created.rb +5 -5
data/lib/workos/authorization/role_deleted.rb +5 -5
data/lib/workos/authorization/role_updated.rb +5 -5
data/lib/workos/authorization.rb +28 -12
data/lib/workos/base_client.rb +71 -5
data/lib/workos/client.rb +6 -6
data/lib/workos/connect/connect_application.rb +12 -0
data/lib/workos/{audit_logs/audit_log_schema_json_target.rb → connect/connect_application_redirect_uri.rb} +7 -7
data/lib/workos/directory_sync/dsync_activated.rb +5 -5
data/lib/workos/directory_sync/dsync_deactivated.rb +5 -5
data/lib/workos/directory_sync/dsync_deleted.rb +5 -5
data/lib/workos/directory_sync/dsync_group_created.rb +5 -5
data/lib/workos/directory_sync/dsync_group_deleted.rb +5 -5
data/lib/workos/directory_sync/dsync_group_updated.rb +5 -5
data/lib/workos/directory_sync/dsync_group_user_added.rb +5 -5
data/lib/workos/directory_sync/dsync_group_user_removed.rb +5 -5
data/lib/workos/directory_sync/dsync_user_created.rb +5 -5
data/lib/workos/directory_sync/dsync_user_deleted.rb +5 -5
data/lib/workos/directory_sync/dsync_user_updated.rb +5 -5
data/lib/workos/encryptors/aes_gcm.rb +19 -5
data/lib/workos/feature_flags/flag_created.rb +5 -5
data/lib/workos/feature_flags/flag_deleted.rb +5 -5
data/lib/workos/feature_flags/flag_rule_updated.rb +5 -5
data/lib/workos/feature_flags/flag_rule_updated_context_configured_target_organization.rb +1 -16
data/lib/workos/feature_flags/flag_rule_updated_context_previous_attribute_context_configured_target_organization.rb +1 -1
data/lib/workos/feature_flags/flag_updated.rb +5 -5
data/lib/workos/inflections.rb +4 -1
data/lib/workos/organization_domains/organization_domain_created.rb +5 -5
data/lib/workos/organization_domains/organization_domain_deleted.rb +5 -5
data/lib/workos/organization_domains/organization_domain_updated.rb +5 -5
data/lib/workos/organization_domains/organization_domain_verification_failed.rb +5 -5
data/lib/workos/organization_domains/organization_domain_verified.rb +5 -5
data/lib/workos/organization_membership_service.rb +273 -0
data/lib/workos/organizations/audit_logs_retention.rb +2 -7
data/lib/workos/organizations/organization_created.rb +5 -5
data/lib/workos/organizations/organization_deleted.rb +5 -5
data/lib/workos/organizations/organization_membership_created.rb +5 -5
data/lib/workos/organizations/organization_membership_deleted.rb +5 -5
data/lib/workos/organizations/organization_membership_updated.rb +5 -5
data/lib/workos/organizations/organization_role_created.rb +5 -5
data/lib/workos/organizations/organization_role_deleted.rb +5 -5
data/lib/workos/organizations/organization_role_updated.rb +5 -5
data/lib/workos/organizations/organization_updated.rb +5 -5
data/lib/workos/radar/radar_standalone_assess_request.rb +2 -8
data/lib/workos/radar.rb +6 -12
data/lib/workos/session.rb +28 -7
data/lib/workos/session_manager.rb +24 -1
data/lib/workos/shared/connect_application_m2m.rb +46 -0
data/lib/workos/shared/connect_application_oauth.rb +58 -0
data/lib/workos/shared/connect_application_oauth_redirect_uris.rb +22 -0
data/lib/workos/shared/error_response.rb +18 -0
data/lib/workos/shared/group_created.rb +5 -5
data/lib/workos/shared/group_deleted.rb +5 -5
data/lib/workos/shared/group_member_added.rb +5 -5
data/lib/workos/shared/group_member_removed.rb +5 -5
data/lib/workos/shared/group_updated.rb +5 -5
data/lib/workos/shared/pipe_connected_account.rb +46 -0
data/lib/workos/{audit_logs/audit_log_export_json.rb → shared/pipes_connected_account_connected.rb} +10 -10
data/lib/workos/shared/pipes_connected_account_disconnected.rb +34 -0
data/lib/workos/shared/pipes_connected_account_reauthorization_needed.rb +34 -0
data/lib/workos/shared/waitlist_user_approved.rb +5 -5
data/lib/workos/shared/waitlist_user_created.rb +5 -5
data/lib/workos/shared/waitlist_user_denied.rb +5 -5
data/lib/workos/sso/connection_activated.rb +5 -5
data/lib/workos/sso/connection_deactivated.rb +5 -5
data/lib/workos/sso/connection_deleted.rb +5 -5
data/lib/workos/sso/connection_saml_certificate_renewal_required.rb +5 -5
data/lib/workos/sso/connection_saml_certificate_renewed.rb +5 -5
data/lib/workos/types/create_webhook_endpoint_events.rb +4 -1
data/lib/workos/types/pipe_connected_account_state.rb +13 -0
data/lib/workos/types/{radar_action.rb → radar_list_action.rb} +1 -1
data/lib/workos/types/radar_list_type.rb +18 -0
data/lib/workos/types/radar_standalone_assess_request_action.rb +1 -7
data/lib/workos/types/radar_standalone_response_blocklist_type.rb +1 -10
data/lib/workos/types/radar_standalone_response_control.rb +1 -3
data/lib/workos/types/user_management_authentication_screen_hint.rb +1 -5
data/{rbi/workos/types/request_options.rbi → lib/workos/types/vault_order.rb} +4 -3
data/lib/workos/types/webhook_endpoint_status.rb +1 -5
data/lib/workos/user_management/action_authentication_denied.rb +6 -6
data/lib/workos/user_management/action_user_registration_denied.rb +6 -6
data/lib/workos/user_management/authentication_email_verification_failed.rb +5 -5
data/lib/workos/user_management/authentication_email_verification_succeeded.rb +5 -5
data/lib/workos/user_management/authentication_magic_auth_failed.rb +5 -5
data/lib/workos/user_management/authentication_magic_auth_succeeded.rb +5 -5
data/lib/workos/user_management/authentication_mfa_failed.rb +5 -5
data/lib/workos/user_management/authentication_mfa_succeeded.rb +5 -5
data/lib/workos/user_management/authentication_oauth_failed.rb +5 -5
data/lib/workos/user_management/authentication_oauth_succeeded.rb +5 -5
data/lib/workos/user_management/authentication_passkey_failed.rb +5 -5
data/lib/workos/user_management/authentication_passkey_succeeded.rb +5 -5
data/lib/workos/user_management/authentication_password_failed.rb +5 -5
data/lib/workos/user_management/authentication_password_succeeded.rb +5 -5
data/lib/workos/user_management/authentication_radar_risk_detected.rb +5 -5
data/lib/workos/user_management/authentication_sso_failed.rb +5 -5
data/lib/workos/user_management/authentication_sso_started.rb +5 -5
data/lib/workos/user_management/authentication_sso_succeeded.rb +5 -5
data/lib/workos/user_management/authentication_sso_timed_out.rb +5 -5
data/lib/workos/user_management/create_user_api_key.rb +5 -2
data/lib/workos/user_management/email_verification_created.rb +5 -5
data/lib/workos/user_management/invitation_accepted.rb +5 -5
data/lib/workos/user_management/invitation_created.rb +5 -5
data/lib/workos/user_management/invitation_resent.rb +5 -5
data/lib/workos/user_management/invitation_revoked.rb +5 -5
data/lib/workos/user_management/magic_auth_created.rb +5 -5
data/lib/workos/user_management/password_reset_created.rb +5 -5
data/lib/workos/user_management/password_reset_succeeded.rb +5 -5
data/lib/workos/user_management/session_created.rb +5 -5
data/lib/workos/user_management/session_revoked.rb +5 -5
data/lib/workos/user_management/user_api_key.rb +3 -0
data/lib/workos/user_management/user_api_key_with_value.rb +3 -0
data/lib/workos/user_management/user_created.rb +5 -5
data/lib/workos/user_management/user_deleted.rb +5 -5
data/lib/workos/user_management/user_updated.rb +5 -5
data/lib/workos/user_management.rb +11 -214
data/lib/workos/vault/actor.rb +22 -0
data/lib/workos/vault/create_data_key_request.rb +18 -0
data/lib/workos/vault/create_data_key_response.rb +28 -0
data/lib/workos/vault/create_object_request.rb +25 -0
data/lib/workos/vault/decrypt_request.rb +18 -0
data/lib/workos/vault/decrypt_response.rb +22 -0
data/lib/workos/vault/delete_object_response.rb +22 -0
data/lib/workos/vault/object.rb +28 -0
data/lib/workos/vault/object_metadata.rb +37 -0
data/lib/workos/{audit_logs/audit_log_action_json.rb → vault/object_summary.rb} +4 -10
data/lib/workos/vault/object_version.rb +31 -0
data/lib/workos/vault/object_without_value.rb +25 -0
data/lib/workos/vault/rekey_request.rb +22 -0
data/lib/workos/vault/update_object_request.rb +22 -0
data/lib/workos/vault/vault_byok_key_deleted.rb +5 -5
data/lib/workos/vault/vault_byok_key_verification_completed.rb +5 -5
data/lib/workos/vault/vault_data_created.rb +5 -5
data/lib/workos/vault/vault_data_deleted.rb +5 -5
data/lib/workos/vault/vault_data_read.rb +5 -5
data/lib/workos/vault/vault_data_updated.rb +5 -5
data/lib/workos/vault/vault_dek_decrypted.rb +5 -5
data/lib/workos/vault/vault_dek_read.rb +5 -5
data/lib/workos/vault/vault_kek_created.rb +5 -5
data/lib/workos/vault/vault_metadata_read.rb +5 -5
data/lib/workos/vault/vault_names_listed.rb +5 -5
data/lib/workos/vault/version_list_response.rb +22 -0
data/lib/workos/vault.rb +273 -139
data/lib/workos/version.rb +1 -1
data/lib/workos/webhooks/webhook_endpoint.rb +2 -7
data/lib/workos/webhooks.rb +8 -9
data/lib/workos.rb +1 -0
data/rbi/workos/action_authentication_denied.rbi +10 -10
data/rbi/workos/action_user_registration_denied.rbi +10 -10
data/rbi/workos/actor.rbi +30 -0
data/rbi/workos/api_key.rbi +6 -0
data/rbi/workos/api_key_created.rbi +6 -6
data/rbi/workos/api_key_created_data.rbi +6 -0
data/rbi/workos/api_key_revoked.rbi +6 -6
data/rbi/workos/api_key_revoked_data.rbi +6 -0
data/rbi/workos/api_keys.rbi +2 -1
data/rbi/workos/audit_log_action.rbi +1 -0
data/rbi/workos/audit_log_export.rbi +1 -0
data/rbi/workos/audit_log_schema.rbi +18 -0
data/rbi/workos/{audit_log_schema_json_actor.rbi → audit_log_schema_actor_input.rbi} +1 -1
data/rbi/workos/audit_log_schema_input.rbi +36 -0
data/rbi/workos/{audit_log_schema_json_target.rbi → audit_log_schema_target_input.rbi} +1 -1
data/rbi/workos/audit_logs.rbi +9 -9
data/rbi/workos/audit_logs_retention.rbi +1 -0
data/rbi/workos/authentication_email_verification_failed.rbi +6 -6
data/rbi/workos/authentication_email_verification_succeeded.rbi +6 -6
data/rbi/workos/authentication_magic_auth_failed.rbi +6 -6
data/rbi/workos/authentication_magic_auth_succeeded.rbi +6 -6
data/rbi/workos/authentication_mfa_failed.rbi +6 -6
data/rbi/workos/authentication_mfa_succeeded.rbi +6 -6
data/rbi/workos/authentication_oauth_failed.rbi +6 -6
data/rbi/workos/authentication_oauth_succeeded.rbi +6 -6
data/rbi/workos/authentication_passkey_failed.rbi +6 -6
data/rbi/workos/authentication_passkey_succeeded.rbi +6 -6
data/rbi/workos/authentication_password_failed.rbi +6 -6
data/rbi/workos/authentication_password_succeeded.rbi +6 -6
data/rbi/workos/authentication_radar_risk_detected.rbi +6 -6
data/rbi/workos/authentication_sso_failed.rbi +6 -6
data/rbi/workos/authentication_sso_started.rbi +6 -6
data/rbi/workos/authentication_sso_succeeded.rbi +6 -6
data/rbi/workos/authentication_sso_timed_out.rbi +6 -6
data/rbi/workos/authorization.rbi +9 -5
data/rbi/workos/client.rbi +6 -3
data/rbi/workos/connect_application.rbi +0 -12
data/rbi/workos/{webhook_endpoint_json.rbi → connect_application_m2m.rbi} +23 -11
data/rbi/workos/connect_application_oauth.rbi +102 -0
data/rbi/workos/connect_application_oauth_redirect_uris.rbi +30 -0
data/rbi/workos/connection_activated.rbi +6 -6
data/rbi/workos/connection_deactivated.rbi +6 -6
data/rbi/workos/connection_deleted.rbi +6 -6
data/rbi/workos/connection_saml_certificate_renewal_required.rbi +6 -6
data/rbi/workos/connection_saml_certificate_renewed.rbi +6 -6
data/rbi/workos/{audit_logs_retention_json.rbi → create_data_key_request.rbi} +5 -5
data/rbi/workos/create_data_key_response.rbi +42 -0
data/rbi/workos/create_object_request.rbi +36 -0
data/rbi/workos/create_organization_api_key.rbi +6 -0
data/rbi/workos/create_user_api_key.rbi +6 -0
data/rbi/workos/decrypt_request.rbi +24 -0
data/rbi/workos/decrypt_response.rbi +30 -0
data/rbi/workos/delete_object_response.rbi +30 -0
data/rbi/workos/dsync_activated.rbi +6 -6
data/rbi/workos/dsync_deactivated.rbi +6 -6
data/rbi/workos/dsync_deleted.rbi +6 -6
data/rbi/workos/dsync_group_created.rbi +6 -6
data/rbi/workos/dsync_group_deleted.rbi +6 -6
data/rbi/workos/dsync_group_updated.rbi +6 -6
data/rbi/workos/dsync_group_user_added.rbi +6 -6
data/rbi/workos/dsync_group_user_removed.rbi +6 -6
data/rbi/workos/dsync_user_created.rbi +6 -6
data/rbi/workos/dsync_user_deleted.rbi +6 -6
data/rbi/workos/dsync_user_updated.rbi +6 -6
data/rbi/workos/email_verification_created.rbi +6 -6
data/rbi/workos/error_response.rbi +24 -0
data/rbi/workos/flag_created.rbi +6 -6
data/rbi/workos/flag_deleted.rbi +6 -6
data/rbi/workos/flag_rule_updated.rbi +6 -6
data/rbi/workos/flag_updated.rbi +6 -6
data/rbi/workos/group_created.rbi +6 -6
data/rbi/workos/group_deleted.rbi +6 -6
data/rbi/workos/group_member_added.rbi +6 -6
data/rbi/workos/group_member_removed.rbi +6 -6
data/rbi/workos/group_updated.rbi +6 -6
data/rbi/workos/invitation_accepted.rbi +6 -6
data/rbi/workos/invitation_created.rbi +6 -6
data/rbi/workos/invitation_resent.rbi +6 -6
data/rbi/workos/invitation_revoked.rbi +6 -6
data/rbi/workos/magic_auth_created.rbi +6 -6
data/rbi/workos/object.rbi +42 -0
data/rbi/workos/object_metadata.rbi +60 -0
data/rbi/workos/object_summary.rbi +36 -0
data/rbi/workos/{audit_log_action_json.rbi → object_version.rbi} +17 -17
data/rbi/workos/object_without_value.rbi +36 -0
data/rbi/workos/organization_api_key.rbi +6 -0
data/rbi/workos/organization_api_key_with_value.rbi +6 -0
data/rbi/workos/organization_created.rbi +6 -6
data/rbi/workos/organization_deleted.rbi +6 -6
data/rbi/workos/organization_domain_created.rbi +6 -6
data/rbi/workos/organization_domain_deleted.rbi +6 -6
data/rbi/workos/organization_domain_updated.rbi +6 -6
data/rbi/workos/organization_domain_verification_failed.rbi +6 -6
data/rbi/workos/organization_domain_verified.rbi +6 -6
data/rbi/workos/organization_membership_created.rbi +6 -6
data/rbi/workos/organization_membership_deleted.rbi +6 -6
data/rbi/workos/organization_membership_service.rbi +114 -0
data/rbi/workos/organization_membership_updated.rbi +6 -6
data/rbi/workos/organization_role_created.rbi +6 -6
data/rbi/workos/organization_role_deleted.rbi +6 -6
data/rbi/workos/organization_role_updated.rbi +6 -6
data/rbi/workos/organization_updated.rbi +6 -6
data/rbi/workos/password_reset_created.rbi +6 -6
data/rbi/workos/password_reset_succeeded.rbi +6 -6
data/rbi/workos/permission_created.rbi +6 -6
data/rbi/workos/permission_deleted.rbi +6 -6
data/rbi/workos/permission_updated.rbi +6 -6
data/rbi/workos/pipe_connected_account.rbi +78 -0
data/rbi/workos/{audit_log_export_json.rbi → pipes_connected_account_connected.rbi} +11 -11
data/rbi/workos/pipes_connected_account_disconnected.rbi +54 -0
data/rbi/workos/pipes_connected_account_reauthorization_needed.rbi +54 -0
data/rbi/workos/radar.rbi +1 -3
data/rbi/workos/radar_standalone_assess_request.rbi +0 -12
data/rbi/workos/rekey_request.rbi +30 -0
data/rbi/workos/role_created.rbi +6 -6
data/rbi/workos/role_deleted.rbi +6 -6
data/rbi/workos/role_updated.rbi +6 -6
data/rbi/workos/session_created.rbi +6 -6
data/rbi/workos/session_manager.rbi +1 -1
data/rbi/workos/session_revoked.rbi +6 -6
data/rbi/workos/update_object_request.rbi +30 -0
data/rbi/workos/user_api_key.rbi +6 -0
data/rbi/workos/user_api_key_with_value.rbi +6 -0
data/rbi/workos/user_created.rbi +6 -6
data/rbi/workos/user_deleted.rbi +6 -6
data/rbi/workos/user_management.rbi +2 -90
data/rbi/workos/user_updated.rbi +6 -6
data/rbi/workos/vault.rbi +70 -95
data/rbi/workos/vault_byok_key_deleted.rbi +6 -6
data/rbi/workos/vault_byok_key_verification_completed.rbi +6 -6
data/rbi/workos/vault_data_created.rbi +6 -6
data/rbi/workos/vault_data_deleted.rbi +6 -6
data/rbi/workos/vault_data_read.rbi +6 -6
data/rbi/workos/vault_data_updated.rbi +6 -6
data/rbi/workos/vault_dek_decrypted.rbi +6 -6
data/rbi/workos/vault_dek_read.rbi +6 -6
data/rbi/workos/vault_kek_created.rbi +6 -6
data/rbi/workos/vault_metadata_read.rbi +6 -6
data/rbi/workos/vault_names_listed.rbi +6 -6
data/rbi/workos/waitlist_user_approved.rbi +6 -6
data/rbi/workos/waitlist_user_created.rbi +6 -6
data/rbi/workos/waitlist_user_denied.rbi +6 -6
data/rbi/workos/webhook_endpoint.rbi +1 -0
data/rbi/workos/webhooks.rbi +2 -2
data/renovate.json +1 -1
data/test/workos/test_actions.rb +9 -0
data/test/workos/test_base_client.rb +44 -0
data/test/workos/test_encryptors_aes_gcm.rb +16 -1
data/test/workos/test_model_round_trip.rb +577 -212
data/test/workos/test_organization_membership_service.rb +107 -0
data/test/workos/test_session.rb +43 -4
data/test/workos/test_user_management.rb +0 -74
data/test/workos/test_vault.rb +91 -87
data/test/workos/test_webhook_verify.rb +11 -0
metadata +65 -41
data/lib/workos/audit_logs/audit_log_schema_json.rb +0 -34
data/lib/workos/organizations/audit_logs_retention_json.rb +0 -18
data/lib/workos/types/audit_log_export_json_state.rb +0 -14
data/lib/workos/types/webhook_endpoint_json_status.rb +0 -9
data/lib/workos/user_management_organization_membership_groups.rb +0 -60
data/lib/workos/webhooks/webhook_endpoint_json.rb +0 -40
data/rbi/workos/actions.rbi +0 -48
data/rbi/workos/audit_log_schema_json.rbi +0 -54
data/rbi/workos/base_client.rbi +0 -132
data/rbi/workos/configuration.rbi +0 -68
data/rbi/workos/encryptors/aes_gcm.rbi +0 -19
data/rbi/workos/errors.rbi +0 -43
data/rbi/workos/hash_provider.rbi +0 -18
data/rbi/workos/passwordless.rbi +0 -47
data/rbi/workos/public_client.rbi +0 -12
data/rbi/workos/session.rbi +0 -43
data/rbi/workos/types/api_response.rbi +0 -29
data/rbi/workos/types/base_model.rbi +0 -22
data/rbi/workos/types/list_struct.rbi +0 -89
data/rbi/workos/user_management_organization_membership_groups.rbi +0 -25
data/rbi/workos/util.rbi +0 -12
data/test/workos/test_user_management_organization_membership_groups.rb +0 -33
/data/lib/workos/{user_management → organization_membership}/create_user_organization_membership.rb +0 -0
/data/lib/workos/{user_management → organization_membership}/organization_membership.rb +0 -0
/data/lib/workos/{user_management → organization_membership}/update_user_organization_membership.rb +0 -0
/data/lib/workos/{user_management → organization_membership}/user_organization_membership.rb +0 -0

data/lib/workos/radar.rb CHANGED Viewed

@@ -16,8 +16,6 @@ module WorkOS
     # @param email [String] The email address of the user making the request.
     # @param auth_method [WorkOS::Types::RadarStandaloneAssessRequestAuthMethod] The authentication method being used.
     # @param action [WorkOS::Types::RadarStandaloneAssessRequestAction] The action being performed.
-    # @param device_fingerprint [String, nil] An optional device fingerprint for the request.
-    # @param bot_score [String, nil] An optional bot detection score for the request.
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
     # @return [WorkOS::RadarStandaloneResponse]
     def create_attempt(
@@ -26,8 +24,6 @@ module WorkOS
       email:,
       auth_method:,
       action:,
-      device_fingerprint: nil,
-      bot_score: nil,
       request_options: {}
     )
       body = {
@@ -35,10 +31,8 @@ module WorkOS
         "user_agent" => user_agent,
         "email" => email,
         "auth_method" => auth_method,
-        "action" => action,
-        "device_fingerprint" => device_fingerprint,
-        "bot_score" => bot_score
-      }.compact
+        "action" => action
+      }
       response = @client.request(
         method: :post,
         path: "/radar/attempts",
@@ -78,8 +72,8 @@ module WorkOS
     end
     # Add an entry to a Radar list
-    # @param type [WorkOS::Types::RadarType] The type of the Radar list (e.g. ip_address, domain, email).
-    # @param action [WorkOS::Types::RadarAction] The list action indicating whether to add the entry to the allow or block list.
+    # @param type [WorkOS::Types::RadarListType] The type of the Radar list (e.g. ip_address, domain, email).
+    # @param action [WorkOS::Types::RadarListAction] The list action indicating whether to add the entry to the allow or block list.
     # @param entry [String] The value to add to the list. Must match the format of the list type (e.g. a valid IP address for `ip_address`, a valid email for `email`).
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
     # @return [WorkOS::RadarListEntryAlreadyPresentResponse]
@@ -105,8 +99,8 @@ module WorkOS
     end
     # Remove an entry from a Radar list
-    # @param type [WorkOS::Types::RadarType] The type of the Radar list (e.g. ip_address, domain, email).
-    # @param action [WorkOS::Types::RadarAction] The list action indicating whether to remove the entry from the allow or block list.
+    # @param type [WorkOS::Types::RadarListType] The type of the Radar list (e.g. ip_address, domain, email).
+    # @param action [WorkOS::Types::RadarListAction] The list action indicating whether to remove the entry from the allow or block list.
     # @param entry [String] The value to remove from the list. Must match an existing entry.
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
     # @return [void]

data/lib/workos/session.rb CHANGED Viewed

@@ -21,8 +21,16 @@ module WorkOS
   # @example Build a logout URL
   #   url = session.get_logout_url(return_to: "https://app.example.com")
   class Session
+    # Minimum cookie_password byte length. AES-256-GCM derives a 32-byte
+    # key from the password via SHA-256; a passphrase shorter than the
+    # output it derives to provides less than the full keyspace and makes
+    # offline brute-force feasible. Require callers to supply at least 32
+    # bytes of high-entropy secret. See README + V7_MIGRATION_GUIDE.md.
+    MIN_COOKIE_PASSWORD_BYTES = 32
     def initialize(manager, seal_data:, cookie_password:)
       raise ArgumentError, "cookie_password is required" if cookie_password.nil? || cookie_password.empty?
+      raise ArgumentError, "cookie_password must be at least #{MIN_COOKIE_PASSWORD_BYTES} bytes" if cookie_password.bytesize < MIN_COOKIE_PASSWORD_BYTES
       @manager = manager
       @client = manager.client
       @seal_data = seal_data
@@ -57,7 +65,7 @@ module WorkOS
         return SessionManager::AuthError.new(authenticated: false, reason: SessionManager::INVALID_JWT)
       end
-      is_expired = decoded["exp"] && decoded["exp"] < Time.now.to_i
+      is_expired = decoded["exp"].nil? || decoded["exp"] < Time.now.to_i
       SessionManager::AuthSuccess.new(
         authenticated: !is_expired,
@@ -77,6 +85,11 @@ module WorkOS
     def refresh(organization_id: nil, cookie_password: nil)
       effective_password = cookie_password || @cookie_password
+      # Validate up front so a caller-supplied short password raises ArgumentError
+      # (matching Session#initialize) instead of being swallowed by the
+      # unseal_data rescue and surfacing as INVALID_SESSION_COOKIE.
+      raise ArgumentError, "cookie_password is required" if effective_password.nil? || effective_password.empty?
+      raise ArgumentError, "cookie_password must be at least #{MIN_COOKIE_PASSWORD_BYTES} bytes" if effective_password.bytesize < MIN_COOKIE_PASSWORD_BYTES
       session = begin
         @manager.unseal_data(@seal_data, effective_password)
@@ -105,17 +118,20 @@ module WorkOS
         impersonator: auth_response["impersonator"]
       )
-      # Decode before mutating session state so a malformed access_token
-      # doesn't leave the Session half-updated.
-      decoded = @manager.decode_jwt(auth_response["access_token"])
+      # Persist the new seal/password BEFORE decoding the JWT, so a transient
+      # JWKS fetch error (or any decode failure on the freshly-minted token)
+      # leaves the Session with a usable sealed cookie that the caller can
+      # re-#authenticate against, rather than half-updated state.
       @seal_data = sealed
       @cookie_password = effective_password
+      decoded = @manager.decode_jwt(auth_response["access_token"])
       SessionManager::RefreshSuccess.new(
         authenticated: true,
         sealed_session: sealed,
         session_id: decoded["sid"],
-        organization_id: decoded["org_id"],
+        organization_id: auth_response["organization_id"] || decoded["org_id"],
         role: decoded["role"],
         roles: decoded["roles"],
         permissions: decoded["permissions"],
@@ -127,7 +143,12 @@ module WorkOS
     rescue WorkOS::AuthenticationError, WorkOS::InvalidRequestError => e
       SessionManager::RefreshError.new(authenticated: false, reason: e.message)
     rescue JWT::DecodeError => e
-      SessionManager::RefreshError.new(authenticated: false, reason: e.message)
+      # The refresh token was already rotated server-side before decode failed,
+      # so @seal_data holds the freshly-minted cookie. Surface it on the error
+      # struct so the caller can write the rotated cookie back to the browser
+      # and recover on a subsequent #authenticate, rather than re-sending the
+      # now-revoked refresh token.
+      SessionManager::RefreshError.new(authenticated: false, reason: e.message, sealed_session: @seal_data)
     end
     # Build the WorkOS session-logout URL for the currently authenticated session.

data/lib/workos/session_manager.rb CHANGED Viewed

@@ -107,7 +107,7 @@ module WorkOS
       :roles, :permissions, :entitlements, :user, :impersonator, :feature_flags,
       keyword_init: true
     )
-    RefreshError = Struct.new(:authenticated, :reason, keyword_init: true)
+    RefreshError = Struct.new(:authenticated, :reason, :sealed_session, keyword_init: true)
     # Failure reason constants
     NO_SESSION_COOKIE_PROVIDED = "no_session_cookie_provided"
@@ -150,12 +150,14 @@ module WorkOS
     # H06 — Raw seal: encrypt arbitrary data with a key string.
     # Delegates to the configured encryptor (default: AES-256-GCM).
     def seal_data(data, key)
+      validate_cookie_password!(key)
       @encryptor.seal(data, key)
     end
     # H06 — Raw unseal: returns parsed JSON (Hash) or raw string if not JSON.
     # Delegates to the configured encryptor (default: AES-256-GCM).
     def unseal_data(sealed, key)
+      validate_cookie_password!(key)
       @encryptor.unseal(sealed, key)
     end
@@ -164,11 +166,20 @@ module WorkOS
       payload = {"access_token" => access_token, "refresh_token" => refresh_token}
       payload["user"] = user if user
       payload["impersonator"] = impersonator if impersonator
+      # Delegates to seal_data, which calls validate_cookie_password!; no need
+      # to validate here too.
       seal_data(payload, cookie_password)
     end
     # Verify an access-token JWT against the WorkOS JWKS for this client.
     # Used by Session#authenticate; exposed publicly for advanced cases.
+    #
+    # NOTE on iss/aud/required_claims: this method intentionally does not
+    # enforce iss, aud, or required_claims. workos-node's `jose` call and
+    # workos-php's `isset($exp) && $exp < time()` accept exp-less tokens, and
+    # cross-SDK parity is required for the planned coordinated hardening of
+    # these claims. See commit 9ce069f for the rationale behind dropping the
+    # required_claims: ['exp'] tightening that was considered here.
     def decode_jwt(access_token, verify_expiration: true)
       jwks = fetch_jwks
       JWT.decode(
@@ -182,6 +193,18 @@ module WorkOS
       ).first
     end
+    private
+    # Validate a cookie_password is non-empty and at least the minimum
+    # byte length required by Session::MIN_COOKIE_PASSWORD_BYTES (32).
+    # Defense-in-depth — Session#initialize enforces the same invariant
+    # on the load path; this guards the inline #seal_data / #unseal_data
+    # entry points.
+    def validate_cookie_password!(key)
+      raise ArgumentError, "cookie_password is required" if key.nil? || key.empty?
+      raise ArgumentError, "cookie_password must be at least #{Session::MIN_COOKIE_PASSWORD_BYTES} bytes" if key.bytesize < Session::MIN_COOKIE_PASSWORD_BYTES
+    end
     # Cached JWKS fetch (5-minute TTL, thread-safe).
     def fetch_jwks(now: Time.now)
       @jwks_mutex.synchronize do

data/lib/workos/shared/connect_application_m2m.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+# This file is auto-generated by oagen. Do not edit.
+module WorkOS
+  class ConnectApplicationM2M < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      object: :object,
+      id: :id,
+      client_id: :client_id,
+      description: :description,
+      name: :name,
+      scopes: :scopes,
+      created_at: :created_at,
+      updated_at: :updated_at,
+      application_type: :application_type,
+      organization_id: :organization_id
+    }.freeze
+    attr_accessor \
+      :object,
+      :id,
+      :client_id,
+      :description,
+      :name,
+      :scopes,
+      :created_at,
+      :updated_at,
+      :application_type,
+      :organization_id
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @object = hash[:object]
+      @id = hash[:id]
+      @client_id = hash[:client_id]
+      @description = hash[:description]
+      @name = hash[:name]
+      @scopes = hash[:scopes] || []
+      @created_at = hash[:created_at]
+      @updated_at = hash[:updated_at]
+      @application_type = hash[:application_type]
+      @organization_id = hash[:organization_id]
+    end
+  end
+end

data/lib/workos/shared/connect_application_oauth.rb ADDED Viewed

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+# This file is auto-generated by oagen. Do not edit.
+module WorkOS
+  class ConnectApplicationOAuth < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      object: :object,
+      id: :id,
+      client_id: :client_id,
+      description: :description,
+      name: :name,
+      scopes: :scopes,
+      created_at: :created_at,
+      updated_at: :updated_at,
+      application_type: :application_type,
+      redirect_uris: :redirect_uris,
+      uses_pkce: :uses_pkce,
+      is_first_party: :is_first_party,
+      was_dynamically_registered: :was_dynamically_registered,
+      organization_id: :organization_id
+    }.freeze
+    attr_accessor \
+      :object,
+      :id,
+      :client_id,
+      :description,
+      :name,
+      :scopes,
+      :created_at,
+      :updated_at,
+      :application_type,
+      :redirect_uris,
+      :uses_pkce,
+      :is_first_party,
+      :was_dynamically_registered,
+      :organization_id
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @object = hash[:object]
+      @id = hash[:id]
+      @client_id = hash[:client_id]
+      @description = hash[:description]
+      @name = hash[:name]
+      @scopes = hash[:scopes] || []
+      @created_at = hash[:created_at]
+      @updated_at = hash[:updated_at]
+      @application_type = hash[:application_type]
+      @redirect_uris = (hash[:redirect_uris] || []).map { |item| item ? WorkOS::ConnectApplicationOAuthRedirectUris.new(item) : nil }
+      @uses_pkce = hash[:uses_pkce]
+      @is_first_party = hash[:is_first_party]
+      @was_dynamically_registered = hash[:was_dynamically_registered]
+      @organization_id = hash[:organization_id]
+    end
+  end
+end

data/lib/workos/shared/connect_application_oauth_redirect_uris.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+# This file is auto-generated by oagen. Do not edit.
+module WorkOS
+  class ConnectApplicationOAuthRedirectUris < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      uri: :uri,
+      default: :default
+    }.freeze
+    attr_accessor \
+      :uri,
+      :default
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @uri = hash[:uri]
+      @default = hash[:default]
+    end
+  end
+end

data/lib/workos/shared/error_response.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+# This file is auto-generated by oagen. Do not edit.
+module WorkOS
+  class ErrorResponse < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      error: :error
+    }.freeze
+    attr_accessor :error
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @error = hash[:error]
+    end
+  end
+end

data/lib/workos/shared/group_created.rb CHANGED Viewed

@@ -5,30 +5,30 @@
 module WorkOS
   class GroupCreated < WorkOS::Types::BaseModel
     HASH_ATTRS = {
+      object: :object,
       id: :id,
       event: :event,
       data: :data,
       created_at: :created_at,
-      context: :context,
-      object: :object
+      context: :context
     }.freeze
     attr_accessor \
+      :object,
       :id,
       :event,
       :data,
       :created_at,
-      :context,
-      :object
+      :context
     def initialize(json)
       hash = self.class.normalize(json)
+      @object = hash[:object]
       @id = hash[:id]
       @event = hash[:event]
       @data = hash[:data] ? WorkOS::Group.new(hash[:data]) : nil
       @created_at = hash[:created_at]
       @context = hash[:context] ? WorkOS::EventContext.new(hash[:context]) : nil
-      @object = hash[:object]
     end
   end
 end

data/lib/workos/shared/group_deleted.rb CHANGED Viewed

@@ -5,30 +5,30 @@
 module WorkOS
   class GroupDeleted < WorkOS::Types::BaseModel
     HASH_ATTRS = {
+      object: :object,
       id: :id,
       event: :event,
       data: :data,
       created_at: :created_at,
-      context: :context,
-      object: :object
+      context: :context
     }.freeze
     attr_accessor \
+      :object,
       :id,
       :event,
       :data,
       :created_at,
-      :context,
-      :object
+      :context
     def initialize(json)
       hash = self.class.normalize(json)
+      @object = hash[:object]
       @id = hash[:id]
       @event = hash[:event]
       @data = hash[:data] ? WorkOS::Group.new(hash[:data]) : nil
       @created_at = hash[:created_at]
       @context = hash[:context] ? WorkOS::EventContext.new(hash[:context]) : nil
-      @object = hash[:object]
     end
   end
 end

data/lib/workos/shared/group_member_added.rb CHANGED Viewed

@@ -5,30 +5,30 @@
 module WorkOS
   class GroupMemberAdded < WorkOS::Types::BaseModel
     HASH_ATTRS = {
+      object: :object,
       id: :id,
       event: :event,
       data: :data,
       created_at: :created_at,
-      context: :context,
-      object: :object
+      context: :context
     }.freeze
     attr_accessor \
+      :object,
       :id,
       :event,
       :data,
       :created_at,
-      :context,
-      :object
+      :context
     def initialize(json)
       hash = self.class.normalize(json)
+      @object = hash[:object]
       @id = hash[:id]
       @event = hash[:event]
       @data = hash[:data] ? WorkOS::GroupMemberAddedData.new(hash[:data]) : nil
       @created_at = hash[:created_at]
       @context = hash[:context] ? WorkOS::EventContext.new(hash[:context]) : nil
-      @object = hash[:object]
     end
   end
 end

data/lib/workos/shared/group_member_removed.rb CHANGED Viewed

@@ -5,30 +5,30 @@
 module WorkOS
   class GroupMemberRemoved < WorkOS::Types::BaseModel
     HASH_ATTRS = {
+      object: :object,
       id: :id,
       event: :event,
       data: :data,
       created_at: :created_at,
-      context: :context,
-      object: :object
+      context: :context
     }.freeze
     attr_accessor \
+      :object,
       :id,
       :event,
       :data,
       :created_at,
-      :context,
-      :object
+      :context
     def initialize(json)
       hash = self.class.normalize(json)
+      @object = hash[:object]
       @id = hash[:id]
       @event = hash[:event]
       @data = hash[:data] ? WorkOS::GroupMemberRemovedData.new(hash[:data]) : nil
       @created_at = hash[:created_at]
       @context = hash[:context] ? WorkOS::EventContext.new(hash[:context]) : nil
-      @object = hash[:object]
     end
   end
 end

data/lib/workos/shared/group_updated.rb CHANGED Viewed

@@ -5,30 +5,30 @@
 module WorkOS
   class GroupUpdated < WorkOS::Types::BaseModel
     HASH_ATTRS = {
+      object: :object,
       id: :id,
       event: :event,
       data: :data,
       created_at: :created_at,
-      context: :context,
-      object: :object
+      context: :context
     }.freeze
     attr_accessor \
+      :object,
       :id,
       :event,
       :data,
       :created_at,
-      :context,
-      :object
+      :context
     def initialize(json)
       hash = self.class.normalize(json)
+      @object = hash[:object]
       @id = hash[:id]
       @event = hash[:event]
       @data = hash[:data] ? WorkOS::Group.new(hash[:data]) : nil
       @created_at = hash[:created_at]
       @context = hash[:context] ? WorkOS::EventContext.new(hash[:context]) : nil
-      @object = hash[:object]
     end
   end
 end

data/lib/workos/shared/pipe_connected_account.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+# This file is auto-generated by oagen. Do not edit.
+module WorkOS
+  class PipeConnectedAccount < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      object: :object,
+      id: :id,
+      data_integration_id: :data_integration_id,
+      provider_slug: :provider_slug,
+      user_id: :user_id,
+      organization_id: :organization_id,
+      scopes: :scopes,
+      state: :state,
+      created_at: :created_at,
+      updated_at: :updated_at
+    }.freeze
+    attr_accessor \
+      :object,
+      :id,
+      :data_integration_id,
+      :provider_slug,
+      :user_id,
+      :organization_id,
+      :scopes,
+      :state,
+      :created_at,
+      :updated_at
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @object = hash[:object]
+      @id = hash[:id]
+      @data_integration_id = hash[:data_integration_id]
+      @provider_slug = hash[:provider_slug]
+      @user_id = hash[:user_id]
+      @organization_id = hash[:organization_id]
+      @scopes = hash[:scopes] || []
+      @state = hash[:state]
+      @created_at = hash[:created_at]
+      @updated_at = hash[:updated_at]
+    end
+  end
+end

data/lib/workos/{audit_logs/audit_log_export_json.rb → shared/pipes_connected_account_connected.rb} RENAMED Viewed

@@ -3,32 +3,32 @@
 # This file is auto-generated by oagen. Do not edit.
 module WorkOS
-  class AuditLogExportJson < WorkOS::Types::BaseModel
+  class PipesConnectedAccountConnected < WorkOS::Types::BaseModel
     HASH_ATTRS = {
       object: :object,
       id: :id,
-      state: :state,
-      url: :url,
+      event: :event,
+      data: :data,
       created_at: :created_at,
-      updated_at: :updated_at
+      context: :context
     }.freeze
     attr_accessor \
       :object,
       :id,
-      :state,
-      :url,
+      :event,
+      :data,
       :created_at,
-      :updated_at
+      :context
     def initialize(json)
       hash = self.class.normalize(json)
       @object = hash[:object]
       @id = hash[:id]
-      @state = hash[:state]
-      @url = hash[:url]
+      @event = hash[:event]
+      @data = hash[:data] ? WorkOS::PipeConnectedAccount.new(hash[:data]) : nil
       @created_at = hash[:created_at]
-      @updated_at = hash[:updated_at]
+      @context = hash[:context] ? WorkOS::EventContext.new(hash[:context]) : nil
     end
   end
 end

data/lib/workos/shared/pipes_connected_account_disconnected.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+# This file is auto-generated by oagen. Do not edit.
+module WorkOS
+  class PipesConnectedAccountDisconnected < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      object: :object,
+      id: :id,
+      event: :event,
+      data: :data,
+      created_at: :created_at,
+      context: :context
+    }.freeze
+    attr_accessor \
+      :object,
+      :id,
+      :event,
+      :data,
+      :created_at,
+      :context
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @object = hash[:object]
+      @id = hash[:id]
+      @event = hash[:event]
+      @data = hash[:data] ? WorkOS::PipeConnectedAccount.new(hash[:data]) : nil
+      @created_at = hash[:created_at]
+      @context = hash[:context] ? WorkOS::EventContext.new(hash[:context]) : nil
+    end
+  end
+end

data/lib/workos/shared/pipes_connected_account_reauthorization_needed.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+# This file is auto-generated by oagen. Do not edit.
+module WorkOS
+  class PipesConnectedAccountReauthorizationNeeded < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      object: :object,
+      id: :id,
+      event: :event,
+      data: :data,
+      created_at: :created_at,
+      context: :context
+    }.freeze
+    attr_accessor \
+      :object,
+      :id,
+      :event,
+      :data,
+      :created_at,
+      :context
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @object = hash[:object]
+      @id = hash[:id]
+      @event = hash[:event]
+      @data = hash[:data] ? WorkOS::PipeConnectedAccount.new(hash[:data]) : nil
+      @created_at = hash[:created_at]
+      @context = hash[:context] ? WorkOS::EventContext.new(hash[:context]) : nil
+    end
+  end
+end