workos 9.1.0 → 9.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d5bf8d039e74032934018104dfea6d320879461dba4c31f31bbf598b2f31eda6
-  data.tar.gz: 3d3fcf304a78be2a804cab6965e31560296f1d21c2c3e66cc5f106651e759baf
+  metadata.gz: 9b74d5a5f47e335f1459829bde13242bdcaaf71abc8cbae6fd2566e6d7fe509d
+  data.tar.gz: 292c0b0b904b4717e390daf15f581fc66bd20952e27dde0e34b263d041763446
 SHA512:
-  metadata.gz: 688d93035a70deb0779be44d0185e44cf7fd53ad5e5143157f5c29321d84d88f04bc696d6a65a2b050d86eec6a9cdea807418ae2360936b046648a1e8e77854c
-  data.tar.gz: 28e078a1307dc71956d840ec6925946aaca7b70ea7cf60b8cbb16caee9db25afbc11c28863155a82c92f62e81fb4c5937490237af4859ce7dd1f2b5012fce8a4
+  metadata.gz: 93251d0f6167e4b4c84565d9ae73e533421129ecdacd6bae6a99110ae1e3f574be387487f831433144e102f3b9f9c2c5711ed6029df0961ab88e599944d3d8f5
+  data.tar.gz: 15fe047716b898b934652ecfc1b8e35e26de2785076f4cd24df210c1f17cccdb0e340ed88270fe2a2b59d0826fdfd222bb591cba46c538abd7c4f1e832a4128e

data/.github/workflows/release-please.yml

@@ -14,12 +14,20 @@ permissions:
   pull-requests: write
 
 jobs:
+  # release-please owns tag + GitHub Release creation (no
+  # skip-github-release). Because it tags every release inside its own run
+  # — before it computes the next release PR — it always knows the previous
+  # release boundary, so it never regenerates the changelog from the start
+  # of history or proposes a spurious major bump. Creating the release with
+  # the app token also fires the `release: published` event that release.yml
+  # uses to publish to RubyGems. This job is kept minimal so nothing
+  # downstream (changelog enrichment, release notes) can fail it.
   release-please:
-    needs: publish-release
-    if: needs.publish-release.outputs.is-release != 'true'
     runs-on: ubuntu-latest
     outputs:
       pr: ${{ steps.release.outputs.pr }}
+      release_created: ${{ steps.release.outputs.release_created }}
+      tag_name: ${{ steps.release.outputs.tag_name }}
     steps:
       - name: Generate token
         id: generate-token
@@ -28,22 +36,30 @@ jobs:
           app-id: ${{ vars.SDK_BOT_APP_ID }}
           private-key: ${{ secrets.SDK_BOT_PRIVATE_KEY }}
 
-      # skip-github-release means release-please opens/updates release
-      # PRs and updates CHANGELOG.md as usual, but does NOT tag or create
-      # the GitHub Release on merge. Those are owned by publish-release
-      # below so we can set the Release body from the rich CHANGELOG.md
-      # section instead of release-please's terse default rendering.
       - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0
         id: release
         with:
           token: ${{ steps.generate-token.outputs.token }}
-          skip-github-release: true
+
+  # While the release PR is open, enrich it before it merges. Runs as its
+  # own job (gated on the PR existing) so a failure here can never block the
+  # release or any publish that depends on release-please.
+  enrich-release-pr:
+    needs: release-please
+    if: needs.release-please.outputs.pr
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # 3.2.0
+        with:
+          app-id: ${{ vars.SDK_BOT_APP_ID }}
+          private-key: ${{ secrets.SDK_BOT_PRIVATE_KEY }}
 
       - name: Checkout release PR branch
-        if: steps.release.outputs.pr
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # 6.0.3
         with:
-          ref: ${{ fromJSON(steps.release.outputs.pr).headBranchName }}
+          ref: ${{ fromJSON(needs.release-please.outputs.pr).headBranchName }}
           token: ${{ steps.generate-token.outputs.token }}
 
       # Inline pending changelog fragments under the version heading
@@ -54,9 +70,8 @@ jobs:
       # release-please wrote. Fragments are deleted in the same commit.
       # Idempotent: if no fragments exist, skip silently.
       - name: Inline rich changelog fragments
-        if: steps.release.outputs.pr
         env:
-          PR_JSON: ${{ steps.release.outputs.pr }}
+          PR_JSON: ${{ needs.release-please.outputs.pr }}
         run: |
           set -euo pipefail
           shopt -s nullglob
@@ -136,13 +151,11 @@ jobs:
           git push
 
       - name: Set up Ruby
-        if: steps.release.outputs.pr
         uses: ruby/setup-ruby@12fd324f1d0b43274fdc8130f6980590a667c455 # 1.312.0
         with:
           ruby-version: ruby
 
       - name: Bundle install and commit
-        if: steps.release.outputs.pr
         run: |
           bundle install
           if git diff --quiet Gemfile.lock; then
@@ -155,18 +168,14 @@ jobs:
             git push
           fi
 
-  # Detect when a release-please release PR has merged, then tag and
-  # create the GitHub Release whose body is extracted from CHANGELOG.md
-  # (now rich, after the inline step above). Runs on every push to main;
-  # the detect step gates everything else.
-  publish-release:
+  # After release-please tags the release and creates the GitHub Release,
+  # replace its body with the rich section from CHANGELOG.md (release-please
+  # writes only its terse default rendering). Cosmetic-only: never fails the
+  # release if the section can't be found.
+  update-release-notes:
+    needs: release-please
+    if: needs.release-please.outputs.release_created == 'true'
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-    outputs:
-      is-release: ${{ steps.detect.outputs.is-release }}
-      version: ${{ steps.detect.outputs.version }}
     steps:
       - name: Generate token
         id: generate-token
@@ -177,72 +186,22 @@ jobs:
 
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # 6.0.3
         with:
-          fetch-depth: 0
           token: ${{ steps.generate-token.outputs.token }}
 
-      - name: Detect release PR merge
-        id: detect
-        run: |
-          set -euo pipefail
-          SUBJECT=$(git log -1 --format=%s)
-          # release-please's default release PR title:
-          #   chore(main): release X.Y.Z
-          if [[ "$SUBJECT" =~ ^chore\(.*\):[[:space:]]release[[:space:]]([0-9]+\.[0-9]+\.[0-9]+) ]]; then
-            VERSION="${BASH_REMATCH[1]}"
-            echo "is-release=true"  >> "$GITHUB_OUTPUT"
-            echo "version=$VERSION" >> "$GITHUB_OUTPUT"
-            if [[ "$SUBJECT" =~ \#([0-9]+) ]]; then
-              echo "pr-number=${BASH_REMATCH[1]}" >> "$GITHUB_OUTPUT"
-            fi
-            echo "Detected release PR merge for v$VERSION"
-          else
-            echo "Not a release PR merge: $SUBJECT"
-            echo "is-release=false" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Extract release notes from CHANGELOG.md
-        if: steps.detect.outputs.is-release == 'true'
+      - name: Set rich release notes from CHANGELOG.md
         env:
-          VERSION: ${{ steps.detect.outputs.version }}
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+          TAG: ${{ needs.release-please.outputs.tag_name }}
         run: |
           set -euo pipefail
+          VERSION="${TAG#v}"
           awk -v v="$VERSION" '
             $0 ~ ("^## \\[" v "\\]") { found=1; next }
             found && /^## \[/ { exit }
             found
           ' CHANGELOG.md > /tmp/release-notes.md
-          if [ ! -s /tmp/release-notes.md ]; then
-            echo "::error::CHANGELOG.md has no body for v$VERSION"
-            exit 1
-          fi
-
-      - name: Tag and create GitHub Release
-        if: steps.detect.outputs.is-release == 'true'
-        env:
-          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
-          VERSION: ${{ steps.detect.outputs.version }}
-        run: |
-          set -euo pipefail
-          TAG="v$VERSION"
-          if gh release view "$TAG" >/dev/null 2>&1; then
-            echo "Release $TAG already exists; skipping."
-            exit 0
+          if [ -s /tmp/release-notes.md ]; then
+            gh release edit "$TAG" --notes-file /tmp/release-notes.md
+          else
+            echo "No CHANGELOG.md body for $TAG; keeping release-please default notes."
           fi
-          git config user.name "workos-sdk-automation[bot]"
-          git config user.email "255426317+workos-sdk-automation[bot]@users.noreply.github.com"
-          git tag -a "$TAG" -m "Release $TAG"
-          git push origin "$TAG"
-          gh release create "$TAG" \
-            --title "$TAG" \
-            --notes-file /tmp/release-notes.md
-
-      - name: Mark release PR as tagged
-        if: steps.detect.outputs.is-release == 'true' && steps.detect.outputs['pr-number']
-        env:
-          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
-          PR_NUMBER: ${{ steps.detect.outputs['pr-number'] }}
-        run: |
-          set -euo pipefail
-          gh pr edit "$PR_NUMBER" \
-            --remove-label "autorelease: pending" \
-            --add-label "autorelease: tagged"

data/.last-synced-sha

@@ -1 +1 @@
-d8c5a7de598792b1cee18d4a9842825110e5c74a
+b6a68da8bd60c1478e0a86ca97c75448677e8871

data/.oagen-manifest.json

@@ -1,7 +1,7 @@
 {
   "version": 2,
   "language": "ruby",
-  "generatedAt": "2026-06-03T19:20:02.984Z",
+  "generatedAt": "2026-06-17T21:06:29.872Z",
   "files": [
     "lib/workos.rb",
     "lib/workos/admin_portal.rb",
@@ -56,8 +56,13 @@
     "lib/workos/authorization/check_authorization.rb",
     "lib/workos/authorization/create_authorization_permission.rb",
     "lib/workos/authorization/create_authorization_resource.rb",
+    "lib/workos/authorization/create_group_role_assignment.rb",
     "lib/workos/authorization/create_organization_role.rb",
     "lib/workos/authorization/create_role.rb",
+    "lib/workos/authorization/delete_group_role_assignments_by_criteria.rb",
+    "lib/workos/authorization/group_role_assignment.rb",
+    "lib/workos/authorization/group_role_assignment_list.rb",
+    "lib/workos/authorization/group_role_assignment_resource.rb",
     "lib/workos/authorization/permission.rb",
     "lib/workos/authorization/permission_created.rb",
     "lib/workos/authorization/permission_created_data.rb",
@@ -66,6 +71,8 @@
     "lib/workos/authorization/permission_updated.rb",
     "lib/workos/authorization/permission_updated_data.rb",
     "lib/workos/authorization/remove_role.rb",
+    "lib/workos/authorization/replace_group_role_assignment_entry.rb",
+    "lib/workos/authorization/replace_group_role_assignments.rb",
     "lib/workos/authorization/role.rb",
     "lib/workos/authorization/role_created.rb",
     "lib/workos/authorization/role_created_data.rb",
@@ -83,6 +90,9 @@
     "lib/workos/authorization/user_role_assignment.rb",
     "lib/workos/authorization/user_role_assignment_resource.rb",
     "lib/workos/client.rb",
+    "lib/workos/client_api.rb",
+    "lib/workos/client_api/client_api_token.rb",
+    "lib/workos/client_api/client_api_token_response.rb",
     "lib/workos/connect.rb",
     "lib/workos/connect/application_credentials_list_item.rb",
     "lib/workos/connect/connect_application.rb",
@@ -249,6 +259,11 @@
     "lib/workos/pipes/data_integrations_list_response.rb",
     "lib/workos/pipes/data_integrations_list_response_data.rb",
     "lib/workos/pipes/data_integrations_list_response_data_connected_account.rb",
+    "lib/workos/pipes_provider.rb",
+    "lib/workos/pipes_provider/configure_data_integration_body.rb",
+    "lib/workos/pipes_provider/data_integration_configuration_list_response.rb",
+    "lib/workos/pipes_provider/data_integration_configuration_response.rb",
+    "lib/workos/pipes_provider/data_integration_credentials.rb",
     "lib/workos/radar.rb",
     "lib/workos/radar/radar_list_entry_already_present_response.rb",
     "lib/workos/radar/radar_standalone_assess_request.rb",
@@ -315,6 +330,7 @@
     "lib/workos/types/authentication_factors_create_request_type.rb",
     "lib/workos/types/authentication_radar_risk_detected_data_action.rb",
     "lib/workos/types/authorization_assignment.rb",
+    "lib/workos/types/connected_account_auth_method.rb",
     "lib/workos/types/connected_account_state.rb",
     "lib/workos/types/connection_activated_data_connection_type.rb",
     "lib/workos/types/connection_activated_data_state.rb",
@@ -334,6 +350,9 @@
     "lib/workos/types/create_user_password_hash_type.rb",
     "lib/workos/types/create_webhook_endpoint_events.rb",
     "lib/workos/types/data_integration_access_token_response_error.rb",
+    "lib/workos/types/data_integration_credentials_credentials_type.rb",
+    "lib/workos/types/data_integrations_list_response_data_auth_methods.rb",
+    "lib/workos/types/data_integrations_list_response_data_connected_account_auth_method.rb",
     "lib/workos/types/data_integrations_list_response_data_connected_account_state.rb",
     "lib/workos/types/data_integrations_list_response_data_ownership.rb",
     "lib/workos/types/directory_state.rb",
@@ -714,6 +733,10 @@
     "rbi/workos/challenge_authentication_factor.rbi",
     "rbi/workos/check_authorization.rbi",
     "rbi/workos/client.rbi",
+    "rbi/workos/client_api.rbi",
+    "rbi/workos/client_api_token.rbi",
+    "rbi/workos/client_api_token_response.rbi",
+    "rbi/workos/configure_data_integration_body.rbi",
     "rbi/workos/confirm_email_change.rbi",
     "rbi/workos/connect.rbi",
     "rbi/workos/connect_application.rbi",
@@ -749,6 +772,7 @@
     "rbi/workos/create_data_key_response.rbi",
     "rbi/workos/create_group.rbi",
     "rbi/workos/create_group_membership.rbi",
+    "rbi/workos/create_group_role_assignment.rbi",
     "rbi/workos/create_m2m_application.rbi",
     "rbi/workos/create_magic_code_and_return.rbi",
     "rbi/workos/create_oauth_application.rbi",
@@ -768,6 +792,9 @@
     "rbi/workos/data_integration_access_token_response.rbi",
     "rbi/workos/data_integration_access_token_response_access_token.rbi",
     "rbi/workos/data_integration_authorize_url_response.rbi",
+    "rbi/workos/data_integration_configuration_list_response.rbi",
+    "rbi/workos/data_integration_configuration_response.rbi",
+    "rbi/workos/data_integration_credentials.rbi",
     "rbi/workos/data_integrations_get_data_integration_authorize_url_request.rbi",
     "rbi/workos/data_integrations_get_user_token_request.rbi",
     "rbi/workos/data_integrations_list_response.rbi",
@@ -775,6 +802,7 @@
     "rbi/workos/data_integrations_list_response_data_connected_account.rbi",
     "rbi/workos/decrypt_request.rbi",
     "rbi/workos/decrypt_response.rbi",
+    "rbi/workos/delete_group_role_assignments_by_criteria.rbi",
     "rbi/workos/delete_object_response.rbi",
     "rbi/workos/device_authorization_response.rbi",
     "rbi/workos/device_code_session_authenticate_request.rbi",
@@ -871,6 +899,8 @@
     "rbi/workos/group_member_added_data.rbi",
     "rbi/workos/group_member_removed.rbi",
     "rbi/workos/group_member_removed_data.rbi",
+    "rbi/workos/group_role_assignment.rbi",
+    "rbi/workos/group_role_assignment_resource.rbi",
     "rbi/workos/group_updated.rbi",
     "rbi/workos/groups.rbi",
     "rbi/workos/intent_options.rbi",
@@ -961,6 +991,7 @@
     "rbi/workos/pipes_connected_account_connected.rbi",
     "rbi/workos/pipes_connected_account_disconnected.rbi",
     "rbi/workos/pipes_connected_account_reauthorization_needed.rbi",
+    "rbi/workos/pipes_provider.rbi",
     "rbi/workos/portal_link_response.rbi",
     "rbi/workos/profile.rbi",
     "rbi/workos/radar.rbi",
@@ -975,6 +1006,8 @@
     "rbi/workos/refresh_token_session_authenticate_request.rbi",
     "rbi/workos/rekey_request.rbi",
     "rbi/workos/remove_role.rbi",
+    "rbi/workos/replace_group_role_assignment_entry.rbi",
+    "rbi/workos/replace_group_role_assignments.rbi",
     "rbi/workos/resend_user_invite_options.rbi",
     "rbi/workos/reset_password_response.rbi",
     "rbi/workos/revoke_session.rbi",
@@ -1083,6 +1116,7 @@
     "test/workos/test_api_keys.rb",
     "test/workos/test_audit_logs.rb",
     "test/workos/test_authorization.rb",
+    "test/workos/test_client_api.rb",
     "test/workos/test_connect.rb",
     "test/workos/test_directory_sync.rb",
     "test/workos/test_events.rb",
@@ -1094,6 +1128,7 @@
     "test/workos/test_organization_membership_service.rb",
     "test/workos/test_organizations.rb",
     "test/workos/test_pipes.rb",
+    "test/workos/test_pipes_provider.rb",
     "test/workos/test_radar.rb",
     "test/workos/test_sso.rb",
     "test/workos/test_user_management.rb",
@@ -1126,6 +1161,30 @@
       "sdkMethod": "complete_oauth2",
       "service": "connect"
     },
+    "GET /authorization/groups/{group_id}/role_assignments": {
+      "sdkMethod": "list_group_role_assignments",
+      "service": "authorization"
+    },
+    "POST /authorization/groups/{group_id}/role_assignments": {
+      "sdkMethod": "create_group_role_assignment",
+      "service": "authorization"
+    },
+    "PUT /authorization/groups/{group_id}/role_assignments": {
+      "sdkMethod": "update_group_role_assignments",
+      "service": "authorization"
+    },
+    "DELETE /authorization/groups/{group_id}/role_assignments": {
+      "sdkMethod": "delete_group_role_assignments",
+      "service": "authorization"
+    },
+    "GET /authorization/groups/{group_id}/role_assignments/{role_assignment_id}": {
+      "sdkMethod": "get_group_role_assignment",
+      "service": "authorization"
+    },
+    "DELETE /authorization/groups/{group_id}/role_assignments/{role_assignment_id}": {
+      "sdkMethod": "delete_group_role_assignment",
+      "service": "authorization"
+    },
     "POST /authorization/organization_memberships/{organization_membership_id}/check": {
       "sdkMethod": "check",
       "service": "authorization"
@@ -1282,6 +1341,10 @@
       "sdkMethod": "delete_permission",
       "service": "authorization"
     },
+    "POST /client/token": {
+      "sdkMethod": "create_token",
+      "service": "client_api"
+    },
     "GET /connect/applications": {
       "sdkMethod": "list_applications",
       "service": "connect"
@@ -1338,8 +1401,8 @@
       "sdkMethod": "authorize_data_integration",
       "service": "pipes"
     },
-    "POST /data-integrations/{slug}/token": {
-      "sdkMethod": "create_data_integration_token",
+    "POST /data-integrations/{provider}/token": {
+      "sdkMethod": "get_access_token",
       "service": "pipes"
     },
     "GET /directories": {
@@ -1458,6 +1521,14 @@
       "sdkMethod": "create_organization_api_key",
       "service": "api_keys"
     },
+    "GET /organizations/{organizationId}/data_integration_configurations": {
+      "sdkMethod": "list_organization_data_integration_configurations",
+      "service": "pipes_provider"
+    },
+    "PUT /organizations/{organizationId}/data_integration_configurations/{slug}": {
+      "sdkMethod": "update_organization_data_integration_configuration",
+      "service": "pipes_provider"
+    },
     "GET /organizations/{organizationId}/feature-flags": {
       "sdkMethod": "list_organization_feature_flags",
       "service": "feature_flags"

data/.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "9.1.0"
+  ".": "9.2.0"
 }

data/CHANGELOG.md

@@ -1,5 +1,61 @@
 # Changelog
 
+## [9.2.0](https://github.com/workos/workos-ruby/compare/v9.1.0...v9.2.0) (2026-06-18)
+
+- [#501](https://github.com/workos/workos-ruby/pull/501) feat(generated)!: regenerate from spec (12 changes)
+
+  **Features**
+  - **[authorization](https://workos.com/docs/reference/fga)**:
+    - Added model `ReplaceGroupRoleAssignmentEntry`
+    - Added model `ReplaceGroupRoleAssignments`
+    - Added model `DeleteGroupRoleAssignmentsByCriteria`
+    - Added endpoint `POST /authorization/groups/{group_id}/role_assignments`
+    - Added endpoint `PUT /authorization/groups/{group_id}/role_assignments`
+    - Added endpoint `DELETE /authorization/groups/{group_id}/role_assignments`
+    - Added endpoint `GET /authorization/groups/{group_id}/role_assignments/{role_assignment_id}`
+    - Added endpoint `DELETE /authorization/groups/{group_id}/role_assignments/{role_assignment_id}`
+  - **[client](https://workos.com/docs/reference)**:
+    - Added model `ClientApiToken`
+    - Added model `ClientApiTokenResponse`
+    - Added service `Client`
+  - **[connect](https://workos.com/docs/reference/workos-connect/standalone)**:
+    - Added `auth_method` to `ConnectedAccount`
+    - Added `api_key_last_4` to `ConnectedAccount`
+    - Added enum `ConnectedAccountAuthMethod`
+  - **[groups](https://workos.com/docs/reference/groups)**:
+    - Added model `CreateGroupRoleAssignment`
+    - Added model `GroupRoleAssignment`
+    - Added model `GroupRoleAssignmentList`
+    - Added model `GroupRoleAssignmentResource`
+  - **[organization_membership](https://workos.com/docs/reference/authkit/organization-membership)**:
+    - Added model `UserOrganizationMembershipList`
+    - Added model `UserOrganizationMembershipListListMetadata`
+  - **[pipes](https://workos.com/docs/reference/pipes)**:
+    - Added model `DataIntegrationCredentials`
+    - Added model `DataIntegrationConfigurationResponse`
+    - Added model `DataIntegrationConfigurationListResponse`
+    - Added model `ConfigureDataIntegrationBody`
+    - Added `auth_methods` to `DataIntegrationsListResponseData`
+    - Added `auth_method` to `DataIntegrationsListResponseDataConnectedAccount`
+    - Added `api_key_last_4` to `DataIntegrationsListResponseDataConnectedAccount`
+    - Added enum `DataIntegrationCredentialsCredentialsType`
+    - Added enum `DataIntegrationsListResponseDataAuthMethods`
+    - Added enum `DataIntegrationsListResponseDataConnectedAccountAuthMethod`
+    - Added service `PipesProvider`
+  - **[user_management](https://workos.com/docs/reference/authkit/user)**:
+    - Added model `UserInviteList`
+    - Added model `UserInviteListListMetadata`
+    - Made `AuthorizationCodeSessionAuthenticateRequest.client_secret` optional
+    - Made `RefreshTokenSessionAuthenticateRequest.client_secret` optional
+  - **[widgets](https://workos.com/docs/reference/widgets)**:
+    - Added `widgets:pipes:manage` to `WidgetSessionTokenScopes`
+
+  **Fixes**
+  - **[organization_membership](https://workos.com/docs/reference/authkit/organization-membership)**:
+    - Changed response of `UserManagementOrganizationMembership.list` from `UserOrganizationMembership` to `UserOrganizationMembershipList`
+  - **[user_management](https://workos.com/docs/reference/authkit/user)**:
+    - Changed response of `UserManagementInvitations.list` from `UserInvite` to `UserInviteList`
+
 ## [9.1.0](https://github.com/workos/workos-ruby/compare/v9.0.0...v9.1.0) (2026-06-17)
 
 ### Bug Fixes

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (9.1.0)
+    workos (9.2.0)
       jwt (~> 3.1)
       logger (~> 1.7)
       zeitwerk (~> 2.6)
@@ -153,7 +153,7 @@ CHECKSUMS
   unicode-emoji (4.2.0) sha256=519e69150f75652e40bf736106cfbc8f0f73aa3fb6a65afe62fefa7f80b0f80f
   webmock (3.26.2) sha256=774556f2ea6371846cca68c01769b2eac0d134492d21f6d0ab5dd643965a4c90
   webrick (1.9.2) sha256=beb4a15fc474defed24a3bda4ffd88a490d517c9e4e6118c3edce59e45864131
-  workos (9.1.0)
+  workos (9.2.0)
   yard (0.9.44) sha256=eb087e9b631ccd887b049f303d489963945452d5e2a7eb49a5a74a7cf6887f28
   yard-markdown (0.7.1) sha256=06c378632dfe7ba053be9ba469eb4701aa0470e36bcf7e5546f353eb90c1bfd1
   zeitwerk (2.7.5) sha256=d8da92128c09ea6ec62c949011b00ed4a20242b255293dd66bf41545398f73dd

data/lib/workos/authorization/create_group_role_assignment.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  CreateGroupRoleAssignment = AssignRole
+end

data/lib/workos/authorization/delete_group_role_assignments_by_criteria.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  DeleteGroupRoleAssignmentsByCriteria = AssignRole
+end

data/lib/workos/authorization/group_role_assignment.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  class GroupRoleAssignment < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      object: :object,
+      id: :id,
+      group_id: :group_id,
+      role: :role,
+      resource: :resource,
+      created_at: :created_at,
+      updated_at: :updated_at
+    }.freeze
+
+    attr_accessor \
+      :object,
+      :id,
+      :group_id,
+      :role,
+      :resource,
+      :created_at,
+      :updated_at
+
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @object = hash[:object]
+      @id = hash[:id]
+      @group_id = hash[:group_id]
+      @role = hash[:role] ? WorkOS::SlimRole.new(hash[:role]) : nil
+      @resource = hash[:resource] ? WorkOS::GroupRoleAssignmentResource.new(hash[:resource]) : nil
+      @created_at = hash[:created_at]
+      @updated_at = hash[:updated_at]
+    end
+  end
+end

data/lib/workos/authorization/group_role_assignment_list.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  class GroupRoleAssignmentList < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      object: :object,
+      data: :data,
+      list_metadata: :list_metadata
+    }.freeze
+
+    attr_accessor \
+      :object,
+      :data,
+      :list_metadata
+
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @object = hash[:object]
+      @data = (hash[:data] || []).map { |item| item ? WorkOS::GroupRoleAssignment.new(item) : nil }
+      @list_metadata = hash[:list_metadata] ? WorkOS::ListMetadata.new(hash[:list_metadata]) : nil
+    end
+  end
+end

data/lib/workos/authorization/group_role_assignment_resource.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  class GroupRoleAssignmentResource < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      id: :id,
+      external_id: :external_id,
+      resource_type_slug: :resource_type_slug
+    }.freeze
+
+    attr_accessor \
+      :id,
+      :external_id,
+      :resource_type_slug
+
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @id = hash[:id]
+      @external_id = hash[:external_id]
+      @resource_type_slug = hash[:resource_type_slug]
+    end
+  end
+end

data/lib/workos/authorization/replace_group_role_assignment_entry.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  ReplaceGroupRoleAssignmentEntry = AssignRole
+end

data/lib/workos/authorization/replace_group_role_assignments.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  class ReplaceGroupRoleAssignments < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      role_assignments: :role_assignments
+    }.freeze
+
+    attr_accessor :role_assignments
+
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @role_assignments = (hash[:role_assignments] || []).map { |item| item ? WorkOS::ReplaceGroupRoleAssignmentEntry.new(item) : nil }
+    end
+  end
+end