workos 9.1.0 → 9.2.0

data/lib/workos/authorization/user_role_assignment_resource.rb

@@ -3,23 +3,5 @@
 # This file is auto-generated by oagen. Do not edit.
 
 module WorkOS
-  class UserRoleAssignmentResource < WorkOS::Types::BaseModel
-    HASH_ATTRS = {
-      id: :id,
-      external_id: :external_id,
-      resource_type_slug: :resource_type_slug
-    }.freeze
-
-    attr_accessor \
-      :id,
-      :external_id,
-      :resource_type_slug
-
-    def initialize(json)
-      hash = self.class.normalize(json)
-      @id = hash[:id]
-      @external_id = hash[:external_id]
-      @resource_type_slug = hash[:resource_type_slug]
-    end
-  end
+  UserRoleAssignmentResource = GroupRoleAssignmentResource
 end

data/lib/workos/authorization.rb

@@ -52,6 +52,186 @@ module WorkOS
       @client = client
     end
 
+    # List role assignments for a group
+    # @param group_id [String] The ID of the group.
+    # @param before [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
+    # @param after [String, nil] An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
+    # @param limit [Integer, nil] Upper limit on the number of objects to return, between `1` and `100`.
+    # @param order [WorkOS::Types::PaginationOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records).
+    # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
+    # @return [WorkOS::Types::ListStruct<WorkOS::GroupRoleAssignment>]
+    def list_group_role_assignments(
+      group_id:,
+      before: nil,
+      after: nil,
+      limit: 10,
+      order: "desc",
+      request_options: {}
+    )
+      params = {
+        "before" => before,
+        "after" => after,
+        "limit" => limit,
+        "order" => order
+      }.compact
+      response = @client.request(
+        method: :get,
+        path: "/authorization/groups/#{WorkOS::Util.encode_path(group_id)}/role_assignments",
+        auth: true,
+        params: params,
+        request_options: request_options
+      )
+      fetch_next = ->(cursor) {
+        list_group_role_assignments(
+          group_id: group_id,
+          before: before,
+          after: cursor,
+          limit: limit,
+          order: order,
+          request_options: request_options
+        )
+      }
+      WorkOS::Types::ListStruct.from_response(
+        response,
+        model: WorkOS::GroupRoleAssignment,
+        filters: {group_id: group_id, before: before, limit: limit, order: order},
+        fetch_next: fetch_next
+      )
+    end
+
+    # Assign a role to a group
+    # @param group_id [String] The ID of the group.
+    # @param role_slug [String] The slug of the role to assign to the group.
+    # @param resource_id [String, nil] The ID of the resource. Omit along with the external-id fields to target the organization itself.
+    # @param resource_external_id [String, nil] The external ID of the resource.
+    # @param resource_type_slug [String, nil] The resource type slug.
+    # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
+    # @return [WorkOS::GroupRoleAssignment]
+    def create_group_role_assignment(
+      group_id:,
+      role_slug:,
+      resource_id: nil,
+      resource_external_id: nil,
+      resource_type_slug: nil,
+      request_options: {}
+    )
+      body = {
+        "role_slug" => role_slug,
+        "resource_id" => resource_id,
+        "resource_external_id" => resource_external_id,
+        "resource_type_slug" => resource_type_slug
+      }.compact
+      response = @client.request(
+        method: :post,
+        path: "/authorization/groups/#{WorkOS::Util.encode_path(group_id)}/role_assignments",
+        auth: true,
+        body: body,
+        request_options: request_options
+      )
+      result = WorkOS::GroupRoleAssignment.new(response.body)
+      result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
+      result
+    end
+
+    # Replace all role assignments for a group
+    # @param group_id [String] The ID of the group.
+    # @param role_assignments [Array<WorkOS::ReplaceGroupRoleAssignmentEntry>] The list of role assignments that should exist for the group. All existing assignments will be replaced.
+    # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
+    # @return [WorkOS::Types::ListStruct<WorkOS::GroupRoleAssignment>]
+    def update_group_role_assignments(
+      group_id:,
+      role_assignments:,
+      request_options: {}
+    )
+      body = {
+        "role_assignments" => role_assignments
+      }
+      response = @client.request(
+        method: :put,
+        path: "/authorization/groups/#{WorkOS::Util.encode_path(group_id)}/role_assignments",
+        auth: true,
+        body: body,
+        request_options: request_options
+      )
+      WorkOS::Types::ListStruct.from_response(
+        response,
+        model: WorkOS::GroupRoleAssignment,
+        filters: {group_id: group_id, role_assignments: role_assignments}
+      )
+    end
+
+    # Remove group role assignments by criteria
+    # @param group_id [String] The ID of the group.
+    # @param role_slug [String] The slug of the role to remove assignments for.
+    # @param resource_id [String, nil] The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`.
+    # @param resource_external_id [String, nil] The external ID of the resource.
+    # @param resource_type_slug [String, nil] The resource type slug.
+    # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
+    # @return [void]
+    def delete_group_role_assignments(
+      group_id:,
+      role_slug:,
+      resource_id: nil,
+      resource_external_id: nil,
+      resource_type_slug: nil,
+      request_options: {}
+    )
+      body = {
+        "role_slug" => role_slug,
+        "resource_id" => resource_id,
+        "resource_external_id" => resource_external_id,
+        "resource_type_slug" => resource_type_slug
+      }.compact
+      @client.request(
+        method: :delete,
+        path: "/authorization/groups/#{WorkOS::Util.encode_path(group_id)}/role_assignments",
+        auth: true,
+        body: body,
+        request_options: request_options
+      )
+      nil
+    end
+
+    # Get a group role assignment
+    # @param group_id [String] The ID of the group.
+    # @param role_assignment_id [String] The ID of the group role assignment.
+    # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
+    # @return [WorkOS::GroupRoleAssignment]
+    def get_group_role_assignment(
+      group_id:,
+      role_assignment_id:,
+      request_options: {}
+    )
+      response = @client.request(
+        method: :get,
+        path: "/authorization/groups/#{WorkOS::Util.encode_path(group_id)}/role_assignments/#{WorkOS::Util.encode_path(role_assignment_id)}",
+        auth: true,
+        request_options: request_options
+      )
+      result = WorkOS::GroupRoleAssignment.new(response.body)
+      result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
+      result
+    end
+
+    # Remove a group role assignment
+    # @param group_id [String] The ID of the group.
+    # @param role_assignment_id [String] The ID of the group role assignment to remove.
+    # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
+    # @return [void]
+    def delete_group_role_assignment(
+      group_id:,
+      role_assignment_id:,
+      request_options: {}
+    )
+      @client.request(
+        method: :delete,
+        path: "/authorization/groups/#{WorkOS::Util.encode_path(group_id)}/role_assignments/#{WorkOS::Util.encode_path(role_assignment_id)}",
+        auth: true,
+        request_options: request_options
+      )
+      nil
+    end
+
     # Check authorization
     # @param organization_membership_id [String] The ID of the organization membership to check.
     # @param permission_slug [String] The slug of the permission to check.

data/lib/workos/client.rb

@@ -16,6 +16,10 @@ module WorkOS
       @authorization ||= WorkOS::Authorization.new(self)
     end
 
+    def client_api
+      @client_api ||= WorkOS::ClientApi.new(self)
+    end
+
     def sso
       @sso ||= WorkOS::SSO.new(self)
     end
@@ -48,6 +52,10 @@ module WorkOS
       @api_keys ||= WorkOS::ApiKeys.new(self)
     end
 
+    def pipes_provider
+      @pipes_provider ||= WorkOS::PipesProvider.new(self)
+    end
+
     def groups
       @groups ||= WorkOS::Groups.new(self)
     end

data/lib/workos/client_api/client_api_token.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  class ClientApiToken < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      organization_id: :organization_id,
+      user_id: :user_id
+    }.freeze
+
+    attr_accessor \
+      :organization_id,
+      :user_id
+
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @organization_id = hash[:organization_id]
+      @user_id = hash[:user_id]
+    end
+  end
+end

data/lib/workos/client_api/client_api_token_response.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  class ClientApiTokenResponse < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      token: :token
+    }.freeze
+
+    attr_accessor :token
+
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @token = hash[:token]
+    end
+  end
+end

data/lib/workos/client_api.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+require "json"
+
+module WorkOS
+  class ClientApi
+    def initialize(client)
+      @client = client
+    end
+
+    # Generate a Client API token
+    # @param organization_id [String] The ID of the organization to scope the Client API token to.
+    # @param user_id [String] The ID of the user to issue the Client API token for.
+    # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
+    # @return [WorkOS::ClientApiTokenResponse]
+    def create_token(
+      organization_id:,
+      user_id:,
+      request_options: {}
+    )
+      body = {
+        "organization_id" => organization_id,
+        "user_id" => user_id
+      }
+      response = @client.request(
+        method: :post,
+        path: "/client/token",
+        auth: true,
+        body: body,
+        request_options: request_options
+      )
+      result = WorkOS::ClientApiTokenResponse.new(response.body)
+      result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
+      result
+    end
+  end
+end

data/lib/workos/pipes/connected_account.rb

@@ -10,6 +10,8 @@ module WorkOS
       user_id: :user_id,
       organization_id: :organization_id,
       scopes: :scopes,
+      auth_method: :auth_method,
+      api_key_last_4: :api_key_last_4,
       state: :state,
       created_at: :created_at,
       updated_at: :updated_at
@@ -21,6 +23,8 @@ module WorkOS
       :user_id,
       :organization_id,
       :scopes,
+      :auth_method,
+      :api_key_last_4,
       :state,
       :created_at,
       :updated_at
@@ -32,6 +36,8 @@ module WorkOS
       @user_id = hash[:user_id]
       @organization_id = hash[:organization_id]
       @scopes = hash[:scopes] || []
+      @auth_method = hash[:auth_method]
+      @api_key_last_4 = hash[:api_key_last_4]
       @state = hash[:state]
       @created_at = hash[:created_at]
       @updated_at = hash[:updated_at]

data/lib/workos/pipes/data_integrations_list_response_data.rb

@@ -13,6 +13,7 @@ module WorkOS
       integration_type: :integration_type,
       credentials_type: :credentials_type,
       scopes: :scopes,
+      auth_methods: :auth_methods,
       ownership: :ownership,
       created_at: :created_at,
       updated_at: :updated_at,
@@ -28,6 +29,7 @@ module WorkOS
       :integration_type,
       :credentials_type,
       :scopes,
+      :auth_methods,
       :ownership,
       :created_at,
       :updated_at,
@@ -43,6 +45,7 @@ module WorkOS
       @integration_type = hash[:integration_type]
       @credentials_type = hash[:credentials_type]
       @scopes = hash[:scopes] || []
+      @auth_methods = hash[:auth_methods] || []
       @ownership = hash[:ownership]
       @created_at = hash[:created_at]
       @updated_at = hash[:updated_at]

data/lib/workos/pipes/data_integrations_list_response_data_connected_account.rb

@@ -10,6 +10,8 @@ module WorkOS
       user_id: :user_id,
       organization_id: :organization_id,
       scopes: :scopes,
+      auth_method: :auth_method,
+      api_key_last_4: :api_key_last_4,
       state: :state,
       created_at: :created_at,
       updated_at: :updated_at,
@@ -25,6 +27,8 @@ module WorkOS
       :user_id,
       :organization_id,
       :scopes,
+      :auth_method,
+      :api_key_last_4,
       :state,
       :created_at,
       :updated_at
@@ -43,6 +47,8 @@ module WorkOS
       @user_id = hash[:user_id]
       @organization_id = hash[:organization_id]
       @scopes = hash[:scopes] || []
+      @auth_method = hash[:auth_method]
+      @api_key_last_4 = hash[:api_key_last_4]
       @state = hash[:state]
       @created_at = hash[:created_at]
       @updated_at = hash[:updated_at]

data/lib/workos/pipes.rb

@@ -42,13 +42,13 @@ module WorkOS
     end
 
     # Get an access token for a connected account
-    # @param slug [String] The identifier of the integration.
+    # @param provider [String] The identifier of the integration.
     # @param user_id [String] A [User](https://workos.com/docs/reference/authkit/user) identifier.
     # @param organization_id [String, nil] An [Organization](https://workos.com/docs/reference/organization) identifier. Optional parameter to scope the connection to a specific organization.
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
     # @return [WorkOS::DataIntegrationAccessTokenResponse]
-    def create_data_integration_token(
-      slug:,
+    def get_access_token(
+      provider:,
       user_id:,
       organization_id: nil,
       request_options: {}
@@ -59,7 +59,7 @@ module WorkOS
       }.compact
       response = @client.request(
         method: :post,
-        path: "/data-integrations/#{WorkOS::Util.encode_path(slug)}/token",
+        path: "/data-integrations/#{WorkOS::Util.encode_path(provider)}/token",
         auth: true,
         body: body,
         request_options: request_options
@@ -121,7 +121,7 @@ module WorkOS
       nil
     end
 
-    # List providers
+    # List providers for a user
     # @param user_id [String] A [User](https://workos.com/docs/reference/authkit/user) identifier to list providers and connected accounts for.
     # @param organization_id [String, nil] An [Organization](https://workos.com/docs/reference/organization) identifier. Optional parameter to filter connections for a specific organization.
     # @param request_options [Hash] (see WorkOS::Types::RequestOptions)

data/lib/workos/pipes_provider/configure_data_integration_body.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  class ConfigureDataIntegrationBody < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      enabled: :enabled,
+      scopes: :scopes,
+      client_id: :client_id,
+      client_secret: :client_secret
+    }.freeze
+
+    attr_accessor \
+      :enabled,
+      :scopes,
+      :client_id,
+      :client_secret
+
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @enabled = hash[:enabled]
+      @scopes = hash[:scopes] || []
+      @client_id = hash[:client_id]
+      @client_secret = hash[:client_secret]
+    end
+  end
+end

data/lib/workos/pipes_provider/data_integration_configuration_list_response.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  class DataIntegrationConfigurationListResponse < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      object: :object,
+      data: :data
+    }.freeze
+
+    attr_accessor \
+      :object,
+      :data
+
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @object = hash[:object]
+      @data = (hash[:data] || []).map { |item| item ? WorkOS::DataIntegrationConfigurationResponse.new(item) : nil }
+    end
+  end
+end

data/lib/workos/pipes_provider/data_integration_configuration_response.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  class DataIntegrationConfigurationResponse < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      object: :object,
+      id: :id,
+      organization_id: :organization_id,
+      slug: :slug,
+      name: :name,
+      enabled: :enabled,
+      scopes: :scopes,
+      created_at: :created_at,
+      updated_at: :updated_at,
+      credentials: :credentials
+    }.freeze
+
+    attr_accessor \
+      :object,
+      :id,
+      :organization_id,
+      :slug,
+      :name,
+      :enabled,
+      :scopes,
+      :created_at,
+      :updated_at,
+      :credentials
+
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @object = hash[:object]
+      @id = hash[:id]
+      @organization_id = hash[:organization_id]
+      @slug = hash[:slug]
+      @name = hash[:name]
+      @enabled = hash[:enabled]
+      @scopes = hash[:scopes] || []
+      @created_at = hash[:created_at]
+      @updated_at = hash[:updated_at]
+      @credentials = hash[:credentials] ? WorkOS::DataIntegrationCredentials.new(hash[:credentials]) : nil
+    end
+  end
+end

data/lib/workos/pipes_provider/data_integration_credentials.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  class DataIntegrationCredentials < WorkOS::Types::BaseModel
+    HASH_ATTRS = {
+      credentials_type: :credentials_type,
+      has_credentials: :has_credentials,
+      client_id: :client_id,
+      client_secret_last_four: :client_secret_last_four,
+      redirect_uri: :redirect_uri
+    }.freeze
+
+    attr_accessor \
+      :credentials_type,
+      :has_credentials,
+      :client_id,
+      :client_secret_last_four,
+      :redirect_uri
+
+    def initialize(json)
+      hash = self.class.normalize(json)
+      @credentials_type = hash[:credentials_type]
+      @has_credentials = hash[:has_credentials]
+      @client_id = hash[:client_id]
+      @client_secret_last_four = hash[:client_secret_last_four]
+      @redirect_uri = hash[:redirect_uri]
+    end
+  end
+end

data/lib/workos/pipes_provider.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+require "json"
+
+module WorkOS
+  class PipesProvider
+    def initialize(client)
+      @client = client
+    end
+
+    # List providers for an organization
+    # @param organization_id [String] An [Organization](https://workos.com/docs/reference/organization) identifier to list provider configurations for.
+    # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
+    # @return [WorkOS::DataIntegrationConfigurationListResponse]
+    def list_organization_data_integration_configurations(
+      organization_id:,
+      request_options: {}
+    )
+      response = @client.request(
+        method: :get,
+        path: "/organizations/#{WorkOS::Util.encode_path(organization_id)}/data_integration_configurations",
+        auth: true,
+        request_options: request_options
+      )
+      result = WorkOS::DataIntegrationConfigurationListResponse.new(response.body)
+      result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
+      result
+    end
+
+    # Configure a provider for an organization
+    # @param organization_id [String] An [Organization](https://workos.com/docs/reference/organization) identifier to configure the provider for.
+    # @param slug [String] The slug identifier of the provider to configure (e.g., `github`, `slack`, `notion`).
+    # @param enabled [Boolean, nil] Whether the provider is enabled for the organization.
+    # @param scopes [Array<String>, nil] The OAuth scopes to request for the organization. Pass `null` to inherit the provider scopes.
+    # @param client_id [String, nil] The OAuth client ID of the organization's own application. Must be provided together with `client_secret`, and only for providers whose credentials are supplied by the organization.
+    # @param client_secret [String, nil] The OAuth client secret of the organization's own application. Must be provided together with `client_id`.
+    # @param request_options [Hash] (see WorkOS::Types::RequestOptions)
+    # @return [WorkOS::DataIntegrationConfigurationResponse]
+    def update_organization_data_integration_configuration(
+      organization_id:,
+      slug:,
+      enabled: nil,
+      scopes: nil,
+      client_id: nil,
+      client_secret: nil,
+      request_options: {}
+    )
+      body = {
+        "enabled" => enabled,
+        "scopes" => scopes,
+        "client_id" => client_id,
+        "client_secret" => client_secret
+      }.compact
+      response = @client.request(
+        method: :put,
+        path: "/organizations/#{WorkOS::Util.encode_path(organization_id)}/data_integration_configurations/#{WorkOS::Util.encode_path(slug)}",
+        auth: true,
+        body: body,
+        request_options: request_options
+      )
+      result = WorkOS::DataIntegrationConfigurationResponse.new(response.body)
+      result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
+      result
+    end
+  end
+end

data/lib/workos/types/connected_account_auth_method.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  module Types
+    class ConnectedAccountAuthMethod
+      OAUTH = "oauth"
+      API_KEY = "api_key"
+      ALL = [OAUTH, API_KEY].freeze
+    end
+  end
+end

data/lib/workos/types/data_integration_access_token_response_error.rb

@@ -5,9 +5,9 @@
 module WorkOS
   module Types
     class DataIntegrationAccessTokenResponseError
-      NEEDS_REAUTHORIZATION = "needs_reauthorization"
       NOT_INSTALLED = "not_installed"
-      ALL = [NEEDS_REAUTHORIZATION, NOT_INSTALLED].freeze
+      NEEDS_REAUTHORIZATION = "needs_reauthorization"
+      ALL = [NOT_INSTALLED, NEEDS_REAUTHORIZATION].freeze
     end
   end
 end

data/lib/workos/types/data_integration_credentials_credentials_type.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  module Types
+    class DataIntegrationCredentialsCredentialsType
+      SHARED = "shared"
+      CUSTOM = "custom"
+      ORGANIZATION = "organization"
+      ALL = [SHARED, CUSTOM, ORGANIZATION].freeze
+    end
+  end
+end

data/lib/workos/types/data_integrations_list_response_data_auth_methods.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+module WorkOS
+  module Types
+    DataIntegrationsListResponseDataAuthMethods = ConnectedAccountAuthMethod
+  end
+end