workos 6.0.0 → 6.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6f0ac87a768fc79fa7ffbc77d0bf4a1ba30cbf6c1f5b96f8574c40bd2b61d296
-  data.tar.gz: eb05af387d9c1c40e5de4fb830e4ce83e7baf94a2d9bcb428d97032208688780
+  metadata.gz: 2c2b3e2f56e5f5ffc2d59d27eb6613c018b24ec57ff270ed9e95730a46aafdc6
+  data.tar.gz: 6e001f5af6046daf9b640f570cd7318767fc106e90cdf3c9e7f8a3b0c11d1b3b
 SHA512:
-  metadata.gz: 5f82d97362d7063dcc970313794671ca7f8c2c8892ae9728179e3c22a980b1d7e3d238959eb875d4a20629f13c00a56053347a70dfcb2214cf769979fc704151
-  data.tar.gz: 5954446fc2d3c6fbad2542c7d377bb7eb8361e514d1d099f01c052085aebc6952277fd15efe7e3cf9683fc2a9dbf4976240098d48e9305607ab3233978b23f21
+  metadata.gz: aa0bdfff2eb4de65c9bd5679be9f44b36df9eafd5eb8d3826f490d435825f61f3df32768e77b8954df538a3e3af2963aaba3fe23c89148b7f7619d83ea349c46
+  data.tar.gz: 6ae668143797a324cea0db2d9d779fe803c13f9defc62d707bb7b4419ba931a71d12ff5dd4bdc17da5c6c284623b1484a111817a1294e1f02f0e1e741dd15781

data/.github/workflows/lint-pr-title.yml

@@ -0,0 +1,20 @@
+name: Lint PR Title
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  pull-requests: read
+
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v6
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

data/.github/workflows/release-please.yml

@@ -0,0 +1,25 @@
+name: Release Please
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.SDK_BOT_APP_ID }}
+          private-key: ${{ secrets.SDK_BOT_PRIVATE_KEY }}
+
+      - uses: googleapis/release-please-action@v4
+        with:
+          token: ${{ steps.generate-token.outputs.token }}

data/.github/workflows/release.yml

@@ -1,53 +1,16 @@
 name: Release
 
 on:
-  pull_request:
-    types: [closed]
-    branches: [main]
+  release:
+    types: [published]
 
 defaults:
   run:
     shell: bash
 
 jobs:
-  create-release:
-    name: Create GitHub Release
-    if: github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'version-bump')
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    outputs:
-      version: ${{ steps.get-version.outputs.version }}
-    steps:
-      - name: Generate token
-        id: generate-token
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ vars.SDK_BOT_APP_ID }}
-          private-key: ${{ secrets.SDK_BOT_PRIVATE_KEY }}
-
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-
-      - name: Get version from version.rb
-        id: get-version
-        run: |
-          VERSION=$(grep "VERSION = " lib/workos/version.rb | sed "s/.*VERSION = '\(.*\)'/\1/")
-          echo "version=$VERSION" >> $GITHUB_OUTPUT
-
-      - name: Create Release
-        uses: softprops/action-gh-release@v2
-        with:
-          tag_name: v${{ steps.get-version.outputs.version }}
-          name: v${{ steps.get-version.outputs.version }}
-          generate_release_notes: true
-          token: ${{ steps.generate-token.outputs.token }}
-
   publish:
     name: Publish to RubyGems
-    needs: create-release
     runs-on: ubuntu-latest
     permissions:
       id-token: write
@@ -72,5 +35,6 @@ jobs:
 
       - name: Publish to RubyGems
         run: |
+          VERSION="${GITHUB_REF_NAME#v}"
           bundle exec rake build
-          gem push pkg/workos-${{ needs.create-release.outputs.version }}.gem --host https://rubygems.org
+          gem push pkg/workos-${VERSION}.gem --host https://rubygems.org

data/.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "6.1.0"
+}

data/CHANGELOG.md

@@ -0,0 +1,15 @@
+# Changelog
+
+## [6.1.0](https://github.com/workos/workos-ruby/compare/workos-v6.0.0...workos/v6.1.0) (2026-02-10)
+
+
+### Features
+
+* add support for totp_secret ([#300](https://github.com/workos/workos-ruby/issues/300)) ([c0a26bf](https://github.com/workos/workos-ruby/commit/c0a26bf745fb49ebaac7c5241e99d51188b886bb))
+* Include Feature Flags decoded from the JWT in the payload of a Session ([#386](https://github.com/workos/workos-ruby/issues/386)) ([31a0e79](https://github.com/workos/workos-ruby/commit/31a0e7901247652182dcaad95e131357b93d0d71))
+* **workos-ruby:** Add `connection` to `authorization_url` ([#78](https://github.com/workos/workos-ruby/issues/78)) ([c3a0e8e](https://github.com/workos/workos-ruby/commit/c3a0e8e4031a3ee888d925c11f1fd2fb152f0a16))
+
+
+### Bug Fixes
+
+* add `invitation_token` parameter to authentication methods ([#438](https://github.com/workos/workos-ruby/issues/438)) ([d24e3dc](https://github.com/workos/workos-ruby/commit/d24e3dc2995de26970415e4570a7ed810d432715))

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (6.0.0)
+    workos (6.1.0)
       encryptor (~> 3.0)
       jwt (~> 3.1)
 

data/lib/workos/user_management.rb

@@ -298,16 +298,19 @@ module WorkOS
       # @param [String] client_id The WorkOS client ID for the environment
       # @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
       # @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
+      # @param [String] invitation_token The token of an Invitation, if required.
       # @param [Hash] session An optional hash that determines whether the session should be sealed and
       # the optional cookie password.
       #
       # @return WorkOS::AuthenticationResponse
+      # rubocop:disable Metrics/ParameterLists
       def authenticate_with_password(
         email:,
         password:,
         client_id:,
         ip_address: nil,
         user_agent: nil,
+        invitation_token: nil,
         session: nil
       )
         validate_session(session)
@@ -322,6 +325,7 @@ module WorkOS
               password: password,
               ip_address: ip_address,
               user_agent: user_agent,
+              invitation_token: invitation_token,
               grant_type: 'password',
             },
           ),
@@ -329,6 +333,7 @@ module WorkOS
 
         WorkOS::AuthenticationResponse.new(response.body, session)
       end
+      # rubocop:enable Metrics/ParameterLists
 
       # Authenticate a user using OAuth or an organization's SSO connection.
       #
@@ -337,6 +342,7 @@ module WorkOS
       # @param [String] client_id The WorkOS client ID for the environment
       # @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
       # @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
+      # @param [String] invitation_token The token of an Invitation, if required.
       # @param [Hash] session An optional hash that determines whether the session should be sealed and
       # the optional cookie password.
       #
@@ -346,6 +352,7 @@ module WorkOS
         client_id:,
         ip_address: nil,
         user_agent: nil,
+        invitation_token: nil,
         session: nil
       )
         validate_session(session)
@@ -359,6 +366,7 @@ module WorkOS
               client_secret: WorkOS.config.key!,
               ip_address: ip_address,
               user_agent: user_agent,
+              invitation_token: invitation_token,
               grant_type: 'authorization_code',
             },
           ),
@@ -415,6 +423,7 @@ module WorkOS
       # @param [String] link_authorization_code Used to link an OAuth profile to an existing user,
       # after having completed a Magic Code challenge.
       # @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
+      # @param [String] invitation_token The token of an Invitation, if required.
       # @param [Hash] session An optional hash that determines whether the session should be sealed and
       # the optional cookie password.
       #
@@ -427,6 +436,7 @@ module WorkOS
         ip_address: nil,
         user_agent: nil,
         link_authorization_code: nil,
+        invitation_token: nil,
         session: nil
       )
         validate_session(session)
@@ -443,6 +453,7 @@ module WorkOS
               user_agent: user_agent,
               grant_type: 'urn:workos:oauth:grant-type:magic-auth:code',
               link_authorization_code: link_authorization_code,
+              invitation_token: invitation_token,
             },
           ),
         )

data/lib/workos/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module WorkOS
-  VERSION = '6.0.0'
+  VERSION = '6.1.0'
 end

data/release-please-config.json

@@ -0,0 +1,12 @@
+{
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
+  "packages": {
+    ".": {
+      "release-type": "ruby",
+      "package-name": "workos",
+      "version-file": "lib/workos/version.rb",
+      "changelog-path": "CHANGELOG.md",
+      "include-component-in-tag": false
+    }
+  }
+}

data/spec/lib/workos/user_management_spec.rb

@@ -588,6 +588,28 @@ describe WorkOS::UserManagement do
         end
       end
     end
+
+    context 'with an invitation_token' do
+      it 'includes invitation_token in the request body' do
+        expect(described_class).to receive(:post_request) do |options|
+          body = options[:body]
+          expect(body[:invitation_token]).to eq('invitation_token_123')
+
+          double('request')
+        end.and_return(double('request'))
+
+        expect(described_class).to receive(:execute_request).and_return(
+          double('response', body: '{"user": {"id": "user_123"}, "access_token": "token", "refresh_token": "refresh"}'),
+        )
+
+        described_class.authenticate_with_password(
+          email: 'test@workos.app',
+          password: 'password123',
+          client_id: 'client_123',
+          invitation_token: 'invitation_token_123',
+        )
+      end
+    end
   end
 
   describe '.authenticate_with_code' do
@@ -671,6 +693,27 @@ describe WorkOS::UserManagement do
         end
       end
     end
+
+    context 'with an invitation_token' do
+      it 'includes invitation_token in the request body' do
+        expect(described_class).to receive(:post_request) do |options|
+          body = options[:body]
+          expect(body[:invitation_token]).to eq('invitation_token_123')
+
+          double('request')
+        end.and_return(double('request'))
+
+        expect(described_class).to receive(:execute_request).and_return(
+          double('response', body: '{"user": {"id": "user_123"}, "access_token": "token", "refresh_token": "refresh"}'),
+        )
+
+        described_class.authenticate_with_code(
+          code: '01H93ZZHA0JBHFJH9RR11S83YN',
+          client_id: 'client_123',
+          invitation_token: 'invitation_token_123',
+        )
+      end
+    end
   end
 
   describe '.authenticate_with_refresh_token' do
@@ -735,6 +778,28 @@ describe WorkOS::UserManagement do
         end
       end
     end
+
+    context 'with an invitation_token' do
+      it 'includes invitation_token in the request body' do
+        expect(described_class).to receive(:post_request) do |options|
+          body = options[:body]
+          expect(body[:invitation_token]).to eq('invitation_token_123')
+
+          double('request')
+        end.and_return(double('request'))
+
+        expect(described_class).to receive(:execute_request).and_return(
+          double('response', body: '{"user": {"id": "user_123"}, "access_token": "token", "refresh_token": "refresh"}'),
+        )
+
+        described_class.authenticate_with_magic_auth(
+          code: '452079',
+          client_id: 'client_123',
+          email: 'test@workos.com',
+          invitation_token: 'invitation_token_123',
+        )
+      end
+    end
   end
 
   describe '.authenticate_with_organization_selection' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: workos
 version: !ruby/object:Gem::Version
-  version: 6.0.0
+  version: 6.1.0
 platform: ruby
 authors:
 - WorkOS
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-02-04 00:00:00.000000000 Z
+date: 2026-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -133,13 +133,16 @@ files:
 - ".github/pull_request_template.md"
 - ".github/renovate.json"
 - ".github/workflows/ci.yml"
+- ".github/workflows/lint-pr-title.yml"
+- ".github/workflows/release-please.yml"
 - ".github/workflows/release.yml"
-- ".github/workflows/version-bump.yml"
 - ".gitignore"
+- ".release-please-manifest.json"
 - ".rspec"
 - ".rubocop.yml"
 - ".rubocop_todo.yml"
 - ".ruby-version"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - LICENSE
@@ -207,6 +210,7 @@ files:
 - lib/workos/webhook.rb
 - lib/workos/webhooks.rb
 - lib/workos/widgets.rb
+- release-please-config.json
 - spec/lib/workos/audit_logs_spec.rb
 - spec/lib/workos/cache_spec.rb
 - spec/lib/workos/client.rb

data/.github/workflows/version-bump.yml

@@ -1,80 +0,0 @@
-name: Version Bump
-
-on:
-  workflow_dispatch:
-    inputs:
-      bump_type:
-        description: "Version bump type"
-        required: true
-        type: choice
-        options:
-          - patch
-          - minor
-          - major
-
-jobs:
-  bump-version:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-    steps:
-      - name: Generate token
-        id: generate-token
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ vars.SDK_BOT_APP_ID }}
-          private-key: ${{ secrets.SDK_BOT_PRIVATE_KEY }}
-
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-
-      - name: Configure Git
-        run: |
-          git config user.name "workos-bot[bot]"
-          git config user.email "workos-bot[bot]@users.noreply.github.com"
-
-      - name: Read current version
-        id: current-version
-        run: |
-          CURRENT_VERSION=$(grep "VERSION = " lib/workos/version.rb | sed "s/.*VERSION = '\(.*\)'/\1/")
-          echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
-
-      - name: Bump version
-        id: bump-version
-        run: |
-          CURRENT_VERSION="${{ steps.current-version.outputs.version }}"
-          IFS='.' read -r MAJOR MINOR PATCH <<< "$CURRENT_VERSION"
-
-          case "${{ github.event.inputs.bump_type }}" in
-            major)
-              NEW_VERSION="$((MAJOR + 1)).0.0"
-              ;;
-            minor)
-              NEW_VERSION="$MAJOR.$((MINOR + 1)).0"
-              ;;
-            patch)
-              NEW_VERSION="$MAJOR.$MINOR.$((PATCH + 1))"
-              ;;
-          esac
-
-          echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
-
-      - name: Update version in version.rb
-        run: |
-          sed -i "s/VERSION = '.*'/VERSION = '${{ steps.bump-version.outputs.new_version }}'/" lib/workos/version.rb
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v8
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          commit-message: "v${{ steps.bump-version.outputs.new_version }}"
-          title: "v${{ steps.bump-version.outputs.new_version }}"
-          body: |
-            Bumps version from ${{ steps.current-version.outputs.version }} to ${{ steps.bump-version.outputs.new_version }}.
-
-            This PR was automatically created by the version-bump workflow.
-          branch: version-bump-${{ steps.bump-version.outputs.new_version }}
-          labels: version-bump