@rawdash/connector-workos 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +151 -0
- package/dist/index.d.ts +506 -0
- package/dist/index.js +610 -0
- package/dist/index.js.map +1 -0
- package/package.json +43 -0
package/README.md
ADDED
|
@@ -0,0 +1,151 @@
|
|
|
1
|
+
<!-- This file is generated from connector metadata by scripts/generate-connector-docs.ts. Do not edit by hand. -->
|
|
2
|
+
|
|
3
|
+
# @rawdash/connector-workos
|
|
4
|
+
|
|
5
|
+
[](https://www.npmjs.com/package/@rawdash/connector-workos)
|
|
6
|
+
[](https://github.com/rawdash/rawdash/blob/main/LICENSE)
|
|
7
|
+
|
|
8
|
+
Sync organizations, SSO connections, directory-sync directories, and authentication events from a WorkOS workspace for B2B SaaS onboarding and SSO-activity dashboards.
|
|
9
|
+
|
|
10
|
+
## Install
|
|
11
|
+
|
|
12
|
+
```sh
|
|
13
|
+
npm install @rawdash/connector-workos
|
|
14
|
+
```
|
|
15
|
+
|
|
16
|
+
## Authentication
|
|
17
|
+
|
|
18
|
+
A WorkOS API key (server-side, starts with `sk_`) is required. It is sent as a bearer token on every request and never leaves the workspace.
|
|
19
|
+
|
|
20
|
+
1. Sign in to the WorkOS Dashboard and switch to the environment (Sandbox or Production) you want to sync.
|
|
21
|
+
2. Open API Keys in the left navigation.
|
|
22
|
+
3. Create a new secret key (or copy an existing one). WorkOS only shows the secret once on creation.
|
|
23
|
+
4. Store it as a rawdash secret and reference it from the connector config as `apiKey: secret("WORKOS_API_KEY")`.
|
|
24
|
+
|
|
25
|
+
## Configuration
|
|
26
|
+
|
|
27
|
+
| Field | Type | Required | Description |
|
|
28
|
+
| ------------------------ | ------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
|
|
29
|
+
| `apiKey` | secret | Yes | WorkOS API key (server-side, starts with `sk_`). Used as a bearer token on every request. Read-only access is sufficient for sync. |
|
|
30
|
+
| `resources` | array | No | Which WorkOS resources to sync. Omit to sync all of them. |
|
|
31
|
+
| `authEventsLookbackDays` | number | No | On a full sync (and when no incremental cursor is available), how many days of authentication events to fetch. Defaults to 30. Caps at 90. |
|
|
32
|
+
|
|
33
|
+
## Resources
|
|
34
|
+
|
|
35
|
+
- **`workos_organization`** _(entity)_ - WorkOS organizations (tenants) with their display name, domains, and creation timestamp.
|
|
36
|
+
- Endpoint: `GET /organizations`
|
|
37
|
+
- `name`: Organization display name.
|
|
38
|
+
- `domains`: Comma-separated list of domains attached to the organization.
|
|
39
|
+
- `createdAt`: When the organization was created (Unix ms).
|
|
40
|
+
- **`workos_connection`** _(entity)_ - WorkOS SSO connections (one per identity provider per organization) with their type, state, and parent organization.
|
|
41
|
+
- Endpoint: `GET /connections`
|
|
42
|
+
- `connectionType`: Connection type (e.g. OktaSAML, AzureSAML, GoogleOAuth).
|
|
43
|
+
- `organizationId`: WorkOS organization that owns the connection.
|
|
44
|
+
- `state`: Lifecycle state (active, inactive, draft, linked, unlinked).
|
|
45
|
+
- `name`: Connection display name.
|
|
46
|
+
- `createdAt`: When the connection was created (Unix ms).
|
|
47
|
+
- **`workos_directory`** _(entity)_ - WorkOS directory-sync directories (SCIM/HRIS feeds) with their type, state, and parent organization.
|
|
48
|
+
- Endpoint: `GET /directories`
|
|
49
|
+
- `directoryType`: Directory provider type (e.g. okta scim v2.0, azure scim v2.0, bamboohr).
|
|
50
|
+
- `organizationId`: WorkOS organization that owns the directory.
|
|
51
|
+
- `state`: Lifecycle state (active, inactive, validating, linked, unlinked).
|
|
52
|
+
- `name`: Directory display name.
|
|
53
|
+
- `createdAt`: When the directory was created (Unix ms).
|
|
54
|
+
- **`workos_auth_event`** _(event)_ - Authentication events from the WorkOS Events API (SSO, OAuth, password, magic auth, and MFA sign-in successes and failures).
|
|
55
|
+
- Endpoint: `GET /events`
|
|
56
|
+
- Filtered to the authentication.\* event family. Incremental syncs pass `range_start` so only events newer than the watermark are returned.
|
|
57
|
+
- `eventType`: WorkOS event name (authentication.sso_succeeded, etc).
|
|
58
|
+
- `outcome`: "succeeded" or "failed" derived from the event suffix.
|
|
59
|
+
- `method`: Authentication method (sso, oauth, password, magic_auth, mfa, email_verification).
|
|
60
|
+
- `organizationId`: WorkOS organization the event belongs to (may be null).
|
|
61
|
+
- `userId`: WorkOS user id involved in the event (may be null).
|
|
62
|
+
- `connectionId`: WorkOS connection id used for the event (may be null).
|
|
63
|
+
- `connectionType`: Connection type used for the event (may be null for non-SSO methods).
|
|
64
|
+
- `ipAddress`: Client IP captured by WorkOS (may be null).
|
|
65
|
+
|
|
66
|
+
## Example
|
|
67
|
+
|
|
68
|
+
```ts
|
|
69
|
+
import {
|
|
70
|
+
defineConfig,
|
|
71
|
+
defineDashboard,
|
|
72
|
+
defineMetric,
|
|
73
|
+
secret,
|
|
74
|
+
} from '@rawdash/core';
|
|
75
|
+
|
|
76
|
+
const workos = {
|
|
77
|
+
name: 'workos',
|
|
78
|
+
connectorId: 'workos',
|
|
79
|
+
config: {
|
|
80
|
+
apiKey: secret('WORKOS_API_KEY'),
|
|
81
|
+
},
|
|
82
|
+
};
|
|
83
|
+
|
|
84
|
+
export default defineConfig({
|
|
85
|
+
connectors: [workos],
|
|
86
|
+
dashboards: {
|
|
87
|
+
enterprise_auth: defineDashboard({
|
|
88
|
+
widgets: {
|
|
89
|
+
organizations: {
|
|
90
|
+
kind: 'stat',
|
|
91
|
+
title: 'Organizations',
|
|
92
|
+
metric: defineMetric({
|
|
93
|
+
connector: workos,
|
|
94
|
+
shape: 'entity',
|
|
95
|
+
entityType: 'workos_organization',
|
|
96
|
+
fn: 'count',
|
|
97
|
+
}),
|
|
98
|
+
},
|
|
99
|
+
active_connections: {
|
|
100
|
+
kind: 'stat',
|
|
101
|
+
title: 'Active SSO connections',
|
|
102
|
+
metric: defineMetric({
|
|
103
|
+
connector: workos,
|
|
104
|
+
shape: 'entity',
|
|
105
|
+
entityType: 'workos_connection',
|
|
106
|
+
fn: 'count',
|
|
107
|
+
filter: [{ field: 'state', op: 'eq', value: 'active' }],
|
|
108
|
+
}),
|
|
109
|
+
},
|
|
110
|
+
sso_failures: {
|
|
111
|
+
kind: 'stat',
|
|
112
|
+
title: 'Failed SSO sign-ins',
|
|
113
|
+
metric: defineMetric({
|
|
114
|
+
connector: workos,
|
|
115
|
+
shape: 'event',
|
|
116
|
+
name: 'workos_auth_event',
|
|
117
|
+
fn: 'count',
|
|
118
|
+
filter: [
|
|
119
|
+
{
|
|
120
|
+
field: 'eventType',
|
|
121
|
+
op: 'eq',
|
|
122
|
+
value: 'authentication.sso_failed',
|
|
123
|
+
},
|
|
124
|
+
],
|
|
125
|
+
}),
|
|
126
|
+
},
|
|
127
|
+
},
|
|
128
|
+
}),
|
|
129
|
+
},
|
|
130
|
+
});
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
## Rate limits
|
|
134
|
+
|
|
135
|
+
WorkOS list endpoints return X-RateLimit-Remaining and X-RateLimit-Reset (Unix seconds) headers when throttling kicks in; the shared HTTP client falls back to Retry-After on 429.
|
|
136
|
+
|
|
137
|
+
## Limitations
|
|
138
|
+
|
|
139
|
+
- Authentication events use the WorkOS Events API filtered to authentication._ event types (sign-in success and failure across SSO, OAuth, password, magic auth, MFA). Other event categories (dsync._, organization.\*) are not synced.
|
|
140
|
+
- Organizations, connections, and directories are fetched in full on every sync; the WorkOS list endpoints do not expose a server-side updated_at filter, so the scope is cleared and rewritten on full syncs and left untouched on incremental syncs.
|
|
141
|
+
- Directory-sync user and group rows are out of scope; this connector tracks the directory entities themselves, not their imported memberships.
|
|
142
|
+
|
|
143
|
+
## Links
|
|
144
|
+
|
|
145
|
+
- [Rawdash docs](https://rawdash.dev/docs/connectors/)
|
|
146
|
+
- [WorkOS API docs](https://workos.com/docs/reference)
|
|
147
|
+
- [GitHub](https://github.com/rawdash/rawdash)
|
|
148
|
+
|
|
149
|
+
## License
|
|
150
|
+
|
|
151
|
+
Apache-2.0
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,506 @@
|
|
|
1
|
+
import { BaseConnector, ConnectorContext, SyncOptions, StorageHandle, SyncResult, ConnectorDoc } from '@rawdash/core';
|
|
2
|
+
import { z } from 'zod';
|
|
3
|
+
|
|
4
|
+
declare const configFields: z.ZodObject<{
|
|
5
|
+
apiKey: z.ZodObject<{
|
|
6
|
+
$secret: z.ZodString;
|
|
7
|
+
}, z.core.$strip>;
|
|
8
|
+
resources: z.ZodOptional<z.ZodArray<z.ZodEnum<{
|
|
9
|
+
organizations: "organizations";
|
|
10
|
+
connections: "connections";
|
|
11
|
+
directories: "directories";
|
|
12
|
+
auth_events: "auth_events";
|
|
13
|
+
}>>>;
|
|
14
|
+
authEventsLookbackDays: z.ZodOptional<z.ZodNumber>;
|
|
15
|
+
}, z.core.$strip>;
|
|
16
|
+
declare const doc: ConnectorDoc;
|
|
17
|
+
type WorkOSResource = 'organizations' | 'connections' | 'directories' | 'auth_events';
|
|
18
|
+
interface WorkOSSettings {
|
|
19
|
+
resources?: readonly WorkOSResource[];
|
|
20
|
+
authEventsLookbackDays?: number;
|
|
21
|
+
}
|
|
22
|
+
declare const workosCredentials: {
|
|
23
|
+
apiKey: {
|
|
24
|
+
description: string;
|
|
25
|
+
auth: "required";
|
|
26
|
+
};
|
|
27
|
+
};
|
|
28
|
+
type WorkOSCredentials = typeof workosCredentials;
|
|
29
|
+
declare const workosResources: {
|
|
30
|
+
readonly workos_organization: {
|
|
31
|
+
readonly shape: "entity";
|
|
32
|
+
readonly filterable: [];
|
|
33
|
+
readonly description: "WorkOS organizations (tenants) with their display name, domains, and creation timestamp.";
|
|
34
|
+
readonly endpoint: "GET /organizations";
|
|
35
|
+
readonly fields: [{
|
|
36
|
+
readonly name: "name";
|
|
37
|
+
readonly description: "Organization display name.";
|
|
38
|
+
}, {
|
|
39
|
+
readonly name: "domains";
|
|
40
|
+
readonly description: "Comma-separated list of domains attached to the organization.";
|
|
41
|
+
}, {
|
|
42
|
+
readonly name: "createdAt";
|
|
43
|
+
readonly description: "When the organization was created (Unix ms).";
|
|
44
|
+
}];
|
|
45
|
+
readonly responses: {
|
|
46
|
+
readonly organizations: z.ZodObject<{
|
|
47
|
+
data: z.ZodArray<z.ZodObject<{
|
|
48
|
+
id: z.ZodString;
|
|
49
|
+
name: z.ZodString;
|
|
50
|
+
domains: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodObject<{
|
|
51
|
+
domain: z.ZodString;
|
|
52
|
+
state: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
53
|
+
}, z.core.$strip>>>>;
|
|
54
|
+
allow_profiles_outside_organization: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
|
|
55
|
+
created_at: z.ZodString;
|
|
56
|
+
updated_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
57
|
+
}, z.core.$strip>>;
|
|
58
|
+
list_metadata: z.ZodObject<{
|
|
59
|
+
before: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
60
|
+
after: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
61
|
+
}, z.core.$strip>;
|
|
62
|
+
}, z.core.$strip>;
|
|
63
|
+
};
|
|
64
|
+
};
|
|
65
|
+
readonly workos_connection: {
|
|
66
|
+
readonly shape: "entity";
|
|
67
|
+
readonly filterable: [{
|
|
68
|
+
readonly field: "state";
|
|
69
|
+
readonly ops: ["eq"];
|
|
70
|
+
readonly values: ["active", "inactive", "draft", "linked", "unlinked"];
|
|
71
|
+
}, {
|
|
72
|
+
readonly field: "connectionType";
|
|
73
|
+
readonly ops: ["eq"];
|
|
74
|
+
}];
|
|
75
|
+
readonly description: "WorkOS SSO connections (one per identity provider per organization) with their type, state, and parent organization.";
|
|
76
|
+
readonly endpoint: "GET /connections";
|
|
77
|
+
readonly fields: [{
|
|
78
|
+
readonly name: "connectionType";
|
|
79
|
+
readonly description: "Connection type (e.g. OktaSAML, AzureSAML, GoogleOAuth).";
|
|
80
|
+
}, {
|
|
81
|
+
readonly name: "organizationId";
|
|
82
|
+
readonly description: "WorkOS organization that owns the connection.";
|
|
83
|
+
}, {
|
|
84
|
+
readonly name: "state";
|
|
85
|
+
readonly description: "Lifecycle state (active, inactive, draft, linked, unlinked).";
|
|
86
|
+
}, {
|
|
87
|
+
readonly name: "name";
|
|
88
|
+
readonly description: "Connection display name.";
|
|
89
|
+
}, {
|
|
90
|
+
readonly name: "createdAt";
|
|
91
|
+
readonly description: "When the connection was created (Unix ms).";
|
|
92
|
+
}];
|
|
93
|
+
readonly responses: {
|
|
94
|
+
readonly connections: z.ZodObject<{
|
|
95
|
+
data: z.ZodArray<z.ZodObject<{
|
|
96
|
+
id: z.ZodString;
|
|
97
|
+
name: z.ZodString;
|
|
98
|
+
organization_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
99
|
+
connection_type: z.ZodString;
|
|
100
|
+
state: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
101
|
+
status: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
102
|
+
created_at: z.ZodString;
|
|
103
|
+
updated_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
104
|
+
}, z.core.$strip>>;
|
|
105
|
+
list_metadata: z.ZodObject<{
|
|
106
|
+
before: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
107
|
+
after: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
108
|
+
}, z.core.$strip>;
|
|
109
|
+
}, z.core.$strip>;
|
|
110
|
+
};
|
|
111
|
+
};
|
|
112
|
+
readonly workos_directory: {
|
|
113
|
+
readonly shape: "entity";
|
|
114
|
+
readonly filterable: [{
|
|
115
|
+
readonly field: "state";
|
|
116
|
+
readonly ops: ["eq"];
|
|
117
|
+
readonly values: ["active", "inactive", "validating", "linked", "unlinked"];
|
|
118
|
+
}, {
|
|
119
|
+
readonly field: "directoryType";
|
|
120
|
+
readonly ops: ["eq"];
|
|
121
|
+
}];
|
|
122
|
+
readonly description: "WorkOS directory-sync directories (SCIM/HRIS feeds) with their type, state, and parent organization.";
|
|
123
|
+
readonly endpoint: "GET /directories";
|
|
124
|
+
readonly fields: [{
|
|
125
|
+
readonly name: "directoryType";
|
|
126
|
+
readonly description: "Directory provider type (e.g. okta scim v2.0, azure scim v2.0, bamboohr).";
|
|
127
|
+
}, {
|
|
128
|
+
readonly name: "organizationId";
|
|
129
|
+
readonly description: "WorkOS organization that owns the directory.";
|
|
130
|
+
}, {
|
|
131
|
+
readonly name: "state";
|
|
132
|
+
readonly description: "Lifecycle state (active, inactive, validating, linked, unlinked).";
|
|
133
|
+
}, {
|
|
134
|
+
readonly name: "name";
|
|
135
|
+
readonly description: "Directory display name.";
|
|
136
|
+
}, {
|
|
137
|
+
readonly name: "createdAt";
|
|
138
|
+
readonly description: "When the directory was created (Unix ms).";
|
|
139
|
+
}];
|
|
140
|
+
readonly responses: {
|
|
141
|
+
readonly directories: z.ZodObject<{
|
|
142
|
+
data: z.ZodArray<z.ZodObject<{
|
|
143
|
+
id: z.ZodString;
|
|
144
|
+
name: z.ZodString;
|
|
145
|
+
organization_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
146
|
+
type: z.ZodString;
|
|
147
|
+
state: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
148
|
+
created_at: z.ZodString;
|
|
149
|
+
updated_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
150
|
+
}, z.core.$strip>>;
|
|
151
|
+
list_metadata: z.ZodObject<{
|
|
152
|
+
before: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
153
|
+
after: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
154
|
+
}, z.core.$strip>;
|
|
155
|
+
}, z.core.$strip>;
|
|
156
|
+
};
|
|
157
|
+
};
|
|
158
|
+
readonly workos_auth_event: {
|
|
159
|
+
readonly shape: "event";
|
|
160
|
+
readonly filterable: [{
|
|
161
|
+
readonly field: "eventType";
|
|
162
|
+
readonly ops: ["eq"];
|
|
163
|
+
readonly values: ["authentication.email_verification_succeeded", "authentication.magic_auth_succeeded", "authentication.magic_auth_failed", "authentication.mfa_succeeded", "authentication.mfa_failed", "authentication.oauth_succeeded", "authentication.oauth_failed", "authentication.password_succeeded", "authentication.password_failed", "authentication.sso_succeeded", "authentication.sso_failed"];
|
|
164
|
+
}];
|
|
165
|
+
readonly description: "Authentication events from the WorkOS Events API (SSO, OAuth, password, magic auth, and MFA sign-in successes and failures).";
|
|
166
|
+
readonly endpoint: "GET /events";
|
|
167
|
+
readonly notes: "Filtered to the authentication.* event family. Incremental syncs pass `range_start` so only events newer than the watermark are returned.";
|
|
168
|
+
readonly fields: [{
|
|
169
|
+
readonly name: "eventType";
|
|
170
|
+
readonly description: "WorkOS event name (authentication.sso_succeeded, etc).";
|
|
171
|
+
}, {
|
|
172
|
+
readonly name: "outcome";
|
|
173
|
+
readonly description: "\"succeeded\" or \"failed\" derived from the event suffix.";
|
|
174
|
+
}, {
|
|
175
|
+
readonly name: "method";
|
|
176
|
+
readonly description: "Authentication method (sso, oauth, password, magic_auth, mfa, email_verification).";
|
|
177
|
+
}, {
|
|
178
|
+
readonly name: "organizationId";
|
|
179
|
+
readonly description: "WorkOS organization the event belongs to (may be null).";
|
|
180
|
+
}, {
|
|
181
|
+
readonly name: "userId";
|
|
182
|
+
readonly description: "WorkOS user id involved in the event (may be null).";
|
|
183
|
+
}, {
|
|
184
|
+
readonly name: "connectionId";
|
|
185
|
+
readonly description: "WorkOS connection id used for the event (may be null).";
|
|
186
|
+
}, {
|
|
187
|
+
readonly name: "connectionType";
|
|
188
|
+
readonly description: "Connection type used for the event (may be null for non-SSO methods).";
|
|
189
|
+
}, {
|
|
190
|
+
readonly name: "ipAddress";
|
|
191
|
+
readonly description: "Client IP captured by WorkOS (may be null).";
|
|
192
|
+
}];
|
|
193
|
+
readonly responses: {
|
|
194
|
+
readonly auth_events: z.ZodObject<{
|
|
195
|
+
data: z.ZodArray<z.ZodObject<{
|
|
196
|
+
id: z.ZodString;
|
|
197
|
+
event: z.ZodString;
|
|
198
|
+
created_at: z.ZodString;
|
|
199
|
+
data: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
200
|
+
organization_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
201
|
+
user_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
202
|
+
email: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
203
|
+
ip_address: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
204
|
+
connection_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
205
|
+
connection_type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
206
|
+
}, z.core.$loose>>>;
|
|
207
|
+
}, z.core.$strip>>;
|
|
208
|
+
list_metadata: z.ZodObject<{
|
|
209
|
+
before: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
210
|
+
after: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
211
|
+
}, z.core.$strip>;
|
|
212
|
+
}, z.core.$strip>;
|
|
213
|
+
};
|
|
214
|
+
};
|
|
215
|
+
};
|
|
216
|
+
declare const id = "workos";
|
|
217
|
+
declare class WorkOSConnector extends BaseConnector<WorkOSSettings, WorkOSCredentials> {
|
|
218
|
+
static readonly id = "workos";
|
|
219
|
+
static readonly resources: {
|
|
220
|
+
readonly workos_organization: {
|
|
221
|
+
readonly shape: "entity";
|
|
222
|
+
readonly filterable: [];
|
|
223
|
+
readonly description: "WorkOS organizations (tenants) with their display name, domains, and creation timestamp.";
|
|
224
|
+
readonly endpoint: "GET /organizations";
|
|
225
|
+
readonly fields: [{
|
|
226
|
+
readonly name: "name";
|
|
227
|
+
readonly description: "Organization display name.";
|
|
228
|
+
}, {
|
|
229
|
+
readonly name: "domains";
|
|
230
|
+
readonly description: "Comma-separated list of domains attached to the organization.";
|
|
231
|
+
}, {
|
|
232
|
+
readonly name: "createdAt";
|
|
233
|
+
readonly description: "When the organization was created (Unix ms).";
|
|
234
|
+
}];
|
|
235
|
+
readonly responses: {
|
|
236
|
+
readonly organizations: z.ZodObject<{
|
|
237
|
+
data: z.ZodArray<z.ZodObject<{
|
|
238
|
+
id: z.ZodString;
|
|
239
|
+
name: z.ZodString;
|
|
240
|
+
domains: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodObject<{
|
|
241
|
+
domain: z.ZodString;
|
|
242
|
+
state: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
243
|
+
}, z.core.$strip>>>>;
|
|
244
|
+
allow_profiles_outside_organization: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
|
|
245
|
+
created_at: z.ZodString;
|
|
246
|
+
updated_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
247
|
+
}, z.core.$strip>>;
|
|
248
|
+
list_metadata: z.ZodObject<{
|
|
249
|
+
before: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
250
|
+
after: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
251
|
+
}, z.core.$strip>;
|
|
252
|
+
}, z.core.$strip>;
|
|
253
|
+
};
|
|
254
|
+
};
|
|
255
|
+
readonly workos_connection: {
|
|
256
|
+
readonly shape: "entity";
|
|
257
|
+
readonly filterable: [{
|
|
258
|
+
readonly field: "state";
|
|
259
|
+
readonly ops: ["eq"];
|
|
260
|
+
readonly values: ["active", "inactive", "draft", "linked", "unlinked"];
|
|
261
|
+
}, {
|
|
262
|
+
readonly field: "connectionType";
|
|
263
|
+
readonly ops: ["eq"];
|
|
264
|
+
}];
|
|
265
|
+
readonly description: "WorkOS SSO connections (one per identity provider per organization) with their type, state, and parent organization.";
|
|
266
|
+
readonly endpoint: "GET /connections";
|
|
267
|
+
readonly fields: [{
|
|
268
|
+
readonly name: "connectionType";
|
|
269
|
+
readonly description: "Connection type (e.g. OktaSAML, AzureSAML, GoogleOAuth).";
|
|
270
|
+
}, {
|
|
271
|
+
readonly name: "organizationId";
|
|
272
|
+
readonly description: "WorkOS organization that owns the connection.";
|
|
273
|
+
}, {
|
|
274
|
+
readonly name: "state";
|
|
275
|
+
readonly description: "Lifecycle state (active, inactive, draft, linked, unlinked).";
|
|
276
|
+
}, {
|
|
277
|
+
readonly name: "name";
|
|
278
|
+
readonly description: "Connection display name.";
|
|
279
|
+
}, {
|
|
280
|
+
readonly name: "createdAt";
|
|
281
|
+
readonly description: "When the connection was created (Unix ms).";
|
|
282
|
+
}];
|
|
283
|
+
readonly responses: {
|
|
284
|
+
readonly connections: z.ZodObject<{
|
|
285
|
+
data: z.ZodArray<z.ZodObject<{
|
|
286
|
+
id: z.ZodString;
|
|
287
|
+
name: z.ZodString;
|
|
288
|
+
organization_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
289
|
+
connection_type: z.ZodString;
|
|
290
|
+
state: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
291
|
+
status: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
292
|
+
created_at: z.ZodString;
|
|
293
|
+
updated_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
294
|
+
}, z.core.$strip>>;
|
|
295
|
+
list_metadata: z.ZodObject<{
|
|
296
|
+
before: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
297
|
+
after: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
298
|
+
}, z.core.$strip>;
|
|
299
|
+
}, z.core.$strip>;
|
|
300
|
+
};
|
|
301
|
+
};
|
|
302
|
+
readonly workos_directory: {
|
|
303
|
+
readonly shape: "entity";
|
|
304
|
+
readonly filterable: [{
|
|
305
|
+
readonly field: "state";
|
|
306
|
+
readonly ops: ["eq"];
|
|
307
|
+
readonly values: ["active", "inactive", "validating", "linked", "unlinked"];
|
|
308
|
+
}, {
|
|
309
|
+
readonly field: "directoryType";
|
|
310
|
+
readonly ops: ["eq"];
|
|
311
|
+
}];
|
|
312
|
+
readonly description: "WorkOS directory-sync directories (SCIM/HRIS feeds) with their type, state, and parent organization.";
|
|
313
|
+
readonly endpoint: "GET /directories";
|
|
314
|
+
readonly fields: [{
|
|
315
|
+
readonly name: "directoryType";
|
|
316
|
+
readonly description: "Directory provider type (e.g. okta scim v2.0, azure scim v2.0, bamboohr).";
|
|
317
|
+
}, {
|
|
318
|
+
readonly name: "organizationId";
|
|
319
|
+
readonly description: "WorkOS organization that owns the directory.";
|
|
320
|
+
}, {
|
|
321
|
+
readonly name: "state";
|
|
322
|
+
readonly description: "Lifecycle state (active, inactive, validating, linked, unlinked).";
|
|
323
|
+
}, {
|
|
324
|
+
readonly name: "name";
|
|
325
|
+
readonly description: "Directory display name.";
|
|
326
|
+
}, {
|
|
327
|
+
readonly name: "createdAt";
|
|
328
|
+
readonly description: "When the directory was created (Unix ms).";
|
|
329
|
+
}];
|
|
330
|
+
readonly responses: {
|
|
331
|
+
readonly directories: z.ZodObject<{
|
|
332
|
+
data: z.ZodArray<z.ZodObject<{
|
|
333
|
+
id: z.ZodString;
|
|
334
|
+
name: z.ZodString;
|
|
335
|
+
organization_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
336
|
+
type: z.ZodString;
|
|
337
|
+
state: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
338
|
+
created_at: z.ZodString;
|
|
339
|
+
updated_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
340
|
+
}, z.core.$strip>>;
|
|
341
|
+
list_metadata: z.ZodObject<{
|
|
342
|
+
before: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
343
|
+
after: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
344
|
+
}, z.core.$strip>;
|
|
345
|
+
}, z.core.$strip>;
|
|
346
|
+
};
|
|
347
|
+
};
|
|
348
|
+
readonly workos_auth_event: {
|
|
349
|
+
readonly shape: "event";
|
|
350
|
+
readonly filterable: [{
|
|
351
|
+
readonly field: "eventType";
|
|
352
|
+
readonly ops: ["eq"];
|
|
353
|
+
readonly values: ["authentication.email_verification_succeeded", "authentication.magic_auth_succeeded", "authentication.magic_auth_failed", "authentication.mfa_succeeded", "authentication.mfa_failed", "authentication.oauth_succeeded", "authentication.oauth_failed", "authentication.password_succeeded", "authentication.password_failed", "authentication.sso_succeeded", "authentication.sso_failed"];
|
|
354
|
+
}];
|
|
355
|
+
readonly description: "Authentication events from the WorkOS Events API (SSO, OAuth, password, magic auth, and MFA sign-in successes and failures).";
|
|
356
|
+
readonly endpoint: "GET /events";
|
|
357
|
+
readonly notes: "Filtered to the authentication.* event family. Incremental syncs pass `range_start` so only events newer than the watermark are returned.";
|
|
358
|
+
readonly fields: [{
|
|
359
|
+
readonly name: "eventType";
|
|
360
|
+
readonly description: "WorkOS event name (authentication.sso_succeeded, etc).";
|
|
361
|
+
}, {
|
|
362
|
+
readonly name: "outcome";
|
|
363
|
+
readonly description: "\"succeeded\" or \"failed\" derived from the event suffix.";
|
|
364
|
+
}, {
|
|
365
|
+
readonly name: "method";
|
|
366
|
+
readonly description: "Authentication method (sso, oauth, password, magic_auth, mfa, email_verification).";
|
|
367
|
+
}, {
|
|
368
|
+
readonly name: "organizationId";
|
|
369
|
+
readonly description: "WorkOS organization the event belongs to (may be null).";
|
|
370
|
+
}, {
|
|
371
|
+
readonly name: "userId";
|
|
372
|
+
readonly description: "WorkOS user id involved in the event (may be null).";
|
|
373
|
+
}, {
|
|
374
|
+
readonly name: "connectionId";
|
|
375
|
+
readonly description: "WorkOS connection id used for the event (may be null).";
|
|
376
|
+
}, {
|
|
377
|
+
readonly name: "connectionType";
|
|
378
|
+
readonly description: "Connection type used for the event (may be null for non-SSO methods).";
|
|
379
|
+
}, {
|
|
380
|
+
readonly name: "ipAddress";
|
|
381
|
+
readonly description: "Client IP captured by WorkOS (may be null).";
|
|
382
|
+
}];
|
|
383
|
+
readonly responses: {
|
|
384
|
+
readonly auth_events: z.ZodObject<{
|
|
385
|
+
data: z.ZodArray<z.ZodObject<{
|
|
386
|
+
id: z.ZodString;
|
|
387
|
+
event: z.ZodString;
|
|
388
|
+
created_at: z.ZodString;
|
|
389
|
+
data: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
390
|
+
organization_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
391
|
+
user_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
392
|
+
email: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
393
|
+
ip_address: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
394
|
+
connection_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
395
|
+
connection_type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
396
|
+
}, z.core.$loose>>>;
|
|
397
|
+
}, z.core.$strip>>;
|
|
398
|
+
list_metadata: z.ZodObject<{
|
|
399
|
+
before: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
400
|
+
after: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
401
|
+
}, z.core.$strip>;
|
|
402
|
+
}, z.core.$strip>;
|
|
403
|
+
};
|
|
404
|
+
};
|
|
405
|
+
};
|
|
406
|
+
static readonly schemas: {
|
|
407
|
+
readonly organizations: z.ZodObject<{
|
|
408
|
+
data: z.ZodArray<z.ZodObject<{
|
|
409
|
+
id: z.ZodString;
|
|
410
|
+
name: z.ZodString;
|
|
411
|
+
domains: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodObject<{
|
|
412
|
+
domain: z.ZodString;
|
|
413
|
+
state: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
414
|
+
}, z.core.$strip>>>>;
|
|
415
|
+
allow_profiles_outside_organization: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
|
|
416
|
+
created_at: z.ZodString;
|
|
417
|
+
updated_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
418
|
+
}, z.core.$strip>>;
|
|
419
|
+
list_metadata: z.ZodObject<{
|
|
420
|
+
before: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
421
|
+
after: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
422
|
+
}, z.core.$strip>;
|
|
423
|
+
}, z.core.$strip>;
|
|
424
|
+
} & {
|
|
425
|
+
readonly connections: z.ZodObject<{
|
|
426
|
+
data: z.ZodArray<z.ZodObject<{
|
|
427
|
+
id: z.ZodString;
|
|
428
|
+
name: z.ZodString;
|
|
429
|
+
organization_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
430
|
+
connection_type: z.ZodString;
|
|
431
|
+
state: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
432
|
+
status: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
433
|
+
created_at: z.ZodString;
|
|
434
|
+
updated_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
435
|
+
}, z.core.$strip>>;
|
|
436
|
+
list_metadata: z.ZodObject<{
|
|
437
|
+
before: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
438
|
+
after: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
439
|
+
}, z.core.$strip>;
|
|
440
|
+
}, z.core.$strip>;
|
|
441
|
+
} & {
|
|
442
|
+
readonly directories: z.ZodObject<{
|
|
443
|
+
data: z.ZodArray<z.ZodObject<{
|
|
444
|
+
id: z.ZodString;
|
|
445
|
+
name: z.ZodString;
|
|
446
|
+
organization_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
447
|
+
type: z.ZodString;
|
|
448
|
+
state: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
449
|
+
created_at: z.ZodString;
|
|
450
|
+
updated_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
451
|
+
}, z.core.$strip>>;
|
|
452
|
+
list_metadata: z.ZodObject<{
|
|
453
|
+
before: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
454
|
+
after: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
455
|
+
}, z.core.$strip>;
|
|
456
|
+
}, z.core.$strip>;
|
|
457
|
+
} & {
|
|
458
|
+
readonly auth_events: z.ZodObject<{
|
|
459
|
+
data: z.ZodArray<z.ZodObject<{
|
|
460
|
+
id: z.ZodString;
|
|
461
|
+
event: z.ZodString;
|
|
462
|
+
created_at: z.ZodString;
|
|
463
|
+
data: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
464
|
+
organization_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
465
|
+
user_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
466
|
+
email: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
467
|
+
ip_address: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
468
|
+
connection_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
469
|
+
connection_type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
470
|
+
}, z.core.$loose>>>;
|
|
471
|
+
}, z.core.$strip>>;
|
|
472
|
+
list_metadata: z.ZodObject<{
|
|
473
|
+
before: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
474
|
+
after: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
475
|
+
}, z.core.$strip>;
|
|
476
|
+
}, z.core.$strip>;
|
|
477
|
+
} & Readonly<Record<string, z.ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>>>;
|
|
478
|
+
static create(input: unknown, ctx?: ConnectorContext): WorkOSConnector;
|
|
479
|
+
readonly id = "workos";
|
|
480
|
+
readonly credentials: {
|
|
481
|
+
apiKey: {
|
|
482
|
+
description: string;
|
|
483
|
+
auth: "required";
|
|
484
|
+
};
|
|
485
|
+
};
|
|
486
|
+
private buildHeaders;
|
|
487
|
+
private apiGet;
|
|
488
|
+
private buildListUrl;
|
|
489
|
+
private buildEventsUrl;
|
|
490
|
+
private defaultEventsRangeStart;
|
|
491
|
+
private fetchOrganizationsPage;
|
|
492
|
+
private fetchConnectionsPage;
|
|
493
|
+
private fetchDirectoriesPage;
|
|
494
|
+
private fetchEventsPage;
|
|
495
|
+
private fetchPhasePage;
|
|
496
|
+
private writeOrganizations;
|
|
497
|
+
private writeConnections;
|
|
498
|
+
private writeDirectories;
|
|
499
|
+
private writeAuthEvents;
|
|
500
|
+
private clearScopeOnFirstPage;
|
|
501
|
+
private writePhase;
|
|
502
|
+
private resolveCursor;
|
|
503
|
+
sync(options: SyncOptions, storage: StorageHandle, signal?: AbortSignal): Promise<SyncResult>;
|
|
504
|
+
}
|
|
505
|
+
|
|
506
|
+
export { WorkOSConnector, type WorkOSResource, type WorkOSSettings, configFields, WorkOSConnector as default, doc, id, workosResources as resources };
|