@workos/mcp-docs-server 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (568) hide show
  1. package/.docs/organized/changelogs/workos-platform.json +125 -125
  2. package/.docs/organized/docs/admin-portal/custom-branding.mdx +2 -4
  3. package/.docs/organized/docs/admin-portal/example-apps.mdx +11 -11
  4. package/.docs/organized/docs/admin-portal/index.mdx +39 -33
  5. package/.docs/organized/docs/audit-logs/admin-portal.mdx +1 -1
  6. package/.docs/organized/docs/audit-logs/editing-events.mdx +1 -1
  7. package/.docs/organized/docs/audit-logs/exporting-events.mdx +1 -1
  8. package/.docs/organized/docs/audit-logs/index.mdx +17 -2
  9. package/.docs/organized/docs/audit-logs/log-streams.mdx +325 -1
  10. package/.docs/organized/docs/audit-logs/metadata-schema.mdx +1 -1
  11. package/.docs/organized/docs/authkit/_navigation.mdx +108 -0
  12. package/.docs/organized/docs/{user-management → authkit}/actions.mdx +3 -4
  13. package/.docs/organized/docs/authkit/add-ons/google-analytics.mdx +79 -0
  14. package/.docs/organized/docs/authkit/add-ons/segment.mdx +77 -0
  15. package/.docs/organized/docs/authkit/add-ons/stripe.mdx +103 -0
  16. package/.docs/organized/docs/authkit/api-keys.mdx +99 -0
  17. package/.docs/organized/docs/{user-management → authkit}/branding.mdx +220 -2
  18. package/.docs/organized/docs/authkit/cli-auth.mdx +76 -0
  19. package/.docs/organized/docs/authkit/cli-installer.mdx +157 -0
  20. package/.docs/organized/docs/authkit/connect/m2m.mdx +65 -0
  21. package/.docs/organized/docs/authkit/connect/oauth.mdx +88 -0
  22. package/.docs/organized/docs/authkit/connect/standalone.mdx +179 -0
  23. package/.docs/organized/docs/authkit/connect.mdx +65 -0
  24. package/.docs/organized/docs/authkit/custom-email-providers.mdx +141 -0
  25. package/.docs/organized/docs/{user-management → authkit}/custom-emails.mdx +15 -15
  26. package/.docs/organized/docs/authkit/directory-provisioning.mdx +89 -0
  27. package/.docs/organized/docs/{user-management → authkit}/domain-verification.mdx +5 -6
  28. package/.docs/organized/docs/{user-management → authkit}/email-password.mdx +2 -2
  29. package/.docs/organized/docs/authkit/email-verification.mdx +31 -0
  30. package/.docs/organized/docs/{user-management → authkit}/example-apps.mdx +3 -3
  31. package/.docs/organized/docs/authkit/hosted-ui.mdx +165 -0
  32. package/.docs/organized/docs/{user-management → authkit}/identity-linking.mdx +9 -9
  33. package/.docs/organized/docs/{user-management → authkit}/impersonation.mdx +8 -8
  34. package/.docs/organized/docs/{user-management → authkit}/index.mdx +141 -74
  35. package/.docs/organized/docs/{user-management → authkit}/invitations.mdx +4 -4
  36. package/.docs/organized/docs/{user-management → authkit}/invite-only-signup.mdx +3 -3
  37. package/.docs/organized/docs/authkit/jit-provisioning.mdx +42 -0
  38. package/.docs/organized/docs/{user-management → authkit}/jwt-templates.mdx +37 -3
  39. package/.docs/organized/docs/authkit/landing.mdx +22 -0
  40. package/.docs/organized/docs/{user-management → authkit}/magic-auth.mdx +3 -5
  41. package/.docs/organized/docs/{user-management → authkit}/mcp.mdx +46 -9
  42. package/.docs/organized/docs/{user-management → authkit}/metadata.mdx +9 -9
  43. package/.docs/organized/docs/{user-management → authkit}/mfa.mdx +2 -2
  44. package/.docs/organized/docs/{user-management → authkit}/migrations.mdx +4 -4
  45. package/.docs/organized/docs/{user-management → authkit}/modeling-your-app.mdx +11 -11
  46. package/.docs/organized/docs/{user-management → authkit}/organization-policies.mdx +3 -4
  47. package/.docs/organized/docs/authkit/overview.mdx +46 -0
  48. package/.docs/organized/docs/{user-management → authkit}/passkeys.mdx +3 -3
  49. package/.docs/organized/docs/authkit/pipes.mdx +75 -0
  50. package/.docs/organized/docs/{user-management → authkit}/radar.mdx +39 -4
  51. package/.docs/organized/docs/authkit/roles-and-permissions.mdx +208 -0
  52. package/.docs/organized/docs/{user-management → authkit}/sessions.mdx +32 -20
  53. package/.docs/organized/docs/{user-management → authkit}/social-login.mdx +16 -2
  54. package/.docs/organized/docs/{user-management → authkit}/sso-with-contractors.mdx +3 -4
  55. package/.docs/organized/docs/{user-management → authkit}/sso.mdx +2 -2
  56. package/.docs/organized/docs/authkit/users-organizations.mdx +107 -0
  57. package/.docs/organized/docs/custom-domains/admin-portal.mdx +0 -2
  58. package/.docs/organized/docs/custom-domains/authkit.mdx +0 -2
  59. package/.docs/organized/docs/custom-domains/email.mdx +2 -2
  60. package/.docs/organized/docs/deprecations/_navigation.mdx +8 -0
  61. package/.docs/organized/docs/deprecations/raw-attributes.mdx +136 -0
  62. package/.docs/organized/docs/directory-sync/attributes.mdx +50 -31
  63. package/.docs/organized/docs/directory-sync/example-apps.mdx +11 -11
  64. package/.docs/organized/docs/directory-sync/identity-provider-role-assignment.mdx +23 -26
  65. package/.docs/organized/docs/directory-sync/index.mdx +4 -2
  66. package/.docs/organized/docs/directory-sync/quick-start.mdx +3 -3
  67. package/.docs/organized/docs/directory-sync/understanding-events.mdx +2 -2
  68. package/.docs/organized/docs/domain-verification/api.mdx +8 -8
  69. package/.docs/organized/docs/domain-verification/index.mdx +3 -3
  70. package/.docs/organized/docs/email.mdx +49 -5
  71. package/.docs/organized/docs/events/data-syncing/events-api.mdx +3 -3
  72. package/.docs/organized/docs/events/data-syncing/index.mdx +2 -3
  73. package/.docs/organized/docs/events/data-syncing/webhooks.mdx +4 -4
  74. package/.docs/organized/docs/events/index.mdx +419 -33
  75. package/.docs/organized/docs/feature-flags/_navigation.mdx +10 -0
  76. package/.docs/organized/docs/feature-flags/index.mdx +80 -0
  77. package/.docs/organized/docs/feature-flags/slack-notifications.mdx +58 -0
  78. package/.docs/organized/docs/fga/_navigation.mdx +34 -54
  79. package/.docs/organized/docs/fga/access-checks.mdx +109 -0
  80. package/.docs/organized/docs/fga/assignments.mdx +124 -0
  81. package/.docs/organized/docs/fga/authkit-integration.mdx +92 -0
  82. package/.docs/organized/docs/fga/high-cardinality-entities.mdx +172 -0
  83. package/.docs/organized/docs/fga/idp-role-assignment.mdx +66 -0
  84. package/.docs/organized/docs/fga/index.mdx +94 -29
  85. package/.docs/organized/docs/fga/migration-openfga.mdx +306 -0
  86. package/.docs/organized/docs/fga/migration-oso.mdx +372 -0
  87. package/.docs/organized/docs/fga/migration-spicedb.mdx +364 -0
  88. package/.docs/organized/docs/fga/quick-start.mdx +283 -98
  89. package/.docs/organized/docs/fga/resource-discovery.mdx +78 -0
  90. package/.docs/organized/docs/fga/resource-types.mdx +165 -0
  91. package/.docs/organized/docs/fga/resources.mdx +179 -59
  92. package/.docs/organized/docs/fga/roles-and-permissions.mdx +122 -0
  93. package/.docs/organized/docs/fga/standalone-integration.mdx +176 -0
  94. package/.docs/organized/docs/glossary.mdx +7 -3
  95. package/.docs/organized/docs/integrations/access-people-hr.mdx +1 -1
  96. package/.docs/organized/docs/integrations/adp-oidc.mdx +1 -1
  97. package/.docs/organized/docs/integrations/apple.mdx +112 -69
  98. package/.docs/organized/docs/integrations/auth0-directory-sync.mdx +3 -1
  99. package/.docs/organized/docs/integrations/auth0-enterprise-connection.mdx +3 -1
  100. package/.docs/organized/docs/integrations/auth0-saml.mdx +3 -1
  101. package/.docs/organized/docs/integrations/bamboohr.mdx +4 -4
  102. package/.docs/organized/docs/integrations/breathe-hr.mdx +1 -1
  103. package/.docs/organized/docs/integrations/bubble.mdx +1 -1
  104. package/.docs/organized/docs/integrations/cas-saml.mdx +2 -2
  105. package/.docs/organized/docs/integrations/classlink-saml.mdx +2 -2
  106. package/.docs/organized/docs/integrations/clever-oidc.mdx +94 -0
  107. package/.docs/organized/docs/integrations/cloudflare-saml.mdx +35 -2
  108. package/.docs/organized/docs/integrations/cyberark-saml.mdx +2 -2
  109. package/.docs/organized/docs/integrations/cyberark-scim.mdx +1 -1
  110. package/.docs/organized/docs/integrations/duo-saml.mdx +2 -2
  111. package/.docs/organized/docs/integrations/entra-id-oidc.mdx +198 -0
  112. package/.docs/organized/docs/integrations/entra-id-saml.mdx +3 -3
  113. package/.docs/organized/docs/integrations/entra-id-scim.mdx +5 -1
  114. package/.docs/organized/docs/integrations/fourth.mdx +2 -2
  115. package/.docs/organized/docs/integrations/github-oauth.mdx +80 -33
  116. package/.docs/organized/docs/integrations/gitlab-oauth.mdx +86 -31
  117. package/.docs/organized/docs/integrations/google-directory-sync.mdx +5 -1
  118. package/.docs/organized/docs/integrations/google-oauth.mdx +87 -70
  119. package/.docs/organized/docs/integrations/google-oidc.mdx +142 -0
  120. package/.docs/organized/docs/integrations/google-saml.mdx +3 -3
  121. package/.docs/organized/docs/integrations/hibob.mdx +17 -4
  122. package/.docs/organized/docs/integrations/intuit-oauth.mdx +128 -0
  123. package/.docs/organized/docs/integrations/jumpcloud-saml.mdx +2 -2
  124. package/.docs/organized/docs/integrations/jumpcloud-scim.mdx +5 -1
  125. package/.docs/organized/docs/integrations/keycloak-saml.mdx +2 -2
  126. package/.docs/organized/docs/integrations/lastpass-saml.mdx +2 -2
  127. package/.docs/organized/docs/integrations/linkedin-oauth.mdx +69 -30
  128. package/.docs/organized/docs/integrations/microsoft-ad-fs-saml.mdx +2 -2
  129. package/.docs/organized/docs/integrations/microsoft-oauth.mdx +95 -38
  130. package/.docs/organized/docs/integrations/miniorange-saml.mdx +2 -2
  131. package/.docs/organized/docs/integrations/net-iq-saml.mdx +2 -2
  132. package/.docs/organized/docs/integrations/next-auth.mdx +1 -1
  133. package/.docs/organized/docs/integrations/oidc.mdx +37 -24
  134. package/.docs/organized/docs/integrations/okta-oidc.mdx +149 -0
  135. package/.docs/organized/docs/integrations/okta-saml.mdx +3 -3
  136. package/.docs/organized/docs/integrations/okta-scim.mdx +6 -2
  137. package/.docs/organized/docs/integrations/onelogin-saml.mdx +2 -2
  138. package/.docs/organized/docs/integrations/onelogin-scim.mdx +1 -1
  139. package/.docs/organized/docs/integrations/oracle-saml.mdx +2 -2
  140. package/.docs/organized/docs/integrations/pingfederate-saml.mdx +2 -2
  141. package/.docs/organized/docs/integrations/pingfederate-scim.mdx +1 -1
  142. package/.docs/organized/docs/integrations/pingone-saml.mdx +2 -2
  143. package/.docs/organized/docs/integrations/rippling-saml.mdx +2 -2
  144. package/.docs/organized/docs/integrations/rippling-scim.mdx +1 -1
  145. package/.docs/organized/docs/integrations/sailpoint-scim.mdx +77 -0
  146. package/.docs/organized/docs/integrations/salesforce-oauth.mdx +116 -0
  147. package/.docs/organized/docs/integrations/salesforce-saml.mdx +4 -4
  148. package/.docs/organized/docs/integrations/saml.mdx +43 -23
  149. package/.docs/organized/docs/integrations/scim.mdx +36 -24
  150. package/.docs/organized/docs/integrations/sftp.mdx +59 -36
  151. package/.docs/organized/docs/integrations/shibboleth-generic-saml.mdx +1 -1
  152. package/.docs/organized/docs/integrations/shibboleth-unsolicited-saml.mdx +1 -1
  153. package/.docs/organized/docs/integrations/simple-saml-php.mdx +2 -2
  154. package/.docs/organized/docs/integrations/slack-oauth.mdx +53 -49
  155. package/.docs/organized/docs/integrations/supabase-authkit.mdx +46 -0
  156. package/.docs/organized/docs/integrations/{supabase.mdx → supabase-sso.mdx} +6 -4
  157. package/.docs/organized/docs/integrations/vercel-oauth.mdx +120 -0
  158. package/.docs/organized/docs/integrations/vmware-saml.mdx +2 -2
  159. package/.docs/organized/docs/integrations/workday.mdx +1 -1
  160. package/.docs/organized/docs/integrations/xero-oauth.mdx +77 -32
  161. package/.docs/organized/docs/magic-link/example-apps.mdx +11 -11
  162. package/.docs/organized/docs/magic-link/index.mdx +2 -0
  163. package/.docs/organized/docs/mfa/example-apps.mdx +2 -2
  164. package/.docs/organized/docs/mfa/index.mdx +2 -2
  165. package/.docs/organized/docs/mfa/ux/enrollment.mdx +1 -1
  166. package/.docs/organized/docs/mfa/ux/sign-in.mdx +1 -1
  167. package/.docs/organized/docs/migrate/_navigation.mdx +21 -1
  168. package/.docs/organized/docs/migrate/auth0.mdx +5 -5
  169. package/.docs/organized/docs/migrate/aws-cognito.mdx +5 -5
  170. package/.docs/organized/docs/migrate/better-auth.mdx +282 -0
  171. package/.docs/organized/docs/migrate/clerk.mdx +9 -11
  172. package/.docs/organized/docs/migrate/descope.mdx +290 -0
  173. package/.docs/organized/docs/migrate/firebase.mdx +4 -4
  174. package/.docs/organized/docs/migrate/other-services.mdx +25 -6
  175. package/.docs/organized/docs/migrate/standalone-sso.mdx +14 -14
  176. package/.docs/organized/docs/migrate/stytch.mdx +363 -0
  177. package/.docs/organized/docs/migrate/supabase.mdx +255 -0
  178. package/.docs/organized/docs/on-prem-deployment.mdx +1 -1
  179. package/.docs/organized/docs/pipes/_navigation.mdx +12 -0
  180. package/.docs/organized/docs/pipes/index.mdx +75 -0
  181. package/.docs/organized/docs/pipes/providers.mdx +9 -0
  182. package/.docs/organized/docs/rbac/_navigation.mdx +16 -0
  183. package/.docs/organized/docs/rbac/configuration.mdx +80 -0
  184. package/.docs/organized/docs/rbac/idp-role-assignment.mdx +79 -0
  185. package/.docs/organized/docs/rbac/index.mdx +24 -0
  186. package/.docs/organized/docs/rbac/integration.mdx +59 -0
  187. package/.docs/organized/docs/rbac/organization-roles.mdx +38 -0
  188. package/.docs/organized/docs/rbac/quick-start.mdx +52 -0
  189. package/.docs/organized/docs/reference/_navigation.mdx +437 -284
  190. package/.docs/organized/docs/reference/admin-portal/portal-link/index.mdx +1 -1
  191. package/.docs/organized/docs/reference/admin-portal/provider-icons/index.mdx +3 -3
  192. package/.docs/organized/docs/reference/{api-keys.mdx → api-authentication/index.mdx} +3 -3
  193. package/.docs/organized/docs/reference/audit-logs/configuration/index.mdx +97 -0
  194. package/.docs/organized/docs/reference/audit-logs/{create-event.mdx → event/create.mdx} +12 -2
  195. package/.docs/organized/docs/reference/audit-logs/event/index.mdx +92 -0
  196. package/.docs/organized/docs/reference/audit-logs/{create-export.mdx → export/create.mdx} +1 -1
  197. package/.docs/organized/docs/reference/audit-logs/{get-export.mdx → export/get.mdx} +1 -1
  198. package/.docs/organized/docs/reference/audit-logs/{audit-log-export.mdx → export/index.mdx} +11 -12
  199. package/.docs/organized/docs/reference/audit-logs/{get-retention.mdx → retention/get.mdx} +1 -1
  200. package/.docs/organized/docs/reference/audit-logs/retention/index.mdx +25 -0
  201. package/.docs/organized/docs/reference/audit-logs/{set-retention.mdx → retention/set.mdx} +1 -1
  202. package/.docs/organized/docs/reference/audit-logs/{create-schema.mdx → schema/create.mdx} +1 -1
  203. package/.docs/organized/docs/reference/audit-logs/{audit-log-schema.mdx → schema/index.mdx} +5 -6
  204. package/.docs/organized/docs/reference/audit-logs/{list-actions.mdx → schema/list-actions.mdx} +2 -1
  205. package/.docs/organized/docs/reference/audit-logs/{list-schemas.mdx → schema/list.mdx} +1 -1
  206. package/.docs/organized/docs/reference/authkit/api-keys/create-for-organization.mdx +40 -0
  207. package/.docs/organized/docs/reference/authkit/api-keys/delete.mdx +23 -0
  208. package/.docs/organized/docs/reference/authkit/api-keys/index.mdx +275 -0
  209. package/.docs/organized/docs/reference/authkit/api-keys/list-for-organization.mdx +41 -0
  210. package/.docs/organized/docs/reference/authkit/api-keys/validate.mdx +77 -0
  211. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/code.mdx +138 -18
  212. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/email-verification.mdx +10 -10
  213. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/error-codes.mdx +3 -3
  214. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/index.mdx +64 -17
  215. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/pkce.mdx +2 -2
  216. package/.docs/organized/docs/reference/authkit/authentication/get-authorization-url/redirect-uri.mdx +47 -0
  217. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/index.mdx +19 -11
  218. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/magic-auth.mdx +9 -9
  219. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/organization-selection.mdx +9 -9
  220. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/password.mdx +8 -8
  221. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/refresh-and-seal-session-data.mdx +3 -3
  222. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/refresh-token.mdx +17 -17
  223. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/session-cookie.mdx +7 -3
  224. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/totp.mdx +10 -10
  225. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/email-verification-required-error.mdx +3 -3
  226. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/index.mdx +1 -3
  227. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/mfa-challenge-error.mdx +3 -3
  228. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/mfa-enrollment-error.mdx +3 -3
  229. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/organization-authentication-required-error.mdx +3 -3
  230. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/organization-selection-error.mdx +3 -4
  231. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/sso-required-error.mdx +3 -3
  232. package/.docs/organized/docs/reference/authkit/cli-auth/device-authorization.mdx +61 -0
  233. package/.docs/organized/docs/reference/authkit/cli-auth/device-code.mdx +57 -0
  234. package/.docs/organized/docs/reference/authkit/cli-auth/error-codes.mdx +31 -0
  235. package/.docs/organized/docs/reference/authkit/cli-auth/index.mdx +22 -0
  236. package/.docs/organized/docs/reference/{user-management → authkit}/email-verification/get.mdx +8 -8
  237. package/.docs/organized/docs/reference/{user-management → authkit}/email-verification/index.mdx +9 -11
  238. package/.docs/organized/docs/reference/{user-management → authkit}/identity/index.mdx +6 -9
  239. package/.docs/organized/docs/reference/{user-management → authkit}/identity/list.mdx +5 -6
  240. package/.docs/organized/docs/reference/authkit/index.mdx +13 -0
  241. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/accept.mdx +5 -5
  242. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/find-by-token.mdx +8 -8
  243. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/get.mdx +8 -9
  244. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/index.mdx +10 -15
  245. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/list.mdx +10 -11
  246. package/.docs/organized/docs/reference/authkit/invitation/resend.mdx +109 -0
  247. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/revoke.mdx +8 -8
  248. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/send.mdx +23 -13
  249. package/.docs/organized/docs/reference/{user-management → authkit}/logout/get-logout-url-from-session-cookie.mdx +2 -2
  250. package/.docs/organized/docs/reference/{user-management → authkit}/logout/get-logout-url.mdx +8 -8
  251. package/.docs/organized/docs/reference/{user-management → authkit}/logout/index.mdx +4 -5
  252. package/.docs/organized/docs/reference/{user-management → authkit}/magic-auth/create.mdx +10 -10
  253. package/.docs/organized/docs/reference/{user-management → authkit}/magic-auth/get.mdx +9 -10
  254. package/.docs/organized/docs/reference/{user-management → authkit}/magic-auth/index.mdx +10 -15
  255. package/.docs/organized/docs/reference/{user-management → authkit}/mfa/authentication-challenge.mdx +9 -10
  256. package/.docs/organized/docs/reference/{user-management → authkit}/mfa/authentication-factor.mdx +11 -11
  257. package/.docs/organized/docs/reference/{user-management → authkit}/mfa/enroll-auth-factor.mdx +19 -15
  258. package/.docs/organized/docs/reference/authkit/mfa/index.mdx +11 -0
  259. package/.docs/organized/docs/reference/{user-management → authkit}/mfa/list-auth-factors.mdx +9 -9
  260. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/create.mdx +27 -10
  261. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/deactivate.mdx +10 -10
  262. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/delete.mdx +8 -8
  263. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/get.mdx +8 -8
  264. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/index.mdx +107 -14
  265. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/list.mdx +10 -10
  266. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/reactivate.mdx +11 -11
  267. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/update.mdx +25 -9
  268. package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/create.mdx +8 -8
  269. package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/get.mdx +8 -8
  270. package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/index.mdx +10 -12
  271. package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/reset-password.mdx +8 -8
  272. package/.docs/organized/docs/reference/authkit/session/index.mdx +128 -0
  273. package/.docs/organized/docs/reference/authkit/session/list.mdx +110 -0
  274. package/.docs/organized/docs/reference/authkit/session/revoke.mdx +73 -0
  275. package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/authenticate.mdx +22 -6
  276. package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/get-logout-url.mdx +5 -5
  277. package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/index.mdx +2 -2
  278. package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/load-sealed-session.mdx +4 -4
  279. package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/refresh.mdx +18 -6
  280. package/.docs/organized/docs/reference/{user-management → authkit}/session-tokens/access-token.mdx +16 -8
  281. package/.docs/organized/docs/reference/authkit/session-tokens/index.mdx +5 -0
  282. package/.docs/organized/docs/reference/{user-management → authkit}/session-tokens/jwks.mdx +8 -8
  283. package/.docs/organized/docs/reference/authkit/session-tokens/refresh-token.mdx +8 -0
  284. package/.docs/organized/docs/reference/{user-management → authkit}/user/create.mdx +36 -17
  285. package/.docs/organized/docs/reference/{user-management → authkit}/user/delete.mdx +8 -9
  286. package/.docs/organized/docs/reference/{user-management → authkit}/user/get-by-external-id.mdx +16 -4
  287. package/.docs/organized/docs/reference/{user-management → authkit}/user/get.mdx +8 -8
  288. package/.docs/organized/docs/reference/{user-management → authkit}/user/index.mdx +25 -15
  289. package/.docs/organized/docs/reference/{user-management → authkit}/user/list.mdx +9 -12
  290. package/.docs/organized/docs/reference/{user-management → authkit}/user/update.mdx +43 -20
  291. package/.docs/organized/docs/reference/{client-libraries.mdx → client-libraries/index.mdx} +2 -2
  292. package/.docs/organized/docs/reference/directory-sync/directory/index.mdx +1 -1
  293. package/.docs/organized/docs/reference/directory-sync/directory-group/index.mdx +1 -24
  294. package/.docs/organized/docs/reference/directory-sync/directory-user/index.mdx +1 -29
  295. package/.docs/organized/docs/reference/directory-sync/directory-user/list.mdx +1 -1
  296. package/.docs/organized/docs/reference/directory-sync/index.mdx +1 -1
  297. package/.docs/organized/docs/reference/domain-verification/create.mdx +35 -0
  298. package/.docs/organized/docs/reference/domain-verification/delete.mdx +55 -0
  299. package/.docs/organized/docs/reference/domain-verification/get.mdx +29 -0
  300. package/.docs/organized/docs/reference/domain-verification/index.mdx +57 -1
  301. package/.docs/organized/docs/reference/domain-verification/verify.mdx +29 -0
  302. package/.docs/organized/docs/reference/{errors.mdx → errors/index.mdx} +1 -1
  303. package/.docs/organized/docs/reference/events/list.mdx +5 -4
  304. package/.docs/organized/docs/reference/feature-flags/flag/disable.mdx +33 -0
  305. package/.docs/organized/docs/reference/feature-flags/flag/enable.mdx +33 -0
  306. package/.docs/organized/docs/reference/feature-flags/flag/get.mdx +32 -0
  307. package/.docs/organized/docs/reference/feature-flags/flag/index.mdx +116 -0
  308. package/.docs/organized/docs/reference/feature-flags/flag/list.mdx +67 -0
  309. package/.docs/organized/docs/reference/feature-flags/index.mdx +123 -0
  310. package/.docs/organized/docs/reference/feature-flags/targeting/add.mdx +43 -0
  311. package/.docs/organized/docs/reference/feature-flags/targeting/index.mdx +23 -0
  312. package/.docs/organized/docs/reference/feature-flags/targeting/list-for-organization.mdx +132 -0
  313. package/.docs/organized/docs/reference/feature-flags/targeting/list-for-user.mdx +94 -0
  314. package/.docs/organized/docs/reference/feature-flags/targeting/remove.mdx +43 -0
  315. package/.docs/organized/docs/reference/fga/access-check/check.mdx +102 -0
  316. package/.docs/organized/docs/reference/fga/access-check/index.mdx +6 -0
  317. package/.docs/organized/docs/reference/fga/access-check/list-memberships-by-external-id.mdx +143 -0
  318. package/.docs/organized/docs/reference/fga/access-check/list-memberships.mdx +127 -0
  319. package/.docs/organized/docs/reference/fga/access-check/list-resources.mdx +152 -0
  320. package/.docs/organized/docs/reference/fga/index.mdx +14 -2
  321. package/.docs/organized/docs/reference/fga/resource/create.mdx +74 -88
  322. package/.docs/organized/docs/reference/fga/resource/delete-by-external-id.mdx +78 -0
  323. package/.docs/organized/docs/reference/fga/resource/delete.mdx +38 -62
  324. package/.docs/organized/docs/reference/fga/resource/get-by-external-id.mdx +60 -0
  325. package/.docs/organized/docs/reference/fga/resource/get.mdx +15 -63
  326. package/.docs/organized/docs/reference/fga/resource/index.mdx +74 -73
  327. package/.docs/organized/docs/reference/fga/resource/list.mdx +90 -131
  328. package/.docs/organized/docs/reference/fga/resource/update-by-external-id.mdx +81 -0
  329. package/.docs/organized/docs/reference/fga/resource/update.mdx +29 -85
  330. package/.docs/organized/docs/reference/fga/role-assignment/create.mdx +89 -0
  331. package/.docs/organized/docs/reference/fga/role-assignment/delete-by-id.mdx +59 -0
  332. package/.docs/organized/docs/reference/fga/role-assignment/delete.mdx +90 -0
  333. package/.docs/organized/docs/reference/fga/role-assignment/index.mdx +106 -0
  334. package/.docs/organized/docs/reference/fga/role-assignment/list.mdx +86 -0
  335. package/.docs/organized/docs/reference/index.mdx +21 -12
  336. package/.docs/organized/docs/reference/magic-link/passwordless-session/index.mdx +1 -1
  337. package/.docs/organized/docs/reference/mfa/{challenge-factor.mdx → challenge/create.mdx} +1 -1
  338. package/.docs/organized/docs/reference/mfa/{authentication-challenge.mdx → challenge/index.mdx} +11 -14
  339. package/.docs/organized/docs/reference/mfa/{verify-challenge.mdx → challenge/verify.mdx} +10 -12
  340. package/.docs/organized/docs/reference/mfa/{delete-factor.mdx → factor/delete.mdx} +1 -1
  341. package/.docs/organized/docs/reference/mfa/{enroll-factor.mdx → factor/enroll.mdx} +1 -1
  342. package/.docs/organized/docs/reference/mfa/{get-factor.mdx → factor/get.mdx} +1 -1
  343. package/.docs/organized/docs/reference/mfa/{authentication-factor.mdx → factor/index.mdx} +11 -12
  344. package/.docs/organized/docs/reference/organization/create.mdx +1 -6
  345. package/.docs/organized/docs/reference/organization/get-by-external-id.mdx +1 -1
  346. package/.docs/organized/docs/reference/organization/index.mdx +5 -5
  347. package/.docs/organized/docs/reference/organization/update.mdx +1 -1
  348. package/.docs/organized/docs/reference/{pagination.mdx → pagination/index.mdx} +1 -3
  349. package/.docs/organized/docs/reference/pipes/access-token/get.mdx +174 -0
  350. package/.docs/organized/docs/reference/pipes/access-token/index.mdx +44 -0
  351. package/.docs/organized/docs/reference/pipes/connected-account/delete.mdx +42 -0
  352. package/.docs/organized/docs/reference/pipes/connected-account/get-authorize-url.mdx +49 -0
  353. package/.docs/organized/docs/reference/pipes/connected-account/get.mdx +42 -0
  354. package/.docs/organized/docs/reference/pipes/connected-account/index.mdx +69 -0
  355. package/.docs/organized/docs/reference/pipes/index.mdx +8 -0
  356. package/.docs/organized/docs/reference/pipes/provider/index.mdx +70 -0
  357. package/.docs/organized/docs/reference/pipes/provider/list.mdx +47 -0
  358. package/.docs/organized/docs/reference/radar/attempts/index.mdx +1 -1
  359. package/.docs/organized/docs/reference/radar/lists/index.mdx +1 -1
  360. package/.docs/organized/docs/reference/rate-limits/index.mdx +56 -0
  361. package/.docs/organized/docs/reference/roles/index.mdx +12 -262
  362. package/.docs/organized/docs/reference/roles/organization-role/add-permission.mdx +75 -0
  363. package/.docs/organized/docs/reference/roles/organization-role/create.mdx +95 -0
  364. package/.docs/organized/docs/reference/roles/organization-role/delete.mdx +47 -0
  365. package/.docs/organized/docs/reference/roles/organization-role/get.mdx +55 -0
  366. package/.docs/organized/docs/reference/roles/organization-role/index.mdx +148 -0
  367. package/.docs/organized/docs/reference/roles/organization-role/list.mdx +68 -0
  368. package/.docs/organized/docs/reference/roles/organization-role/remove-permission.mdx +68 -0
  369. package/.docs/organized/docs/reference/roles/organization-role/set-permissions.mdx +79 -0
  370. package/.docs/organized/docs/reference/roles/organization-role/update.mdx +85 -0
  371. package/.docs/organized/docs/reference/roles/permission/create.mdx +101 -0
  372. package/.docs/organized/docs/reference/roles/permission/delete.mdx +38 -0
  373. package/.docs/organized/docs/reference/roles/permission/get.mdx +45 -0
  374. package/.docs/organized/docs/reference/roles/permission/index.mdx +128 -0
  375. package/.docs/organized/docs/reference/roles/permission/list.mdx +91 -0
  376. package/.docs/organized/docs/reference/roles/permission/update.mdx +80 -0
  377. package/.docs/organized/docs/reference/roles/role/add-permission.mdx +63 -0
  378. package/.docs/organized/docs/reference/roles/role/create.mdx +103 -0
  379. package/.docs/organized/docs/reference/roles/role/get.mdx +52 -0
  380. package/.docs/organized/docs/reference/roles/role/index.mdx +135 -0
  381. package/.docs/organized/docs/reference/roles/role/list.mdx +56 -0
  382. package/.docs/organized/docs/reference/roles/role/set-permissions.mdx +67 -0
  383. package/.docs/organized/docs/reference/roles/role/update.mdx +78 -0
  384. package/.docs/organized/docs/reference/sso/connection/index.mdx +2 -2
  385. package/.docs/organized/docs/reference/sso/get-authorization-url/error-codes.mdx +5 -3
  386. package/.docs/organized/docs/reference/sso/get-authorization-url/index.mdx +24 -2
  387. package/.docs/organized/docs/reference/sso/get-authorization-url/redirect-uri.mdx +25 -1
  388. package/.docs/organized/docs/reference/sso/index.mdx +1 -1
  389. package/.docs/organized/docs/reference/sso/logout/authorize.mdx +0 -1
  390. package/.docs/organized/docs/reference/sso/logout/index.mdx +1 -2
  391. package/.docs/organized/docs/reference/sso/logout/redirect.mdx +0 -1
  392. package/.docs/organized/docs/reference/sso/profile/get-profile-and-token.mdx +13 -1
  393. package/.docs/organized/docs/reference/sso/profile/index.mdx +25 -24
  394. package/.docs/organized/docs/reference/{testing.mdx → testing/index.mdx} +1 -1
  395. package/.docs/organized/docs/reference/vault/key/create-data-key.mdx +29 -0
  396. package/.docs/organized/docs/reference/vault/key/decrypt-data-key.mdx +20 -0
  397. package/.docs/organized/docs/reference/vault/key/decrypt-data.mdx +24 -0
  398. package/.docs/organized/docs/reference/vault/key/encrypt-data.mdx +20 -0
  399. package/.docs/organized/docs/reference/vault/object/create.mdx +17 -0
  400. package/.docs/organized/docs/reference/vault/object/delete.mdx +12 -0
  401. package/.docs/organized/docs/reference/vault/object/get-by-name.mdx +61 -0
  402. package/.docs/organized/docs/reference/vault/object/get.mdx +11 -0
  403. package/.docs/organized/docs/reference/vault/object/index.mdx +50 -4
  404. package/.docs/organized/docs/reference/vault/object/list.mdx +40 -1
  405. package/.docs/organized/docs/reference/vault/object/update.mdx +18 -0
  406. package/.docs/organized/docs/reference/vault/object/version.mdx +15 -2
  407. package/.docs/organized/docs/reference/vault/object/versions.mdx +13 -0
  408. package/.docs/organized/docs/reference/widgets/get-token.mdx +8 -5
  409. package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/create.mdx +55 -0
  410. package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/delete.mdx +28 -0
  411. package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/index.mdx +60 -0
  412. package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/list.mdx +52 -0
  413. package/.docs/organized/docs/reference/workos-connect/applications/create.mdx +79 -0
  414. package/.docs/organized/docs/reference/workos-connect/applications/delete.mdx +28 -0
  415. package/.docs/organized/docs/reference/workos-connect/applications/get.mdx +59 -0
  416. package/.docs/organized/docs/reference/workos-connect/applications/index.mdx +40 -0
  417. package/.docs/organized/docs/reference/workos-connect/applications/list.mdx +49 -0
  418. package/.docs/organized/docs/reference/workos-connect/applications/m2m.mdx +52 -0
  419. package/.docs/organized/docs/reference/workos-connect/applications/oauth.mdx +85 -0
  420. package/.docs/organized/docs/reference/workos-connect/applications/update.mdx +59 -0
  421. package/.docs/organized/docs/reference/workos-connect/authorize/index.mdx +29 -1
  422. package/.docs/organized/docs/reference/workos-connect/cli-auth/authorize-device/index.mdx +81 -0
  423. package/.docs/organized/docs/reference/workos-connect/cli-auth/device-code-grant.mdx +74 -0
  424. package/.docs/organized/docs/reference/workos-connect/cli-auth/index.mdx +23 -0
  425. package/.docs/organized/docs/reference/workos-connect/index.mdx +1 -1
  426. package/.docs/organized/docs/reference/workos-connect/introspection/index.mdx +8 -3
  427. package/.docs/organized/docs/reference/workos-connect/metadata/index.mdx +1 -1
  428. package/.docs/organized/docs/reference/workos-connect/metadata/oauth-authorization-server/index.mdx +1 -1
  429. package/.docs/organized/docs/reference/workos-connect/standalone/complete.mdx +68 -0
  430. package/.docs/organized/docs/reference/workos-connect/standalone/index.mdx +9 -0
  431. package/.docs/organized/docs/reference/workos-connect/standalone/user-consent-options.mdx +41 -0
  432. package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/access-token.mdx +6 -0
  433. package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/id-token.mdx +1 -1
  434. package/.docs/organized/docs/reference/workos-connect/token/{authorization-code-grant/index.mdx → authorization-code-grant.mdx} +23 -2
  435. package/.docs/organized/docs/reference/workos-connect/token/client-credentials-grant/access-token.mdx +1 -1
  436. package/.docs/organized/docs/reference/workos-connect/token/{client-credentials-grant/index.mdx → client-credentials-grant.mdx} +2 -2
  437. package/.docs/organized/docs/reference/workos-connect/token/index.mdx +5 -4
  438. package/.docs/organized/docs/reference/workos-connect/token/refresh-token-grant.mdx +1 -1
  439. package/.docs/organized/docs/reference/workos-connect/userinfo/index.mdx +2 -2
  440. package/.docs/organized/docs/sdks/authkit-js.mdx +14 -0
  441. package/.docs/organized/docs/sdks/authkit-nextjs.mdx +14 -0
  442. package/.docs/organized/docs/sdks/authkit-react-router.mdx +14 -0
  443. package/.docs/organized/docs/sdks/authkit-react.mdx +14 -0
  444. package/.docs/organized/docs/sdks/authkit-remix.mdx +14 -0
  445. package/.docs/organized/docs/sdks/authkit-tanstack-start.mdx +14 -0
  446. package/.docs/organized/docs/sso/_navigation.mdx +8 -2
  447. package/.docs/organized/docs/sso/attributes.mdx +15 -3
  448. package/.docs/organized/docs/sso/domains.mdx +8 -6
  449. package/.docs/organized/docs/sso/example-apps.mdx +2 -2
  450. package/.docs/organized/docs/sso/identity-provider-role-assignment.mdx +30 -30
  451. package/.docs/organized/docs/sso/index.mdx +7 -6
  452. package/.docs/organized/docs/sso/it-team-faq.mdx +1 -1
  453. package/.docs/organized/docs/sso/jit-provisioning.mdx +2 -3
  454. package/.docs/organized/docs/sso/launch-checklist.mdx +2 -2
  455. package/.docs/organized/docs/sso/login-flows.mdx +3 -3
  456. package/.docs/organized/docs/sso/redirect-uris.mdx +22 -11
  457. package/.docs/organized/docs/sso/saml-security.mdx +1 -1
  458. package/.docs/organized/docs/sso/sign-in-consent.mdx +59 -0
  459. package/.docs/organized/docs/sso/signing-certificates.mdx +7 -7
  460. package/.docs/organized/docs/sso/single-logout.mdx +0 -1
  461. package/.docs/organized/docs/sso/ux/sessions.mdx +99 -0
  462. package/.docs/organized/docs/sso/ux/sign-in.mdx +1 -1
  463. package/.docs/organized/docs/vault/_navigation.mdx +2 -0
  464. package/.docs/organized/docs/vault/byok.mdx +140 -0
  465. package/.docs/organized/docs/vault/index.mdx +1 -1
  466. package/.docs/organized/docs/widgets/_navigation.mdx +48 -0
  467. package/.docs/organized/docs/widgets/admin-portal-domain-verification.mdx +24 -0
  468. package/.docs/organized/docs/widgets/admin-portal-sso-connection.mdx +20 -0
  469. package/.docs/organized/docs/widgets/api-keys.mdx +28 -0
  470. package/.docs/organized/docs/widgets/audit-log-streaming.mdx +25 -0
  471. package/.docs/organized/docs/widgets/directory-sync.mdx +23 -0
  472. package/.docs/organized/docs/widgets/index.mdx +12 -0
  473. package/.docs/organized/docs/widgets/localization.mdx +111 -0
  474. package/.docs/organized/docs/widgets/organization-switcher.mdx +47 -0
  475. package/.docs/organized/docs/widgets/pipes.mdx +27 -0
  476. package/.docs/organized/docs/widgets/quick-start.mdx +38 -0
  477. package/.docs/organized/docs/widgets/styling/css-customization.mdx +100 -0
  478. package/.docs/organized/docs/widgets/styling/index.mdx +29 -0
  479. package/.docs/organized/docs/widgets/styling/theme-customization.mdx +51 -0
  480. package/.docs/organized/docs/widgets/tokens.mdx +17 -0
  481. package/.docs/organized/docs/widgets/user-management.mdx +28 -0
  482. package/.docs/organized/docs/widgets/user-profile.mdx +30 -0
  483. package/.docs/organized/docs/widgets/user-security.mdx +31 -0
  484. package/.docs/organized/docs/widgets/user-sessions.mdx +26 -0
  485. package/LICENSE +21 -0
  486. package/README.md +14 -1
  487. package/dist/prepare.js +1 -1
  488. package/dist/prepare.js.map +1 -1
  489. package/package.json +2 -1
  490. package/.docs/organized/docs/dashboard.mdx +0 -244
  491. package/.docs/organized/docs/demo/_navigation.mdx +0 -26
  492. package/.docs/organized/docs/demo/accordion.mdx +0 -34
  493. package/.docs/organized/docs/demo/checklist.mdx +0 -33
  494. package/.docs/organized/docs/demo/code-block.mdx +0 -185
  495. package/.docs/organized/docs/demo/definition-list.mdx +0 -35
  496. package/.docs/organized/docs/demo/index.mdx +0 -7
  497. package/.docs/organized/docs/demo/punctuation.mdx +0 -37
  498. package/.docs/organized/docs/demo/replacements.mdx +0 -26
  499. package/.docs/organized/docs/demo/table.mdx +0 -26
  500. package/.docs/organized/docs/demo/tabs.mdx +0 -17
  501. package/.docs/organized/docs/fga/identity-provider-sessions.mdx +0 -68
  502. package/.docs/organized/docs/fga/local-development.mdx +0 -155
  503. package/.docs/organized/docs/fga/modeling/abac.mdx +0 -107
  504. package/.docs/organized/docs/fga/modeling/blocklist.mdx +0 -84
  505. package/.docs/organized/docs/fga/modeling/conditional-roles.mdx +0 -99
  506. package/.docs/organized/docs/fga/modeling/custom-roles.mdx +0 -90
  507. package/.docs/organized/docs/fga/modeling/entitlements.mdx +0 -127
  508. package/.docs/organized/docs/fga/modeling/managed-service-provider.mdx +0 -131
  509. package/.docs/organized/docs/fga/modeling/org-roles-and-permissions.mdx +0 -95
  510. package/.docs/organized/docs/fga/modeling/policy-context.mdx +0 -231
  511. package/.docs/organized/docs/fga/modeling/public-access.mdx +0 -61
  512. package/.docs/organized/docs/fga/modeling/shareable-content.mdx +0 -106
  513. package/.docs/organized/docs/fga/modeling/superusers.mdx +0 -74
  514. package/.docs/organized/docs/fga/modeling/user-groups.mdx +0 -92
  515. package/.docs/organized/docs/fga/operations-usage.mdx +0 -104
  516. package/.docs/organized/docs/fga/playground.mdx +0 -12
  517. package/.docs/organized/docs/fga/policies.mdx +0 -462
  518. package/.docs/organized/docs/fga/query-language.mdx +0 -112
  519. package/.docs/organized/docs/fga/schema-management.mdx +0 -224
  520. package/.docs/organized/docs/fga/schema.mdx +0 -388
  521. package/.docs/organized/docs/fga/warrant-tokens.mdx +0 -44
  522. package/.docs/organized/docs/fga/warrants.mdx +0 -92
  523. package/.docs/organized/docs/reference/fga/batch-check.mdx +0 -277
  524. package/.docs/organized/docs/reference/fga/check.mdx +0 -563
  525. package/.docs/organized/docs/reference/fga/policy/create.mdx +0 -27
  526. package/.docs/organized/docs/reference/fga/policy/delete.mdx +0 -18
  527. package/.docs/organized/docs/reference/fga/policy/get.mdx +0 -23
  528. package/.docs/organized/docs/reference/fga/policy/index.mdx +0 -52
  529. package/.docs/organized/docs/reference/fga/policy/list.mdx +0 -41
  530. package/.docs/organized/docs/reference/fga/policy/update.mdx +0 -26
  531. package/.docs/organized/docs/reference/fga/query.mdx +0 -375
  532. package/.docs/organized/docs/reference/fga/resource/batch-write.mdx +0 -175
  533. package/.docs/organized/docs/reference/fga/resource-type/apply.mdx +0 -35
  534. package/.docs/organized/docs/reference/fga/resource-type/create.mdx +0 -24
  535. package/.docs/organized/docs/reference/fga/resource-type/delete.mdx +0 -22
  536. package/.docs/organized/docs/reference/fga/resource-type/get.mdx +0 -23
  537. package/.docs/organized/docs/reference/fga/resource-type/index.mdx +0 -68
  538. package/.docs/organized/docs/reference/fga/resource-type/list.mdx +0 -36
  539. package/.docs/organized/docs/reference/fga/resource-type/update.mdx +0 -23
  540. package/.docs/organized/docs/reference/fga/schema/apply.mdx +0 -42
  541. package/.docs/organized/docs/reference/fga/schema/get.mdx +0 -24
  542. package/.docs/organized/docs/reference/fga/schema/index.mdx +0 -39
  543. package/.docs/organized/docs/reference/fga/warrant/batch-write.mdx +0 -226
  544. package/.docs/organized/docs/reference/fga/warrant/create.mdx +0 -215
  545. package/.docs/organized/docs/reference/fga/warrant/delete.mdx +0 -212
  546. package/.docs/organized/docs/reference/fga/warrant/index.mdx +0 -186
  547. package/.docs/organized/docs/reference/fga/warrant/list.mdx +0 -282
  548. package/.docs/organized/docs/reference/idempotency.mdx +0 -21
  549. package/.docs/organized/docs/reference/organization-domain.mdx +0 -189
  550. package/.docs/organized/docs/reference/rate-limits.mdx +0 -50
  551. package/.docs/organized/docs/reference/roles/list-for-organization.mdx +0 -152
  552. package/.docs/organized/docs/reference/user-management/access-token/index.mdx +0 -13
  553. package/.docs/organized/docs/reference/user-management/authentication/get-authorization-url/redirect-uri.mdx +0 -23
  554. package/.docs/organized/docs/reference/user-management/index.mdx +0 -13
  555. package/.docs/organized/docs/reference/user-management/mfa/index.mdx +0 -5
  556. package/.docs/organized/docs/reference/user-management/session-tokens/index.mdx +0 -5
  557. package/.docs/organized/docs/reference/user-management/session-tokens/refresh-token.mdx +0 -8
  558. package/.docs/organized/docs/user-management/_navigation.mdx +0 -87
  559. package/.docs/organized/docs/user-management/authkit.mdx +0 -69
  560. package/.docs/organized/docs/user-management/connect.mdx +0 -110
  561. package/.docs/organized/docs/user-management/directory-provisioning.mdx +0 -78
  562. package/.docs/organized/docs/user-management/email-verification.mdx +0 -29
  563. package/.docs/organized/docs/user-management/entitlements.mdx +0 -46
  564. package/.docs/organized/docs/user-management/jit-provisioning.mdx +0 -36
  565. package/.docs/organized/docs/user-management/overview.mdx +0 -46
  566. package/.docs/organized/docs/user-management/roles-and-permissions.mdx +0 -155
  567. package/.docs/organized/docs/user-management/users-organizations.mdx +0 -91
  568. package/.docs/organized/docs/user-management/widgets.mdx +0 -190
package/.docs/organized/docs/fga/quick-start.mdx CHANGED
@@ -1,174 +1,359 @@
1
1
  ---
2
2
  title: Quick Start
3
3
  description: >-
4
- Set up resource types and warrants that model your authorization requirements.
5
- Then use the SDK to make access checks from your application.
4
+ Build a complete authorization model from resource types to access checks in
5
+ minutes.
6
+ showNextPage: true
6
7
  originalPath: .tmp-workos-clone/packages/docs/content/fga/quick-start.mdx
7
8
  ---
8
9
 
9
- ## Before getting started
10
+ ## What you'll build
10
11
 
11
- To get the most out of this guide, you should have:
12
+ This guide walks you through the entire FGA workflow using a real-world example: a project management application where organizations contain workspaces, and workspaces contain projects. By the end, you'll have:
12
13
 
13
- - A [WorkOS account](https://dashboard.workos.com/)
14
- - Your WorkOS [API Key](/glossary/api-key)
15
- - A basic understanding of [resource types](/fga/schema/schema-syntax/resource-types)
14
+ - A resource type hierarchy modeled in the Dashboard
15
+ - Roles and permissions scoped to each resource type
16
+ - Resources registered via the API
17
+ - Role assignments granting users access
18
+ - Access checks verifying permissions
19
+ - Discovery queries listing accessible resources
16
20
 
17
- ## What you'll build
21
+ The guide follows the same order you'd use when integrating FGA into your product.
18
22
 
19
- In this guide, we'll implement fine-grained authorization for a simple B2B SaaS application that gives users the ability to build and share reports generated using company data.
23
+ ---
20
24
 
21
- We will:
25
+ ## 1. Configure resource types
22
26
 
23
- 1. Design a resource type schema that models the application's authorization requirements.
24
- 2. Create warrants to define relationships between the application's resources.
25
- 3. Make access checks that determine whether or not a user should have access to a resource.
27
+ Resource types define the schema of your authorization model. Start by mapping your product's entity hierarchy in the [WorkOS Dashboard](https://dashboard.workos.com/).
26
28
 
27
- ## API resource definitions
29
+ For our project management app, the hierarchy looks like:
28
30
 
29
- [Schema](/fga/schema)
30
- : A schema defining the different types of relationships available on your application's resources and how those relationships can be inherited
31
+ ```text
32
+ organization (implicit root)
33
+ └─ workspace
34
+ └─ project
35
+ ```
31
36
 
32
- [Warrant](/fga/warrants)
33
- : A rule assigning a relationship between two resources in your application
37
+ Navigate to **Authorization > Resource Types** and click **Model resource types**.
34
38
 
35
- ## (1) Install the WorkOS CLI
39
+ ![FGA model resource types](https://images.workoscdn.com/images/131f0723-6185-4641-946d-e713eec118d1.png?auto=format&fit=clip&q=50)
36
40
 
37
- Install the WorkOS CLI using [Homebrew](https://brew.sh/).
41
+ Create the `workspace` resource type first. Give it a name, a slug, and set its parent to `organization`. Then create `project` with its parent set to `workspace`.
38
42
 
39
- ```shell
40
- brew install workos/tap/workos-cli
41
- ```
43
+ ![FGA project resource type](https://images.workoscdn.com/images/a4b3fc33-b6f6-4f0e-a0b7-0d5309ab32a9.png?auto=format&fit=clip&q=50)
42
44
 
43
- To initialize the CLI, use the command below. Follow the prompts to complete setup.
45
+ The Dashboard validates your hierarchy as you build it, ensuring constraints like single-parent relationships and maximum depth are respected.
44
46
 
45
- ```shell
46
- workos init
47
- ```
47
+ ---
48
+
49
+ ## 2. Create roles and permissions
50
+
51
+ With resource types defined, create the roles and permissions that describe what users can do. Navigate to **Authorization > Permissions** in the Dashboard.
52
+
53
+ ### Define permissions
54
+
55
+ Permissions represent specific actions on a resource type. We recommend a `{resource_type}:{action}` naming pattern.
56
+
57
+ Navigate to **Authorization > Permissions** and click **Create permission**. Select the resource type the permission applies to, give it a name and slug, and save.
58
+
59
+ ![FGA workspace viewer permission](https://images.workoscdn.com/images/2b656ec6-9391-4a0a-919e-7f31ffb6311a.png?auto=format&fit=clip&q=50)
60
+
61
+ Create the following permissions for our example:
62
+
63
+ | Permission | Resource Type | Description |
64
+ | ---------------- | ------------- | ------------------------------ |
65
+ | `workspace:view` | workspace | View a workspace |
66
+ | `workspace:edit` | workspace | Edit workspace settings |
67
+ | `project:view` | project | View a project |
68
+ | `project:edit` | project | Edit a project |
69
+ | `project:create` | project | Create projects in a workspace |
70
+ | `project:delete` | project | Delete a project |
71
+
72
+ ### Define roles
73
+
74
+ Roles bundle permissions and are scoped to a resource type. The key feature is that roles can include permissions for child types, enabling inheritance.
75
+
76
+ Create a `workspace-admin` role scoped to the `workspace` resource type. Include permissions for the workspace itself and its child types:
77
+
78
+ ![FGA create role set details](https://images.workoscdn.com/images/9e943b39-8c7f-448a-8568-2408402d2873.png?auto=format&fit=clip&q=50)
79
+
80
+ Select which permissions to include—both same-type and child-type permissions:
81
+
82
+ ![FGA create role assign permissions](https://images.workoscdn.com/images/98c6a8b5-8814-49d9-a27f-9ba32525c214.png?auto=format&fit=clip&q=50)
83
+
84
+ Here's a useful set of roles for our example:
85
+
86
+ | Role | Scoped to | Permissions included |
87
+ | ------------------ | --------- | ------------------------------------------------------------------------------------------------------ |
88
+ | `workspace-admin` | workspace | `workspace:view`, `workspace:edit`, `project:view`, `project:edit`, `project:create`, `project:delete` |
89
+ | `workspace-member` | workspace | `workspace:view`, `project:view` |
90
+ | `project-editor` | project | `project:view`, `project:edit` |
91
+ | `project-viewer` | project | `project:view` |
92
+
93
+ A `workspace-admin` assignment on a single workspace grants access to all projects within it. A `project-editor` assignment grants access to only that specific project. This layered approach minimizes the number of assignments you need to manage.
48
94
 
49
95
  ---
50
96
 
51
- ## (2) Define a resource type schema
97
+ ## 3. Create resources
98
+
99
+ Resources are runtime instances of your resource types. Register them via the API as users create entities in your application.
100
+
101
+ ### Top-level resources
102
+
103
+ When a user creates a workspace, register it as a resource. Top-level resources default to the organization as their parent:
52
104
 
53
- Our application has three types of resources: reports, teams, and users. Our authorization model should meet the following requirements:
105
+ ```bash
106
+ curl https://api.workos.com/authorization/resources \
107
+ -X POST \
108
+ -H "Authorization: Bearer sk_example_123456789" \
109
+ -H "Content-Type: application/json" \
110
+ -d '{
111
+ "resource_type_slug": "workspace",
112
+ "external_id": "workspace_01H",
113
+ "organization_id": "org_01HXYZ",
114
+ "name": "Engineering"
115
+ }'
116
+ ```
54
117
 
55
- - Every report belongs to a team.
56
- - Every user belongs to a team.
57
- - Users who create a report are considered the owner of the report.
58
- - The owner of a report can also edit the report.
59
- - The owner of a report can add other users as editors.
60
- - An editor of a report can also view the report.
61
- - Users can view any report belonging to their team.
118
+ Response:
119
+
120
+ ```json
121
+ {
122
+ "id": "authz_resource_01HABC",
123
+ "resource_type_slug": "workspace",
124
+ "external_id": "workspace_01H",
125
+ "organization_id": "org_01HXYZ",
126
+ "name": "Engineering",
127
+ "parent_resource_id": null,
128
+ "created_at": "2025-01-15T10:30:00Z",
129
+ "updated_at": "2025-01-15T10:30:00Z"
130
+ }
131
+ ```
62
132
 
63
- We'll define the following resource type schema to fulfill these requirements:
133
+ The `external_id` is your application's identifier for this entity—typically the primary key from your database. Use it to reference this resource in future API calls without needing to store the WorkOS resource ID.
134
+
135
+ ### Child resources
136
+
137
+ When a user creates a project inside a workspace, register it with a parent reference. You can reference the parent by its external ID and type:
138
+
139
+ ```bash
140
+ curl https://api.workos.com/authorization/resources \
141
+ -X POST \
142
+ -H "Authorization: Bearer sk_example_123456789" \
143
+ -H "Content-Type: application/json" \
144
+ -d '{
145
+ "resource_type_slug": "project",
146
+ "external_id": "project_02H",
147
+ "organization_id": "org_01HXYZ",
148
+ "parent_resource_type_slug": "workspace",
149
+ "parent_resource_external_id": "workspace_01H",
150
+ "name": "API Backend"
151
+ }'
152
+ ```
64
153
 
65
- ```fga title="schema.txt"
66
- version 0.3
154
+ Or reference the parent by its internal WorkOS ID:
155
+
156
+ ```bash
157
+ curl https://api.workos.com/authorization/resources \
158
+ -X POST \
159
+ -H "Authorization: Bearer sk_example_123456789" \
160
+ -H "Content-Type: application/json" \
161
+ -d '{
162
+ "resource_type_slug": "project",
163
+ "external_id": "project_03H",
164
+ "organization_id": "org_01HXYZ",
165
+ "parent_resource_id": "authz_resource_01HABC",
166
+ "name": "Mobile App"
167
+ }'
168
+ ```
67
169
 
68
- type user
170
+ Register resources immediately after saving the entity to your database. The resource needs to exist in WorkOS before you can assign roles or check permissions on it.
69
171
 
70
- type team
71
- relation member [user]
172
+ ---
173
+
174
+ ## 4. Assign roles
72
175
 
73
- type report
74
- relation parent [team]
75
- relation owner [user]
76
- relation editor [user]
77
- relation viewer [user]
176
+ Assignments connect a user (through their organization membership) to a role on a specific resource. This is what actually grants access.
78
177
 
79
- inherit editor if
80
- relation owner
178
+ ### Assign a workspace role
81
179
 
82
- inherit viewer if
83
- any_of
84
- relation editor
85
- relation member on parent [team]
180
+ Give Alice (`om_01HXYZ`) the `workspace-admin` role on the Engineering workspace:
86
181
 
182
+ ```bash
183
+ curl https://api.workos.com/authorization/organization_memberships/om_01HXYZ/role_assignments \
184
+ -X POST \
185
+ -H "Authorization: Bearer sk_example_123456789" \
186
+ -H "Content-Type: application/json" \
187
+ -d '{
188
+ "role_slug": "workspace-admin",
189
+ "resource_type_slug": "workspace",
190
+ "resource_external_id": "workspace_01H"
191
+ }'
87
192
  ```
88
193
 
89
- ### (A) Using the CLI
194
+ Because `workspace-admin` includes child-type permissions like `project:view` and `project:edit`, Alice now has access to all projects within the Engineering workspace—without needing separate assignments on each project.
195
+
196
+ ### Assign a resource-specific role
90
197
 
91
- Create a file called `schema.txt` containing the schema definition from above. Then use the CLI to update your schema in WorkOS FGA.
198
+ Give Bob the `project-editor` role on just the API Backend project:
92
199
 
93
- ```shell
94
- workos fga schema apply schema.txt
200
+ ```bash
201
+ curl https://api.workos.com/authorization/organization_memberships/om_02HXYZ/role_assignments \
202
+ -X POST \
203
+ -H "Authorization: Bearer sk_example_123456789" \
204
+ -H "Content-Type: application/json" \
205
+ -d '{
206
+ "role_slug": "project-editor",
207
+ "resource_type_slug": "project",
208
+ "resource_external_id": "project_02H"
209
+ }'
95
210
  ```
96
211
 
97
- ### (B) Using the FGA Dashboard
212
+ Bob can view and edit the API Backend project, but has no access to other projects in the workspace unless separately assigned.
98
213
 
99
- Define a resource type schema from the FGA dashboard using the schema editor available on the [Schema](https://fga.workos.com/schema) page.
214
+ ### View assignments in the Dashboard
215
+
216
+ Navigate to an organization membership in the Dashboard to see all role assignments for that user:
217
+
218
+ ![FGA assignments](https://images.workoscdn.com/images/c9a27787-a97c-4e8b-ac86-05cba25374ae.png?auto=format&fit=clip&q=50)
100
219
 
101
220
  ---
102
221
 
103
- ## (3) Create warrants
222
+ ## 5. Check permissions
104
223
 
105
- Warrants are rules that assign relationships between the resources in an application. These relationships are then used to figure out whether or not a user should have access to a resource.
224
+ Access checks answer: "Can this user perform this action on this resource?" FGA evaluates all possible sources of access—direct assignments, inherited permissions from parent resources, and organization-level roles.
106
225
 
107
- For example, let's create two warrants:
226
+ ### Check by resource external ID
108
227
 
109
- - One specifying that `[user:d6ed6474-784e-407e-a1ea-42a91d4c52b9] is a [member] of [team:stark]`
110
- - One specifying that `[team:stark] is [parent] of [report:7]`
228
+ Check whether Alice (`om_01HXYZ`) can edit the API Backend project:
111
229
 
112
- ### (A) Using the CLI
230
+ ```bash
231
+ curl https://api.workos.com/authorization/organization_memberships/om_01HXYZ/check \
232
+ -X POST \
233
+ -H "Authorization: Bearer sk_example_123456789" \
234
+ -H "Content-Type: application/json" \
235
+ -d '{
236
+ "permission_slug": "project:edit",
237
+ "resource_type_slug": "project",
238
+ "resource_external_id": "project_02H"
239
+ }'
240
+ ```
113
241
 
114
- Create warrants using the CLI.
242
+ Response:
115
243
 
116
- ```shell
117
- workos fga warrant create user:d6ed6474-784e-407e-a1ea-42a91d4c52b9 member team:stark
118
- workos fga warrant create team:stark parent report:7
244
+ ```json
245
+ {
246
+ "authorized": true
247
+ }
119
248
  ```
120
249
 
121
- ### (B) Using the SDK
250
+ Alice is authorized because her `workspace-admin` role on the Engineering workspace includes `project:edit`, which flows down to all projects in that workspace.
251
+
252
+ ### Check by resource ID
253
+
254
+ You can also reference resources by their internal WorkOS ID:
255
+
256
+ ```bash
257
+ curl https://api.workos.com/authorization/organization_memberships/om_01HXYZ/check \
258
+ -X POST \
259
+ -H "Authorization: Bearer sk_example_123456789" \
260
+ -H "Content-Type: application/json" \
261
+ -d '{
262
+ "permission_slug": "project:edit",
263
+ "resource_id": "authz_resource_02HDEF"
264
+ }'
265
+ ```
122
266
 
123
- <LanguageSelector languages={['go', 'java', 'js', 'python']}>
124
- Install the SDK using the command below.
267
+ ### Integrate into your application
125
268
 
126
- <CodeBlock title="Install the WorkOS SDK" file="install-sdk">
127
- <CodeBlockTab language="js" file="install-sdk-npm" title="npm" />
128
- <CodeBlockTab language="js" file="install-sdk-yarn" title="Yarn" />
129
- <CodeBlockTab language="java" file="install-sdk-maven" title="Maven" />
130
- <CodeBlockTab language="java" file="install-sdk-gradle" title="Gradle" />
131
- </CodeBlock>
132
- </LanguageSelector>
269
+ Here's how an access check looks in practice, protecting an API endpoint:
133
270
 
134
- Create warrants programmatically from your application using the SDK.
271
+ ```javascript
272
+ import { WorkOS } from '@workos-inc/node';
135
273
 
136
- <CodeBlock title="Create Warrants" file="create-warrants" />
274
+ const workos = new WorkOS(process.env.WORKOS_API_KEY);
275
+
276
+ app.patch('/projects/:projectId', async (req, res) => {
277
+ const { organizationMembershipId } = req.user;
278
+ const { projectId } = req.params;
279
+
280
+ const { authorized } = await workos.authorization.check({
281
+ organizationMembershipId,
282
+ permissionSlug: 'project:edit',
283
+ resourceExternalId: projectId,
284
+ resourceTypeSlug: 'project',
285
+ });
286
+
287
+ if (!authorized) {
288
+ return res.status(403).json({ error: 'Forbidden' });
289
+ }
290
+
291
+ const project = await updateProject(projectId, req.body);
292
+ return res.json(project);
293
+ });
294
+ ```
295
+
296
+ Access checks are designed to be low-latency and reflect role changes immediately—without requiring cache invalidation or waiting for propagation delays.
137
297
 
138
298
  ---
139
299
 
140
- ## (4) Check and query access
300
+ ## 6. Discover access
141
301
 
142
- Now that we have our resource types and some warrants set up, we can check and query access.
302
+ FGA provides discovery endpoints that power common product features like filtered navigation, member lists, and sharing dialogs.
143
303
 
144
- Since we assigned `[team:stark]` as the `parent` team of `[report:7]` and `[user:d6ed6474-784e-407e-a1ea-42a91d4c52b9]` as a `member` of `[team:stark]`, they should automatically be a `viewer` of `[report:7]`. Let's do a check to make sure.
304
+ ### List resources a user can access
145
305
 
146
- ### (A) Using the CLI
306
+ Find all projects Alice (`om_01HXYZ`) can edit within the Engineering workspace:
147
307
 
148
- Check if a subject has a given relation on a resource.
308
+ ```bash
309
+ curl "https://api.workos.com/authorization/organization_memberships/om_01HXYZ/resources?permission_slug=project:edit&parent_resource_type_slug=workspace&parent_resource_external_id=workspace_01H" \
310
+ -H "Authorization: Bearer sk_example_123456789"
311
+ ```
149
312
 
150
- ```shell title="Check if user is viewer of report:7"
151
- workos fga check user:d6ed6474-784e-407e-a1ea-42a91d4c52b9 viewer report:7
313
+ This powers features like a sidebar that shows only the projects a user has access to, or a project picker filtered to resources the user can modify.
314
+
315
+ ### List users with access to a resource
316
+
317
+ Find all users who can edit a specific project:
318
+
319
+ ```bash
320
+ curl "https://api.workos.com/authorization/resources/authz_resource_02HDEF/organization_memberships?permission_slug=project:edit" \
321
+ -H "Authorization: Bearer sk_example_123456789"
152
322
  ```
153
323
 
154
- Query which resources a user has a given relation on.
324
+ By default, this returns users with direct role assignments on the resource. To include users with inherited access (from workspace or organization roles), use the `assignment` parameter:
155
325
 
156
- ```shell title="List reports where user is a viewer"
157
- workos fga query 'select report where user:d6ed6474-784e-407e-a1ea-42a91d4c52b9 is viewer'
326
+ ```bash
327
+ # All users who can edit this project (direct + inherited)
328
+ curl "https://api.workos.com/authorization/resources/authz_resource_02HDEF/organization_memberships?permission_slug=project:edit&assignment=indirect" \
329
+ -H "Authorization: Bearer sk_example_123456789"
158
330
  ```
159
331
 
160
- ### (B) Using the SDK
332
+ This powers sharing dialogs, member lists, and compliance audits.
161
333
 
162
- Check if a subject has a given relation on a resource.
334
+ ---
335
+
336
+ ## Putting it all together
163
337
 
164
- <CodeBlock title="Check if user is viewer of report:7" file="check" />
338
+ Here's the complete flow for our project management app:
165
339
 
166
- Query which resources a user has a given relation on.
340
+ ```text
341
+ 1. Resource type hierarchy → Define workspace and project resource types in the Dashboard
342
+ 2. Privileges → Create roles (workspace-admin, project-editor) with scoped permissions
343
+ 3. Resources → Register workspaces and projects via API as users create them
344
+ 4. Access → Assign roles to users on specific resources
345
+ 5. Enforce → Check permissions before allowing actions
346
+ 6. Discover → Query which resources a user can access for navigation and UI
347
+ ```
167
348
 
168
- <CodeBlock title="List reports where user is viewer" file="query" />
349
+ The hierarchy does the heavy lifting. A single `workspace-admin` assignment grants access to every project in that workspace. When new projects are created, the admin automatically has access—no additional assignments needed.
169
350
 
170
351
  ---
171
352
 
172
- ## Summary
353
+ ## Next steps
173
354
 
174
- That's it! We've now setup a powerful authorization system for our application that features a hierarchy of privileges (owner → editor → viewer) and inheritance of privileges based on team membership.
355
+ - [Resource Types](/fga/resource-types) Design your hierarchy for different product patterns
356
+ - [Roles and Permissions](/fga/roles-and-permissions) – Understand permission inheritance in depth
357
+ - [Resources](/fga/resources) – Learn about external IDs, sync strategies, and modeling guidance
358
+ - [Access Checks](/fga/access-checks) – JWT vs. API checks and integration patterns
359
+ - [AuthKit Integration](/fga/authkit-integration) – Embed permissions in access tokens
package/.docs/organized/docs/fga/resource-discovery.mdx ADDED
@@ -0,0 +1,78 @@
1
+ ---
2
+ title: Resource Discovery
3
+ description: 'Find which resources a user can access, or who has access to a resource.'
4
+ showNextPage: true
5
+ originalPath: .tmp-workos-clone/packages/docs/content/fga/resource-discovery.mdx
6
+ ---
7
+
8
+ ## Overview
9
+
10
+ Beyond permission checks, FGA provides endpoints to discover access relationships. These power common product features like member lists, a sharing dialog, and scoped navigation.
11
+
12
+ ---
13
+
14
+ ## List users for a resource
15
+
16
+ Find all users with access to a resource:
17
+
18
+ ```bash
19
+ curl "https://api.workos.com/authorization/resources/authz_resource_01HXYZ/organization_memberships?permission_slug=project:edit" \
20
+ -H "Authorization: Bearer sk_example_123456789"
21
+ ```
22
+
23
+ ### Direct vs. indirect assignments
24
+
25
+ Use the `assignment` parameter to control whether results include only users with direct assignments or also those with inherited access:
26
+
27
+ ```bash
28
+ # Only users with a direct role assignment on this resource
29
+ curl "https://api.workos.com/authorization/resources/resource_01HXYZ/organization_memberships?permission_slug=project:edit&assignment=direct" \
30
+ -H "Authorization: Bearer sk_example_123456789"
31
+
32
+ # All users who can access this resource (direct + inherited)
33
+ curl "https://api.workos.com/authorization/resources/resource_01HXYZ/organization_memberships?permission_slug=project:edit&assignment=indirect" \
34
+ -H "Authorization: Bearer sk_example_123456789"
35
+ ```
36
+
37
+ **Direct assignments** (default) return only users with an explicit role on this specific resource. For example, users assigned as `project-editor` directly on this project.
38
+
39
+ **Indirect assignments** return all users with access, including through parent resources. Users with `workspace-admin` on the parent workspace appear in results, as do users with organization-level roles that grant the permission.
40
+
41
+ ### Real-world examples
42
+
43
+ **Access audit** – An admin reviews who has been explicitly granted access to a sensitive project. Use `assignment=direct` to see only users with direct role assignments, excluding those with inherited access from workspace or org roles.
44
+
45
+ **Member list** – A project page displays all team members who can access the project. Use `assignment=indirect` to show everyone who can access it, whether through direct project membership, workspace membership, or organization-level roles.
46
+
47
+ **Sharing confirmation** – Before inviting a collaborator to a project, verify who already has access. Query with `permission=project:view&assignment=indirect` to see all users who can view the project, including inherited access.
48
+
49
+ **Compliance reporting** – Generate reports of users with admin access to critical resources. Use `permission_slug=workspace:admin&assignment=direct` to identify users explicitly assigned admin roles, separate from those with inherited organization-level admin access.
50
+
51
+ ---
52
+
53
+ ## List resources for a user
54
+
55
+ Find all resources where a user has a specific permission:
56
+
57
+ ```bash
58
+ curl "https://api.workos.com/authorization/organization_memberships/om_01HXYZ/resources?permission_slug=project:edit&parent_resource_id=authz_resource_01HXYZ" \
59
+ -H "Authorization: Bearer sk_example_123456789"
60
+ ```
61
+
62
+ This endpoint returns all child resources of a parent where the user has the specified permission, including through inheritance. For example, if a user's `workspace-admin` role includes `proj:edit`, all projects in that workspace appear when querying for `proj:edit`—even without direct project assignments.
63
+
64
+ ### Real-world examples
65
+
66
+ **Scoped navigation** – A project management app shows only the projects a user can access in their sidebar within a specific workspace. Query with `parent_resource_id` set to the workspace.
67
+
68
+ **Sharing dialog** – When inviting a collaborator, filter the project picker to show only projects where the user has edit access within the current workspace.
69
+
70
+ **"My Projects" view** – Display all projects under a workspace where a user can perform specific actions. The query includes projects accessible through higher-level roles.
71
+
72
+ ---
73
+
74
+ ## How inheritance affects results
75
+
76
+ When listing users for a resource, the full permission hierarchy is considered. A user with `workspace-admin` on a workspace will appear in results for all projects in that workspace, even without direct project assignments. Use the `assignment` parameter to control whether inherited access is included.
77
+
78
+ When listing resources for a user, only resources where the user has a direct role assignment on the parent resource or any child resources are returned. Indirect assignment lookups are not supported yet.