@workos/mcp-docs-server 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.docs/organized/changelogs/workos-platform.json +125 -125
- package/.docs/organized/docs/admin-portal/custom-branding.mdx +2 -4
- package/.docs/organized/docs/admin-portal/example-apps.mdx +11 -11
- package/.docs/organized/docs/admin-portal/index.mdx +39 -33
- package/.docs/organized/docs/audit-logs/admin-portal.mdx +1 -1
- package/.docs/organized/docs/audit-logs/editing-events.mdx +1 -1
- package/.docs/organized/docs/audit-logs/exporting-events.mdx +1 -1
- package/.docs/organized/docs/audit-logs/index.mdx +17 -2
- package/.docs/organized/docs/audit-logs/log-streams.mdx +325 -1
- package/.docs/organized/docs/audit-logs/metadata-schema.mdx +1 -1
- package/.docs/organized/docs/authkit/_navigation.mdx +108 -0
- package/.docs/organized/docs/{user-management → authkit}/actions.mdx +3 -4
- package/.docs/organized/docs/authkit/add-ons/google-analytics.mdx +79 -0
- package/.docs/organized/docs/authkit/add-ons/segment.mdx +77 -0
- package/.docs/organized/docs/authkit/add-ons/stripe.mdx +103 -0
- package/.docs/organized/docs/authkit/api-keys.mdx +99 -0
- package/.docs/organized/docs/{user-management → authkit}/branding.mdx +220 -2
- package/.docs/organized/docs/authkit/cli-auth.mdx +76 -0
- package/.docs/organized/docs/authkit/cli-installer.mdx +157 -0
- package/.docs/organized/docs/authkit/connect/m2m.mdx +65 -0
- package/.docs/organized/docs/authkit/connect/oauth.mdx +88 -0
- package/.docs/organized/docs/authkit/connect/standalone.mdx +179 -0
- package/.docs/organized/docs/authkit/connect.mdx +65 -0
- package/.docs/organized/docs/authkit/custom-email-providers.mdx +141 -0
- package/.docs/organized/docs/{user-management → authkit}/custom-emails.mdx +15 -15
- package/.docs/organized/docs/authkit/directory-provisioning.mdx +89 -0
- package/.docs/organized/docs/{user-management → authkit}/domain-verification.mdx +5 -6
- package/.docs/organized/docs/{user-management → authkit}/email-password.mdx +2 -2
- package/.docs/organized/docs/authkit/email-verification.mdx +31 -0
- package/.docs/organized/docs/{user-management → authkit}/example-apps.mdx +3 -3
- package/.docs/organized/docs/authkit/hosted-ui.mdx +165 -0
- package/.docs/organized/docs/{user-management → authkit}/identity-linking.mdx +9 -9
- package/.docs/organized/docs/{user-management → authkit}/impersonation.mdx +8 -8
- package/.docs/organized/docs/{user-management → authkit}/index.mdx +141 -74
- package/.docs/organized/docs/{user-management → authkit}/invitations.mdx +4 -4
- package/.docs/organized/docs/{user-management → authkit}/invite-only-signup.mdx +3 -3
- package/.docs/organized/docs/authkit/jit-provisioning.mdx +42 -0
- package/.docs/organized/docs/{user-management → authkit}/jwt-templates.mdx +37 -3
- package/.docs/organized/docs/authkit/landing.mdx +22 -0
- package/.docs/organized/docs/{user-management → authkit}/magic-auth.mdx +3 -5
- package/.docs/organized/docs/{user-management → authkit}/mcp.mdx +46 -9
- package/.docs/organized/docs/{user-management → authkit}/metadata.mdx +9 -9
- package/.docs/organized/docs/{user-management → authkit}/mfa.mdx +2 -2
- package/.docs/organized/docs/{user-management → authkit}/migrations.mdx +4 -4
- package/.docs/organized/docs/{user-management → authkit}/modeling-your-app.mdx +11 -11
- package/.docs/organized/docs/{user-management → authkit}/organization-policies.mdx +3 -4
- package/.docs/organized/docs/authkit/overview.mdx +46 -0
- package/.docs/organized/docs/{user-management → authkit}/passkeys.mdx +3 -3
- package/.docs/organized/docs/authkit/pipes.mdx +75 -0
- package/.docs/organized/docs/{user-management → authkit}/radar.mdx +39 -4
- package/.docs/organized/docs/authkit/roles-and-permissions.mdx +208 -0
- package/.docs/organized/docs/{user-management → authkit}/sessions.mdx +32 -20
- package/.docs/organized/docs/{user-management → authkit}/social-login.mdx +16 -2
- package/.docs/organized/docs/{user-management → authkit}/sso-with-contractors.mdx +3 -4
- package/.docs/organized/docs/{user-management → authkit}/sso.mdx +2 -2
- package/.docs/organized/docs/authkit/users-organizations.mdx +107 -0
- package/.docs/organized/docs/custom-domains/admin-portal.mdx +0 -2
- package/.docs/organized/docs/custom-domains/authkit.mdx +0 -2
- package/.docs/organized/docs/custom-domains/email.mdx +2 -2
- package/.docs/organized/docs/deprecations/_navigation.mdx +8 -0
- package/.docs/organized/docs/deprecations/raw-attributes.mdx +136 -0
- package/.docs/organized/docs/directory-sync/attributes.mdx +50 -31
- package/.docs/organized/docs/directory-sync/example-apps.mdx +11 -11
- package/.docs/organized/docs/directory-sync/identity-provider-role-assignment.mdx +23 -26
- package/.docs/organized/docs/directory-sync/index.mdx +4 -2
- package/.docs/organized/docs/directory-sync/quick-start.mdx +3 -3
- package/.docs/organized/docs/directory-sync/understanding-events.mdx +2 -2
- package/.docs/organized/docs/domain-verification/api.mdx +8 -8
- package/.docs/organized/docs/domain-verification/index.mdx +3 -3
- package/.docs/organized/docs/email.mdx +49 -5
- package/.docs/organized/docs/events/data-syncing/events-api.mdx +3 -3
- package/.docs/organized/docs/events/data-syncing/index.mdx +2 -3
- package/.docs/organized/docs/events/data-syncing/webhooks.mdx +4 -4
- package/.docs/organized/docs/events/index.mdx +419 -33
- package/.docs/organized/docs/feature-flags/_navigation.mdx +10 -0
- package/.docs/organized/docs/feature-flags/index.mdx +80 -0
- package/.docs/organized/docs/feature-flags/slack-notifications.mdx +58 -0
- package/.docs/organized/docs/fga/_navigation.mdx +34 -54
- package/.docs/organized/docs/fga/access-checks.mdx +109 -0
- package/.docs/organized/docs/fga/assignments.mdx +124 -0
- package/.docs/organized/docs/fga/authkit-integration.mdx +92 -0
- package/.docs/organized/docs/fga/high-cardinality-entities.mdx +172 -0
- package/.docs/organized/docs/fga/idp-role-assignment.mdx +66 -0
- package/.docs/organized/docs/fga/index.mdx +94 -29
- package/.docs/organized/docs/fga/migration-openfga.mdx +306 -0
- package/.docs/organized/docs/fga/migration-oso.mdx +372 -0
- package/.docs/organized/docs/fga/migration-spicedb.mdx +364 -0
- package/.docs/organized/docs/fga/quick-start.mdx +283 -98
- package/.docs/organized/docs/fga/resource-discovery.mdx +78 -0
- package/.docs/organized/docs/fga/resource-types.mdx +165 -0
- package/.docs/organized/docs/fga/resources.mdx +179 -59
- package/.docs/organized/docs/fga/roles-and-permissions.mdx +122 -0
- package/.docs/organized/docs/fga/standalone-integration.mdx +176 -0
- package/.docs/organized/docs/glossary.mdx +7 -3
- package/.docs/organized/docs/integrations/access-people-hr.mdx +1 -1
- package/.docs/organized/docs/integrations/adp-oidc.mdx +1 -1
- package/.docs/organized/docs/integrations/apple.mdx +112 -69
- package/.docs/organized/docs/integrations/auth0-directory-sync.mdx +3 -1
- package/.docs/organized/docs/integrations/auth0-enterprise-connection.mdx +3 -1
- package/.docs/organized/docs/integrations/auth0-saml.mdx +3 -1
- package/.docs/organized/docs/integrations/bamboohr.mdx +4 -4
- package/.docs/organized/docs/integrations/breathe-hr.mdx +1 -1
- package/.docs/organized/docs/integrations/bubble.mdx +1 -1
- package/.docs/organized/docs/integrations/cas-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/classlink-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/clever-oidc.mdx +94 -0
- package/.docs/organized/docs/integrations/cloudflare-saml.mdx +35 -2
- package/.docs/organized/docs/integrations/cyberark-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/cyberark-scim.mdx +1 -1
- package/.docs/organized/docs/integrations/duo-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/entra-id-oidc.mdx +198 -0
- package/.docs/organized/docs/integrations/entra-id-saml.mdx +3 -3
- package/.docs/organized/docs/integrations/entra-id-scim.mdx +5 -1
- package/.docs/organized/docs/integrations/fourth.mdx +2 -2
- package/.docs/organized/docs/integrations/github-oauth.mdx +80 -33
- package/.docs/organized/docs/integrations/gitlab-oauth.mdx +86 -31
- package/.docs/organized/docs/integrations/google-directory-sync.mdx +5 -1
- package/.docs/organized/docs/integrations/google-oauth.mdx +87 -70
- package/.docs/organized/docs/integrations/google-oidc.mdx +142 -0
- package/.docs/organized/docs/integrations/google-saml.mdx +3 -3
- package/.docs/organized/docs/integrations/hibob.mdx +17 -4
- package/.docs/organized/docs/integrations/intuit-oauth.mdx +128 -0
- package/.docs/organized/docs/integrations/jumpcloud-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/jumpcloud-scim.mdx +5 -1
- package/.docs/organized/docs/integrations/keycloak-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/lastpass-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/linkedin-oauth.mdx +69 -30
- package/.docs/organized/docs/integrations/microsoft-ad-fs-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/microsoft-oauth.mdx +95 -38
- package/.docs/organized/docs/integrations/miniorange-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/net-iq-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/next-auth.mdx +1 -1
- package/.docs/organized/docs/integrations/oidc.mdx +37 -24
- package/.docs/organized/docs/integrations/okta-oidc.mdx +149 -0
- package/.docs/organized/docs/integrations/okta-saml.mdx +3 -3
- package/.docs/organized/docs/integrations/okta-scim.mdx +6 -2
- package/.docs/organized/docs/integrations/onelogin-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/onelogin-scim.mdx +1 -1
- package/.docs/organized/docs/integrations/oracle-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/pingfederate-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/pingfederate-scim.mdx +1 -1
- package/.docs/organized/docs/integrations/pingone-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/rippling-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/rippling-scim.mdx +1 -1
- package/.docs/organized/docs/integrations/sailpoint-scim.mdx +77 -0
- package/.docs/organized/docs/integrations/salesforce-oauth.mdx +116 -0
- package/.docs/organized/docs/integrations/salesforce-saml.mdx +4 -4
- package/.docs/organized/docs/integrations/saml.mdx +43 -23
- package/.docs/organized/docs/integrations/scim.mdx +36 -24
- package/.docs/organized/docs/integrations/sftp.mdx +59 -36
- package/.docs/organized/docs/integrations/shibboleth-generic-saml.mdx +1 -1
- package/.docs/organized/docs/integrations/shibboleth-unsolicited-saml.mdx +1 -1
- package/.docs/organized/docs/integrations/simple-saml-php.mdx +2 -2
- package/.docs/organized/docs/integrations/slack-oauth.mdx +53 -49
- package/.docs/organized/docs/integrations/supabase-authkit.mdx +46 -0
- package/.docs/organized/docs/integrations/{supabase.mdx → supabase-sso.mdx} +6 -4
- package/.docs/organized/docs/integrations/vercel-oauth.mdx +120 -0
- package/.docs/organized/docs/integrations/vmware-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/workday.mdx +1 -1
- package/.docs/organized/docs/integrations/xero-oauth.mdx +77 -32
- package/.docs/organized/docs/magic-link/example-apps.mdx +11 -11
- package/.docs/organized/docs/magic-link/index.mdx +2 -0
- package/.docs/organized/docs/mfa/example-apps.mdx +2 -2
- package/.docs/organized/docs/mfa/index.mdx +2 -2
- package/.docs/organized/docs/mfa/ux/enrollment.mdx +1 -1
- package/.docs/organized/docs/mfa/ux/sign-in.mdx +1 -1
- package/.docs/organized/docs/migrate/_navigation.mdx +21 -1
- package/.docs/organized/docs/migrate/auth0.mdx +5 -5
- package/.docs/organized/docs/migrate/aws-cognito.mdx +5 -5
- package/.docs/organized/docs/migrate/better-auth.mdx +282 -0
- package/.docs/organized/docs/migrate/clerk.mdx +9 -11
- package/.docs/organized/docs/migrate/descope.mdx +290 -0
- package/.docs/organized/docs/migrate/firebase.mdx +4 -4
- package/.docs/organized/docs/migrate/other-services.mdx +25 -6
- package/.docs/organized/docs/migrate/standalone-sso.mdx +14 -14
- package/.docs/organized/docs/migrate/stytch.mdx +363 -0
- package/.docs/organized/docs/migrate/supabase.mdx +255 -0
- package/.docs/organized/docs/on-prem-deployment.mdx +1 -1
- package/.docs/organized/docs/pipes/_navigation.mdx +12 -0
- package/.docs/organized/docs/pipes/index.mdx +75 -0
- package/.docs/organized/docs/pipes/providers.mdx +9 -0
- package/.docs/organized/docs/rbac/_navigation.mdx +16 -0
- package/.docs/organized/docs/rbac/configuration.mdx +80 -0
- package/.docs/organized/docs/rbac/idp-role-assignment.mdx +79 -0
- package/.docs/organized/docs/rbac/index.mdx +24 -0
- package/.docs/organized/docs/rbac/integration.mdx +59 -0
- package/.docs/organized/docs/rbac/organization-roles.mdx +38 -0
- package/.docs/organized/docs/rbac/quick-start.mdx +52 -0
- package/.docs/organized/docs/reference/_navigation.mdx +437 -284
- package/.docs/organized/docs/reference/admin-portal/portal-link/index.mdx +1 -1
- package/.docs/organized/docs/reference/admin-portal/provider-icons/index.mdx +3 -3
- package/.docs/organized/docs/reference/{api-keys.mdx → api-authentication/index.mdx} +3 -3
- package/.docs/organized/docs/reference/audit-logs/configuration/index.mdx +97 -0
- package/.docs/organized/docs/reference/audit-logs/{create-event.mdx → event/create.mdx} +12 -2
- package/.docs/organized/docs/reference/audit-logs/event/index.mdx +92 -0
- package/.docs/organized/docs/reference/audit-logs/{create-export.mdx → export/create.mdx} +1 -1
- package/.docs/organized/docs/reference/audit-logs/{get-export.mdx → export/get.mdx} +1 -1
- package/.docs/organized/docs/reference/audit-logs/{audit-log-export.mdx → export/index.mdx} +11 -12
- package/.docs/organized/docs/reference/audit-logs/{get-retention.mdx → retention/get.mdx} +1 -1
- package/.docs/organized/docs/reference/audit-logs/retention/index.mdx +25 -0
- package/.docs/organized/docs/reference/audit-logs/{set-retention.mdx → retention/set.mdx} +1 -1
- package/.docs/organized/docs/reference/audit-logs/{create-schema.mdx → schema/create.mdx} +1 -1
- package/.docs/organized/docs/reference/audit-logs/{audit-log-schema.mdx → schema/index.mdx} +5 -6
- package/.docs/organized/docs/reference/audit-logs/{list-actions.mdx → schema/list-actions.mdx} +2 -1
- package/.docs/organized/docs/reference/audit-logs/{list-schemas.mdx → schema/list.mdx} +1 -1
- package/.docs/organized/docs/reference/authkit/api-keys/create-for-organization.mdx +40 -0
- package/.docs/organized/docs/reference/authkit/api-keys/delete.mdx +23 -0
- package/.docs/organized/docs/reference/authkit/api-keys/index.mdx +275 -0
- package/.docs/organized/docs/reference/authkit/api-keys/list-for-organization.mdx +41 -0
- package/.docs/organized/docs/reference/authkit/api-keys/validate.mdx +77 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/code.mdx +138 -18
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/email-verification.mdx +10 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/error-codes.mdx +3 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/index.mdx +64 -17
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/pkce.mdx +2 -2
- package/.docs/organized/docs/reference/authkit/authentication/get-authorization-url/redirect-uri.mdx +47 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/index.mdx +19 -11
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/magic-auth.mdx +9 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/organization-selection.mdx +9 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/password.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/refresh-and-seal-session-data.mdx +3 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/refresh-token.mdx +17 -17
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/session-cookie.mdx +7 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/totp.mdx +10 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/email-verification-required-error.mdx +3 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/index.mdx +1 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/mfa-challenge-error.mdx +3 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/mfa-enrollment-error.mdx +3 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/organization-authentication-required-error.mdx +3 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/organization-selection-error.mdx +3 -4
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/sso-required-error.mdx +3 -3
- package/.docs/organized/docs/reference/authkit/cli-auth/device-authorization.mdx +61 -0
- package/.docs/organized/docs/reference/authkit/cli-auth/device-code.mdx +57 -0
- package/.docs/organized/docs/reference/authkit/cli-auth/error-codes.mdx +31 -0
- package/.docs/organized/docs/reference/authkit/cli-auth/index.mdx +22 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/email-verification/get.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/email-verification/index.mdx +9 -11
- package/.docs/organized/docs/reference/{user-management → authkit}/identity/index.mdx +6 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/identity/list.mdx +5 -6
- package/.docs/organized/docs/reference/authkit/index.mdx +13 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/accept.mdx +5 -5
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/find-by-token.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/get.mdx +8 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/index.mdx +10 -15
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/list.mdx +10 -11
- package/.docs/organized/docs/reference/authkit/invitation/resend.mdx +109 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/revoke.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/send.mdx +23 -13
- package/.docs/organized/docs/reference/{user-management → authkit}/logout/get-logout-url-from-session-cookie.mdx +2 -2
- package/.docs/organized/docs/reference/{user-management → authkit}/logout/get-logout-url.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/logout/index.mdx +4 -5
- package/.docs/organized/docs/reference/{user-management → authkit}/magic-auth/create.mdx +10 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/magic-auth/get.mdx +9 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/magic-auth/index.mdx +10 -15
- package/.docs/organized/docs/reference/{user-management → authkit}/mfa/authentication-challenge.mdx +9 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/mfa/authentication-factor.mdx +11 -11
- package/.docs/organized/docs/reference/{user-management → authkit}/mfa/enroll-auth-factor.mdx +19 -15
- package/.docs/organized/docs/reference/authkit/mfa/index.mdx +11 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/mfa/list-auth-factors.mdx +9 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/create.mdx +27 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/deactivate.mdx +10 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/delete.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/get.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/index.mdx +107 -14
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/list.mdx +10 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/reactivate.mdx +11 -11
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/update.mdx +25 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/create.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/get.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/index.mdx +10 -12
- package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/reset-password.mdx +8 -8
- package/.docs/organized/docs/reference/authkit/session/index.mdx +128 -0
- package/.docs/organized/docs/reference/authkit/session/list.mdx +110 -0
- package/.docs/organized/docs/reference/authkit/session/revoke.mdx +73 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/authenticate.mdx +22 -6
- package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/get-logout-url.mdx +5 -5
- package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/index.mdx +2 -2
- package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/load-sealed-session.mdx +4 -4
- package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/refresh.mdx +18 -6
- package/.docs/organized/docs/reference/{user-management → authkit}/session-tokens/access-token.mdx +16 -8
- package/.docs/organized/docs/reference/authkit/session-tokens/index.mdx +5 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/session-tokens/jwks.mdx +8 -8
- package/.docs/organized/docs/reference/authkit/session-tokens/refresh-token.mdx +8 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/user/create.mdx +36 -17
- package/.docs/organized/docs/reference/{user-management → authkit}/user/delete.mdx +8 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/user/get-by-external-id.mdx +16 -4
- package/.docs/organized/docs/reference/{user-management → authkit}/user/get.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/user/index.mdx +25 -15
- package/.docs/organized/docs/reference/{user-management → authkit}/user/list.mdx +9 -12
- package/.docs/organized/docs/reference/{user-management → authkit}/user/update.mdx +43 -20
- package/.docs/organized/docs/reference/{client-libraries.mdx → client-libraries/index.mdx} +2 -2
- package/.docs/organized/docs/reference/directory-sync/directory/index.mdx +1 -1
- package/.docs/organized/docs/reference/directory-sync/directory-group/index.mdx +1 -24
- package/.docs/organized/docs/reference/directory-sync/directory-user/index.mdx +1 -29
- package/.docs/organized/docs/reference/directory-sync/directory-user/list.mdx +1 -1
- package/.docs/organized/docs/reference/directory-sync/index.mdx +1 -1
- package/.docs/organized/docs/reference/domain-verification/create.mdx +35 -0
- package/.docs/organized/docs/reference/domain-verification/delete.mdx +55 -0
- package/.docs/organized/docs/reference/domain-verification/get.mdx +29 -0
- package/.docs/organized/docs/reference/domain-verification/index.mdx +57 -1
- package/.docs/organized/docs/reference/domain-verification/verify.mdx +29 -0
- package/.docs/organized/docs/reference/{errors.mdx → errors/index.mdx} +1 -1
- package/.docs/organized/docs/reference/events/list.mdx +5 -4
- package/.docs/organized/docs/reference/feature-flags/flag/disable.mdx +33 -0
- package/.docs/organized/docs/reference/feature-flags/flag/enable.mdx +33 -0
- package/.docs/organized/docs/reference/feature-flags/flag/get.mdx +32 -0
- package/.docs/organized/docs/reference/feature-flags/flag/index.mdx +116 -0
- package/.docs/organized/docs/reference/feature-flags/flag/list.mdx +67 -0
- package/.docs/organized/docs/reference/feature-flags/index.mdx +123 -0
- package/.docs/organized/docs/reference/feature-flags/targeting/add.mdx +43 -0
- package/.docs/organized/docs/reference/feature-flags/targeting/index.mdx +23 -0
- package/.docs/organized/docs/reference/feature-flags/targeting/list-for-organization.mdx +132 -0
- package/.docs/organized/docs/reference/feature-flags/targeting/list-for-user.mdx +94 -0
- package/.docs/organized/docs/reference/feature-flags/targeting/remove.mdx +43 -0
- package/.docs/organized/docs/reference/fga/access-check/check.mdx +102 -0
- package/.docs/organized/docs/reference/fga/access-check/index.mdx +6 -0
- package/.docs/organized/docs/reference/fga/access-check/list-memberships-by-external-id.mdx +143 -0
- package/.docs/organized/docs/reference/fga/access-check/list-memberships.mdx +127 -0
- package/.docs/organized/docs/reference/fga/access-check/list-resources.mdx +152 -0
- package/.docs/organized/docs/reference/fga/index.mdx +14 -2
- package/.docs/organized/docs/reference/fga/resource/create.mdx +74 -88
- package/.docs/organized/docs/reference/fga/resource/delete-by-external-id.mdx +78 -0
- package/.docs/organized/docs/reference/fga/resource/delete.mdx +38 -62
- package/.docs/organized/docs/reference/fga/resource/get-by-external-id.mdx +60 -0
- package/.docs/organized/docs/reference/fga/resource/get.mdx +15 -63
- package/.docs/organized/docs/reference/fga/resource/index.mdx +74 -73
- package/.docs/organized/docs/reference/fga/resource/list.mdx +90 -131
- package/.docs/organized/docs/reference/fga/resource/update-by-external-id.mdx +81 -0
- package/.docs/organized/docs/reference/fga/resource/update.mdx +29 -85
- package/.docs/organized/docs/reference/fga/role-assignment/create.mdx +89 -0
- package/.docs/organized/docs/reference/fga/role-assignment/delete-by-id.mdx +59 -0
- package/.docs/organized/docs/reference/fga/role-assignment/delete.mdx +90 -0
- package/.docs/organized/docs/reference/fga/role-assignment/index.mdx +106 -0
- package/.docs/organized/docs/reference/fga/role-assignment/list.mdx +86 -0
- package/.docs/organized/docs/reference/index.mdx +21 -12
- package/.docs/organized/docs/reference/magic-link/passwordless-session/index.mdx +1 -1
- package/.docs/organized/docs/reference/mfa/{challenge-factor.mdx → challenge/create.mdx} +1 -1
- package/.docs/organized/docs/reference/mfa/{authentication-challenge.mdx → challenge/index.mdx} +11 -14
- package/.docs/organized/docs/reference/mfa/{verify-challenge.mdx → challenge/verify.mdx} +10 -12
- package/.docs/organized/docs/reference/mfa/{delete-factor.mdx → factor/delete.mdx} +1 -1
- package/.docs/organized/docs/reference/mfa/{enroll-factor.mdx → factor/enroll.mdx} +1 -1
- package/.docs/organized/docs/reference/mfa/{get-factor.mdx → factor/get.mdx} +1 -1
- package/.docs/organized/docs/reference/mfa/{authentication-factor.mdx → factor/index.mdx} +11 -12
- package/.docs/organized/docs/reference/organization/create.mdx +1 -6
- package/.docs/organized/docs/reference/organization/get-by-external-id.mdx +1 -1
- package/.docs/organized/docs/reference/organization/index.mdx +5 -5
- package/.docs/organized/docs/reference/organization/update.mdx +1 -1
- package/.docs/organized/docs/reference/{pagination.mdx → pagination/index.mdx} +1 -3
- package/.docs/organized/docs/reference/pipes/access-token/get.mdx +174 -0
- package/.docs/organized/docs/reference/pipes/access-token/index.mdx +44 -0
- package/.docs/organized/docs/reference/pipes/connected-account/delete.mdx +42 -0
- package/.docs/organized/docs/reference/pipes/connected-account/get-authorize-url.mdx +49 -0
- package/.docs/organized/docs/reference/pipes/connected-account/get.mdx +42 -0
- package/.docs/organized/docs/reference/pipes/connected-account/index.mdx +69 -0
- package/.docs/organized/docs/reference/pipes/index.mdx +8 -0
- package/.docs/organized/docs/reference/pipes/provider/index.mdx +70 -0
- package/.docs/organized/docs/reference/pipes/provider/list.mdx +47 -0
- package/.docs/organized/docs/reference/radar/attempts/index.mdx +1 -1
- package/.docs/organized/docs/reference/radar/lists/index.mdx +1 -1
- package/.docs/organized/docs/reference/rate-limits/index.mdx +56 -0
- package/.docs/organized/docs/reference/roles/index.mdx +12 -262
- package/.docs/organized/docs/reference/roles/organization-role/add-permission.mdx +75 -0
- package/.docs/organized/docs/reference/roles/organization-role/create.mdx +95 -0
- package/.docs/organized/docs/reference/roles/organization-role/delete.mdx +47 -0
- package/.docs/organized/docs/reference/roles/organization-role/get.mdx +55 -0
- package/.docs/organized/docs/reference/roles/organization-role/index.mdx +148 -0
- package/.docs/organized/docs/reference/roles/organization-role/list.mdx +68 -0
- package/.docs/organized/docs/reference/roles/organization-role/remove-permission.mdx +68 -0
- package/.docs/organized/docs/reference/roles/organization-role/set-permissions.mdx +79 -0
- package/.docs/organized/docs/reference/roles/organization-role/update.mdx +85 -0
- package/.docs/organized/docs/reference/roles/permission/create.mdx +101 -0
- package/.docs/organized/docs/reference/roles/permission/delete.mdx +38 -0
- package/.docs/organized/docs/reference/roles/permission/get.mdx +45 -0
- package/.docs/organized/docs/reference/roles/permission/index.mdx +128 -0
- package/.docs/organized/docs/reference/roles/permission/list.mdx +91 -0
- package/.docs/organized/docs/reference/roles/permission/update.mdx +80 -0
- package/.docs/organized/docs/reference/roles/role/add-permission.mdx +63 -0
- package/.docs/organized/docs/reference/roles/role/create.mdx +103 -0
- package/.docs/organized/docs/reference/roles/role/get.mdx +52 -0
- package/.docs/organized/docs/reference/roles/role/index.mdx +135 -0
- package/.docs/organized/docs/reference/roles/role/list.mdx +56 -0
- package/.docs/organized/docs/reference/roles/role/set-permissions.mdx +67 -0
- package/.docs/organized/docs/reference/roles/role/update.mdx +78 -0
- package/.docs/organized/docs/reference/sso/connection/index.mdx +2 -2
- package/.docs/organized/docs/reference/sso/get-authorization-url/error-codes.mdx +5 -3
- package/.docs/organized/docs/reference/sso/get-authorization-url/index.mdx +24 -2
- package/.docs/organized/docs/reference/sso/get-authorization-url/redirect-uri.mdx +25 -1
- package/.docs/organized/docs/reference/sso/index.mdx +1 -1
- package/.docs/organized/docs/reference/sso/logout/authorize.mdx +0 -1
- package/.docs/organized/docs/reference/sso/logout/index.mdx +1 -2
- package/.docs/organized/docs/reference/sso/logout/redirect.mdx +0 -1
- package/.docs/organized/docs/reference/sso/profile/get-profile-and-token.mdx +13 -1
- package/.docs/organized/docs/reference/sso/profile/index.mdx +25 -24
- package/.docs/organized/docs/reference/{testing.mdx → testing/index.mdx} +1 -1
- package/.docs/organized/docs/reference/vault/key/create-data-key.mdx +29 -0
- package/.docs/organized/docs/reference/vault/key/decrypt-data-key.mdx +20 -0
- package/.docs/organized/docs/reference/vault/key/decrypt-data.mdx +24 -0
- package/.docs/organized/docs/reference/vault/key/encrypt-data.mdx +20 -0
- package/.docs/organized/docs/reference/vault/object/create.mdx +17 -0
- package/.docs/organized/docs/reference/vault/object/delete.mdx +12 -0
- package/.docs/organized/docs/reference/vault/object/get-by-name.mdx +61 -0
- package/.docs/organized/docs/reference/vault/object/get.mdx +11 -0
- package/.docs/organized/docs/reference/vault/object/index.mdx +50 -4
- package/.docs/organized/docs/reference/vault/object/list.mdx +40 -1
- package/.docs/organized/docs/reference/vault/object/update.mdx +18 -0
- package/.docs/organized/docs/reference/vault/object/version.mdx +15 -2
- package/.docs/organized/docs/reference/vault/object/versions.mdx +13 -0
- package/.docs/organized/docs/reference/widgets/get-token.mdx +8 -5
- package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/create.mdx +55 -0
- package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/delete.mdx +28 -0
- package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/index.mdx +60 -0
- package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/list.mdx +52 -0
- package/.docs/organized/docs/reference/workos-connect/applications/create.mdx +79 -0
- package/.docs/organized/docs/reference/workos-connect/applications/delete.mdx +28 -0
- package/.docs/organized/docs/reference/workos-connect/applications/get.mdx +59 -0
- package/.docs/organized/docs/reference/workos-connect/applications/index.mdx +40 -0
- package/.docs/organized/docs/reference/workos-connect/applications/list.mdx +49 -0
- package/.docs/organized/docs/reference/workos-connect/applications/m2m.mdx +52 -0
- package/.docs/organized/docs/reference/workos-connect/applications/oauth.mdx +85 -0
- package/.docs/organized/docs/reference/workos-connect/applications/update.mdx +59 -0
- package/.docs/organized/docs/reference/workos-connect/authorize/index.mdx +29 -1
- package/.docs/organized/docs/reference/workos-connect/cli-auth/authorize-device/index.mdx +81 -0
- package/.docs/organized/docs/reference/workos-connect/cli-auth/device-code-grant.mdx +74 -0
- package/.docs/organized/docs/reference/workos-connect/cli-auth/index.mdx +23 -0
- package/.docs/organized/docs/reference/workos-connect/index.mdx +1 -1
- package/.docs/organized/docs/reference/workos-connect/introspection/index.mdx +8 -3
- package/.docs/organized/docs/reference/workos-connect/metadata/index.mdx +1 -1
- package/.docs/organized/docs/reference/workos-connect/metadata/oauth-authorization-server/index.mdx +1 -1
- package/.docs/organized/docs/reference/workos-connect/standalone/complete.mdx +68 -0
- package/.docs/organized/docs/reference/workos-connect/standalone/index.mdx +9 -0
- package/.docs/organized/docs/reference/workos-connect/standalone/user-consent-options.mdx +41 -0
- package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/access-token.mdx +6 -0
- package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/id-token.mdx +1 -1
- package/.docs/organized/docs/reference/workos-connect/token/{authorization-code-grant/index.mdx → authorization-code-grant.mdx} +23 -2
- package/.docs/organized/docs/reference/workos-connect/token/client-credentials-grant/access-token.mdx +1 -1
- package/.docs/organized/docs/reference/workos-connect/token/{client-credentials-grant/index.mdx → client-credentials-grant.mdx} +2 -2
- package/.docs/organized/docs/reference/workos-connect/token/index.mdx +5 -4
- package/.docs/organized/docs/reference/workos-connect/token/refresh-token-grant.mdx +1 -1
- package/.docs/organized/docs/reference/workos-connect/userinfo/index.mdx +2 -2
- package/.docs/organized/docs/sdks/authkit-js.mdx +14 -0
- package/.docs/organized/docs/sdks/authkit-nextjs.mdx +14 -0
- package/.docs/organized/docs/sdks/authkit-react-router.mdx +14 -0
- package/.docs/organized/docs/sdks/authkit-react.mdx +14 -0
- package/.docs/organized/docs/sdks/authkit-remix.mdx +14 -0
- package/.docs/organized/docs/sdks/authkit-tanstack-start.mdx +14 -0
- package/.docs/organized/docs/sso/_navigation.mdx +8 -2
- package/.docs/organized/docs/sso/attributes.mdx +15 -3
- package/.docs/organized/docs/sso/domains.mdx +8 -6
- package/.docs/organized/docs/sso/example-apps.mdx +2 -2
- package/.docs/organized/docs/sso/identity-provider-role-assignment.mdx +30 -30
- package/.docs/organized/docs/sso/index.mdx +7 -6
- package/.docs/organized/docs/sso/it-team-faq.mdx +1 -1
- package/.docs/organized/docs/sso/jit-provisioning.mdx +2 -3
- package/.docs/organized/docs/sso/launch-checklist.mdx +2 -2
- package/.docs/organized/docs/sso/login-flows.mdx +3 -3
- package/.docs/organized/docs/sso/redirect-uris.mdx +22 -11
- package/.docs/organized/docs/sso/saml-security.mdx +1 -1
- package/.docs/organized/docs/sso/sign-in-consent.mdx +59 -0
- package/.docs/organized/docs/sso/signing-certificates.mdx +7 -7
- package/.docs/organized/docs/sso/single-logout.mdx +0 -1
- package/.docs/organized/docs/sso/ux/sessions.mdx +99 -0
- package/.docs/organized/docs/sso/ux/sign-in.mdx +1 -1
- package/.docs/organized/docs/vault/_navigation.mdx +2 -0
- package/.docs/organized/docs/vault/byok.mdx +140 -0
- package/.docs/organized/docs/vault/index.mdx +1 -1
- package/.docs/organized/docs/widgets/_navigation.mdx +48 -0
- package/.docs/organized/docs/widgets/admin-portal-domain-verification.mdx +24 -0
- package/.docs/organized/docs/widgets/admin-portal-sso-connection.mdx +20 -0
- package/.docs/organized/docs/widgets/api-keys.mdx +28 -0
- package/.docs/organized/docs/widgets/audit-log-streaming.mdx +25 -0
- package/.docs/organized/docs/widgets/directory-sync.mdx +23 -0
- package/.docs/organized/docs/widgets/index.mdx +12 -0
- package/.docs/organized/docs/widgets/localization.mdx +111 -0
- package/.docs/organized/docs/widgets/organization-switcher.mdx +47 -0
- package/.docs/organized/docs/widgets/pipes.mdx +27 -0
- package/.docs/organized/docs/widgets/quick-start.mdx +38 -0
- package/.docs/organized/docs/widgets/styling/css-customization.mdx +100 -0
- package/.docs/organized/docs/widgets/styling/index.mdx +29 -0
- package/.docs/organized/docs/widgets/styling/theme-customization.mdx +51 -0
- package/.docs/organized/docs/widgets/tokens.mdx +17 -0
- package/.docs/organized/docs/widgets/user-management.mdx +28 -0
- package/.docs/organized/docs/widgets/user-profile.mdx +30 -0
- package/.docs/organized/docs/widgets/user-security.mdx +31 -0
- package/.docs/organized/docs/widgets/user-sessions.mdx +26 -0
- package/LICENSE +21 -0
- package/README.md +14 -1
- package/dist/prepare.js +1 -1
- package/dist/prepare.js.map +1 -1
- package/package.json +2 -1
- package/.docs/organized/docs/dashboard.mdx +0 -244
- package/.docs/organized/docs/demo/_navigation.mdx +0 -26
- package/.docs/organized/docs/demo/accordion.mdx +0 -34
- package/.docs/organized/docs/demo/checklist.mdx +0 -33
- package/.docs/organized/docs/demo/code-block.mdx +0 -185
- package/.docs/organized/docs/demo/definition-list.mdx +0 -35
- package/.docs/organized/docs/demo/index.mdx +0 -7
- package/.docs/organized/docs/demo/punctuation.mdx +0 -37
- package/.docs/organized/docs/demo/replacements.mdx +0 -26
- package/.docs/organized/docs/demo/table.mdx +0 -26
- package/.docs/organized/docs/demo/tabs.mdx +0 -17
- package/.docs/organized/docs/fga/identity-provider-sessions.mdx +0 -68
- package/.docs/organized/docs/fga/local-development.mdx +0 -155
- package/.docs/organized/docs/fga/modeling/abac.mdx +0 -107
- package/.docs/organized/docs/fga/modeling/blocklist.mdx +0 -84
- package/.docs/organized/docs/fga/modeling/conditional-roles.mdx +0 -99
- package/.docs/organized/docs/fga/modeling/custom-roles.mdx +0 -90
- package/.docs/organized/docs/fga/modeling/entitlements.mdx +0 -127
- package/.docs/organized/docs/fga/modeling/managed-service-provider.mdx +0 -131
- package/.docs/organized/docs/fga/modeling/org-roles-and-permissions.mdx +0 -95
- package/.docs/organized/docs/fga/modeling/policy-context.mdx +0 -231
- package/.docs/organized/docs/fga/modeling/public-access.mdx +0 -61
- package/.docs/organized/docs/fga/modeling/shareable-content.mdx +0 -106
- package/.docs/organized/docs/fga/modeling/superusers.mdx +0 -74
- package/.docs/organized/docs/fga/modeling/user-groups.mdx +0 -92
- package/.docs/organized/docs/fga/operations-usage.mdx +0 -104
- package/.docs/organized/docs/fga/playground.mdx +0 -12
- package/.docs/organized/docs/fga/policies.mdx +0 -462
- package/.docs/organized/docs/fga/query-language.mdx +0 -112
- package/.docs/organized/docs/fga/schema-management.mdx +0 -224
- package/.docs/organized/docs/fga/schema.mdx +0 -388
- package/.docs/organized/docs/fga/warrant-tokens.mdx +0 -44
- package/.docs/organized/docs/fga/warrants.mdx +0 -92
- package/.docs/organized/docs/reference/fga/batch-check.mdx +0 -277
- package/.docs/organized/docs/reference/fga/check.mdx +0 -563
- package/.docs/organized/docs/reference/fga/policy/create.mdx +0 -27
- package/.docs/organized/docs/reference/fga/policy/delete.mdx +0 -18
- package/.docs/organized/docs/reference/fga/policy/get.mdx +0 -23
- package/.docs/organized/docs/reference/fga/policy/index.mdx +0 -52
- package/.docs/organized/docs/reference/fga/policy/list.mdx +0 -41
- package/.docs/organized/docs/reference/fga/policy/update.mdx +0 -26
- package/.docs/organized/docs/reference/fga/query.mdx +0 -375
- package/.docs/organized/docs/reference/fga/resource/batch-write.mdx +0 -175
- package/.docs/organized/docs/reference/fga/resource-type/apply.mdx +0 -35
- package/.docs/organized/docs/reference/fga/resource-type/create.mdx +0 -24
- package/.docs/organized/docs/reference/fga/resource-type/delete.mdx +0 -22
- package/.docs/organized/docs/reference/fga/resource-type/get.mdx +0 -23
- package/.docs/organized/docs/reference/fga/resource-type/index.mdx +0 -68
- package/.docs/organized/docs/reference/fga/resource-type/list.mdx +0 -36
- package/.docs/organized/docs/reference/fga/resource-type/update.mdx +0 -23
- package/.docs/organized/docs/reference/fga/schema/apply.mdx +0 -42
- package/.docs/organized/docs/reference/fga/schema/get.mdx +0 -24
- package/.docs/organized/docs/reference/fga/schema/index.mdx +0 -39
- package/.docs/organized/docs/reference/fga/warrant/batch-write.mdx +0 -226
- package/.docs/organized/docs/reference/fga/warrant/create.mdx +0 -215
- package/.docs/organized/docs/reference/fga/warrant/delete.mdx +0 -212
- package/.docs/organized/docs/reference/fga/warrant/index.mdx +0 -186
- package/.docs/organized/docs/reference/fga/warrant/list.mdx +0 -282
- package/.docs/organized/docs/reference/idempotency.mdx +0 -21
- package/.docs/organized/docs/reference/organization-domain.mdx +0 -189
- package/.docs/organized/docs/reference/rate-limits.mdx +0 -50
- package/.docs/organized/docs/reference/roles/list-for-organization.mdx +0 -152
- package/.docs/organized/docs/reference/user-management/access-token/index.mdx +0 -13
- package/.docs/organized/docs/reference/user-management/authentication/get-authorization-url/redirect-uri.mdx +0 -23
- package/.docs/organized/docs/reference/user-management/index.mdx +0 -13
- package/.docs/organized/docs/reference/user-management/mfa/index.mdx +0 -5
- package/.docs/organized/docs/reference/user-management/session-tokens/index.mdx +0 -5
- package/.docs/organized/docs/reference/user-management/session-tokens/refresh-token.mdx +0 -8
- package/.docs/organized/docs/user-management/_navigation.mdx +0 -87
- package/.docs/organized/docs/user-management/authkit.mdx +0 -69
- package/.docs/organized/docs/user-management/connect.mdx +0 -110
- package/.docs/organized/docs/user-management/directory-provisioning.mdx +0 -78
- package/.docs/organized/docs/user-management/email-verification.mdx +0 -29
- package/.docs/organized/docs/user-management/entitlements.mdx +0 -46
- package/.docs/organized/docs/user-management/jit-provisioning.mdx +0 -36
- package/.docs/organized/docs/user-management/overview.mdx +0 -46
- package/.docs/organized/docs/user-management/roles-and-permissions.mdx +0 -155
- package/.docs/organized/docs/user-management/users-organizations.mdx +0 -91
- package/.docs/organized/docs/user-management/widgets.mdx +0 -190
|
@@ -0,0 +1,290 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Migrate from Descope
|
|
3
|
+
description: Learn how to migrate users and organizations from Descope.
|
|
4
|
+
icon: descope
|
|
5
|
+
breadcrumb:
|
|
6
|
+
title: Migrations
|
|
7
|
+
url: /migrate
|
|
8
|
+
originalPath: .tmp-workos-clone/packages/docs/content/migrate/descope.mdx
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Introduction
|
|
12
|
+
|
|
13
|
+
The AuthKit API allows you to migrate your existing user data from a variety of existing sources. In this guide, we will walk through the steps to export, and then import your users from Descope.
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## (1) Export Descope data
|
|
18
|
+
|
|
19
|
+
Descope allows you to export user data through their [Management API](https://docs.descope.com/api/management/users) or directly from the Descope console.
|
|
20
|
+
|
|
21
|
+
You can export user data programmatically using the [Search Users endpoint](https://docs.descope.com/management/user-management/user-exporting). The `searchAll()` function in the Descope Backend SDKs retrieves a comprehensive list of users. Submitting an empty request payload will return all users:
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
curl -X POST https://api.descope.com/v1/mgmt/user/search \
|
|
25
|
+
-H 'Authorization: Bearer <ProjectId>:<ManagementKey>' \
|
|
26
|
+
-H 'Content-Type: application/json' \
|
|
27
|
+
-d '{}'
|
|
28
|
+
```
|
|
29
|
+
|
|
30
|
+
Alternatively, you can export users directly from the [Descope console](https://docs.descope.com/management/user-management/user-exporting) by selecting users on the users page and clicking the "Export CSV" button.
|
|
31
|
+
|
|
32
|
+
### Exporting passwords
|
|
33
|
+
|
|
34
|
+
If your Descope users currently sign in using password-based authentication, and you'd like to import those passwords, you'll need to [contact Descope support](https://docs.descope.com/management/user-management/user-exporting).
|
|
35
|
+
|
|
36
|
+
Descope does not make hashed passwords available through their Backend APIs. After opening a support ticket, Descope can generate a CSV file containing your users' data including password hashes and facilitate a secure data transfer.
|
|
37
|
+
|
|
38
|
+
Descope supports multiple password hashing algorithms including bcrypt, argon2, pbkdf2, and others. When you receive the password export from Descope support, make note of which hashing algorithm was used, as you'll need this information when importing.
|
|
39
|
+
|
|
40
|
+
---
|
|
41
|
+
|
|
42
|
+
## (2) Import users into WorkOS
|
|
43
|
+
|
|
44
|
+
Once you've obtained the necessary export data from Descope, you can import your users into WorkOS using the WorkOS APIs.
|
|
45
|
+
|
|
46
|
+
### Using WorkOS APIs
|
|
47
|
+
|
|
48
|
+
With the data from Descope's user export, you can use the [Create User API](/reference/authkit/user/create) to import each user. The API is rate-limited, so for large migrations, you may want to implement batching with appropriate delays. You can view the [rate limits](/reference/rate-limits) documentation for more information.
|
|
49
|
+
|
|
50
|
+
Using the fields from the Descope export, use the following mapping from Descope to parameters in your Create User API calls:
|
|
51
|
+
|
|
52
|
+
| Descope | | WorkOS API |
|
|
53
|
+
| --------------- | --- | ---------------- |
|
|
54
|
+
| `email` | → | `email` |
|
|
55
|
+
| `givenName` | → | `first_name` |
|
|
56
|
+
| `familyName` | → | `last_name` |
|
|
57
|
+
| `verifiedEmail` | → | `email_verified` |
|
|
58
|
+
|
|
59
|
+
Here's an example migration script:
|
|
60
|
+
|
|
61
|
+
### Import passwords
|
|
62
|
+
|
|
63
|
+
If you also exported passwords from Descope support, you can import them during the [user creation](/reference/authkit/user/create) process, or later using the [Update User API](/reference/authkit/user/update).
|
|
64
|
+
|
|
65
|
+
WorkOS supports the following password hashing algorithms that Descope uses:
|
|
66
|
+
|
|
67
|
+
- `bcrypt`
|
|
68
|
+
- `argon2`
|
|
69
|
+
- `pbkdf2`
|
|
70
|
+
|
|
71
|
+
When importing passwords, pass the following parameters to the WorkOS API based on the hash format Descope provided:
|
|
72
|
+
|
|
73
|
+
- The `password_hash_type` set to the appropriate algorithm (e.g., `'bcrypt'`, `'argon2'`, or `'pbkdf2'`)
|
|
74
|
+
- The `password_hash` set to the password hash value from your Descope export
|
|
75
|
+
|
|
76
|
+
For `argon2` and `pbkdf2` passwords, WorkOS expects the PHC string format. Refer to the [other services migration guide](/migrate/other-services/2-importing-users-into-workos/importing-passwords) for detailed formatting requirements for these hash types.
|
|
77
|
+
|
|
78
|
+
- | Without passwords
|
|
79
|
+
|
|
80
|
+
```typescript
|
|
81
|
+
import { WorkOS } from '@workos-inc/node';
|
|
82
|
+
|
|
83
|
+
const workos = new WorkOS(process.env.WORKOS_API_KEY);
|
|
84
|
+
|
|
85
|
+
async function migrateUsers(descopeUsers) {
|
|
86
|
+
for (const user of descopeUsers) {
|
|
87
|
+
try {
|
|
88
|
+
// In the JavaScript SDK, the property names are camelCase
|
|
89
|
+
const workosUser = await workos.userManagement.createUser({
|
|
90
|
+
email: user.email,
|
|
91
|
+
emailVerified: user.verifiedEmail,
|
|
92
|
+
firstName: user.givenName,
|
|
93
|
+
lastName: user.familyName,
|
|
94
|
+
});
|
|
95
|
+
|
|
96
|
+
console.log(`Migrated user: ${user.email} -> ${workosUser.id}`);
|
|
97
|
+
} catch (error) {
|
|
98
|
+
console.error(`Failed to migrate user ${user.email}:`, error);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
- | With passwords
|
|
105
|
+
|
|
106
|
+
```typescript
|
|
107
|
+
import { WorkOS } from '@workos-inc/node';
|
|
108
|
+
|
|
109
|
+
const workos = new WorkOS(process.env.WORKOS_API_KEY);
|
|
110
|
+
|
|
111
|
+
async function migrateUsersWithPasswords(descopeUsers) {
|
|
112
|
+
for (const user of descopeUsers) {
|
|
113
|
+
try {
|
|
114
|
+
const workosUser = await workos.userManagement.createUser({
|
|
115
|
+
email: user.email,
|
|
116
|
+
emailVerified: user.verifiedEmail,
|
|
117
|
+
firstName: user.givenName,
|
|
118
|
+
lastName: user.familyName,
|
|
119
|
+
// Include password hash if available from Descope export
|
|
120
|
+
passwordHash: user.passwordHash,
|
|
121
|
+
passwordHashType: user.passwordHashType, // 'bcrypt', 'argon2', or 'pbkdf2'
|
|
122
|
+
});
|
|
123
|
+
|
|
124
|
+
console.log(
|
|
125
|
+
`Migrated user with password: ${user.email} -> ${workosUser.id}`,
|
|
126
|
+
);
|
|
127
|
+
} catch (error) {
|
|
128
|
+
console.error(`Failed to migrate user ${user.email}:`, error);
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
```
|
|
133
|
+
|
|
134
|
+
### Migrate social auth users
|
|
135
|
+
|
|
136
|
+
If you have users who previously signed in through Descope using social auth providers, such as [Google](/integrations/google-oauth) or [Microsoft](/integrations/microsoft-oauth), those users can continue to sign in with those providers after you've migrated.
|
|
137
|
+
|
|
138
|
+
Check out the [integrations](/integrations) page for guidance on configuring the relevant provider's client credentials.
|
|
139
|
+
|
|
140
|
+
After your provider is configured, users can sign in with their provider credentials and will be automatically linked to a WorkOS user. WorkOS uses the **email address** from the social auth provider to determine this match.
|
|
141
|
+
|
|
142
|
+
> Some users may need to verify their email address through WorkOS if email verification is enabled in your environment's authentication settings.
|
|
143
|
+
|
|
144
|
+
Email verification behavior varies depending on whether the provider is known to verify email addresses. For example, users signing in using Google OAuth and a `gmail.com` email domain will not need to perform the extra verification step.
|
|
145
|
+
|
|
146
|
+
---
|
|
147
|
+
|
|
148
|
+
## (3) Organizations
|
|
149
|
+
|
|
150
|
+
Descope has a concept of ["Tenants"](https://docs.descope.com/b2b) which are analogous to [WorkOS Organizations](/reference/organization), in that both represent a B2B customer or organization within your application.
|
|
151
|
+
|
|
152
|
+
### Creating Organizations
|
|
153
|
+
|
|
154
|
+
If you'd like to export your Descope tenants, you can use the [Descope Management API](https://docs.descope.com/management/tenant-management/sdks) to programmatically retrieve each tenant. You can then call the [Create Organization API](/reference/organization/create) to create matching Organizations in WorkOS.
|
|
155
|
+
|
|
156
|
+
When creating Organizations in WorkOS, you can map the following fields from Descope tenants:
|
|
157
|
+
|
|
158
|
+
| Descope Tenant | | WorkOS Organization |
|
|
159
|
+
| -------------- | --- | ------------------- |
|
|
160
|
+
| `name` | → | `name` |
|
|
161
|
+
| `id` | → | `external_id` |
|
|
162
|
+
|
|
163
|
+
Storing the Descope tenant ID as the `external_id` in WorkOS can help you maintain a reference between the two systems during migration.
|
|
164
|
+
|
|
165
|
+
Here's an example migration script:
|
|
166
|
+
|
|
167
|
+
```typescript
|
|
168
|
+
import { WorkOS } from '@workos-inc/node';
|
|
169
|
+
|
|
170
|
+
const workos = new WorkOS(process.env.WORKOS_API_KEY);
|
|
171
|
+
|
|
172
|
+
async function migrateOrganizations(descopeTenants) {
|
|
173
|
+
const orgIdMap = new Map();
|
|
174
|
+
|
|
175
|
+
for (const tenant of descopeTenants) {
|
|
176
|
+
try {
|
|
177
|
+
const workosOrg = await workos.organizations.createOrganization({
|
|
178
|
+
name: tenant.name,
|
|
179
|
+
// Store the Descope tenant ID for reference
|
|
180
|
+
externalId: tenant.id,
|
|
181
|
+
});
|
|
182
|
+
|
|
183
|
+
console.log(`Migrated organization: ${tenant.name} -> ${workosOrg.id}`);
|
|
184
|
+
|
|
185
|
+
// Store this mapping for migrating user memberships later
|
|
186
|
+
orgIdMap.set(tenant.id, workosOrg.id);
|
|
187
|
+
} catch (error) {
|
|
188
|
+
console.error(`Failed to migrate organization ${tenant.name}:`, error);
|
|
189
|
+
}
|
|
190
|
+
}
|
|
191
|
+
|
|
192
|
+
return orgIdMap;
|
|
193
|
+
}
|
|
194
|
+
```
|
|
195
|
+
|
|
196
|
+
### Adding user memberships
|
|
197
|
+
|
|
198
|
+
Once you've created Organizations in WorkOS, you can add users to their respective organizations using the [Organization Membership API](/reference/authkit/organization-membership/create).
|
|
199
|
+
|
|
200
|
+
In Descope, users can be associated with tenants, and this information is available when you export users via the Search Users API. Use this tenant association data to create the corresponding organization memberships in WorkOS.
|
|
201
|
+
|
|
202
|
+
RBAC capabilities are available through [roles and permissions](/authkit/roles-and-permissions). When migrating, identify your roles defined in Descope, then create equivalent roles in [the dashboard](https://dashboard.workos.com/environment/authorization), and assign roles during migration by specifying the `roleSlug` parameter when creating organization memberships.
|
|
203
|
+
|
|
204
|
+
```typescript
|
|
205
|
+
async function migrateMemberships(descopeUserTenants, orgIdMap, userIdMap) {
|
|
206
|
+
for (const userTenant of descopeUserTenants) {
|
|
207
|
+
const orgId = orgIdMap.get(userTenant.tenantId);
|
|
208
|
+
const userId = userIdMap.get(userTenant.userId);
|
|
209
|
+
|
|
210
|
+
if (!orgId || !userId) {
|
|
211
|
+
console.error(`Missing mapping for user-tenant relationship`);
|
|
212
|
+
continue;
|
|
213
|
+
}
|
|
214
|
+
|
|
215
|
+
try {
|
|
216
|
+
await workos.userManagement.createOrganizationMembership({
|
|
217
|
+
userId: userId,
|
|
218
|
+
organizationId: orgId,
|
|
219
|
+
// Map Descope roles to WorkOS roles as needed
|
|
220
|
+
roleSlug: userTenant.roleNames?.[0] || 'member',
|
|
221
|
+
});
|
|
222
|
+
|
|
223
|
+
console.log(`Migrated membership: ${userId} -> ${orgId}`);
|
|
224
|
+
} catch (error) {
|
|
225
|
+
console.error(`Failed to migrate membership:`, error);
|
|
226
|
+
}
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
```
|
|
230
|
+
|
|
231
|
+
---
|
|
232
|
+
|
|
233
|
+
## (4) Special considerations
|
|
234
|
+
|
|
235
|
+
There are some differences between the authentication strategies offered by Descope and WorkOS that you should be aware of when planning your migration.
|
|
236
|
+
|
|
237
|
+
### Multi-Factor Auth
|
|
238
|
+
|
|
239
|
+
Descope supports SMS-based one-time passwords (OTP) for authentication and multi-factor auth. However, WorkOS does not support SMS-based second factors due to known security issues with SMS.
|
|
240
|
+
|
|
241
|
+
Users who have SMS-based authentication or second factors will need to switch to using [email-based Magic Auth](/authkit/magic-auth), or re-enroll in MFA using a [TOTP-based authenticator](/authkit/mfa) instead.
|
|
242
|
+
|
|
243
|
+
### Passkeys and advanced authentication
|
|
244
|
+
|
|
245
|
+
Descope supports [passkeys](https://docs.descope.com/auth-methods/passkeys) (WebAuthn) for passwordless authentication. [Passkey authentication](/authkit/passkeys) is also available through AuthKit's hosted UI, using the WebAuthn standard. Passkeys offer:
|
|
246
|
+
|
|
247
|
+
- **Progressive enrollment**: Users with password-based accounts can be prompted to create passkeys
|
|
248
|
+
- **MFA integration**: Passkeys serve as both first and second factors when MFA is enabled
|
|
249
|
+
- **Secure authentication**: Using biometric or PIN verification on the user's device
|
|
250
|
+
|
|
251
|
+
Note that passkey authentication is currently available through the hosted UI. You'll need to configure a custom domain for your AuthKit environment before enabling passkeys in production.
|
|
252
|
+
|
|
253
|
+
Descope also offers other authentication methods like Magic Links and Enchanted Links. [Magic Auth](/authkit/magic-auth) delivers a similar passwordless email-based authentication experience.
|
|
254
|
+
|
|
255
|
+
### Enterprise SSO and SCIM
|
|
256
|
+
|
|
257
|
+
Both Descope and WorkOS provide robust enterprise authentication features. If you're currently using Descope's [SSO](https://docs.descope.com/auth-methods/sso) or [SCIM provisioning](https://docs.descope.com/b2b/scim) features, WorkOS offers equivalent capabilities:
|
|
258
|
+
|
|
259
|
+
- [Single Sign-On (SSO)](/sso) - Support for SAML and OIDC providers
|
|
260
|
+
- [Directory Sync](/directory-sync) - SCIM-based user provisioning from identity providers
|
|
261
|
+
|
|
262
|
+
When migrating enterprise customers who use SSO, you'll need to coordinate with them to reconfigure their Identity Provider (IdP) to point to WorkOS instead of Descope. WorkOS provides [comprehensive documentation](/sso) for setting up SSO connections with various providers.
|
|
263
|
+
|
|
264
|
+
### Account linking behavior
|
|
265
|
+
|
|
266
|
+
Descope has account linking capabilities that automatically link social accounts with matching verified email addresses. WorkOS also supports automatic account linking based on email addresses. When migrating users who have multiple linked accounts in Descope (e.g., password + Google OAuth), you should:
|
|
267
|
+
|
|
268
|
+
1. Import the user once with their primary email
|
|
269
|
+
2. Configure the relevant social providers
|
|
270
|
+
3. When users sign in with their social provider, they will automatically be linked with the accounts based on email match
|
|
271
|
+
|
|
272
|
+
### Handling interim new users
|
|
273
|
+
|
|
274
|
+
If your application allows users to sign up at any time, you should [consider the timing of your migration](/migrate/other-services/3-handling-interim-new-users). Users who sign up after you've exported data from Descope but before you've switched to WorkOS for authentication will be omitted from the migration.
|
|
275
|
+
|
|
276
|
+
There are two main strategies to handle this:
|
|
277
|
+
|
|
278
|
+
#### (A) Disable signups during migration
|
|
279
|
+
|
|
280
|
+
Schedule an appropriate time for the migration and temporarily disable signup functionality. This can be controlled using a feature flag in your application. After the migration is complete and your application is using WorkOS for authentication, re-enable signups.
|
|
281
|
+
|
|
282
|
+
#### (B) Use a dual-write strategy
|
|
283
|
+
|
|
284
|
+
For applications that cannot disable signups, implement a "dual-write" strategy. When a new user signs up, create records in both your Descope project and WorkOS using the [Create User API](/reference/authkit/user/create). This keeps WorkOS synchronized with new users, though you'll still need to perform the historical user migration. Be aware that you'll need to keep user updates (email changes, password changes) synchronized between both systems until the migration is complete.
|
|
285
|
+
|
|
286
|
+
---
|
|
287
|
+
|
|
288
|
+
## Next steps
|
|
289
|
+
|
|
290
|
+
With your users now imported, you can start using WorkOS to manage authentication for your application. If you haven't already, take a look at the [AuthKit Quick Start guide](/authkit) to learn how to integrate AuthKit into your application.
|
|
@@ -10,7 +10,7 @@ originalPath: .tmp-workos-clone/packages/docs/content/migrate/firebase.mdx
|
|
|
10
10
|
|
|
11
11
|
## Introduction
|
|
12
12
|
|
|
13
|
-
The WorkOS
|
|
13
|
+
The WorkOS AuthKit API allows you to migrate your existing user data from a variety of existing sources. In this guide, we'll walk through the steps to export your users from Firebase, and then import them into WorkOS.
|
|
14
14
|
|
|
15
15
|
## (1) Exporting Firebase user data
|
|
16
16
|
|
|
@@ -24,7 +24,7 @@ firebase auth:export --project=<your_firebase_project_id> --format=json users.js
|
|
|
24
24
|
|
|
25
25
|
After obtaining your user data from Firebase, it’s time to import it into WorkOS, mapping attributes from the [Firebase User format](https://firebase.google.com/docs/cli/auth#JSON) to WorkOS API parameters.
|
|
26
26
|
|
|
27
|
-
Using the WorkOS [Create User API](/reference/
|
|
27
|
+
Using the WorkOS [Create User API](/reference/authkit/user/create), you can create a corresponding record in WorkOS for each exported user. Use the following mapping from the Firebase format to parameters in your WorkOS Create User API calls:
|
|
28
28
|
|
|
29
29
|
| Firebase | | WorkOS API |
|
|
30
30
|
| --------------- | --- | ---------------- |
|
|
@@ -35,7 +35,7 @@ Using the WorkOS [Create User API](/reference/user-management/user/create), you
|
|
|
35
35
|
|
|
36
36
|
### Importing passwords
|
|
37
37
|
|
|
38
|
-
If your users sign in to your Firebase application using passwords, you can choose to also import those password hashes. Firebase uses a [forked version of `scrypt`](https://firebaseopensource.com/projects/firebase/scrypt/) which can be directly imported during the [user creation](/reference/
|
|
38
|
+
If your users sign in to your Firebase application using passwords, you can choose to also import those password hashes. Firebase uses a [forked version of `scrypt`](https://firebaseopensource.com/projects/firebase/scrypt/) which can be directly imported during the [user creation](/reference/authkit/user/create) process into WorkOS, or later using the [Update User API](/reference/authkit/user/update).
|
|
39
39
|
|
|
40
40
|
First, retrieve your Firebase project's password hash parameters from the Firebase console following the [export documentation](https://firebase.google.com/docs/cli/auth#password_hash_parameters). These parameters are the `base64_signer_key`, `base64_salt_separator`, `rounds`, and `mem_cost`.
|
|
41
41
|
|
|
@@ -71,7 +71,7 @@ Reach out to [support@workos.com](mailto:support@workos.com) if there are additi
|
|
|
71
71
|
|
|
72
72
|
### Email Link
|
|
73
73
|
|
|
74
|
-
If your users sign in using [Email Link](https://firebase.google.com/docs/auth/web/email-link-auth), sometimes called “passwordless”, you can achieve the same experience by adding WorkOS [Magic Auth](/reference/
|
|
74
|
+
If your users sign in using [Email Link](https://firebase.google.com/docs/auth/web/email-link-auth), sometimes called “passwordless”, you can achieve the same experience by adding WorkOS [Magic Auth](/reference/authkit/magic-auth) to your application.
|
|
75
75
|
|
|
76
76
|
### OIDC and SAML
|
|
77
77
|
|
|
@@ -9,7 +9,7 @@ originalPath: .tmp-workos-clone/packages/docs/content/migrate/other-services.mdx
|
|
|
9
9
|
|
|
10
10
|
## Introduction
|
|
11
11
|
|
|
12
|
-
The WorkOS
|
|
12
|
+
The WorkOS AuthKit API allows you to migrate your existing user data from a variety of sources. In this guide, we'll walk through the steps to export, and then import users from your own data store.
|
|
13
13
|
|
|
14
14
|
## (1) Exporting data
|
|
15
15
|
|
|
@@ -20,7 +20,7 @@ While moving authentication related metadata to WorkOS, most applications will c
|
|
|
20
20
|
| Email | The user’s email address. Used for various authentication and verification purposes. | Required |
|
|
21
21
|
| First Name | The user’s first, or given name. | Optional |
|
|
22
22
|
| Last Name | The user’s last, or family name. | Optional |
|
|
23
|
-
| Verification
|
|
23
|
+
| Verification Status | The user’s email verification status if they have gone through a verification flow. Assumed as “not verified” unless supplied. | Optional |
|
|
24
24
|
| Password | The user’s password hash, if they use password-based authentication. | Optional |
|
|
25
25
|
|
|
26
26
|
While preparing the migration, you’ll want to ensure this information is programmatically available for use in the import step, this can mean:
|
|
@@ -38,7 +38,7 @@ Now that the User data is available, we can import it into WorkOS.
|
|
|
38
38
|
|
|
39
39
|
### Creating users
|
|
40
40
|
|
|
41
|
-
For each of your users, you can call the WorkOS [Create User API](/reference/
|
|
41
|
+
For each of your users, you can call the WorkOS [Create User API](/reference/authkit/user/create). This will create a matching [User object](/reference/authkit/user) within WorkOS.
|
|
42
42
|
|
|
43
43
|
A successful response will include a new WorkOS user ID, most apps will want to persist this WorkOS user ID alongside the application-local user object.
|
|
44
44
|
|
|
@@ -63,7 +63,7 @@ There are now several options on how to proceed, depending on your application
|
|
|
63
63
|
|
|
64
64
|
### Importing passwords
|
|
65
65
|
|
|
66
|
-
If your users currently use password-based authentication, you can import existing password hashes during the [users creation](/reference/
|
|
66
|
+
If your users currently use password-based authentication, you can import existing password hashes during the [users creation](/reference/authkit/user/create) process, or later using the WorkOS [Update User API](/reference/authkit/user/update).
|
|
67
67
|
|
|
68
68
|
WorkOS currently supports the following password hashing algorithms:
|
|
69
69
|
|
|
@@ -72,6 +72,7 @@ WorkOS currently supports the following password hashing algorithms:
|
|
|
72
72
|
- `firebase-scrypt`
|
|
73
73
|
- `ssha`
|
|
74
74
|
- `pbkdf2`
|
|
75
|
+
- `argon2`
|
|
75
76
|
|
|
76
77
|
For `scrypt` and `pbkdf2` passwords, use the PHC string format.
|
|
77
78
|
The hash and salt should be B64 encoded: trim the `=` characters that represent Base64 padding. Using a PHC-formatting library, like
|
|
@@ -109,6 +110,24 @@ A valid `pbkdf2` PHC formatted string looks like this:
|
|
|
109
110
|
$pbkdf2$i=600000,d=sha256$T2ptRFh6MXhDQVh2SWZuUGdpQXBUTg$xXiyTisD7390NijyCv5ICMhFW4eDuMlzypRoLGLyIvA
|
|
110
111
|
```
|
|
111
112
|
|
|
113
|
+
#### argon2
|
|
114
|
+
|
|
115
|
+
| `argon2` value | | PHC hash parameter |
|
|
116
|
+
| -------------- | --- | ------------------ |
|
|
117
|
+
| `variant` | → | algorithm id |
|
|
118
|
+
| `version` | → | `v` |
|
|
119
|
+
| `memory` | → | `m` |
|
|
120
|
+
| `time` | → | `t` |
|
|
121
|
+
| `parallelism` | → | `p` |
|
|
122
|
+
|
|
123
|
+
The variant should be `argon2id`, but older supported variants include `argon2d` and `argon2i`. The version must be `19`. The following memory, time (iterations), and parallelism settings are based on [OWASP recommendations](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id). Memory is specified in KiB with a minimum of 4,096 KiB (4 MiB) and maximum of 262,144 KiB (256 MiB). For time, there is a minimum of 1 iteration and a maximum of 5 iterations, except for `argon2i` which has a minimum of 3 iterations. Parallelism ranges from 1 to 8 threads. If your requirements fall outside of these guidelines, please [contact support](mailto:support@workos.com).
|
|
124
|
+
|
|
125
|
+
A valid `argon2` PHC formatted string looks like this:
|
|
126
|
+
|
|
127
|
+
```txt
|
|
128
|
+
$argon2id$v=19$m=65536,t=3,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG
|
|
129
|
+
```
|
|
130
|
+
|
|
112
131
|
For `firebase-scrypt` passwords, refer to the [Firebase Migration guide](/migrate/firebase) for an example of how to format the `password_hash`.
|
|
113
132
|
|
|
114
133
|
For `ssha` passwords, use the following algorithm:
|
|
@@ -124,7 +143,7 @@ Once imported, users can continue to sign-in with their existing password, **wit
|
|
|
124
143
|
|
|
125
144
|
### Triggering password resets
|
|
126
145
|
|
|
127
|
-
If you are unable to export passwords from your existing data store, whether for security reasons or other limitations, you can programmatically trigger a password reset flow using the WorkOS [Password Reset API](/reference/
|
|
146
|
+
If you are unable to export passwords from your existing data store, whether for security reasons or other limitations, you can programmatically trigger a password reset flow using the WorkOS [Password Reset API](/reference/authkit/password-reset).
|
|
128
147
|
|
|
129
148
|
This process can be initiated at any time, and doesn’t need to happen during the user import process.
|
|
130
149
|
|
|
@@ -162,7 +181,7 @@ For applications that want to avoid disabling signups, a “dual-write” strate
|
|
|
162
181
|
|
|
163
182
|
[border=false]
|
|
164
183
|
|
|
165
|
-
When a new user signs-up, in addition to creating a user record in the existing user store, the application should also create a matching record in WorkOS using the [Create User API](/reference/
|
|
184
|
+
When a new user signs-up, in addition to creating a user record in the existing user store, the application should also create a matching record in WorkOS using the [Create User API](/reference/authkit/user/create). As time passes, WorkOS will stay consistent with future new users, but a migration will still need to be performed for the historical set of users.
|
|
166
185
|
|
|
167
186
|
You will need to perform the same export and import process into WorkOS, but keeping in mind that some users will already exist in WorkOS as a result from the “dual-write”.
|
|
168
187
|
|
|
@@ -9,23 +9,23 @@ originalPath: .tmp-workos-clone/packages/docs/content/migrate/standalone-sso.mdx
|
|
|
9
9
|
|
|
10
10
|
## Introduction
|
|
11
11
|
|
|
12
|
-
The WorkOS
|
|
12
|
+
The WorkOS AuthKit API supports all of the same social and enterprise identity providers, while providing higher level authentication features that most applications need. In this guide, we'll outline the steps to migrate an existing WorkOS SSO integration to the AuthKit API.
|
|
13
13
|
|
|
14
14
|
> The existing standalone [WorkOS SSO API](/reference/sso) will continue to be supported. This is a viable option for you if you prefer to handle more of the authentication flow yourself.
|
|
15
15
|
|
|
16
16
|
## The new User resource
|
|
17
17
|
|
|
18
|
-
The primary difference between existing integrations with [SSO](/sso) or [Directory Sync](/directory-sync) is the addition of a new resource: [Users](/reference/
|
|
18
|
+
The primary difference between existing integrations with [SSO](/sso) or [Directory Sync](/directory-sync) is the addition of a new resource: [Users](/reference/authkit/user).
|
|
19
19
|
|
|
20
|
-
The WorkOS [User object](/reference/
|
|
20
|
+
The WorkOS [User object](/reference/authkit/user) represents a single user in your application, and binds together information from all of the Directory and Identity providers that WorkOS supports into a single resource. As you migrate your existing integration, you can expect to replace references to WorkOS Profiles and Directory Users with instead references to Users.
|
|
21
21
|
|
|
22
|
-
## Switch to
|
|
22
|
+
## Switch to AuthKit API calls
|
|
23
23
|
|
|
24
|
-
If you have built an integration with our standalone SSO API using [Get Authorization URL](/reference/sso/get-authorization-url), you will need to switch these calls with analogous calls to the
|
|
24
|
+
If you have built an integration with our standalone SSO API using [Get Authorization URL](/reference/sso/get-authorization-url), you will need to switch these calls with analogous calls to the AuthKit API.
|
|
25
25
|
|
|
26
26
|
### (1) Switch SSO initiation call
|
|
27
27
|
|
|
28
|
-
When initiating SSO for one of your users, instead of calling the SSO [Get Authorization URL](/reference/sso/get-authorization-url) API, call the
|
|
28
|
+
When initiating SSO for one of your users, instead of calling the SSO [Get Authorization URL](/reference/sso/get-authorization-url) API, call the AuthKit [Get Authorization URL](/reference/authkit/authentication/get-authorization-url) API instead:
|
|
29
29
|
|
|
30
30
|
<CodeBlock title="Update Initiation Calls">
|
|
31
31
|
<CodeBlockTab
|
|
@@ -40,13 +40,13 @@ When initiating SSO for one of your users, instead of calling the SSO [Get Autho
|
|
|
40
40
|
/>
|
|
41
41
|
</CodeBlock>
|
|
42
42
|
|
|
43
|
-
The
|
|
43
|
+
The AuthKit Get Authorization API supports all of the same initiation parameters as the SSO API. In addition, it also supports an additional provider type, `authkit`, which will be covered later in this guide.
|
|
44
44
|
|
|
45
45
|
### (2) Switch API in Application Callback
|
|
46
46
|
|
|
47
47
|
Similar to an SSO integration, your application will still have a callback identified by the Redirect URI passed during the previous initiation call. The contract with your callback is the same, where you should expect to be given a `code`, along with any `state` that was originally provided.
|
|
48
48
|
|
|
49
|
-
However, instead of calling the SSO [Get a Profile and Token](/reference/sso/profile/get-profile-and-token) API, call the
|
|
49
|
+
However, instead of calling the SSO [Get a Profile and Token](/reference/sso/profile/get-profile-and-token) API, call the AuthKit [Authenticate](/reference/authkit/authentication) API instead, with the `grant_type` set to `authorization_code`:
|
|
50
50
|
|
|
51
51
|
<CodeBlock title="Update Application Callback">
|
|
52
52
|
<CodeBlockTab
|
|
@@ -61,13 +61,13 @@ However, instead of calling the SSO [Get a Profile and Token](/reference/sso/pro
|
|
|
61
61
|
/>
|
|
62
62
|
</CodeBlock>
|
|
63
63
|
|
|
64
|
-
> **Important:** Instead of receiving a [Profile](/reference/sso/profile), your application now receives a full [User object](/reference/
|
|
64
|
+
> **Important:** Instead of receiving a [Profile](/reference/sso/profile), your application now receives a full [User object](/reference/authkit/user). While many of the fields are similar, such as the user’s email or name, the **User ID’s will be different** than the Profile ID’s you may have previously persisted in your application.
|
|
65
65
|
|
|
66
|
-
If email is a unique identifier in your application, you can use the WorkOS User’s email to identify the application-local user. WorkOS ensures that user email is verified before successfully completing an authentication request. When the API issues an email verification challenge, an [email verification response](/reference/
|
|
66
|
+
If email is a unique identifier in your application, you can use the WorkOS User’s email to identify the application-local user. WorkOS ensures that user email is verified before successfully completing an authentication request. When the API issues an email verification challenge, an [email verification response](/reference/authkit/authentication-errors/email-verification-required-error) is returned.
|
|
67
67
|
|
|
68
68
|
### Handling new authentication flows
|
|
69
69
|
|
|
70
|
-
The
|
|
70
|
+
The AuthKit API offers a higher-level abstraction than the SSO API, offering more advanced [security features](/authkit/overview/security) like email verification and account Linking.
|
|
71
71
|
|
|
72
72
|
This means that when your application attempts to exchange a code for a user object, it may return one of several new expected errors. These map to cases that were previously mentioned, like requiring that the user first verify their email, or enroll in MFA.
|
|
73
73
|
|
|
@@ -77,7 +77,7 @@ If your application doesn’t require these extra settings, they can be disabled
|
|
|
77
77
|
|
|
78
78
|
## AuthKit
|
|
79
79
|
|
|
80
|
-
If you prefer to have full control over the authentication UI, you can choose to integrate with the
|
|
80
|
+
If you prefer to have full control over the authentication UI, you can choose to integrate with the AuthKit API directly. However, the easiest way to get started is to use AuthKit Hosted UI, a pre-built hosted authentication UI that guides users through all of the advanced flows, like email verification and MFA enrollment.
|
|
81
81
|
|
|
82
82
|
You can enable AuthKit from the WorkOS dashboard, where you can also configure AuthKit branding and custom domains.
|
|
83
83
|
|
|
@@ -96,10 +96,10 @@ AuthKit can handle many of the concerns your application likely needed to previo
|
|
|
96
96
|
|
|
97
97
|
## Directory Sync
|
|
98
98
|
|
|
99
|
-
Directory provisioning is also supported in
|
|
99
|
+
Directory provisioning is also supported in AuthKit. See the [Directory Provisioning documentation](/authkit/directory-provisioning) to learn more.
|
|
100
100
|
|
|
101
101
|
## Next Steps
|
|
102
102
|
|
|
103
|
-
Check out the [full guide](/
|
|
103
|
+
Check out the [full guide](/authkit), along with the [API reference](/reference/authkit) to get an idea of all the ways your application’s user management needs can be solved by WorkOS.
|
|
104
104
|
|
|
105
105
|
If you need help migrating your existing WorkOS integration, or have any other questions, please reach out to [WorkOS support](mailto:support@workos.com?subject=WorkOS%20Support).
|