@workos/mcp-docs-server 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (568) hide show
  1. package/.docs/organized/changelogs/workos-platform.json +125 -125
  2. package/.docs/organized/docs/admin-portal/custom-branding.mdx +2 -4
  3. package/.docs/organized/docs/admin-portal/example-apps.mdx +11 -11
  4. package/.docs/organized/docs/admin-portal/index.mdx +39 -33
  5. package/.docs/organized/docs/audit-logs/admin-portal.mdx +1 -1
  6. package/.docs/organized/docs/audit-logs/editing-events.mdx +1 -1
  7. package/.docs/organized/docs/audit-logs/exporting-events.mdx +1 -1
  8. package/.docs/organized/docs/audit-logs/index.mdx +17 -2
  9. package/.docs/organized/docs/audit-logs/log-streams.mdx +325 -1
  10. package/.docs/organized/docs/audit-logs/metadata-schema.mdx +1 -1
  11. package/.docs/organized/docs/authkit/_navigation.mdx +108 -0
  12. package/.docs/organized/docs/{user-management → authkit}/actions.mdx +3 -4
  13. package/.docs/organized/docs/authkit/add-ons/google-analytics.mdx +79 -0
  14. package/.docs/organized/docs/authkit/add-ons/segment.mdx +77 -0
  15. package/.docs/organized/docs/authkit/add-ons/stripe.mdx +103 -0
  16. package/.docs/organized/docs/authkit/api-keys.mdx +99 -0
  17. package/.docs/organized/docs/{user-management → authkit}/branding.mdx +220 -2
  18. package/.docs/organized/docs/authkit/cli-auth.mdx +76 -0
  19. package/.docs/organized/docs/authkit/cli-installer.mdx +157 -0
  20. package/.docs/organized/docs/authkit/connect/m2m.mdx +65 -0
  21. package/.docs/organized/docs/authkit/connect/oauth.mdx +88 -0
  22. package/.docs/organized/docs/authkit/connect/standalone.mdx +179 -0
  23. package/.docs/organized/docs/authkit/connect.mdx +65 -0
  24. package/.docs/organized/docs/authkit/custom-email-providers.mdx +141 -0
  25. package/.docs/organized/docs/{user-management → authkit}/custom-emails.mdx +15 -15
  26. package/.docs/organized/docs/authkit/directory-provisioning.mdx +89 -0
  27. package/.docs/organized/docs/{user-management → authkit}/domain-verification.mdx +5 -6
  28. package/.docs/organized/docs/{user-management → authkit}/email-password.mdx +2 -2
  29. package/.docs/organized/docs/authkit/email-verification.mdx +31 -0
  30. package/.docs/organized/docs/{user-management → authkit}/example-apps.mdx +3 -3
  31. package/.docs/organized/docs/authkit/hosted-ui.mdx +165 -0
  32. package/.docs/organized/docs/{user-management → authkit}/identity-linking.mdx +9 -9
  33. package/.docs/organized/docs/{user-management → authkit}/impersonation.mdx +8 -8
  34. package/.docs/organized/docs/{user-management → authkit}/index.mdx +141 -74
  35. package/.docs/organized/docs/{user-management → authkit}/invitations.mdx +4 -4
  36. package/.docs/organized/docs/{user-management → authkit}/invite-only-signup.mdx +3 -3
  37. package/.docs/organized/docs/authkit/jit-provisioning.mdx +42 -0
  38. package/.docs/organized/docs/{user-management → authkit}/jwt-templates.mdx +37 -3
  39. package/.docs/organized/docs/authkit/landing.mdx +22 -0
  40. package/.docs/organized/docs/{user-management → authkit}/magic-auth.mdx +3 -5
  41. package/.docs/organized/docs/{user-management → authkit}/mcp.mdx +46 -9
  42. package/.docs/organized/docs/{user-management → authkit}/metadata.mdx +9 -9
  43. package/.docs/organized/docs/{user-management → authkit}/mfa.mdx +2 -2
  44. package/.docs/organized/docs/{user-management → authkit}/migrations.mdx +4 -4
  45. package/.docs/organized/docs/{user-management → authkit}/modeling-your-app.mdx +11 -11
  46. package/.docs/organized/docs/{user-management → authkit}/organization-policies.mdx +3 -4
  47. package/.docs/organized/docs/authkit/overview.mdx +46 -0
  48. package/.docs/organized/docs/{user-management → authkit}/passkeys.mdx +3 -3
  49. package/.docs/organized/docs/authkit/pipes.mdx +75 -0
  50. package/.docs/organized/docs/{user-management → authkit}/radar.mdx +39 -4
  51. package/.docs/organized/docs/authkit/roles-and-permissions.mdx +208 -0
  52. package/.docs/organized/docs/{user-management → authkit}/sessions.mdx +32 -20
  53. package/.docs/organized/docs/{user-management → authkit}/social-login.mdx +16 -2
  54. package/.docs/organized/docs/{user-management → authkit}/sso-with-contractors.mdx +3 -4
  55. package/.docs/organized/docs/{user-management → authkit}/sso.mdx +2 -2
  56. package/.docs/organized/docs/authkit/users-organizations.mdx +107 -0
  57. package/.docs/organized/docs/custom-domains/admin-portal.mdx +0 -2
  58. package/.docs/organized/docs/custom-domains/authkit.mdx +0 -2
  59. package/.docs/organized/docs/custom-domains/email.mdx +2 -2
  60. package/.docs/organized/docs/deprecations/_navigation.mdx +8 -0
  61. package/.docs/organized/docs/deprecations/raw-attributes.mdx +136 -0
  62. package/.docs/organized/docs/directory-sync/attributes.mdx +50 -31
  63. package/.docs/organized/docs/directory-sync/example-apps.mdx +11 -11
  64. package/.docs/organized/docs/directory-sync/identity-provider-role-assignment.mdx +23 -26
  65. package/.docs/organized/docs/directory-sync/index.mdx +4 -2
  66. package/.docs/organized/docs/directory-sync/quick-start.mdx +3 -3
  67. package/.docs/organized/docs/directory-sync/understanding-events.mdx +2 -2
  68. package/.docs/organized/docs/domain-verification/api.mdx +8 -8
  69. package/.docs/organized/docs/domain-verification/index.mdx +3 -3
  70. package/.docs/organized/docs/email.mdx +49 -5
  71. package/.docs/organized/docs/events/data-syncing/events-api.mdx +3 -3
  72. package/.docs/organized/docs/events/data-syncing/index.mdx +2 -3
  73. package/.docs/organized/docs/events/data-syncing/webhooks.mdx +4 -4
  74. package/.docs/organized/docs/events/index.mdx +419 -33
  75. package/.docs/organized/docs/feature-flags/_navigation.mdx +10 -0
  76. package/.docs/organized/docs/feature-flags/index.mdx +80 -0
  77. package/.docs/organized/docs/feature-flags/slack-notifications.mdx +58 -0
  78. package/.docs/organized/docs/fga/_navigation.mdx +34 -54
  79. package/.docs/organized/docs/fga/access-checks.mdx +109 -0
  80. package/.docs/organized/docs/fga/assignments.mdx +124 -0
  81. package/.docs/organized/docs/fga/authkit-integration.mdx +92 -0
  82. package/.docs/organized/docs/fga/high-cardinality-entities.mdx +172 -0
  83. package/.docs/organized/docs/fga/idp-role-assignment.mdx +66 -0
  84. package/.docs/organized/docs/fga/index.mdx +94 -29
  85. package/.docs/organized/docs/fga/migration-openfga.mdx +306 -0
  86. package/.docs/organized/docs/fga/migration-oso.mdx +372 -0
  87. package/.docs/organized/docs/fga/migration-spicedb.mdx +364 -0
  88. package/.docs/organized/docs/fga/quick-start.mdx +283 -98
  89. package/.docs/organized/docs/fga/resource-discovery.mdx +78 -0
  90. package/.docs/organized/docs/fga/resource-types.mdx +165 -0
  91. package/.docs/organized/docs/fga/resources.mdx +179 -59
  92. package/.docs/organized/docs/fga/roles-and-permissions.mdx +122 -0
  93. package/.docs/organized/docs/fga/standalone-integration.mdx +176 -0
  94. package/.docs/organized/docs/glossary.mdx +7 -3
  95. package/.docs/organized/docs/integrations/access-people-hr.mdx +1 -1
  96. package/.docs/organized/docs/integrations/adp-oidc.mdx +1 -1
  97. package/.docs/organized/docs/integrations/apple.mdx +112 -69
  98. package/.docs/organized/docs/integrations/auth0-directory-sync.mdx +3 -1
  99. package/.docs/organized/docs/integrations/auth0-enterprise-connection.mdx +3 -1
  100. package/.docs/organized/docs/integrations/auth0-saml.mdx +3 -1
  101. package/.docs/organized/docs/integrations/bamboohr.mdx +4 -4
  102. package/.docs/organized/docs/integrations/breathe-hr.mdx +1 -1
  103. package/.docs/organized/docs/integrations/bubble.mdx +1 -1
  104. package/.docs/organized/docs/integrations/cas-saml.mdx +2 -2
  105. package/.docs/organized/docs/integrations/classlink-saml.mdx +2 -2
  106. package/.docs/organized/docs/integrations/clever-oidc.mdx +94 -0
  107. package/.docs/organized/docs/integrations/cloudflare-saml.mdx +35 -2
  108. package/.docs/organized/docs/integrations/cyberark-saml.mdx +2 -2
  109. package/.docs/organized/docs/integrations/cyberark-scim.mdx +1 -1
  110. package/.docs/organized/docs/integrations/duo-saml.mdx +2 -2
  111. package/.docs/organized/docs/integrations/entra-id-oidc.mdx +198 -0
  112. package/.docs/organized/docs/integrations/entra-id-saml.mdx +3 -3
  113. package/.docs/organized/docs/integrations/entra-id-scim.mdx +5 -1
  114. package/.docs/organized/docs/integrations/fourth.mdx +2 -2
  115. package/.docs/organized/docs/integrations/github-oauth.mdx +80 -33
  116. package/.docs/organized/docs/integrations/gitlab-oauth.mdx +86 -31
  117. package/.docs/organized/docs/integrations/google-directory-sync.mdx +5 -1
  118. package/.docs/organized/docs/integrations/google-oauth.mdx +87 -70
  119. package/.docs/organized/docs/integrations/google-oidc.mdx +142 -0
  120. package/.docs/organized/docs/integrations/google-saml.mdx +3 -3
  121. package/.docs/organized/docs/integrations/hibob.mdx +17 -4
  122. package/.docs/organized/docs/integrations/intuit-oauth.mdx +128 -0
  123. package/.docs/organized/docs/integrations/jumpcloud-saml.mdx +2 -2
  124. package/.docs/organized/docs/integrations/jumpcloud-scim.mdx +5 -1
  125. package/.docs/organized/docs/integrations/keycloak-saml.mdx +2 -2
  126. package/.docs/organized/docs/integrations/lastpass-saml.mdx +2 -2
  127. package/.docs/organized/docs/integrations/linkedin-oauth.mdx +69 -30
  128. package/.docs/organized/docs/integrations/microsoft-ad-fs-saml.mdx +2 -2
  129. package/.docs/organized/docs/integrations/microsoft-oauth.mdx +95 -38
  130. package/.docs/organized/docs/integrations/miniorange-saml.mdx +2 -2
  131. package/.docs/organized/docs/integrations/net-iq-saml.mdx +2 -2
  132. package/.docs/organized/docs/integrations/next-auth.mdx +1 -1
  133. package/.docs/organized/docs/integrations/oidc.mdx +37 -24
  134. package/.docs/organized/docs/integrations/okta-oidc.mdx +149 -0
  135. package/.docs/organized/docs/integrations/okta-saml.mdx +3 -3
  136. package/.docs/organized/docs/integrations/okta-scim.mdx +6 -2
  137. package/.docs/organized/docs/integrations/onelogin-saml.mdx +2 -2
  138. package/.docs/organized/docs/integrations/onelogin-scim.mdx +1 -1
  139. package/.docs/organized/docs/integrations/oracle-saml.mdx +2 -2
  140. package/.docs/organized/docs/integrations/pingfederate-saml.mdx +2 -2
  141. package/.docs/organized/docs/integrations/pingfederate-scim.mdx +1 -1
  142. package/.docs/organized/docs/integrations/pingone-saml.mdx +2 -2
  143. package/.docs/organized/docs/integrations/rippling-saml.mdx +2 -2
  144. package/.docs/organized/docs/integrations/rippling-scim.mdx +1 -1
  145. package/.docs/organized/docs/integrations/sailpoint-scim.mdx +77 -0
  146. package/.docs/organized/docs/integrations/salesforce-oauth.mdx +116 -0
  147. package/.docs/organized/docs/integrations/salesforce-saml.mdx +4 -4
  148. package/.docs/organized/docs/integrations/saml.mdx +43 -23
  149. package/.docs/organized/docs/integrations/scim.mdx +36 -24
  150. package/.docs/organized/docs/integrations/sftp.mdx +59 -36
  151. package/.docs/organized/docs/integrations/shibboleth-generic-saml.mdx +1 -1
  152. package/.docs/organized/docs/integrations/shibboleth-unsolicited-saml.mdx +1 -1
  153. package/.docs/organized/docs/integrations/simple-saml-php.mdx +2 -2
  154. package/.docs/organized/docs/integrations/slack-oauth.mdx +53 -49
  155. package/.docs/organized/docs/integrations/supabase-authkit.mdx +46 -0
  156. package/.docs/organized/docs/integrations/{supabase.mdx → supabase-sso.mdx} +6 -4
  157. package/.docs/organized/docs/integrations/vercel-oauth.mdx +120 -0
  158. package/.docs/organized/docs/integrations/vmware-saml.mdx +2 -2
  159. package/.docs/organized/docs/integrations/workday.mdx +1 -1
  160. package/.docs/organized/docs/integrations/xero-oauth.mdx +77 -32
  161. package/.docs/organized/docs/magic-link/example-apps.mdx +11 -11
  162. package/.docs/organized/docs/magic-link/index.mdx +2 -0
  163. package/.docs/organized/docs/mfa/example-apps.mdx +2 -2
  164. package/.docs/organized/docs/mfa/index.mdx +2 -2
  165. package/.docs/organized/docs/mfa/ux/enrollment.mdx +1 -1
  166. package/.docs/organized/docs/mfa/ux/sign-in.mdx +1 -1
  167. package/.docs/organized/docs/migrate/_navigation.mdx +21 -1
  168. package/.docs/organized/docs/migrate/auth0.mdx +5 -5
  169. package/.docs/organized/docs/migrate/aws-cognito.mdx +5 -5
  170. package/.docs/organized/docs/migrate/better-auth.mdx +282 -0
  171. package/.docs/organized/docs/migrate/clerk.mdx +9 -11
  172. package/.docs/organized/docs/migrate/descope.mdx +290 -0
  173. package/.docs/organized/docs/migrate/firebase.mdx +4 -4
  174. package/.docs/organized/docs/migrate/other-services.mdx +25 -6
  175. package/.docs/organized/docs/migrate/standalone-sso.mdx +14 -14
  176. package/.docs/organized/docs/migrate/stytch.mdx +363 -0
  177. package/.docs/organized/docs/migrate/supabase.mdx +255 -0
  178. package/.docs/organized/docs/on-prem-deployment.mdx +1 -1
  179. package/.docs/organized/docs/pipes/_navigation.mdx +12 -0
  180. package/.docs/organized/docs/pipes/index.mdx +75 -0
  181. package/.docs/organized/docs/pipes/providers.mdx +9 -0
  182. package/.docs/organized/docs/rbac/_navigation.mdx +16 -0
  183. package/.docs/organized/docs/rbac/configuration.mdx +80 -0
  184. package/.docs/organized/docs/rbac/idp-role-assignment.mdx +79 -0
  185. package/.docs/organized/docs/rbac/index.mdx +24 -0
  186. package/.docs/organized/docs/rbac/integration.mdx +59 -0
  187. package/.docs/organized/docs/rbac/organization-roles.mdx +38 -0
  188. package/.docs/organized/docs/rbac/quick-start.mdx +52 -0
  189. package/.docs/organized/docs/reference/_navigation.mdx +437 -284
  190. package/.docs/organized/docs/reference/admin-portal/portal-link/index.mdx +1 -1
  191. package/.docs/organized/docs/reference/admin-portal/provider-icons/index.mdx +3 -3
  192. package/.docs/organized/docs/reference/{api-keys.mdx → api-authentication/index.mdx} +3 -3
  193. package/.docs/organized/docs/reference/audit-logs/configuration/index.mdx +97 -0
  194. package/.docs/organized/docs/reference/audit-logs/{create-event.mdx → event/create.mdx} +12 -2
  195. package/.docs/organized/docs/reference/audit-logs/event/index.mdx +92 -0
  196. package/.docs/organized/docs/reference/audit-logs/{create-export.mdx → export/create.mdx} +1 -1
  197. package/.docs/organized/docs/reference/audit-logs/{get-export.mdx → export/get.mdx} +1 -1
  198. package/.docs/organized/docs/reference/audit-logs/{audit-log-export.mdx → export/index.mdx} +11 -12
  199. package/.docs/organized/docs/reference/audit-logs/{get-retention.mdx → retention/get.mdx} +1 -1
  200. package/.docs/organized/docs/reference/audit-logs/retention/index.mdx +25 -0
  201. package/.docs/organized/docs/reference/audit-logs/{set-retention.mdx → retention/set.mdx} +1 -1
  202. package/.docs/organized/docs/reference/audit-logs/{create-schema.mdx → schema/create.mdx} +1 -1
  203. package/.docs/organized/docs/reference/audit-logs/{audit-log-schema.mdx → schema/index.mdx} +5 -6
  204. package/.docs/organized/docs/reference/audit-logs/{list-actions.mdx → schema/list-actions.mdx} +2 -1
  205. package/.docs/organized/docs/reference/audit-logs/{list-schemas.mdx → schema/list.mdx} +1 -1
  206. package/.docs/organized/docs/reference/authkit/api-keys/create-for-organization.mdx +40 -0
  207. package/.docs/organized/docs/reference/authkit/api-keys/delete.mdx +23 -0
  208. package/.docs/organized/docs/reference/authkit/api-keys/index.mdx +275 -0
  209. package/.docs/organized/docs/reference/authkit/api-keys/list-for-organization.mdx +41 -0
  210. package/.docs/organized/docs/reference/authkit/api-keys/validate.mdx +77 -0
  211. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/code.mdx +138 -18
  212. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/email-verification.mdx +10 -10
  213. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/error-codes.mdx +3 -3
  214. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/index.mdx +64 -17
  215. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/pkce.mdx +2 -2
  216. package/.docs/organized/docs/reference/authkit/authentication/get-authorization-url/redirect-uri.mdx +47 -0
  217. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/index.mdx +19 -11
  218. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/magic-auth.mdx +9 -9
  219. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/organization-selection.mdx +9 -9
  220. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/password.mdx +8 -8
  221. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/refresh-and-seal-session-data.mdx +3 -3
  222. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/refresh-token.mdx +17 -17
  223. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/session-cookie.mdx +7 -3
  224. package/.docs/organized/docs/reference/{user-management → authkit}/authentication/totp.mdx +10 -10
  225. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/email-verification-required-error.mdx +3 -3
  226. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/index.mdx +1 -3
  227. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/mfa-challenge-error.mdx +3 -3
  228. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/mfa-enrollment-error.mdx +3 -3
  229. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/organization-authentication-required-error.mdx +3 -3
  230. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/organization-selection-error.mdx +3 -4
  231. package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/sso-required-error.mdx +3 -3
  232. package/.docs/organized/docs/reference/authkit/cli-auth/device-authorization.mdx +61 -0
  233. package/.docs/organized/docs/reference/authkit/cli-auth/device-code.mdx +57 -0
  234. package/.docs/organized/docs/reference/authkit/cli-auth/error-codes.mdx +31 -0
  235. package/.docs/organized/docs/reference/authkit/cli-auth/index.mdx +22 -0
  236. package/.docs/organized/docs/reference/{user-management → authkit}/email-verification/get.mdx +8 -8
  237. package/.docs/organized/docs/reference/{user-management → authkit}/email-verification/index.mdx +9 -11
  238. package/.docs/organized/docs/reference/{user-management → authkit}/identity/index.mdx +6 -9
  239. package/.docs/organized/docs/reference/{user-management → authkit}/identity/list.mdx +5 -6
  240. package/.docs/organized/docs/reference/authkit/index.mdx +13 -0
  241. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/accept.mdx +5 -5
  242. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/find-by-token.mdx +8 -8
  243. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/get.mdx +8 -9
  244. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/index.mdx +10 -15
  245. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/list.mdx +10 -11
  246. package/.docs/organized/docs/reference/authkit/invitation/resend.mdx +109 -0
  247. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/revoke.mdx +8 -8
  248. package/.docs/organized/docs/reference/{user-management → authkit}/invitation/send.mdx +23 -13
  249. package/.docs/organized/docs/reference/{user-management → authkit}/logout/get-logout-url-from-session-cookie.mdx +2 -2
  250. package/.docs/organized/docs/reference/{user-management → authkit}/logout/get-logout-url.mdx +8 -8
  251. package/.docs/organized/docs/reference/{user-management → authkit}/logout/index.mdx +4 -5
  252. package/.docs/organized/docs/reference/{user-management → authkit}/magic-auth/create.mdx +10 -10
  253. package/.docs/organized/docs/reference/{user-management → authkit}/magic-auth/get.mdx +9 -10
  254. package/.docs/organized/docs/reference/{user-management → authkit}/magic-auth/index.mdx +10 -15
  255. package/.docs/organized/docs/reference/{user-management → authkit}/mfa/authentication-challenge.mdx +9 -10
  256. package/.docs/organized/docs/reference/{user-management → authkit}/mfa/authentication-factor.mdx +11 -11
  257. package/.docs/organized/docs/reference/{user-management → authkit}/mfa/enroll-auth-factor.mdx +19 -15
  258. package/.docs/organized/docs/reference/authkit/mfa/index.mdx +11 -0
  259. package/.docs/organized/docs/reference/{user-management → authkit}/mfa/list-auth-factors.mdx +9 -9
  260. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/create.mdx +27 -10
  261. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/deactivate.mdx +10 -10
  262. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/delete.mdx +8 -8
  263. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/get.mdx +8 -8
  264. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/index.mdx +107 -14
  265. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/list.mdx +10 -10
  266. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/reactivate.mdx +11 -11
  267. package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/update.mdx +25 -9
  268. package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/create.mdx +8 -8
  269. package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/get.mdx +8 -8
  270. package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/index.mdx +10 -12
  271. package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/reset-password.mdx +8 -8
  272. package/.docs/organized/docs/reference/authkit/session/index.mdx +128 -0
  273. package/.docs/organized/docs/reference/authkit/session/list.mdx +110 -0
  274. package/.docs/organized/docs/reference/authkit/session/revoke.mdx +73 -0
  275. package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/authenticate.mdx +22 -6
  276. package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/get-logout-url.mdx +5 -5
  277. package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/index.mdx +2 -2
  278. package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/load-sealed-session.mdx +4 -4
  279. package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/refresh.mdx +18 -6
  280. package/.docs/organized/docs/reference/{user-management → authkit}/session-tokens/access-token.mdx +16 -8
  281. package/.docs/organized/docs/reference/authkit/session-tokens/index.mdx +5 -0
  282. package/.docs/organized/docs/reference/{user-management → authkit}/session-tokens/jwks.mdx +8 -8
  283. package/.docs/organized/docs/reference/authkit/session-tokens/refresh-token.mdx +8 -0
  284. package/.docs/organized/docs/reference/{user-management → authkit}/user/create.mdx +36 -17
  285. package/.docs/organized/docs/reference/{user-management → authkit}/user/delete.mdx +8 -9
  286. package/.docs/organized/docs/reference/{user-management → authkit}/user/get-by-external-id.mdx +16 -4
  287. package/.docs/organized/docs/reference/{user-management → authkit}/user/get.mdx +8 -8
  288. package/.docs/organized/docs/reference/{user-management → authkit}/user/index.mdx +25 -15
  289. package/.docs/organized/docs/reference/{user-management → authkit}/user/list.mdx +9 -12
  290. package/.docs/organized/docs/reference/{user-management → authkit}/user/update.mdx +43 -20
  291. package/.docs/organized/docs/reference/{client-libraries.mdx → client-libraries/index.mdx} +2 -2
  292. package/.docs/organized/docs/reference/directory-sync/directory/index.mdx +1 -1
  293. package/.docs/organized/docs/reference/directory-sync/directory-group/index.mdx +1 -24
  294. package/.docs/organized/docs/reference/directory-sync/directory-user/index.mdx +1 -29
  295. package/.docs/organized/docs/reference/directory-sync/directory-user/list.mdx +1 -1
  296. package/.docs/organized/docs/reference/directory-sync/index.mdx +1 -1
  297. package/.docs/organized/docs/reference/domain-verification/create.mdx +35 -0
  298. package/.docs/organized/docs/reference/domain-verification/delete.mdx +55 -0
  299. package/.docs/organized/docs/reference/domain-verification/get.mdx +29 -0
  300. package/.docs/organized/docs/reference/domain-verification/index.mdx +57 -1
  301. package/.docs/organized/docs/reference/domain-verification/verify.mdx +29 -0
  302. package/.docs/organized/docs/reference/{errors.mdx → errors/index.mdx} +1 -1
  303. package/.docs/organized/docs/reference/events/list.mdx +5 -4
  304. package/.docs/organized/docs/reference/feature-flags/flag/disable.mdx +33 -0
  305. package/.docs/organized/docs/reference/feature-flags/flag/enable.mdx +33 -0
  306. package/.docs/organized/docs/reference/feature-flags/flag/get.mdx +32 -0
  307. package/.docs/organized/docs/reference/feature-flags/flag/index.mdx +116 -0
  308. package/.docs/organized/docs/reference/feature-flags/flag/list.mdx +67 -0
  309. package/.docs/organized/docs/reference/feature-flags/index.mdx +123 -0
  310. package/.docs/organized/docs/reference/feature-flags/targeting/add.mdx +43 -0
  311. package/.docs/organized/docs/reference/feature-flags/targeting/index.mdx +23 -0
  312. package/.docs/organized/docs/reference/feature-flags/targeting/list-for-organization.mdx +132 -0
  313. package/.docs/organized/docs/reference/feature-flags/targeting/list-for-user.mdx +94 -0
  314. package/.docs/organized/docs/reference/feature-flags/targeting/remove.mdx +43 -0
  315. package/.docs/organized/docs/reference/fga/access-check/check.mdx +102 -0
  316. package/.docs/organized/docs/reference/fga/access-check/index.mdx +6 -0
  317. package/.docs/organized/docs/reference/fga/access-check/list-memberships-by-external-id.mdx +143 -0
  318. package/.docs/organized/docs/reference/fga/access-check/list-memberships.mdx +127 -0
  319. package/.docs/organized/docs/reference/fga/access-check/list-resources.mdx +152 -0
  320. package/.docs/organized/docs/reference/fga/index.mdx +14 -2
  321. package/.docs/organized/docs/reference/fga/resource/create.mdx +74 -88
  322. package/.docs/organized/docs/reference/fga/resource/delete-by-external-id.mdx +78 -0
  323. package/.docs/organized/docs/reference/fga/resource/delete.mdx +38 -62
  324. package/.docs/organized/docs/reference/fga/resource/get-by-external-id.mdx +60 -0
  325. package/.docs/organized/docs/reference/fga/resource/get.mdx +15 -63
  326. package/.docs/organized/docs/reference/fga/resource/index.mdx +74 -73
  327. package/.docs/organized/docs/reference/fga/resource/list.mdx +90 -131
  328. package/.docs/organized/docs/reference/fga/resource/update-by-external-id.mdx +81 -0
  329. package/.docs/organized/docs/reference/fga/resource/update.mdx +29 -85
  330. package/.docs/organized/docs/reference/fga/role-assignment/create.mdx +89 -0
  331. package/.docs/organized/docs/reference/fga/role-assignment/delete-by-id.mdx +59 -0
  332. package/.docs/organized/docs/reference/fga/role-assignment/delete.mdx +90 -0
  333. package/.docs/organized/docs/reference/fga/role-assignment/index.mdx +106 -0
  334. package/.docs/organized/docs/reference/fga/role-assignment/list.mdx +86 -0
  335. package/.docs/organized/docs/reference/index.mdx +21 -12
  336. package/.docs/organized/docs/reference/magic-link/passwordless-session/index.mdx +1 -1
  337. package/.docs/organized/docs/reference/mfa/{challenge-factor.mdx → challenge/create.mdx} +1 -1
  338. package/.docs/organized/docs/reference/mfa/{authentication-challenge.mdx → challenge/index.mdx} +11 -14
  339. package/.docs/organized/docs/reference/mfa/{verify-challenge.mdx → challenge/verify.mdx} +10 -12
  340. package/.docs/organized/docs/reference/mfa/{delete-factor.mdx → factor/delete.mdx} +1 -1
  341. package/.docs/organized/docs/reference/mfa/{enroll-factor.mdx → factor/enroll.mdx} +1 -1
  342. package/.docs/organized/docs/reference/mfa/{get-factor.mdx → factor/get.mdx} +1 -1
  343. package/.docs/organized/docs/reference/mfa/{authentication-factor.mdx → factor/index.mdx} +11 -12
  344. package/.docs/organized/docs/reference/organization/create.mdx +1 -6
  345. package/.docs/organized/docs/reference/organization/get-by-external-id.mdx +1 -1
  346. package/.docs/organized/docs/reference/organization/index.mdx +5 -5
  347. package/.docs/organized/docs/reference/organization/update.mdx +1 -1
  348. package/.docs/organized/docs/reference/{pagination.mdx → pagination/index.mdx} +1 -3
  349. package/.docs/organized/docs/reference/pipes/access-token/get.mdx +174 -0
  350. package/.docs/organized/docs/reference/pipes/access-token/index.mdx +44 -0
  351. package/.docs/organized/docs/reference/pipes/connected-account/delete.mdx +42 -0
  352. package/.docs/organized/docs/reference/pipes/connected-account/get-authorize-url.mdx +49 -0
  353. package/.docs/organized/docs/reference/pipes/connected-account/get.mdx +42 -0
  354. package/.docs/organized/docs/reference/pipes/connected-account/index.mdx +69 -0
  355. package/.docs/organized/docs/reference/pipes/index.mdx +8 -0
  356. package/.docs/organized/docs/reference/pipes/provider/index.mdx +70 -0
  357. package/.docs/organized/docs/reference/pipes/provider/list.mdx +47 -0
  358. package/.docs/organized/docs/reference/radar/attempts/index.mdx +1 -1
  359. package/.docs/organized/docs/reference/radar/lists/index.mdx +1 -1
  360. package/.docs/organized/docs/reference/rate-limits/index.mdx +56 -0
  361. package/.docs/organized/docs/reference/roles/index.mdx +12 -262
  362. package/.docs/organized/docs/reference/roles/organization-role/add-permission.mdx +75 -0
  363. package/.docs/organized/docs/reference/roles/organization-role/create.mdx +95 -0
  364. package/.docs/organized/docs/reference/roles/organization-role/delete.mdx +47 -0
  365. package/.docs/organized/docs/reference/roles/organization-role/get.mdx +55 -0
  366. package/.docs/organized/docs/reference/roles/organization-role/index.mdx +148 -0
  367. package/.docs/organized/docs/reference/roles/organization-role/list.mdx +68 -0
  368. package/.docs/organized/docs/reference/roles/organization-role/remove-permission.mdx +68 -0
  369. package/.docs/organized/docs/reference/roles/organization-role/set-permissions.mdx +79 -0
  370. package/.docs/organized/docs/reference/roles/organization-role/update.mdx +85 -0
  371. package/.docs/organized/docs/reference/roles/permission/create.mdx +101 -0
  372. package/.docs/organized/docs/reference/roles/permission/delete.mdx +38 -0
  373. package/.docs/organized/docs/reference/roles/permission/get.mdx +45 -0
  374. package/.docs/organized/docs/reference/roles/permission/index.mdx +128 -0
  375. package/.docs/organized/docs/reference/roles/permission/list.mdx +91 -0
  376. package/.docs/organized/docs/reference/roles/permission/update.mdx +80 -0
  377. package/.docs/organized/docs/reference/roles/role/add-permission.mdx +63 -0
  378. package/.docs/organized/docs/reference/roles/role/create.mdx +103 -0
  379. package/.docs/organized/docs/reference/roles/role/get.mdx +52 -0
  380. package/.docs/organized/docs/reference/roles/role/index.mdx +135 -0
  381. package/.docs/organized/docs/reference/roles/role/list.mdx +56 -0
  382. package/.docs/organized/docs/reference/roles/role/set-permissions.mdx +67 -0
  383. package/.docs/organized/docs/reference/roles/role/update.mdx +78 -0
  384. package/.docs/organized/docs/reference/sso/connection/index.mdx +2 -2
  385. package/.docs/organized/docs/reference/sso/get-authorization-url/error-codes.mdx +5 -3
  386. package/.docs/organized/docs/reference/sso/get-authorization-url/index.mdx +24 -2
  387. package/.docs/organized/docs/reference/sso/get-authorization-url/redirect-uri.mdx +25 -1
  388. package/.docs/organized/docs/reference/sso/index.mdx +1 -1
  389. package/.docs/organized/docs/reference/sso/logout/authorize.mdx +0 -1
  390. package/.docs/organized/docs/reference/sso/logout/index.mdx +1 -2
  391. package/.docs/organized/docs/reference/sso/logout/redirect.mdx +0 -1
  392. package/.docs/organized/docs/reference/sso/profile/get-profile-and-token.mdx +13 -1
  393. package/.docs/organized/docs/reference/sso/profile/index.mdx +25 -24
  394. package/.docs/organized/docs/reference/{testing.mdx → testing/index.mdx} +1 -1
  395. package/.docs/organized/docs/reference/vault/key/create-data-key.mdx +29 -0
  396. package/.docs/organized/docs/reference/vault/key/decrypt-data-key.mdx +20 -0
  397. package/.docs/organized/docs/reference/vault/key/decrypt-data.mdx +24 -0
  398. package/.docs/organized/docs/reference/vault/key/encrypt-data.mdx +20 -0
  399. package/.docs/organized/docs/reference/vault/object/create.mdx +17 -0
  400. package/.docs/organized/docs/reference/vault/object/delete.mdx +12 -0
  401. package/.docs/organized/docs/reference/vault/object/get-by-name.mdx +61 -0
  402. package/.docs/organized/docs/reference/vault/object/get.mdx +11 -0
  403. package/.docs/organized/docs/reference/vault/object/index.mdx +50 -4
  404. package/.docs/organized/docs/reference/vault/object/list.mdx +40 -1
  405. package/.docs/organized/docs/reference/vault/object/update.mdx +18 -0
  406. package/.docs/organized/docs/reference/vault/object/version.mdx +15 -2
  407. package/.docs/organized/docs/reference/vault/object/versions.mdx +13 -0
  408. package/.docs/organized/docs/reference/widgets/get-token.mdx +8 -5
  409. package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/create.mdx +55 -0
  410. package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/delete.mdx +28 -0
  411. package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/index.mdx +60 -0
  412. package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/list.mdx +52 -0
  413. package/.docs/organized/docs/reference/workos-connect/applications/create.mdx +79 -0
  414. package/.docs/organized/docs/reference/workos-connect/applications/delete.mdx +28 -0
  415. package/.docs/organized/docs/reference/workos-connect/applications/get.mdx +59 -0
  416. package/.docs/organized/docs/reference/workos-connect/applications/index.mdx +40 -0
  417. package/.docs/organized/docs/reference/workos-connect/applications/list.mdx +49 -0
  418. package/.docs/organized/docs/reference/workos-connect/applications/m2m.mdx +52 -0
  419. package/.docs/organized/docs/reference/workos-connect/applications/oauth.mdx +85 -0
  420. package/.docs/organized/docs/reference/workos-connect/applications/update.mdx +59 -0
  421. package/.docs/organized/docs/reference/workos-connect/authorize/index.mdx +29 -1
  422. package/.docs/organized/docs/reference/workos-connect/cli-auth/authorize-device/index.mdx +81 -0
  423. package/.docs/organized/docs/reference/workos-connect/cli-auth/device-code-grant.mdx +74 -0
  424. package/.docs/organized/docs/reference/workos-connect/cli-auth/index.mdx +23 -0
  425. package/.docs/organized/docs/reference/workos-connect/index.mdx +1 -1
  426. package/.docs/organized/docs/reference/workos-connect/introspection/index.mdx +8 -3
  427. package/.docs/organized/docs/reference/workos-connect/metadata/index.mdx +1 -1
  428. package/.docs/organized/docs/reference/workos-connect/metadata/oauth-authorization-server/index.mdx +1 -1
  429. package/.docs/organized/docs/reference/workos-connect/standalone/complete.mdx +68 -0
  430. package/.docs/organized/docs/reference/workos-connect/standalone/index.mdx +9 -0
  431. package/.docs/organized/docs/reference/workos-connect/standalone/user-consent-options.mdx +41 -0
  432. package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/access-token.mdx +6 -0
  433. package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/id-token.mdx +1 -1
  434. package/.docs/organized/docs/reference/workos-connect/token/{authorization-code-grant/index.mdx → authorization-code-grant.mdx} +23 -2
  435. package/.docs/organized/docs/reference/workos-connect/token/client-credentials-grant/access-token.mdx +1 -1
  436. package/.docs/organized/docs/reference/workos-connect/token/{client-credentials-grant/index.mdx → client-credentials-grant.mdx} +2 -2
  437. package/.docs/organized/docs/reference/workos-connect/token/index.mdx +5 -4
  438. package/.docs/organized/docs/reference/workos-connect/token/refresh-token-grant.mdx +1 -1
  439. package/.docs/organized/docs/reference/workos-connect/userinfo/index.mdx +2 -2
  440. package/.docs/organized/docs/sdks/authkit-js.mdx +14 -0
  441. package/.docs/organized/docs/sdks/authkit-nextjs.mdx +14 -0
  442. package/.docs/organized/docs/sdks/authkit-react-router.mdx +14 -0
  443. package/.docs/organized/docs/sdks/authkit-react.mdx +14 -0
  444. package/.docs/organized/docs/sdks/authkit-remix.mdx +14 -0
  445. package/.docs/organized/docs/sdks/authkit-tanstack-start.mdx +14 -0
  446. package/.docs/organized/docs/sso/_navigation.mdx +8 -2
  447. package/.docs/organized/docs/sso/attributes.mdx +15 -3
  448. package/.docs/organized/docs/sso/domains.mdx +8 -6
  449. package/.docs/organized/docs/sso/example-apps.mdx +2 -2
  450. package/.docs/organized/docs/sso/identity-provider-role-assignment.mdx +30 -30
  451. package/.docs/organized/docs/sso/index.mdx +7 -6
  452. package/.docs/organized/docs/sso/it-team-faq.mdx +1 -1
  453. package/.docs/organized/docs/sso/jit-provisioning.mdx +2 -3
  454. package/.docs/organized/docs/sso/launch-checklist.mdx +2 -2
  455. package/.docs/organized/docs/sso/login-flows.mdx +3 -3
  456. package/.docs/organized/docs/sso/redirect-uris.mdx +22 -11
  457. package/.docs/organized/docs/sso/saml-security.mdx +1 -1
  458. package/.docs/organized/docs/sso/sign-in-consent.mdx +59 -0
  459. package/.docs/organized/docs/sso/signing-certificates.mdx +7 -7
  460. package/.docs/organized/docs/sso/single-logout.mdx +0 -1
  461. package/.docs/organized/docs/sso/ux/sessions.mdx +99 -0
  462. package/.docs/organized/docs/sso/ux/sign-in.mdx +1 -1
  463. package/.docs/organized/docs/vault/_navigation.mdx +2 -0
  464. package/.docs/organized/docs/vault/byok.mdx +140 -0
  465. package/.docs/organized/docs/vault/index.mdx +1 -1
  466. package/.docs/organized/docs/widgets/_navigation.mdx +48 -0
  467. package/.docs/organized/docs/widgets/admin-portal-domain-verification.mdx +24 -0
  468. package/.docs/organized/docs/widgets/admin-portal-sso-connection.mdx +20 -0
  469. package/.docs/organized/docs/widgets/api-keys.mdx +28 -0
  470. package/.docs/organized/docs/widgets/audit-log-streaming.mdx +25 -0
  471. package/.docs/organized/docs/widgets/directory-sync.mdx +23 -0
  472. package/.docs/organized/docs/widgets/index.mdx +12 -0
  473. package/.docs/organized/docs/widgets/localization.mdx +111 -0
  474. package/.docs/organized/docs/widgets/organization-switcher.mdx +47 -0
  475. package/.docs/organized/docs/widgets/pipes.mdx +27 -0
  476. package/.docs/organized/docs/widgets/quick-start.mdx +38 -0
  477. package/.docs/organized/docs/widgets/styling/css-customization.mdx +100 -0
  478. package/.docs/organized/docs/widgets/styling/index.mdx +29 -0
  479. package/.docs/organized/docs/widgets/styling/theme-customization.mdx +51 -0
  480. package/.docs/organized/docs/widgets/tokens.mdx +17 -0
  481. package/.docs/organized/docs/widgets/user-management.mdx +28 -0
  482. package/.docs/organized/docs/widgets/user-profile.mdx +30 -0
  483. package/.docs/organized/docs/widgets/user-security.mdx +31 -0
  484. package/.docs/organized/docs/widgets/user-sessions.mdx +26 -0
  485. package/LICENSE +21 -0
  486. package/README.md +14 -1
  487. package/dist/prepare.js +1 -1
  488. package/dist/prepare.js.map +1 -1
  489. package/package.json +2 -1
  490. package/.docs/organized/docs/dashboard.mdx +0 -244
  491. package/.docs/organized/docs/demo/_navigation.mdx +0 -26
  492. package/.docs/organized/docs/demo/accordion.mdx +0 -34
  493. package/.docs/organized/docs/demo/checklist.mdx +0 -33
  494. package/.docs/organized/docs/demo/code-block.mdx +0 -185
  495. package/.docs/organized/docs/demo/definition-list.mdx +0 -35
  496. package/.docs/organized/docs/demo/index.mdx +0 -7
  497. package/.docs/organized/docs/demo/punctuation.mdx +0 -37
  498. package/.docs/organized/docs/demo/replacements.mdx +0 -26
  499. package/.docs/organized/docs/demo/table.mdx +0 -26
  500. package/.docs/organized/docs/demo/tabs.mdx +0 -17
  501. package/.docs/organized/docs/fga/identity-provider-sessions.mdx +0 -68
  502. package/.docs/organized/docs/fga/local-development.mdx +0 -155
  503. package/.docs/organized/docs/fga/modeling/abac.mdx +0 -107
  504. package/.docs/organized/docs/fga/modeling/blocklist.mdx +0 -84
  505. package/.docs/organized/docs/fga/modeling/conditional-roles.mdx +0 -99
  506. package/.docs/organized/docs/fga/modeling/custom-roles.mdx +0 -90
  507. package/.docs/organized/docs/fga/modeling/entitlements.mdx +0 -127
  508. package/.docs/organized/docs/fga/modeling/managed-service-provider.mdx +0 -131
  509. package/.docs/organized/docs/fga/modeling/org-roles-and-permissions.mdx +0 -95
  510. package/.docs/organized/docs/fga/modeling/policy-context.mdx +0 -231
  511. package/.docs/organized/docs/fga/modeling/public-access.mdx +0 -61
  512. package/.docs/organized/docs/fga/modeling/shareable-content.mdx +0 -106
  513. package/.docs/organized/docs/fga/modeling/superusers.mdx +0 -74
  514. package/.docs/organized/docs/fga/modeling/user-groups.mdx +0 -92
  515. package/.docs/organized/docs/fga/operations-usage.mdx +0 -104
  516. package/.docs/organized/docs/fga/playground.mdx +0 -12
  517. package/.docs/organized/docs/fga/policies.mdx +0 -462
  518. package/.docs/organized/docs/fga/query-language.mdx +0 -112
  519. package/.docs/organized/docs/fga/schema-management.mdx +0 -224
  520. package/.docs/organized/docs/fga/schema.mdx +0 -388
  521. package/.docs/organized/docs/fga/warrant-tokens.mdx +0 -44
  522. package/.docs/organized/docs/fga/warrants.mdx +0 -92
  523. package/.docs/organized/docs/reference/fga/batch-check.mdx +0 -277
  524. package/.docs/organized/docs/reference/fga/check.mdx +0 -563
  525. package/.docs/organized/docs/reference/fga/policy/create.mdx +0 -27
  526. package/.docs/organized/docs/reference/fga/policy/delete.mdx +0 -18
  527. package/.docs/organized/docs/reference/fga/policy/get.mdx +0 -23
  528. package/.docs/organized/docs/reference/fga/policy/index.mdx +0 -52
  529. package/.docs/organized/docs/reference/fga/policy/list.mdx +0 -41
  530. package/.docs/organized/docs/reference/fga/policy/update.mdx +0 -26
  531. package/.docs/organized/docs/reference/fga/query.mdx +0 -375
  532. package/.docs/organized/docs/reference/fga/resource/batch-write.mdx +0 -175
  533. package/.docs/organized/docs/reference/fga/resource-type/apply.mdx +0 -35
  534. package/.docs/organized/docs/reference/fga/resource-type/create.mdx +0 -24
  535. package/.docs/organized/docs/reference/fga/resource-type/delete.mdx +0 -22
  536. package/.docs/organized/docs/reference/fga/resource-type/get.mdx +0 -23
  537. package/.docs/organized/docs/reference/fga/resource-type/index.mdx +0 -68
  538. package/.docs/organized/docs/reference/fga/resource-type/list.mdx +0 -36
  539. package/.docs/organized/docs/reference/fga/resource-type/update.mdx +0 -23
  540. package/.docs/organized/docs/reference/fga/schema/apply.mdx +0 -42
  541. package/.docs/organized/docs/reference/fga/schema/get.mdx +0 -24
  542. package/.docs/organized/docs/reference/fga/schema/index.mdx +0 -39
  543. package/.docs/organized/docs/reference/fga/warrant/batch-write.mdx +0 -226
  544. package/.docs/organized/docs/reference/fga/warrant/create.mdx +0 -215
  545. package/.docs/organized/docs/reference/fga/warrant/delete.mdx +0 -212
  546. package/.docs/organized/docs/reference/fga/warrant/index.mdx +0 -186
  547. package/.docs/organized/docs/reference/fga/warrant/list.mdx +0 -282
  548. package/.docs/organized/docs/reference/idempotency.mdx +0 -21
  549. package/.docs/organized/docs/reference/organization-domain.mdx +0 -189
  550. package/.docs/organized/docs/reference/rate-limits.mdx +0 -50
  551. package/.docs/organized/docs/reference/roles/list-for-organization.mdx +0 -152
  552. package/.docs/organized/docs/reference/user-management/access-token/index.mdx +0 -13
  553. package/.docs/organized/docs/reference/user-management/authentication/get-authorization-url/redirect-uri.mdx +0 -23
  554. package/.docs/organized/docs/reference/user-management/index.mdx +0 -13
  555. package/.docs/organized/docs/reference/user-management/mfa/index.mdx +0 -5
  556. package/.docs/organized/docs/reference/user-management/session-tokens/index.mdx +0 -5
  557. package/.docs/organized/docs/reference/user-management/session-tokens/refresh-token.mdx +0 -8
  558. package/.docs/organized/docs/user-management/_navigation.mdx +0 -87
  559. package/.docs/organized/docs/user-management/authkit.mdx +0 -69
  560. package/.docs/organized/docs/user-management/connect.mdx +0 -110
  561. package/.docs/organized/docs/user-management/directory-provisioning.mdx +0 -78
  562. package/.docs/organized/docs/user-management/email-verification.mdx +0 -29
  563. package/.docs/organized/docs/user-management/entitlements.mdx +0 -46
  564. package/.docs/organized/docs/user-management/jit-provisioning.mdx +0 -36
  565. package/.docs/organized/docs/user-management/overview.mdx +0 -46
  566. package/.docs/organized/docs/user-management/roles-and-permissions.mdx +0 -155
  567. package/.docs/organized/docs/user-management/users-organizations.mdx +0 -91
  568. package/.docs/organized/docs/user-management/widgets.mdx +0 -190
package/.docs/organized/docs/pipes/index.mdx ADDED
@@ -0,0 +1,75 @@
1
+ ---
2
+ title: Pipes
3
+ description: >-
4
+ Enable your customers to connect their third-party accounts to your
5
+ application.
6
+ showNextPage: true
7
+ originalPath: .tmp-workos-clone/packages/docs/content/authkit/pipes.mdx
8
+ ---
9
+
10
+ ## Introduction
11
+
12
+ Pipes allows your users to securely connect their third-party accounts to your
13
+ application. With Pipes, you can easily integrate with popular services like
14
+ GitHub, Slack, Google, Salesforce, and many more without managing OAuth flows,
15
+ token refresh logic, or credential storage.
16
+
17
+ ## Configuring providers
18
+
19
+ To make an provider available to your users, you will need to configure it in
20
+ the WorkOS Dashboard.
21
+
22
+ Visit the _Pipes_ section of the WorkOS Dashboard to get started. Click _Connect
23
+ provider_ then choose the provider from the list. If you don’t see the provider
24
+ you need, please reach out to [our team](mailto:support@workos.com).
25
+
26
+ ![A screenshot of a GitHub provider being configured via the Pipes page in the WorkOS Dashboard](https://images.workoscdn.com/images/88a1f135-53ba-4d26-92ef-6c61e924e178.png?auto=format&fit=clip&q=50)
27
+
28
+ ### Shared Credentials
29
+
30
+ For the fastest setup, you can use WorkOS-managed shared credentials in sandbox
31
+ environments. This allows users to connect immediately without requiring you to
32
+ create OAuth applications with each provider.
33
+
34
+ 1. Specify the required **scopes** for your application.
35
+ 2. Provide an optional **description**. This will be used in the widget to inform users
36
+ on how your application will use their data from the provider.
37
+
38
+ ### Custom Credentials
39
+
40
+ For production applications, configure the provider with your own OAuth credentials:
41
+
42
+ 1. **Create an OAuth application** within the provider's dashboard.
43
+ 1. You can find instructions on setting up the provider in the documentation section of the setup modal.
44
+ 1. Use the provided **redirect URI** when configuring the provider.
45
+ 1. Set the **client ID and secret** from the provider.
46
+ 1. Specify the required **scopes** for your application.
47
+ 1. You may need to set these scopes in the provider configuration as well.
48
+ 1. Provide an optional **description**. This will be used in the widget to inform users
49
+ on how your application will use their data from the provider.
50
+
51
+ Commonly used scopes are provided in-line, but you should consult each provider's documentation for the full list of available scopes.
52
+
53
+ ## Provider management in your application
54
+
55
+ The [Pipes Widget](/widgets/pipes) provides a pre-built UI for users to connect
56
+ and manage their connected accounts. The widget shows the user which
57
+ providers are available, and lets them easily initiate the authorization
58
+ flow. It communicates with the WorkOS API and stores the connection information
59
+ for the user. If there's ever a problem with the user’s access token, the widget
60
+ will let them know they need to reauthorize.
61
+
62
+ ![Pipes widget screenshot](https://images.workoscdn.com/images/e84a33bb-0510-4d85-9041-33b1a0ce938c.png?auto=format&fit=clip&q=50)
63
+
64
+ > The description in the widget is set in the provider's configuration in the WorkOS Dashboard.
65
+
66
+ ## Fetching access tokens
67
+
68
+ Once a user has connected a provider, you can [fetch access tokens](/reference/pipes) from your
69
+ backend to make API calls to the connected service on their behalf. Pipes takes
70
+ care of refreshing the token if needed, so you’ll always have a fresh token. If
71
+ there’s a problem with the token, the endpoint will return information about the issue so you can
72
+ direct the user to the correct it. This may require sending the user to re-authorize directly
73
+ or via the page with the Pipes widget.
74
+
75
+ <CodeBlock file="pipes-fetch-token" />
package/.docs/organized/docs/pipes/providers.mdx ADDED
@@ -0,0 +1,9 @@
1
+ ---
2
+ title: Providers
3
+ description: Explore the third-party providers available for Pipes integrations.
4
+ originalPath: .tmp-workos-clone/packages/docs/content/pipes/providers.mdx
5
+ ---
6
+
7
+ Configure providers and find setup instructions in the [dashboard](https://dashboard.workos.com/environment/pipes).
8
+
9
+ <PipesProvidersTable />
package/.docs/organized/docs/rbac/_navigation.mdx ADDED
@@ -0,0 +1,16 @@
1
+ ---
2
+ title: RBAC
3
+ links:
4
+ - title: Overview
5
+ url: /rbac
6
+ - title: Configuration
7
+ url: /rbac/configuration
8
+ - title: Integration
9
+ url: /rbac/integration
10
+ - title: Organization Roles
11
+ url: /rbac/organization-roles
12
+ - title: IdP Role Assignment
13
+ url: /rbac/idp-role-assignment
14
+ originalPath: .tmp-workos-clone/packages/docs/content/rbac/_navigation.mdx
15
+ ---
16
+
package/.docs/organized/docs/rbac/configuration.mdx ADDED
@@ -0,0 +1,80 @@
1
+ ---
2
+ title: Configuration
3
+ description: Configure roles and permissions
4
+ showNextPage: true
5
+ originalPath: .tmp-workos-clone/packages/docs/content/rbac/configuration.mdx
6
+ ---
7
+
8
+ ## Overview
9
+
10
+ A role represents a logical grouping of permissions, defining access control levels for users within your application. Roles are identified by unique, immutable slugs and are assigned to users via [organization memberships](/authkit/users-organizations/organizations). Role assignments can be sourced manually or from Identity Provider (IdP) group mappings (SSO or Directory Sync).
11
+
12
+ Permissions grant users privileged access to resources and actions in your application and are referenced in your code by unique, immutable slugs. A permission can be assigned to any number of roles.
13
+
14
+ > Role and permission configuration applies to [all integrations](/rbac/integration).
15
+
16
+ ---
17
+
18
+ ## Configure roles
19
+
20
+ Roles alone can be sufficient when your application only requires very coarse-grained access control. This is suitable if users only need to be separated into broad categories and there is minimal overlap between roles. Simple roles can be easier to manage, but are less flexible for complex access control scenarios.
21
+
22
+ ![Roles section WorkOS Dashboard](https://images.workoscdn.com/images/09c8fb23-5748-4236-914e-79849ac03a9a.png?auto=format&fit=clip&q=50)
23
+
24
+ You can manage roles in the _Authorization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/environment/authorization/) or using the [Roles API](/reference/roles).
25
+
26
+ Role slugs are immutable and cannot be changed after creation. Environment role slugs are unique within an environment. [Organization role](/rbac/organization-roles) slugs are unique within an organization.
27
+
28
+ ### Default role
29
+
30
+ Role configuration occurs at the environment level. Each environment is seeded with a default `member` role, which is automatically assigned to every organization member. This default role cannot be deleted, but any role can be set as the default.
31
+
32
+ If you need to set default roles or other role configurations at the organization level, refer to the [Organization roles](/authkit/roles-and-permissions/organization-roles) section.
33
+
34
+ ### Multiple roles
35
+
36
+ All [integrations](/rbac/integration) support multiple roles across directory users, SSO profiles, and organization memberships. For any user, if role(s) are not explicit set, they will receive the default role.
37
+
38
+ Multiple roles is disabled by default. To manage this setting, open the [Authorization](https://dashboard.workos.com/environment/authorization/configuration) configuration page and scroll to the _Multiple Roles_ section.
39
+
40
+ > Multiple roles is an **environment-level** setting and applies to all organizations in that environment.
41
+
42
+ ### Priority order
43
+
44
+ Role priority order is used for [IdP role assignment](/rbac/idp-role-assignment) to resolve conflicts when a user belongs to multiple mapped groups. The highest-priority role wins. Priority order also determines which role will be assigned to users when migrating from a multiple roles to single role configuration in the environment.
45
+
46
+ ### Delete roles
47
+
48
+ When roles are deleted:
49
+
50
+ - **Single-role (default):** All affected organization memberships, SSO profiles, and directory users are reassigned to the **default role**.
51
+ - **Multiple-roles:** The deleted role is **removed** from each organization membership that has it, any other roles on the membership remain intact.
52
+
53
+ Deletion is asynchronous, so updates may take a moment to propagate.
54
+
55
+ > **Tip:** To migrate from one default role to another, set the new default, then delete the old one—users will be reassigned automatically.
56
+
57
+ ---
58
+
59
+ ## Configure permissions
60
+
61
+ Permissions allow for more detailed and flexible management of access. They are particularly useful when:
62
+
63
+ - You anticipate the need to frequently modify access rights or introduce new roles.
64
+ - There is significant overlap in access rights between different roles, but with some variations.
65
+ - You want to minimize code changes when modifying access rights. By abstracting access control checks to permissions, you can add or modify roles and their access rights without changing the application code.
66
+
67
+ ### Create permissions
68
+
69
+ You can manage permissions in the _Authorization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/environment/authorization/permissions) or using the [Permissions API](/reference/roles/permission).
70
+
71
+ When configuring permissions, we recommend:
72
+
73
+ - Defining a common naming scheme to use across all permissions for your application. Consider separating the resource and action with a delimiter, such as `users:view`. The following delimiters are permitted: `-.:_*`.
74
+ - Keep permission slugs clear and concise. When assigned to roles, these slugs will included as part of session cookies in the [session JWT claims](/authkit/sessions/integrating-sessions/access-token), which is limited to a maximum size of 4KB in many modern web browsers.
75
+
76
+ ### Assign permissions to roles
77
+
78
+ Permissions can be assigned when creating a new role or when editing an existing role.
79
+
80
+ ![Assign permissions to a role](https://images.workoscdn.com/images/f6fd6d9a-a7b0-4df7-908b-b657e669a3dc.png?auto=format&fit=clip&q=50)
package/.docs/organized/docs/rbac/idp-role-assignment.mdx ADDED
@@ -0,0 +1,79 @@
1
+ ---
2
+ title: IdP Role Assignment
3
+ description: Map identity provider groups to roles to automatically assign roles to users
4
+ showNextPage: true
5
+ originalPath: .tmp-workos-clone/packages/docs/content/rbac/idp-role-assignment.mdx
6
+ ---
7
+
8
+ ## Overview
9
+
10
+ Identity Provider (IdP) role assignment is the process of mapping identity provider groups to roles to automatically assign roles to users.
11
+
12
+ Users are assigned to groups via the identity provider. Groups usually correspond to roles in your app. Therefore, IT admins will often map a group one-to-one to a role. This can be defined within the WorkOS dashboard or Admin Portal for your application to receive automatic role updates.
13
+
14
+ ## Role assignment sources
15
+
16
+ ### Directory Sync
17
+
18
+ Roles can be assigned from the identity provider via Directory Sync through [directory group role assignment](/directory-sync/identity-provider-role-assignment/directory-group-role-assignment). Admins can map groups to roles in the Admin Portal during SCIM and Google Workspace directory setup.
19
+ You can also manage these assignments in the [WorkOS Dashboard](https://dashboard.workos.com/).
20
+
21
+ Enterprise organizations typically use SSO to manage user authentication and SCIM (Directory Sync) for user lifecycle management.
22
+ While access management can be automated through either SSO or SCIM, SCIM is generally the preferred option due to its real-time synchronization capabilities.
23
+
24
+ ### SSO
25
+
26
+ Roles can be assigned from the identity provider via SSO through [SSO group role assignment](/sso/identity-provider-role-assignment/sso-group-role-assignment). Admins can map groups to roles in the Admin Portal during SSO connection setup.
27
+ You can also manage these assignments in the [WorkOS Dashboard](https://dashboard.workos.com/). SSO group role assignment is supported in both SAML and OIDC-based connection types, except for Google OIDC due to [a limitation](https://issuetracker.google.com/issues/133774835?pli=1) with the groups claim.
28
+
29
+ A key limitation of SSO-based role assignment is that changes made in the identity provider (IdP) only take effect after the user re-authenticates. In contrast, SCIM propagates changes immediately without requiring user interaction, enabling applications to revoke sessions and enforce access updates in real time.
30
+
31
+ > If your organization has a directory connection configured, it is recommended to use the [directory for role assignment](/directory-sync/identity-provider-role-assignment/directory-group-role-assignment).
32
+
33
+ ## AuthKit integration
34
+
35
+ If you are [integrating with AuthKit](/authkit/roles-and-permissions/role-assignment), our full user management solution, roles are automatically assigned to the appropriate [organization membership](/reference/authkit/organization-membership). These roles are also reflected in the [user’s session token](/authkit/sessions/integrating-sessions/access-token), ensuring consistent access control across your application.
36
+
37
+ When using SSO group role assignment, roles are populated on the organization membership through SSO groups, allowing role assignment based on your customer’s identity provider configuration each time a user authenticates.
38
+
39
+ When using Directory Sync group role assignment, roles are populated on the organization membership through [directory provisioning](/authkit/directory-provisioning), allowing for seamless, real-time role assignment based on your customer’s identity provider configuration.
40
+
41
+ ## Priority order
42
+
43
+ If a user is provisioned from multiple groups with conflicting roles, the role with the highest priority will be assigned. If using multiple roles, priority order should be ignored.
44
+
45
+ ![Edit role priority dialog](https://images.workoscdn.com/images/3c6946c2-4ff1-41e4-b10f-568339dc3a2b.png?auto=format&fit=clip&q=50)
46
+
47
+ ## Multiple roles
48
+
49
+ When [multiple roles is enabled](/rbac/configuration/configure-roles/multiple-roles), users can receive multiple roles through identity provider group memberships. This applies to both [SSO group role assignment](/sso/identity-provider-role-assignment) and [Directory Sync group role assignment](/directory-sync/identity-provider-role-assignment).
50
+
51
+ ### How multiple roles work with IdP assignment
52
+
53
+ - **All applicable roles assigned**: Users receive all roles from groups they belong to that have explicit role mappings
54
+ - **Union of permissions**: Users get the combined permissions from all assigned roles
55
+ - **Priority order ignored**: When multiple roles are enabled, priority order is not used since users receive all applicable roles
56
+ - **Minimum one role**: Every user must have at least one role - if no groups have explicit mappings, the user receives the [default role](/rbac/configuration)
57
+
58
+ ### Example scenario
59
+
60
+ If a user is a member of both "Engineering" and "Design" groups in their identity provider:
61
+
62
+ - **Single role mode**: User receives the highest priority role (e.g., "Engineering")
63
+ - **Multiple roles mode**: User receives both "Engineering" and "Designer" roles
64
+
65
+ This prevents "role explosion" where you would otherwise need to create hybrid roles like "designer-engineer" for every possible combination.
66
+
67
+ ## Explicit vs. default role assignments
68
+
69
+ Explicit role assignments are created by manually mapping an IdP group to a role in the WorkOS Admin Portal or Dashboard.
70
+
71
+ Default role assignments are created for any IdP group that does not have an explicit role mapping. Default group role assignments are always mapped to the configured [default role](/rbac/configuration/configure-roles/default-role).
72
+
73
+ ## Role assignment in Admin Portal
74
+
75
+ You can choose to show or hide the role assignment step in Admin Portal, and whether to show the steps for Directory Sync or SSO at an environment level on the _Authorization_ page in the [WorkOS Dashboard](https://dashboard.workos.com/).
76
+
77
+ ![Role assignment in Admin Portal dialog](https://images.workoscdn.com/images/fe19e3ac-6370-404e-9590-cdb06b3de127.png?auto=format&fit=clip&q=50)
78
+
79
+ For your customers that may have a different setup, you can override the role assignment in Admin Portal setting per-organization, on the _Roles_ tab of the organization page in the [WorkOS Dashboard](https://dashboard.workos.com/). For example, if most customers use Directory Sync but a few only use SSO, select "Directory groups" role assignment at the environment level, and select "Single Sign-On groups" at the organization level for the exceptions.
package/.docs/organized/docs/rbac/index.mdx ADDED
@@ -0,0 +1,24 @@
1
+ ---
2
+ title: Role-Based Access Control (RBAC)
3
+ description: Assign roles and manage access for users and organizations
4
+ showNextPage: true
5
+ originalPath: .tmp-workos-clone/packages/docs/content/rbac/index.mdx
6
+ ---
7
+
8
+ ## Introduction
9
+
10
+ WorkOS Role-Based Access Control (RBAC) is an authorization system designed for managing access to applications using a flexible roles and permissions model. With WorkOS RBAC, teams can also define custom roles at the organization or tenant level, assign permissions to those roles, and enforce access policies at scale. RBAC also supports role assignment from identity provider (IdP) groups, making it easy to integrate with Single Sign-On (SSO) and Directory Sync workflows for seamless, enterprise-ready access control.
11
+
12
+ ## Key features
13
+
14
+ - Fully managed authorization service for defining and enforcing access controls across your application
15
+ - Configure roles, permissions, and organization-level roles directly in the [WorkOS Dashboard](https://dashboard.workos.com) or using the [API](/reference/roles)
16
+ - Seamless integration with [AuthKit user management](/authkit) by assigning roles via API and enforcing access through session JWTs
17
+ - Support for enterprise features like organization-scoped roles and IdP role assignment via SSO and Directory Sync allowing your customers to automatically map roles from their identity provider to streamline enterprise onboarding
18
+ - Fully integrated with [WorkOS Widgets](/widgets), including role management through the User Management Widget
19
+
20
+ ## Additional resources
21
+
22
+ - [The developer's guide to RBAC](https://workos.com/guide/the-developers-guide-to-rbac)
23
+ - [8 Role-Based Access Control (RBAC) examples in action](https://workos.com/blog/role-based-access-control-example)
24
+ - [How to build RBAC with WorkOS and Node](https://workos.com/blog/rbac-with-workos-and-node)
package/.docs/organized/docs/rbac/integration.mdx ADDED
@@ -0,0 +1,59 @@
1
+ ---
2
+ title: Integrating Role-Based Access Control
3
+ description: Utilize Role-Based Access Control across WorkOS products
4
+ showNextPage: true
5
+ originalPath: .tmp-workos-clone/packages/docs/content/rbac/integration.mdx
6
+ ---
7
+
8
+ ## Configure roles and permissions
9
+
10
+ Before integrating with WorkOS Role-Based Access Control (RBAC), you’ll need to [configure roles and permissions](/rbac/configuration) for your application in the [WorkOS Dashboard](https://dashboard.workos.com/).
11
+
12
+ ---
13
+
14
+ ## Integrating with AuthKit
15
+
16
+ WorkOS RBAC seamlessly integrates with AuthKit to provide a complete user management solution. Using AuthKit, you can assign roles directly to organization memberships, source roles from your customer’s identity provider (IdP), and read roles and permissions directly from session JWTs.
17
+
18
+ ### Assigning roles
19
+
20
+ In AuthKit, users are associated with [organizations](/reference/organization) via [organization memberships](/reference/authkit/organization-membership). Each organization membership has role(s), which represents a user’s access level for that particular organization. Every organization membership is automatically assigned the [default role](/rbac/configuration/configure-roles/default-role) when added to an organization.
21
+
22
+ You can modify an organization membership’s role(s) via the [organization memberships API](/reference/authkit/organization-membership/create), [WorkOS Dashboard](https://dashboard.workos.com/), or via [IdP role assignment](/rbac/assignments/idp-role-assignment).
23
+
24
+ [IdP role assignment](/rbac/idp-role-assignment) will always take precedence over roles assigned via API or the WorkOS Dashboard. For [SSO group role assignment](/sso/identity-provider-role-assignment/sso-group-role-assignment), the organization membership role updates each time the user authenticates. For [directory group role assignment](/directory-sync/identity-provider-role-assignment/directory-group-role-assignment) via [directory provisioning](/authkit/directory-provisioning), the organization membership’s role updates each time we receive a directory event for the user.
25
+
26
+ ### Single vs. multiple roles
27
+
28
+ AuthKit, Directory Sync, and Single Sign-On all support both single and [multiple role](/authkit/roles-and-permissions/multiple-roles) paradigms. There are two ways to assign multiple roles:
29
+
30
+ - **Group-based assignment**: if a user is a member of multiple groups with role mappings, they will receive all the roles. This applies to directory users, SSO profiles, and organization memberships when using [directory](/authkit/directory-provisioning) or [SSO JIT provisioning](/authkit/jit-provisioning/sso-jit-provisioning) in AuthKit.
31
+ - **Manual assignment**: multiple roles can be assigned to [organization memberships](/reference/authkit/organization-membership) directly via the WorkOS Dashboard or [API](/reference/authkit/organization-membership/create).
32
+
33
+ Multiple roles helps to avoid needing to create roles for every possible combination of permissions e.g., designer-engineer. This model fits teams where users span functions or need additive, temporary access.
34
+
35
+ For most apps, start with **single-role** assignments for simplicity and predictability, and adopt multiple roles only when overlapping permission sets become common.
36
+
37
+ ### Using roles and permissions in your app
38
+
39
+ Read a user’s role(s) from their [organization membership](/reference/authkit/organization-membership) or from an [AuthKit session access token](/authkit/sessions/integrating-sessions/access-token).
40
+
41
+ ---
42
+
43
+ ## Integrating with Directory Sync
44
+
45
+ For [standalone Directory Sync](/directory-sync), organization administrators manage roles through [directory group role assignment](/directory-sync/identity-provider-role-assignment). Their assigned role defines the user’s access level for the particular [organization](/reference/organization) and is based on their directory group memberships.
46
+
47
+ All [directory users](/reference/directory-sync/directory-user) have assigned roles. If no role is explicitly assigned through directory group role assignment, the user receives the [default role](/rbac/configuration/configure-roles/default-role). Roles are granted to directory users in real-time, when we receive updates to their group memberships.
48
+
49
+ Role slugs are returned on [Directory User](/reference/directory-sync/directory-user) objects from the API. These can be used to assign a role to your internal user object.
50
+
51
+ ---
52
+
53
+ ## Integrating with Single Sign-On (SSO)
54
+
55
+ For [standalone SSO](/sso), organization administrators manage roles via [SSO group role assignment](/sso/identity-provider-role-assignment). Their assigned role defines the user’s access level for the particular [organization](/reference/organization).
56
+
57
+ All [SSO profiles](/reference/sso/profile) have assigned roles. If no role is explicitly assigned through SSO group role assignment, the user receives the [default role](/rbac/configuration/configure-roles/default-role). Roles are granted to SSO profiles when the user authenticates.
58
+
59
+ Role slugs are returned on [SSO Profile](/reference/sso/profile) objects from the API. These can be used to assign a role to your internal user object based on group memberships.
package/.docs/organized/docs/rbac/organization-roles.mdx ADDED
@@ -0,0 +1,38 @@
1
+ ---
2
+ title: Organization Roles
3
+ description: Create and manage custom organization-scoped roles
4
+ showNextPage: true
5
+ originalPath: .tmp-workos-clone/packages/docs/content/rbac/organization-roles.mdx
6
+ ---
7
+
8
+ ## Overview
9
+
10
+ Organization roles are custom roles scoped to a particular organization. They are managed via the _Roles_ tab under an organization in the [WorkOS Dashboard](https://dashboard.workos.com/) or using the [Organization Roles API](/reference/roles/organization-role). You can utilize organization roles regardless of whether you're integrating with AuthKit, SSO, or Directory Sync.
11
+
12
+ ![Roles tab for organization](https://images.workoscdn.com/images/5c09cd78-041f-4bb9-9e76-f7267106b22c.png?auto=format&fit=clip&q=50)
13
+
14
+ ### Why might I use organization roles?
15
+
16
+ In some cases, an application’s fixed set of roles may not meet the needs of certain organizations. For example, an organization may require a lesser privileged set of permissions for their members. Organization roles allow you to create custom roles, with the organization’s desired set of permissions, without affecting access control for other organizations.
17
+
18
+ ### Creating organization roles
19
+
20
+ By default, organizations have no custom organization roles and simply inherit the environment-level roles. You can create an organization role by clicking the "Create role" button on the organization's _Roles_ tab or using the [Organization Roles API](/reference/roles/organization-role/create). All organization role slugs are automatically prefixed with `org`.
21
+
22
+ ![Create an organization role](https://images.workoscdn.com/images/90f3f3c0-3c66-48b2-b962-04b34f30599e.png?auto=format&fit=clip&q=50)
23
+
24
+ ### Organization role configuration
25
+
26
+ Once you create the first role for an organization, that organization will have its own [default role](/authkit/roles-and-permissions/configure-roles-and-permissions/default-role) and [priority order](/authkit/roles-and-permissions/configure-roles-and-permissions/priority-order), independent from the environment.
27
+
28
+ New roles added to the environment will be available to the organization and placed at the bottom of the organization’s role priority order.
29
+
30
+ ### Using organization roles
31
+
32
+ Like environment-level roles, organization roles can be used in [role assignment](/authkit/roles-and-permissions/role-assignment), [sessions](/authkit/roles-and-permissions/role-aware-sessions), and the [organization membership API](/reference/authkit/organization-membership). No additional action is required to enable this behavior after creating organization roles.
33
+
34
+ ### Deleting an environment role
35
+
36
+ When attempting to delete an environment role that’s the default role for one or more organizations, you’ll be prompted to select a new default role for all affected organizations. Organization members previously assigned the deleted role will be assigned the new organization default role.
37
+
38
+ ![Select a replacement role](https://images.workoscdn.com/images/5e6f3e51-5de5-4bb1-a850-52b2196282b9.png?auto=format&fit=clip&q=50)
package/.docs/organized/docs/rbac/quick-start.mdx ADDED
@@ -0,0 +1,52 @@
1
+ ---
2
+ title: Quick Start
3
+ description: >-
4
+ Set up roles & permissions to model your authorization requirements. Then use
5
+ the SDK to make access checks from your application.
6
+ originalPath: .tmp-workos-clone/packages/docs/content/rbac/quick-start.mdx
7
+ ---
8
+
9
+ ## Before getting started
10
+
11
+ To get the most out of this guide, you should have:
12
+
13
+ - A [WorkOS account](https://dashboard.workos.com/)
14
+ - Your WorkOS [API Key](/glossary/api-key)
15
+
16
+ ## What you'll build
17
+
18
+ In this guide, we’ll implement role-based access control for a simple B2B video sharing SaaS application, where users can view and create videos, and elevated roles can manage other users’ roles and application settings.
19
+
20
+ We will:
21
+
22
+ 1. Map your application’s access management model to a set of roles
23
+ 2. Define permissions to control granular access to your application’s resources
24
+ 3. Associate permissions with roles, and configure default roles and priority order
25
+ 4. If using AuthKit, assign roles to organization memberships and determine access via the [session JWT](/reference/authkit/session-tokens)
26
+ 5. If using standalone SSO, access user roles through the [SSO Profile object](/reference/sso/profile)
27
+ 6. If using standalone Directory Sync, access user roles through the [Directory User object](/reference/directory-sync/directory-user)
28
+
29
+ ## API resource definitions
30
+
31
+ [Role](/reference/roles)
32
+ : Represents a logical grouping of access management rules.
33
+
34
+ ---
35
+
36
+ ## (1) Create roles
37
+
38
+ The first step to RBAC is to determine the application's access management hierarchy.
39
+
40
+ ---
41
+
42
+ ## (2) Create permissions
43
+
44
+ The first step to RBAC is to define
45
+
46
+ Get provider-specific instructions by selecting the directory provider you want to test:
47
+
48
+ ---
49
+
50
+ ## Summary
51
+
52
+ That's it! We've now setup a powerful RBAC system for our application.