@workos/mcp-docs-server 0.1.0 → 0.2.0

package/.docs/organized/docs/reference/{user-management → authkit}/authentication/email-verification.mdx

@@ -6,7 +6,7 @@ reference:
   curl:
     - key: authenticate_email_verification
       id: authenticate_email_verification
-      url: /reference/user-management/authentication/email-verification
+      url: /reference/authkit/authentication/email-verification
       title: /user_management/authenticate
       type: POST
       parameters:
@@ -54,7 +54,7 @@ reference:
   js:
     - key: authenticateWithEmailVerification
       id: authenticate_email_verification
-      url: /reference/user-management/authentication/email-verification
+      url: /reference/authkit/authentication/email-verification
       title: userManagement.authenticateWithEmailVerification()
       parameters:
         - key: options
@@ -115,7 +115,7 @@ reference:
   python:
     - key: authenticate_with_email_verification
       id: authenticate_email_verification
-      url: /reference/user-management/authentication/email_verification
+      url: /reference/authkit/authentication/email_verification
       title: user_management.authenticate_with_email_verification()
       parameters:
         - key: code
@@ -155,7 +155,7 @@ reference:
   go:
     - key: AuthenticateWithEmailVerification
       id: authenticate_email_verification
-      url: /reference/user-management/authentication/email-verification
+      url: /reference/authkit/authentication/email-verification
       title: usermanagement.AuthenticateWithEmailVerification()
       parameters:
         - (ctx)
@@ -196,7 +196,7 @@ reference:
   php:
     - key: authenticateWithEmailVerification
       id: authenticate_email_verification
-      url: /reference/user-management/authentication/email-verification
+      url: /reference/authkit/authentication/email-verification
       title: $userManagement->authenticateWithEmailVerification()
       parameters:
         - key: options
@@ -235,7 +235,7 @@ reference:
   ruby:
     - key: authenticate_with_email_verification
       id: authenticate_email_verification
-      url: /reference/user-management/authentication/email-verification
+      url: /reference/authkit/authentication/email-verification
       title: UserManagement.authenticate_with_email_verification()
       parameters:
         - key: options
@@ -274,7 +274,7 @@ reference:
   java:
     - key: authenticateWithEmailVerification
       id: authenticate_email_verification
-      url: /reference/user-management/authentication/email-verification
+      url: /reference/authkit/authentication/email-verification
       title: userManagement.authenticateWithEmailVerification()
       parameters:
         - key: clientId
@@ -336,16 +336,16 @@ reference:
                   optional: true
                   description: (authentication.impersonator.reason)
 originalPath: >-
-  .tmp-workos-clone/packages/docs/content/reference/user-management/authentication/email-verification.mdx
+  .tmp-workos-clone/packages/docs/content/reference/authkit/authentication/email-verification.mdx
 ---
 
 ## Authenticate with an email verification code
 
 Authenticates a user with an unverified email and verifies their email address.
 
-A user with an unverified email address won’t be able to authenticate right away. When they attempt to authenticate with their credentials, the API will return an [email verification required error](/reference/user-management/authentication-errors/email-verification-required-error) that contains a pending authentication token.
+A user with an unverified email address won’t be able to authenticate right away. When they attempt to authenticate with their credentials, the API will return an [email verification required error](/reference/authkit/authentication-errors/email-verification-required-error) that contains a pending authentication token.
 
-If the [email setting](/user-management/custom-emails) for email verification is enabled, WorkOS will automatically send a one-time email verification code to the user’s email address. If the email setting is not enabled, [retrieve the email verification code](/reference/user-management/email-verification/get) to send the email yourself. Use the pending authentication token from the error and the one-time code the user received to authenticate them and to complete the email verification process.
+If the [email setting](/authkit/custom-emails) for email verification is enabled, WorkOS will automatically send a one-time email verification code to the user’s email address. If the email setting is not enabled, [retrieve the email verification code](/reference/authkit/email-verification/get) to send the email yourself. Use the pending authentication token from the error and the one-time code the user received to authenticate them and to complete the email verification process.
 
 <CodeBlock referenceId="authenticate_email_verification">
   <CodeBlockTab

package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/error-codes.mdx

@@ -1,6 +1,6 @@
 ---
 originalPath: >-
-  .tmp-workos-clone/packages/docs/content/reference/user-management/authentication/get-authorization-url/error-codes.mdx
+  .tmp-workos-clone/packages/docs/content/reference/authkit/authentication/get-authorization-url/error-codes.mdx
 ---
 ### Error codes
 
@@ -14,7 +14,7 @@ Possible error codes and the corresponding descriptions are listed below.
 
 | Error code                      | Description                                                                                                                                                                                                                                                                                                                        |
 | ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `access_denied`                 | The user denied an OAuth authorization request at the identity provider.                                                                                                                                                                                                                                                           |
+| `access_denied`                 | The identity provider denied user access to the client application or the user denied an OAuth authorization request at the identity provider.                                                                                                                                                                                     |
 | `ambiguous_connection_selector` | A connection could not be uniquely identified using the provided connection selector (e.g., organization). This can occur when there are multiple SSO connections under the same organization. If you need multiple SSO connections for an organization, use the connection parameter to identify which connection to use for SSO. |
 | `connection_invalid`            | There is no connection for the provided ID.                                                                                                                                                                                                                                                                                        |
 | `connection_strategy_invalid`   | The provider has multiple strategies associated per environment.                                                                                                                                                                                                                                                                   |
@@ -22,4 +22,4 @@ Possible error codes and the corresponding descriptions are listed below.
 | `invalid_connection_selector`   | A valid connection selector query parameter must be provided in order to correctly determine the proper connection to return an authorization URL for. Valid connection selectors are either `connection`, `organization`, or `provider`.                                                                                          |
 | `organization_invalid`          | There is no organization matching the provided ID.                                                                                                                                                                                                                                                                                 |
 | `oauth_failed`                  | An OAuth authorization request failed for a user.                                                                                                                                                                                                                                                                                  |
-| `server_error`                  | The SSO authentication failed for the user. More detailed errors and steps to resolve are available in the [Sessions tab](/dashboard/saml-sessions/sessions-tab) on the connection page in the WorkOS Dashboard.                                                                                                                   |
+| `server_error`                  | The SSO authentication failed for the user. More detailed errors and steps to resolve are available in the Sessions tab on the connection page in the WorkOS Dashboard.                                                                                                                                                            |

package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/index.mdx

@@ -49,7 +49,7 @@ descriptions:
       sign-in page for the user, if you know their username ahead of time.
 
 
-      Currently, this parameter is supported for OAuth, Authkit, OpenID Connect,
+      Currently, this parameter is supported for OAuth, AuthKit, OpenID Connect,
       Okta, and Entra ID connections.
     domain_hint: >
       Can be used to pre-fill the domain field when initiating authentication
@@ -65,9 +65,20 @@ descriptions:
 
       This parameter is required when specifying a `code_challenge` for the PKCE
       flow.
+    provider_scopes: >
+      A list of additional OAuth scopes to request from the OAuth provider.
+
+
+      This parameter can be used with Google OAuth, Microsoft OAuth, GitHub
+      OAuth, GitLab OAuth, and Xero OAuth.
+
+
+      Tokens from the OAuth provider will be included in the authentication
+      response if your OAuth connection for the provider is configured in the
+      WorkOS Dashboard to return OAuth tokens.
 reference:
   curl:
-    - url: /reference/user-management/authentication/get-authorization-url
+    - url: /reference/authkit/authentication/get-authorization-url
       key: user_management_get_authorization_url
       id: user_management_get_authorization_url
       title: /user_management/authorize
@@ -120,12 +131,16 @@ reference:
           optional: true
           type: '"sign-up" | "sign-in"'
           description: (user_management_get_authorization_url.screen_hint)
+        - key: provider_scopes
+          optional: true
+          type: array
+          description: (user_management_get_authorization_url.provider_scopes)
       returns:
         - key: url
           type: string
           description: (user_management_get_authorization_url.url)
   js:
-    - url: /reference/user-management/authentication/get-authorization-url
+    - url: /reference/authkit/authentication/get-authorization-url
       key: getAuthorizationUrl
       patternBefore: userManagement.
       id: user_management_get_authorization_url
@@ -179,12 +194,16 @@ reference:
               optional: true
               type: '"sign-up" | "sign-in"'
               description: (user_management_get_authorization_url.screen_hint)
+            - key: providerScopes
+              optional: true
+              type: array
+              description: (user_management_get_authorization_url.provider_scopes)
       returns:
         - key: url
           type: string
           description: (user_management_get_authorization_url.url)
   python:
-    - url: /reference/user-management/authentication/get-authorization-url
+    - url: /reference/authkit/authentication/get-authorization-url
       key: get_authorization_url
       patternBefore: user_management.
       id: user_management_get_authorization_url
@@ -217,12 +236,20 @@ reference:
           optional: true
           type: str
           description: (user_management_get_authorization_url.domain_hint)
+        - key: screen_hint
+          optional: true
+          type: '"sign-up" | "sign-in"'
+          description: (user_management_get_authorization_url.screen_hint)
+        - key: provider_scopes
+          optional: true
+          type: 'Sequence[str]'
+          description: (user_management_get_authorization_url.provider_scopes)
       returns:
         - key: url
           type: str
           description: (user_management_get_authorization_url.url)
   go:
-    - url: /reference/user-management/authentication/get-authorization-url
+    - url: /reference/authkit/authentication/get-authorization-url
       key: GetAuthorizationURL
       patternBefore: usermanagement.
       id: user_management_get_authorization_url
@@ -275,28 +302,32 @@ reference:
               optional: true
               type: ScreenHint
               description: (user_management_get_authorization_url.screen_hint)
+            - key: ProviderScopes
+              optional: true
+              type: '[]string'
+              description: (user_management_get_authorization_url.provider_scopes)
       returns:
         - key: url
           type: string
           description: (user_management_get_authorization_url.url)
         - (err)
   php:
-    - url: /reference/user-management/authentication/get-authorization-url
+    - url: /reference/authkit/authentication/get-authorization-url
       key: getAuthorizationUrl
       id: user_management_get_authorization_url
       patternBefore: userManagement->
       title: $userManagement->getAuthorizationUrl()
       parameters:
         - key: redirectUri
-          type: str
+          type: string
           description: (user_management_get_authorization_url.redirect_uri)
         - key: connectionId
           optional: true
-          type: str
+          type: string
           description: (user_management_get_authorization_url.connection_id)
         - key: organizationId
           optional: true
-          type: str
+          type: string
           description: (user_management_get_authorization_url.organization_id)
         - key: provider
           optional: true
@@ -306,22 +337,26 @@ reference:
           description: (user_management_get_authorization_url.provider)
         - key: state
           optional: true
-          type: str
+          type: string
           description: (user_management_get_authorization_url.state)
         - key: loginHint
           optional: true
-          type: str
+          type: string
           description: (user_management_get_authorization_url.login_hint)
         - key: domainHint
           optional: true
-          type: str
+          type: string
           description: (user_management_get_authorization_url.domain_hint)
+        - key: providerScopes
+          optional: true
+          type: 'string[]'
+          description: (user_management_get_authorization_url.provider_scopes)
       returns:
         - key: url
           type: string
           description: (user_management_get_authorization_url.url)
   ruby:
-    - url: /reference/user-management/authentication/get-authorization-url
+    - url: /reference/authkit/authentication/get-authorization-url
       key: authorization_url
       id: user_management_get_authorization_url
       title: UserManagement.authorization_url()
@@ -332,6 +367,10 @@ reference:
         - key: client_id
           type: String
           description: (client_id)
+        - key: screen_hint
+          optional: true
+          type: '"sign-up" | "sign-in"'
+          description: (user_management_get_authorization_url.screen_hint)
         - key: domain_hint
           optional: true
           type: String
@@ -358,12 +397,16 @@ reference:
           optional: true
           type: String
           description: (user_management_get_authorization_url.state)
+        - key: provider_scopes
+          optional: true
+          type: 'Array[String]'
+          description: (user_management_get_authorization_url.provider_scopes)
       returns:
         - key: url
           type: String
           description: (user_management_get_authorization_url.url)
   java:
-    - url: /reference/user-management/authentication/get-authorization-url
+    - url: /reference/authkit/authentication/get-authorization-url
       key: authorization_url
       id: user_management_get_authorization_url
       title: userManagement.getAuthorizationUrl()
@@ -407,13 +450,17 @@ reference:
               optional: true
               type: String
               description: (user_management_get_authorization_url.state)
+            - key: providerScopes
+              optional: true
+              type: List<String>
+              description: (user_management_get_authorization_url.provider_scopes)
 originalPath: >-
-  .tmp-workos-clone/packages/docs/content/reference/user-management/authentication/get-authorization-url/index.mdx
+  .tmp-workos-clone/packages/docs/content/reference/authkit/authentication/get-authorization-url/index.mdx
 ---
 
-## Get an authorization URL
+# Get an authorization URL
 
-Generates an OAuth 2.0 authorization URL to authenticate a user with AuthKit or SSO.
+Generates an OAuth 2.0 authorization URL to authenticate a user with AuthKit or SSO.
 
 <CodeBlock referenceId="user_management_get_authorization_url">
   <CodeBlockTab title="Request" file="get-authorization-url-request" />

package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/pkce.mdx

@@ -1,9 +1,9 @@
 ---
 originalPath: >-
-  .tmp-workos-clone/packages/docs/content/reference/user-management/authentication/get-authorization-url/pkce.mdx
+  .tmp-workos-clone/packages/docs/content/reference/authkit/authentication/get-authorization-url/pkce.mdx
 ---
 ### PKCE
 
 The [Proof Key for Code Exchange](https://datatracker.ietf.org/doc/html/rfc7636) (PKCE) flow is an extension to the OAuth 2.0 Authorization Code flow. It enables public clients, like native apps or single-page apps, to perform the authorization code flow securely. If you are developing a client that makes API calls in public, you’ll need to use this flow.
 
-In this flow, your client generates a code verifier which is a high-entropy cryptographic random string. A code challenge is derived by hashing the code verifier. Instead of using a client secret, provide the code challenge when [getting the authorization URL](/reference/user-management/authentication/get-authorization-url) and the code verifier when [authenticating a User](/reference/user-management/authentication/code).
+In this flow, your client generates a code verifier which is a high-entropy cryptographic random string. A code challenge is derived by hashing the code verifier. Instead of using a client secret, provide the code challenge when [getting the authorization URL](/reference/authkit/authentication/get-authorization-url) and the code verifier when [authenticating a User](/reference/authkit/authentication/code).

package/.docs/organized/docs/reference/authkit/authentication/get-authorization-url/redirect-uri.mdx

@@ -0,0 +1,47 @@
+---
+originalPath: >-
+  .tmp-workos-clone/packages/docs/content/reference/authkit/authentication/get-authorization-url/redirect-uri.mdx
+---
+### Redirect URI
+
+In the [OAuth 2.0](/glossary/oauth-2-0) protocol, a redirect URI is the location that the user is redirected to once they have successfully authenticated with their identity provider.
+
+When redirecting the user, WorkOS will generate an authorization code and pass it to your redirect URI as a `code` query parameter, your app will use this code to [authenticate the user](/reference/authkit/authentication/code). Additionally, WorkOS can pass a `state` parameter back to your application that you may use to encode arbitrary information to restore your application state between the redirects.
+
+```url title="Redirect URI with query parameters"
+https://your-app.com/callback?code=01E2RJ4C05B52KKZ8FSRDAP23J&state=dj1kUXc0dzlXZ1hjUQ==
+```
+
+You can use `state` to encode parameters like originating URL and query parameters. This is useful in a flow where unauthenticated users are automatically redirected to a login page. After successful sign in, users will be routed to your redirect URI callback route. From there you can extract the originating URL from `state` and redirect the user to their intended destination.
+
+You’ll need to configure the allowed redirect URIs for your application via the [Redirects](https://dashboard.workos.com/redirects) page in the dashboard. Without a valid redirect URI, your users will be unable to sign in. Make sure that the redirect URI you use as a parameter to get the authorization URL matches one of the redirect URIs you have configured in the dashboard.
+
+Redirect URIs follow stricter requirements in production environments:
+
+- `HTTPS` protocol is required in production environments
+- `HTTP` and `localhost` are allowed in staging environments
+- The sole exception is the use of `http://127.0.0.1` in production environments to support native clients.
+
+#### Wildcards
+
+WorkOS supports using wildcard characters (`*`) in Redirect URIs to handle dynamic subdomains or variable ports during development.
+
+##### Subdomains
+
+The `*` symbol can be used as a wildcard for subdomains; however, it must be used in accordance with the following rules:
+
+- The protocol of the URL **must not** be `http:` in production environments.
+- The wildcard **must** be located in the subdomain furthest from the root domain (e.g., `https://*.sub.example.com` will work, but `https://sub.*.example.com` will not).
+- The URL **must not** contain more than one wildcard.
+- A wildcard character **may** be prefixed and/or suffixed (e.g., `https://prefix-*-suffix.example.com`).
+- A wildcard **will not** match across multiple subdomain levels (e.g., `https://*.example.com` will not match `https://sub1.sub2.example.com`).
+- Wildcards cannot be used with [public suffix domains](https://publicsuffix.org) (e.g., `https://*.ngrok-free.app` will not work).
+- The wildcard will match letters, digits, hyphens, and underscores.
+- A URL with a wildcard cannot be set as the default redirect URI.
+
+##### Ports
+
+To support [RFC 8252](https://datatracker.ietf.org/doc/html/rfc8252#section-7.3) ("OAuth 2.0 for Native Apps") and local development, a wildcard may be used in place of the port number.
+
+- This is strictly limited to `localhost` and loopback IP addresses (e.g., `127.0.0.1`).
+- Example: `http://localhost:*/auth/callback` is valid.

package/.docs/organized/docs/reference/{user-management → authkit}/authentication/index.mdx

@@ -22,7 +22,7 @@ descriptions:
 
       of the `User-Agent` header.
     invitation_token: >
-      The token of an [invitation](/reference/user-management/invitation). The
+      The token of an [invitation](/reference/authkit/invitation). The
       invitation should be in the pending state.
 
 
@@ -32,16 +32,16 @@ descriptions:
       authenticate call automatically provisions their membership to the
       organization.
     organization_id: >
-      The [organization](/reference/organization) the user selected to sign in
-      to.
+      The ID of the [organization](/reference/organization) the user selected to
+      sign in to.
 
 
-      If the user is a member of multiple organizations, this is the
+      If the user is a member of multiple organizations, this is the ID of the
       organization the user
-      [selected](/reference/user-management/authentication/organization-selection)
-      as part of the authentication flow. If the user is a member of only one
-      organization, this is that organization. If the user is not a member of
-      any organizations, this is `null`.
+      [selected](/reference/authkit/authentication/organization-selection) as
+      part of the authentication flow. If the user is a member of only one
+      organization, this is the ID of that organization. If the user is not a
+      member of any organizations, this is omitted from the response.
     pending_authentication_token: >-
       The authentication token returned from a failed authentication attempt due
       to the corresponding error.
@@ -55,10 +55,18 @@ descriptions:
     sealed_session: >-
       The sealed session data to be set as a cookie in the user's browser. Only
       returned if the seal session parameter was true.
-originalPath: >-
-  .tmp-workos-clone/packages/docs/content/reference/user-management/authentication/index.mdx
----
+  refresh_token_authentication:
+    organization_id: >
+      The ID of the [organization](/reference/organization) the user is signed
+      in to.
 
+
+      If the request specified a valid `organization_id`, this is that value.
+      Otherwise, this is the ID for the organization the session most recently
+      used. If the session never used an organization, it is omitted from the
+      response.
+originalPath: >-
+  .tmp-workos-clone/packages/docs/content/reference/authkit/authentication/index.mdx
 ---
 
 # Authentication

package/.docs/organized/docs/reference/{user-management → authkit}/authentication/magic-auth.mdx

@@ -6,7 +6,7 @@ reference:
   curl:
     - key: magic-auth
       id: authenticate_magic_auth_user
-      url: /reference/user-management/authentication/magic-auth
+      url: /reference/authkit/authentication/magic-auth
       title: /user_management/authenticate
       type: POST
       parameters:
@@ -56,7 +56,7 @@ reference:
   js:
     - key: authenticateWithMagicAuth
       id: authenticate_magic_auth_user
-      url: /reference/user-management/authentication/magic-auth
+      url: /reference/authkit/authentication/magic-auth
       title: userManagement.authenticateWithMagicAuth()
       parameters:
         - key: options
@@ -119,7 +119,7 @@ reference:
   python:
     - key: authenticate_with_magic_auth
       id: authenticate_magic_auth_user
-      url: /reference/user-management/authentication/magic-auth
+      url: /reference/authkit/authentication/magic-auth
       title: user_management.authenticate_with_magic_auth()
       parameters:
         - key: code
@@ -159,7 +159,7 @@ reference:
   go:
     - key: AuthenticateWithMagicAuth
       id: authenticate_magic_auth_user
-      url: /reference/user-management/authentication/magic-auth
+      url: /reference/authkit/authentication/magic-auth
       title: usermanagement.AuthenticateWithMagicAuth()
       parameters:
         - (ctx)
@@ -200,7 +200,7 @@ reference:
   php:
     - key: authenticateWithMagicAuth
       id: authenticate_magic_auth_user
-      url: /reference/user-management/authentication/magic-auth
+      url: /reference/authkit/authentication/magic-auth
       title: $userManagement->authenticateWithMagicAuth()
       parameters:
         - key: options
@@ -239,7 +239,7 @@ reference:
   ruby:
     - key: authenticate_with_magic_auth
       id: authenticate_magic_auth_user
-      url: /reference/user-management/authentication/magic-auth
+      url: /reference/authkit/authentication/magic-auth
       title: UserManagement.authenticate_with_magic_auth()
       parameters:
         - key: options
@@ -278,7 +278,7 @@ reference:
   java:
     - key: authenticateWithMagicAuth
       id: authenticate_magic_auth_user
-      url: /reference/user-management/authentication/magic-auth
+      url: /reference/authkit/authentication/magic-auth
       title: userManagement.authenticateWithMagicAuth()
       parameters:
         - key: clientId
@@ -340,12 +340,12 @@ reference:
                   optional: true
                   description: (authentication.impersonator.reason)
 originalPath: >-
-  .tmp-workos-clone/packages/docs/content/reference/user-management/authentication/magic-auth.mdx
+  .tmp-workos-clone/packages/docs/content/reference/authkit/authentication/magic-auth.mdx
 ---
 
 ## Authenticate with Magic Auth
 
-Authenticates a user by verifying the [Magic Auth code](/reference/user-management/magic-auth) sent to the user’s email.
+Authenticates a user by verifying the [Magic Auth code](/reference/authkit/magic-auth) sent to the user’s email.
 
 <CodeBlock referenceId="authenticate_magic_auth_user">
   <CodeBlockTab title="Request" file="authenticate-magic-auth-user-request" />

package/.docs/organized/docs/reference/{user-management → authkit}/authentication/organization-selection.mdx

@@ -8,7 +8,7 @@ reference:
   curl:
     - key: authenticate_organization_selection
       id: authenticate_organization_selection
-      url: /reference/user-management/authentication/organization-selection
+      url: /reference/authkit/authentication/organization-selection
       title: /user_management/authenticate
       type: POST
       parameters:
@@ -56,7 +56,7 @@ reference:
   js:
     - key: authenticateWithOrganizationSelection
       id: authenticate_organization_selection
-      url: /reference/user-management/authentication/organization-selection
+      url: /reference/authkit/authentication/organization-selection
       title: userManagement.authenticateWithOrganizationSelection()
       parameters:
         - key: clientId
@@ -113,7 +113,7 @@ reference:
   python:
     - key: authenticate_with_organization_selection
       id: authenticate_organization_selection
-      url: /reference/user-management/authentication/organization-selection
+      url: /reference/authkit/authentication/organization-selection
       title: user_management.authenticate_with_organization_selection()
       parameters:
         - key: organization_id
@@ -153,7 +153,7 @@ reference:
   go:
     - key: AuthenticateWithOrganizationSelection
       id: authenticate_organization_selection
-      url: /reference/user-management/authentication/organization-selection
+      url: /reference/authkit/authentication/organization-selection
       title: usermanagement.AuthenticateWithOrganizationSelection()
       parameters:
         - (ctx)
@@ -194,7 +194,7 @@ reference:
   php:
     - key: authenticateWithOrganizationSelection
       id: authenticate_organization_selection
-      url: /reference/user-management/authentication/organization-selection
+      url: /reference/authkit/authentication/organization-selection
       title: $userManagement->authenticateWithOrganizationSelection()
       parameters:
         - key: clientId
@@ -229,7 +229,7 @@ reference:
   ruby:
     - key: authenticate_with_organization_selection
       id: authenticate_organization_selection
-      url: /reference/user-management/authentication/organization-selection
+      url: /reference/authkit/authentication/organization-selection
       title: UserManagement.authenticate_with_organization_selection()
       parameters:
         - key: client_id
@@ -264,7 +264,7 @@ reference:
   java:
     - key: authenticateWithOrganizationSelection
       id: authenticate_organization_selection
-      url: /reference/user-management/authentication/organization-selection
+      url: /reference/authkit/authentication/organization-selection
       title: userManagement.authenticateWithOrganizationSelection()
       parameters:
         - key: clientId
@@ -326,14 +326,14 @@ reference:
                   optional: true
                   description: (authentication.impersonator.reason)
 originalPath: >-
-  .tmp-workos-clone/packages/docs/content/reference/user-management/authentication/organization-selection.mdx
+  .tmp-workos-clone/packages/docs/content/reference/authkit/authentication/organization-selection.mdx
 ---
 
 ## Authenticate with organization selection
 
 Authenticates a user into an organization they are a member of.
 
-When a user who is a member of multiple organizations attempts to authenticate with their credentials, the API will return an [organization selection error](/reference/user-management/authentication-errors/organization-selection-error) that contains a pending authentication token. To continue with the authentication flow, your application should display the list of organizations for the user to choose.
+When a user who is a member of multiple organizations attempts to authenticate with their credentials, the API will return an [organization selection error](/reference/authkit/authentication-errors/organization-selection-error) that contains a pending authentication token. To continue with the authentication flow, your application should display the list of organizations for the user to choose.
 
 Use the pending authentication token from the error and the organization the user selected in your UI to complete the authentication.
 

package/.docs/organized/docs/reference/{user-management → authkit}/authentication/password.mdx

@@ -3,7 +3,7 @@ reference:
   curl:
     - key: password
       id: authenticate_password_user
-      url: /reference/user-management/authentication/password
+      url: /reference/authkit/authentication/password
       title: /user_management/authenticate
       type: POST
       parameters:
@@ -53,7 +53,7 @@ reference:
   js:
     - key: authenticateWithPassword
       id: authenticate_password_user
-      url: /reference/user-management/authentication/password
+      url: /reference/authkit/authentication/password
       title: userManagement.authenticateWithPassword()
       parameters:
         - key: options
@@ -116,7 +116,7 @@ reference:
   python:
     - key: authenticate_with_password
       id: authenticate_password_user
-      url: /reference/user-management/authentication/password
+      url: /reference/authkit/authentication/password
       title: user_management.authenticate_with_password()
       parameters:
         - key: email
@@ -156,7 +156,7 @@ reference:
   go:
     - key: AuthenticateWithPassword
       id: authenticate_password_user
-      url: /reference/user-management/authentication/password
+      url: /reference/authkit/authentication/password
       title: usermanagement.AuthenticateWithPassword()
       parameters:
         - (ctx)
@@ -197,7 +197,7 @@ reference:
   php:
     - key: authenticateWithPassword
       id: authenticate_password_user
-      url: /reference/user-management/authentication/password
+      url: /reference/authkit/authentication/password
       title: $userManagement->authenticateWithPassword()
       parameters:
         - key: options
@@ -236,7 +236,7 @@ reference:
   ruby:
     - key: authenticate_with_password
       id: authenticate_password_user
-      url: /reference/user-management/authentication/password
+      url: /reference/authkit/authentication/password
       title: UserManagement.authenticate_with_password()
       parameters:
         - key: options
@@ -275,7 +275,7 @@ reference:
   java:
     - key: authenticateWithPassword
       id: authenticate_password_user
-      url: /reference/user-management/authentication/password
+      url: /reference/authkit/authentication/password
       title: userManagement.authenticateWithPassword()
       parameters:
         - key: clientId
@@ -337,7 +337,7 @@ reference:
                   optional: true
                   description: (authentication.impersonator.reason)
 originalPath: >-
-  .tmp-workos-clone/packages/docs/content/reference/user-management/authentication/password.mdx
+  .tmp-workos-clone/packages/docs/content/reference/authkit/authentication/password.mdx
 ---
 
 ## Authenticate a user with password