@workos/mcp-docs-server 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.docs/organized/changelogs/workos-platform.json +125 -125
- package/.docs/organized/docs/admin-portal/custom-branding.mdx +2 -4
- package/.docs/organized/docs/admin-portal/example-apps.mdx +11 -11
- package/.docs/organized/docs/admin-portal/index.mdx +39 -33
- package/.docs/organized/docs/audit-logs/admin-portal.mdx +1 -1
- package/.docs/organized/docs/audit-logs/editing-events.mdx +1 -1
- package/.docs/organized/docs/audit-logs/exporting-events.mdx +1 -1
- package/.docs/organized/docs/audit-logs/index.mdx +17 -2
- package/.docs/organized/docs/audit-logs/log-streams.mdx +325 -1
- package/.docs/organized/docs/audit-logs/metadata-schema.mdx +1 -1
- package/.docs/organized/docs/authkit/_navigation.mdx +108 -0
- package/.docs/organized/docs/{user-management → authkit}/actions.mdx +3 -4
- package/.docs/organized/docs/authkit/add-ons/google-analytics.mdx +79 -0
- package/.docs/organized/docs/authkit/add-ons/segment.mdx +77 -0
- package/.docs/organized/docs/authkit/add-ons/stripe.mdx +103 -0
- package/.docs/organized/docs/authkit/api-keys.mdx +99 -0
- package/.docs/organized/docs/{user-management → authkit}/branding.mdx +220 -2
- package/.docs/organized/docs/authkit/cli-auth.mdx +76 -0
- package/.docs/organized/docs/authkit/cli-installer.mdx +157 -0
- package/.docs/organized/docs/authkit/connect/m2m.mdx +65 -0
- package/.docs/organized/docs/authkit/connect/oauth.mdx +88 -0
- package/.docs/organized/docs/authkit/connect/standalone.mdx +179 -0
- package/.docs/organized/docs/authkit/connect.mdx +65 -0
- package/.docs/organized/docs/authkit/custom-email-providers.mdx +141 -0
- package/.docs/organized/docs/{user-management → authkit}/custom-emails.mdx +15 -15
- package/.docs/organized/docs/authkit/directory-provisioning.mdx +89 -0
- package/.docs/organized/docs/{user-management → authkit}/domain-verification.mdx +5 -6
- package/.docs/organized/docs/{user-management → authkit}/email-password.mdx +2 -2
- package/.docs/organized/docs/authkit/email-verification.mdx +31 -0
- package/.docs/organized/docs/{user-management → authkit}/example-apps.mdx +3 -3
- package/.docs/organized/docs/authkit/hosted-ui.mdx +165 -0
- package/.docs/organized/docs/{user-management → authkit}/identity-linking.mdx +9 -9
- package/.docs/organized/docs/{user-management → authkit}/impersonation.mdx +8 -8
- package/.docs/organized/docs/{user-management → authkit}/index.mdx +141 -74
- package/.docs/organized/docs/{user-management → authkit}/invitations.mdx +4 -4
- package/.docs/organized/docs/{user-management → authkit}/invite-only-signup.mdx +3 -3
- package/.docs/organized/docs/authkit/jit-provisioning.mdx +42 -0
- package/.docs/organized/docs/{user-management → authkit}/jwt-templates.mdx +37 -3
- package/.docs/organized/docs/authkit/landing.mdx +22 -0
- package/.docs/organized/docs/{user-management → authkit}/magic-auth.mdx +3 -5
- package/.docs/organized/docs/{user-management → authkit}/mcp.mdx +46 -9
- package/.docs/organized/docs/{user-management → authkit}/metadata.mdx +9 -9
- package/.docs/organized/docs/{user-management → authkit}/mfa.mdx +2 -2
- package/.docs/organized/docs/{user-management → authkit}/migrations.mdx +4 -4
- package/.docs/organized/docs/{user-management → authkit}/modeling-your-app.mdx +11 -11
- package/.docs/organized/docs/{user-management → authkit}/organization-policies.mdx +3 -4
- package/.docs/organized/docs/authkit/overview.mdx +46 -0
- package/.docs/organized/docs/{user-management → authkit}/passkeys.mdx +3 -3
- package/.docs/organized/docs/authkit/pipes.mdx +75 -0
- package/.docs/organized/docs/{user-management → authkit}/radar.mdx +39 -4
- package/.docs/organized/docs/authkit/roles-and-permissions.mdx +208 -0
- package/.docs/organized/docs/{user-management → authkit}/sessions.mdx +32 -20
- package/.docs/organized/docs/{user-management → authkit}/social-login.mdx +16 -2
- package/.docs/organized/docs/{user-management → authkit}/sso-with-contractors.mdx +3 -4
- package/.docs/organized/docs/{user-management → authkit}/sso.mdx +2 -2
- package/.docs/organized/docs/authkit/users-organizations.mdx +107 -0
- package/.docs/organized/docs/custom-domains/admin-portal.mdx +0 -2
- package/.docs/organized/docs/custom-domains/authkit.mdx +0 -2
- package/.docs/organized/docs/custom-domains/email.mdx +2 -2
- package/.docs/organized/docs/deprecations/_navigation.mdx +8 -0
- package/.docs/organized/docs/deprecations/raw-attributes.mdx +136 -0
- package/.docs/organized/docs/directory-sync/attributes.mdx +50 -31
- package/.docs/organized/docs/directory-sync/example-apps.mdx +11 -11
- package/.docs/organized/docs/directory-sync/identity-provider-role-assignment.mdx +23 -26
- package/.docs/organized/docs/directory-sync/index.mdx +4 -2
- package/.docs/organized/docs/directory-sync/quick-start.mdx +3 -3
- package/.docs/organized/docs/directory-sync/understanding-events.mdx +2 -2
- package/.docs/organized/docs/domain-verification/api.mdx +8 -8
- package/.docs/organized/docs/domain-verification/index.mdx +3 -3
- package/.docs/organized/docs/email.mdx +49 -5
- package/.docs/organized/docs/events/data-syncing/events-api.mdx +3 -3
- package/.docs/organized/docs/events/data-syncing/index.mdx +2 -3
- package/.docs/organized/docs/events/data-syncing/webhooks.mdx +4 -4
- package/.docs/organized/docs/events/index.mdx +419 -33
- package/.docs/organized/docs/feature-flags/_navigation.mdx +10 -0
- package/.docs/organized/docs/feature-flags/index.mdx +80 -0
- package/.docs/organized/docs/feature-flags/slack-notifications.mdx +58 -0
- package/.docs/organized/docs/fga/_navigation.mdx +34 -54
- package/.docs/organized/docs/fga/access-checks.mdx +109 -0
- package/.docs/organized/docs/fga/assignments.mdx +124 -0
- package/.docs/organized/docs/fga/authkit-integration.mdx +92 -0
- package/.docs/organized/docs/fga/high-cardinality-entities.mdx +172 -0
- package/.docs/organized/docs/fga/idp-role-assignment.mdx +66 -0
- package/.docs/organized/docs/fga/index.mdx +94 -29
- package/.docs/organized/docs/fga/migration-openfga.mdx +306 -0
- package/.docs/organized/docs/fga/migration-oso.mdx +372 -0
- package/.docs/organized/docs/fga/migration-spicedb.mdx +364 -0
- package/.docs/organized/docs/fga/quick-start.mdx +283 -98
- package/.docs/organized/docs/fga/resource-discovery.mdx +78 -0
- package/.docs/organized/docs/fga/resource-types.mdx +165 -0
- package/.docs/organized/docs/fga/resources.mdx +179 -59
- package/.docs/organized/docs/fga/roles-and-permissions.mdx +122 -0
- package/.docs/organized/docs/fga/standalone-integration.mdx +176 -0
- package/.docs/organized/docs/glossary.mdx +7 -3
- package/.docs/organized/docs/integrations/access-people-hr.mdx +1 -1
- package/.docs/organized/docs/integrations/adp-oidc.mdx +1 -1
- package/.docs/organized/docs/integrations/apple.mdx +112 -69
- package/.docs/organized/docs/integrations/auth0-directory-sync.mdx +3 -1
- package/.docs/organized/docs/integrations/auth0-enterprise-connection.mdx +3 -1
- package/.docs/organized/docs/integrations/auth0-saml.mdx +3 -1
- package/.docs/organized/docs/integrations/bamboohr.mdx +4 -4
- package/.docs/organized/docs/integrations/breathe-hr.mdx +1 -1
- package/.docs/organized/docs/integrations/bubble.mdx +1 -1
- package/.docs/organized/docs/integrations/cas-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/classlink-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/clever-oidc.mdx +94 -0
- package/.docs/organized/docs/integrations/cloudflare-saml.mdx +35 -2
- package/.docs/organized/docs/integrations/cyberark-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/cyberark-scim.mdx +1 -1
- package/.docs/organized/docs/integrations/duo-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/entra-id-oidc.mdx +198 -0
- package/.docs/organized/docs/integrations/entra-id-saml.mdx +3 -3
- package/.docs/organized/docs/integrations/entra-id-scim.mdx +5 -1
- package/.docs/organized/docs/integrations/fourth.mdx +2 -2
- package/.docs/organized/docs/integrations/github-oauth.mdx +80 -33
- package/.docs/organized/docs/integrations/gitlab-oauth.mdx +86 -31
- package/.docs/organized/docs/integrations/google-directory-sync.mdx +5 -1
- package/.docs/organized/docs/integrations/google-oauth.mdx +87 -70
- package/.docs/organized/docs/integrations/google-oidc.mdx +142 -0
- package/.docs/organized/docs/integrations/google-saml.mdx +3 -3
- package/.docs/organized/docs/integrations/hibob.mdx +17 -4
- package/.docs/organized/docs/integrations/intuit-oauth.mdx +128 -0
- package/.docs/organized/docs/integrations/jumpcloud-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/jumpcloud-scim.mdx +5 -1
- package/.docs/organized/docs/integrations/keycloak-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/lastpass-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/linkedin-oauth.mdx +69 -30
- package/.docs/organized/docs/integrations/microsoft-ad-fs-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/microsoft-oauth.mdx +95 -38
- package/.docs/organized/docs/integrations/miniorange-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/net-iq-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/next-auth.mdx +1 -1
- package/.docs/organized/docs/integrations/oidc.mdx +37 -24
- package/.docs/organized/docs/integrations/okta-oidc.mdx +149 -0
- package/.docs/organized/docs/integrations/okta-saml.mdx +3 -3
- package/.docs/organized/docs/integrations/okta-scim.mdx +6 -2
- package/.docs/organized/docs/integrations/onelogin-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/onelogin-scim.mdx +1 -1
- package/.docs/organized/docs/integrations/oracle-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/pingfederate-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/pingfederate-scim.mdx +1 -1
- package/.docs/organized/docs/integrations/pingone-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/rippling-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/rippling-scim.mdx +1 -1
- package/.docs/organized/docs/integrations/sailpoint-scim.mdx +77 -0
- package/.docs/organized/docs/integrations/salesforce-oauth.mdx +116 -0
- package/.docs/organized/docs/integrations/salesforce-saml.mdx +4 -4
- package/.docs/organized/docs/integrations/saml.mdx +43 -23
- package/.docs/organized/docs/integrations/scim.mdx +36 -24
- package/.docs/organized/docs/integrations/sftp.mdx +59 -36
- package/.docs/organized/docs/integrations/shibboleth-generic-saml.mdx +1 -1
- package/.docs/organized/docs/integrations/shibboleth-unsolicited-saml.mdx +1 -1
- package/.docs/organized/docs/integrations/simple-saml-php.mdx +2 -2
- package/.docs/organized/docs/integrations/slack-oauth.mdx +53 -49
- package/.docs/organized/docs/integrations/supabase-authkit.mdx +46 -0
- package/.docs/organized/docs/integrations/{supabase.mdx → supabase-sso.mdx} +6 -4
- package/.docs/organized/docs/integrations/vercel-oauth.mdx +120 -0
- package/.docs/organized/docs/integrations/vmware-saml.mdx +2 -2
- package/.docs/organized/docs/integrations/workday.mdx +1 -1
- package/.docs/organized/docs/integrations/xero-oauth.mdx +77 -32
- package/.docs/organized/docs/magic-link/example-apps.mdx +11 -11
- package/.docs/organized/docs/magic-link/index.mdx +2 -0
- package/.docs/organized/docs/mfa/example-apps.mdx +2 -2
- package/.docs/organized/docs/mfa/index.mdx +2 -2
- package/.docs/organized/docs/mfa/ux/enrollment.mdx +1 -1
- package/.docs/organized/docs/mfa/ux/sign-in.mdx +1 -1
- package/.docs/organized/docs/migrate/_navigation.mdx +21 -1
- package/.docs/organized/docs/migrate/auth0.mdx +5 -5
- package/.docs/organized/docs/migrate/aws-cognito.mdx +5 -5
- package/.docs/organized/docs/migrate/better-auth.mdx +282 -0
- package/.docs/organized/docs/migrate/clerk.mdx +9 -11
- package/.docs/organized/docs/migrate/descope.mdx +290 -0
- package/.docs/organized/docs/migrate/firebase.mdx +4 -4
- package/.docs/organized/docs/migrate/other-services.mdx +25 -6
- package/.docs/organized/docs/migrate/standalone-sso.mdx +14 -14
- package/.docs/organized/docs/migrate/stytch.mdx +363 -0
- package/.docs/organized/docs/migrate/supabase.mdx +255 -0
- package/.docs/organized/docs/on-prem-deployment.mdx +1 -1
- package/.docs/organized/docs/pipes/_navigation.mdx +12 -0
- package/.docs/organized/docs/pipes/index.mdx +75 -0
- package/.docs/organized/docs/pipes/providers.mdx +9 -0
- package/.docs/organized/docs/rbac/_navigation.mdx +16 -0
- package/.docs/organized/docs/rbac/configuration.mdx +80 -0
- package/.docs/organized/docs/rbac/idp-role-assignment.mdx +79 -0
- package/.docs/organized/docs/rbac/index.mdx +24 -0
- package/.docs/organized/docs/rbac/integration.mdx +59 -0
- package/.docs/organized/docs/rbac/organization-roles.mdx +38 -0
- package/.docs/organized/docs/rbac/quick-start.mdx +52 -0
- package/.docs/organized/docs/reference/_navigation.mdx +437 -284
- package/.docs/organized/docs/reference/admin-portal/portal-link/index.mdx +1 -1
- package/.docs/organized/docs/reference/admin-portal/provider-icons/index.mdx +3 -3
- package/.docs/organized/docs/reference/{api-keys.mdx → api-authentication/index.mdx} +3 -3
- package/.docs/organized/docs/reference/audit-logs/configuration/index.mdx +97 -0
- package/.docs/organized/docs/reference/audit-logs/{create-event.mdx → event/create.mdx} +12 -2
- package/.docs/organized/docs/reference/audit-logs/event/index.mdx +92 -0
- package/.docs/organized/docs/reference/audit-logs/{create-export.mdx → export/create.mdx} +1 -1
- package/.docs/organized/docs/reference/audit-logs/{get-export.mdx → export/get.mdx} +1 -1
- package/.docs/organized/docs/reference/audit-logs/{audit-log-export.mdx → export/index.mdx} +11 -12
- package/.docs/organized/docs/reference/audit-logs/{get-retention.mdx → retention/get.mdx} +1 -1
- package/.docs/organized/docs/reference/audit-logs/retention/index.mdx +25 -0
- package/.docs/organized/docs/reference/audit-logs/{set-retention.mdx → retention/set.mdx} +1 -1
- package/.docs/organized/docs/reference/audit-logs/{create-schema.mdx → schema/create.mdx} +1 -1
- package/.docs/organized/docs/reference/audit-logs/{audit-log-schema.mdx → schema/index.mdx} +5 -6
- package/.docs/organized/docs/reference/audit-logs/{list-actions.mdx → schema/list-actions.mdx} +2 -1
- package/.docs/organized/docs/reference/audit-logs/{list-schemas.mdx → schema/list.mdx} +1 -1
- package/.docs/organized/docs/reference/authkit/api-keys/create-for-organization.mdx +40 -0
- package/.docs/organized/docs/reference/authkit/api-keys/delete.mdx +23 -0
- package/.docs/organized/docs/reference/authkit/api-keys/index.mdx +275 -0
- package/.docs/organized/docs/reference/authkit/api-keys/list-for-organization.mdx +41 -0
- package/.docs/organized/docs/reference/authkit/api-keys/validate.mdx +77 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/code.mdx +138 -18
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/email-verification.mdx +10 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/error-codes.mdx +3 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/index.mdx +64 -17
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/get-authorization-url/pkce.mdx +2 -2
- package/.docs/organized/docs/reference/authkit/authentication/get-authorization-url/redirect-uri.mdx +47 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/index.mdx +19 -11
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/magic-auth.mdx +9 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/organization-selection.mdx +9 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/password.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/refresh-and-seal-session-data.mdx +3 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/refresh-token.mdx +17 -17
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/session-cookie.mdx +7 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication/totp.mdx +10 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/email-verification-required-error.mdx +3 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/index.mdx +1 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/mfa-challenge-error.mdx +3 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/mfa-enrollment-error.mdx +3 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/organization-authentication-required-error.mdx +3 -3
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/organization-selection-error.mdx +3 -4
- package/.docs/organized/docs/reference/{user-management → authkit}/authentication-errors/sso-required-error.mdx +3 -3
- package/.docs/organized/docs/reference/authkit/cli-auth/device-authorization.mdx +61 -0
- package/.docs/organized/docs/reference/authkit/cli-auth/device-code.mdx +57 -0
- package/.docs/organized/docs/reference/authkit/cli-auth/error-codes.mdx +31 -0
- package/.docs/organized/docs/reference/authkit/cli-auth/index.mdx +22 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/email-verification/get.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/email-verification/index.mdx +9 -11
- package/.docs/organized/docs/reference/{user-management → authkit}/identity/index.mdx +6 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/identity/list.mdx +5 -6
- package/.docs/organized/docs/reference/authkit/index.mdx +13 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/accept.mdx +5 -5
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/find-by-token.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/get.mdx +8 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/index.mdx +10 -15
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/list.mdx +10 -11
- package/.docs/organized/docs/reference/authkit/invitation/resend.mdx +109 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/revoke.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/invitation/send.mdx +23 -13
- package/.docs/organized/docs/reference/{user-management → authkit}/logout/get-logout-url-from-session-cookie.mdx +2 -2
- package/.docs/organized/docs/reference/{user-management → authkit}/logout/get-logout-url.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/logout/index.mdx +4 -5
- package/.docs/organized/docs/reference/{user-management → authkit}/magic-auth/create.mdx +10 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/magic-auth/get.mdx +9 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/magic-auth/index.mdx +10 -15
- package/.docs/organized/docs/reference/{user-management → authkit}/mfa/authentication-challenge.mdx +9 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/mfa/authentication-factor.mdx +11 -11
- package/.docs/organized/docs/reference/{user-management → authkit}/mfa/enroll-auth-factor.mdx +19 -15
- package/.docs/organized/docs/reference/authkit/mfa/index.mdx +11 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/mfa/list-auth-factors.mdx +9 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/create.mdx +27 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/deactivate.mdx +10 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/delete.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/get.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/index.mdx +107 -14
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/list.mdx +10 -10
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/reactivate.mdx +11 -11
- package/.docs/organized/docs/reference/{user-management → authkit}/organization-membership/update.mdx +25 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/create.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/get.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/index.mdx +10 -12
- package/.docs/organized/docs/reference/{user-management → authkit}/password-reset/reset-password.mdx +8 -8
- package/.docs/organized/docs/reference/authkit/session/index.mdx +128 -0
- package/.docs/organized/docs/reference/authkit/session/list.mdx +110 -0
- package/.docs/organized/docs/reference/authkit/session/revoke.mdx +73 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/authenticate.mdx +22 -6
- package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/get-logout-url.mdx +5 -5
- package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/index.mdx +2 -2
- package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/load-sealed-session.mdx +4 -4
- package/.docs/organized/docs/reference/{user-management → authkit}/session-helpers/refresh.mdx +18 -6
- package/.docs/organized/docs/reference/{user-management → authkit}/session-tokens/access-token.mdx +16 -8
- package/.docs/organized/docs/reference/authkit/session-tokens/index.mdx +5 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/session-tokens/jwks.mdx +8 -8
- package/.docs/organized/docs/reference/authkit/session-tokens/refresh-token.mdx +8 -0
- package/.docs/organized/docs/reference/{user-management → authkit}/user/create.mdx +36 -17
- package/.docs/organized/docs/reference/{user-management → authkit}/user/delete.mdx +8 -9
- package/.docs/organized/docs/reference/{user-management → authkit}/user/get-by-external-id.mdx +16 -4
- package/.docs/organized/docs/reference/{user-management → authkit}/user/get.mdx +8 -8
- package/.docs/organized/docs/reference/{user-management → authkit}/user/index.mdx +25 -15
- package/.docs/organized/docs/reference/{user-management → authkit}/user/list.mdx +9 -12
- package/.docs/organized/docs/reference/{user-management → authkit}/user/update.mdx +43 -20
- package/.docs/organized/docs/reference/{client-libraries.mdx → client-libraries/index.mdx} +2 -2
- package/.docs/organized/docs/reference/directory-sync/directory/index.mdx +1 -1
- package/.docs/organized/docs/reference/directory-sync/directory-group/index.mdx +1 -24
- package/.docs/organized/docs/reference/directory-sync/directory-user/index.mdx +1 -29
- package/.docs/organized/docs/reference/directory-sync/directory-user/list.mdx +1 -1
- package/.docs/organized/docs/reference/directory-sync/index.mdx +1 -1
- package/.docs/organized/docs/reference/domain-verification/create.mdx +35 -0
- package/.docs/organized/docs/reference/domain-verification/delete.mdx +55 -0
- package/.docs/organized/docs/reference/domain-verification/get.mdx +29 -0
- package/.docs/organized/docs/reference/domain-verification/index.mdx +57 -1
- package/.docs/organized/docs/reference/domain-verification/verify.mdx +29 -0
- package/.docs/organized/docs/reference/{errors.mdx → errors/index.mdx} +1 -1
- package/.docs/organized/docs/reference/events/list.mdx +5 -4
- package/.docs/organized/docs/reference/feature-flags/flag/disable.mdx +33 -0
- package/.docs/organized/docs/reference/feature-flags/flag/enable.mdx +33 -0
- package/.docs/organized/docs/reference/feature-flags/flag/get.mdx +32 -0
- package/.docs/organized/docs/reference/feature-flags/flag/index.mdx +116 -0
- package/.docs/organized/docs/reference/feature-flags/flag/list.mdx +67 -0
- package/.docs/organized/docs/reference/feature-flags/index.mdx +123 -0
- package/.docs/organized/docs/reference/feature-flags/targeting/add.mdx +43 -0
- package/.docs/organized/docs/reference/feature-flags/targeting/index.mdx +23 -0
- package/.docs/organized/docs/reference/feature-flags/targeting/list-for-organization.mdx +132 -0
- package/.docs/organized/docs/reference/feature-flags/targeting/list-for-user.mdx +94 -0
- package/.docs/organized/docs/reference/feature-flags/targeting/remove.mdx +43 -0
- package/.docs/organized/docs/reference/fga/access-check/check.mdx +102 -0
- package/.docs/organized/docs/reference/fga/access-check/index.mdx +6 -0
- package/.docs/organized/docs/reference/fga/access-check/list-memberships-by-external-id.mdx +143 -0
- package/.docs/organized/docs/reference/fga/access-check/list-memberships.mdx +127 -0
- package/.docs/organized/docs/reference/fga/access-check/list-resources.mdx +152 -0
- package/.docs/organized/docs/reference/fga/index.mdx +14 -2
- package/.docs/organized/docs/reference/fga/resource/create.mdx +74 -88
- package/.docs/organized/docs/reference/fga/resource/delete-by-external-id.mdx +78 -0
- package/.docs/organized/docs/reference/fga/resource/delete.mdx +38 -62
- package/.docs/organized/docs/reference/fga/resource/get-by-external-id.mdx +60 -0
- package/.docs/organized/docs/reference/fga/resource/get.mdx +15 -63
- package/.docs/organized/docs/reference/fga/resource/index.mdx +74 -73
- package/.docs/organized/docs/reference/fga/resource/list.mdx +90 -131
- package/.docs/organized/docs/reference/fga/resource/update-by-external-id.mdx +81 -0
- package/.docs/organized/docs/reference/fga/resource/update.mdx +29 -85
- package/.docs/organized/docs/reference/fga/role-assignment/create.mdx +89 -0
- package/.docs/organized/docs/reference/fga/role-assignment/delete-by-id.mdx +59 -0
- package/.docs/organized/docs/reference/fga/role-assignment/delete.mdx +90 -0
- package/.docs/organized/docs/reference/fga/role-assignment/index.mdx +106 -0
- package/.docs/organized/docs/reference/fga/role-assignment/list.mdx +86 -0
- package/.docs/organized/docs/reference/index.mdx +21 -12
- package/.docs/organized/docs/reference/magic-link/passwordless-session/index.mdx +1 -1
- package/.docs/organized/docs/reference/mfa/{challenge-factor.mdx → challenge/create.mdx} +1 -1
- package/.docs/organized/docs/reference/mfa/{authentication-challenge.mdx → challenge/index.mdx} +11 -14
- package/.docs/organized/docs/reference/mfa/{verify-challenge.mdx → challenge/verify.mdx} +10 -12
- package/.docs/organized/docs/reference/mfa/{delete-factor.mdx → factor/delete.mdx} +1 -1
- package/.docs/organized/docs/reference/mfa/{enroll-factor.mdx → factor/enroll.mdx} +1 -1
- package/.docs/organized/docs/reference/mfa/{get-factor.mdx → factor/get.mdx} +1 -1
- package/.docs/organized/docs/reference/mfa/{authentication-factor.mdx → factor/index.mdx} +11 -12
- package/.docs/organized/docs/reference/organization/create.mdx +1 -6
- package/.docs/organized/docs/reference/organization/get-by-external-id.mdx +1 -1
- package/.docs/organized/docs/reference/organization/index.mdx +5 -5
- package/.docs/organized/docs/reference/organization/update.mdx +1 -1
- package/.docs/organized/docs/reference/{pagination.mdx → pagination/index.mdx} +1 -3
- package/.docs/organized/docs/reference/pipes/access-token/get.mdx +174 -0
- package/.docs/organized/docs/reference/pipes/access-token/index.mdx +44 -0
- package/.docs/organized/docs/reference/pipes/connected-account/delete.mdx +42 -0
- package/.docs/organized/docs/reference/pipes/connected-account/get-authorize-url.mdx +49 -0
- package/.docs/organized/docs/reference/pipes/connected-account/get.mdx +42 -0
- package/.docs/organized/docs/reference/pipes/connected-account/index.mdx +69 -0
- package/.docs/organized/docs/reference/pipes/index.mdx +8 -0
- package/.docs/organized/docs/reference/pipes/provider/index.mdx +70 -0
- package/.docs/organized/docs/reference/pipes/provider/list.mdx +47 -0
- package/.docs/organized/docs/reference/radar/attempts/index.mdx +1 -1
- package/.docs/organized/docs/reference/radar/lists/index.mdx +1 -1
- package/.docs/organized/docs/reference/rate-limits/index.mdx +56 -0
- package/.docs/organized/docs/reference/roles/index.mdx +12 -262
- package/.docs/organized/docs/reference/roles/organization-role/add-permission.mdx +75 -0
- package/.docs/organized/docs/reference/roles/organization-role/create.mdx +95 -0
- package/.docs/organized/docs/reference/roles/organization-role/delete.mdx +47 -0
- package/.docs/organized/docs/reference/roles/organization-role/get.mdx +55 -0
- package/.docs/organized/docs/reference/roles/organization-role/index.mdx +148 -0
- package/.docs/organized/docs/reference/roles/organization-role/list.mdx +68 -0
- package/.docs/organized/docs/reference/roles/organization-role/remove-permission.mdx +68 -0
- package/.docs/organized/docs/reference/roles/organization-role/set-permissions.mdx +79 -0
- package/.docs/organized/docs/reference/roles/organization-role/update.mdx +85 -0
- package/.docs/organized/docs/reference/roles/permission/create.mdx +101 -0
- package/.docs/organized/docs/reference/roles/permission/delete.mdx +38 -0
- package/.docs/organized/docs/reference/roles/permission/get.mdx +45 -0
- package/.docs/organized/docs/reference/roles/permission/index.mdx +128 -0
- package/.docs/organized/docs/reference/roles/permission/list.mdx +91 -0
- package/.docs/organized/docs/reference/roles/permission/update.mdx +80 -0
- package/.docs/organized/docs/reference/roles/role/add-permission.mdx +63 -0
- package/.docs/organized/docs/reference/roles/role/create.mdx +103 -0
- package/.docs/organized/docs/reference/roles/role/get.mdx +52 -0
- package/.docs/organized/docs/reference/roles/role/index.mdx +135 -0
- package/.docs/organized/docs/reference/roles/role/list.mdx +56 -0
- package/.docs/organized/docs/reference/roles/role/set-permissions.mdx +67 -0
- package/.docs/organized/docs/reference/roles/role/update.mdx +78 -0
- package/.docs/organized/docs/reference/sso/connection/index.mdx +2 -2
- package/.docs/organized/docs/reference/sso/get-authorization-url/error-codes.mdx +5 -3
- package/.docs/organized/docs/reference/sso/get-authorization-url/index.mdx +24 -2
- package/.docs/organized/docs/reference/sso/get-authorization-url/redirect-uri.mdx +25 -1
- package/.docs/organized/docs/reference/sso/index.mdx +1 -1
- package/.docs/organized/docs/reference/sso/logout/authorize.mdx +0 -1
- package/.docs/organized/docs/reference/sso/logout/index.mdx +1 -2
- package/.docs/organized/docs/reference/sso/logout/redirect.mdx +0 -1
- package/.docs/organized/docs/reference/sso/profile/get-profile-and-token.mdx +13 -1
- package/.docs/organized/docs/reference/sso/profile/index.mdx +25 -24
- package/.docs/organized/docs/reference/{testing.mdx → testing/index.mdx} +1 -1
- package/.docs/organized/docs/reference/vault/key/create-data-key.mdx +29 -0
- package/.docs/organized/docs/reference/vault/key/decrypt-data-key.mdx +20 -0
- package/.docs/organized/docs/reference/vault/key/decrypt-data.mdx +24 -0
- package/.docs/organized/docs/reference/vault/key/encrypt-data.mdx +20 -0
- package/.docs/organized/docs/reference/vault/object/create.mdx +17 -0
- package/.docs/organized/docs/reference/vault/object/delete.mdx +12 -0
- package/.docs/organized/docs/reference/vault/object/get-by-name.mdx +61 -0
- package/.docs/organized/docs/reference/vault/object/get.mdx +11 -0
- package/.docs/organized/docs/reference/vault/object/index.mdx +50 -4
- package/.docs/organized/docs/reference/vault/object/list.mdx +40 -1
- package/.docs/organized/docs/reference/vault/object/update.mdx +18 -0
- package/.docs/organized/docs/reference/vault/object/version.mdx +15 -2
- package/.docs/organized/docs/reference/vault/object/versions.mdx +13 -0
- package/.docs/organized/docs/reference/widgets/get-token.mdx +8 -5
- package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/create.mdx +55 -0
- package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/delete.mdx +28 -0
- package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/index.mdx +60 -0
- package/.docs/organized/docs/reference/workos-connect/applications/client-secrets/list.mdx +52 -0
- package/.docs/organized/docs/reference/workos-connect/applications/create.mdx +79 -0
- package/.docs/organized/docs/reference/workos-connect/applications/delete.mdx +28 -0
- package/.docs/organized/docs/reference/workos-connect/applications/get.mdx +59 -0
- package/.docs/organized/docs/reference/workos-connect/applications/index.mdx +40 -0
- package/.docs/organized/docs/reference/workos-connect/applications/list.mdx +49 -0
- package/.docs/organized/docs/reference/workos-connect/applications/m2m.mdx +52 -0
- package/.docs/organized/docs/reference/workos-connect/applications/oauth.mdx +85 -0
- package/.docs/organized/docs/reference/workos-connect/applications/update.mdx +59 -0
- package/.docs/organized/docs/reference/workos-connect/authorize/index.mdx +29 -1
- package/.docs/organized/docs/reference/workos-connect/cli-auth/authorize-device/index.mdx +81 -0
- package/.docs/organized/docs/reference/workos-connect/cli-auth/device-code-grant.mdx +74 -0
- package/.docs/organized/docs/reference/workos-connect/cli-auth/index.mdx +23 -0
- package/.docs/organized/docs/reference/workos-connect/index.mdx +1 -1
- package/.docs/organized/docs/reference/workos-connect/introspection/index.mdx +8 -3
- package/.docs/organized/docs/reference/workos-connect/metadata/index.mdx +1 -1
- package/.docs/organized/docs/reference/workos-connect/metadata/oauth-authorization-server/index.mdx +1 -1
- package/.docs/organized/docs/reference/workos-connect/standalone/complete.mdx +68 -0
- package/.docs/organized/docs/reference/workos-connect/standalone/index.mdx +9 -0
- package/.docs/organized/docs/reference/workos-connect/standalone/user-consent-options.mdx +41 -0
- package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/access-token.mdx +6 -0
- package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/id-token.mdx +1 -1
- package/.docs/organized/docs/reference/workos-connect/token/{authorization-code-grant/index.mdx → authorization-code-grant.mdx} +23 -2
- package/.docs/organized/docs/reference/workos-connect/token/client-credentials-grant/access-token.mdx +1 -1
- package/.docs/organized/docs/reference/workos-connect/token/{client-credentials-grant/index.mdx → client-credentials-grant.mdx} +2 -2
- package/.docs/organized/docs/reference/workos-connect/token/index.mdx +5 -4
- package/.docs/organized/docs/reference/workos-connect/token/refresh-token-grant.mdx +1 -1
- package/.docs/organized/docs/reference/workos-connect/userinfo/index.mdx +2 -2
- package/.docs/organized/docs/sdks/authkit-js.mdx +14 -0
- package/.docs/organized/docs/sdks/authkit-nextjs.mdx +14 -0
- package/.docs/organized/docs/sdks/authkit-react-router.mdx +14 -0
- package/.docs/organized/docs/sdks/authkit-react.mdx +14 -0
- package/.docs/organized/docs/sdks/authkit-remix.mdx +14 -0
- package/.docs/organized/docs/sdks/authkit-tanstack-start.mdx +14 -0
- package/.docs/organized/docs/sso/_navigation.mdx +8 -2
- package/.docs/organized/docs/sso/attributes.mdx +15 -3
- package/.docs/organized/docs/sso/domains.mdx +8 -6
- package/.docs/organized/docs/sso/example-apps.mdx +2 -2
- package/.docs/organized/docs/sso/identity-provider-role-assignment.mdx +30 -30
- package/.docs/organized/docs/sso/index.mdx +7 -6
- package/.docs/organized/docs/sso/it-team-faq.mdx +1 -1
- package/.docs/organized/docs/sso/jit-provisioning.mdx +2 -3
- package/.docs/organized/docs/sso/launch-checklist.mdx +2 -2
- package/.docs/organized/docs/sso/login-flows.mdx +3 -3
- package/.docs/organized/docs/sso/redirect-uris.mdx +22 -11
- package/.docs/organized/docs/sso/saml-security.mdx +1 -1
- package/.docs/organized/docs/sso/sign-in-consent.mdx +59 -0
- package/.docs/organized/docs/sso/signing-certificates.mdx +7 -7
- package/.docs/organized/docs/sso/single-logout.mdx +0 -1
- package/.docs/organized/docs/sso/ux/sessions.mdx +99 -0
- package/.docs/organized/docs/sso/ux/sign-in.mdx +1 -1
- package/.docs/organized/docs/vault/_navigation.mdx +2 -0
- package/.docs/organized/docs/vault/byok.mdx +140 -0
- package/.docs/organized/docs/vault/index.mdx +1 -1
- package/.docs/organized/docs/widgets/_navigation.mdx +48 -0
- package/.docs/organized/docs/widgets/admin-portal-domain-verification.mdx +24 -0
- package/.docs/organized/docs/widgets/admin-portal-sso-connection.mdx +20 -0
- package/.docs/organized/docs/widgets/api-keys.mdx +28 -0
- package/.docs/organized/docs/widgets/audit-log-streaming.mdx +25 -0
- package/.docs/organized/docs/widgets/directory-sync.mdx +23 -0
- package/.docs/organized/docs/widgets/index.mdx +12 -0
- package/.docs/organized/docs/widgets/localization.mdx +111 -0
- package/.docs/organized/docs/widgets/organization-switcher.mdx +47 -0
- package/.docs/organized/docs/widgets/pipes.mdx +27 -0
- package/.docs/organized/docs/widgets/quick-start.mdx +38 -0
- package/.docs/organized/docs/widgets/styling/css-customization.mdx +100 -0
- package/.docs/organized/docs/widgets/styling/index.mdx +29 -0
- package/.docs/organized/docs/widgets/styling/theme-customization.mdx +51 -0
- package/.docs/organized/docs/widgets/tokens.mdx +17 -0
- package/.docs/organized/docs/widgets/user-management.mdx +28 -0
- package/.docs/organized/docs/widgets/user-profile.mdx +30 -0
- package/.docs/organized/docs/widgets/user-security.mdx +31 -0
- package/.docs/organized/docs/widgets/user-sessions.mdx +26 -0
- package/LICENSE +21 -0
- package/README.md +14 -1
- package/dist/prepare.js +1 -1
- package/dist/prepare.js.map +1 -1
- package/package.json +2 -1
- package/.docs/organized/docs/dashboard.mdx +0 -244
- package/.docs/organized/docs/demo/_navigation.mdx +0 -26
- package/.docs/organized/docs/demo/accordion.mdx +0 -34
- package/.docs/organized/docs/demo/checklist.mdx +0 -33
- package/.docs/organized/docs/demo/code-block.mdx +0 -185
- package/.docs/organized/docs/demo/definition-list.mdx +0 -35
- package/.docs/organized/docs/demo/index.mdx +0 -7
- package/.docs/organized/docs/demo/punctuation.mdx +0 -37
- package/.docs/organized/docs/demo/replacements.mdx +0 -26
- package/.docs/organized/docs/demo/table.mdx +0 -26
- package/.docs/organized/docs/demo/tabs.mdx +0 -17
- package/.docs/organized/docs/fga/identity-provider-sessions.mdx +0 -68
- package/.docs/organized/docs/fga/local-development.mdx +0 -155
- package/.docs/organized/docs/fga/modeling/abac.mdx +0 -107
- package/.docs/organized/docs/fga/modeling/blocklist.mdx +0 -84
- package/.docs/organized/docs/fga/modeling/conditional-roles.mdx +0 -99
- package/.docs/organized/docs/fga/modeling/custom-roles.mdx +0 -90
- package/.docs/organized/docs/fga/modeling/entitlements.mdx +0 -127
- package/.docs/organized/docs/fga/modeling/managed-service-provider.mdx +0 -131
- package/.docs/organized/docs/fga/modeling/org-roles-and-permissions.mdx +0 -95
- package/.docs/organized/docs/fga/modeling/policy-context.mdx +0 -231
- package/.docs/organized/docs/fga/modeling/public-access.mdx +0 -61
- package/.docs/organized/docs/fga/modeling/shareable-content.mdx +0 -106
- package/.docs/organized/docs/fga/modeling/superusers.mdx +0 -74
- package/.docs/organized/docs/fga/modeling/user-groups.mdx +0 -92
- package/.docs/organized/docs/fga/operations-usage.mdx +0 -104
- package/.docs/organized/docs/fga/playground.mdx +0 -12
- package/.docs/organized/docs/fga/policies.mdx +0 -462
- package/.docs/organized/docs/fga/query-language.mdx +0 -112
- package/.docs/organized/docs/fga/schema-management.mdx +0 -224
- package/.docs/organized/docs/fga/schema.mdx +0 -388
- package/.docs/organized/docs/fga/warrant-tokens.mdx +0 -44
- package/.docs/organized/docs/fga/warrants.mdx +0 -92
- package/.docs/organized/docs/reference/fga/batch-check.mdx +0 -277
- package/.docs/organized/docs/reference/fga/check.mdx +0 -563
- package/.docs/organized/docs/reference/fga/policy/create.mdx +0 -27
- package/.docs/organized/docs/reference/fga/policy/delete.mdx +0 -18
- package/.docs/organized/docs/reference/fga/policy/get.mdx +0 -23
- package/.docs/organized/docs/reference/fga/policy/index.mdx +0 -52
- package/.docs/organized/docs/reference/fga/policy/list.mdx +0 -41
- package/.docs/organized/docs/reference/fga/policy/update.mdx +0 -26
- package/.docs/organized/docs/reference/fga/query.mdx +0 -375
- package/.docs/organized/docs/reference/fga/resource/batch-write.mdx +0 -175
- package/.docs/organized/docs/reference/fga/resource-type/apply.mdx +0 -35
- package/.docs/organized/docs/reference/fga/resource-type/create.mdx +0 -24
- package/.docs/organized/docs/reference/fga/resource-type/delete.mdx +0 -22
- package/.docs/organized/docs/reference/fga/resource-type/get.mdx +0 -23
- package/.docs/organized/docs/reference/fga/resource-type/index.mdx +0 -68
- package/.docs/organized/docs/reference/fga/resource-type/list.mdx +0 -36
- package/.docs/organized/docs/reference/fga/resource-type/update.mdx +0 -23
- package/.docs/organized/docs/reference/fga/schema/apply.mdx +0 -42
- package/.docs/organized/docs/reference/fga/schema/get.mdx +0 -24
- package/.docs/organized/docs/reference/fga/schema/index.mdx +0 -39
- package/.docs/organized/docs/reference/fga/warrant/batch-write.mdx +0 -226
- package/.docs/organized/docs/reference/fga/warrant/create.mdx +0 -215
- package/.docs/organized/docs/reference/fga/warrant/delete.mdx +0 -212
- package/.docs/organized/docs/reference/fga/warrant/index.mdx +0 -186
- package/.docs/organized/docs/reference/fga/warrant/list.mdx +0 -282
- package/.docs/organized/docs/reference/idempotency.mdx +0 -21
- package/.docs/organized/docs/reference/organization-domain.mdx +0 -189
- package/.docs/organized/docs/reference/rate-limits.mdx +0 -50
- package/.docs/organized/docs/reference/roles/list-for-organization.mdx +0 -152
- package/.docs/organized/docs/reference/user-management/access-token/index.mdx +0 -13
- package/.docs/organized/docs/reference/user-management/authentication/get-authorization-url/redirect-uri.mdx +0 -23
- package/.docs/organized/docs/reference/user-management/index.mdx +0 -13
- package/.docs/organized/docs/reference/user-management/mfa/index.mdx +0 -5
- package/.docs/organized/docs/reference/user-management/session-tokens/index.mdx +0 -5
- package/.docs/organized/docs/reference/user-management/session-tokens/refresh-token.mdx +0 -8
- package/.docs/organized/docs/user-management/_navigation.mdx +0 -87
- package/.docs/organized/docs/user-management/authkit.mdx +0 -69
- package/.docs/organized/docs/user-management/connect.mdx +0 -110
- package/.docs/organized/docs/user-management/directory-provisioning.mdx +0 -78
- package/.docs/organized/docs/user-management/email-verification.mdx +0 -29
- package/.docs/organized/docs/user-management/entitlements.mdx +0 -46
- package/.docs/organized/docs/user-management/jit-provisioning.mdx +0 -36
- package/.docs/organized/docs/user-management/overview.mdx +0 -46
- package/.docs/organized/docs/user-management/roles-and-permissions.mdx +0 -155
- package/.docs/organized/docs/user-management/users-organizations.mdx +0 -91
- package/.docs/organized/docs/user-management/widgets.mdx +0 -190
|
@@ -1,35 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: Definition List
|
|
3
|
-
description: Demo example of a definition list.
|
|
4
|
-
originalPath: .tmp-workos-clone/packages/docs/content/demo/definition-list.mdx
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
Not a definition item.
|
|
8
|
-
|
|
9
|
-
Term 1
|
|
10
|
-
: Definition 1
|
|
11
|
-
|
|
12
|
-
Not a definition item.
|
|
13
|
-
|
|
14
|
-
Term 2
|
|
15
|
-
: Definition 2
|
|
16
|
-
|
|
17
|
-
**Term 3**
|
|
18
|
-
: _Definition_ 3
|
|
19
|
-
|
|
20
|
-
**Term 4**
|
|
21
|
-
: Definition 4
|
|
22
|
-
|
|
23
|
-
Term 5
|
|
24
|
-
: `Definition 5`
|
|
25
|
-
|
|
26
|
-
Term 6
|
|
27
|
-
: Definition `6`
|
|
28
|
-
|
|
29
|
-
Term `7`
|
|
30
|
-
: Definition 7
|
|
31
|
-
|
|
32
|
-
: Not a definition item.
|
|
33
|
-
|
|
34
|
-
Not a term
|
|
35
|
-
:
|
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: Punctionation
|
|
3
|
-
description: This will be SEO description.
|
|
4
|
-
originalPath: .tmp-workos-clone/packages/docs/content/demo/punctuation.mdx
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
The punctuation should use proper typographic symbols, like dashes and curly quotes via [SmartyPants](https://daringfireball.net/projects/smartypants/).
|
|
8
|
-
|
|
9
|
-
## Apostrophe and smart quotes
|
|
10
|
-
|
|
11
|
-
"It'll be great" they said. Here's a sentence. "Great", he said. They said it'll be great. "We'll do that" they said. "You'll do that" he said. _They_ can't do that.
|
|
12
|
-
|
|
13
|
-
`don't replace the apostrophe here`.
|
|
14
|
-
|
|
15
|
-
`"string"`
|
|
16
|
-
|
|
17
|
-
```plaintext
|
|
18
|
-
Don't replace the "apostrophe" and "quotes" here too.
|
|
19
|
-
```
|
|
20
|
-
|
|
21
|
-
## Dashes
|
|
22
|
-
|
|
23
|
-
One - a hyphen. Two – an en-dash. Three—an em dash.
|
|
24
|
-
|
|
25
|
-
All should be transformed into en-dashes.
|
|
26
|
-
|
|
27
|
-
Code should not be transformed:
|
|
28
|
-
|
|
29
|
-
```plaintext
|
|
30
|
-
One - a hyphen. Two – an en-dash. Three—an em dash.
|
|
31
|
-
```
|
|
32
|
-
|
|
33
|
-
`One - a hyphen. Two – an en-dash. Three—an em dash.`
|
|
34
|
-
|
|
35
|
-
## Ellipsis
|
|
36
|
-
|
|
37
|
-
Counting...
|
|
@@ -1,26 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: Code Block Replacements
|
|
3
|
-
description: Test page for the code block replacements
|
|
4
|
-
originalPath: .tmp-workos-clone/packages/docs/content/demo/replacements.mdx
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
```js
|
|
8
|
-
'foo@foo-corp.com foo-corp.com foo@foo-corp.com';
|
|
9
|
-
```
|
|
10
|
-
|
|
11
|
-
```js
|
|
12
|
-
'foo-corp.com';
|
|
13
|
-
```
|
|
14
|
-
|
|
15
|
-
```js
|
|
16
|
-
'afoo-corp.com';
|
|
17
|
-
```
|
|
18
|
-
|
|
19
|
-
```js
|
|
20
|
-
'foo-corp.com foo-corp.com';
|
|
21
|
-
```
|
|
22
|
-
|
|
23
|
-
```js
|
|
24
|
-
const api_key = 'sk_example_123456789';
|
|
25
|
-
const client_id = 'client_123456789';
|
|
26
|
-
```
|
|
@@ -1,26 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: Table
|
|
3
|
-
description: Demo example of a table.
|
|
4
|
-
originalPath: .tmp-workos-clone/packages/docs/content/demo/table.mdx
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
## Default table
|
|
8
|
-
|
|
9
|
-
| First Header | Second Header |
|
|
10
|
-
| ------------ | ------------- |
|
|
11
|
-
| Content Cell | Content Cell |
|
|
12
|
-
| Content Cell | Content Cell |
|
|
13
|
-
|
|
14
|
-
## Formatting with `inline code blocks`, `links`, and `text styles`
|
|
15
|
-
|
|
16
|
-
| Command | Description |
|
|
17
|
-
| ------------ | ------------------------------------------------------------------------ |
|
|
18
|
-
| `git status` | List all _new or modified_ files |
|
|
19
|
-
| `git diff` | Show [file](https://workos.com) differences that **haven’t been** staged |
|
|
20
|
-
|
|
21
|
-
## Text alignment
|
|
22
|
-
|
|
23
|
-
| Left-aligned | Center-aligned | Right-aligned |
|
|
24
|
-
| ------------ | -------------: | ------------: |
|
|
25
|
-
| git status | git status | git status |
|
|
26
|
-
| git diff | git diff | git diff |
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: Tabs
|
|
3
|
-
description: Test page for the tabs component
|
|
4
|
-
originalPath: .tmp-workos-clone/packages/docs/content/demo/tabs.mdx
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
- | Directory User
|
|
8
|
-
|
|
9
|
-
Whether to parse strikethrough with a single tilde (boolean, default: true).
|
|
10
|
-
|
|
11
|
-
- | List Directory
|
|
12
|
-
|
|
13
|
-
Get the details of an existing Directory User.
|
|
14
|
-
|
|
15
|
-
- | Get Directory Group
|
|
16
|
-
|
|
17
|
-
<CodeBlock title="Example Code" file="webhook-endpoint" />
|
|
@@ -1,68 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: Identity Provider Sessions
|
|
3
|
-
description: Learn how to configure FGA to use your identity provider's ID tokens.
|
|
4
|
-
originalPath: .tmp-workos-clone/packages/docs/content/fga/identity-provider-sessions.mdx
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
## Overview
|
|
8
|
-
|
|
9
|
-
Fine-Grained Authorization (FGA) is commonly used to enforce detailed authorization on your application's backend. However, it can also be utilized on the frontend to perform access checks directly within your client application. FGA supports the use of ID tokens issued by identity providers, allowing you to make user-specific authorization decisions on the frontend. This not only improves the security of your application but also enables you to present a customized user interface and experience based on the access levels of different users.
|
|
10
|
-
|
|
11
|
-
## Before getting started
|
|
12
|
-
|
|
13
|
-
To get the most out of this guide, you’ll need:
|
|
14
|
-
|
|
15
|
-
- A [WorkOS account](https://dashboard.workos.com/)
|
|
16
|
-
- Your WorkOS [Client ID](/glossary/client-id)
|
|
17
|
-
- The JSON Web Key Set (JWKS) endpoint of your identity provider. ([AuthKit](/reference/user-management/session-tokens/jwks))
|
|
18
|
-
- A schema set up in a FGA environment. If you haven't done so, check out our [Quick Start](/fga/quick-start) to create one.
|
|
19
|
-
|
|
20
|
-
---
|
|
21
|
-
|
|
22
|
-
## (1) Configure your JWKS URL
|
|
23
|
-
|
|
24
|
-
A JWKS URL is an endpoint that contains the set of public keys used to verify any JSON Web Tokens (JWTs) issued by your provider. Currently, FGA only supports JWTs that are signed using the **RS256** signing algorithm.
|
|
25
|
-
|
|
26
|
-
Common identity provider JWKS URLs:
|
|
27
|
-
|
|
28
|
-
- **WorkOS User Management**: `https://api.workos.com/sso/jwks/{clientId}`
|
|
29
|
-
- **Auth0**: `https://{yourDomain}/.well-known/jwks.json`
|
|
30
|
-
- **Google/Firebase**: `https://www.googleapis.com/oauth2/v3/certs`
|
|
31
|
-
|
|
32
|
-
You can set your JWKS URL in the _Configuration_ section of the [FGA Dashboard](https://fga.workos.com/configuration).
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
## (2) Create a context for FGA
|
|
37
|
-
|
|
38
|
-
Next, let's create a [context](https://react.dev/learn/passing-data-deeply-with-context) for FGA that will allow us to make checks from anywhere in our application.
|
|
39
|
-
|
|
40
|
-
The FGA context will set and track the user's session token and expose a `check` method that we can access anywhere in our application where we need to make an access check before displaying a UI element or performing an action.
|
|
41
|
-
|
|
42
|
-
<CodeBlock title="Create FGA context" file="jwks-create-fga-context" />
|
|
43
|
-
<CodeBlock
|
|
44
|
-
title="Wrap your application with the created provider"
|
|
45
|
-
file="jwks-wrap-with-provider"
|
|
46
|
-
/>
|
|
47
|
-
|
|
48
|
-
## (3) Set the session token when a user logs in
|
|
49
|
-
|
|
50
|
-
Before we begin making access checks in our application, we need to provide a server-generated session token and set it in our FGA context.
|
|
51
|
-
|
|
52
|
-
<CodeBlock title="Set session token on login" file="jwks-set-session-token" />
|
|
53
|
-
|
|
54
|
-
## (4) Make check requests from your app
|
|
55
|
-
|
|
56
|
-
Now that we've created our FGA context and set the session token, we can start making check requests from our client application.
|
|
57
|
-
|
|
58
|
-
The main difference here from regular check requests is that we don't need to provide a subject in our checks because all checks will be scoped to the user specified by the user ID in the session token.
|
|
59
|
-
|
|
60
|
-
Let's make a check to see if the user has the `viewer` relation on `report:7` before displaying the report's data.
|
|
61
|
-
|
|
62
|
-
<CodeBlock title="Make check request" file="jwks-component-check" />
|
|
63
|
-
|
|
64
|
-
---
|
|
65
|
-
|
|
66
|
-
## Summary
|
|
67
|
-
|
|
68
|
-
In this guide, we demonstrated how to perform authorization checks directly in a client application using ID tokens from our identity provider. We created a context to manage the user's session token upon login, which is then used for subsequent access checks. This approach allows us to deliver a secure and personalized experience to users within our application, leveraging FGA for fine-grained access control.
|
|
@@ -1,155 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: Local Development
|
|
3
|
-
description: >-
|
|
4
|
-
Learn how to setup your local development environment with FGA using the FGA
|
|
5
|
-
Dev Docker image for isolated testing and schema development.
|
|
6
|
-
originalPath: .tmp-workos-clone/packages/docs/content/fga/local-development.mdx
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
## Overview
|
|
10
|
-
|
|
11
|
-
When developing with FGA, you can either connect to a managed WorkOS FGA instance or run a local FGA instance using the [`fga-dev` Docker image](https://gallery.ecr.aws/workos/fga-dev). Each option has its own advantages depending on your workflow. This guide will help you choose the best approach and walk you through setting up a local instance if that fits your needs.
|
|
12
|
-
|
|
13
|
-
### Managed FGA Instance
|
|
14
|
-
|
|
15
|
-
Best for testing against production-like infrastructure and when you need persistent, shared data.
|
|
16
|
-
|
|
17
|
-
| Pros | Cons |
|
|
18
|
-
| -------------------------------------------------------------- | ------------------------------------------------------------------- |
|
|
19
|
-
| Data persists and is accessible by multiple clients | Data is shared (multiple consumers can overwrite each other's data) |
|
|
20
|
-
| Uses production infrastructure for performance and reliability | Consumes operation credits |
|
|
21
|
-
|
|
22
|
-
### Local FGA Instance
|
|
23
|
-
|
|
24
|
-
Best for isolated development and testing especially when you want to avoid using operation credits or need a clean environment for each run (such as in CI).
|
|
25
|
-
|
|
26
|
-
| Pros | Cons |
|
|
27
|
-
| ------------------------------ | ------------------------------------------ |
|
|
28
|
-
| Isolated test environment | You must manage setup and teardown of data |
|
|
29
|
-
| Does not use operation credits | Uses local resources and is not scalable |
|
|
30
|
-
|
|
31
|
-
The `fga-dev` Docker image provides a fully self-contained FGA environment using SQLite and local caching. This setup is **not intended for production** but is fine for local development, CI, and integration testing. It is less scalable than the managed instance because it cannot handle high concurrency, complex models, or large datasets.
|
|
32
|
-
|
|
33
|
-
This guide will show you how to use the [`fga-dev` Docker image](https://gallery.ecr.aws/workos/fga-dev) to spin up an isolated FGA instance on your machine.
|
|
34
|
-
|
|
35
|
-
---
|
|
36
|
-
|
|
37
|
-
## Prerequisites
|
|
38
|
-
|
|
39
|
-
To start this guide, you'll need:
|
|
40
|
-
|
|
41
|
-
- [Docker](https://www.docker.com/get-started) installed on your machine
|
|
42
|
-
- A [WorkOS account](https://dashboard.workos.com/) (for API keys)
|
|
43
|
-
- Your WorkOS [API Key](/glossary/api-key)
|
|
44
|
-
|
|
45
|
-
---
|
|
46
|
-
|
|
47
|
-
## Running fga-dev Locally
|
|
48
|
-
|
|
49
|
-
### Option 1: Using Docker Compose (Recommended)
|
|
50
|
-
|
|
51
|
-
Create a `docker-compose.yaml`:
|
|
52
|
-
|
|
53
|
-
```yaml title="docker-compose.yaml"
|
|
54
|
-
version: '3.8'
|
|
55
|
-
|
|
56
|
-
services:
|
|
57
|
-
fga-dev:
|
|
58
|
-
image: public.ecr.aws/workos/fga-dev:latest-arm64
|
|
59
|
-
user: root # Run as root to avoid permission issues with mounted volumes (non-production only)
|
|
60
|
-
volumes:
|
|
61
|
-
- fga-dev-volume:/data:rw,cached # Persist data between runs
|
|
62
|
-
ports:
|
|
63
|
-
- '8001:8001'
|
|
64
|
-
environment:
|
|
65
|
-
FGA_DEV_PORT: 8001
|
|
66
|
-
FGA_DEV_AUTH_API_KEY: <your_workos_api_key> # Your staging WorkOS API key to authenticate the dev image
|
|
67
|
-
FGA_DEV_TEST_API_KEY: test_key # A mock API key to authenticate FGA requests from your application
|
|
68
|
-
|
|
69
|
-
volumes:
|
|
70
|
-
fga-dev-volume:
|
|
71
|
-
```
|
|
72
|
-
|
|
73
|
-
#### Usage
|
|
74
|
-
|
|
75
|
-
1. **Start the server:**
|
|
76
|
-
|
|
77
|
-
```shell
|
|
78
|
-
docker compose up -d
|
|
79
|
-
```
|
|
80
|
-
|
|
81
|
-
2. **Configure your app:**
|
|
82
|
-
|
|
83
|
-
- Point your application's WorkOS SDK or CLI to the proper host.
|
|
84
|
-
- Use `test_key` as the API key for FGA requests from your app.
|
|
85
|
-
|
|
86
|
-
| Environment | API Host |
|
|
87
|
-
| --------------------------- | -------------------------------- |
|
|
88
|
-
| Local machine | http://localhost:8001 |
|
|
89
|
-
| Separate Docker container | http://host.docker.internal:8001 |
|
|
90
|
-
| Same Docker Compose network | http://fga-dev:8001 |
|
|
91
|
-
|
|
92
|
-
> If you’re using the WorkOS SDK, you can set the API Hostname option to point to your local FGA instance. Since each SDK instance supports only one API Host, you may need to create a separate SDK instance specifically for FGA when testing against the local service.
|
|
93
|
-
|
|
94
|
-
3. **Develop:**
|
|
95
|
-
|
|
96
|
-
Apply schemas, create warrants, and test locally. All data persists in the Docker volume.
|
|
97
|
-
|
|
98
|
-
See [Schema Management](/fga/schema-management) for how to apply a schema to your local instance and test authorization checks.
|
|
99
|
-
|
|
100
|
-
4. **Shut down:**
|
|
101
|
-
|
|
102
|
-
```shell
|
|
103
|
-
docker compose down
|
|
104
|
-
```
|
|
105
|
-
|
|
106
|
-
5. **Clear all data (optional):**
|
|
107
|
-
|
|
108
|
-
```shell
|
|
109
|
-
docker volume rm fga-dev-volume
|
|
110
|
-
```
|
|
111
|
-
|
|
112
|
-
> Tip: Add a secondary Docker Compose service to seed your local instance with test data on startup.
|
|
113
|
-
|
|
114
|
-
---
|
|
115
|
-
|
|
116
|
-
### Option 2: Running a Docker Container
|
|
117
|
-
|
|
118
|
-
You can also run the `fga-dev` image directly using `docker run` if you prefer not to use Docker Compose.
|
|
119
|
-
|
|
120
|
-
```shell
|
|
121
|
-
docker run -d \
|
|
122
|
-
--name fga-dev \
|
|
123
|
-
-p 8001:8001 \
|
|
124
|
-
-e FGA_DEV_PORT=8001 \
|
|
125
|
-
-e FGA_DEV_AUTH_API_KEY=<your_workos_api_key> \
|
|
126
|
-
-e FGA_DEV_TEST_API_KEY=test_key \
|
|
127
|
-
-v fga-dev-volume:/data:rw \
|
|
128
|
-
--user root \
|
|
129
|
-
public.ecr.aws/workos/fga-dev:latest-arm64
|
|
130
|
-
```
|
|
131
|
-
|
|
132
|
-
To stop and remove the container:
|
|
133
|
-
|
|
134
|
-
```shell
|
|
135
|
-
docker stop fga-dev && docker rm fga-dev
|
|
136
|
-
```
|
|
137
|
-
|
|
138
|
-
To remove the volume and reset all data:
|
|
139
|
-
|
|
140
|
-
```shell
|
|
141
|
-
docker volume rm fga-dev-volume
|
|
142
|
-
```
|
|
143
|
-
|
|
144
|
-
---
|
|
145
|
-
|
|
146
|
-
## Best Practices
|
|
147
|
-
|
|
148
|
-
Consider the following best practices to ensure a smooth local development experience with FGA:
|
|
149
|
-
|
|
150
|
-
- **Isolate test data**: Use unique resource IDs to avoid collisions which is especially critical when working with shared or managed instances.
|
|
151
|
-
- **Automate environment setup**: Script the schema and warrant creation on first startup. This makes your development and CI pipelines more reliable and repeatable.
|
|
152
|
-
- **Clean up regularly**: Tear down and reset your environment when needed to avoid stale data and hidden state, which can lead to confusing behavior.
|
|
153
|
-
- **Choose the right environment**: Use a managed instance for shared, persistent testing; use the local fga-dev container for isolated development or CI.
|
|
154
|
-
|
|
155
|
-
---
|
|
@@ -1,107 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: Attribute-Based Access Control (ABAC)
|
|
3
|
-
description: >-
|
|
4
|
-
Learn how to use policies to implement a pure attribute-based access control
|
|
5
|
-
(ABAC) model in Fine-Grained Authorization (FGA).
|
|
6
|
-
originalPath: .tmp-workos-clone/packages/docs/content/fga/modeling/abac.mdx
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
> Explore the example from this guide [in the FGA Playground](https://explore.fga.workos.com/playground?example=abac), where you can interact with the schema, warrants, and access checks in real-time!
|
|
10
|
-
|
|
11
|
-
Attribute-Based Access Control (ABAC) is an authorization model that grants access based on attributes of users, resources, environments, and other contextual factors.
|
|
12
|
-
|
|
13
|
-
FGA allows you to implement a pure ABAC model, where permissions rely solely on attributes without requiring warrant data. By centralizing authorization policies, FGA eliminates hardcoded access logic, making your system more scalable and maintainable.
|
|
14
|
-
|
|
15
|
-
> **Note**: Starting with a pure ABAC model can be an effective way to remove hardcoded authorization logic while keeping policies flexible. As your needs evolve, you can seamlessly integrate Relationship-Based Access Control (ReBAC) to support permissions based on user-resource relationships, such as team memberships, delegated roles, or hierarchical access.
|
|
16
|
-
|
|
17
|
-
## When to Use Pure ABAC?
|
|
18
|
-
|
|
19
|
-
ABAC is ideal when access rules are complex and depend on multiple dynamic factors such as:
|
|
20
|
-
|
|
21
|
-
- **Entitlements**: feature access based on plan level.
|
|
22
|
-
- **Feature flags**: enabling experimental features for specific groups.
|
|
23
|
-
- **Domain-specific data**: security constraints based on specific resource data attributes.
|
|
24
|
-
- **Role membership**: access based on user roles or attributes that are not strictly hierarchical.
|
|
25
|
-
- **Temporal data**: granting temporary access based on time-based or location-based policies.
|
|
26
|
-
|
|
27
|
-
## Schema
|
|
28
|
-
|
|
29
|
-
```fga
|
|
30
|
-
version 0.3
|
|
31
|
-
|
|
32
|
-
type user
|
|
33
|
-
|
|
34
|
-
type organization
|
|
35
|
-
relation view_financial_records []
|
|
36
|
-
inherit view_financial_records if
|
|
37
|
-
// Policies can be combined with inheritance rules
|
|
38
|
-
all_of
|
|
39
|
-
policy user_in_organization
|
|
40
|
-
policy is_finance_manager
|
|
41
|
-
|
|
42
|
-
relation view_research_data []
|
|
43
|
-
inherit view_research_data if
|
|
44
|
-
all_of
|
|
45
|
-
policy user_in_organization
|
|
46
|
-
policy is_assigned_researcher
|
|
47
|
-
policy is_within_working_hours
|
|
48
|
-
|
|
49
|
-
type document
|
|
50
|
-
relation edit []
|
|
51
|
-
inherit edit if
|
|
52
|
-
policy edit_document
|
|
53
|
-
|
|
54
|
-
policy user_in_organization(user_attributes map, organization_id string) {
|
|
55
|
-
user_attributes.organization_id == organization_id
|
|
56
|
-
}
|
|
57
|
-
|
|
58
|
-
policy is_finance_manager(user_attributes map) {
|
|
59
|
-
user_attributes.department == "finance" &&
|
|
60
|
-
"manager" in user_attributes.roles
|
|
61
|
-
}
|
|
62
|
-
|
|
63
|
-
policy is_assigned_researcher(user_attributes map, project_id string) {
|
|
64
|
-
user_attributes.role == "manager" &&
|
|
65
|
-
project_id in user_attributes.assigned_projects
|
|
66
|
-
}
|
|
67
|
-
|
|
68
|
-
policy is_within_working_hours(access_time_epoch_seconds integer) {
|
|
69
|
-
let second_since_midnight = access_time_epoch_seconds % 86400;
|
|
70
|
-
|
|
71
|
-
// 9 AM (32400s) to 5 PM (61200s)
|
|
72
|
-
second_since_midnight >= 32400 && second_since_midnight <= 61200
|
|
73
|
-
}
|
|
74
|
-
|
|
75
|
-
policy edit_document(user_attributes map, document_attributes map) {
|
|
76
|
-
let user_is_document_editor = "document_editor" in user_attributes.roles;
|
|
77
|
-
|
|
78
|
-
let draft_status = document_attributes.status == "draft";
|
|
79
|
-
|
|
80
|
-
let user_can_access_document = document_attributes.organization_id == user_attributes.organization_id;
|
|
81
|
-
|
|
82
|
-
user_is_document_editor && draft_status && user_can_access_document
|
|
83
|
-
}
|
|
84
|
-
|
|
85
|
-
```
|
|
86
|
-
|
|
87
|
-
## Example
|
|
88
|
-
|
|
89
|
-
### (1) Apply the schema
|
|
90
|
-
|
|
91
|
-
Create a file called `schema.txt` containing the schema definition from above. Then use the CLI to apply this schema to your WorkOS FGA environment.
|
|
92
|
-
|
|
93
|
-
> Note: make sure to select the correct environment with the [CLI](https://github.com/workos/workos-cli?tab=readme-ov-file#usage)
|
|
94
|
-
|
|
95
|
-
```shell
|
|
96
|
-
workos fga schema apply schema.txt
|
|
97
|
-
```
|
|
98
|
-
|
|
99
|
-
---
|
|
100
|
-
|
|
101
|
-
### (2) Check access
|
|
102
|
-
|
|
103
|
-
With our environment setup, we can check the user's permissions.
|
|
104
|
-
|
|
105
|
-
<CodeBlock title="Check user permissions" file="abac-check" />
|
|
106
|
-
|
|
107
|
-
---
|
|
@@ -1,84 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: Blocklists
|
|
3
|
-
description: >-
|
|
4
|
-
Blocklist users from accessing certain resources based on specific attributes
|
|
5
|
-
or warrants
|
|
6
|
-
originalPath: .tmp-workos-clone/packages/docs/content/fga/modeling/blocklist.mdx
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
> Explore the example from this guide [in the FGA Playground](https://explore.fga.workos.com/playground?example=blocklist), where you can interact with the schema, warrants, and access checks in real-time!
|
|
10
|
-
|
|
11
|
-
A blocklist allows systems to deny access to specific users or sessions based on contextual data or warrants.
|
|
12
|
-
|
|
13
|
-
## When to Use It?
|
|
14
|
-
|
|
15
|
-
- A user IP address is associated with suspicious behavior
|
|
16
|
-
- A user is flagged for abuse
|
|
17
|
-
- A user is subject to temporary access restrictions (e.g., after multiple failed login attempts)
|
|
18
|
-
|
|
19
|
-
This approach combines relationship-based access control (ReBAC) with attribute-based access control (ABAC), giving you fine-grained control without complicating your core permissions model.
|
|
20
|
-
|
|
21
|
-
## Example Applications
|
|
22
|
-
|
|
23
|
-
- **Content Moderation**: Block users from viewing or interacting with content based on their IP address.
|
|
24
|
-
- **E-commerce Systems**: Block users from purchasing or viewing products based on behavior patterns.
|
|
25
|
-
- **Banking and Finance**: Deny access based on fraud scores or geolocation mismatches.
|
|
26
|
-
|
|
27
|
-
## Schema
|
|
28
|
-
|
|
29
|
-
```fga
|
|
30
|
-
version 0.3
|
|
31
|
-
|
|
32
|
-
type user
|
|
33
|
-
|
|
34
|
-
type store
|
|
35
|
-
relation member [user]
|
|
36
|
-
|
|
37
|
-
type item
|
|
38
|
-
relation owner [store]
|
|
39
|
-
relation blocked [user]
|
|
40
|
-
|
|
41
|
-
relation view []
|
|
42
|
-
inherit view if
|
|
43
|
-
all_of
|
|
44
|
-
relation member on owner [store]
|
|
45
|
-
// Users are blocked either explicitly or with the ip_not_allowed policy
|
|
46
|
-
none_of
|
|
47
|
-
relation blocked
|
|
48
|
-
policy ip_not_allowed
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
policy ip_not_allowed(ip_risk_score integer) {
|
|
52
|
-
ip_risk_score > 75
|
|
53
|
-
}
|
|
54
|
-
```
|
|
55
|
-
|
|
56
|
-
## Example
|
|
57
|
-
|
|
58
|
-
### (1) Apply the schema
|
|
59
|
-
|
|
60
|
-
Create a file called `schema.txt` containing the schema definition from above. Then use the CLI to apply this schema to your WorkOS FGA environment.
|
|
61
|
-
|
|
62
|
-
> Note: make sure to select the correct environment with the [CLI](https://github.com/workos/workos-cli?tab=readme-ov-file#usage)
|
|
63
|
-
|
|
64
|
-
```shell
|
|
65
|
-
workos fga schema apply schema.txt
|
|
66
|
-
```
|
|
67
|
-
|
|
68
|
-
---
|
|
69
|
-
|
|
70
|
-
### (2) Create warrants
|
|
71
|
-
|
|
72
|
-
Create warrants that associate users, stores, and items. Add a blocked user to an item.
|
|
73
|
-
|
|
74
|
-
<CodeBlock title="Create warrants" file="blocklist-create-warrants" />
|
|
75
|
-
|
|
76
|
-
---
|
|
77
|
-
|
|
78
|
-
### (3) Check access
|
|
79
|
-
|
|
80
|
-
With our environment setup, we can check the user's permission to view items.
|
|
81
|
-
|
|
82
|
-
<CodeBlock title="Check if a user can view an item" file="blocklist-check" />
|
|
83
|
-
|
|
84
|
-
---
|
|
@@ -1,99 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
title: Conditional Roles
|
|
3
|
-
description: >-
|
|
4
|
-
Combine relationship-based access control (ReBAC) with attribute-based access
|
|
5
|
-
control (ABAC) to create conditional roles.
|
|
6
|
-
originalPath: .tmp-workos-clone/packages/docs/content/fga/modeling/conditional-roles.mdx
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
> Explore the example from this guide [in the FGA Playground](https://explore.fga.workos.com/playground?example=conditional_roles), where you can interact with the schema, warrants, and access checks in real-time!
|
|
10
|
-
|
|
11
|
-
Use FGA to combine **Relationship-Based Access Control (ReBAC)** and **Attribute-Based Access Control (ABAC)**. Define roles that are bound to specific resources and change based on specific conditions. This allows for more granular control over who can do what, when, and under which circumstances.
|
|
12
|
-
|
|
13
|
-
## When to Use It
|
|
14
|
-
|
|
15
|
-
Use conditional roles when you cannot determine access by relationships alone. For example, a team member may be allowed to approve some expenses, but only if they are below a certain amount or belong to specific cost centers. As systems grow in complexity, pure ReBAC or ABAC models may become limiting. Conditional roles help bridge that gap with clear, composable rules.
|
|
16
|
-
|
|
17
|
-
## Example Applications
|
|
18
|
-
|
|
19
|
-
- **Expense Management**: Finance managers can approve expense reports only if the amount is below a defined threshold and aligned with their assigned cost centers.
|
|
20
|
-
- **Procurement**: Department heads may approve purchase orders only after completing mandatory compliance or budget authorization training.
|
|
21
|
-
- **Healthcare Systems**: Authorized clinicians can access sensitive health records only if the individual is assigned to their care team and the access occurs during regulated working hours.
|
|
22
|
-
|
|
23
|
-
## Schema
|
|
24
|
-
|
|
25
|
-
```fga
|
|
26
|
-
version 0.3
|
|
27
|
-
|
|
28
|
-
type user
|
|
29
|
-
|
|
30
|
-
type team
|
|
31
|
-
relation finance_admin [user]
|
|
32
|
-
relation finance_manager [user]
|
|
33
|
-
|
|
34
|
-
inherit finance_manager if
|
|
35
|
-
relation finance_admin
|
|
36
|
-
|
|
37
|
-
type expense
|
|
38
|
-
relation approval_team [team]
|
|
39
|
-
relation submitter [user]
|
|
40
|
-
|
|
41
|
-
relation approve []
|
|
42
|
-
inherit approve if
|
|
43
|
-
any_of
|
|
44
|
-
all_of
|
|
45
|
-
relation finance_manager on approval_team [team]
|
|
46
|
-
policy can_approve_amount
|
|
47
|
-
all_of
|
|
48
|
-
relation finance_admin on approval_team [team]
|
|
49
|
-
policy is_high_value_expense
|
|
50
|
-
|
|
51
|
-
policy can_approve_amount(expense_attributes map, user_attributes map) {
|
|
52
|
-
let can_approve_cost_center = expense_attributes.cost_center in user_attributes.approved_cost_centers;
|
|
53
|
-
let can_approve_amount = expense_attributes.amount <= 1000;
|
|
54
|
-
|
|
55
|
-
can_approve_cost_center && can_approve_amount
|
|
56
|
-
}
|
|
57
|
-
|
|
58
|
-
policy is_high_value_expense(expense_attributes map) {
|
|
59
|
-
expense_attributes.amount > 1000
|
|
60
|
-
}
|
|
61
|
-
```
|
|
62
|
-
|
|
63
|
-
## Example
|
|
64
|
-
|
|
65
|
-
### (1) Apply the schema
|
|
66
|
-
|
|
67
|
-
Create a file called `schema.txt` containing the schema definition from above. Then use the CLI to apply this schema to your WorkOS FGA environment.
|
|
68
|
-
|
|
69
|
-
> Note: make sure to select the correct environment with the [CLI](https://github.com/workos/workos-cli?tab=readme-ov-file#usage)
|
|
70
|
-
|
|
71
|
-
```shell
|
|
72
|
-
workos fga schema apply schema.txt
|
|
73
|
-
```
|
|
74
|
-
|
|
75
|
-
---
|
|
76
|
-
|
|
77
|
-
### (2) Create warrants
|
|
78
|
-
|
|
79
|
-
Create warrants that associate users, teams, and expenses. The example schema defines the following relationships:
|
|
80
|
-
|
|
81
|
-
- users with teams (using the `finance_admin` or `finance_manager` roles)
|
|
82
|
-
- teams with expenses (using the `approval_team` relation)
|
|
83
|
-
|
|
84
|
-
Let's create a few warrants between team `finance-1`, expense `expense-1`, and user `user_2oDscjroNWtzxzYEnEzT9P7VYEe`:
|
|
85
|
-
|
|
86
|
-
<CodeBlock title="Create warrants" file="conditional-roles-create-warrants" />
|
|
87
|
-
|
|
88
|
-
---
|
|
89
|
-
|
|
90
|
-
### (3) Check access
|
|
91
|
-
|
|
92
|
-
With our environment setup, we can check the user's permission to approve expenses.
|
|
93
|
-
|
|
94
|
-
<CodeBlock
|
|
95
|
-
title="Check if a user can approve an expense"
|
|
96
|
-
file="conditional-roles-check"
|
|
97
|
-
/>
|
|
98
|
-
|
|
99
|
-
---
|