@workos/mcp-docs-server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (455) hide show
  1. package/.docs/organized/changelogs/workos-platform.json +277 -0
  2. package/.docs/organized/docs/admin-portal/_navigation.mdx +16 -0
  3. package/.docs/organized/docs/admin-portal/custom-branding.mdx +111 -0
  4. package/.docs/organized/docs/admin-portal/example-apps.mdx +46 -0
  5. package/.docs/organized/docs/admin-portal/index.mdx +240 -0
  6. package/.docs/organized/docs/audit-logs/_navigation.mdx +22 -0
  7. package/.docs/organized/docs/audit-logs/admin-portal.mdx +20 -0
  8. package/.docs/organized/docs/audit-logs/editing-events.mdx +27 -0
  9. package/.docs/organized/docs/audit-logs/exporting-events.mdx +29 -0
  10. package/.docs/organized/docs/audit-logs/index.mdx +110 -0
  11. package/.docs/organized/docs/audit-logs/log-streams.mdx +56 -0
  12. package/.docs/organized/docs/audit-logs/metadata-schema.mdx +21 -0
  13. package/.docs/organized/docs/custom-domains/_navigation.mdx +16 -0
  14. package/.docs/organized/docs/custom-domains/admin-portal.mdx +38 -0
  15. package/.docs/organized/docs/custom-domains/auth-api.mdx +59 -0
  16. package/.docs/organized/docs/custom-domains/authkit.mdx +36 -0
  17. package/.docs/organized/docs/custom-domains/email.mdx +41 -0
  18. package/.docs/organized/docs/custom-domains/index.mdx +19 -0
  19. package/.docs/organized/docs/dashboard.mdx +244 -0
  20. package/.docs/organized/docs/demo/_navigation.mdx +26 -0
  21. package/.docs/organized/docs/demo/accordion.mdx +34 -0
  22. package/.docs/organized/docs/demo/checklist.mdx +33 -0
  23. package/.docs/organized/docs/demo/code-block.mdx +185 -0
  24. package/.docs/organized/docs/demo/definition-list.mdx +35 -0
  25. package/.docs/organized/docs/demo/index.mdx +7 -0
  26. package/.docs/organized/docs/demo/punctuation.mdx +37 -0
  27. package/.docs/organized/docs/demo/replacements.mdx +26 -0
  28. package/.docs/organized/docs/demo/table.mdx +26 -0
  29. package/.docs/organized/docs/demo/tabs.mdx +17 -0
  30. package/.docs/organized/docs/directory-sync/_navigation.mdx +28 -0
  31. package/.docs/organized/docs/directory-sync/attributes.mdx +209 -0
  32. package/.docs/organized/docs/directory-sync/example-apps.mdx +46 -0
  33. package/.docs/organized/docs/directory-sync/handle-inactive-users.mdx +52 -0
  34. package/.docs/organized/docs/directory-sync/identity-provider-role-assignment.mdx +134 -0
  35. package/.docs/organized/docs/directory-sync/index.mdx +107 -0
  36. package/.docs/organized/docs/directory-sync/quick-start.mdx +129 -0
  37. package/.docs/organized/docs/directory-sync/understanding-events.mdx +209 -0
  38. package/.docs/organized/docs/domain-verification/_navigation.mdx +10 -0
  39. package/.docs/organized/docs/domain-verification/api.mdx +60 -0
  40. package/.docs/organized/docs/domain-verification/index.mdx +67 -0
  41. package/.docs/organized/docs/email.mdx +109 -0
  42. package/.docs/organized/docs/events/_navigation.mdx +22 -0
  43. package/.docs/organized/docs/events/data-syncing/data-reconciliation.mdx +56 -0
  44. package/.docs/organized/docs/events/data-syncing/events-api.mdx +114 -0
  45. package/.docs/organized/docs/events/data-syncing/index.mdx +66 -0
  46. package/.docs/organized/docs/events/data-syncing/webhooks.mdx +173 -0
  47. package/.docs/organized/docs/events/index.mdx +783 -0
  48. package/.docs/organized/docs/events/observability/datadog.mdx +76 -0
  49. package/.docs/organized/docs/fga/_navigation.mdx +64 -0
  50. package/.docs/organized/docs/fga/identity-provider-sessions.mdx +68 -0
  51. package/.docs/organized/docs/fga/index.mdx +60 -0
  52. package/.docs/organized/docs/fga/local-development.mdx +155 -0
  53. package/.docs/organized/docs/fga/modeling/abac.mdx +107 -0
  54. package/.docs/organized/docs/fga/modeling/blocklist.mdx +84 -0
  55. package/.docs/organized/docs/fga/modeling/conditional-roles.mdx +99 -0
  56. package/.docs/organized/docs/fga/modeling/custom-roles.mdx +90 -0
  57. package/.docs/organized/docs/fga/modeling/entitlements.mdx +127 -0
  58. package/.docs/organized/docs/fga/modeling/managed-service-provider.mdx +131 -0
  59. package/.docs/organized/docs/fga/modeling/org-roles-and-permissions.mdx +95 -0
  60. package/.docs/organized/docs/fga/modeling/policy-context.mdx +231 -0
  61. package/.docs/organized/docs/fga/modeling/public-access.mdx +61 -0
  62. package/.docs/organized/docs/fga/modeling/shareable-content.mdx +106 -0
  63. package/.docs/organized/docs/fga/modeling/superusers.mdx +74 -0
  64. package/.docs/organized/docs/fga/modeling/user-groups.mdx +92 -0
  65. package/.docs/organized/docs/fga/operations-usage.mdx +104 -0
  66. package/.docs/organized/docs/fga/playground.mdx +12 -0
  67. package/.docs/organized/docs/fga/policies.mdx +462 -0
  68. package/.docs/organized/docs/fga/query-language.mdx +112 -0
  69. package/.docs/organized/docs/fga/quick-start.mdx +174 -0
  70. package/.docs/organized/docs/fga/resources.mdx +92 -0
  71. package/.docs/organized/docs/fga/schema-management.mdx +224 -0
  72. package/.docs/organized/docs/fga/schema.mdx +388 -0
  73. package/.docs/organized/docs/fga/warrant-tokens.mdx +44 -0
  74. package/.docs/organized/docs/fga/warrants.mdx +92 -0
  75. package/.docs/organized/docs/glossary.mdx +184 -0
  76. package/.docs/organized/docs/integrations/_navigation.mdx +6 -0
  77. package/.docs/organized/docs/integrations/access-people-hr.mdx +87 -0
  78. package/.docs/organized/docs/integrations/adp-oidc.mdx +103 -0
  79. package/.docs/organized/docs/integrations/apple.mdx +169 -0
  80. package/.docs/organized/docs/integrations/auth0-directory-sync.mdx +78 -0
  81. package/.docs/organized/docs/integrations/auth0-enterprise-connection.mdx +92 -0
  82. package/.docs/organized/docs/integrations/auth0-saml.mdx +81 -0
  83. package/.docs/organized/docs/integrations/aws-cognito.mdx +81 -0
  84. package/.docs/organized/docs/integrations/bamboohr.mdx +90 -0
  85. package/.docs/organized/docs/integrations/breathe-hr.mdx +89 -0
  86. package/.docs/organized/docs/integrations/bubble.mdx +129 -0
  87. package/.docs/organized/docs/integrations/cas-saml.mdx +65 -0
  88. package/.docs/organized/docs/integrations/cezanne.mdx +74 -0
  89. package/.docs/organized/docs/integrations/classlink-saml.mdx +100 -0
  90. package/.docs/organized/docs/integrations/cloudflare-saml.mdx +164 -0
  91. package/.docs/organized/docs/integrations/cyberark-saml.mdx +138 -0
  92. package/.docs/organized/docs/integrations/cyberark-scim.mdx +100 -0
  93. package/.docs/organized/docs/integrations/duo-saml.mdx +127 -0
  94. package/.docs/organized/docs/integrations/entra-id-saml.mdx +156 -0
  95. package/.docs/organized/docs/integrations/entra-id-scim.mdx +218 -0
  96. package/.docs/organized/docs/integrations/firebase.mdx +98 -0
  97. package/.docs/organized/docs/integrations/fourth.mdx +66 -0
  98. package/.docs/organized/docs/integrations/github-oauth.mdx +85 -0
  99. package/.docs/organized/docs/integrations/gitlab-oauth.mdx +81 -0
  100. package/.docs/organized/docs/integrations/google-directory-sync.mdx +86 -0
  101. package/.docs/organized/docs/integrations/google-oauth.mdx +173 -0
  102. package/.docs/organized/docs/integrations/google-saml.mdx +135 -0
  103. package/.docs/organized/docs/integrations/hibob.mdx +98 -0
  104. package/.docs/organized/docs/integrations/jumpcloud-saml.mdx +96 -0
  105. package/.docs/organized/docs/integrations/jumpcloud-scim.mdx +106 -0
  106. package/.docs/organized/docs/integrations/keycloak-saml.mdx +128 -0
  107. package/.docs/organized/docs/integrations/lastpass-saml.mdx +134 -0
  108. package/.docs/organized/docs/integrations/linkedin-oauth.mdx +77 -0
  109. package/.docs/organized/docs/integrations/login-gov-oidc.mdx +103 -0
  110. package/.docs/organized/docs/integrations/microsoft-ad-fs-saml.mdx +96 -0
  111. package/.docs/organized/docs/integrations/microsoft-oauth.mdx +101 -0
  112. package/.docs/organized/docs/integrations/miniorange-saml.mdx +124 -0
  113. package/.docs/organized/docs/integrations/net-iq-saml.mdx +75 -0
  114. package/.docs/organized/docs/integrations/next-auth.mdx +257 -0
  115. package/.docs/organized/docs/integrations/oidc.mdx +64 -0
  116. package/.docs/organized/docs/integrations/okta-saml.mdx +144 -0
  117. package/.docs/organized/docs/integrations/okta-scim.mdx +210 -0
  118. package/.docs/organized/docs/integrations/onelogin-saml.mdx +131 -0
  119. package/.docs/organized/docs/integrations/onelogin-scim.mdx +150 -0
  120. package/.docs/organized/docs/integrations/oracle-saml.mdx +76 -0
  121. package/.docs/organized/docs/integrations/pingfederate-saml.mdx +103 -0
  122. package/.docs/organized/docs/integrations/pingfederate-scim.mdx +150 -0
  123. package/.docs/organized/docs/integrations/pingone-saml.mdx +86 -0
  124. package/.docs/organized/docs/integrations/react-native-expo.mdx +93 -0
  125. package/.docs/organized/docs/integrations/rippling-saml.mdx +174 -0
  126. package/.docs/organized/docs/integrations/rippling-scim.mdx +148 -0
  127. package/.docs/organized/docs/integrations/salesforce-saml.mdx +143 -0
  128. package/.docs/organized/docs/integrations/saml.mdx +64 -0
  129. package/.docs/organized/docs/integrations/scim.mdx +64 -0
  130. package/.docs/organized/docs/integrations/sftp.mdx +150 -0
  131. package/.docs/organized/docs/integrations/shibboleth-generic-saml.mdx +84 -0
  132. package/.docs/organized/docs/integrations/shibboleth-unsolicited-saml.mdx +84 -0
  133. package/.docs/organized/docs/integrations/simple-saml-php.mdx +78 -0
  134. package/.docs/organized/docs/integrations/slack-oauth.mdx +102 -0
  135. package/.docs/organized/docs/integrations/supabase.mdx +68 -0
  136. package/.docs/organized/docs/integrations/vmware-saml.mdx +100 -0
  137. package/.docs/organized/docs/integrations/workday.mdx +156 -0
  138. package/.docs/organized/docs/integrations/xero-oauth.mdx +83 -0
  139. package/.docs/organized/docs/magic-link/_navigation.mdx +16 -0
  140. package/.docs/organized/docs/magic-link/example-apps.mdx +46 -0
  141. package/.docs/organized/docs/magic-link/index.mdx +199 -0
  142. package/.docs/organized/docs/magic-link/launch-checklist.mdx +27 -0
  143. package/.docs/organized/docs/mfa/_navigation.mdx +18 -0
  144. package/.docs/organized/docs/mfa/example-apps.mdx +46 -0
  145. package/.docs/organized/docs/mfa/index.mdx +140 -0
  146. package/.docs/organized/docs/mfa/ux/enrollment.mdx +74 -0
  147. package/.docs/organized/docs/mfa/ux/sign-in.mdx +30 -0
  148. package/.docs/organized/docs/migrate/_navigation.mdx +6 -0
  149. package/.docs/organized/docs/migrate/auth0.mdx +98 -0
  150. package/.docs/organized/docs/migrate/aws-cognito.mdx +115 -0
  151. package/.docs/organized/docs/migrate/clerk.mdx +106 -0
  152. package/.docs/organized/docs/migrate/firebase.mdx +80 -0
  153. package/.docs/organized/docs/migrate/other-services.mdx +179 -0
  154. package/.docs/organized/docs/migrate/standalone-sso.mdx +105 -0
  155. package/.docs/organized/docs/on-prem-deployment.mdx +119 -0
  156. package/.docs/organized/docs/postman.mdx +90 -0
  157. package/.docs/organized/docs/reference/_navigation.mdx +527 -0
  158. package/.docs/organized/docs/reference/admin-portal/index.mdx +6 -0
  159. package/.docs/organized/docs/reference/admin-portal/portal-link/generate.mdx +268 -0
  160. package/.docs/organized/docs/reference/admin-portal/portal-link/index.mdx +15 -0
  161. package/.docs/organized/docs/reference/admin-portal/provider-icons/index.mdx +52 -0
  162. package/.docs/organized/docs/reference/api-keys.mdx +22 -0
  163. package/.docs/organized/docs/reference/audit-logs/audit-log-export.mdx +239 -0
  164. package/.docs/organized/docs/reference/audit-logs/audit-log-schema.mdx +69 -0
  165. package/.docs/organized/docs/reference/audit-logs/create-event.mdx +673 -0
  166. package/.docs/organized/docs/reference/audit-logs/create-export.mdx +308 -0
  167. package/.docs/organized/docs/reference/audit-logs/create-schema.mdx +95 -0
  168. package/.docs/organized/docs/reference/audit-logs/get-export.mdx +117 -0
  169. package/.docs/organized/docs/reference/audit-logs/get-retention.mdx +34 -0
  170. package/.docs/organized/docs/reference/audit-logs/index.mdx +6 -0
  171. package/.docs/organized/docs/reference/audit-logs/list-actions.mdx +40 -0
  172. package/.docs/organized/docs/reference/audit-logs/list-schemas.mdx +40 -0
  173. package/.docs/organized/docs/reference/audit-logs/set-retention.mdx +39 -0
  174. package/.docs/organized/docs/reference/client-libraries.mdx +19 -0
  175. package/.docs/organized/docs/reference/directory-sync/directory/delete.mdx +90 -0
  176. package/.docs/organized/docs/reference/directory-sync/directory/get.mdx +105 -0
  177. package/.docs/organized/docs/reference/directory-sync/directory/index.mdx +385 -0
  178. package/.docs/organized/docs/reference/directory-sync/directory/list.mdx +281 -0
  179. package/.docs/organized/docs/reference/directory-sync/directory-group/get.mdx +105 -0
  180. package/.docs/organized/docs/reference/directory-sync/directory-group/index.mdx +277 -0
  181. package/.docs/organized/docs/reference/directory-sync/directory-group/list.mdx +295 -0
  182. package/.docs/organized/docs/reference/directory-sync/directory-user/get.mdx +112 -0
  183. package/.docs/organized/docs/reference/directory-sync/directory-user/index.mdx +470 -0
  184. package/.docs/organized/docs/reference/directory-sync/directory-user/list.mdx +304 -0
  185. package/.docs/organized/docs/reference/directory-sync/index.mdx +10 -0
  186. package/.docs/organized/docs/reference/domain-verification/create.mdx +38 -0
  187. package/.docs/organized/docs/reference/domain-verification/get.mdx +32 -0
  188. package/.docs/organized/docs/reference/domain-verification/index.mdx +84 -0
  189. package/.docs/organized/docs/reference/domain-verification/verify.mdx +36 -0
  190. package/.docs/organized/docs/reference/errors.mdx +30 -0
  191. package/.docs/organized/docs/reference/events/index.mdx +9 -0
  192. package/.docs/organized/docs/reference/events/list.mdx +246 -0
  193. package/.docs/organized/docs/reference/fga/batch-check.mdx +277 -0
  194. package/.docs/organized/docs/reference/fga/check.mdx +563 -0
  195. package/.docs/organized/docs/reference/fga/index.mdx +6 -0
  196. package/.docs/organized/docs/reference/fga/policy/create.mdx +27 -0
  197. package/.docs/organized/docs/reference/fga/policy/delete.mdx +18 -0
  198. package/.docs/organized/docs/reference/fga/policy/get.mdx +23 -0
  199. package/.docs/organized/docs/reference/fga/policy/index.mdx +52 -0
  200. package/.docs/organized/docs/reference/fga/policy/list.mdx +41 -0
  201. package/.docs/organized/docs/reference/fga/policy/update.mdx +26 -0
  202. package/.docs/organized/docs/reference/fga/query.mdx +375 -0
  203. package/.docs/organized/docs/reference/fga/resource/batch-write.mdx +175 -0
  204. package/.docs/organized/docs/reference/fga/resource/create.mdx +130 -0
  205. package/.docs/organized/docs/reference/fga/resource/delete.mdx +86 -0
  206. package/.docs/organized/docs/reference/fga/resource/get.mdx +88 -0
  207. package/.docs/organized/docs/reference/fga/resource/index.mdx +98 -0
  208. package/.docs/organized/docs/reference/fga/resource/list.mdx +188 -0
  209. package/.docs/organized/docs/reference/fga/resource/update.mdx +115 -0
  210. package/.docs/organized/docs/reference/fga/resource-type/apply.mdx +35 -0
  211. package/.docs/organized/docs/reference/fga/resource-type/create.mdx +24 -0
  212. package/.docs/organized/docs/reference/fga/resource-type/delete.mdx +22 -0
  213. package/.docs/organized/docs/reference/fga/resource-type/get.mdx +23 -0
  214. package/.docs/organized/docs/reference/fga/resource-type/index.mdx +68 -0
  215. package/.docs/organized/docs/reference/fga/resource-type/list.mdx +36 -0
  216. package/.docs/organized/docs/reference/fga/resource-type/update.mdx +23 -0
  217. package/.docs/organized/docs/reference/fga/schema/apply.mdx +42 -0
  218. package/.docs/organized/docs/reference/fga/schema/get.mdx +24 -0
  219. package/.docs/organized/docs/reference/fga/schema/index.mdx +39 -0
  220. package/.docs/organized/docs/reference/fga/warrant/batch-write.mdx +226 -0
  221. package/.docs/organized/docs/reference/fga/warrant/create.mdx +215 -0
  222. package/.docs/organized/docs/reference/fga/warrant/delete.mdx +212 -0
  223. package/.docs/organized/docs/reference/fga/warrant/index.mdx +186 -0
  224. package/.docs/organized/docs/reference/fga/warrant/list.mdx +282 -0
  225. package/.docs/organized/docs/reference/idempotency.mdx +21 -0
  226. package/.docs/organized/docs/reference/index.mdx +194 -0
  227. package/.docs/organized/docs/reference/magic-link/index.mdx +8 -0
  228. package/.docs/organized/docs/reference/magic-link/passwordless-session/create.mdx +268 -0
  229. package/.docs/organized/docs/reference/magic-link/passwordless-session/index.mdx +203 -0
  230. package/.docs/organized/docs/reference/magic-link/passwordless-session/send-email.mdx +158 -0
  231. package/.docs/organized/docs/reference/mfa/authentication-challenge.mdx +217 -0
  232. package/.docs/organized/docs/reference/mfa/authentication-factor.mdx +381 -0
  233. package/.docs/organized/docs/reference/mfa/challenge-factor.mdx +170 -0
  234. package/.docs/organized/docs/reference/mfa/delete-factor.mdx +93 -0
  235. package/.docs/organized/docs/reference/mfa/enroll-factor.mdx +241 -0
  236. package/.docs/organized/docs/reference/mfa/get-factor.mdx +108 -0
  237. package/.docs/organized/docs/reference/mfa/index.mdx +8 -0
  238. package/.docs/organized/docs/reference/mfa/verify-challenge.mdx +228 -0
  239. package/.docs/organized/docs/reference/organization/create.mdx +216 -0
  240. package/.docs/organized/docs/reference/organization/delete.mdx +89 -0
  241. package/.docs/organized/docs/reference/organization/get-by-external-id.mdx +40 -0
  242. package/.docs/organized/docs/reference/organization/get.mdx +104 -0
  243. package/.docs/organized/docs/reference/organization/index.mdx +274 -0
  244. package/.docs/organized/docs/reference/organization/list.mdx +258 -0
  245. package/.docs/organized/docs/reference/organization/update.mdx +236 -0
  246. package/.docs/organized/docs/reference/organization-domain.mdx +189 -0
  247. package/.docs/organized/docs/reference/pagination.mdx +244 -0
  248. package/.docs/organized/docs/reference/radar/attempts/create.mdx +115 -0
  249. package/.docs/organized/docs/reference/radar/attempts/index.mdx +7 -0
  250. package/.docs/organized/docs/reference/radar/attempts/update.mdx +34 -0
  251. package/.docs/organized/docs/reference/radar/index.mdx +8 -0
  252. package/.docs/organized/docs/reference/radar/lists/delete.mdx +36 -0
  253. package/.docs/organized/docs/reference/radar/lists/index.mdx +7 -0
  254. package/.docs/organized/docs/reference/radar/lists/update.mdx +36 -0
  255. package/.docs/organized/docs/reference/rate-limits.mdx +50 -0
  256. package/.docs/organized/docs/reference/roles/index.mdx +268 -0
  257. package/.docs/organized/docs/reference/roles/list-for-organization.mdx +152 -0
  258. package/.docs/organized/docs/reference/sso/connection/delete.mdx +89 -0
  259. package/.docs/organized/docs/reference/sso/connection/get.mdx +104 -0
  260. package/.docs/organized/docs/reference/sso/connection/index.mdx +388 -0
  261. package/.docs/organized/docs/reference/sso/connection/list.mdx +320 -0
  262. package/.docs/organized/docs/reference/sso/get-authorization-url/error-codes.mdx +28 -0
  263. package/.docs/organized/docs/reference/sso/get-authorization-url/index.mdx +434 -0
  264. package/.docs/organized/docs/reference/sso/get-authorization-url/redirect-uri.mdx +21 -0
  265. package/.docs/organized/docs/reference/sso/index.mdx +8 -0
  266. package/.docs/organized/docs/reference/sso/logout/authorize.mdx +47 -0
  267. package/.docs/organized/docs/reference/sso/logout/index.mdx +14 -0
  268. package/.docs/organized/docs/reference/sso/logout/redirect.mdx +32 -0
  269. package/.docs/organized/docs/reference/sso/profile/get-profile-and-token.mdx +229 -0
  270. package/.docs/organized/docs/reference/sso/profile/get-user-profile.mdx +127 -0
  271. package/.docs/organized/docs/reference/sso/profile/index.mdx +364 -0
  272. package/.docs/organized/docs/reference/testing.mdx +8 -0
  273. package/.docs/organized/docs/reference/user-management/access-token/index.mdx +13 -0
  274. package/.docs/organized/docs/reference/user-management/authentication/code.mdx +448 -0
  275. package/.docs/organized/docs/reference/user-management/authentication/email-verification.mdx +359 -0
  276. package/.docs/organized/docs/reference/user-management/authentication/get-authorization-url/error-codes.mdx +25 -0
  277. package/.docs/organized/docs/reference/user-management/authentication/get-authorization-url/index.mdx +425 -0
  278. package/.docs/organized/docs/reference/user-management/authentication/get-authorization-url/pkce.mdx +9 -0
  279. package/.docs/organized/docs/reference/user-management/authentication/get-authorization-url/redirect-uri.mdx +23 -0
  280. package/.docs/organized/docs/reference/user-management/authentication/index.mdx +66 -0
  281. package/.docs/organized/docs/reference/user-management/authentication/magic-auth.mdx +353 -0
  282. package/.docs/organized/docs/reference/user-management/authentication/organization-selection.mdx +349 -0
  283. package/.docs/organized/docs/reference/user-management/authentication/password.mdx +350 -0
  284. package/.docs/organized/docs/reference/user-management/authentication/refresh-and-seal-session-data.mdx +57 -0
  285. package/.docs/organized/docs/reference/user-management/authentication/refresh-token.mdx +381 -0
  286. package/.docs/organized/docs/reference/user-management/authentication/session-cookie.mdx +79 -0
  287. package/.docs/organized/docs/reference/user-management/authentication/totp.mdx +369 -0
  288. package/.docs/organized/docs/reference/user-management/authentication-errors/email-verification-required-error.mdx +42 -0
  289. package/.docs/organized/docs/reference/user-management/authentication-errors/index.mdx +20 -0
  290. package/.docs/organized/docs/reference/user-management/authentication-errors/mfa-challenge-error.mdx +44 -0
  291. package/.docs/organized/docs/reference/user-management/authentication-errors/mfa-enrollment-error.mdx +37 -0
  292. package/.docs/organized/docs/reference/user-management/authentication-errors/organization-authentication-required-error.mdx +68 -0
  293. package/.docs/organized/docs/reference/user-management/authentication-errors/organization-selection-error.mdx +44 -0
  294. package/.docs/organized/docs/reference/user-management/authentication-errors/sso-required-error.mdx +51 -0
  295. package/.docs/organized/docs/reference/user-management/email-verification/get.mdx +88 -0
  296. package/.docs/organized/docs/reference/user-management/email-verification/index.mdx +227 -0
  297. package/.docs/organized/docs/reference/user-management/identity/index.mdx +74 -0
  298. package/.docs/organized/docs/reference/user-management/identity/list.mdx +52 -0
  299. package/.docs/organized/docs/reference/user-management/index.mdx +13 -0
  300. package/.docs/organized/docs/reference/user-management/invitation/accept.mdx +39 -0
  301. package/.docs/organized/docs/reference/user-management/invitation/find-by-token.mdx +87 -0
  302. package/.docs/organized/docs/reference/user-management/invitation/get.mdx +87 -0
  303. package/.docs/organized/docs/reference/user-management/invitation/index.mdx +374 -0
  304. package/.docs/organized/docs/reference/user-management/invitation/list.mdx +247 -0
  305. package/.docs/organized/docs/reference/user-management/invitation/revoke.mdx +90 -0
  306. package/.docs/organized/docs/reference/user-management/invitation/send.mdx +230 -0
  307. package/.docs/organized/docs/reference/user-management/logout/get-logout-url-from-session-cookie.mdx +52 -0
  308. package/.docs/organized/docs/reference/user-management/logout/get-logout-url.mdx +147 -0
  309. package/.docs/organized/docs/reference/user-management/logout/index.mdx +26 -0
  310. package/.docs/organized/docs/reference/user-management/magic-auth/create.mdx +148 -0
  311. package/.docs/organized/docs/reference/user-management/magic-auth/get.mdx +88 -0
  312. package/.docs/organized/docs/reference/user-management/magic-auth/index.mdx +225 -0
  313. package/.docs/organized/docs/reference/user-management/mfa/authentication-challenge.mdx +194 -0
  314. package/.docs/organized/docs/reference/user-management/mfa/authentication-factor.mdx +324 -0
  315. package/.docs/organized/docs/reference/user-management/mfa/enroll-auth-factor.mdx +296 -0
  316. package/.docs/organized/docs/reference/user-management/mfa/index.mdx +5 -0
  317. package/.docs/organized/docs/reference/user-management/mfa/list-auth-factors.mdx +194 -0
  318. package/.docs/organized/docs/reference/user-management/organization-membership/create.mdx +155 -0
  319. package/.docs/organized/docs/reference/user-management/organization-membership/deactivate.mdx +106 -0
  320. package/.docs/organized/docs/reference/user-management/organization-membership/delete.mdx +76 -0
  321. package/.docs/organized/docs/reference/user-management/organization-membership/get.mdx +95 -0
  322. package/.docs/organized/docs/reference/user-management/organization-membership/index.mdx +265 -0
  323. package/.docs/organized/docs/reference/user-management/organization-membership/list.mdx +291 -0
  324. package/.docs/organized/docs/reference/user-management/organization-membership/reactivate.mdx +106 -0
  325. package/.docs/organized/docs/reference/user-management/organization-membership/update.mdx +119 -0
  326. package/.docs/organized/docs/reference/user-management/password-reset/create.mdx +108 -0
  327. package/.docs/organized/docs/reference/user-management/password-reset/get.mdx +88 -0
  328. package/.docs/organized/docs/reference/user-management/password-reset/index.mdx +227 -0
  329. package/.docs/organized/docs/reference/user-management/password-reset/reset-password.mdx +144 -0
  330. package/.docs/organized/docs/reference/user-management/session-helpers/authenticate.mdx +176 -0
  331. package/.docs/organized/docs/reference/user-management/session-helpers/get-logout-url.mdx +42 -0
  332. package/.docs/organized/docs/reference/user-management/session-helpers/index.mdx +14 -0
  333. package/.docs/organized/docs/reference/user-management/session-helpers/load-sealed-session.mdx +105 -0
  334. package/.docs/organized/docs/reference/user-management/session-helpers/refresh.mdx +213 -0
  335. package/.docs/organized/docs/reference/user-management/session-tokens/access-token.mdx +90 -0
  336. package/.docs/organized/docs/reference/user-management/session-tokens/index.mdx +5 -0
  337. package/.docs/organized/docs/reference/user-management/session-tokens/jwks.mdx +110 -0
  338. package/.docs/organized/docs/reference/user-management/session-tokens/refresh-token.mdx +8 -0
  339. package/.docs/organized/docs/reference/user-management/user/create.mdx +327 -0
  340. package/.docs/organized/docs/reference/user-management/user/delete.mdx +76 -0
  341. package/.docs/organized/docs/reference/user-management/user/get-by-external-id.mdx +39 -0
  342. package/.docs/organized/docs/reference/user-management/user/get.mdx +103 -0
  343. package/.docs/organized/docs/reference/user-management/user/index.mdx +322 -0
  344. package/.docs/organized/docs/reference/user-management/user/list.mdx +260 -0
  345. package/.docs/organized/docs/reference/user-management/user/update.mdx +344 -0
  346. package/.docs/organized/docs/reference/vault/index.mdx +6 -0
  347. package/.docs/organized/docs/reference/vault/key/create-data-key.mdx +106 -0
  348. package/.docs/organized/docs/reference/vault/key/decrypt-data-key.mdx +84 -0
  349. package/.docs/organized/docs/reference/vault/key/decrypt-data.mdx +52 -0
  350. package/.docs/organized/docs/reference/vault/key/encrypt-data.mdx +58 -0
  351. package/.docs/organized/docs/reference/vault/key/index.mdx +25 -0
  352. package/.docs/organized/docs/reference/vault/object/create.mdx +62 -0
  353. package/.docs/organized/docs/reference/vault/object/delete.mdx +75 -0
  354. package/.docs/organized/docs/reference/vault/object/get.mdx +50 -0
  355. package/.docs/organized/docs/reference/vault/object/index.mdx +174 -0
  356. package/.docs/organized/docs/reference/vault/object/list.mdx +105 -0
  357. package/.docs/organized/docs/reference/vault/object/metadata.mdx +52 -0
  358. package/.docs/organized/docs/reference/vault/object/update.mdx +67 -0
  359. package/.docs/organized/docs/reference/vault/object/version.mdx +87 -0
  360. package/.docs/organized/docs/reference/vault/object/versions.mdx +83 -0
  361. package/.docs/organized/docs/reference/widgets/get-token.mdx +185 -0
  362. package/.docs/organized/docs/reference/widgets/index.mdx +6 -0
  363. package/.docs/organized/docs/reference/workos-connect/authorize/index.mdx +75 -0
  364. package/.docs/organized/docs/reference/workos-connect/index.mdx +33 -0
  365. package/.docs/organized/docs/reference/workos-connect/introspection/index.mdx +122 -0
  366. package/.docs/organized/docs/reference/workos-connect/metadata/index.mdx +25 -0
  367. package/.docs/organized/docs/reference/workos-connect/metadata/oauth-authorization-server/index.mdx +99 -0
  368. package/.docs/organized/docs/reference/workos-connect/metadata/openid-configuration/index.mdx +70 -0
  369. package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/access-token.mdx +53 -0
  370. package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/id-token.mdx +60 -0
  371. package/.docs/organized/docs/reference/workos-connect/token/authorization-code-grant/index.mdx +69 -0
  372. package/.docs/organized/docs/reference/workos-connect/token/client-credentials-grant/access-token.mdx +46 -0
  373. package/.docs/organized/docs/reference/workos-connect/token/client-credentials-grant/index.mdx +56 -0
  374. package/.docs/organized/docs/reference/workos-connect/token/index.mdx +39 -0
  375. package/.docs/organized/docs/reference/workos-connect/token/refresh-token-grant.mdx +69 -0
  376. package/.docs/organized/docs/reference/workos-connect/userinfo/index.mdx +46 -0
  377. package/.docs/organized/docs/sdks/dotnet.mdx +6 -0
  378. package/.docs/organized/docs/sdks/elixir.mdx +6 -0
  379. package/.docs/organized/docs/sdks/go.mdx +6 -0
  380. package/.docs/organized/docs/sdks/java.mdx +9 -0
  381. package/.docs/organized/docs/sdks/laravel.mdx +6 -0
  382. package/.docs/organized/docs/sdks/node.mdx +9 -0
  383. package/.docs/organized/docs/sdks/php.mdx +6 -0
  384. package/.docs/organized/docs/sdks/python.mdx +6 -0
  385. package/.docs/organized/docs/sdks/ruby.mdx +9 -0
  386. package/.docs/organized/docs/sso/_navigation.mdx +44 -0
  387. package/.docs/organized/docs/sso/_sequence-diagrams/saml-protocol-security-considerations.md +59 -0
  388. package/.docs/organized/docs/sso/attributes.mdx +110 -0
  389. package/.docs/organized/docs/sso/domains.mdx +111 -0
  390. package/.docs/organized/docs/sso/example-apps.mdx +46 -0
  391. package/.docs/organized/docs/sso/identity-provider-role-assignment.mdx +113 -0
  392. package/.docs/organized/docs/sso/index.mdx +295 -0
  393. package/.docs/organized/docs/sso/it-team-faq.mdx +35 -0
  394. package/.docs/organized/docs/sso/jit-provisioning.mdx +101 -0
  395. package/.docs/organized/docs/sso/launch-checklist.mdx +71 -0
  396. package/.docs/organized/docs/sso/login-flows.mdx +101 -0
  397. package/.docs/organized/docs/sso/redirect-uris.mdx +44 -0
  398. package/.docs/organized/docs/sso/saml-security.mdx +122 -0
  399. package/.docs/organized/docs/sso/signing-certificates.mdx +121 -0
  400. package/.docs/organized/docs/sso/single-logout.mdx +45 -0
  401. package/.docs/organized/docs/sso/test-sso.mdx +73 -0
  402. package/.docs/organized/docs/sso/ux/sign-in.mdx +44 -0
  403. package/.docs/organized/docs/user-management/_navigation.mdx +87 -0
  404. package/.docs/organized/docs/user-management/actions.mdx +169 -0
  405. package/.docs/organized/docs/user-management/authkit.mdx +69 -0
  406. package/.docs/organized/docs/user-management/branding.mdx +143 -0
  407. package/.docs/organized/docs/user-management/connect.mdx +110 -0
  408. package/.docs/organized/docs/user-management/custom-emails.mdx +164 -0
  409. package/.docs/organized/docs/user-management/directory-provisioning.mdx +78 -0
  410. package/.docs/organized/docs/user-management/domain-verification.mdx +28 -0
  411. package/.docs/organized/docs/user-management/email-password.mdx +42 -0
  412. package/.docs/organized/docs/user-management/email-verification.mdx +29 -0
  413. package/.docs/organized/docs/user-management/entitlements.mdx +46 -0
  414. package/.docs/organized/docs/user-management/example-apps.mdx +39 -0
  415. package/.docs/organized/docs/user-management/identity-linking.mdx +52 -0
  416. package/.docs/organized/docs/user-management/impersonation.mdx +82 -0
  417. package/.docs/organized/docs/user-management/index.mdx +525 -0
  418. package/.docs/organized/docs/user-management/invitations.mdx +60 -0
  419. package/.docs/organized/docs/user-management/invite-only-signup.mdx +72 -0
  420. package/.docs/organized/docs/user-management/jit-provisioning.mdx +36 -0
  421. package/.docs/organized/docs/user-management/jwt-templates.mdx +278 -0
  422. package/.docs/organized/docs/user-management/magic-auth.mdx +36 -0
  423. package/.docs/organized/docs/user-management/mcp.mdx +146 -0
  424. package/.docs/organized/docs/user-management/metadata.mdx +119 -0
  425. package/.docs/organized/docs/user-management/mfa.mdx +32 -0
  426. package/.docs/organized/docs/user-management/migrations.mdx +20 -0
  427. package/.docs/organized/docs/user-management/modeling-your-app.mdx +149 -0
  428. package/.docs/organized/docs/user-management/organization-policies.mdx +33 -0
  429. package/.docs/organized/docs/user-management/overview.mdx +46 -0
  430. package/.docs/organized/docs/user-management/passkeys.mdx +42 -0
  431. package/.docs/organized/docs/user-management/radar.mdx +127 -0
  432. package/.docs/organized/docs/user-management/roles-and-permissions.mdx +155 -0
  433. package/.docs/organized/docs/user-management/sessions.mdx +101 -0
  434. package/.docs/organized/docs/user-management/social-login.mdx +34 -0
  435. package/.docs/organized/docs/user-management/sso-with-contractors.mdx +85 -0
  436. package/.docs/organized/docs/user-management/sso.mdx +96 -0
  437. package/.docs/organized/docs/user-management/users-organizations.mdx +91 -0
  438. package/.docs/organized/docs/user-management/widgets.mdx +190 -0
  439. package/.docs/organized/docs/vault/_navigation.mdx +14 -0
  440. package/.docs/organized/docs/vault/index.mdx +38 -0
  441. package/.docs/organized/docs/vault/key-context.mdx +32 -0
  442. package/.docs/organized/docs/vault/quick-start.mdx +82 -0
  443. package/README.md +252 -0
  444. package/dist/chunk-64GKEK6G.js +48 -0
  445. package/dist/chunk-64GKEK6G.js.map +1 -0
  446. package/dist/get-tools.d.ts +23 -0
  447. package/dist/get-tools.js +8 -0
  448. package/dist/get-tools.js.map +1 -0
  449. package/dist/index.d.ts +1 -0
  450. package/dist/index.js +552 -0
  451. package/dist/index.js.map +1 -0
  452. package/dist/prepare.d.ts +2 -0
  453. package/dist/prepare.js +269 -0
  454. package/dist/prepare.js.map +1 -0
  455. package/package.json +49 -0
package/.docs/organized/docs/fga/quick-start.mdx ADDED
@@ -0,0 +1,174 @@
1
+ ---
2
+ title: Quick Start
3
+ description: >-
4
+ Set up resource types and warrants that model your authorization requirements.
5
+ Then use the SDK to make access checks from your application.
6
+ originalPath: .tmp-workos-clone/packages/docs/content/fga/quick-start.mdx
7
+ ---
8
+
9
+ ## Before getting started
10
+
11
+ To get the most out of this guide, you should have:
12
+
13
+ - A [WorkOS account](https://dashboard.workos.com/)
14
+ - Your WorkOS [API Key](/glossary/api-key)
15
+ - A basic understanding of [resource types](/fga/schema/schema-syntax/resource-types)
16
+
17
+ ## What you'll build
18
+
19
+ In this guide, we'll implement fine-grained authorization for a simple B2B SaaS application that gives users the ability to build and share reports generated using company data.
20
+
21
+ We will:
22
+
23
+ 1. Design a resource type schema that models the application's authorization requirements.
24
+ 2. Create warrants to define relationships between the application's resources.
25
+ 3. Make access checks that determine whether or not a user should have access to a resource.
26
+
27
+ ## API resource definitions
28
+
29
+ [Schema](/fga/schema)
30
+ : A schema defining the different types of relationships available on your application's resources and how those relationships can be inherited
31
+
32
+ [Warrant](/fga/warrants)
33
+ : A rule assigning a relationship between two resources in your application
34
+
35
+ ## (1) Install the WorkOS CLI
36
+
37
+ Install the WorkOS CLI using [Homebrew](https://brew.sh/).
38
+
39
+ ```shell
40
+ brew install workos/tap/workos-cli
41
+ ```
42
+
43
+ To initialize the CLI, use the command below. Follow the prompts to complete setup.
44
+
45
+ ```shell
46
+ workos init
47
+ ```
48
+
49
+ ---
50
+
51
+ ## (2) Define a resource type schema
52
+
53
+ Our application has three types of resources: reports, teams, and users. Our authorization model should meet the following requirements:
54
+
55
+ - Every report belongs to a team.
56
+ - Every user belongs to a team.
57
+ - Users who create a report are considered the owner of the report.
58
+ - The owner of a report can also edit the report.
59
+ - The owner of a report can add other users as editors.
60
+ - An editor of a report can also view the report.
61
+ - Users can view any report belonging to their team.
62
+
63
+ We'll define the following resource type schema to fulfill these requirements:
64
+
65
+ ```fga title="schema.txt"
66
+ version 0.3
67
+
68
+ type user
69
+
70
+ type team
71
+ relation member [user]
72
+
73
+ type report
74
+ relation parent [team]
75
+ relation owner [user]
76
+ relation editor [user]
77
+ relation viewer [user]
78
+
79
+ inherit editor if
80
+ relation owner
81
+
82
+ inherit viewer if
83
+ any_of
84
+ relation editor
85
+ relation member on parent [team]
86
+
87
+ ```
88
+
89
+ ### (A) Using the CLI
90
+
91
+ Create a file called `schema.txt` containing the schema definition from above. Then use the CLI to update your schema in WorkOS FGA.
92
+
93
+ ```shell
94
+ workos fga schema apply schema.txt
95
+ ```
96
+
97
+ ### (B) Using the FGA Dashboard
98
+
99
+ Define a resource type schema from the FGA dashboard using the schema editor available on the [Schema](https://fga.workos.com/schema) page.
100
+
101
+ ---
102
+
103
+ ## (3) Create warrants
104
+
105
+ Warrants are rules that assign relationships between the resources in an application. These relationships are then used to figure out whether or not a user should have access to a resource.
106
+
107
+ For example, let's create two warrants:
108
+
109
+ - One specifying that `[user:d6ed6474-784e-407e-a1ea-42a91d4c52b9] is a [member] of [team:stark]`
110
+ - One specifying that `[team:stark] is [parent] of [report:7]`
111
+
112
+ ### (A) Using the CLI
113
+
114
+ Create warrants using the CLI.
115
+
116
+ ```shell
117
+ workos fga warrant create user:d6ed6474-784e-407e-a1ea-42a91d4c52b9 member team:stark
118
+ workos fga warrant create team:stark parent report:7
119
+ ```
120
+
121
+ ### (B) Using the SDK
122
+
123
+ <LanguageSelector languages={['go', 'java', 'js', 'python']}>
124
+ Install the SDK using the command below.
125
+
126
+ <CodeBlock title="Install the WorkOS SDK" file="install-sdk">
127
+ <CodeBlockTab language="js" file="install-sdk-npm" title="npm" />
128
+ <CodeBlockTab language="js" file="install-sdk-yarn" title="Yarn" />
129
+ <CodeBlockTab language="java" file="install-sdk-maven" title="Maven" />
130
+ <CodeBlockTab language="java" file="install-sdk-gradle" title="Gradle" />
131
+ </CodeBlock>
132
+ </LanguageSelector>
133
+
134
+ Create warrants programmatically from your application using the SDK.
135
+
136
+ <CodeBlock title="Create Warrants" file="create-warrants" />
137
+
138
+ ---
139
+
140
+ ## (4) Check and query access
141
+
142
+ Now that we have our resource types and some warrants set up, we can check and query access.
143
+
144
+ Since we assigned `[team:stark]` as the `parent` team of `[report:7]` and `[user:d6ed6474-784e-407e-a1ea-42a91d4c52b9]` as a `member` of `[team:stark]`, they should automatically be a `viewer` of `[report:7]`. Let's do a check to make sure.
145
+
146
+ ### (A) Using the CLI
147
+
148
+ Check if a subject has a given relation on a resource.
149
+
150
+ ```shell title="Check if user is viewer of report:7"
151
+ workos fga check user:d6ed6474-784e-407e-a1ea-42a91d4c52b9 viewer report:7
152
+ ```
153
+
154
+ Query which resources a user has a given relation on.
155
+
156
+ ```shell title="List reports where user is a viewer"
157
+ workos fga query 'select report where user:d6ed6474-784e-407e-a1ea-42a91d4c52b9 is viewer'
158
+ ```
159
+
160
+ ### (B) Using the SDK
161
+
162
+ Check if a subject has a given relation on a resource.
163
+
164
+ <CodeBlock title="Check if user is viewer of report:7" file="check" />
165
+
166
+ Query which resources a user has a given relation on.
167
+
168
+ <CodeBlock title="List reports where user is viewer" file="query" />
169
+
170
+ ---
171
+
172
+ ## Summary
173
+
174
+ That's it! We've now setup a powerful authorization system for our application that features a hierarchy of privileges (owner → editor → viewer) and inheritance of privileges based on team membership.
package/.docs/organized/docs/fga/resources.mdx ADDED
@@ -0,0 +1,92 @@
1
+ ---
2
+ title: Resources
3
+ description: >-
4
+ Resources are FGA's references to your application's access controlled
5
+ resources.
6
+ showNextPage: true
7
+ originalPath: .tmp-workos-clone/packages/docs/content/fga/resources.mdx
8
+ ---
9
+
10
+ FGA stores a set of warrants representing relationships between _resources_ in an application. These resources are typically application-specific objects persisted in the application's datastore (e.g. MySQL, PostgreSQL, MongoDB, etc). In FGA, they are referred to as _resources_.
11
+
12
+ ## Overview
13
+
14
+ ```shell
15
+ report : balance-sheet
16
+ | |
17
+ Resource Type Resource ID
18
+ ```
19
+
20
+ Resources consist of three attributes:
21
+
22
+ - **Resource Type** - Specifies what _type_ of entity a particular resource is (e.g. a user, a tenant, a report, etc).
23
+ - **Resource ID** - Specifies a unique identifier for the resource (typically the same unique identifier used in your application to identify the resource).
24
+ - **Meta** (optional) - A JSON object containing additional data related to the resource that it would be helpful for FGA to know about (e.g. a user's email address, a tenant's display name, a description of the privileges a role grants, etc).
25
+
26
+ Resources make it easier to manage the warrants associated with each resource, providing a way for applications to persist authorization-specific data outside of (or often, in lieu of) their primary datastore.
27
+
28
+ ## Creating and Managing Resources
29
+
30
+ FGA automatically creates the resources that are referenced by warrants when they are created. This means developers using FGA don't need to worry about manually creating resources.
31
+
32
+ For example, given the following warrant:
33
+
34
+ ```json title="report:balance-sheet#editor@user:john-doe"
35
+ {
36
+ "resource_type": "report",
37
+ "resource_id": "balance-sheet",
38
+ "relation": "editor",
39
+ "subject": {
40
+ "resource_type": "user",
41
+ "resource_id": "john-doe"
42
+ }
43
+ }
44
+ ```
45
+
46
+ FGA will automatically create two resources upon creation of the warrant:
47
+
48
+ ```json title="report:balance-sheet"
49
+ {
50
+ "resource_type": "report",
51
+ "resource_id": "balance-sheet"
52
+ }
53
+ ```
54
+
55
+ ```json title="user:john-doe"
56
+ {
57
+ "resource_type": "user",
58
+ "resource_id": "john-doe"
59
+ }
60
+ ```
61
+
62
+ Resources can be managed from the [FGA Dashboard](https://fga.workos.com) and/or via API. Refer to the [Resources API Reference](/reference/fga/resource/create) to learn more about managing resources via API.
63
+
64
+ > When a resource is deleted, any warrants associated with the resource will automatically be deleted. This makes it easier for applications to remove all warrants associated with a resource when the resource is deleted from the application itself.
65
+
66
+ ## Metadata
67
+
68
+ Resources can be augmented with additional authorization-specific metadata (e.g. the display name for a role or permission, the description of a particular feature, etc). Metadata is especially useful when implementing permission-specific user interfaces. For example, when building a customer-facing page for managing team-level roles and permissions, metadata can provide user-friendly names and descriptions of what actions/resources each role or permission will grant to a user.
69
+
70
+ ```json title="user:john-doe w/ metadata"
71
+ {
72
+ "resource_type": "user",
73
+ "resource_id": "john-doe",
74
+ "meta": {
75
+ "email": "john-doe@acme-corp.com",
76
+ "isActivated": true
77
+ }
78
+ }
79
+ ```
80
+
81
+ ```json title="role:accountant w/ metadata"
82
+ {
83
+ "resource_type": "role",
84
+ "resource_id": "accountant",
85
+ "meta": {
86
+ "name": "Accountant",
87
+ "description": "Allows a user to view the financial reporting pages and edit charges."
88
+ }
89
+ }
90
+ ```
91
+
92
+ > There is a 50kb limit on the size of the metadata object.
package/.docs/organized/docs/fga/schema-management.mdx ADDED
@@ -0,0 +1,224 @@
1
+ ---
2
+ title: Schema Management
3
+ description: >-
4
+ Learn how to test, debug, and safely apply changes to your authorization
5
+ schema and setup a GitOps workflow to automatically validate and apply changes
6
+ to production.
7
+ originalPath: .tmp-workos-clone/packages/docs/content/fga/schema-management.mdx
8
+ ---
9
+
10
+ ## Overview
11
+
12
+ Designing a schema that meets your requirements and using it in production for the first time is only the beginning of your fine-grained authorization journey. As your product's authorization requirements change, you will need to evolve your schema to meet those requirements.
13
+
14
+ To do this safely, you need a process in place to test, debug, and safely apply changes to your schema in production. In case of bugs, you also need the ability to roll back to a previous (working) schema if needed.
15
+
16
+ This guide will explain how to use the [FGA Dashboard](https://fga.workos.com) and [WorkOS CLI](https://github.com/workos/workos-cli) to test and debug your schema. We will use the CLI and the [CLI GitHub Action](https://github.com/workos/cli-action) to setup a GitOps workflow that automatically tests and applies changes to your schema as part of your software development life cycle (SDLC).
17
+
18
+ ## Before getting started
19
+
20
+ To get the most out of this guide, you'll need:
21
+
22
+ - A [WorkOS account](https://dashboard.workos.com/)
23
+ - Your WorkOS [API Key](/glossary/api-key)
24
+ - The [WorkOS CLI](/fga/quick-start/1-install-the-workos-cli)
25
+
26
+ ---
27
+
28
+ ## Test Your Schema
29
+
30
+ Let's create a shell script that uses the WorkOS CLI to test the example schema below.
31
+
32
+ > Note: we've decided to prefix permissions in our authorization model with `can_` (`can_invite_users`) to imply an action. This is not a required convention, so feel free to use relation names that suit your application.
33
+
34
+ ```fga title="schema.txt"
35
+ version 0.3
36
+
37
+ type user
38
+
39
+ type organization
40
+ relation role_admin [user]
41
+ relation role_member [user]
42
+ relation can_invite_users []
43
+ relation can_remove_users []
44
+ relation can_view_users []
45
+
46
+ inherit role_member if
47
+ relation role_admin
48
+
49
+ inherit can_invite_users if
50
+ relation role_admin
51
+
52
+ inherit can_remove_users if
53
+ relation role_admin
54
+
55
+ inherit can_view_users if
56
+ relation role_member
57
+
58
+ ```
59
+
60
+ First, apply the schema
61
+
62
+ ```shell title="Apply the example schema"
63
+ workos fga schema apply schema.txt
64
+ ```
65
+
66
+ Next, use the `fga warrant create` command to setup some warrants.
67
+
68
+ ```shell title="Setup test data"
69
+ workos fga warrant create user:acme_admin role_admin organization:org_acme
70
+ workos fga warrant create user:acme_member role_member organization:org_acme
71
+ ```
72
+
73
+ Then use the `fga check` command with the `--assert` flag to assert that a permission check returns the expected result.
74
+
75
+ ```shell title="Make assertions"
76
+ workos fga check user:acme_admin can_invite_users organization:org_acme --assert true
77
+ workos fga check user:acme_admin can_remove_users organization:org_acme --assert true
78
+ workos fga check user:acme_admin can_view_users organization:org_acme --assert true
79
+
80
+ workos fga check user:acme_member can_invite_users organization:org_acme --assert false
81
+ workos fga check user:acme_member can_remove_users organization:org_acme --assert false
82
+ workos fga check user:acme_member can_view_users organization:org_acme --assert true
83
+ ```
84
+
85
+ Finally, use the `fga resource delete` command to clean up the test data. This makes it easy to re-run tests with a clean environment in the future.
86
+
87
+ ```shell title="Clean up test data"
88
+ workos fga resource delete user:acme_admin
89
+ workos fga resource delete user:acme_member
90
+ workos fga resource delete organization:org_acme
91
+ ```
92
+
93
+ ---
94
+
95
+ ## Debug Your Schema
96
+
97
+ The simplest way to understand (debug) why your schema is (or is not) answering a permission check as you expect it to is via the [Check page](https://fga.workos.com/check) or using the `--debug` flag via the CLI.
98
+
99
+ ### Using the FGA Dashboard
100
+
101
+ To debug a permission check from the FGA dashboard, navigate to the [Check page](https://fga.workos.com/check). Enter valid arguments for the permission check you want to debug and click `Check Access`. The page will display the result of the permission check and a tree visualizing all of the paths in the authorization graph that were explored to reach the result.
102
+
103
+ ### Using the CLI
104
+
105
+ To debug a permission check using the CLI, use the `fga check` command with the `--debug` flag:
106
+
107
+ ```shell title="Debug a permission check"
108
+ workos fga check user:james can_approve_purchase purchase:pur_123 --debug
109
+ ```
110
+
111
+ Permission checks that use the `--debug` flag will output the check result and a tree visualizing all of the paths in the authorization graph that were explored to reach the result.
112
+
113
+ > Note: running the `fga check` command with the `--debug` flag will execute the check without any caching enabled.
114
+
115
+ #### Tests
116
+
117
+ The CLI provides a streamlined way to run multiple tests against your schema using a single `workos fga test command`. The `test` command will set up warrants, perform checks, and handle teardown.
118
+
119
+ It also supports running multiple test files from a directory, allowing you to organize tests in a structure that fits your application.
120
+
121
+ ```yaml title="org-roles.test.yaml"
122
+ setup:
123
+ warrants:
124
+ - subject: user:acme_admin
125
+ relation: role_admin
126
+ resource: organization:org_acme
127
+ - subject: user:acme_member
128
+ relation: role_member
129
+ resource: organization:org_acme
130
+
131
+ tests:
132
+ - name: acme_admin can invite users
133
+ check:
134
+ subject: user:acme_admin
135
+ relation: can_invite_users
136
+ resource: organization:org_acme
137
+ expect: true
138
+
139
+ - name: acme_admin can remove users
140
+ check:
141
+ subject: user:acme_admin
142
+ relation: can_remove_users
143
+ resource: organization:org_acme
144
+ expect: true
145
+
146
+ - name: acme_admin can view users
147
+ check:
148
+ subject: user:acme_admin
149
+ relation: can_view_users
150
+ resource: organization:org_acme
151
+ expect: true
152
+
153
+ - name: acme_member cannot invite users
154
+ check:
155
+ subject: user:acme_member
156
+ relation: can_invite_users
157
+ resource: organization:org_acme
158
+ expect: false
159
+
160
+ - name: acme_member cannot remove users
161
+ check:
162
+ subject: user:acme_member
163
+ relation: can_remove_users
164
+ resource: organization:org_acme
165
+ expect: false
166
+
167
+ - name: acme_member can view users
168
+ check:
169
+ subject: user:acme_member
170
+ relation: can_view_users
171
+ resource: organization:org_acme
172
+ expect: true
173
+
174
+ teardown:
175
+ resources:
176
+ - user:acme_admin
177
+ - user:acme_member
178
+ - organization:org_acme
179
+ ```
180
+
181
+ To run the tests defined in the `schema.test.yaml` file, use the following command:
182
+
183
+ ```shell title="Run tests"
184
+ workos fga test org-roles.test.yaml
185
+ ```
186
+
187
+ > The teardown section is optional and used for cleaning up specific data (resources or warrants). If you want to automatically cleanup **all resources and warrants** created during the test, you can also use the `--cleanup` flag when running the `workos fga test` command.
188
+
189
+ ---
190
+
191
+ ## GitOps Workflow
192
+
193
+ Now that we have a script to test that our schema works as we expect, let's setup a GitHub Action to automatically test changes to the schema and apply the schema if all of the tests pass.
194
+
195
+ ```yaml title=".github/workflows/fga.yaml"
196
+ name: Test FGA Schema
197
+
198
+ on:
199
+ push:
200
+ branches: [main]
201
+
202
+ jobs:
203
+ ci:
204
+ runs-on: ubuntu-latest
205
+ steps:
206
+ - name: Install WorkOS CLI
207
+ uses: workos/cli-action@v1
208
+ with:
209
+ version: latest
210
+ - name: Test Schema
211
+ run: |
212
+ workos fga schema apply schema.txt
213
+ workos fga test tests/org-roles.test.yaml
214
+ env:
215
+ WORKOS_ACTIVE_ENVIRONMENT: staging
216
+ WORKOS_ENVIRONMENTS_HEADLESS_API_KEY: <your_workos_staging_api_key>
217
+ - name: Apply Schema to Production
218
+ if: github.ref == 'main' && github.event_name == 'push'
219
+ run: |
220
+ workos fga schema apply schema.txt
221
+ env:
222
+ WORKOS_ACTIVE_ENVIRONMENT: production
223
+ WORKOS_ENVIRONMENTS_HEADLESS_API_KEY: <your_workos_production_api_key>
224
+ ```