workos 1.5.1__py3-none-any.whl → 5.38.0__py3-none-any.whl

workos/types/mfa/authentication_factor.py

@@ -0,0 +1,70 @@
+from typing import Literal, Optional, Union
+
+from workos.types.workos_model import WorkOSModel
+from workos.types.mfa.enroll_authentication_factor_type import (
+    SmsAuthenticationFactorType,
+    TotpAuthenticationFactorType,
+)
+from workos.typing.literals import LiteralOrUntyped
+
+
+AuthenticationFactorType = Literal[
+    "generic_otp", SmsAuthenticationFactorType, TotpAuthenticationFactorType
+]
+
+
+class TotpFactor(WorkOSModel):
+    """Representation of a TOTP factor when returned in list resources and sessions."""
+
+    issuer: str
+    user: str
+
+
+class ExtendedTotpFactor(TotpFactor):
+    """Representation of a TOTP factor when returned when enrolling an authentication factor."""
+
+    qr_code: str
+    secret: str
+    uri: str
+
+
+class SmsFactor(WorkOSModel):
+    phone_number: str
+
+
+class AuthenticationFactorBase(WorkOSModel):
+    """Representation of a MFA Authentication Factor Response as returned by WorkOS through the MFA feature."""
+
+    object: Literal["authentication_factor"]
+    id: str
+    created_at: str
+    updated_at: str
+    type: LiteralOrUntyped[AuthenticationFactorType]
+    user_id: Optional[str] = None
+
+
+class AuthenticationFactorTotp(AuthenticationFactorBase):
+    """Representation of a MFA Authentication Factor Response as returned by WorkOS through the MFA feature."""
+
+    type: TotpAuthenticationFactorType
+    totp: TotpFactor
+
+
+class AuthenticationFactorTotpExtended(AuthenticationFactorBase):
+    """Representation of a MFA Authentication Factor Response when enrolling an authentication factor."""
+
+    type: TotpAuthenticationFactorType
+    totp: ExtendedTotpFactor
+
+
+class AuthenticationFactorSms(AuthenticationFactorBase):
+    """Representation of a SMS Authentication Factor Response as returned by WorkOS through the MFA feature."""
+
+    type: SmsAuthenticationFactorType
+    sms: SmsFactor
+
+
+AuthenticationFactor = Union[AuthenticationFactorTotp, AuthenticationFactorSms]
+AuthenticationFactorExtended = Union[
+    AuthenticationFactorTotpExtended, AuthenticationFactorSms
+]

workos/types/mfa/authentication_factor_totp_and_challenge_response.py

@@ -0,0 +1,10 @@
+from workos.types.workos_model import WorkOSModel
+from workos.types.mfa.authentication_challenge import AuthenticationChallenge
+from workos.types.mfa.authentication_factor import AuthenticationFactorTotpExtended
+
+
+class AuthenticationFactorTotpAndChallengeResponse(WorkOSModel):
+    """Representation of an authentication factor and authentication challenge response as returned by WorkOS through User Management features."""
+
+    authentication_factor: AuthenticationFactorTotpExtended
+    authentication_challenge: AuthenticationChallenge

workos/types/mfa/enroll_authentication_factor_type.py

@@ -0,0 +1,8 @@
+from typing import Literal
+
+SmsAuthenticationFactorType = Literal["sms"]
+TotpAuthenticationFactorType = Literal["totp"]
+
+EnrollAuthenticationFactorType = Literal[
+    SmsAuthenticationFactorType, TotpAuthenticationFactorType
+]

workos/types/organization_domains/__init__.py

@@ -0,0 +1 @@
+from .organization_domain import *

workos/types/organization_domains/organization_domain.py

@@ -0,0 +1,18 @@
+from typing import Literal, Optional
+from workos.types.workos_model import WorkOSModel
+from workos.typing.literals import LiteralOrUntyped
+
+
+class OrganizationDomain(WorkOSModel):
+    id: str
+    organization_id: str
+    object: Literal["organization_domain"]
+    domain: str
+    state: Optional[
+        LiteralOrUntyped[Literal["failed", "pending", "legacy_verified", "verified"]]
+    ] = None
+    verification_strategy: Optional[LiteralOrUntyped[Literal["manual", "dns"]]] = None
+    verification_token: Optional[str] = None
+    verification_prefix: Optional[str] = None
+    created_at: str
+    updated_at: str

workos/types/organizations/__init__.py

@@ -0,0 +1,6 @@
+from .domain_data_input import *
+from .organization_common import *
+from .organization import *
+
+# re-exported for backwards compatibility, can be removed after version 6.0.0
+from workos.types.organization_domains import OrganizationDomain

workos/types/organizations/domain_data_input.py

@@ -0,0 +1,7 @@
+from typing import Literal
+from typing_extensions import TypedDict
+
+
+class DomainDataInput(TypedDict):
+    domain: str
+    state: Literal["verified", "pending"]

workos/types/organizations/list_filters.py

@@ -0,0 +1,6 @@
+from typing import Optional, Sequence
+from workos.types.list_resource import ListArgs
+
+
+class OrganizationListFilters(ListArgs, total=False):
+    domains: Optional[Sequence[str]]

workos/types/organizations/organization.py

@@ -0,0 +1,13 @@
+from dataclasses import field
+from typing import Optional, Sequence
+from workos.types.metadata import Metadata
+from workos.types.organizations.organization_common import OrganizationCommon
+from workos.types.organization_domains import OrganizationDomain
+
+
+class Organization(OrganizationCommon):
+    allow_profiles_outside_organization: bool
+    domains: Sequence[OrganizationDomain]
+    stripe_customer_id: Optional[str] = None
+    external_id: Optional[str] = None
+    metadata: Metadata = field(default_factory=dict)

workos/types/organizations/organization_common.py

@@ -0,0 +1,12 @@
+from typing import Literal, Sequence
+from workos.types.workos_model import WorkOSModel
+from workos.types.organization_domains import OrganizationDomain
+
+
+class OrganizationCommon(WorkOSModel):
+    id: str
+    object: Literal["organization"]
+    name: str
+    domains: Sequence[OrganizationDomain]
+    created_at: str
+    updated_at: str

workos/types/passwordless/__init__.py

@@ -0,0 +1,2 @@
+from .passwordless_session_type import *
+from .passwordless_session import *

workos/types/passwordless/passwordless_session.py

@@ -0,0 +1,12 @@
+from typing import Literal
+from workos.types.workos_model import WorkOSModel
+
+
+class PasswordlessSession(WorkOSModel):
+    """Representation of a WorkOS Passwordless Session Response."""
+
+    object: Literal["passwordless_session"]
+    id: str
+    email: str
+    expires_at: str
+    link: str

workos/types/passwordless/passwordless_session_type.py

@@ -0,0 +1,3 @@
+from typing import Literal
+
+PasswordlessSessionType = Literal["MagicLink"]

workos/types/pipes/__init__.py

@@ -0,0 +1,6 @@
+from workos.types.pipes.pipes import (
+    AccessToken as AccessToken,
+    GetAccessTokenFailureResponse as GetAccessTokenFailureResponse,
+    GetAccessTokenResponse as GetAccessTokenResponse,
+    GetAccessTokenSuccessResponse as GetAccessTokenSuccessResponse,
+)

workos/types/pipes/pipes.py

@@ -0,0 +1,34 @@
+from datetime import datetime
+from typing import Literal, Optional, Sequence, Union
+
+from workos.types.workos_model import WorkOSModel
+
+
+class AccessToken(WorkOSModel):
+    """Represents an OAuth access token for a third-party provider."""
+
+    object: Literal["access_token"]
+    access_token: str
+    expires_at: Optional[datetime] = None
+    scopes: Sequence[str]
+    missing_scopes: Sequence[str]
+
+
+class GetAccessTokenSuccessResponse(WorkOSModel):
+    """Successful response containing the access token."""
+
+    active: Literal[True]
+    access_token: AccessToken
+
+
+class GetAccessTokenFailureResponse(WorkOSModel):
+    """Failed response indicating why the token couldn't be retrieved."""
+
+    active: Literal[False]
+    error: Literal["not_installed", "needs_reauthorization"]
+
+
+GetAccessTokenResponse = Union[
+    GetAccessTokenSuccessResponse,
+    GetAccessTokenFailureResponse,
+]

workos/types/portal/__init__.py

@@ -0,0 +1,2 @@
+from .portal_link_intent import *
+from .portal_link import *

workos/types/portal/portal_link.py

@@ -0,0 +1,7 @@
+from workos.types.workos_model import WorkOSModel
+
+
+class PortalLink(WorkOSModel):
+    """Representation of an WorkOS generate portal link response."""
+
+    link: str

workos/types/portal/portal_link_intent.py

@@ -0,0 +1,11 @@
+from typing import Literal
+
+
+PortalLinkIntent = Literal[
+    "audit_logs",
+    "certificate_renewal",
+    "domain_verification",
+    "dsync",
+    "log_streams",
+    "sso",
+]

workos/types/portal/portal_link_intent_options.py

@@ -0,0 +1,9 @@
+from typing import TypedDict
+
+
+class SsoIntentOptions(TypedDict):
+    bookmark_slug: str
+
+
+class IntentOptions(TypedDict):
+    sso: SsoIntentOptions

workos/types/roles/role.py

@@ -0,0 +1,27 @@
+from typing import Literal, Optional, Sequence
+from workos.types.workos_model import WorkOSModel
+
+RoleType = Literal["EnvironmentRole", "OrganizationRole"]
+
+
+class RoleCommon(WorkOSModel):
+    object: Literal["role"]
+    slug: str
+
+
+class EventRole(RoleCommon):
+    permissions: Optional[Sequence[str]] = None
+
+
+class Role(RoleCommon):
+    id: str
+    name: str
+    description: Optional[str] = None
+    type: RoleType
+    created_at: str
+    updated_at: str
+
+
+class RoleList(WorkOSModel):
+    object: Literal["list"]
+    data: Sequence[Role]

workos/types/sso/__init__.py

@@ -0,0 +1,4 @@
+from .connection_domain import *
+from .connection import *
+from .profile import *
+from .sso_provider_type import *

workos/types/sso/connection.py

@@ -0,0 +1,70 @@
+from typing import Literal, Sequence, Optional
+from workos.types.sso.connection_domain import ConnectionDomain
+from workos.types.workos_model import WorkOSModel
+from workos.typing.literals import LiteralOrUntyped
+
+ConnectionState = Literal[
+    "active", "deleting", "inactive", "requires_type", "validating"
+]
+
+ConnectionType = Literal[
+    "ADFSSAML",
+    "AdpOidc",
+    "AppleOAuth",
+    "Auth0SAML",
+    "AzureSAML",
+    "CasSAML",
+    "CloudflareSAML",
+    "ClassLinkSAML",
+    "CyberArkSAML",
+    "DuoSAML",
+    "GenericOIDC",
+    "GenericSAML",
+    "GitHubOAuth",
+    "GoogleOAuth",
+    "GoogleSAML",
+    "JumpCloudSAML",
+    "KeycloakSAML",
+    "LastPassSAML",
+    "LoginGovOidc",
+    "MagicLink",
+    "MicrosoftOAuth",
+    "MiniOrangeSAML",
+    "NetIqSAML",
+    "OktaSAML",
+    "OneLoginSAML",
+    "OracleSAML",
+    "PingFederateSAML",
+    "PingOneSAML",
+    "RipplingSAML",
+    "SalesforceOAuth",
+    "SalesforceSAML",
+    "ShibbolethGenericSAML",
+    "ShibbolethSAML",
+    "SimpleSamlPhpSAML",
+    "VMwareSAML",
+]
+
+
+class SamlConnectionOptions(WorkOSModel):
+    """Representation of options payload of a Connection Response."""
+
+    signing_cert: Optional[str]
+
+
+class Connection(WorkOSModel):
+    object: Literal["connection"]
+    id: str
+    organization_id: Optional[str] = None
+    connection_type: LiteralOrUntyped[ConnectionType]
+    name: str
+    state: LiteralOrUntyped[ConnectionState]
+    created_at: str
+    updated_at: str
+    options: Optional[SamlConnectionOptions] = None
+
+
+class ConnectionWithDomains(Connection):
+    """Representation of a Connection Response as returned by WorkOS through the SSO feature."""
+
+    domains: Sequence[ConnectionDomain]

workos/types/sso/connection_domain.py

@@ -0,0 +1,8 @@
+from typing import Literal
+from workos.types.workos_model import WorkOSModel
+
+
+class ConnectionDomain(WorkOSModel):
+    object: Literal["connection_domain"]
+    id: str
+    domain: str

workos/types/sso/profile.py

@@ -0,0 +1,35 @@
+from typing import Any, Literal, Mapping, Optional, Sequence
+from workos.types.sso.connection import ConnectionType
+from workos.types.workos_model import WorkOSModel
+from workos.typing.literals import LiteralOrUntyped
+from typing_extensions import TypedDict
+
+
+class ProfileRole(TypedDict):
+    slug: str
+
+
+class Profile(WorkOSModel):
+    """Representation of a User Profile as returned by WorkOS through the SSO feature."""
+
+    object: Literal["profile"]
+    id: str
+    connection_id: str
+    connection_type: LiteralOrUntyped[ConnectionType]
+    organization_id: Optional[str] = None
+    email: str
+    first_name: Optional[str] = None
+    last_name: Optional[str] = None
+    idp_id: str
+    role: Optional[ProfileRole] = None
+    roles: Optional[Sequence[ProfileRole]] = None
+    groups: Optional[Sequence[str]] = None
+    custom_attributes: Optional[Mapping[str, Any]] = None
+    raw_attributes: Optional[Mapping[str, Any]] = None
+
+
+class ProfileAndToken(WorkOSModel):
+    """Representation of a User Profile and Access Token as returned by WorkOS through the SSO feature."""
+
+    access_token: str
+    profile: Profile

workos/types/sso/sso_provider_type.py

@@ -0,0 +1,10 @@
+from typing import Literal
+
+
+SsoProviderType = Literal[
+    "AppleOAuth",
+    "GitHubOAuth",
+    "GoogleOAuth",
+    "MicrosoftOAuth",
+    "SalesforceOAuth",
+]

workos/types/user_management/__init__.py

@@ -0,0 +1,12 @@
+from .authenticate_with_common import *
+from .authentication_response import *
+from .email_verification import *
+from .impersonator import *
+from .invitation import *
+from .magic_auth import *
+from .organization_membership import *
+from .password_hash_type import *
+from .password_reset import *
+from .user_management_provider_type import *
+from .user import *
+from .session import *

workos/types/user_management/authenticate_with_common.py

@@ -0,0 +1,66 @@
+from typing import Literal, Union
+from typing_extensions import TypedDict
+from workos.types.user_management.session import SessionConfig
+
+
+class AuthenticateWithBaseParameters(TypedDict):
+    ip_address: Union[str, None]
+    user_agent: Union[str, None]
+
+
+class AuthenticateWithPasswordParameters(AuthenticateWithBaseParameters):
+    email: str
+    password: str
+    grant_type: Literal["password"]
+
+
+class AuthenticateWithCodeParameters(AuthenticateWithBaseParameters):
+    code: str
+    code_verifier: Union[str, None]
+    grant_type: Literal["authorization_code"]
+    session: Union[SessionConfig, None]
+    invitation_token: Union[str, None]
+
+
+class AuthenticateWithMagicAuthParameters(AuthenticateWithBaseParameters):
+    code: str
+    email: str
+    link_authorization_code: Union[str, None]
+    grant_type: Literal["urn:workos:oauth:grant-type:magic-auth:code"]
+
+
+class AuthenticateWithEmailVerificationParameters(AuthenticateWithBaseParameters):
+    code: str
+    pending_authentication_token: str
+    grant_type: Literal["urn:workos:oauth:grant-type:email-verification:code"]
+
+
+class AuthenticateWithTotpParameters(AuthenticateWithBaseParameters):
+    code: str
+    authentication_challenge_id: str
+    pending_authentication_token: str
+    grant_type: Literal["urn:workos:oauth:grant-type:mfa-totp"]
+
+
+class AuthenticateWithOrganizationSelectionParameters(AuthenticateWithBaseParameters):
+    organization_id: str
+    pending_authentication_token: str
+    grant_type: Literal["urn:workos:oauth:grant-type:organization-selection"]
+
+
+class AuthenticateWithRefreshTokenParameters(AuthenticateWithBaseParameters):
+    refresh_token: str
+    organization_id: Union[str, None]
+    grant_type: Literal["refresh_token"]
+    session: Union[SessionConfig, None]
+
+
+AuthenticateWithParameters = Union[
+    AuthenticateWithPasswordParameters,
+    AuthenticateWithCodeParameters,
+    AuthenticateWithMagicAuthParameters,
+    AuthenticateWithEmailVerificationParameters,
+    AuthenticateWithTotpParameters,
+    AuthenticateWithOrganizationSelectionParameters,
+    AuthenticateWithRefreshTokenParameters,
+]

workos/types/user_management/authentication_response.py

@@ -0,0 +1,53 @@
+from typing import Literal, Optional, TypeVar
+from workos.types.user_management.impersonator import Impersonator
+from workos.types.user_management.oauth_tokens import OAuthTokens
+from workos.types.user_management.user import User
+from workos.types.workos_model import WorkOSModel
+
+
+AuthenticationMethod = Literal[
+    "SSO",
+    "Password",
+    "Passkey",
+    "AppleOAuth",
+    "GitHubOAuth",
+    "GoogleOAuth",
+    "MicrosoftOAuth",
+    "SalesforceOAuth",
+    "MagicAuth",
+    "Impersonation",
+]
+
+
+class _AuthenticationResponseBase(WorkOSModel):
+    access_token: str
+    refresh_token: str
+
+
+class AuthenticationResponse(_AuthenticationResponseBase):
+    """Representation of a WorkOS User and Organization ID response."""
+
+    authentication_method: Optional[AuthenticationMethod] = None
+    impersonator: Optional[Impersonator] = None
+    organization_id: Optional[str] = None
+    user: User
+    sealed_session: Optional[str] = None
+
+
+class AuthKitAuthenticationResponse(AuthenticationResponse):
+    """Representation of a WorkOS User and Organization ID response."""
+
+    impersonator: Optional[Impersonator] = None
+    oauth_tokens: Optional[OAuthTokens] = None
+
+
+class RefreshTokenAuthenticationResponse(AuthenticationResponse):
+    """Representation of a WorkOS refresh token authentication response."""
+
+    pass
+
+
+AuthenticationResponseType = TypeVar(
+    "AuthenticationResponseType",
+    bound=_AuthenticationResponseBase,
+)

workos/types/user_management/email_verification.py

@@ -0,0 +1,18 @@
+from typing import Literal
+from workos.types.workos_model import WorkOSModel
+
+
+class EmailVerificationCommon(WorkOSModel):
+    object: Literal["email_verification"]
+    id: str
+    user_id: str
+    email: str
+    expires_at: str
+    created_at: str
+    updated_at: str
+
+
+class EmailVerification(EmailVerificationCommon):
+    """Representation of a WorkOS EmailVerification object."""
+
+    code: str

workos/types/user_management/impersonator.py

@@ -0,0 +1,8 @@
+from workos.types.workos_model import WorkOSModel
+
+
+class Impersonator(WorkOSModel):
+    """Representation of a WorkOS Dashboard member impersonating a user"""
+
+    email: str
+    reason: str

workos/types/user_management/invitation.py

@@ -0,0 +1,26 @@
+from typing import Literal, Optional
+from workos.types.workos_model import WorkOSModel
+from workos.typing.literals import LiteralOrUntyped
+
+InvitationState = Literal["accepted", "expired", "pending", "revoked"]
+
+
+class InvitationCommon(WorkOSModel):
+    object: Literal["invitation"]
+    id: str
+    email: str
+    state: LiteralOrUntyped[InvitationState]
+    accepted_at: Optional[str] = None
+    revoked_at: Optional[str] = None
+    expires_at: str
+    organization_id: Optional[str] = None
+    inviter_user_id: Optional[str] = None
+    created_at: str
+    updated_at: str
+
+
+class Invitation(InvitationCommon):
+    """Representation of a WorkOS Invitation as returned."""
+
+    token: str
+    accept_invitation_url: str

workos/types/user_management/list_filters.py

@@ -0,0 +1,29 @@
+from typing import Optional, Sequence
+from workos.types.list_resource import ListArgs
+from workos.types.user_management.organization_membership import (
+    OrganizationMembershipStatus,
+)
+
+
+class UsersListFilters(ListArgs, total=False):
+    email: Optional[str]
+    organization_id: Optional[str]
+
+
+class InvitationsListFilters(ListArgs, total=False):
+    email: Optional[str]
+    organization_id: Optional[str]
+
+
+class OrganizationMembershipsListFilters(ListArgs, total=False):
+    user_id: Optional[str]
+    organization_id: Optional[str]
+    statuses: Optional[Sequence[OrganizationMembershipStatus]]
+
+
+class AuthenticationFactorsListFilters(ListArgs, total=False):
+    user_id: str
+
+
+class SessionsListFilters(ListArgs, total=False):
+    user_id: str

workos/types/user_management/magic_auth.py

@@ -0,0 +1,18 @@
+from typing import Literal
+from workos.types.workos_model import WorkOSModel
+
+
+class MagicAuthCommon(WorkOSModel):
+    object: Literal["magic_auth"]
+    id: str
+    user_id: str
+    email: str
+    expires_at: str
+    created_at: str
+    updated_at: str
+
+
+class MagicAuth(MagicAuthCommon):
+    """Representation of a WorkOS MagicAuth object."""
+
+    code: str