workos 5.24.0__tar.gz → 5.26.1__tar.gz

{workos-5.24.0 → workos-5.26.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: workos
-Version: 5.24.0
+Version: 5.26.1
 Summary: WorkOS Python Client
 Home-page: https://github.com/workos-inc/workos-python
 Author: WorkOS

workos-5.26.1/tests/test_organization_domains.py

@@ -0,0 +1,136 @@
+from typing import Union
+import pytest
+from tests.utils.syncify import syncify
+from workos.organization_domains import AsyncOrganizationDomains, OrganizationDomains
+
+
+@pytest.mark.sync_and_async(OrganizationDomains, AsyncOrganizationDomains)
+class TestOrganizationDomains:
+    @pytest.fixture(autouse=True)
+    def setup(
+        self, module_instance: Union[OrganizationDomains, AsyncOrganizationDomains]
+    ):
+        self.http_client = module_instance._http_client
+        self.organization_domains = module_instance
+
+    @pytest.fixture
+    def mock_organization_domain(self):
+        return {
+            "object": "organization_domain",
+            "id": "org_domain_01EHT88Z8WZEFWYPM6EC9BX2R8",
+            "organization_id": "org_01EHT88Z8J8795GZNQ4ZP1J81T",
+            "domain": "example.com",
+            "state": "pending",
+            "verification_strategy": "dns",
+            "verification_token": "workos_example_verification_token_12345",
+            "verification_prefix": "_workos-challenge",
+            "created_at": "2023-01-01T12:00:00.000Z",
+            "updated_at": "2023-01-01T12:00:00.000Z",
+        }
+
+    @pytest.fixture
+    def mock_organization_domain_verified(self):
+        return {
+            "object": "organization_domain",
+            "id": "org_domain_01EHT88Z8WZEFWYPM6EC9BX2R8",
+            "organization_id": "org_01EHT88Z8J8795GZNQ4ZP1J81T",
+            "domain": "example.com",
+            "state": "verified",
+            "verification_strategy": "dns",
+            "verification_token": "workos_example_verification_token_12345",
+            "verification_prefix": "_workos-challenge",
+            "created_at": "2023-01-01T12:00:00.000Z",
+            "updated_at": "2023-01-01T12:00:00.000Z",
+        }
+
+    def test_get_organization_domain(
+        self, capture_and_mock_http_client_request, mock_organization_domain
+    ):
+        request_kwargs = capture_and_mock_http_client_request(
+            self.http_client,
+            mock_organization_domain,
+            200,
+        )
+
+        organization_domain = syncify(
+            self.organization_domains.get_organization_domain(
+                organization_domain_id="org_domain_01EHT88Z8WZEFWYPM6EC9BX2R8"
+            )
+        )
+
+        assert request_kwargs["url"].endswith(
+            "/organization_domains/org_domain_01EHT88Z8WZEFWYPM6EC9BX2R8"
+        )
+        assert request_kwargs["method"] == "get"
+        assert organization_domain.id == "org_domain_01EHT88Z8WZEFWYPM6EC9BX2R8"
+        assert organization_domain.domain == "example.com"
+        assert organization_domain.state == "pending"
+        assert organization_domain.verification_strategy == "dns"
+
+    def test_create_organization_domain(
+        self, capture_and_mock_http_client_request, mock_organization_domain
+    ):
+        request_kwargs = capture_and_mock_http_client_request(
+            self.http_client,
+            mock_organization_domain,
+            201,
+        )
+
+        organization_domain = syncify(
+            self.organization_domains.create_organization_domain(
+                organization_id="org_01EHT88Z8J8795GZNQ4ZP1J81T",
+                domain="example.com",
+            )
+        )
+
+        assert request_kwargs["url"].endswith("/organization_domains")
+        assert request_kwargs["method"] == "post"
+        assert request_kwargs["json"] == {
+            "organization_id": "org_01EHT88Z8J8795GZNQ4ZP1J81T",
+            "domain": "example.com",
+        }
+        assert organization_domain.id == "org_domain_01EHT88Z8WZEFWYPM6EC9BX2R8"
+        assert organization_domain.domain == "example.com"
+        assert organization_domain.organization_id == "org_01EHT88Z8J8795GZNQ4ZP1J81T"
+
+    def test_verify_organization_domain(
+        self, capture_and_mock_http_client_request, mock_organization_domain_verified
+    ):
+        request_kwargs = capture_and_mock_http_client_request(
+            self.http_client,
+            mock_organization_domain_verified,
+            200,
+        )
+
+        organization_domain = syncify(
+            self.organization_domains.verify_organization_domain(
+                organization_domain_id="org_domain_01EHT88Z8WZEFWYPM6EC9BX2R8"
+            )
+        )
+
+        assert request_kwargs["url"].endswith(
+            "/organization_domains/org_domain_01EHT88Z8WZEFWYPM6EC9BX2R8/verify"
+        )
+        assert request_kwargs["method"] == "post"
+        assert organization_domain.id == "org_domain_01EHT88Z8WZEFWYPM6EC9BX2R8"
+        assert organization_domain.state == "verified"
+
+    def test_delete_organization_domain(self, capture_and_mock_http_client_request):
+        request_kwargs = capture_and_mock_http_client_request(
+            self.http_client,
+            None,
+            204,
+            headers={"content-type": "text/plain; charset=utf-8"},
+        )
+
+        response = syncify(
+            self.organization_domains.delete_organization_domain(
+                organization_domain_id="org_domain_01EHT88Z8WZEFWYPM6EC9BX2R8"
+            )
+        )
+
+        assert request_kwargs["url"].endswith(
+            "/organization_domains/org_domain_01EHT88Z8WZEFWYPM6EC9BX2R8"
+        )
+        assert request_kwargs["method"] == "delete"
+        assert response is None

{workos-5.24.0 → workos-5.26.1}/tests/test_session.py

@@ -2,9 +2,10 @@ import pytest
 from unittest.mock import AsyncMock, Mock, patch
 import jwt
 from datetime import datetime, timezone
+import concurrent.futures
 
 from tests.conftest import with_jwks_mock
-from workos.session import AsyncSession, Session
+from workos.session import AsyncSession, Session, _get_jwks_client
 from workos.types.user_management.authentication_response import (
     RefreshTokenAuthenticationResponse,
 )
@@ -20,6 +21,12 @@ from cryptography.hazmat.primitives.asymmetric import rsa
 
 
 class SessionFixtures:
+    @pytest.fixture(autouse=True)
+    def clear_jwks_cache(self):
+        _get_jwks_client.cache_clear()
+        yield
+        _get_jwks_client.cache_clear()
+
     @pytest.fixture
     def session_constants(self):
         # Generate RSA key pair for testing
@@ -491,3 +498,43 @@ class TestAsyncSession(SessionFixtures):
         response = await session.refresh()
 
         assert isinstance(response, RefreshWithSessionCookieSuccessResponse)
+
+
+class TestJWKSCaching:
+    def test_jwks_client_caching_same_url(self):
+        url = "https://api.workos.com/sso/jwks/test"
+
+        client1 = _get_jwks_client(url)
+        client2 = _get_jwks_client(url)
+
+        # Should be the exact same instance
+        assert client1 is client2
+        assert id(client1) == id(client2)
+
+    def test_jwks_client_caching_different_urls(self):
+        url1 = "https://api.workos.com/sso/jwks/client1"
+        url2 = "https://api.workos.com/sso/jwks/client2"
+
+        client1 = _get_jwks_client(url1)
+        client2 = _get_jwks_client(url2)
+
+        # Should be different instances
+        assert client1 is not client2
+        assert id(client1) != id(client2)
+
+    def test_jwks_cache_thread_safety(self):
+        url = "https://api.workos.com/sso/jwks/thread_test"
+        clients = []
+
+        def get_client():
+            return _get_jwks_client(url)
+
+        with concurrent.futures.ThreadPoolExecutor(max_workers=10) as executor:
+            futures = [executor.submit(get_client) for _ in range(10)]
+            clients = [future.result() for future in futures]
+
+        first_client = clients[0]
+        for client in clients[1:]:
+            assert (
+                client is first_client
+            ), "All concurrent calls should return the same instance"

{workos-5.24.0 → workos-5.26.1}/workos/__about__.py

@@ -12,7 +12,7 @@ __package_name__ = "workos"
 
 __package_url__ = "https://github.com/workos-inc/workos-python"
 
-__version__ = "5.24.0"
+__version__ = "5.26.1"
 
 __author__ = "WorkOS"
 

{workos-5.24.0 → workos-5.26.1}/workos/_base_client.py

@@ -11,6 +11,7 @@ from workos.directory_sync import DirectorySyncModule
 from workos.events import EventsModule
 from workos.mfa import MFAModule
 from workos.organizations import OrganizationsModule
+from workos.organization_domains import OrganizationDomainsModule
 from workos.passwordless import PasswordlessModule
 from workos.portal import PortalModule
 from workos.sso import SSOModule
@@ -88,6 +89,10 @@ class BaseClient(ClientConfiguration):
     @abstractmethod
     def organizations(self) -> OrganizationsModule: ...
 
+    @property
+    @abstractmethod
+    def organization_domains(self) -> OrganizationDomainsModule: ...
+
     @property
     @abstractmethod
     def passwordless(self) -> PasswordlessModule: ...

{workos-5.24.0 → workos-5.26.1}/workos/async_client.py

@@ -7,6 +7,7 @@ from workos.events import AsyncEvents
 from workos.fga import FGAModule
 from workos.mfa import MFAModule
 from workos.organizations import AsyncOrganizations
+from workos.organization_domains import AsyncOrganizationDomains
 from workos.passwordless import PasswordlessModule
 from workos.portal import PortalModule
 from workos.sso import AsyncSSO
@@ -80,6 +81,14 @@ class AsyncClient(BaseClient):
             self._organizations = AsyncOrganizations(self._http_client)
         return self._organizations
 
+    @property
+    def organization_domains(self) -> AsyncOrganizationDomains:
+        if not getattr(self, "_organization_domains", None):
+            self._organization_domains = AsyncOrganizationDomains(
+                http_client=self._http_client, client_configuration=self
+            )
+        return self._organization_domains
+
     @property
     def passwordless(self) -> PasswordlessModule:
         raise NotImplementedError(

{workos-5.24.0 → workos-5.26.1}/workos/client.py

@@ -5,6 +5,7 @@ from workos.audit_logs import AuditLogs
 from workos.directory_sync import DirectorySync
 from workos.fga import FGA
 from workos.organizations import Organizations
+from workos.organization_domains import OrganizationDomains
 from workos.passwordless import Passwordless
 from workos.portal import Portal
 from workos.sso import SSO
@@ -80,6 +81,14 @@ class SyncClient(BaseClient):
             self._organizations = Organizations(self._http_client)
         return self._organizations
 
+    @property
+    def organization_domains(self) -> OrganizationDomains:
+        if not getattr(self, "_organization_domains", None):
+            self._organization_domains = OrganizationDomains(
+                http_client=self._http_client, client_configuration=self
+            )
+        return self._organization_domains
+
     @property
     def passwordless(self) -> Passwordless:
         if not getattr(self, "_passwordless", None):

workos-5.26.1/workos/organization_domains.py

@@ -0,0 +1,179 @@
+from typing import Protocol
+from workos._client_configuration import ClientConfiguration
+from workos.types.organization_domains import OrganizationDomain
+from workos.typing.sync_or_async import SyncOrAsync
+from workos.utils.http_client import AsyncHTTPClient, SyncHTTPClient
+from workos.utils.request_helper import (
+    REQUEST_METHOD_DELETE,
+    REQUEST_METHOD_GET,
+    REQUEST_METHOD_POST,
+)
+
+
+class OrganizationDomainsModule(Protocol):
+    """Offers methods for managing organization domains."""
+
+    _client_configuration: ClientConfiguration
+
+    def get_organization_domain(
+        self, organization_domain_id: str
+    ) -> SyncOrAsync[OrganizationDomain]:
+        """Gets a single Organization Domain
+
+        Args:
+            organization_domain_id (str): Organization Domain unique identifier
+
+        Returns:
+            OrganizationDomain: Organization Domain response from WorkOS
+        """
+        ...
+
+    def create_organization_domain(
+        self,
+        organization_id: str,
+        domain: str,
+    ) -> SyncOrAsync[OrganizationDomain]:
+        """Creates an Organization Domain
+
+        Args:
+            organization_id (str): Organization unique identifier
+            domain (str): Domain to be added to the organization
+
+        Returns:
+            OrganizationDomain: Organization Domain response from WorkOS
+        """
+        ...
+
+    def verify_organization_domain(
+        self, organization_domain_id: str
+    ) -> SyncOrAsync[OrganizationDomain]:
+        """Verifies an Organization Domain
+
+        Args:
+            organization_domain_id (str): Organization Domain unique identifier
+
+        Returns:
+            OrganizationDomain: Organization Domain response from WorkOS
+        """
+        ...
+
+    def delete_organization_domain(
+        self, organization_domain_id: str
+    ) -> SyncOrAsync[None]:
+        """Deletes a single Organization Domain
+
+        Args:
+            organization_domain_id (str): Organization Domain unique identifier
+
+        Returns:
+            None
+        """
+        ...
+
+
+class OrganizationDomains:
+    """Offers methods for managing organization domains."""
+
+    _http_client: SyncHTTPClient
+    _client_configuration: ClientConfiguration
+
+    def __init__(
+        self,
+        http_client: SyncHTTPClient,
+        client_configuration: ClientConfiguration,
+    ):
+        self._http_client = http_client
+        self._client_configuration = client_configuration
+
+    def get_organization_domain(
+        self, organization_domain_id: str
+    ) -> OrganizationDomain:
+        response = self._http_client.request(
+            f"organization_domains/{organization_domain_id}",
+            method=REQUEST_METHOD_GET,
+        )
+
+        return OrganizationDomain.model_validate(response)
+
+    def create_organization_domain(
+        self,
+        organization_id: str,
+        domain: str,
+    ) -> OrganizationDomain:
+        response = self._http_client.request(
+            "organization_domains",
+            method=REQUEST_METHOD_POST,
+            json={"organization_id": organization_id, "domain": domain},
+        )
+
+        return OrganizationDomain.model_validate(response)
+
+    def verify_organization_domain(
+        self, organization_domain_id: str
+    ) -> OrganizationDomain:
+        response = self._http_client.request(
+            f"organization_domains/{organization_domain_id}/verify",
+            method=REQUEST_METHOD_POST,
+        )
+
+        return OrganizationDomain.model_validate(response)
+
+    def delete_organization_domain(self, organization_domain_id: str) -> None:
+        self._http_client.request(
+            f"organization_domains/{organization_domain_id}",
+            method=REQUEST_METHOD_DELETE,
+        )
+
+
+class AsyncOrganizationDomains:
+    """Offers async methods for managing organization domains."""
+
+    _http_client: AsyncHTTPClient
+    _client_configuration: ClientConfiguration
+
+    def __init__(
+        self,
+        http_client: AsyncHTTPClient,
+        client_configuration: ClientConfiguration,
+    ):
+        self._http_client = http_client
+        self._client_configuration = client_configuration
+
+    async def get_organization_domain(
+        self, organization_domain_id: str
+    ) -> OrganizationDomain:
+        response = await self._http_client.request(
+            f"organization_domains/{organization_domain_id}",
+            method=REQUEST_METHOD_GET,
+        )
+
+        return OrganizationDomain.model_validate(response)
+
+    async def create_organization_domain(
+        self,
+        organization_id: str,
+        domain: str,
+    ) -> OrganizationDomain:
+        response = await self._http_client.request(
+            "organization_domains",
+            method=REQUEST_METHOD_POST,
+            json={"organization_id": organization_id, "domain": domain},
+        )
+
+        return OrganizationDomain.model_validate(response)
+
+    async def verify_organization_domain(
+        self, organization_domain_id: str
+    ) -> OrganizationDomain:
+        response = await self._http_client.request(
+            f"organization_domains/{organization_domain_id}/verify",
+            method=REQUEST_METHOD_POST,
+        )
+
+        return OrganizationDomain.model_validate(response)
+
+    async def delete_organization_domain(self, organization_domain_id: str) -> None:
+        await self._http_client.request(
+            f"organization_domains/{organization_domain_id}",
+            method=REQUEST_METHOD_DELETE,
+        )

{workos-5.24.0 → workos-5.26.1}/workos/session.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 from typing import TYPE_CHECKING, List, Protocol
 
+from functools import lru_cache
 import json
 from typing import Any, Dict, Optional, Union, cast
 import jwt
@@ -21,6 +22,11 @@ if TYPE_CHECKING:
     from workos.user_management import AsyncUserManagement, UserManagement
 
 
+@lru_cache(maxsize=None)
+def _get_jwks_client(jwks_url: str) -> PyJWKClient:
+    return PyJWKClient(jwks_url)
+
+
 class SessionModule(Protocol):
     user_management: "UserManagementModule"
     client_id: str
@@ -46,7 +52,7 @@ class SessionModule(Protocol):
         self.session_data = session_data
         self.cookie_password = cookie_password
 
-        self.jwks = PyJWKClient(self.user_management.get_jwks_url())
+        self.jwks = _get_jwks_client(self.user_management.get_jwks_url())
 
         # Algorithms are hardcoded for security reasons. See https://pyjwt.readthedocs.io/en/stable/algorithms.html#specifying-an-algorithm
         self.jwk_algorithms = ["RS256"]
@@ -164,7 +170,7 @@ class Session(SessionModule):
         self.session_data = session_data
         self.cookie_password = cookie_password
 
-        self.jwks = PyJWKClient(self.user_management.get_jwks_url())
+        self.jwks = _get_jwks_client(self.user_management.get_jwks_url())
 
         # Algorithms are hardcoded for security reasons. See https://pyjwt.readthedocs.io/en/stable/algorithms.html#specifying-an-algorithm
         self.jwk_algorithms = ["RS256"]
@@ -254,7 +260,7 @@ class AsyncSession(SessionModule):
         self.session_data = session_data
         self.cookie_password = cookie_password
 
-        self.jwks = PyJWKClient(self.user_management.get_jwks_url())
+        self.jwks = _get_jwks_client(self.user_management.get_jwks_url())
 
         # Algorithms are hardcoded for security reasons. See https://pyjwt.readthedocs.io/en/stable/algorithms.html#specifying-an-algorithm
         self.jwk_algorithms = ["RS256"]

{workos-5.24.0 → workos-5.26.1}/workos/types/events/event.py

@@ -38,7 +38,7 @@ from workos.types.events.organization_domain_verification_failed_payload import
 )
 from workos.types.events.session_created_payload import SessionCreatedPayload
 from workos.types.organizations.organization_common import OrganizationCommon
-from workos.types.organizations.organization_domain import OrganizationDomain
+from workos.types.organization_domains import OrganizationDomain
 from workos.types.roles.role import EventRole
 from workos.types.sso.connection import Connection
 from workos.types.user_management.email_verification import (

{workos-5.24.0 → workos-5.26.1}/workos/types/events/event_model.py

@@ -37,7 +37,7 @@ from workos.types.events.organization_domain_verification_failed_payload import
 )
 from workos.types.events.session_created_payload import SessionCreatedPayload
 from workos.types.organizations.organization_common import OrganizationCommon
-from workos.types.organizations.organization_domain import OrganizationDomain
+from workos.types.organization_domains import OrganizationDomain
 from workos.types.roles.role import EventRole
 from workos.types.sso.connection import Connection
 from workos.types.user_management.email_verification import (

{workos-5.24.0 → workos-5.26.1}/workos/types/events/organization_domain_verification_failed_payload.py

@@ -1,6 +1,6 @@
 from typing import Literal
 from workos.types.workos_model import WorkOSModel
-from workos.types.organizations.organization_domain import OrganizationDomain
+from workos.types.organization_domains import OrganizationDomain
 from workos.typing.literals import LiteralOrUntyped
 
 

workos-5.26.1/workos/types/organization_domains/__init__.py

@@ -0,0 +1 @@
+from .organization_domain import *

workos-5.26.1/workos/types/organizations/__init__.py

@@ -0,0 +1,6 @@
+from .domain_data_input import *
+from .organization_common import *
+from .organization import *
+
+# re-exported for backwards compatibility, can be removed after version 6.0.0
+from workos.types.organization_domains import OrganizationDomain

{workos-5.24.0 → workos-5.26.1}/workos/types/organizations/organization.py

@@ -2,7 +2,7 @@ from dataclasses import field
 from typing import Optional, Sequence
 from workos.types.metadata import Metadata
 from workos.types.organizations.organization_common import OrganizationCommon
-from workos.types.organizations.organization_domain import OrganizationDomain
+from workos.types.organization_domains import OrganizationDomain
 
 
 class Organization(OrganizationCommon):

{workos-5.24.0 → workos-5.26.1}/workos/types/organizations/organization_common.py

@@ -1,6 +1,6 @@
 from typing import Literal, Sequence
 from workos.types.workos_model import WorkOSModel
-from workos.types.organizations.organization_domain import OrganizationDomain
+from workos.types.organization_domains import OrganizationDomain
 
 
 class OrganizationCommon(WorkOSModel):

{workos-5.24.0 → workos-5.26.1}/workos/types/webhooks/webhook.py

@@ -38,7 +38,7 @@ from workos.types.events.organization_domain_verification_failed_payload import
 )
 from workos.types.events.session_created_payload import SessionCreatedPayload
 from workos.types.organizations.organization_common import OrganizationCommon
-from workos.types.organizations.organization_domain import OrganizationDomain
+from workos.types.organization_domains import OrganizationDomain
 from workos.types.roles.role import EventRole
 from workos.types.sso.connection import Connection
 from workos.types.user_management.email_verification import (

{workos-5.24.0 → workos-5.26.1}/workos.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: workos
-Version: 5.24.0
+Version: 5.26.1
 Summary: WorkOS Python Client
 Home-page: https://github.com/workos-inc/workos-python
 Author: WorkOS

{workos-5.24.0 → workos-5.26.1}/workos.egg-info/SOURCES.txt

@@ -8,6 +8,7 @@ tests/test_directory_sync.py
 tests/test_events.py
 tests/test_fga.py
 tests/test_mfa.py
+tests/test_organization_domains.py
 tests/test_organizations.py
 tests/test_passwordless.py
 tests/test_portal.py
@@ -30,6 +31,7 @@ workos/events.py
 workos/exceptions.py
 workos/fga.py
 workos/mfa.py
+workos/organization_domains.py
 workos/organizations.py
 workos/passwordless.py
 workos/portal.py
@@ -92,12 +94,13 @@ workos/types/mfa/authentication_challenge_verification_response.py
 workos/types/mfa/authentication_factor.py
 workos/types/mfa/authentication_factor_totp_and_challenge_response.py
 workos/types/mfa/enroll_authentication_factor_type.py
+workos/types/organization_domains/__init__.py
+workos/types/organization_domains/organization_domain.py
 workos/types/organizations/__init__.py
 workos/types/organizations/domain_data_input.py
 workos/types/organizations/list_filters.py
 workos/types/organizations/organization.py
 workos/types/organizations/organization_common.py
-workos/types/organizations/organization_domain.py
 workos/types/passwordless/__init__.py
 workos/types/passwordless/passwordless_session.py
 workos/types/passwordless/passwordless_session_type.py

workos-5.24.0/workos/types/organizations/__init__.py

@@ -1,4 +0,0 @@
-from .domain_data_input import *
-from .organization_common import *
-from .organization_domain import *
-from .organization import *