PyPI - workos - Versions diffs - 5.37.0__tar.gz → 5.38.1__tar.gz - Mend

workos 5.37.0tar.gz → 5.38.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (170) hide show

{workos-5.37.0 → workos-5.38.1}/PKG-INFO RENAMED Viewed

@@ -1,25 +1,20 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: workos
-Version: 5.37.0
+Version: 5.38.1
 Summary: WorkOS Python Client
-Home-page: https://github.com/workos-inc/workos-python
 Author: WorkOS
-Author-email: team@workos.com
-License: MIT
-Classifier: Development Status :: 5 - Production/Stable
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Operating System :: OS Independent
-Classifier: Programming Language :: Python
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.8
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
+Author-email: WorkOS <team@workos.com>
+License-Expression: MIT
+Requires-Dist: cryptography>=44.0.2
+Requires-Dist: httpx~=0.28.1
+Requires-Dist: pydantic>=2.10.4
+Requires-Dist: pyjwt>=2.10.0 ; python_full_version >= '3.9'
+Requires-Dist: pyjwt>=2.9.0,<2.10 ; python_full_version == '3.8.*'
+Requires-Python: >=3.8
+Project-URL: Changelog, https://workos.com/docs/sdks/python
+Project-URL: Documentation, https://workos.com/docs/reference
+Project-URL: Homepage, https://workos.com/docs/sdks/python
 Description-Content-Type: text/markdown
-Provides-Extra: dev
-License-File: LICENSE
 # WorkOS Python Library
@@ -43,7 +38,7 @@ pip install workos
 To install from source, clone the repo and run the following:
 ```
-python setup.py install
+python -m pip install .
 ```
 ## Configuration

{workos-5.37.0 → workos-5.38.1}/README.md RENAMED Viewed

@@ -20,7 +20,7 @@ pip install workos
 To install from source, clone the repo and run the following:
 ```
-python setup.py install
+python -m pip install .
 ```
 ## Configuration

workos-5.38.1/pyproject.toml ADDED Viewed

@@ -0,0 +1,63 @@
+[project]
+name = "workos"
+version = "5.38.1"
+description = "WorkOS Python Client"
+readme = "README.md"
+license = "MIT"
+authors = [{ name = "WorkOS", email = "team@workos.com" }]
+requires-python = ">=3.8"
+dependencies = [
+  "cryptography>=44.0.2",
+  "httpx~=0.28.1",
+  "pydantic>=2.10.4",
+  "pyjwt>=2.10.0 ; python_full_version >= '3.9'",
+  "pyjwt>=2.9.0,<2.10 ; python_full_version == '3.8.*'",
+]
+[project.urls]
+Homepage = "https://workos.com/docs/sdks/python"
+Documentation = "https://workos.com/docs/reference"
+Changelog = "https://workos.com/docs/sdks/python"
+[dependency-groups]
+dev = [
+  { include-group = "test" },
+  { include-group = "lint" },
+  { include-group = "type_check" },
+]
+test = [
+  "pytest==8.3.4",
+  "pytest-asyncio==0.23.8",
+  "pytest-cov==5.0.0",
+  "six==1.17.0",
+]
+lint = ["ruff==0.14.5"]
+type_check = ["mypy==1.14.1"]
+[tool.mypy]
+packages = "workos"
+warn_return_any = true
+warn_unused_configs = true
+warn_unreachable = true
+warn_redundant_casts = true
+warn_no_return = true
+warn_unused_ignores = true
+implicit_reexport = true
+strict_equality = true
+strict = true
+[tool.ruff.lint.per-file-ignores]
+"*/__init__.py" = ["F401", "F403"]
+[tool.ruff.lint.mccabe]
+max-complexity = 10
+[tool.uv.build-backend]
+source-include = ["py.typed"]
+source-exclude = ["tests*"]
+[build-system]
+requires = ["uv_build>=0.8.15,<0.9.0"]
+build-backend = "uv_build"

{workos-5.37.0 → workos-5.38.1/src}/workos/_base_client.py RENAMED Viewed

@@ -10,6 +10,7 @@ from workos.events import EventsModule
 from workos.fga import FGAModule
 from workos.mfa import MFAModule
 from workos.organization_domains import OrganizationDomainsModule
+from workos.pipes import PipesModule
 from workos.organizations import OrganizationsModule
 from workos.passwordless import PasswordlessModule
 from workos.portal import PortalModule
@@ -26,6 +27,7 @@ class BaseClient(ClientConfiguration):
     _base_url: str
     _client_id: str
     _request_timeout: int
+    _jwt_leeway: float
     def __init__(
         self,
@@ -34,6 +36,7 @@ class BaseClient(ClientConfiguration):
         client_id: Optional[str],
         base_url: Optional[str] = None,
         request_timeout: Optional[int] = None,
+        jwt_leeway: float = 0,
     ) -> None:
         api_key = api_key or os.getenv("WORKOS_API_KEY")
         if api_key is None:
@@ -65,6 +68,8 @@ class BaseClient(ClientConfiguration):
             else int(os.getenv("WORKOS_REQUEST_TIMEOUT", DEFAULT_REQUEST_TIMEOUT))
         )
+        self._jwt_leeway = jwt_leeway
     @property
     @abstractmethod
     def api_keys(self) -> ApiKeysModule: ...
@@ -101,6 +106,10 @@ class BaseClient(ClientConfiguration):
     @abstractmethod
     def passwordless(self) -> PasswordlessModule: ...
+    @property
+    @abstractmethod
+    def pipes(self) -> PipesModule: ...
     @property
     @abstractmethod
     def portal(self) -> PortalModule: ...
@@ -131,3 +140,7 @@ class BaseClient(ClientConfiguration):
     @property
     def request_timeout(self) -> int:
         return self._request_timeout
+    @property
+    def jwt_leeway(self) -> float:
+        return self._jwt_leeway

{workos-5.37.0 → workos-5.38.1/src}/workos/_client_configuration.py RENAMED Viewed

@@ -8,3 +8,5 @@ class ClientConfiguration(Protocol):
     def client_id(self) -> str: ...
     @property
     def request_timeout(self) -> int: ...
+    @property
+    def jwt_leeway(self) -> float: ...

{workos-5.37.0 → workos-5.38.1/src}/workos/async_client.py RENAMED Viewed

@@ -1,5 +1,5 @@
 from typing import Optional
-from workos.__about__ import __version__
+from importlib.metadata import version
 from workos._base_client import BaseClient
 from workos.api_keys import AsyncApiKeys
 from workos.audit_logs import AuditLogsModule
@@ -10,6 +10,7 @@ from workos.mfa import MFAModule
 from workos.organizations import AsyncOrganizations
 from workos.organization_domains import AsyncOrganizationDomains
 from workos.passwordless import PasswordlessModule
+from workos.pipes import AsyncPipes
 from workos.portal import PortalModule
 from workos.sso import AsyncSSO
 from workos.user_management import AsyncUserManagement
@@ -31,18 +32,20 @@ class AsyncClient(BaseClient):
         client_id: Optional[str] = None,
         base_url: Optional[str] = None,
         request_timeout: Optional[int] = None,
+        jwt_leeway: float = 0,
     ):
         super().__init__(
             api_key=api_key,
             client_id=client_id,
             base_url=base_url,
             request_timeout=request_timeout,
+            jwt_leeway=jwt_leeway,
         )
         self._http_client = AsyncHTTPClient(
             api_key=self._api_key,
             base_url=self.base_url,
             client_id=self._client_id,
-            version=__version__,
+            version=version("workos"),
             timeout=self.request_timeout,
         )
@@ -102,6 +105,12 @@ class AsyncClient(BaseClient):
             "Passwordless APIs are not yet supported in the async client."
         )
+    @property
+    def pipes(self) -> AsyncPipes:
+        if not getattr(self, "_pipes", None):
+            self._pipes = AsyncPipes(self._http_client)
+        return self._pipes
     @property
     def portal(self) -> PortalModule:
         raise NotImplementedError(

{workos-5.37.0 → workos-5.38.1/src}/workos/client.py RENAMED Viewed

@@ -1,5 +1,5 @@
+from importlib.metadata import version
 from typing import Optional
-from workos.__about__ import __version__
 from workos._base_client import BaseClient
 from workos.api_keys import ApiKeys
 from workos.audit_logs import AuditLogs
@@ -8,6 +8,7 @@ from workos.fga import FGA
 from workos.organizations import Organizations
 from workos.organization_domains import OrganizationDomains
 from workos.passwordless import Passwordless
+from workos.pipes import Pipes
 from workos.portal import Portal
 from workos.sso import SSO
 from workos.webhooks import Webhooks
@@ -31,18 +32,20 @@ class SyncClient(BaseClient):
         client_id: Optional[str] = None,
         base_url: Optional[str] = None,
         request_timeout: Optional[int] = None,
+        jwt_leeway: float = 0,
     ):
         super().__init__(
             api_key=api_key,
             client_id=client_id,
             base_url=base_url,
             request_timeout=request_timeout,
+            jwt_leeway=jwt_leeway,
         )
         self._http_client = SyncHTTPClient(
             api_key=self._api_key,
             base_url=self.base_url,
             client_id=self._client_id,
-            version=__version__,
+            version=version("workos"),
             timeout=self.request_timeout,
         )
@@ -102,6 +105,12 @@ class SyncClient(BaseClient):
             self._passwordless = Passwordless(self._http_client)
         return self._passwordless
+    @property
+    def pipes(self) -> Pipes:
+        if not getattr(self, "_pipes", None):
+            self._pipes = Pipes(self._http_client)
+        return self._pipes
     @property
     def portal(self) -> Portal:
         if not getattr(self, "_portal", None):

{workos-5.37.0 → workos-5.38.1/src}/workos/directory_sync.py RENAMED Viewed

@@ -176,7 +176,6 @@ class DirectorySync(DirectorySyncModule):
         after: Optional[str] = None,
         order: PaginationOrder = "desc",
     ) -> DirectoryUsersListResource:
         list_params: DirectoryUserListFilters = {
             "limit": limit,
             "before": before,
@@ -315,7 +314,6 @@ class AsyncDirectorySync(DirectorySyncModule):
         after: Optional[str] = None,
         order: PaginationOrder = "desc",
     ) -> DirectoryUsersListResource:
         list_params: DirectoryUserListFilters = {
             "limit": limit,
             "before": before,

workos-5.38.1/src/workos/pipes.py ADDED Viewed

@@ -0,0 +1,93 @@
+from typing import Dict, Optional, Protocol
+from workos.types.pipes import (
+    GetAccessTokenFailureResponse,
+    GetAccessTokenResponse,
+    GetAccessTokenSuccessResponse,
+)
+from workos.typing.sync_or_async import SyncOrAsync
+from workos.utils.http_client import AsyncHTTPClient, SyncHTTPClient
+from workos.utils.request_helper import REQUEST_METHOD_POST
+class PipesModule(Protocol):
+    """Protocol defining the Pipes module interface."""
+    def get_access_token(
+        self,
+        *,
+        provider: str,
+        user_id: str,
+        organization_id: Optional[str] = None,
+    ) -> SyncOrAsync[GetAccessTokenResponse]:
+        """Retrieve an access token for a third-party provider.
+        Kwargs:
+            provider (str): The third-party provider identifier
+            user_id (str): The WorkOS user ID
+            organization_id (str, optional): The WorkOS organization ID
+        Returns:
+            GetAccessTokenResponse: Success response with token or failure response with error
+        """
+        ...
+class Pipes(PipesModule):
+    """Sync implementation of the Pipes module."""
+    _http_client: SyncHTTPClient
+    def __init__(self, http_client: SyncHTTPClient):
+        self._http_client = http_client
+    def get_access_token(
+        self,
+        *,
+        provider: str,
+        user_id: str,
+        organization_id: Optional[str] = None,
+    ) -> GetAccessTokenResponse:
+        json_data: Dict[str, str] = {"user_id": user_id}
+        if organization_id is not None:
+            json_data["organization_id"] = organization_id
+        response = self._http_client.request(
+            f"data-integrations/{provider}/token",
+            method=REQUEST_METHOD_POST,
+            json=json_data,
+        )
+        if response.get("active") is True:
+            return GetAccessTokenSuccessResponse.model_validate(response)
+        return GetAccessTokenFailureResponse.model_validate(response)
+class AsyncPipes(PipesModule):
+    """Async implementation of the Pipes module."""
+    _http_client: AsyncHTTPClient
+    def __init__(self, http_client: AsyncHTTPClient):
+        self._http_client = http_client
+    async def get_access_token(
+        self,
+        *,
+        provider: str,
+        user_id: str,
+        organization_id: Optional[str] = None,
+    ) -> GetAccessTokenResponse:
+        json_data: Dict[str, str] = {"user_id": user_id}
+        if organization_id is not None:
+            json_data["organization_id"] = organization_id
+        response = await self._http_client.request(
+            f"data-integrations/{provider}/token",
+            method=REQUEST_METHOD_POST,
+            json=json_data,
+        )
+        if response.get("active") is True:
+            return GetAccessTokenSuccessResponse.model_validate(response)
+        return GetAccessTokenFailureResponse.model_validate(response)

{workos-5.37.0 → workos-5.38.1/src}/workos/portal.py RENAMED Viewed

@@ -1,4 +1,4 @@
-from typing import Optional, Protocol, Dict, Literal, Union
+from typing import Optional, Protocol
 from workos.types.portal.portal_link import PortalLink
 from workos.types.portal.portal_link_intent import PortalLinkIntent
 from workos.types.portal.portal_link_intent_options import IntentOptions
@@ -36,7 +36,6 @@ class PortalModule(Protocol):
 class Portal(PortalModule):
     _http_client: SyncHTTPClient
     def __init__(self, http_client: SyncHTTPClient):

{workos-5.37.0 → workos-5.38.1/src}/workos/session.py RENAMED Viewed

@@ -35,6 +35,7 @@ class SessionModule(Protocol):
     cookie_password: str
     jwks: PyJWKClient
     jwk_algorithms: List[str]
+    jwt_leeway: float
     def __init__(
         self,
@@ -43,6 +44,7 @@ class SessionModule(Protocol):
         client_id: str,
         session_data: str,
         cookie_password: str,
+        jwt_leeway: float = 0,
     ) -> None:
         # If the cookie password is not provided, throw an error
         if cookie_password is None or cookie_password == "":
@@ -52,6 +54,7 @@ class SessionModule(Protocol):
         self.client_id = client_id
         self.session_data = session_data
         self.cookie_password = cookie_password
+        self.jwt_leeway = jwt_leeway
         self.jwks = _get_jwks_client(self.user_management.get_jwks_url())
@@ -91,13 +94,13 @@ class SessionModule(Protocol):
                 signing_key.key,
                 algorithms=self.jwk_algorithms,
                 options={"verify_aud": False},
+                leeway=self.jwt_leeway,
             )
         except jwt.exceptions.InvalidTokenError:
             return AuthenticateWithSessionCookieErrorResponse(
                 authenticated=False,
                 reason=AuthenticateWithSessionCookieFailureReason.INVALID_JWT,
             )
         return AuthenticateWithSessionCookieSuccessResponse(
             authenticated=True,
             session_id=decoded["sid"],
@@ -137,6 +140,20 @@ class SessionModule(Protocol):
         )
         return str(result)
+    def _is_valid_jwt(self, token: str) -> bool:
+        try:
+            signing_key = self.jwks.get_signing_key_from_jwt(token)
+            jwt.decode(
+                token,
+                signing_key.key,
+                algorithms=self.jwk_algorithms,
+                options={"verify_aud": False},
+                leeway=self.jwt_leeway,
+            )
+            return True
+        except jwt.exceptions.InvalidTokenError:
+            return False
     @staticmethod
     def seal_data(data: Dict[str, Any], key: str) -> str:
         fernet = Fernet(key)
@@ -163,6 +180,7 @@ class Session(SessionModule):
         client_id: str,
         session_data: str,
         cookie_password: str,
+        jwt_leeway: float = 0,
     ) -> None:
         # If the cookie password is not provided, throw an error
         if cookie_password is None or cookie_password == "":
@@ -172,6 +190,7 @@ class Session(SessionModule):
         self.client_id = client_id
         self.session_data = session_data
         self.cookie_password = cookie_password
+        self.jwt_leeway = jwt_leeway
         self.jwks = _get_jwks_client(self.user_management.get_jwks_url())
@@ -224,6 +243,7 @@ class Session(SessionModule):
                 signing_key.key,
                 algorithms=self.jwk_algorithms,
                 options={"verify_aud": False},
+                leeway=self.jwt_leeway,
             )
             return RefreshWithSessionCookieSuccessResponse(
@@ -255,6 +275,7 @@ class AsyncSession(SessionModule):
         client_id: str,
         session_data: str,
         cookie_password: str,
+        jwt_leeway: float = 0,
     ) -> None:
         # If the cookie password is not provided, throw an error
         if cookie_password is None or cookie_password == "":
@@ -264,6 +285,7 @@ class AsyncSession(SessionModule):
         self.client_id = client_id
         self.session_data = session_data
         self.cookie_password = cookie_password
+        self.jwt_leeway = jwt_leeway
         self.jwks = _get_jwks_client(self.user_management.get_jwks_url())
@@ -316,6 +338,7 @@ class AsyncSession(SessionModule):
                 signing_key.key,
                 algorithms=self.jwk_algorithms,
                 options={"verify_aud": False},
+                leeway=self.jwt_leeway,
             )
             return RefreshWithSessionCookieSuccessResponse(

{workos-5.37.0 → workos-5.38.1/src}/workos/types/fga/warnings.py RENAMED Viewed

@@ -1,8 +1,8 @@
-from typing import Sequence, Union, Any, Dict, Literal
-from typing_extensions import Annotated
+from typing import Any, Dict, Literal, Sequence, Union
 from pydantic import BeforeValidator
 from pydantic_core.core_schema import ValidationInfo
+from typing_extensions import Annotated
 from workos.types.workos_model import WorkOSModel
@@ -12,7 +12,7 @@ class FGABaseWarning(WorkOSModel):
     message: str
-class MissingContextKeysWarning(FGABaseWarning):
+class MissingContextKeysWarning(FGABaseWarning):  # type: ignore[override, unused-ignore]
     code: Literal["missing_context_keys"]
     keys: Sequence[str]

{workos-5.37.0 → workos-5.38.1/src}/workos/types/mfa/authentication_factor.py RENAMED Viewed

@@ -1,13 +1,12 @@
 from typing import Literal, Optional, Union
-from workos.types.workos_model import WorkOSModel
 from workos.types.mfa.enroll_authentication_factor_type import (
     SmsAuthenticationFactorType,
     TotpAuthenticationFactorType,
 )
+from workos.types.workos_model import WorkOSModel
 from workos.typing.literals import LiteralOrUntyped
 AuthenticationFactorType = Literal[
     "generic_otp", SmsAuthenticationFactorType, TotpAuthenticationFactorType
 ]
@@ -43,21 +42,21 @@ class AuthenticationFactorBase(WorkOSModel):
     user_id: Optional[str] = None
-class AuthenticationFactorTotp(AuthenticationFactorBase):
+class AuthenticationFactorTotp(AuthenticationFactorBase):  # type: ignore[override, unused-ignore]
     """Representation of a MFA Authentication Factor Response as returned by WorkOS through the MFA feature."""
     type: TotpAuthenticationFactorType
     totp: TotpFactor
-class AuthenticationFactorTotpExtended(AuthenticationFactorBase):
+class AuthenticationFactorTotpExtended(AuthenticationFactorBase):  # type: ignore[override, unused-ignore]
     """Representation of a MFA Authentication Factor Response when enrolling an authentication factor."""
     type: TotpAuthenticationFactorType
     totp: ExtendedTotpFactor
-class AuthenticationFactorSms(AuthenticationFactorBase):
+class AuthenticationFactorSms(AuthenticationFactorBase):  # type: ignore[override, unused-ignore]
     """Representation of a SMS Authentication Factor Response as returned by WorkOS through the MFA feature."""
     type: SmsAuthenticationFactorType

workos-5.38.1/src/workos/types/pipes/__init__.py ADDED Viewed

@@ -0,0 +1,6 @@
+from workos.types.pipes.pipes import (
+    AccessToken as AccessToken,
+    GetAccessTokenFailureResponse as GetAccessTokenFailureResponse,
+    GetAccessTokenResponse as GetAccessTokenResponse,
+    GetAccessTokenSuccessResponse as GetAccessTokenSuccessResponse,
+)

workos-5.38.1/src/workos/types/pipes/pipes.py ADDED Viewed

@@ -0,0 +1,34 @@
+from datetime import datetime
+from typing import Literal, Optional, Sequence, Union
+from workos.types.workos_model import WorkOSModel
+class AccessToken(WorkOSModel):
+    """Represents an OAuth access token for a third-party provider."""
+    object: Literal["access_token"]
+    access_token: str
+    expires_at: Optional[datetime] = None
+    scopes: Sequence[str]
+    missing_scopes: Sequence[str]
+class GetAccessTokenSuccessResponse(WorkOSModel):
+    """Successful response containing the access token."""
+    active: Literal[True]
+    access_token: AccessToken
+class GetAccessTokenFailureResponse(WorkOSModel):
+    """Failed response indicating why the token couldn't be retrieved."""
+    active: Literal[False]
+    error: Literal["not_installed", "needs_reauthorization"]
+GetAccessTokenResponse = Union[
+    GetAccessTokenSuccessResponse,
+    GetAccessTokenFailureResponse,
+]

workos-5.38.1/src/workos/types/user_management/password_hash_type.py ADDED Viewed

@@ -0,0 +1,5 @@
+from typing import Literal
+PasswordHashType = Literal[
+    "bcrypt", "firebase-scrypt", "pbkdf2", "scrypt", "ssha", "argon2"
+]

{workos-5.37.0 → workos-5.38.1/src}/workos/types/user_management/session.py RENAMED Viewed

@@ -1,7 +1,5 @@
 from enum import Enum
-from typing import Optional, Sequence, TypedDict, Union
-from typing_extensions import Literal
+from typing import Literal, Optional, Sequence, TypedDict, Union
 from workos.types.user_management.impersonator import Impersonator
 from workos.types.user_management.user import User

{workos-5.37.0 → workos-5.38.1/src}/workos/types/workos_model.py RENAMED Viewed

@@ -14,7 +14,7 @@ class WorkOSModel(BaseModel):
         by_alias: bool = False,
         exclude_unset: bool = False,
         exclude_defaults: bool = False,
-        exclude_none: bool = False
+        exclude_none: bool = False,
     ) -> Dict[str, Any]:
         return self.model_dump(
             include=include,

workos 5.37.0__tar.gz → 5.38.1__tar.gz

workos 5.37.0tar.gz → 5.38.1tar.gz