PyPI - workos - Versions diffs - 5.38.0__tar.gz → 5.39.0__tar.gz - Mend

workos 5.38.0tar.gz → 5.39.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (171) hide show

{workos-5.38.0 → workos-5.39.0}/PKG-INFO RENAMED Viewed

@@ -1,25 +1,20 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: workos
-Version: 5.38.0
+Version: 5.39.0
 Summary: WorkOS Python Client
-Home-page: https://github.com/workos-inc/workos-python
 Author: WorkOS
-Author-email: team@workos.com
-License: MIT
-Classifier: Development Status :: 5 - Production/Stable
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Operating System :: OS Independent
-Classifier: Programming Language :: Python
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.8
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
+Author-email: WorkOS <team@workos.com>
+License-Expression: MIT
+Requires-Dist: cryptography>=44.0.2
+Requires-Dist: httpx~=0.28.1
+Requires-Dist: pydantic>=2.10.4
+Requires-Dist: pyjwt>=2.10.0 ; python_full_version >= '3.9'
+Requires-Dist: pyjwt>=2.9.0,<2.10 ; python_full_version == '3.8.*'
+Requires-Python: >=3.8
+Project-URL: Changelog, https://workos.com/docs/sdks/python
+Project-URL: Documentation, https://workos.com/docs/reference
+Project-URL: Homepage, https://workos.com/docs/sdks/python
 Description-Content-Type: text/markdown
-Provides-Extra: dev
-License-File: LICENSE
 # WorkOS Python Library
@@ -43,7 +38,7 @@ pip install workos
 To install from source, clone the repo and run the following:
 ```
-python setup.py install
+python -m pip install .
 ```
 ## Configuration

{workos-5.38.0 → workos-5.39.0}/README.md RENAMED Viewed

@@ -20,7 +20,7 @@ pip install workos
 To install from source, clone the repo and run the following:
 ```
-python setup.py install
+python -m pip install .
 ```
 ## Configuration

workos-5.39.0/pyproject.toml ADDED Viewed

@@ -0,0 +1,68 @@
+[project]
+name = "workos"
+version = "5.39.0"
+description = "WorkOS Python Client"
+readme = "README.md"
+license = "MIT"
+authors = [{ name = "WorkOS", email = "team@workos.com" }]
+requires-python = ">=3.8"
+dependencies = [
+  "cryptography>=44.0.2",
+  "httpx~=0.28.1",
+  "pydantic>=2.10.4",
+  "pyjwt>=2.10.0 ; python_full_version >= '3.9'",
+  "pyjwt>=2.9.0,<2.10 ; python_full_version == '3.8.*'",
+]
+[project.urls]
+Homepage = "https://workos.com/docs/sdks/python"
+Documentation = "https://workos.com/docs/reference"
+Changelog = "https://workos.com/docs/sdks/python"
+[dependency-groups]
+dev = [
+  { include-group = "test" },
+  { include-group = "lint" },
+  { include-group = "type_check" },
+  { include-group = "nox" },
+]
+test = [
+  "pytest==8.3.4",
+  "pytest-asyncio==0.23.8",
+  "pytest-cov==5.0.0",
+  "six==1.17.0",
+]
+lint = ["ruff==0.14.5"]
+type_check = ["mypy==1.14.1"]
+nox = [
+  "nox>=2024.10.9 ; python_version >= '3.9'",
+  "nox-uv>=0.7.0 ; python_version >= '3.9'",
+]
+[tool.mypy]
+packages = "workos"
+warn_return_any = true
+warn_unused_configs = true
+warn_unreachable = true
+warn_redundant_casts = true
+warn_no_return = true
+warn_unused_ignores = true
+implicit_reexport = true
+strict_equality = true
+strict = true
+[tool.ruff.lint.per-file-ignores]
+"*/__init__.py" = ["F401", "F403"]
+[tool.ruff.lint.mccabe]
+max-complexity = 10
+[tool.uv.build-backend]
+source-include = ["py.typed"]
+source-exclude = ["tests*"]
+[build-system]
+requires = ["uv_build>=0.8.15,<0.9.0"]
+build-backend = "uv_build"

{workos-5.38.0 → workos-5.39.0/src}/workos/_base_client.py RENAMED Viewed

@@ -27,6 +27,7 @@ class BaseClient(ClientConfiguration):
     _base_url: str
     _client_id: str
     _request_timeout: int
+    _jwt_leeway: float
     def __init__(
         self,
@@ -35,6 +36,7 @@ class BaseClient(ClientConfiguration):
         client_id: Optional[str],
         base_url: Optional[str] = None,
         request_timeout: Optional[int] = None,
+        jwt_leeway: float = 0,
     ) -> None:
         api_key = api_key or os.getenv("WORKOS_API_KEY")
         if api_key is None:
@@ -66,6 +68,8 @@ class BaseClient(ClientConfiguration):
             else int(os.getenv("WORKOS_REQUEST_TIMEOUT", DEFAULT_REQUEST_TIMEOUT))
         )
+        self._jwt_leeway = jwt_leeway
     @property
     @abstractmethod
     def api_keys(self) -> ApiKeysModule: ...
@@ -136,3 +140,7 @@ class BaseClient(ClientConfiguration):
     @property
     def request_timeout(self) -> int:
         return self._request_timeout
+    @property
+    def jwt_leeway(self) -> float:
+        return self._jwt_leeway

{workos-5.38.0 → workos-5.39.0/src}/workos/_client_configuration.py RENAMED Viewed

@@ -8,3 +8,5 @@ class ClientConfiguration(Protocol):
     def client_id(self) -> str: ...
     @property
     def request_timeout(self) -> int: ...
+    @property
+    def jwt_leeway(self) -> float: ...

{workos-5.38.0 → workos-5.39.0/src}/workos/async_client.py RENAMED Viewed

@@ -1,5 +1,5 @@
 from typing import Optional
-from workos.__about__ import __version__
+from importlib.metadata import version
 from workos._base_client import BaseClient
 from workos.api_keys import AsyncApiKeys
 from workos.audit_logs import AuditLogsModule
@@ -32,18 +32,20 @@ class AsyncClient(BaseClient):
         client_id: Optional[str] = None,
         base_url: Optional[str] = None,
         request_timeout: Optional[int] = None,
+        jwt_leeway: float = 0,
     ):
         super().__init__(
             api_key=api_key,
             client_id=client_id,
             base_url=base_url,
             request_timeout=request_timeout,
+            jwt_leeway=jwt_leeway,
         )
         self._http_client = AsyncHTTPClient(
             api_key=self._api_key,
             base_url=self.base_url,
             client_id=self._client_id,
-            version=__version__,
+            version=version("workos"),
             timeout=self.request_timeout,
         )

{workos-5.38.0 → workos-5.39.0/src}/workos/client.py RENAMED Viewed

@@ -1,5 +1,5 @@
+from importlib.metadata import version
 from typing import Optional
-from workos.__about__ import __version__
 from workos._base_client import BaseClient
 from workos.api_keys import ApiKeys
 from workos.audit_logs import AuditLogs
@@ -32,18 +32,20 @@ class SyncClient(BaseClient):
         client_id: Optional[str] = None,
         base_url: Optional[str] = None,
         request_timeout: Optional[int] = None,
+        jwt_leeway: float = 0,
     ):
         super().__init__(
             api_key=api_key,
             client_id=client_id,
             base_url=base_url,
             request_timeout=request_timeout,
+            jwt_leeway=jwt_leeway,
         )
         self._http_client = SyncHTTPClient(
             api_key=self._api_key,
             base_url=self.base_url,
             client_id=self._client_id,
-            version=__version__,
+            version=version("workos"),
             timeout=self.request_timeout,
         )

{workos-5.38.0 → workos-5.39.0/src}/workos/directory_sync.py RENAMED Viewed

@@ -176,7 +176,6 @@ class DirectorySync(DirectorySyncModule):
         after: Optional[str] = None,
         order: PaginationOrder = "desc",
     ) -> DirectoryUsersListResource:
         list_params: DirectoryUserListFilters = {
             "limit": limit,
             "before": before,
@@ -185,9 +184,9 @@ class DirectorySync(DirectorySyncModule):
         }
         if group_id is not None:
-            list_params["group"] = group_id
+            list_params["group_id"] = group_id
         if directory_id is not None:
-            list_params["directory"] = directory_id
+            list_params["directory_id"] = directory_id
         response = self._http_client.request(
             "directory_users",
@@ -219,9 +218,9 @@ class DirectorySync(DirectorySyncModule):
         }
         if user_id is not None:
-            list_params["user"] = user_id
+            list_params["user_id"] = user_id
         if directory_id is not None:
-            list_params["directory"] = directory_id
+            list_params["directory_id"] = directory_id
         response = self._http_client.request(
             "directory_groups",
@@ -315,7 +314,6 @@ class AsyncDirectorySync(DirectorySyncModule):
         after: Optional[str] = None,
         order: PaginationOrder = "desc",
     ) -> DirectoryUsersListResource:
         list_params: DirectoryUserListFilters = {
             "limit": limit,
             "before": before,
@@ -324,9 +322,9 @@ class AsyncDirectorySync(DirectorySyncModule):
         }
         if group_id is not None:
-            list_params["group"] = group_id
+            list_params["group_id"] = group_id
         if directory_id is not None:
-            list_params["directory"] = directory_id
+            list_params["directory_id"] = directory_id
         response = await self._http_client.request(
             "directory_users",
@@ -357,9 +355,9 @@ class AsyncDirectorySync(DirectorySyncModule):
             "order": order,
         }
         if user_id is not None:
-            list_params["user"] = user_id
+            list_params["user_id"] = user_id
         if directory_id is not None:
-            list_params["directory"] = directory_id
+            list_params["directory_id"] = directory_id
         response = await self._http_client.request(
             "directory_groups",

{workos-5.38.0 → workos-5.39.0/src}/workos/portal.py RENAMED Viewed

@@ -1,4 +1,4 @@
-from typing import Optional, Protocol, Dict, Literal, Union
+from typing import Optional, Protocol
 from workos.types.portal.portal_link import PortalLink
 from workos.types.portal.portal_link_intent import PortalLinkIntent
 from workos.types.portal.portal_link_intent_options import IntentOptions
@@ -36,7 +36,6 @@ class PortalModule(Protocol):
 class Portal(PortalModule):
     _http_client: SyncHTTPClient
     def __init__(self, http_client: SyncHTTPClient):

{workos-5.38.0 → workos-5.39.0/src}/workos/session.py RENAMED Viewed

@@ -35,6 +35,7 @@ class SessionModule(Protocol):
     cookie_password: str
     jwks: PyJWKClient
     jwk_algorithms: List[str]
+    jwt_leeway: float
     def __init__(
         self,
@@ -43,6 +44,7 @@ class SessionModule(Protocol):
         client_id: str,
         session_data: str,
         cookie_password: str,
+        jwt_leeway: float = 0,
     ) -> None:
         # If the cookie password is not provided, throw an error
         if cookie_password is None or cookie_password == "":
@@ -52,6 +54,7 @@ class SessionModule(Protocol):
         self.client_id = client_id
         self.session_data = session_data
         self.cookie_password = cookie_password
+        self.jwt_leeway = jwt_leeway
         self.jwks = _get_jwks_client(self.user_management.get_jwks_url())
@@ -91,13 +94,13 @@ class SessionModule(Protocol):
                 signing_key.key,
                 algorithms=self.jwk_algorithms,
                 options={"verify_aud": False},
+                leeway=self.jwt_leeway,
             )
         except jwt.exceptions.InvalidTokenError:
             return AuthenticateWithSessionCookieErrorResponse(
                 authenticated=False,
                 reason=AuthenticateWithSessionCookieFailureReason.INVALID_JWT,
             )
         return AuthenticateWithSessionCookieSuccessResponse(
             authenticated=True,
             session_id=decoded["sid"],
@@ -137,6 +140,20 @@ class SessionModule(Protocol):
         )
         return str(result)
+    def _is_valid_jwt(self, token: str) -> bool:
+        try:
+            signing_key = self.jwks.get_signing_key_from_jwt(token)
+            jwt.decode(
+                token,
+                signing_key.key,
+                algorithms=self.jwk_algorithms,
+                options={"verify_aud": False},
+                leeway=self.jwt_leeway,
+            )
+            return True
+        except jwt.exceptions.InvalidTokenError:
+            return False
     @staticmethod
     def seal_data(data: Dict[str, Any], key: str) -> str:
         fernet = Fernet(key)
@@ -163,6 +180,7 @@ class Session(SessionModule):
         client_id: str,
         session_data: str,
         cookie_password: str,
+        jwt_leeway: float = 0,
     ) -> None:
         # If the cookie password is not provided, throw an error
         if cookie_password is None or cookie_password == "":
@@ -172,6 +190,7 @@ class Session(SessionModule):
         self.client_id = client_id
         self.session_data = session_data
         self.cookie_password = cookie_password
+        self.jwt_leeway = jwt_leeway
         self.jwks = _get_jwks_client(self.user_management.get_jwks_url())
@@ -224,6 +243,7 @@ class Session(SessionModule):
                 signing_key.key,
                 algorithms=self.jwk_algorithms,
                 options={"verify_aud": False},
+                leeway=self.jwt_leeway,
             )
             return RefreshWithSessionCookieSuccessResponse(
@@ -255,6 +275,7 @@ class AsyncSession(SessionModule):
         client_id: str,
         session_data: str,
         cookie_password: str,
+        jwt_leeway: float = 0,
     ) -> None:
         # If the cookie password is not provided, throw an error
         if cookie_password is None or cookie_password == "":
@@ -264,6 +285,7 @@ class AsyncSession(SessionModule):
         self.client_id = client_id
         self.session_data = session_data
         self.cookie_password = cookie_password
+        self.jwt_leeway = jwt_leeway
         self.jwks = _get_jwks_client(self.user_management.get_jwks_url())
@@ -316,6 +338,7 @@ class AsyncSession(SessionModule):
                 signing_key.key,
                 algorithms=self.jwk_algorithms,
                 options={"verify_aud": False},
+                leeway=self.jwt_leeway,
             )
             return RefreshWithSessionCookieSuccessResponse(

{workos-5.38.0 → workos-5.39.0/src}/workos/types/directory_sync/list_filters.py RENAMED Viewed

@@ -12,10 +12,10 @@ class DirectoryUserListFilters(
     ListArgs,
     total=False,
 ):
-    group: Optional[str]
-    directory: Optional[str]
+    group_id: Optional[str]
+    directory_id: Optional[str]
 class DirectoryGroupListFilters(ListArgs, total=False):
-    user: Optional[str]
-    directory: Optional[str]
+    user_id: Optional[str]
+    directory_id: Optional[str]

{workos-5.38.0 → workos-5.39.0/src}/workos/types/fga/warnings.py RENAMED Viewed

@@ -1,8 +1,8 @@
-from typing import Sequence, Union, Any, Dict, Literal
-from typing_extensions import Annotated
+from typing import Any, Dict, Literal, Sequence, Union
 from pydantic import BeforeValidator
 from pydantic_core.core_schema import ValidationInfo
+from typing_extensions import Annotated
 from workos.types.workos_model import WorkOSModel
@@ -12,7 +12,7 @@ class FGABaseWarning(WorkOSModel):
     message: str
-class MissingContextKeysWarning(FGABaseWarning):
+class MissingContextKeysWarning(FGABaseWarning):  # type: ignore[override, unused-ignore]
     code: Literal["missing_context_keys"]
     keys: Sequence[str]

{workos-5.38.0 → workos-5.39.0/src}/workos/types/mfa/authentication_factor.py RENAMED Viewed

@@ -1,13 +1,12 @@
 from typing import Literal, Optional, Union
-from workos.types.workos_model import WorkOSModel
 from workos.types.mfa.enroll_authentication_factor_type import (
     SmsAuthenticationFactorType,
     TotpAuthenticationFactorType,
 )
+from workos.types.workos_model import WorkOSModel
 from workos.typing.literals import LiteralOrUntyped
 AuthenticationFactorType = Literal[
     "generic_otp", SmsAuthenticationFactorType, TotpAuthenticationFactorType
 ]
@@ -43,21 +42,21 @@ class AuthenticationFactorBase(WorkOSModel):
     user_id: Optional[str] = None
-class AuthenticationFactorTotp(AuthenticationFactorBase):
+class AuthenticationFactorTotp(AuthenticationFactorBase):  # type: ignore[override, unused-ignore]
     """Representation of a MFA Authentication Factor Response as returned by WorkOS through the MFA feature."""
     type: TotpAuthenticationFactorType
     totp: TotpFactor
-class AuthenticationFactorTotpExtended(AuthenticationFactorBase):
+class AuthenticationFactorTotpExtended(AuthenticationFactorBase):  # type: ignore[override, unused-ignore]
     """Representation of a MFA Authentication Factor Response when enrolling an authentication factor."""
     type: TotpAuthenticationFactorType
     totp: ExtendedTotpFactor
-class AuthenticationFactorSms(AuthenticationFactorBase):
+class AuthenticationFactorSms(AuthenticationFactorBase):  # type: ignore[override, unused-ignore]
     """Representation of a SMS Authentication Factor Response as returned by WorkOS through the MFA feature."""
     type: SmsAuthenticationFactorType

workos-5.39.0/src/workos/types/user_management/password_hash_type.py ADDED Viewed

@@ -0,0 +1,5 @@
+from typing import Literal
+PasswordHashType = Literal[
+    "bcrypt", "firebase-scrypt", "pbkdf2", "scrypt", "ssha", "argon2"
+]

{workos-5.38.0 → workos-5.39.0/src}/workos/types/user_management/session.py RENAMED Viewed

@@ -1,7 +1,5 @@
 from enum import Enum
-from typing import Optional, Sequence, TypedDict, Union
-from typing_extensions import Literal
+from typing import Literal, Optional, Sequence, TypedDict, Union
 from workos.types.user_management.impersonator import Impersonator
 from workos.types.user_management.user import User

{workos-5.38.0 → workos-5.39.0/src}/workos/types/workos_model.py RENAMED Viewed

@@ -14,7 +14,7 @@ class WorkOSModel(BaseModel):
         by_alias: bool = False,
         exclude_unset: bool = False,
         exclude_defaults: bool = False,
-        exclude_none: bool = False
+        exclude_none: bool = False,
     ) -> Dict[str, Any]:
         return self.model_dump(
             include=include,

{workos-5.38.0 → workos-5.39.0/src}/workos/user_management.py RENAMED Viewed

@@ -1,5 +1,6 @@
 from typing import Awaitable, Optional, Protocol, Sequence, Type, Union, cast
 from urllib.parse import urlencode
 from workos._client_configuration import ClientConfiguration
 from workos.session import AsyncSession, Session
 from workos.types.feature_flags import FeatureFlag
@@ -38,19 +39,20 @@ from workos.types.user_management.authenticate_with_common import (
     AuthenticateWithTotpParameters,
 )
 from workos.types.user_management.authentication_response import (
-    AuthKitAuthenticationResponse,
     AuthenticationResponseType,
+    AuthKitAuthenticationResponse,
 )
 from workos.types.user_management.list_filters import (
     AuthenticationFactorsListFilters,
     InvitationsListFilters,
     OrganizationMembershipsListFilters,
+    SessionsListFilters,
     UsersListFilters,
 )
 from workos.types.user_management.password_hash_type import PasswordHashType
 from workos.types.user_management.screen_hint import ScreenHintType
-from workos.types.user_management.session import SessionConfig
 from workos.types.user_management.session import Session as UserManagementSession
+from workos.types.user_management.session import SessionConfig
 from workos.types.user_management.user_management_provider_type import (
     UserManagementProviderType,
 )
@@ -59,11 +61,11 @@ from workos.utils.http_client import AsyncHTTPClient, SyncHTTPClient
 from workos.utils.pagination_order import PaginationOrder
 from workos.utils.request_helper import (
     DEFAULT_LIST_RESPONSE_LIMIT,
-    RESPONSE_TYPE_CODE,
-    REQUEST_METHOD_POST,
-    REQUEST_METHOD_GET,
     REQUEST_METHOD_DELETE,
+    REQUEST_METHOD_GET,
+    REQUEST_METHOD_POST,
     REQUEST_METHOD_PUT,
+    RESPONSE_TYPE_CODE,
     QueryParameters,
     RequestHelper,
 )
@@ -120,8 +122,6 @@ FeatureFlagsListResource = WorkOSListResource[
     FeatureFlag, FeatureFlagListFilters, ListMetadata
 ]
-from workos.types.user_management.list_filters import SessionsListFilters
 SessionsListResource = WorkOSListResource[
     UserManagementSession, SessionsListFilters, ListMetadata
 ]
@@ -956,6 +956,7 @@ class UserManagement(UserManagementModule):
             client_id=self._http_client.client_id,
             session_data=sealed_session,
             cookie_password=cookie_password,
+            jwt_leeway=self._client_configuration.jwt_leeway,
         )
     def get_user(self, user_id: str) -> User:
@@ -1679,6 +1680,7 @@ class AsyncUserManagement(UserManagementModule):
             client_id=self._http_client.client_id,
             session_data=sealed_session,
             cookie_password=cookie_password,
+            jwt_leeway=self._client_configuration.jwt_leeway,
         )
     async def get_user(self, user_id: str) -> User:

{workos-5.38.0 → workos-5.39.0/src}/workos/utils/request_helper.py RENAMED Viewed

@@ -14,7 +14,6 @@ QueryParameters = Dict[str, QueryParameterValue]
 class RequestHelper:
     @classmethod
     def build_parameterized_url(cls, url: str, **params: QueryParameterValue) -> str:
         escaped_params = {k: urllib.parse.quote(str(v)) for k, v in params.items()}

{workos-5.38.0 → workos-5.39.0/src}/workos/vault.py RENAMED Viewed

@@ -9,7 +9,6 @@ from workos.types.list_resource import (
     WorkOSListResource,
 )
 from workos.utils.http_client import SyncHTTPClient
-from workos.utils.pagination_order import PaginationOrder
 from workos.utils.request_helper import (
     DEFAULT_LIST_RESPONSE_LIMIT,
     REQUEST_METHOD_DELETE,

{workos-5.38.0 → workos-5.39.0/src}/workos/widgets.py RENAMED Viewed

@@ -30,7 +30,6 @@ class WidgetsModule(Protocol):
 class Widgets(WidgetsModule):
     _http_client: SyncHTTPClient
     def __init__(self, http_client: SyncHTTPClient):

workos-5.38.0/LICENSE DELETED Viewed

@@ -1,21 +0,0 @@
-MIT License
-Copyright (c) 2024 WorkOS
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

workos-5.38.0/setup.cfg DELETED Viewed

@@ -1,4 +0,0 @@
-[egg_info]
-tag_build =
-tag_date = 0

workos 5.38.0__tar.gz → 5.39.0__tar.gz

workos 5.38.0tar.gz → 5.39.0tar.gz