Class: WorkOS::SSO

Inherits:

Object

• Object
• WorkOS::SSO

Defined in:

lib/workos/sso.rb

Instance Method Summary

• #authorize_logout(profile_id:, request_options: {}) ⇒ WorkOS::SSOLogoutAuthorizeResponse

  Logout Authorize.

• #build_logout_url(token:) ⇒ Object

  H17 — Build the SSO logout redirect URL (no HTTP call).

• #delete_connection(id:, request_options: {}) ⇒ void

  Delete a Connection.

• #get_authorization_url(redirect_uri:, client_id: nil, state: nil, connection: nil, organization: nil, provider: nil, domain_hint: nil, login_hint: nil, nonce: nil, provider_scopes: nil, provider_query_params: nil) ⇒ Object

  @oagen-ignore-start — non-spec helpers (hand-maintained) H14 — Build an SSO authorization URL (client-side, no HTTP call).

• #get_authorization_url_with_pkce(redirect_uri:, client_id: nil, **opts) ⇒ Object

  H15 — SSO authorization URL with auto-generated PKCE pair + state.

• #get_connection(id:, request_options: {}) ⇒ WorkOS::Connection

  Get a Connection.

• #get_profile(request_options: {}) ⇒ WorkOS::Profile

  Get a User Profile.

• #get_profile_and_token(code:, request_options: {}) ⇒ WorkOS::SSOTokenResponse

  Get a Profile and Token.

• #get_profile_and_token_with_pkce(code:, code_verifier:, client_id: nil, request_options: {}) ⇒ Object

  H16 — Exchange an SSO authorization code for a profile/token, with PKCE support for public clients (no client_secret).

• #initialize(client) ⇒ SSO constructor

  A new instance of SSO.

• #list_connections(before: nil, after: nil, limit: nil, order: "desc", connection_type: nil, domain: nil, organization_id: nil, search: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::Connection>

  List Connections.

Constructor Details

#initialize(client) ⇒ SSO

Returns a new instance of SSO.

# File 'lib/workos/sso.rb', line 9

def initialize(client)
  @client = client
end

Instance Method Details

#authorize_logout(profile_id:, request_options: {}) ⇒ WorkOS::SSOLogoutAuthorizeResponse

Logout Authorize

Parameters:

• profile_id (String) —

  The unique ID of the profile to log out.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::SSOLogoutAuthorizeResponse)

# File 'lib/workos/sso.rb', line 113

def authorize_logout(
  profile_id:,
  request_options: {}
)
  body = {
    "profile_id" => profile_id
  }.compact
  response = @client.request(
    method: :post,
    path: "/sso/logout/authorize",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::SSOLogoutAuthorizeResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#build_logout_url(token:) ⇒ Object

H17 — Build the SSO logout redirect URL (no HTTP call).

# File 'lib/workos/sso.rb', line 232

def build_logout_url(token:)
  build_url("/sso/logout", {"token" => token})
end

#delete_connection(id:, request_options: {}) ⇒ void

This method returns an undefined value.

Delete a Connection

Parameters:

• id (String) —

  Unique identifier for the Connection.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/sso.rb', line 96

def delete_connection(
  id:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/connections/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#get_authorization_url(redirect_uri:, client_id: nil, state: nil, connection: nil, organization: nil, provider: nil, domain_hint: nil, login_hint: nil, nonce: nil, provider_scopes: nil, provider_query_params: nil) ⇒ Object

@oagen-ignore-start — non-spec helpers (hand-maintained) H14 — Build an SSO authorization URL (client-side, no HTTP call). Overrides the generated method which incorrectly hits the API.

Raises:

• (ArgumentError)

# File 'lib/workos/sso.rb', line 176

def get_authorization_url(redirect_uri:, client_id: nil, state: nil, connection: nil,
  organization: nil, provider: nil, domain_hint: nil,
  login_hint: nil, nonce: nil, provider_scopes: nil,
  provider_query_params: nil, **)
  cid = client_id || @client.client_id
  raise ArgumentError, "client_id is required (set on Client or pass explicitly)" if cid.nil? || cid.empty?
  params = {
    "client_id" => cid,
    "redirect_uri" => redirect_uri,
    "response_type" => "code",
    "state" => state,
    "connection" => connection,
    "organization" => organization,
    "provider" => provider,
    "domain_hint" => domain_hint,
    "login_hint" => login_hint,
    "nonce" => nonce
  }.compact
  params["provider_scopes"] = Array(provider_scopes).join(",") if provider_scopes
  if provider_query_params.is_a?(Hash) && !provider_query_params.empty?
    params["provider_query_params"] = JSON.generate(provider_query_params)
  end
  build_url("/sso/authorize", params)
end

#get_authorization_url_with_pkce(redirect_uri:, client_id: nil, **opts) ⇒ Object

H15 — SSO authorization URL with auto-generated PKCE pair + state. Returns [url, code_verifier, state].

# File 'lib/workos/sso.rb', line 203

def get_authorization_url_with_pkce(redirect_uri:, client_id: nil, **opts)
  pair = WorkOS::PKCE.generate_pair
  state = opts.delete(:state) || WorkOS::PKCE.generate_code_verifier
  url = get_authorization_url(
    redirect_uri: redirect_uri,
    client_id: client_id,
    state: state,
    **opts
  )
  url = append_query(url, {"code_challenge" => pair[:code_challenge], "code_challenge_method" => "S256"})
  [url, pair[:code_verifier], state]
end

#get_connection(id:, request_options: {}) ⇒ WorkOS::Connection

Get a Connection

Parameters:

• id (String) —

  Unique identifier for the Connection.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Connection)

# File 'lib/workos/sso.rb', line 77

def get_connection(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/connections/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Connection.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_profile(request_options: {}) ⇒ WorkOS::Profile

Get a User Profile

Parameters:

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Profile)

# File 'lib/workos/sso.rb', line 135

def get_profile(request_options: {})
  response = @client.request(
    method: :get,
    path: "/sso/profile",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Profile.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_profile_and_token(code:, request_options: {}) ⇒ WorkOS::SSOTokenResponse

Get a Profile and Token

Parameters:

• code (String) —

  The authorization code received from the authorization callback.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::SSOTokenResponse)

# File 'lib/workos/sso.rb', line 151

def get_profile_and_token(
  code:,
  request_options: {}
)
  body = {
    "grant_type" => "authorization_code",
    "client_id" => request_options[:client_id] || @client.client_id,
    "client_secret" => request_options[:api_key] || @client.api_key,
    "code" => code
  }.compact
  response = @client.request(
    method: :post,
    path: "/sso/token",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::SSOTokenResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_profile_and_token_with_pkce(code:, code_verifier:, client_id: nil, request_options: {}) ⇒ Object

H16 — Exchange an SSO authorization code for a profile/token, with PKCE support for public clients (no client_secret).

Raises:

• (ArgumentError)

# File 'lib/workos/sso.rb', line 218

def get_profile_and_token_with_pkce(code:, code_verifier:, client_id: nil, request_options: {})
  cid = client_id || @client.client_id
  raise ArgumentError, "client_id is required" if cid.nil? || cid.empty?
  body = {
    "grant_type" => "authorization_code",
    "client_id" => cid,
    "code" => code,
    "code_verifier" => code_verifier
  }
  response = @client.request(method: :post, path: "/sso/token", auth: false, body: body, request_options: request_options)
  WorkOS::SSOTokenResponse.new(response.body)
end

#list_connections(before: nil, after: nil, limit: nil, order: "desc", connection_type: nil, domain: nil, organization_id: nil, search: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::Connection>

List Connections

Parameters:

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list.

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list.

• limit (Integer, nil) (defaults to: nil) —

  Upper limit on the number of objects to return, between ‘1` and `100`.

• order (WorkOS::Types::ConnectionsOrder, nil) (defaults to: "desc") —

  Order the results by the creation time.

• connection_type (WorkOS::Types::ConnectionsConnectionType, nil) (defaults to: nil) —

  Filter Connections by their type.

• domain (String, nil) (defaults to: nil) —

  Filter Connections by their associated domain.

• organization_id (String, nil) (defaults to: nil) —

  Filter Connections by their associated organization.

• search (String, nil) (defaults to: nil) —

  Searchable text to match against Connection names.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::Connection>)

# File 'lib/workos/sso.rb', line 24

def list_connections(
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  connection_type: nil,
  domain: nil,
  organization_id: nil,
  search: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "connection_type" => connection_type,
    "domain" => domain,
    "organization_id" => organization_id,
    "search" => search
  }.compact
  response = @client.request(
    method: :get,
    path: "/connections",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_connections(
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      connection_type: connection_type,
      domain: domain,
      organization_id: organization_id,
      search: search,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::Connection,
    filters: {before: before, limit: limit, order: order, connection_type: connection_type, domain: domain, organization_id: organization_id, search: search},
    fetch_next: fetch_next
  )
end