Class: WorkOS::UserManagement

Inherits:

Object

• Object
• WorkOS::UserManagement

Defined in:

lib/workos/user_management.rb

Instance Method Summary

• #accept_invitation(id:, request_options: {}) ⇒ WorkOS::Invitation

  Accept an invitation.

• #authenticate_with_code(code:, code_verifier: nil, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with code.

• #authenticate_with_code_pkce(code:, code_verifier:, client_id: nil, ip_address: nil, user_agent: nil, request_options: {}) ⇒ Object

  H11 — Exchange a code for tokens with PKCE support (public client; no secret).

• #authenticate_with_device_code(device_code:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with device code.

• #authenticate_with_email_verification(code:, pending_authentication_token:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with email verification.

• #authenticate_with_magic_auth(code:, email:, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with magic auth.

• #authenticate_with_organization_selection(pending_authentication_token:, organization_id:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with organization selection.

• #authenticate_with_password(email:, password:, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with password.

• #authenticate_with_refresh_token(refresh_token:, organization_id: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with refresh token.

• #authenticate_with_totp(code:, pending_authentication_token:, authentication_challenge_id:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with totp.

• #authorize_device(client_id: nil, request_options: {}) ⇒ WorkOS::DeviceAuthorizationResponse

  H12 — Initiate the OAuth 2.0 device authorization flow.

• #confirm_email_change(id:, code:, request_options: {}) ⇒ WorkOS::EmailChangeConfirmation

  Confirm email change.

• #confirm_password_reset(token:, new_password:, request_options: {}) ⇒ WorkOS::ResetPasswordResponse

  Reset the password.

• #create_authenticate(client_id:, grant_type:, client_secret: nil, code: nil, code_verifier: nil, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, email: nil, password: nil, refresh_token: nil, organization_id: nil, pending_authentication_token: nil, authentication_challenge_id: nil, device_code: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate.

• #create_cors_origin(origin:, request_options: {}) ⇒ WorkOS::CORSOriginResponse

  Create a CORS origin.

• #create_device(client_id:, request_options: {}) ⇒ WorkOS::DeviceAuthorizationResponse

  Get device authorization URL.

• #create_magic_auth(email:, invitation_token: nil, request_options: {}) ⇒ WorkOS::MagicAuth

  Create a Magic Auth code.

• #create_organization_membership(user_id:, organization_id:, role_slug: nil, role_slugs: nil, role: nil, request_options: {}) ⇒ WorkOS::OrganizationMembership

  Create an organization membership.

• #create_redirect_uri(uri:, request_options: {}) ⇒ WorkOS::RedirectUri

  Create a redirect URI.

• #create_user(email:, first_name: nil, last_name: nil, email_verified: nil, metadata: nil, external_id: nil, password: nil, password_hash: nil, password_hash_type: nil, request_options: {}) ⇒ WorkOS::User

  Create a user.

• #deactivate_organization_membership(id:, request_options: {}) ⇒ WorkOS::OrganizationMembership

  Deactivate an organization membership.

• #delete_organization_membership(id:, request_options: {}) ⇒ void

  Delete an organization membership.

• #delete_user(id:, request_options: {}) ⇒ void

  Delete a user.

• #delete_user_authorized_application(application_id:, user_id:, request_options: {}) ⇒ void

  Delete an authorized application.

• #find_invitation_by_token(token:, request_options: {}) ⇒ WorkOS::UserInvite

  Find an invitation by token.

• #get_authorization_url(redirect_uri:, client_id: nil, provider: nil, connection_id: nil, organization_id: nil, domain_hint: nil, login_hint: nil, state: nil, screen_hint: nil, code_challenge: nil, code_challenge_method: nil, prompt: nil) ⇒ Object

  H09 — Build an AuthKit authorization URL (client-side, no HTTP call).

• #get_authorization_url_with_pkce(redirect_uri:, client_id: nil, **opts) ⇒ Object

  H10 — AuthKit authorization URL with auto-generated PKCE + state.

• #get_email_verification(id:, request_options: {}) ⇒ WorkOS::EmailVerification

  Get an email verification code.

• #get_invitation(id:, request_options: {}) ⇒ WorkOS::UserInvite

  Get an invitation.

• #get_jwks(client_id:, request_options: {}) ⇒ WorkOS::JwksResponse

  Get JWKS.

• #get_jwks_url(client_id: nil) ⇒ Object

  @oagen-ignore-start — non-spec helpers (hand-maintained) H13 — Build the JWKS URL for a given client_id (no HTTP call).

• #get_logout_url(session_id:, return_to: nil) ⇒ String

  Build the AuthKit logout redirect URL (client-side, no HTTP call).

• #get_magic_auth(id:, request_options: {}) ⇒ WorkOS::MagicAuth

  Get Magic Auth code details.

• #get_organization_membership(id:, request_options: {}) ⇒ WorkOS::UserOrganizationMembership

  Get an organization membership.

• #get_password_reset(id:, request_options: {}) ⇒ WorkOS::PasswordReset

  Get a password reset token.

• #get_user(id:, request_options: {}) ⇒ WorkOS::User

  Get a user.

• #get_user_by_external_id(external_id:, request_options: {}) ⇒ WorkOS::User

  Get a user by external ID.

• #get_user_identities(id:, request_options: {}) ⇒ Array<WorkOS::UserIdentitiesGetItem>

  Get user identities.

• #initialize(client) ⇒ UserManagement constructor

  A new instance of UserManagement.

• #list_invitations(before: nil, after: nil, limit: nil, order: "desc", organization_id: nil, email: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserInvite>

  List invitations.

• #list_organization_memberships(before: nil, after: nil, limit: nil, order: "desc", organization_id: nil, statuses: nil, user_id: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembership>

  List organization memberships.

• #list_sessions(id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserSessionsListItem>

  List sessions.

• #list_user_authorized_applications(user_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizedConnectApplicationListData>

  List authorized applications.

• #list_users(before: nil, after: nil, limit: nil, order: "desc", organization: nil, organization_id: nil, email: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::User>

  List users.

• #reactivate_organization_membership(id:, request_options: {}) ⇒ WorkOS::UserOrganizationMembership

  Reactivate an organization membership.

• #resend_invitation(id:, locale: nil, request_options: {}) ⇒ WorkOS::UserInvite

  Resend an invitation.

• #reset_password(email:, request_options: {}) ⇒ WorkOS::PasswordReset

  Create a password reset token.

• #revoke_invitation(id:, request_options: {}) ⇒ WorkOS::Invitation

  Revoke an invitation.

• #revoke_session(session_id:, return_to: nil, request_options: {}) ⇒ void

  Revoke Session.

• #send_email_change(id:, new_email:, request_options: {}) ⇒ WorkOS::EmailChange

  Send email change code.

• #send_invitation(email:, organization_id: nil, role_slug: nil, expires_in_days: nil, inviter_user_id: nil, locale: nil, request_options: {}) ⇒ WorkOS::UserInvite

  Send an invitation.

• #send_verification_email(id:, request_options: {}) ⇒ WorkOS::SendVerificationEmailResponse

  Send verification email.

• #update_jwt_template(content:, request_options: {}) ⇒ WorkOS::JWTTemplateResponse

  Update JWT template.

• #update_organization_membership(id:, role_slug: nil, role_slugs: nil, role: nil, request_options: {}) ⇒ WorkOS::UserOrganizationMembership

  Update an organization membership.

• #update_user(id:, email: nil, first_name: nil, last_name: nil, email_verified: nil, metadata: nil, external_id: nil, locale: nil, password: nil, password_hash: nil, password_hash_type: nil, request_options: {}) ⇒ WorkOS::User

  Update a user.

• #verify_email(id:, code:, request_options: {}) ⇒ WorkOS::VerifyEmailResponse

  Verify email.

Constructor Details

#initialize(client) ⇒ UserManagement

Returns a new instance of UserManagement.

# File 'lib/workos/user_management.rb', line 9

def initialize(client)
  @client = client
end

Instance Method Details

#accept_invitation(id:, request_options: {}) ⇒ WorkOS::Invitation

Accept an invitation

Parameters:

• id (String) —

  The unique ID of the invitation.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Invitation)

# File 'lib/workos/user_management.rb', line 1072

def accept_invitation(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :post,
    path: "/user_management/invitations/#{WorkOS::Util.encode_path(id)}/accept",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Invitation.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#authenticate_with_code(code:, code_verifier: nil, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with code.

Parameters:

• code (String)
• code_verifier (String, nil) (defaults to: nil)
• invitation_token (String, nil) (defaults to: nil)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 148

def authenticate_with_code(
  code:,
  code_verifier: nil,
  invitation_token: nil,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "authorization_code",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "code" => code,
    "code_verifier" => code_verifier,
    "invitation_token" => invitation_token,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_code_pkce(code:, code_verifier:, client_id: nil, ip_address: nil, user_agent: nil, request_options: {}) ⇒ Object

H11 — Exchange a code for tokens with PKCE support (public client; no secret). NOTE: Unlike the other authenticate_with_* helpers, this does NOT delegate to create_authenticate because PKCE is a public-client flow that requires auth: false (no Bearer token / API key in the Authorization header).

Raises:

• (ArgumentError)

# File 'lib/workos/user_management.rb', line 1553

def authenticate_with_code_pkce(code:, code_verifier:, client_id: nil, ip_address: nil, user_agent: nil, request_options: {})
  cid = client_id || @client.client_id
  raise ArgumentError, "client_id is required" if cid.nil? || cid.empty?
  body = {
    "grant_type" => "authorization_code",
    "client_id" => cid,
    "code" => code,
    "code_verifier" => code_verifier,
    "ip_address" => ip_address,
    "user_agent" => user_agent
  }.compact
  response = @client.request(method: :post, path: "/user_management/authenticate", auth: false, body: body, request_options: request_options)
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_device_code(device_code:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with device code.

Parameters:

• device_code (String)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 371

def authenticate_with_device_code(
  device_code:,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "urn:ietf:params:oauth:grant-type:device_code",
    "client_id" => @client.client_id,
    "device_code" => device_code,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_email_verification(code:, pending_authentication_token:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with email verification.

Parameters:

• code (String)
• pending_authentication_token (String)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 261

def authenticate_with_email_verification(
  code:,
  pending_authentication_token:,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "urn:workos:oauth:grant-type:email-verification:code",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "code" => code,
    "pending_authentication_token" => pending_authentication_token,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_magic_auth(code:, email:, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with magic auth.

Parameters:

• code (String)
• email (String)
• invitation_token (String, nil) (defaults to: nil)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 223

def authenticate_with_magic_auth(
  code:,
  email:,
  invitation_token: nil,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "urn:workos:oauth:grant-type:magic-auth:code",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "code" => code,
    "email" => email,
    "invitation_token" => invitation_token,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_organization_selection(pending_authentication_token:, organization_id:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with organization selection.

Parameters:

• pending_authentication_token (String)
• organization_id (String)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 336

def authenticate_with_organization_selection(
  pending_authentication_token:,
  organization_id:,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "urn:workos:oauth:grant-type:organization-selection",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "pending_authentication_token" => pending_authentication_token,
    "organization_id" => organization_id,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_password(email:, password:, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with password.

Parameters:

• email (String)
• password (String)
• invitation_token (String, nil) (defaults to: nil)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 109

def authenticate_with_password(
  email:,
  password:,
  invitation_token: nil,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "password",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "email" => email,
    "password" => password,
    "invitation_token" => invitation_token,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_refresh_token(refresh_token:, organization_id: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with refresh token.

Parameters:

• refresh_token (String)
• organization_id (String, nil) (defaults to: nil)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 186

def authenticate_with_refresh_token(
  refresh_token:,
  organization_id: nil,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "refresh_token",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "refresh_token" => refresh_token,
    "organization_id" => organization_id,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_totp(code:, pending_authentication_token:, authentication_challenge_id:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with totp.

Parameters:

• code (String)
• pending_authentication_token (String)
• authentication_challenge_id (String)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 298

def authenticate_with_totp(
  code:,
  pending_authentication_token:,
  authentication_challenge_id:,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "urn:workos:oauth:grant-type:mfa-totp",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "code" => code,
    "pending_authentication_token" => pending_authentication_token,
    "authentication_challenge_id" => authentication_challenge_id,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authorize_device(client_id: nil, request_options: {}) ⇒ WorkOS::DeviceAuthorizationResponse

H12 — Initiate the OAuth 2.0 device authorization flow.

Returns:

• (WorkOS::DeviceAuthorizationResponse)

Raises:

• (ArgumentError)

# File 'lib/workos/user_management.rb', line 1570

def authorize_device(client_id: nil, request_options: {})
  cid = client_id || @client.client_id
  raise ArgumentError, "client_id is required" if cid.nil? || cid.empty?
  body = {"client_id" => cid}
  response = @client.request(method: :post, path: "/oauth2/device_authorization", auth: false, body: body, request_options: request_options)
  WorkOS::DeviceAuthorizationResponse.new(response.body)
end

#confirm_email_change(id:, code:, request_options: {}) ⇒ WorkOS::EmailChangeConfirmation

Confirm email change

Parameters:

• id (String) —

  The unique ID of the user.

• code (String) —

  The one-time code used to confirm the email change.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::EmailChangeConfirmation)

# File 'lib/workos/user_management.rb', line 786

def confirm_email_change(
  id:,
  code:,
  request_options: {}
)
  body = {
    "code" => code
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_change/confirm",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::EmailChangeConfirmation.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#confirm_password_reset(token:, new_password:, request_options: {}) ⇒ WorkOS::ResetPasswordResponse

Reset the password

Parameters:

• token (String) —

  The password reset token.

• new_password (String) —

  The new password to set for the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::ResetPasswordResponse)

# File 'lib/workos/user_management.rb', line 513

def confirm_password_reset(
  token:,
  new_password:,
  request_options: {}
)
  body = {
    "token" => token,
    "new_password" => new_password
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/password_reset/confirm",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::ResetPasswordResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_authenticate(client_id:, grant_type:, client_secret: nil, code: nil, code_verifier: nil, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, email: nil, password: nil, refresh_token: nil, organization_id: nil, pending_authentication_token: nil, authentication_challenge_id: nil, device_code: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate

Parameters:

• client_id (String) —

  The client ID of the application.

• client_secret (String, nil) (defaults to: nil) —

  The client secret of the application.

• grant_type (String)
• code (String, nil) (defaults to: nil) —

  The authorization code received from the redirect.

• code_verifier (String, nil) (defaults to: nil) —

  The PKCE code verifier used to derive the code challenge passed to the authorization URL.

• invitation_token (String, nil) (defaults to: nil) —

  An invitation token to accept during authentication.

• ip_address (String, nil) (defaults to: nil) —

  The IP address of the user’s request.

• device_id (String, nil) (defaults to: nil) —

  A unique identifier for the device.

• user_agent (String, nil) (defaults to: nil) —

  The user agent string from the user’s browser.

• email (String, nil) (defaults to: nil) —

  The user’s email address.

• password (String, nil) (defaults to: nil) —

  The user’s password.

• refresh_token (String, nil) (defaults to: nil) —

  The refresh token to exchange for new tokens.

• organization_id (String, nil) (defaults to: nil) —

  The ID of the organization to scope the session to.

• pending_authentication_token (String, nil) (defaults to: nil) —

  The pending authentication token from a previous authentication attempt.

• authentication_challenge_id (String, nil) (defaults to: nil) —

  The ID of the MFA authentication challenge.

• device_code (String, nil) (defaults to: nil) —

  The device verification code.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 51

def create_authenticate(
  client_id:,
  grant_type:,
  client_secret: nil,
  code: nil,
  code_verifier: nil,
  invitation_token: nil,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  email: nil,
  password: nil,
  refresh_token: nil,
  organization_id: nil,
  pending_authentication_token: nil,
  authentication_challenge_id: nil,
  device_code: nil,
  request_options: {}
)
  body = {
    "client_id" => client_id,
    "client_secret" => client_secret,
    "grant_type" => grant_type,
    "code" => code,
    "code_verifier" => code_verifier,
    "invitation_token" => invitation_token,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent,
    "email" => email,
    "password" => password,
    "refresh_token" => refresh_token,
    "organization_id" => organization_id,
    "pending_authentication_token" => pending_authentication_token,
    "authentication_challenge_id" => authentication_challenge_id,
    "device_code" => device_code
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthenticateResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_cors_origin(origin:, request_options: {}) ⇒ WorkOS::CORSOriginResponse

Create a CORS origin

Parameters:

• origin (String) —

  The origin URL to allow for CORS requests.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::CORSOriginResponse)

# File 'lib/workos/user_management.rb', line 447

def create_cors_origin(
  origin:,
  request_options: {}
)
  body = {
    "origin" => origin
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/cors_origins",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::CORSOriginResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_device(client_id:, request_options: {}) ⇒ WorkOS::DeviceAuthorizationResponse

Get device authorization URL

Parameters:

• client_id (String) —

  The WorkOS client ID for your application.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::DeviceAuthorizationResponse)

# File 'lib/workos/user_management.rb', line 400

def create_device(
  client_id:,
  request_options: {}
)
  body = {
    "client_id" => client_id
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authorize/device",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::DeviceAuthorizationResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_magic_auth(email:, invitation_token: nil, request_options: {}) ⇒ WorkOS::MagicAuth

Create a Magic Auth code

Parameters:

• email (String) —

  The email address to send the magic code to.

• invitation_token (String, nil) (defaults to: nil) —

  The invitation token to associate with this magic code.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::MagicAuth)

# File 'lib/workos/user_management.rb', line 1159

def create_magic_auth(
  email:,
  invitation_token: nil,
  request_options: {}
)
  body = {
    "email" => email,
    "invitation_token" => invitation_token
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/magic_auth",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::MagicAuth.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_organization_membership(user_id:, organization_id:, role_slug: nil, role_slugs: nil, role: nil, request_options: {}) ⇒ WorkOS::OrganizationMembership

Create an organization membership

Parameters:

• user_id (String) —

  The ID of the [user](workos.com/docs/reference/authkit/user).

• organization_id (String) —

  The ID of the [organization](workos.com/docs/reference/organization) which the user belongs to.

• role_slug (String, nil) (defaults to: nil) —

  A single role identifier. Defaults to ‘member` or the explicit default role. Mutually exclusive with `role_slugs`.

• role_slugs (Array<String>, nil) (defaults to: nil) —

  An array of role identifiers. Limited to one role when Multiple Roles is disabled. Mutually exclusive with ‘role_slug`.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::OrganizationMembership)

# File 'lib/workos/user_management.rb', line 1262

def create_organization_membership(
  user_id:,
  organization_id:,
  role_slug: nil,
  role_slugs: nil,
  role: nil,
  request_options: {}
)
  body = {
    "user_id" => user_id,
    "organization_id" => organization_id,
    "role_slug" => role_slug,
    "role_slugs" => role_slugs
  }.compact
  if role
    case role[:type]
    when "single"
      body["role_slug"] = role[:role_slug]
    when "multiple"
      body["role_slugs"] = role[:role_slugs]
    end
  end
  response = @client.request(
    method: :post,
    path: "/user_management/organization_memberships",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::OrganizationMembership.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_redirect_uri(uri:, request_options: {}) ⇒ WorkOS::RedirectUri

Create a redirect URI

Parameters:

• uri (String) —

  The redirect URI to create.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::RedirectUri)

# File 'lib/workos/user_management.rb', line 1411

def create_redirect_uri(
  uri:,
  request_options: {}
)
  body = {
    "uri" => uri
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/redirect_uris",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::RedirectUri.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_user(email:, first_name: nil, last_name: nil, email_verified: nil, metadata: nil, external_id: nil, password: nil, password_hash: nil, password_hash_type: nil, request_options: {}) ⇒ WorkOS::User

Create a user

Parameters:

• email (String) —

  The email address of the user.

• first_name (String, nil) (defaults to: nil) —

  The first name of the user.

• last_name (String, nil) (defaults to: nil) —

  The last name of the user.

• email_verified (Boolean, nil) (defaults to: nil) —

  Whether the user’s email has been verified.

• metadata (Hash{String => String}, nil) (defaults to: nil) —

  Object containing metadata key/value pairs associated with the user.

• external_id (String, nil) (defaults to: nil) —

  The external ID of the user.

• password (String, nil) (defaults to: nil) —

  The password to set for the user. Mutually exclusive with ‘password_hash` and `password_hash_type`.

• password_hash (String, nil) (defaults to: nil) —

  The hashed password to set for the user. Required with ‘password_hash_type`. Mutually exclusive with `password`.

• password_hash_type (WorkOS::Types::CreateUserPasswordHashType, nil) (defaults to: nil) —

  The algorithm originally used to hash the password, used when providing a ‘password_hash`. Required with `password_hash`. Mutually exclusive with `password`.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::User)

# File 'lib/workos/user_management.rb', line 621

def create_user(
  email:,
  first_name: nil,
  last_name: nil,
  email_verified: nil,
  metadata: nil,
  external_id: nil,
  password: nil,
  password_hash: nil,
  password_hash_type: nil,
  request_options: {}
)
  body = {
    "email" => email,
    "first_name" => first_name,
    "last_name" => last_name,
    "email_verified" => email_verified,
    "metadata" => metadata,
    "external_id" => external_id,
    "password" => password,
    "password_hash" => password_hash,
    "password_hash_type" => password_hash_type
  }.compact
  if password
    case password[:type]
    when "plaintext"
      body["password"] = password[:password]
    when "hashed"
      body["password_hash"] = password[:password_hash]
      body["password_hash_type"] = password[:password_hash_type]
    end
  end
  response = @client.request(
    method: :post,
    path: "/user_management/users",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::User.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#deactivate_organization_membership(id:, request_options: {}) ⇒ WorkOS::OrganizationMembership

Deactivate an organization membership

Parameters:

• id (String) —

  The unique ID of the organization membership.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::OrganizationMembership)

# File 'lib/workos/user_management.rb', line 1373

def deactivate_organization_membership(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :put,
    path: "/user_management/organization_memberships/#{WorkOS::Util.encode_path(id)}/deactivate",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::OrganizationMembership.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#delete_organization_membership(id:, request_options: {}) ⇒ void

This method returns an undefined value.

Delete an organization membership

Parameters:

• id (String) —

  The unique ID of the organization membership.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/user_management.rb', line 1356

def delete_organization_membership(
  id:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/user_management/organization_memberships/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#delete_user(id:, request_options: {}) ⇒ void

This method returns an undefined value.

Delete a user

Parameters:

• id (String) —

  The unique ID of the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/user_management.rb', line 768

def delete_user(
  id:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#delete_user_authorized_application(application_id:, user_id:, request_options: {}) ⇒ void

This method returns an undefined value.

Delete an authorized application

Parameters:

• application_id (String) —

  The ID or client ID of the application.

• user_id (String) —

  The ID of the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/user_management.rb', line 1482

def delete_user_authorized_application(
  application_id:,
  user_id:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/user_management/users/#{WorkOS::Util.encode_path(user_id)}/authorized_applications/#{WorkOS::Util.encode_path(application_id)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#find_invitation_by_token(token:, request_options: {}) ⇒ WorkOS::UserInvite

Find an invitation by token

Parameters:

• token (String) —

  The token used to accept the invitation.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserInvite)

# File 'lib/workos/user_management.rb', line 1034

def find_invitation_by_token(
  token:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/invitations/by_token/#{WorkOS::Util.encode_path(token)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::UserInvite.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_authorization_url(redirect_uri:, client_id: nil, provider: nil, connection_id: nil, organization_id: nil, domain_hint: nil, login_hint: nil, state: nil, screen_hint: nil, code_challenge: nil, code_challenge_method: nil, prompt: nil) ⇒ Object

H09 — Build an AuthKit authorization URL (client-side, no HTTP call). Overrides the generated get_authorization_url which hits the API.

Raises:

• (ArgumentError)

# File 'lib/workos/user_management.rb', line 1508

def get_authorization_url(redirect_uri:, client_id: nil, provider: nil, connection_id: nil,
  organization_id: nil, domain_hint: nil, login_hint: nil,
  state: nil, screen_hint: nil, code_challenge: nil,
  code_challenge_method: nil, prompt: nil, **)
  cid = client_id || @client.client_id
  raise ArgumentError, "client_id is required (set on Client or pass explicitly)" if cid.nil? || cid.empty?
  raise ArgumentError, "provider, connection_id, or organization_id required" if provider.nil? && connection_id.nil? && organization_id.nil?
  params = {
    "client_id" => cid,
    "redirect_uri" => redirect_uri,
    "response_type" => "code",
    "provider" => provider,
    "connection_id" => connection_id,
    "organization_id" => organization_id,
    "domain_hint" => domain_hint,
    "login_hint" => login_hint,
    "state" => state,
    "screen_hint" => screen_hint,
    "code_challenge" => code_challenge,
    "code_challenge_method" => code_challenge_method,
    "prompt" => prompt
  }.compact
  build_url("/user_management/authorize", params)
end

#get_authorization_url_with_pkce(redirect_uri:, client_id: nil, **opts) ⇒ Object

H10 — AuthKit authorization URL with auto-generated PKCE + state. Returns [url, code_verifier, state].

# File 'lib/workos/user_management.rb', line 1535

def get_authorization_url_with_pkce(redirect_uri:, client_id: nil, **opts)
  pair = WorkOS::PKCE.generate_pair
  state = opts.delete(:state) || WorkOS::PKCE.generate_code_verifier
  url = get_authorization_url(
    redirect_uri: redirect_uri,
    client_id: client_id,
    state: state,
    code_challenge: pair[:code_challenge],
    code_challenge_method: "S256",
    **opts
  )
  [url, pair[:code_verifier], state]
end

#get_email_verification(id:, request_options: {}) ⇒ WorkOS::EmailVerification

Get an email verification code

Parameters:

• id (String) —

  The ID of the email verification code.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::EmailVerification)

# File 'lib/workos/user_management.rb', line 470

def get_email_verification(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/email_verification/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::EmailVerification.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_invitation(id:, request_options: {}) ⇒ WorkOS::UserInvite

Get an invitation

Parameters:

• id (String) —

  The unique ID of the invitation.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserInvite)

# File 'lib/workos/user_management.rb', line 1053

def get_invitation(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/invitations/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::UserInvite.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_jwks(client_id:, request_options: {}) ⇒ WorkOS::JwksResponse

Get JWKS

Parameters:

• client_id (String) —

  Identifies the application making the request to the WorkOS server. You can obtain your client ID from the [API Keys](dashboard.workos.com/api-keys) page in the dashboard.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::JwksResponse)

# File 'lib/workos/user_management.rb', line 17

def get_jwks(
  client_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/sso/jwks/#{WorkOS::Util.encode_path(client_id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::JwksResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_jwks_url(client_id: nil) ⇒ Object

@oagen-ignore-start — non-spec helpers (hand-maintained) H13 — Build the JWKS URL for a given client_id (no HTTP call). Pair with #get_jwks (generated) to fetch the keyset.

Raises:

• (ArgumentError)

# File 'lib/workos/user_management.rb', line 1499

def get_jwks_url(client_id: nil)
  cid = client_id || @client.client_id
  raise ArgumentError, "client_id is required" if cid.nil? || cid.empty?
  base = @client.base_url
  URI.join(base, "/sso/jwks/#{WorkOS::Util.encode_path(cid)}").to_s
end

#get_logout_url(session_id:, return_to: nil) ⇒ String

Build the AuthKit logout redirect URL (client-side, no HTTP call).

Parameters:

• session_id (String) —

  The session ID (from the ‘sid` claim of the access token).

• return_to (String, nil) (defaults to: nil) —

  URL to redirect the user to after session revocation.

Returns:

• (String)

# File 'lib/workos/user_management.rb', line 1586

def get_logout_url(session_id:, return_to: nil)
  params = {"session_id" => session_id}
  params["return_to"] = return_to if return_to
  build_url("/user_management/sessions/logout", params)
end

#get_magic_auth(id:, request_options: {}) ⇒ WorkOS::MagicAuth

Get Magic Auth code details

Parameters:

• id (String) —

  The unique ID of the Magic Auth code.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::MagicAuth)

# File 'lib/workos/user_management.rb', line 1184

def get_magic_auth(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/magic_auth/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::MagicAuth.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_organization_membership(id:, request_options: {}) ⇒ WorkOS::UserOrganizationMembership

Get an organization membership

Parameters:

• id (String) —

  The unique ID of the organization membership.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserOrganizationMembership)

# File 'lib/workos/user_management.rb', line 1300

def get_organization_membership(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/organization_memberships/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::UserOrganizationMembership.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_password_reset(id:, request_options: {}) ⇒ WorkOS::PasswordReset

Get a password reset token

Parameters:

• id (String) —

  The ID of the password reset token.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::PasswordReset)

# File 'lib/workos/user_management.rb', line 538

def get_password_reset(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/password_reset/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::PasswordReset.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_user(id:, request_options: {}) ⇒ WorkOS::User

Get a user

Parameters:

• id (String) —

  The unique ID of the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::User)

# File 'lib/workos/user_management.rb', line 688

def get_user(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::User.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_user_by_external_id(external_id:, request_options: {}) ⇒ WorkOS::User

Get a user by external ID

Parameters:

• external_id (String) —

  The external ID of the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::User)

# File 'lib/workos/user_management.rb', line 669

def get_user_by_external_id(
  external_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/users/external_id/#{WorkOS::Util.encode_path(external_id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::User.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_user_identities(id:, request_options: {}) ⇒ Array<WorkOS::UserIdentitiesGetItem>

Get user identities

Parameters:

• id (String) —

  The unique ID of the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (Array<WorkOS::UserIdentitiesGetItem>)

# File 'lib/workos/user_management.rb', line 879

def get_user_identities(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/identities",
    auth: true,
    request_options: request_options
  )
  parsed = JSON.parse(response.body)
  (parsed || []).map { |item| WorkOS::UserIdentitiesGetItem.new(item) }
end

#list_invitations(before: nil, after: nil, limit: nil, order: "desc", organization_id: nil, email: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserInvite>

List invitations

Parameters:

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `before=“obj_123”` to fetch a new batch of objects before `“obj_123”`.

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `after=“obj_123”` to fetch a new batch of objects after `“obj_123”`.

• limit (Integer, nil) (defaults to: nil) —

  Upper limit on the number of objects to return, between ‘1` and `100`.

• order (WorkOS::Types::UserManagementInvitationsOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are ‘“asc”` (ascending), `“desc”` (descending), and `“normal”` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.

• organization_id (String, nil) (defaults to: nil) —

  The ID of the [organization](workos.com/docs/reference/organization) that the recipient will join.

• email (String, nil) (defaults to: nil) —

  The email address of the recipient.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::UserInvite>)

# File 'lib/workos/user_management.rb', line 949

def list_invitations(
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  organization_id: nil,
  email: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "organization_id" => organization_id,
    "email" => email
  }.compact
  response = @client.request(
    method: :get,
    path: "/user_management/invitations",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_invitations(
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      organization_id: organization_id,
      email: email,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserInvite,
    filters: {before: before, limit: limit, order: order, organization_id: organization_id, email: email},
    fetch_next: fetch_next
  )
end

#list_organization_memberships(before: nil, after: nil, limit: nil, order: "desc", organization_id: nil, statuses: nil, user_id: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembership>

List organization memberships

Parameters:

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `before=“obj_123”` to fetch a new batch of objects before `“obj_123”`.

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `after=“obj_123”` to fetch a new batch of objects after `“obj_123”`.

• limit (Integer, nil) (defaults to: nil) —

  Upper limit on the number of objects to return, between ‘1` and `100`.

• order (WorkOS::Types::UserManagementOrganizationMembershipOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are ‘“asc”` (ascending), `“desc”` (descending), and `“normal”` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.

• organization_id (String, nil) (defaults to: nil) —

  The ID of the [organization](workos.com/docs/reference/organization) which the user belongs to.

• statuses (Array<WorkOS::Types::UserManagementOrganizationMembershipStatuses>, nil) (defaults to: nil) —

  Filter by the status of the organization membership. Array including any of ‘active`, `inactive`, or `pending`.

• user_id (String, nil) (defaults to: nil) —

  The ID of the [user](workos.com/docs/reference/authkit/user).

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembership>)

# File 'lib/workos/user_management.rb', line 1209

def list_organization_memberships(
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  organization_id: nil,
  statuses: nil,
  user_id: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "organization_id" => organization_id,
    "statuses" => statuses,
    "user_id" => user_id
  }.compact
  response = @client.request(
    method: :get,
    path: "/user_management/organization_memberships",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_organization_memberships(
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      organization_id: organization_id,
      statuses: statuses,
      user_id: user_id,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserOrganizationMembership,
    filters: {before: before, limit: limit, order: order, organization_id: organization_id, statuses: statuses, user_id: user_id},
    fetch_next: fetch_next
  )
end

#list_sessions(id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserSessionsListItem>

List sessions

Parameters:

• id (String) —

  The ID of the user.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `before=“obj_123”` to fetch a new batch of objects before `“obj_123”`.

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `after=“obj_123”` to fetch a new batch of objects after `“obj_123”`.

• limit (Integer, nil) (defaults to: nil) —

  Upper limit on the number of objects to return, between ‘1` and `100`.

• order (WorkOS::Types::UserManagementUsersOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are ‘“asc”` (ascending), `“desc”` (descending), and `“normal”` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::UserSessionsListItem>)

# File 'lib/workos/user_management.rb', line 901

def list_sessions(
  id:,
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/sessions",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_sessions(
      id: id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserSessionsListItem,
    filters: {id: id, before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_user_authorized_applications(user_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizedConnectApplicationListData>

List authorized applications

Parameters:

• user_id (String) —

  The ID of the user.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `before=“obj_123”` to fetch a new batch of objects before `“obj_123”`.

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `after=“obj_123”` to fetch a new batch of objects after `“obj_123”`.

• limit (Integer, nil) (defaults to: nil) —

  Upper limit on the number of objects to return, between ‘1` and `100`.

• order (WorkOS::Types::UserManagementUsersAuthorizedApplicationsOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are ‘“asc”` (ascending), `“desc”` (descending), and `“normal”` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::AuthorizedConnectApplicationListData>)

# File 'lib/workos/user_management.rb', line 1438

def list_user_authorized_applications(
  user_id:,
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/user_management/users/#{WorkOS::Util.encode_path(user_id)}/authorized_applications",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_user_authorized_applications(
      user_id: user_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizedConnectApplicationListData,
    filters: {user_id: user_id, before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_users(before: nil, after: nil, limit: nil, order: "desc", organization: nil, organization_id: nil, email: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::User>

List users

Parameters:

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `before=“obj_123”` to fetch a new batch of objects before `“obj_123”`.

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `after=“obj_123”` to fetch a new batch of objects after `“obj_123”`.

• limit (Integer, nil) (defaults to: nil) —

  Upper limit on the number of objects to return, between ‘1` and `100`.

• order (WorkOS::Types::UserManagementUsersOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are ‘“asc”` (ascending), `“desc”` (descending), and `“normal”` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.

• organization (String, nil) (defaults to: nil) —

  (deprecated) Filter users by the organization they are a member of. Deprecated in favor of ‘organization_id`.

• organization_id (String, nil) (defaults to: nil) —

  Filter users by the organization they are a member of.

• email (String, nil) (defaults to: nil) —

  Filter users by their email address.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::User>)

# File 'lib/workos/user_management.rb', line 563

def list_users(
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  organization: nil,
  organization_id: nil,
  email: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "organization" => organization,
    "organization_id" => organization_id,
    "email" => email
  }.compact
  response = @client.request(
    method: :get,
    path: "/user_management/users",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_users(
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      organization: organization,
      organization_id: organization_id,
      email: email,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::User,
    filters: {before: before, limit: limit, order: order, organization: organization, organization_id: organization_id, email: email},
    fetch_next: fetch_next
  )
end

#reactivate_organization_membership(id:, request_options: {}) ⇒ WorkOS::UserOrganizationMembership

Reactivate an organization membership

Parameters:

• id (String) —

  The unique ID of the organization membership.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserOrganizationMembership)

# File 'lib/workos/user_management.rb', line 1392

def reactivate_organization_membership(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :put,
    path: "/user_management/organization_memberships/#{WorkOS::Util.encode_path(id)}/reactivate",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::UserOrganizationMembership.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#resend_invitation(id:, locale: nil, request_options: {}) ⇒ WorkOS::UserInvite

Resend an invitation

Parameters:

• id (String) —

  The unique ID of the invitation.

• locale (WorkOS::Types::ResendUserInviteOptionsLocale, nil) (defaults to: nil) —

  The locale to use when rendering the invitation email. See [supported locales](workos.com/docs/authkit/hosted-ui/localization).

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserInvite)

# File 'lib/workos/user_management.rb', line 1092

def resend_invitation(
  id:,
  locale: nil,
  request_options: {}
)
  body = {
    "locale" => locale
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/invitations/#{WorkOS::Util.encode_path(id)}/resend",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::UserInvite.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#reset_password(email:, request_options: {}) ⇒ WorkOS::PasswordReset

Create a password reset token

Parameters:

• email (String) —

  The email address of the user requesting a password reset.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::PasswordReset)

# File 'lib/workos/user_management.rb', line 489

def reset_password(
  email:,
  request_options: {}
)
  body = {
    "email" => email
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/password_reset",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::PasswordReset.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#revoke_invitation(id:, request_options: {}) ⇒ WorkOS::Invitation

Revoke an invitation

Parameters:

• id (String) —

  The unique ID of the invitation.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Invitation)

# File 'lib/workos/user_management.rb', line 1116

def revoke_invitation(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :post,
    path: "/user_management/invitations/#{WorkOS::Util.encode_path(id)}/revoke",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Invitation.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#revoke_session(session_id:, return_to: nil, request_options: {}) ⇒ void

This method returns an undefined value.

Revoke Session

Parameters:

• session_id (String) —

  The ID of the session to revoke. This can be extracted from the ‘sid` claim of the access token.

• return_to (String, nil) (defaults to: nil) —

  The URL to redirect the user to after session revocation.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/user_management.rb', line 424

def revoke_session(
  session_id:,
  return_to: nil,
  request_options: {}
)
  body = {
    "session_id" => session_id,
    "return_to" => return_to
  }.compact
  @client.request(
    method: :post,
    path: "/user_management/sessions/revoke",
    auth: true,
    body: body,
    request_options: request_options
  )
  nil
end

#send_email_change(id:, new_email:, request_options: {}) ⇒ WorkOS::EmailChange

Send email change code

Parameters:

• id (String) —

  The unique ID of the user.

• new_email (String) —

  The new email address to change to.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::EmailChange)

# File 'lib/workos/user_management.rb', line 811

def send_email_change(
  id:,
  new_email:,
  request_options: {}
)
  body = {
    "new_email" => new_email
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_change/send",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::EmailChange.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#send_invitation(email:, organization_id: nil, role_slug: nil, expires_in_days: nil, inviter_user_id: nil, locale: nil, request_options: {}) ⇒ WorkOS::UserInvite

Send an invitation

Parameters:

• email (String) —

  The email address of the recipient.

• organization_id (String, nil) (defaults to: nil) —

  The ID of the [organization](workos.com/docs/reference/organization) that the recipient will join.

• role_slug (String, nil) (defaults to: nil) —

  The [role](workos.com/docs/authkit/roles) that the recipient will receive when they join the organization in the invitation.

• expires_in_days (Integer, nil) (defaults to: nil) —

  How many days the invitations will be valid for. Must be between 1 and 30 days. Defaults to 7 days if not specified.

• inviter_user_id (String, nil) (defaults to: nil) —

  The ID of the [user](workos.com/docs/reference/authkit/user) who invites the recipient. The invitation email will mention the name of this user.

• locale (WorkOS::Types::CreateUserInviteOptionsLocale, nil) (defaults to: nil) —

  The locale to use when rendering the invitation email. See [supported locales](workos.com/docs/authkit/hosted-ui/localization).

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserInvite)

# File 'lib/workos/user_management.rb', line 1001

def send_invitation(
  email:,
  organization_id: nil,
  role_slug: nil,
  expires_in_days: nil,
  inviter_user_id: nil,
  locale: nil,
  request_options: {}
)
  body = {
    "email" => email,
    "organization_id" => organization_id,
    "role_slug" => role_slug,
    "expires_in_days" => expires_in_days,
    "inviter_user_id" => inviter_user_id,
    "locale" => locale
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/invitations",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::UserInvite.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#send_verification_email(id:, request_options: {}) ⇒ WorkOS::SendVerificationEmailResponse

Send verification email

Parameters:

• id (String) —

  The ID of the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::SendVerificationEmailResponse)

# File 'lib/workos/user_management.rb', line 860

def send_verification_email(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :post,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_verification/send",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::SendVerificationEmailResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_jwt_template(content:, request_options: {}) ⇒ WorkOS::JWTTemplateResponse

Update JWT template

Parameters:

• content (String) —

  The JWT template content as a Liquid template string.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::JWTTemplateResponse)

# File 'lib/workos/user_management.rb', line 1135

def update_jwt_template(
  content:,
  request_options: {}
)
  body = {
    "content" => content
  }.compact
  response = @client.request(
    method: :put,
    path: "/user_management/jwt_template",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::JWTTemplateResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_organization_membership(id:, role_slug: nil, role_slugs: nil, role: nil, request_options: {}) ⇒ WorkOS::UserOrganizationMembership

Update an organization membership

Parameters:

• id (String) —

  The unique ID of the organization membership.

• role_slug (String, nil) (defaults to: nil) —

  A single role identifier. Defaults to ‘member` or the explicit default role. Mutually exclusive with `role_slugs`.

• role_slugs (Array<String>, nil) (defaults to: nil) —

  An array of role identifiers. Limited to one role when Multiple Roles is disabled. Mutually exclusive with ‘role_slug`.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserOrganizationMembership)

# File 'lib/workos/user_management.rb', line 1321

def update_organization_membership(
  id:,
  role_slug: nil,
  role_slugs: nil,
  role: nil,
  request_options: {}
)
  body = {
    "role_slug" => role_slug,
    "role_slugs" => role_slugs
  }.compact
  if role
    case role[:type]
    when "single"
      body["role_slug"] = role[:role_slug]
    when "multiple"
      body["role_slugs"] = role[:role_slugs]
    end
  end
  response = @client.request(
    method: :put,
    path: "/user_management/organization_memberships/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::UserOrganizationMembership.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_user(id:, email: nil, first_name: nil, last_name: nil, email_verified: nil, metadata: nil, external_id: nil, locale: nil, password: nil, password_hash: nil, password_hash_type: nil, request_options: {}) ⇒ WorkOS::User

Update a user

Parameters:

• id (String) —

  The unique ID of the user.

• email (String, nil) (defaults to: nil) —

  The email address of the user.

• first_name (String, nil) (defaults to: nil) —

  The first name of the user.

• last_name (String, nil) (defaults to: nil) —

  The last name of the user.

• email_verified (Boolean, nil) (defaults to: nil) —

  Whether the user’s email has been verified.

• metadata (Hash{String => String}, nil) (defaults to: nil) —

  Object containing metadata key/value pairs associated with the user.

• external_id (String, nil) (defaults to: nil) —

  The external ID of the user.

• locale (String, nil) (defaults to: nil) —

  The user’s preferred locale.

• password (String, nil) (defaults to: nil) —

  The password to set for the user. Mutually exclusive with ‘password_hash` and `password_hash_type`.

• password_hash (String, nil) (defaults to: nil) —

  The hashed password to set for the user. Required with ‘password_hash_type`. Mutually exclusive with `password`.

• password_hash_type (WorkOS::Types::UpdateUserPasswordHashType, nil) (defaults to: nil) —

  The algorithm originally used to hash the password, used when providing a ‘password_hash`. Required with `password_hash`. Mutually exclusive with `password`.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::User)

# File 'lib/workos/user_management.rb', line 717

def update_user(
  id:,
  email: nil,
  first_name: nil,
  last_name: nil,
  email_verified: nil,
  metadata: nil,
  external_id: nil,
  locale: nil,
  password: nil,
  password_hash: nil,
  password_hash_type: nil,
  request_options: {}
)
  body = {
    "email" => email,
    "first_name" => first_name,
    "last_name" => last_name,
    "email_verified" => email_verified,
    "metadata" => metadata,
    "external_id" => external_id,
    "locale" => locale,
    "password" => password,
    "password_hash" => password_hash,
    "password_hash_type" => password_hash_type
  }.compact
  if password
    case password[:type]
    when "plaintext"
      body["password"] = password[:password]
    when "hashed"
      body["password_hash"] = password[:password_hash]
      body["password_hash_type"] = password[:password_hash_type]
    end
  end
  response = @client.request(
    method: :put,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::User.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#verify_email(id:, code:, request_options: {}) ⇒ WorkOS::VerifyEmailResponse

Verify email

Parameters:

• id (String) —

  The ID of the user.

• code (String) —

  The one-time email verification code.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::VerifyEmailResponse)

# File 'lib/workos/user_management.rb', line 836

def verify_email(
  id:,
  code:,
  request_options: {}
)
  body = {
    "code" => code
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_verification/confirm",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::VerifyEmailResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end