Class: WorkOS::UserManagement

Inherits:

Object

• Object
• WorkOS::UserManagement

Defined in:

lib/workos/user_management.rb

Defined Under Namespace

Classes: PasswordHashed, PasswordPlaintext, RoleMultiple, RoleSingle

Instance Attribute Summary

• #password ⇒ String readonly
• #password_hash ⇒ String readonly
• #password_hash_type ⇒ WorkOS::Types::CreateUserPasswordHashType readonly
• #role_slug ⇒ String readonly
• #role_slugs ⇒ Array<String> readonly

Instance Method Summary

• #accept_invitation(id:, request_options: {}) ⇒ WorkOS::Invitation

  Accept an invitation.

• #authenticate_with_code(code:, code_verifier: nil, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with code.

• #authenticate_with_code_pkce(code:, code_verifier:, client_id: nil, ip_address: nil, user_agent: nil, request_options: {}) ⇒ Object

  H11 — Exchange a code for tokens with PKCE support (public client; no secret).

• #authenticate_with_device_code(device_code:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with device code.

• #authenticate_with_email_verification(code:, pending_authentication_token:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with email verification.

• #authenticate_with_magic_auth(code:, email:, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with magic auth.

• #authenticate_with_organization_selection(pending_authentication_token:, organization_id:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with organization selection.

• #authenticate_with_password(email:, password:, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with password.

• #authenticate_with_refresh_token(refresh_token:, organization_id: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with refresh token.

• #authenticate_with_totp(code:, pending_authentication_token:, authentication_challenge_id:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate with totp.

• #authorize_device(client_id: nil, request_options: {}) ⇒ WorkOS::DeviceAuthorizationResponse

  H12 — Initiate the OAuth 2.0 device authorization flow.

• #confirm_email_change(id:, code:, request_options: {}) ⇒ WorkOS::EmailChangeConfirmation

  Confirm email change.

• #confirm_password_reset(token:, new_password:, request_options: {}) ⇒ WorkOS::ResetPasswordResponse

  Reset the password.

• #create_authenticate(client_id:, grant_type:, client_secret: nil, code: nil, code_verifier: nil, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, email: nil, password: nil, refresh_token: nil, organization_id: nil, pending_authentication_token: nil, authentication_challenge_id: nil, device_code: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

  Authenticate.

• #create_cors_origin(origin:, request_options: {}) ⇒ WorkOS::CORSOriginResponse

  Create a CORS origin.

• #create_device(client_id:, request_options: {}) ⇒ WorkOS::DeviceAuthorizationResponse

  Get device authorization URL.

• #create_magic_auth(email:, invitation_token: nil, request_options: {}) ⇒ WorkOS::MagicAuth

  Create a Magic Auth code.

• #create_organization_membership(user_id:, organization_id:, role: nil, request_options: {}) ⇒ WorkOS::OrganizationMembership

  Create an organization membership.

• #create_redirect_uri(uri:, request_options: {}) ⇒ WorkOS::RedirectUri

  Create a redirect URI.

• #create_user(email:, first_name: nil, last_name: nil, email_verified: nil, metadata: nil, external_id: nil, password: nil, request_options: {}) ⇒ WorkOS::User

  Create a user.

• #create_user_api_key(user_id:, name:, organization_id:, permissions: nil, request_options: {}) ⇒ WorkOS::UserApiKeyWithValue

  Create an API key for a user.

• #deactivate_organization_membership(id:, request_options: {}) ⇒ WorkOS::OrganizationMembership

  Deactivate an organization membership.

• #delete_organization_membership(id:, request_options: {}) ⇒ void

  Delete an organization membership.

• #delete_user(id:, request_options: {}) ⇒ void

  Delete a user.

• #delete_user_authorized_application(application_id:, user_id:, request_options: {}) ⇒ void

  Delete an authorized application.

• #find_invitation_by_token(token:, request_options: {}) ⇒ WorkOS::UserInvite

  Find an invitation by token.

• #get_authorization_url(redirect_uri:, client_id: nil, provider: nil, connection_id: nil, organization_id: nil, domain_hint: nil, login_hint: nil, state: nil, screen_hint: nil, code_challenge: nil, code_challenge_method: nil, prompt: nil) ⇒ Object

  H09 — Build an AuthKit authorization URL (client-side, no HTTP call).

• #get_authorization_url_with_pkce(redirect_uri:, client_id: nil, **opts) ⇒ Object

  H10 — AuthKit authorization URL with auto-generated PKCE + state.

• #get_email_verification(id:, request_options: {}) ⇒ WorkOS::EmailVerification

  Get an email verification code.

• #get_invitation(id:, request_options: {}) ⇒ WorkOS::UserInvite

  Get an invitation.

• #get_jwks(client_id:, request_options: {}) ⇒ WorkOS::JwksResponse

  Get JWKS.

• #get_jwks_url(client_id: nil) ⇒ Object

  @oagen-ignore-start — non-spec helpers (hand-maintained) H13 — Build the JWKS URL for a given client_id (no HTTP call).

• #get_logout_url(session_id:, return_to: nil) ⇒ String

  Build the AuthKit logout redirect URL (client-side, no HTTP call).

• #get_magic_auth(id:, request_options: {}) ⇒ WorkOS::MagicAuth

  Get Magic Auth code details.

• #get_organization_membership(id:, request_options: {}) ⇒ WorkOS::UserOrganizationMembership

  Get an organization membership.

• #get_password_reset(id:, request_options: {}) ⇒ WorkOS::PasswordReset

  Get a password reset token.

• #get_user(id:, request_options: {}) ⇒ WorkOS::User

  Get a user.

• #get_user_by_external_id(external_id:, request_options: {}) ⇒ WorkOS::User

  Get a user by external ID.

• #get_user_identities(id:, request_options: {}) ⇒ Array<WorkOS::UserIdentitiesGetItem>

  Get user identities.

• #initialize(client) ⇒ UserManagement constructor

  A new instance of UserManagement.

• #list_invitations(before: nil, after: nil, limit: 10, order: "desc", organization_id: nil, email: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserInvite>

  List invitations.

• #list_jwt_template(request_options: {}) ⇒ WorkOS::JWTTemplateResponse

  Get JWT template.

• #list_organization_memberships(before: nil, after: nil, limit: 10, order: "desc", organization_id: nil, statuses: nil, user_id: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembership>

  List organization memberships.

• #list_sessions(id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserSessionsListItem>

  List sessions.

• #list_user_api_keys(user_id:, before: nil, after: nil, limit: 10, order: "desc", organization_id: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserApiKey>

  List API keys for a user.

• #list_user_authorized_applications(user_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizedConnectApplicationListData>

  List authorized applications.

• #list_users(before: nil, after: nil, limit: 10, order: "desc", organization: nil, organization_id: nil, email: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::User>

  List users.

• #reactivate_organization_membership(id:, request_options: {}) ⇒ WorkOS::UserOrganizationMembership

  Reactivate an organization membership.

• #resend_invitation(id:, locale: nil, request_options: {}) ⇒ WorkOS::UserInvite

  Resend an invitation.

• #reset_password(email:, request_options: {}) ⇒ WorkOS::PasswordReset

  Create a password reset token.

• #revoke_invitation(id:, request_options: {}) ⇒ WorkOS::Invitation

  Revoke an invitation.

• #revoke_session(session_id:, return_to: nil, request_options: {}) ⇒ void

  Revoke Session.

• #send_email_change(id:, new_email:, request_options: {}) ⇒ WorkOS::EmailChange

  Send email change code.

• #send_invitation(email:, organization_id: nil, role_slug: nil, expires_in_days: nil, inviter_user_id: nil, locale: nil, request_options: {}) ⇒ WorkOS::UserInvite

  Send an invitation.

• #send_verification_email(id:, request_options: {}) ⇒ WorkOS::SendVerificationEmailResponse

  Send verification email.

• #update_jwt_template(content:, request_options: {}) ⇒ WorkOS::JWTTemplateResponse

  Update JWT template.

• #update_organization_membership(id:, role: nil, request_options: {}) ⇒ WorkOS::UserOrganizationMembership

  Update an organization membership.

• #update_user(id:, email: nil, first_name: nil, last_name: nil, email_verified: nil, metadata: nil, external_id: nil, locale: nil, password: nil, request_options: {}) ⇒ WorkOS::User

  Update a user.

• #verify_email(id:, code:, request_options: {}) ⇒ WorkOS::VerifyEmailResponse

  Verify email.

Constructor Details

#initialize(client) ⇒ UserManagement

Returns a new instance of UserManagement.

# File 'lib/workos/user_management.rb', line 35

def initialize(client)
  @client = client
end

Instance Attribute Details

#password ⇒ String (readonly)

Returns:

• (String)

# File 'lib/workos/user_management.rb', line 13

PasswordPlaintext = Data.define(:password)

#password_hash ⇒ String (readonly)

Returns:

• (String)

# File 'lib/workos/user_management.rb', line 21

PasswordHashed = Data.define(:password_hash, :password_hash_type)

#password_hash_type ⇒ WorkOS::Types::CreateUserPasswordHashType (readonly)

Returns:

• (WorkOS::Types::CreateUserPasswordHashType)

# File 'lib/workos/user_management.rb', line 21

PasswordHashed = Data.define(:password_hash, :password_hash_type)

#role_slug ⇒ String (readonly)

Returns:

• (String)

# File 'lib/workos/user_management.rb', line 27

RoleSingle = Data.define(:role_slug)

#role_slugs ⇒ Array<String> (readonly)

Returns:

• (Array<String>)

# File 'lib/workos/user_management.rb', line 33

RoleMultiple = Data.define(:role_slugs)

Instance Method Details

#accept_invitation(id:, request_options: {}) ⇒ WorkOS::Invitation

Accept an invitation

Parameters:

• id (String) —

  The unique ID of the invitation.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Invitation)

# File 'lib/workos/user_management.rb', line 1088

def accept_invitation(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :post,
    path: "/user_management/invitations/#{WorkOS::Util.encode_path(id)}/accept",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Invitation.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#authenticate_with_code(code:, code_verifier: nil, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with code.

Parameters:

• code (String)
• code_verifier (String, nil) (defaults to: nil)
• invitation_token (String, nil) (defaults to: nil)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 174

def authenticate_with_code(
  code:,
  code_verifier: nil,
  invitation_token: nil,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "authorization_code",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "code" => code,
    "code_verifier" => code_verifier,
    "invitation_token" => invitation_token,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_code_pkce(code:, code_verifier:, client_id: nil, ip_address: nil, user_agent: nil, request_options: {}) ⇒ Object

H11 — Exchange a code for tokens with PKCE support (public client; no secret). NOTE: Unlike the other authenticate_with_* helpers, this does NOT delegate to create_authenticate because PKCE is a public-client flow that requires auth: false (no Bearer token / API key in the Authorization header).

Raises:

• (ArgumentError)

# File 'lib/workos/user_management.rb', line 1659

def authenticate_with_code_pkce(code:, code_verifier:, client_id: nil, ip_address: nil, user_agent: nil, request_options: {})
  cid = client_id || @client.client_id
  raise ArgumentError, "client_id is required" if cid.nil? || cid.empty?
  body = {
    "grant_type" => "authorization_code",
    "client_id" => cid,
    "code" => code,
    "code_verifier" => code_verifier,
    "ip_address" => ip_address,
    "user_agent" => user_agent
  }.compact
  response = @client.request(method: :post, path: "/user_management/authenticate", auth: false, body: body, request_options: request_options)
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_device_code(device_code:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with device code.

Parameters:

• device_code (String)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 397

def authenticate_with_device_code(
  device_code:,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "urn:ietf:params:oauth:grant-type:device_code",
    "client_id" => @client.client_id,
    "device_code" => device_code,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_email_verification(code:, pending_authentication_token:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with email verification.

Parameters:

• code (String)
• pending_authentication_token (String)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 287

def authenticate_with_email_verification(
  code:,
  pending_authentication_token:,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "urn:workos:oauth:grant-type:email-verification:code",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "code" => code,
    "pending_authentication_token" => pending_authentication_token,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_magic_auth(code:, email:, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with magic auth.

Parameters:

• code (String)
• email (String)
• invitation_token (String, nil) (defaults to: nil)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 249

def authenticate_with_magic_auth(
  code:,
  email:,
  invitation_token: nil,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "urn:workos:oauth:grant-type:magic-auth:code",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "code" => code,
    "email" => email,
    "invitation_token" => invitation_token,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_organization_selection(pending_authentication_token:, organization_id:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with organization selection.

Parameters:

• pending_authentication_token (String)
• organization_id (String)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 362

def authenticate_with_organization_selection(
  pending_authentication_token:,
  organization_id:,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "urn:workos:oauth:grant-type:organization-selection",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "pending_authentication_token" => pending_authentication_token,
    "organization_id" => organization_id,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_password(email:, password:, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with password.

Parameters:

• email (String)
• password (String)
• invitation_token (String, nil) (defaults to: nil)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 135

def authenticate_with_password(
  email:,
  password:,
  invitation_token: nil,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "password",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "email" => email,
    "password" => password,
    "invitation_token" => invitation_token,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_refresh_token(refresh_token:, organization_id: nil, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with refresh token.

Parameters:

• refresh_token (String)
• organization_id (String, nil) (defaults to: nil)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 212

def authenticate_with_refresh_token(
  refresh_token:,
  organization_id: nil,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "refresh_token",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "refresh_token" => refresh_token,
    "organization_id" => organization_id,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authenticate_with_totp(code:, pending_authentication_token:, authentication_challenge_id:, ip_address: nil, device_id: nil, user_agent: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate with totp.

Parameters:

• code (String)
• pending_authentication_token (String)
• authentication_challenge_id (String)
• ip_address (String, nil) (defaults to: nil)
• device_id (String, nil) (defaults to: nil)
• user_agent (String, nil) (defaults to: nil)
• request_options (Hash) (defaults to: {}) —

  Per-request overrides.

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 324

def authenticate_with_totp(
  code:,
  pending_authentication_token:,
  authentication_challenge_id:,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  request_options: {}
)
  body = {
    "grant_type" => "urn:workos:oauth:grant-type:mfa-totp",
    "client_id" => @client.client_id,
    "client_secret" => @client.api_key,
    "code" => code,
    "pending_authentication_token" => pending_authentication_token,
    "authentication_challenge_id" => authentication_challenge_id,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::AuthenticateResponse.new(response.body)
end

#authorize_device(client_id: nil, request_options: {}) ⇒ WorkOS::DeviceAuthorizationResponse

H12 — Initiate the OAuth 2.0 device authorization flow.

Returns:

• (WorkOS::DeviceAuthorizationResponse)

Raises:

• (ArgumentError)

# File 'lib/workos/user_management.rb', line 1676

def authorize_device(client_id: nil, request_options: {})
  cid = client_id || @client.client_id
  raise ArgumentError, "client_id is required" if cid.nil? || cid.empty?
  body = {"client_id" => cid}
  response = @client.request(method: :post, path: "/oauth2/device_authorization", auth: false, body: body, request_options: request_options)
  WorkOS::DeviceAuthorizationResponse.new(response.body)
end

#confirm_email_change(id:, code:, request_options: {}) ⇒ WorkOS::EmailChangeConfirmation

Confirm email change

Parameters:

• id (String) —

  The unique ID of the user.

• code (String) —

  The one-time code used to confirm the email change.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::EmailChangeConfirmation)

# File 'lib/workos/user_management.rb', line 802

def confirm_email_change(
  id:,
  code:,
  request_options: {}
)
  body = {
    "code" => code
  }
  response = @client.request(
    method: :post,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_change/confirm",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::EmailChangeConfirmation.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#confirm_password_reset(token:, new_password:, request_options: {}) ⇒ WorkOS::ResetPasswordResponse

Reset the password

Parameters:

• token (String) —

  The password reset token.

• new_password (String) —

  The new password to set for the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::ResetPasswordResponse)

# File 'lib/workos/user_management.rb', line 539

def confirm_password_reset(
  token:,
  new_password:,
  request_options: {}
)
  body = {
    "token" => token,
    "new_password" => new_password
  }
  response = @client.request(
    method: :post,
    path: "/user_management/password_reset/confirm",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::ResetPasswordResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_authenticate(client_id:, grant_type:, client_secret: nil, code: nil, code_verifier: nil, invitation_token: nil, ip_address: nil, device_id: nil, user_agent: nil, email: nil, password: nil, refresh_token: nil, organization_id: nil, pending_authentication_token: nil, authentication_challenge_id: nil, device_code: nil, request_options: {}) ⇒ WorkOS::AuthenticateResponse

Authenticate

Parameters:

• client_id (String) —

  The client ID of the application.

• client_secret (String, nil) (defaults to: nil) —

  The client secret of the application.

• grant_type (String)
• code (String, nil) (defaults to: nil) —

  The authorization code received from the redirect.

• code_verifier (String, nil) (defaults to: nil) —

  The PKCE code verifier used to derive the code challenge passed to the authorization URL.

• invitation_token (String, nil) (defaults to: nil) —

  An invitation token to accept during authentication.

• ip_address (String, nil) (defaults to: nil) —

  The IP address of the user's request.

• device_id (String, nil) (defaults to: nil) —

  A unique identifier for the device.

• user_agent (String, nil) (defaults to: nil) —

  The user agent string from the user's browser.

• email (String, nil) (defaults to: nil) —

  The user's email address.

• password (String, nil) (defaults to: nil) —

  The user's password.

• refresh_token (String, nil) (defaults to: nil) —

  The refresh token to exchange for new tokens.

• organization_id (String, nil) (defaults to: nil) —

  The ID of the organization to scope the session to.

• pending_authentication_token (String, nil) (defaults to: nil) —

  The pending authentication token from a previous authentication attempt.

• authentication_challenge_id (String, nil) (defaults to: nil) —

  The ID of the MFA authentication challenge.

• device_code (String, nil) (defaults to: nil) —

  The device verification code.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::AuthenticateResponse)

# File 'lib/workos/user_management.rb', line 77

def create_authenticate(
  client_id:,
  grant_type:,
  client_secret: nil,
  code: nil,
  code_verifier: nil,
  invitation_token: nil,
  ip_address: nil,
  device_id: nil,
  user_agent: nil,
  email: nil,
  password: nil,
  refresh_token: nil,
  organization_id: nil,
  pending_authentication_token: nil,
  authentication_challenge_id: nil,
  device_code: nil,
  request_options: {}
)
  body = {
    "client_id" => client_id,
    "client_secret" => client_secret,
    "grant_type" => grant_type,
    "code" => code,
    "code_verifier" => code_verifier,
    "invitation_token" => invitation_token,
    "ip_address" => ip_address,
    "device_id" => device_id,
    "user_agent" => user_agent,
    "email" => email,
    "password" => password,
    "refresh_token" => refresh_token,
    "organization_id" => organization_id,
    "pending_authentication_token" => pending_authentication_token,
    "authentication_challenge_id" => authentication_challenge_id,
    "device_code" => device_code
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/authenticate",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthenticateResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_cors_origin(origin:, request_options: {}) ⇒ WorkOS::CORSOriginResponse

Create a CORS origin

Parameters:

• origin (String) —

  The origin URL to allow for CORS requests.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::CORSOriginResponse)

# File 'lib/workos/user_management.rb', line 473

def create_cors_origin(
  origin:,
  request_options: {}
)
  body = {
    "origin" => origin
  }
  response = @client.request(
    method: :post,
    path: "/user_management/cors_origins",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::CORSOriginResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_device(client_id:, request_options: {}) ⇒ WorkOS::DeviceAuthorizationResponse

Get device authorization URL

Parameters:

• client_id (String) —

  The WorkOS client ID for your application.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::DeviceAuthorizationResponse)

# File 'lib/workos/user_management.rb', line 426

def create_device(
  client_id:,
  request_options: {}
)
  body = {
    "client_id" => client_id
  }
  response = @client.request(
    method: :post,
    path: "/user_management/authorize/device",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::DeviceAuthorizationResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_magic_auth(email:, invitation_token: nil, request_options: {}) ⇒ WorkOS::MagicAuth

Create a Magic Auth code

Parameters:

• email (String) —

  The email address to send the magic code to.

• invitation_token (String, nil) (defaults to: nil) —

  The invitation token to associate with this magic code.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::MagicAuth)

# File 'lib/workos/user_management.rb', line 1190

def create_magic_auth(
  email:,
  invitation_token: nil,
  request_options: {}
)
  body = {
    "email" => email,
    "invitation_token" => invitation_token
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/magic_auth",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::MagicAuth.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_organization_membership(user_id:, organization_id:, role: nil, request_options: {}) ⇒ WorkOS::OrganizationMembership

Create an organization membership

Parameters:

• user_id (String) —

  The ID of the user.

• organization_id (String) —

  The ID of the organization which the user belongs to.

• role (WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple, nil) (defaults to: nil) —

  Identifies the role.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::OrganizationMembership)

# File 'lib/workos/user_management.rb', line 1292

def create_organization_membership(
  user_id:,
  organization_id:,
  role: nil,
  request_options: {}
)
  body = {
    "user_id" => user_id,
    "organization_id" => organization_id
  }
  if role
    case role
    when WorkOS::UserManagement::RoleSingle
      body["role_slug"] = role.role_slug
    when WorkOS::UserManagement::RoleMultiple
      body["role_slugs"] = role.role_slugs
    else
      raise ArgumentError, "expected role to be one of: WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple, got #{role.class}"
    end
  end
  response = @client.request(
    method: :post,
    path: "/user_management/organization_memberships",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::OrganizationMembership.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_redirect_uri(uri:, request_options: {}) ⇒ WorkOS::RedirectUri

Create a redirect URI

Parameters:

• uri (String) —

  The redirect URI to create.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::RedirectUri)

# File 'lib/workos/user_management.rb', line 1435

def create_redirect_uri(
  uri:,
  request_options: {}
)
  body = {
    "uri" => uri
  }
  response = @client.request(
    method: :post,
    path: "/user_management/redirect_uris",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::RedirectUri.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_user(email:, first_name: nil, last_name: nil, email_verified: nil, metadata: nil, external_id: nil, password: nil, request_options: {}) ⇒ WorkOS::User

Create a user

Parameters:

• email (String) —

  The email address of the user.

• first_name (String, nil) (defaults to: nil) —

  The first name of the user.

• last_name (String, nil) (defaults to: nil) —

  The last name of the user.

• email_verified (Boolean, nil) (defaults to: nil) —

  Whether the user's email has been verified.

• metadata (Hash{String => String}, nil) (defaults to: nil) —

  Object containing metadata key/value pairs associated with the user.

• external_id (String, nil) (defaults to: nil) —

  The external ID of the user.

• password (WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed, nil) (defaults to: nil) —

  Identifies the password.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::User)

# File 'lib/workos/user_management.rb', line 645

def create_user(
  email:,
  first_name: nil,
  last_name: nil,
  email_verified: nil,
  metadata: nil,
  external_id: nil,
  password: nil,
  request_options: {}
)
  body = {
    "email" => email,
    "first_name" => first_name,
    "last_name" => last_name,
    "email_verified" => email_verified,
    "metadata" => metadata,
    "external_id" => external_id
  }.compact
  if password
    case password
    when WorkOS::UserManagement::PasswordPlaintext
      body["password"] = password.password
    when WorkOS::UserManagement::PasswordHashed
      body["password_hash"] = password.password_hash
      body["password_hash_type"] = password.password_hash_type
    else
      raise ArgumentError, "expected password to be one of: WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed, got #{password.class}"
    end
  end
  response = @client.request(
    method: :post,
    path: "/user_management/users",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::User.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_user_api_key(user_id:, name:, organization_id:, permissions: nil, request_options: {}) ⇒ WorkOS::UserApiKeyWithValue

Create an API key for a user

Parameters:

• user_id (String) —

  Unique identifier of the user.

• name (String) —

  A descriptive name for the API key.

• organization_id (String) —

  The ID of the organization the user API key is associated with. The user must have an active membership in this organization.

• permissions (Array<String>, nil) (defaults to: nil) —

  The permission slugs to assign to the API key. Each permission must be enabled for user API keys.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserApiKeyWithValue)

# File 'lib/workos/user_management.rb', line 1578

def create_user_api_key(
  user_id:,
  name:,
  organization_id:,
  permissions: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "organization_id" => organization_id,
    "permissions" => permissions
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/users/#{WorkOS::Util.encode_path(user_id)}/api_keys",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::UserApiKeyWithValue.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#deactivate_organization_membership(id:, request_options: {}) ⇒ WorkOS::OrganizationMembership

Deactivate an organization membership

Parameters:

• id (String) —

  The unique ID of the organization membership.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::OrganizationMembership)

# File 'lib/workos/user_management.rb', line 1397

def deactivate_organization_membership(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :put,
    path: "/user_management/organization_memberships/#{WorkOS::Util.encode_path(id)}/deactivate",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::OrganizationMembership.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#delete_organization_membership(id:, request_options: {}) ⇒ void

This method returns an undefined value.

Delete an organization membership

Parameters:

• id (String) —

  The unique ID of the organization membership.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/user_management.rb', line 1380

def delete_organization_membership(
  id:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/user_management/organization_memberships/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#delete_user(id:, request_options: {}) ⇒ void

This method returns an undefined value.

Delete a user

Parameters:

• id (String) —

  The unique ID of the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/user_management.rb', line 784

def delete_user(
  id:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#delete_user_authorized_application(application_id:, user_id:, request_options: {}) ⇒ void

This method returns an undefined value.

Delete an authorized application

Parameters:

• application_id (String) —

  The ID or client ID of the application.

• user_id (String) —

  The ID of the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/user_management.rb', line 1506

def delete_user_authorized_application(
  application_id:,
  user_id:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/user_management/users/#{WorkOS::Util.encode_path(user_id)}/authorized_applications/#{WorkOS::Util.encode_path(application_id)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#find_invitation_by_token(token:, request_options: {}) ⇒ WorkOS::UserInvite

Find an invitation by token

Parameters:

• token (String) —

  The token used to accept the invitation.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserInvite)

# File 'lib/workos/user_management.rb', line 1050

def find_invitation_by_token(
  token:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/invitations/by_token/#{WorkOS::Util.encode_path(token)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::UserInvite.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_authorization_url(redirect_uri:, client_id: nil, provider: nil, connection_id: nil, organization_id: nil, domain_hint: nil, login_hint: nil, state: nil, screen_hint: nil, code_challenge: nil, code_challenge_method: nil, prompt: nil) ⇒ Object

H09 — Build an AuthKit authorization URL (client-side, no HTTP call). Overrides the generated get_authorization_url which hits the API.

Raises:

• (ArgumentError)

# File 'lib/workos/user_management.rb', line 1614

def get_authorization_url(redirect_uri:, client_id: nil, provider: nil, connection_id: nil,
  organization_id: nil, domain_hint: nil, login_hint: nil,
  state: nil, screen_hint: nil, code_challenge: nil,
  code_challenge_method: nil, prompt: nil, **)
  cid = client_id || @client.client_id
  raise ArgumentError, "client_id is required (set on Client or pass explicitly)" if cid.nil? || cid.empty?
  raise ArgumentError, "provider, connection_id, or organization_id required" if provider.nil? && connection_id.nil? && organization_id.nil?
  params = {
    "client_id" => cid,
    "redirect_uri" => redirect_uri,
    "response_type" => "code",
    "provider" => provider,
    "connection_id" => connection_id,
    "organization_id" => organization_id,
    "domain_hint" => domain_hint,
    "login_hint" => login_hint,
    "state" => state,
    "screen_hint" => screen_hint,
    "code_challenge" => code_challenge,
    "code_challenge_method" => code_challenge_method,
    "prompt" => prompt
  }.compact
  build_url("/user_management/authorize", params)
end

#get_authorization_url_with_pkce(redirect_uri:, client_id: nil, **opts) ⇒ Object

H10 — AuthKit authorization URL with auto-generated PKCE + state. Returns [url, code_verifier, state].

# File 'lib/workos/user_management.rb', line 1641

def get_authorization_url_with_pkce(redirect_uri:, client_id: nil, **opts)
  pair = WorkOS::PKCE.generate_pair
  state = opts.delete(:state) || WorkOS::PKCE.generate_code_verifier
  url = get_authorization_url(
    redirect_uri: redirect_uri,
    client_id: client_id,
    state: state,
    code_challenge: pair[:code_challenge],
    code_challenge_method: "S256",
    **opts
  )
  [url, pair[:code_verifier], state]
end

#get_email_verification(id:, request_options: {}) ⇒ WorkOS::EmailVerification

Get an email verification code

Parameters:

• id (String) —

  The ID of the email verification code.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::EmailVerification)

# File 'lib/workos/user_management.rb', line 496

def get_email_verification(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/email_verification/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::EmailVerification.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_invitation(id:, request_options: {}) ⇒ WorkOS::UserInvite

Get an invitation

Parameters:

• id (String) —

  The unique ID of the invitation.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserInvite)

# File 'lib/workos/user_management.rb', line 1069

def get_invitation(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/invitations/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::UserInvite.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_jwks(client_id:, request_options: {}) ⇒ WorkOS::JwksResponse

Get JWKS

Parameters:

• client_id (String) —

  Identifies the application making the request to the WorkOS server. You can obtain your client ID from the API Keys page in the dashboard.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::JwksResponse)

# File 'lib/workos/user_management.rb', line 43

def get_jwks(
  client_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/sso/jwks/#{WorkOS::Util.encode_path(client_id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::JwksResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_jwks_url(client_id: nil) ⇒ Object

@oagen-ignore-start — non-spec helpers (hand-maintained) H13 — Build the JWKS URL for a given client_id (no HTTP call). Pair with #get_jwks (generated) to fetch the keyset.

Raises:

• (ArgumentError)

# File 'lib/workos/user_management.rb', line 1605

def get_jwks_url(client_id: nil)
  cid = client_id || @client.client_id
  raise ArgumentError, "client_id is required" if cid.nil? || cid.empty?
  base = @client.base_url
  URI.join(base, "/sso/jwks/#{WorkOS::Util.encode_path(cid)}").to_s
end

#get_logout_url(session_id:, return_to: nil) ⇒ String

Build the AuthKit logout redirect URL (client-side, no HTTP call).

Parameters:

• session_id (String) —

  The session ID (from the sid claim of the access token).

• return_to (String, nil) (defaults to: nil) —

  URL to redirect the user to after session revocation.

Returns:

• (String)

# File 'lib/workos/user_management.rb', line 1692

def get_logout_url(session_id:, return_to: nil)
  params = {"session_id" => session_id}
  params["return_to"] = return_to if return_to
  build_url("/user_management/sessions/logout", params)
end

#get_magic_auth(id:, request_options: {}) ⇒ WorkOS::MagicAuth

Get Magic Auth code details

Parameters:

• id (String) —

  The unique ID of the Magic Auth code.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::MagicAuth)

# File 'lib/workos/user_management.rb', line 1215

def get_magic_auth(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/magic_auth/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::MagicAuth.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_organization_membership(id:, request_options: {}) ⇒ WorkOS::UserOrganizationMembership

Get an organization membership

Parameters:

• id (String) —

  The unique ID of the organization membership.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserOrganizationMembership)

# File 'lib/workos/user_management.rb', line 1328

def get_organization_membership(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/organization_memberships/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::UserOrganizationMembership.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_password_reset(id:, request_options: {}) ⇒ WorkOS::PasswordReset

Get a password reset token

Parameters:

• id (String) —

  The ID of the password reset token.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::PasswordReset)

# File 'lib/workos/user_management.rb', line 564

def get_password_reset(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/password_reset/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::PasswordReset.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_user(id:, request_options: {}) ⇒ WorkOS::User

Get a user

Parameters:

• id (String) —

  The unique ID of the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::User)

# File 'lib/workos/user_management.rb', line 709

def get_user(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::User.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_user_by_external_id(external_id:, request_options: {}) ⇒ WorkOS::User

Get a user by external ID

Parameters:

• external_id (String) —

  The external ID of the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::User)

# File 'lib/workos/user_management.rb', line 690

def get_user_by_external_id(
  external_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/users/external_id/#{WorkOS::Util.encode_path(external_id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::User.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_user_identities(id:, request_options: {}) ⇒ Array<WorkOS::UserIdentitiesGetItem>

Get user identities

Parameters:

• id (String) —

  The unique ID of the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (Array<WorkOS::UserIdentitiesGetItem>)

# File 'lib/workos/user_management.rb', line 895

def get_user_identities(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/identities",
    auth: true,
    request_options: request_options
  )
  parsed = JSON.parse(response.body)
  (parsed || []).map { |item| WorkOS::UserIdentitiesGetItem.new(item) }
end

#list_invitations(before: nil, after: nil, limit: 10, order: "desc", organization_id: nil, email: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserInvite>

List invitations

Parameters:

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.

• organization_id (String, nil) (defaults to: nil) —

  The ID of the organization that the recipient will join.

• email (String, nil) (defaults to: nil) —

  The email address of the recipient.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::UserInvite>)

# File 'lib/workos/user_management.rb', line 965

def list_invitations(
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  organization_id: nil,
  email: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "organization_id" => organization_id,
    "email" => email
  }.compact
  response = @client.request(
    method: :get,
    path: "/user_management/invitations",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_invitations(
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      organization_id: organization_id,
      email: email,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserInvite,
    filters: {before: before, limit: limit, order: order, organization_id: organization_id, email: email},
    fetch_next: fetch_next
  )
end

#list_jwt_template(request_options: {}) ⇒ WorkOS::JWTTemplateResponse

Get JWT template

Parameters:

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::JWTTemplateResponse)

# File 'lib/workos/user_management.rb', line 1150

def list_jwt_template(request_options: {})
  response = @client.request(
    method: :get,
    path: "/user_management/jwt_template",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::JWTTemplateResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#list_organization_memberships(before: nil, after: nil, limit: 10, order: "desc", organization_id: nil, statuses: nil, user_id: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembership>

List organization memberships

Parameters:

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.

• organization_id (String, nil) (defaults to: nil) —

  The ID of the organization which the user belongs to.

• statuses (Array<WorkOS::Types::UserManagementOrganizationMembershipStatuses>, nil) (defaults to: nil) —

  Filter by the status of the organization membership. Array including any of active, inactive, or pending.

• user_id (String, nil) (defaults to: nil) —

  The ID of the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembership>)

# File 'lib/workos/user_management.rb', line 1240

def list_organization_memberships(
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  organization_id: nil,
  statuses: nil,
  user_id: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "organization_id" => organization_id,
    "statuses" => statuses,
    "user_id" => user_id
  }.compact
  response = @client.request(
    method: :get,
    path: "/user_management/organization_memberships",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_organization_memberships(
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      organization_id: organization_id,
      statuses: statuses,
      user_id: user_id,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserOrganizationMembership,
    filters: {before: before, limit: limit, order: order, organization_id: organization_id, statuses: statuses, user_id: user_id},
    fetch_next: fetch_next
  )
end

#list_sessions(id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserSessionsListItem>

List sessions

Parameters:

• id (String) —

  The ID of the user.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::UserSessionsListItem>)

# File 'lib/workos/user_management.rb', line 917

def list_sessions(
  id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/sessions",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_sessions(
      id: id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserSessionsListItem,
    filters: {id: id, before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_user_api_keys(user_id:, before: nil, after: nil, limit: 10, order: "desc", organization_id: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserApiKey>

List API keys for a user

Parameters:

• user_id (String) —

  Unique identifier of the user.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list.

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list.

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time.

• organization_id (String, nil) (defaults to: nil) —

  The ID of the organization to filter user API keys by. When provided, only API keys created against that organization membership are returned.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::UserApiKey>)

# File 'lib/workos/user_management.rb', line 1529

def list_user_api_keys(
  user_id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  organization_id: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "organization_id" => organization_id
  }.compact
  response = @client.request(
    method: :get,
    path: "/user_management/users/#{WorkOS::Util.encode_path(user_id)}/api_keys",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_user_api_keys(
      user_id: user_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      organization_id: organization_id,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserApiKey,
    filters: {user_id: user_id, before: before, limit: limit, order: order, organization_id: organization_id},
    fetch_next: fetch_next
  )
end

#list_user_authorized_applications(user_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizedConnectApplicationListData>

List authorized applications

Parameters:

• user_id (String) —

  The ID of the user.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::AuthorizedConnectApplicationListData>)

# File 'lib/workos/user_management.rb', line 1462

def list_user_authorized_applications(
  user_id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/user_management/users/#{WorkOS::Util.encode_path(user_id)}/authorized_applications",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_user_authorized_applications(
      user_id: user_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizedConnectApplicationListData,
    filters: {user_id: user_id, before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_users(before: nil, after: nil, limit: 10, order: "desc", organization: nil, organization_id: nil, email: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::User>

List users

Parameters:

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.

• organization (String, nil) (defaults to: nil) —

  (deprecated) Filter users by the organization they are a member of. Deprecated in favor of organization_id.

• organization_id (String, nil) (defaults to: nil) —

  Filter users by the organization they are a member of.

• email (String, nil) (defaults to: nil) —

  Filter users by their email address.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::User>)

# File 'lib/workos/user_management.rb', line 589

def list_users(
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  organization: nil,
  organization_id: nil,
  email: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "organization" => organization,
    "organization_id" => organization_id,
    "email" => email
  }.compact
  response = @client.request(
    method: :get,
    path: "/user_management/users",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_users(
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      organization: organization,
      organization_id: organization_id,
      email: email,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::User,
    filters: {before: before, limit: limit, order: order, organization: organization, organization_id: organization_id, email: email},
    fetch_next: fetch_next
  )
end

#reactivate_organization_membership(id:, request_options: {}) ⇒ WorkOS::UserOrganizationMembership

Reactivate an organization membership

Parameters:

• id (String) —

  The unique ID of the organization membership.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserOrganizationMembership)

# File 'lib/workos/user_management.rb', line 1416

def reactivate_organization_membership(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :put,
    path: "/user_management/organization_memberships/#{WorkOS::Util.encode_path(id)}/reactivate",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::UserOrganizationMembership.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#resend_invitation(id:, locale: nil, request_options: {}) ⇒ WorkOS::UserInvite

Resend an invitation

Parameters:

• id (String) —

  The unique ID of the invitation.

• locale (WorkOS::Types::ResendUserInviteOptionsLocale, nil) (defaults to: nil) —

  The locale to use when rendering the invitation email. See supported locales.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserInvite)

# File 'lib/workos/user_management.rb', line 1108

def resend_invitation(
  id:,
  locale: nil,
  request_options: {}
)
  body = {
    "locale" => locale
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/invitations/#{WorkOS::Util.encode_path(id)}/resend",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::UserInvite.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#reset_password(email:, request_options: {}) ⇒ WorkOS::PasswordReset

Create a password reset token

Parameters:

• email (String) —

  The email address of the user requesting a password reset.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::PasswordReset)

# File 'lib/workos/user_management.rb', line 515

def reset_password(
  email:,
  request_options: {}
)
  body = {
    "email" => email
  }
  response = @client.request(
    method: :post,
    path: "/user_management/password_reset",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::PasswordReset.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#revoke_invitation(id:, request_options: {}) ⇒ WorkOS::Invitation

Revoke an invitation

Parameters:

• id (String) —

  The unique ID of the invitation.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Invitation)

# File 'lib/workos/user_management.rb', line 1132

def revoke_invitation(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :post,
    path: "/user_management/invitations/#{WorkOS::Util.encode_path(id)}/revoke",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Invitation.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#revoke_session(session_id:, return_to: nil, request_options: {}) ⇒ void

This method returns an undefined value.

Revoke Session

Parameters:

• session_id (String) —

  The ID of the session to revoke. This can be extracted from the sid claim of the access token.

• return_to (String, nil) (defaults to: nil) —

  The URL to redirect the user to after session revocation.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/user_management.rb', line 450

def revoke_session(
  session_id:,
  return_to: nil,
  request_options: {}
)
  body = {
    "session_id" => session_id,
    "return_to" => return_to
  }.compact
  @client.request(
    method: :post,
    path: "/user_management/sessions/revoke",
    auth: true,
    body: body,
    request_options: request_options
  )
  nil
end

#send_email_change(id:, new_email:, request_options: {}) ⇒ WorkOS::EmailChange

Send email change code

Parameters:

• id (String) —

  The unique ID of the user.

• new_email (String) —

  The new email address to change to.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::EmailChange)

# File 'lib/workos/user_management.rb', line 827

def send_email_change(
  id:,
  new_email:,
  request_options: {}
)
  body = {
    "new_email" => new_email
  }
  response = @client.request(
    method: :post,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_change/send",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::EmailChange.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#send_invitation(email:, organization_id: nil, role_slug: nil, expires_in_days: nil, inviter_user_id: nil, locale: nil, request_options: {}) ⇒ WorkOS::UserInvite

Send an invitation

Parameters:

• email (String) —

  The email address of the recipient.

• organization_id (String, nil) (defaults to: nil) —

  The ID of the organization that the recipient will join.

• role_slug (String, nil) (defaults to: nil) —

  The role that the recipient will receive when they join the organization in the invitation.

• expires_in_days (Integer, nil) (defaults to: nil) —

  How many days the invitations will be valid for. Must be between 1 and 30 days. Defaults to 7 days if not specified.

• inviter_user_id (String, nil) (defaults to: nil) —

  The ID of the user who invites the recipient. The invitation email will mention the name of this user.

• locale (WorkOS::Types::CreateUserInviteOptionsLocale, nil) (defaults to: nil) —

  The locale to use when rendering the invitation email. See supported locales.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserInvite)

# File 'lib/workos/user_management.rb', line 1017

def send_invitation(
  email:,
  organization_id: nil,
  role_slug: nil,
  expires_in_days: nil,
  inviter_user_id: nil,
  locale: nil,
  request_options: {}
)
  body = {
    "email" => email,
    "organization_id" => organization_id,
    "role_slug" => role_slug,
    "expires_in_days" => expires_in_days,
    "inviter_user_id" => inviter_user_id,
    "locale" => locale
  }.compact
  response = @client.request(
    method: :post,
    path: "/user_management/invitations",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::UserInvite.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#send_verification_email(id:, request_options: {}) ⇒ WorkOS::SendVerificationEmailResponse

Send verification email

Parameters:

• id (String) —

  The ID of the user.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::SendVerificationEmailResponse)

# File 'lib/workos/user_management.rb', line 876

def send_verification_email(
  id:,
  request_options: {}
)
  response = @client.request(
    method: :post,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_verification/send",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::SendVerificationEmailResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_jwt_template(content:, request_options: {}) ⇒ WorkOS::JWTTemplateResponse

Update JWT template

Parameters:

• content (String) —

  The JWT template content as a Liquid template string.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::JWTTemplateResponse)

# File 'lib/workos/user_management.rb', line 1166

def update_jwt_template(
  content:,
  request_options: {}
)
  body = {
    "content" => content
  }
  response = @client.request(
    method: :put,
    path: "/user_management/jwt_template",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::JWTTemplateResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_organization_membership(id:, role: nil, request_options: {}) ⇒ WorkOS::UserOrganizationMembership

Update an organization membership

Parameters:

• id (String) —

  The unique ID of the organization membership.

• role (WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple, nil) (defaults to: nil) —

  Identifies the role.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserOrganizationMembership)

# File 'lib/workos/user_management.rb', line 1348

def update_organization_membership(
  id:,
  role: nil,
  request_options: {}
)
  body = {}
  if role
    case role
    when WorkOS::UserManagement::RoleSingle
      body["role_slug"] = role.role_slug
    when WorkOS::UserManagement::RoleMultiple
      body["role_slugs"] = role.role_slugs
    else
      raise ArgumentError, "expected role to be one of: WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple, got #{role.class}"
    end
  end
  response = @client.request(
    method: :put,
    path: "/user_management/organization_memberships/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::UserOrganizationMembership.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_user(id:, email: nil, first_name: nil, last_name: nil, email_verified: nil, metadata: nil, external_id: nil, locale: nil, password: nil, request_options: {}) ⇒ WorkOS::User

Update a user

Parameters:

• id (String) —

  The unique ID of the user.

• email (String, nil) (defaults to: nil) —

  The email address of the user.

• first_name (String, nil) (defaults to: nil) —

  The first name of the user.

• last_name (String, nil) (defaults to: nil) —

  The last name of the user.

• email_verified (Boolean, nil) (defaults to: nil) —

  Whether the user's email has been verified.

• metadata (Hash{String => String}, nil) (defaults to: nil) —

  Object containing metadata key/value pairs associated with the user.

• external_id (String, nil) (defaults to: nil) —

  The external ID of the user.

• locale (String, nil) (defaults to: nil) —

  The user's preferred locale.

• password (WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed, nil) (defaults to: nil) —

  Identifies the password.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::User)

# File 'lib/workos/user_management.rb', line 736

def update_user(
  id:,
  email: nil,
  first_name: nil,
  last_name: nil,
  email_verified: nil,
  metadata: nil,
  external_id: nil,
  locale: nil,
  password: nil,
  request_options: {}
)
  body = {
    "email" => email,
    "first_name" => first_name,
    "last_name" => last_name,
    "email_verified" => email_verified,
    "metadata" => metadata,
    "external_id" => external_id,
    "locale" => locale
  }.compact
  if password
    case password
    when WorkOS::UserManagement::PasswordPlaintext
      body["password"] = password.password
    when WorkOS::UserManagement::PasswordHashed
      body["password_hash"] = password.password_hash
      body["password_hash_type"] = password.password_hash_type
    else
      raise ArgumentError, "expected password to be one of: WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed, got #{password.class}"
    end
  end
  response = @client.request(
    method: :put,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::User.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#verify_email(id:, code:, request_options: {}) ⇒ WorkOS::VerifyEmailResponse

Verify email

Parameters:

• id (String) —

  The ID of the user.

• code (String) —

  The one-time email verification code.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::VerifyEmailResponse)

# File 'lib/workos/user_management.rb', line 852

def verify_email(
  id:,
  code:,
  request_options: {}
)
  body = {
    "code" => code
  }
  response = @client.request(
    method: :post,
    path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_verification/confirm",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::VerifyEmailResponse.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end