Skip to content

feat(generated)!: regenerate from spec (11 changes)#401

Open
workos-sdk-automation[bot] wants to merge 11 commits into
mainfrom
oagen/spec-update-0e1c039566c6e6c4061925ea050b1bf288163094
Open

feat(generated)!: regenerate from spec (11 changes)#401
workos-sdk-automation[bot] wants to merge 11 commits into
mainfrom
oagen/spec-update-0e1c039566c6e6c4061925ea050b1bf288163094

Conversation

@workos-sdk-automation

@workos-sdk-automation workos-sdk-automation Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

feat(organization_membership)!: Change response for UserManagementOrganizationMembership.list

  • Changed response for UserManagementOrganizationMembership.list.

feat(pipes)!: SDK surface change: Symbol "Pipes.createDataIntegrationToken" was removed

  • SDK surface change: Symbol "Pipes.createDataIntegrationToken" was removed.

feat(user_management)!: Change response for UserManagementInvitations.list

  • Changed response for UserManagementInvitations.list.

feat(authorization): Add authorization operations and models

  • Added model ReplaceGroupRoleAssignmentEntry.
  • Added model ReplaceGroupRoleAssignments.
  • Added model DeleteGroupRoleAssignmentsByCriteria.
  • Added endpoint POST /authorization/groups/{group_id}/role_assignments.
  • Added endpoint PUT /authorization/groups/{group_id}/role_assignments.
  • Added endpoint DELETE /authorization/groups/{group_id}/role_assignments.
  • Added endpoint GET /authorization/groups/{group_id}/role_assignments/{role_assignment_id}.
  • Added endpoint DELETE /authorization/groups/{group_id}/role_assignments/{role_assignment_id}.

feat(client): Add client API surface

  • Added model ClientApiToken.
  • Added model ClientApiTokenResponse.
  • Added service Client.

feat(connect): Add Connect API surface

  • Added auth_method to ConnectedAccount.
  • Added api_key_last_4 to ConnectedAccount.
  • Added enum ConnectedAccountAuthMethod.

feat(groups): Add groups API surface

  • Added model CreateGroupRoleAssignment.
  • Added model GroupRoleAssignment.
  • Added model GroupRoleAssignmentList.
  • Added model GroupRoleAssignmentResource.

feat(organization_membership): Add organization membership API surface

  • Added model UserOrganizationMembershipList.
  • Added model UserOrganizationMembershipListListMetadata.

feat(pipes): Add Pipes API surface

  • Added model DataIntegrationCredentials.
  • Added model DataIntegrationConfigurationResponse.
  • Added model DataIntegrationConfigurationListResponse.
  • Added model ConfigureDataIntegrationBody.
  • Added auth_methods to DataIntegrationsListResponseData.
  • Added auth_method to DataIntegrationsListResponseDataConnectedAccount.
  • Added api_key_last_4 to DataIntegrationsListResponseDataConnectedAccount.
  • Added enum DataIntegrationCredentialsCredentialsType.
  • Added enum DataIntegrationsListResponseDataAuthMethods.
  • Added enum DataIntegrationsListResponseDataConnectedAccountAuthMethod.
  • Added service PipesProvider.

feat(user_management): Update user management API surface

  • Added model UserInviteList.
  • Added model UserInviteListListMetadata.
  • Made AuthorizationCodeSessionAuthenticateRequest.client_secret optional.
  • Made RefreshTokenSessionAuthenticateRequest.client_secret optional.

feat(widgets): Add widgets:pipes:manage to WidgetSessionTokenScopes

  • Added widgets:pipes:manage to WidgetSessionTokenScopes.

Triggered by workos/openapi-spec@0e1c039

BEGIN_COMMIT_OVERRIDE
feat(organization_membership)!: Change response for UserManagementOrganizationMembership.list (#401)
feat(pipes)!: SDK surface change: Symbol "Pipes.createDataIntegrationToken" was removed (#401)
feat(user_management)!: Change response for UserManagementInvitations.list (#401)
feat(authorization): Add authorization operations and models (#401)
feat(client): Add client API surface (#401)
feat(connect): Add Connect API surface (#401)
feat(groups): Add groups API surface (#401)
feat(organization_membership): Add organization membership API surface (#401)
feat(pipes): Add Pipes API surface (#401)
feat(user_management): Update user management API surface (#401)
feat(widgets): Add widgets:pipes:manage to WidgetSessionTokenScopes (#401)
END_COMMIT_OVERRIDE

@workos-sdk-automation workos-sdk-automation Bot added the autogenerated Autogenerated code or content label Jun 17, 2026
@workos-sdk-automation workos-sdk-automation Bot requested review from a team as code owners June 17, 2026 20:56
@greptile-apps

greptile-apps Bot commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This is an auto-generated SDK regeneration adding several new API surfaces (group role assignments, client token generation, pipes provider configuration, connect auth methods) and making client_secret optional on both session authenticate request types.

  • New services: ClientApi (POST /client/token), PipesProvider (list/update org data-integration configs), and six group role assignment operations on Authorization (list, create, replace-all, delete-by-criteria, get, delete-by-id).
  • Breaking renames: Pipes::createDataIntegrationTokengetAccessToken, parameter $slug$provider; UserManagement doc comment updates (environment → application).
  • Model additions: GroupRoleAssignment, GroupRoleAssignmentList, DataIntegrationCredentials, DataIntegrationConfigurationResponse/List, ClientApiToken/Response, ConnectedAccountAuthMethod enum, plus optional authMethod/apiKeyLast4 fields on ConnectedAccount and DataIntegrationsListResponseDataConnectedAccount.

Confidence Score: 4/5

Safe to merge after adding the missing group_role_assignment_list.json fixture; all other new code is well-structured and follows existing patterns.

The new service methods, resource models, and fixtures are consistent with the existing codebase patterns. The one concrete gap is testUpdateGroupRoleAssignments loading a fixture file that does not exist, causing that test to be silently skipped and leaving the PUT replace-all endpoint without coverage.

tests/Service/AuthorizationTest.php — the missing group_role_assignment_list.json fixture silently skips the updateGroupRoleAssignments test case.

Important Files Changed

Filename Overview
tests/Service/AuthorizationTest.php Adds six new group role assignment tests; testUpdateGroupRoleAssignments references a missing fixture (group_role_assignment_list.json) and will be silently skipped in CI.
lib/Service/Authorization.php Adds five group role assignment CRUD methods (list/create/update/delete/get) with correct path encoding and request dispatch.
lib/Service/PipesProvider.php New service exposing list and update endpoints for organization data-integration configurations; array_filter correctly preserves false/empty values.
lib/Service/ClientApi.php New service with a single createToken method posting to client/token; straightforward and complete.
lib/Resource/AuthorizationCodeSessionAuthenticateRequest.php Makes client_secret optional (nullable) to support public clients using PKCE; null value is serialized as null in toArray(), consistent with all other optional fields in the codebase.
lib/Resource/GroupRoleAssignment.php New read-only resource for group role assignments with DateTimeImmutable parsing and correct toArray serialization.
lib/Resource/DataIntegrationConfigurationResponse.php New resource for data integration configuration; correctly handles optional credentials sub-object via DataIntegrationCredentials::fromArray.
lib/WorkOS.php Registers ClientApi and PipesProvider as lazily-initialised services following the existing accessor pattern.
lib/Service/Pipes.php Renames createDataIntegrationToken to getAccessToken and its parameter slug to provider; a breaking change documented in the PR description.

Sequence Diagram

 
%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant Client as SDK Client
    participant Auth as Authorization Service
    participant ClientApi as ClientApi Service
    participant PipesProv as PipesProvider Service
    participant Pipes as Pipes Service
    participant API as WorkOS API

    Client->>Auth: listGroupRoleAssignments(groupId)
    Auth->>API: "GET /authorization/groups/{id}/role_assignments"
    API-->>Auth: PaginatedResponse GroupRoleAssignment

    Client->>Auth: createGroupRoleAssignment(groupId, roleSlug)
    Auth->>API: "POST /authorization/groups/{id}/role_assignments"
    API-->>Auth: GroupRoleAssignment

    Client->>Auth: updateGroupRoleAssignments(groupId, roleAssignments[])
    Auth->>API: "PUT /authorization/groups/{id}/role_assignments"
    API-->>Auth: GroupRoleAssignmentList

    Client->>Auth: deleteGroupRoleAssignments(groupId, roleSlug)
    Auth->>API: "DELETE /authorization/groups/{id}/role_assignments"

    Client->>Auth: getGroupRoleAssignment(groupId, roleAssignmentId)
    Auth->>API: "GET /authorization/groups/{id}/role_assignments/{rid}"
    API-->>Auth: GroupRoleAssignment

    Client->>Auth: deleteGroupRoleAssignment(groupId, roleAssignmentId)
    Auth->>API: "DELETE /authorization/groups/{id}/role_assignments/{rid}"

    Client->>ClientApi: createToken(organizationId, userId)
    ClientApi->>API: POST /client/token
    API-->>ClientApi: ClientApiTokenResponse

    Client->>PipesProv: listOrganizationDataIntegrationConfigurations(orgId)
    PipesProv->>API: "GET /organizations/{id}/data_integration_configurations"
    API-->>PipesProv: DataIntegrationConfigurationListResponse

    Client->>PipesProv: updateOrganizationDataIntegrationConfiguration(orgId, slug)
    PipesProv->>API: "PUT /organizations/{id}/data_integration_configurations/{slug}"
    API-->>PipesProv: DataIntegrationConfigurationResponse

    Client->>Pipes: getAccessToken(provider, userId)
    Pipes->>API: "POST /data-integrations/{provider}/token"
    API-->>Pipes: DataIntegrationAccessTokenResponse
Loading 
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant Client as SDK Client
    participant Auth as Authorization Service
    participant ClientApi as ClientApi Service
    participant PipesProv as PipesProvider Service
    participant Pipes as Pipes Service
    participant API as WorkOS API

    Client->>Auth: listGroupRoleAssignments(groupId)
    Auth->>API: "GET /authorization/groups/{id}/role_assignments"
    API-->>Auth: PaginatedResponse GroupRoleAssignment

    Client->>Auth: createGroupRoleAssignment(groupId, roleSlug)
    Auth->>API: "POST /authorization/groups/{id}/role_assignments"
    API-->>Auth: GroupRoleAssignment

    Client->>Auth: updateGroupRoleAssignments(groupId, roleAssignments[])
    Auth->>API: "PUT /authorization/groups/{id}/role_assignments"
    API-->>Auth: GroupRoleAssignmentList

    Client->>Auth: deleteGroupRoleAssignments(groupId, roleSlug)
    Auth->>API: "DELETE /authorization/groups/{id}/role_assignments"

    Client->>Auth: getGroupRoleAssignment(groupId, roleAssignmentId)
    Auth->>API: "GET /authorization/groups/{id}/role_assignments/{rid}"
    API-->>Auth: GroupRoleAssignment

    Client->>Auth: deleteGroupRoleAssignment(groupId, roleAssignmentId)
    Auth->>API: "DELETE /authorization/groups/{id}/role_assignments/{rid}"

    Client->>ClientApi: createToken(organizationId, userId)
    ClientApi->>API: POST /client/token
    API-->>ClientApi: ClientApiTokenResponse

    Client->>PipesProv: listOrganizationDataIntegrationConfigurations(orgId)
    PipesProv->>API: "GET /organizations/{id}/data_integration_configurations"
    API-->>PipesProv: DataIntegrationConfigurationListResponse

    Client->>PipesProv: updateOrganizationDataIntegrationConfiguration(orgId, slug)
    PipesProv->>API: "PUT /organizations/{id}/data_integration_configurations/{slug}"
    API-->>PipesProv: DataIntegrationConfigurationResponse

    Client->>Pipes: getAccessToken(provider, userId)
    Pipes->>API: "POST /data-integrations/{provider}/token"
    API-->>Pipes: DataIntegrationAccessTokenResponse
Loading

Reviews (1): Last reviewed commit: "chore(generated): add release notes frag..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed Jun 17, 2026
View reviewed changes
Comment thread tests/Service/AuthorizationTest.php
Comment on lines +45 to +56
$this->assertSame('test_value', $body['role_slug']);
}

public function testUpdateGroupRoleAssignments(): void
{
$fixture = $this->loadFixture('group_role_assignment_list');
$client = $this->createMockClient([['status' => 200, 'body' => $fixture]]);
$result = $client->authorization()->updateGroupRoleAssignments('test_group_id', roleAssignments: []);
$this->assertInstanceOf(\WorkOS\Resource\GroupRoleAssignmentList::class, $result);
$this->assertIsArray($result->toArray());
$request = $this->getLastRequest();
$this->assertSame('PUT', $request->getMethod());

@greptile-apps greptile-apps Bot Jun 17, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Missing fixture causes test to be silently skipped

loadFixture('group_role_assignment_list') looks for tests/Fixtures/group_role_assignment_list.json, which does not exist in the repository. The TestHelper::loadFixture implementation calls markTestSkipped() when the file is absent, so testUpdateGroupRoleAssignments will silently pass in CI as a skipped test rather than a failure, leaving the PUT /authorization/groups/{group_id}/role_assignments endpoint with no real coverage.

The existing fixture list_group_role_assignment.json has the correct shape (object, data[], list_metadata) but carries the wrong name for this call site. A new fixture group_role_assignment_list.json (with object, data, and list_metadata keys matching GroupRoleAssignmentList::fromArray) needs to be added.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@gjtorikian gjtorikian Awaiting requested review from gjtorikian gjtorikian is a code owner automatically assigned from workos/php

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

autogenerated Autogenerated code or content

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants