workos

package module
v7.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2026 License: MIT Imports: 23 Imported by: 0

README

WorkOS Go Library

Go Reference

The WorkOS Go library provides a flat, root-level workos package for applications written in Go.

Installation

go get github.com/workos/workos-go/v7

Usage

package main

import (
	"context"
	"log"

	"github.com/workos/workos-go/v7"
)

func main() {
	client := workos.NewClient(
		"<WORKOS_API_KEY>",
		workos.WithClientID("<WORKOS_CLIENT_ID>"),
	)

	organization, err := client.Organizations().Get(context.Background(), "org_123")
	if err != nil {
		log.Fatal(err)
	}

	_ = organization
}

Services

All API resources are accessed through service accessors on the Client:

Accessor Description
APIKeys() Organization API key management
AdminPortal() Admin Portal link generation
AuditLogs() Audit log events and retention
Authorization() Fine-grained authorization (FGA) and RBAC
Connect() Connect application management
DirectorySync() Directory Sync (directories, users, groups)
Events() Event stream
FeatureFlags() Feature flag management and evaluation
MultiFactorAuth() Multi-factor authentication challenges
OrganizationDomains() Organization domain verification
Organizations() Organization CRUD
Passwordless() Passwordless authentication sessions
Pipes() Data integration pipes
Radar() Radar list management
SSO() Single Sign-On connections and profiles
UserManagement() Users, invitations, auth methods
Vault() Key-value storage and client-side encryption
Webhooks() Webhook event construction and verification
Widgets() Widget token generation

Error Handling

The SDK returns typed errors that can be inspected with errors.Is and errors.As:

Type HTTP Status Description
AuthenticationError 401 Invalid or missing API key
NotFoundError 404 Requested resource does not exist
UnprocessableEntityError 422 Validation errors
RateLimitExceededError 429 Rate limit exceeded (auto-retried)
ServerError 5xx WorkOS server error (auto-retried)
NetworkError - Connection failure 
result, err := client.Organizations().Get(ctx, "org_123")
if err != nil {
	var notFound *workos.NotFoundError
	if errors.As(err, &notFound) {
		log.Printf("Organization not found: %s", notFound.Message)
	}
}

Pagination

List endpoints return an Iterator[T] for auto-pagination:

iter := client.UserManagement().List(ctx, &workos.UserManagementListParams{})
for iter.Next() {
	user := iter.Current()
	fmt.Println(user.Email)
}
if err := iter.Err(); err != nil {
	log.Fatal(err)
}

Webhook Verification

Verify incoming webhook payloads and construct typed events:

v := workos.NewWebhookVerifier(secret)

payload, err := v.VerifyPayload(sigHeader, rawBody)
if err != nil {
	log.Fatal("invalid webhook signature")
}

event, err := v.ConstructEvent(sigHeader, rawBody)
if err != nil {
	log.Fatal(err)
}
fmt.Println(event.Event, event.ID)

Session Management

Authenticate and refresh user sessions using sealed cookies:

session := workos.NewSession(client, sealedCookie, cookiePassword)

result, err := session.Authenticate()
if result.Authenticated {
	fmt.Println("User:", result.User)
	fmt.Println("Org:", result.OrganizationID)
}

refreshed, err := session.Refresh(ctx)
if refreshed.Authenticated {
	// Set refreshed.SealedSession as the new cookie value
}

Vault

Store and retrieve encrypted key-value data with client-side encryption:

// KV operations
obj, _ := client.Vault().CreateObject(ctx, &workos.VaultCreateObjectParams{
	Name: "api-token", Value: "secret-value",
})
read, _ := client.Vault().ReadObject(ctx, obj.ID)

// Client-side encryption (AES-256-GCM)
encrypted, _ := client.Vault().Encrypt(ctx, "sensitive data", keyContext, "")
decrypted, _ := client.Vault().Decrypt(ctx, encrypted.EncryptedData, "")

Request Options

Customize individual requests with functional options:

result, err := client.Organizations().Get(ctx, "org_123",
	workos.WithTimeout(5 * time.Second),
	workos.WithIdempotencyKey("unique-key"),
	workos.WithExtraHeaders(http.Header{"X-Custom": {"value"}}),
)

AuthKit / SSO Helpers

Build authorization URLs client-side without making HTTP requests:

// AuthKit with PKCE
result, err := client.GetAuthKitPKCEAuthorizationURL(workos.AuthKitAuthorizationURLParams{
	RedirectURI: "https://example.com/callback",
})
fmt.Println(result.URL)          // redirect the user here
fmt.Println(result.CodeVerifier) // store securely for token exchange

// SSO authorization
url, err := client.GetSSOAuthorizationURL(workos.SSOAuthorizationURLParams{
	RedirectURI: "https://example.com/sso/callback",
	ConnectionID: &connID,
})

Package Layout

This SDK is a Go library, so it uses a flat package layout at the module root rather than an application-style project layout.

  • The public API lives in the root workos package.
  • Tests are colocated in *_test.go files, which is idiomatic for Go libraries.
  • Request and response fixtures live in testdata/.

Import the root package:

import "github.com/workos/workos-go/v7"

Documentation

Overview

Package workos provides a Go client for the WorkOS API.

Create a client with your API key and optional client ID: 

client := workos.NewClient(
	"sk_...",
	workos.WithClientID("client_..."),
)

All API resources are accessed through service accessors on the Client. For example, to list organizations: 

iter := client.Organizations().List(ctx, &workos.OrganizationsListParams{})
for iter.Next() {
	org := iter.Current()
	fmt.Println(org.Name)
}

Services

The SDK exposes the following service groups:

  • UserManagement: Users, authentication, invitations, organization memberships
  • SSO: Single Sign-On connections, profiles, and SAML configuration
  • Organizations: Organization CRUD and domain verification
  • DirectorySync: Directory users, groups, and sync management
  • Authorization: Fine-grained authorization (FGA) and RBAC
  • AuditLogs: Audit log events and retention policies
  • Vault: Encrypted key-value storage and client-side encryption
  • Webhooks: Event construction and signature verification
  • AdminPortal: Portal link generation
  • Connect: Connect application management (OAuth & M2M)
  • Events: Event stream
  • FeatureFlags: Feature flag management and evaluation
  • MultiFactorAuth: MFA challenges and verification
  • Passwordless: Passwordless authentication sessions
  • Radar: Radar list management
  • Widgets: Widget token generation

Authentication

Pass your API key as the first argument to NewClient. For operations that require a client ID (SSO, AuthKit, UserManagement auth flows), use WithClientID.

Error Handling

API errors are returned as typed error values. Use errors.As to inspect them: 

var notFound *workos.NotFoundError
if errors.As(err, &notFound) {
	log.Printf("Resource not found: %s", notFound.Message)
}

Error types: AuthenticationError (401), NotFoundError (404), UnprocessableEntityError (422), RateLimitExceededError (429), ServerError (5xx), NetworkError (connection failures).

Pagination

List endpoints return an Iterator[T] that handles page fetching automatically. Call Next() to advance, Current() to read the item, and Err() to check for errors after iteration.

Retry

The client automatically retries on 429 and 5xx status codes with exponential backoff and jitter. The Retry-After header is respected when present.

Package workos provides a Go client for the WorkOS API.

Index

Examples

Constants

View Source 
const (
	EmailVerificationRequiredCode                 = "email_verification_required"
	MFAEnrollmentCode                             = "mfa_enrollment"
	MFAChallengeCode                              = "mfa_challenge"
	OrganizationSelectionRequiredCode             = "organization_selection_required"
	SSORequiredCode                               = "sso_required"
	OrganizationAuthenticationMethodsRequiredCode = "organization_authentication_methods_required"
)

Authentication error code constants.

View Source 
const (
	// Version represents the SDK version number.
	Version = "v7.0.0" // x-release-please-version
)

Variables

View Source 
var (
	ErrWebhookInvalidHeader    = errors.New("workos: invalid webhook signature header")
	ErrWebhookNoValidSignature = errors.New("workos: no valid signature found")
	ErrWebhookNotSigned        = errors.New("workos: webhook not signed")
	ErrWebhookInvalidTimestamp = errors.New("workos: invalid timestamp in signature header")
	ErrWebhookOutsideTolerance = errors.New("workos: timestamp outside tolerance")
)

Sentinel errors for webhook verification.

Functions

func Bool 

func Bool(b bool) *bool

Bool returns a pointer to b.

func ComputeWebhookSignature 

func ComputeWebhookSignature(secret string, timestamp string, body string) string

ComputeWebhookSignature computes the HMAC-SHA256 signature for a webhook payload.

func GenerateCodeChallenge 

func GenerateCodeChallenge(verifier string) string

GenerateCodeChallenge computes the S256 code challenge for a given verifier.

func GenerateCodeVerifier 

func GenerateCodeVerifier(length ...int) (string, error)

GenerateCodeVerifier generates a cryptographically random PKCE code verifier. Length must be between 43 and 128 characters (default 43).

func GetJWKSURL 

func GetJWKSURL(baseURL string, clientID string) string

GetJWKSURL builds the JWKS URL for a given client ID.

func Int 

func Int(i int) *int

Int returns a pointer to i.

func LocalDecrypt 

func LocalDecrypt(encryptedData string, dataKey DataKey, associatedData string) (string, error)

LocalDecrypt decrypts data with AES-256-GCM using a pre-fetched data key.

func LocalEncrypt 

func LocalEncrypt(data string, keyPair DataKeyPair, associatedData string) (string, error)

LocalEncrypt encrypts data with AES-256-GCM using a pre-fetched data key pair.

Wire format (before base64): LEB128(len(encryptedKeys)) || encryptedKeys || nonce(12) || ciphertext+tag

func ParseWebhookSignatureHeader 

func ParseWebhookSignatureHeader(header string) (timestamp string, signature string, err error)

ParseWebhookSignatureHeader parses the "t=..., v1=..." header into timestamp and signature.

func Ptr 

func Ptr[T any](v T) *T

Ptr returns a pointer to v. Use this to pass literal values where the SDK expects a pointer to an optional field.

func Seal 

func Seal[T any](data T, password string) (string, error)

Seal encrypts data of any JSON-serializable type using AES-256-GCM. The password should be a hex-encoded 32-byte key. If the password is not valid hex or not the right length, it is hashed with SHA-256 to derive a key. Returns a base64-encoded sealed string.

func SealData 

func SealData(data map[string]interface{}, password string) (string, error)

SealData encrypts data using AES-256-GCM with the provided password. Deprecated: Use Seal instead.

func SealSession 

func SealSession(data *SessionData, password string) (string, error)

SealSession encrypts a SessionData struct using AES-256-GCM. Returns a base64-encoded sealed string suitable for use as a session cookie.

func SealSessionFromAuthResponse 

func SealSessionFromAuthResponse(accessToken string, refreshToken string, user *User, impersonator *AuthenticateResponseImpersonator, cookiePassword string) (string, error)

SealSessionFromAuthResponse creates a sealed session cookie from an authentication response.

func String 

func String(s string) *string

String returns a pointer to s.

func Unseal 

func Unseal[T any](sealed, password string) (T, error)

Unseal decrypts a sealed string back to the original typed data.

func UnsealData 

func UnsealData(sealed string, password string) (map[string]interface{}, error)

UnsealData decrypts a sealed string back to the original data. Deprecated: Use Unseal instead.

Types

type APIError 

type APIError struct {
	StatusCode int    `json:"-"`
	RequestID  string `json:"-"`
	RetryAfter int    `json:"-"`
	RawBody    string `json:"-"`

	// Code is the error code from responses using the {"code": ..., "message": ...} format.
	Code string `json:"code"`
	// Message is the human-readable error message.
	Message string `json:"message"`
	// ErrorCode is the error identifier from responses using the {"error": ..., "error_description": ...} format (e.g. "invalid_client", "sso_required").
	ErrorCode string `json:"error"`
	// ErrorDescription is the human-readable description from OAuth-style error responses.
	ErrorDescription string `json:"error_description"`
	// Errors is a list of error strings returned by the API.
	Errors []string `json:"errors,omitempty"`
	// FieldErrors is a list of field-level validation errors.
	FieldErrors []FieldError `json:"-"`

	// PendingAuthenticationToken is a token for continuing an authentication flow that requires additional steps.
	PendingAuthenticationToken string `json:"pending_authentication_token,omitempty"`
	// EmailVerificationID is the ID of the pending email verification.
	EmailVerificationID string `json:"email_verification_id,omitempty"`
}

APIError represents an error returned by the WorkOS API.

func (*APIError) Error 

func (e *APIError) Error() string

type APIKey 

type APIKey struct {
	// Object distinguishes the API Key object.
	Object string `json:"object"`
	// ID is unique identifier of the API Key.
	ID string `json:"id"`
	// Owner is the entity that owns the API Key.
	Owner *APIKeyOwner `json:"owner"`
	// Name is a descriptive name for the API Key.
	Name string `json:"name"`
	// ObfuscatedValue is an obfuscated representation of the API Key value.
	ObfuscatedValue string `json:"obfuscated_value"`
	// LastUsedAt is timestamp of when the API Key was last used.
	LastUsedAt *string `json:"last_used_at"`
	// Permissions is the permission slugs assigned to the API Key.
	Permissions []string `json:"permissions"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

APIKey the API Key object if the value is valid, or `null` if invalid.

type APIKeyCreated 

type APIKeyCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *APIKeyCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

APIKeyCreated represents an api key created.

type APIKeyCreatedData 

type APIKeyCreatedData struct {
	// Object distinguishes the API key object.
	Object string `json:"object"`
	// ID is unique identifier of the API key.
	ID string `json:"id"`
	// Owner is the owner of the API key.
	Owner *APIKeyCreatedDataOwner `json:"owner"`
	// Name is the name of the API key.
	Name string `json:"name"`
	// ObfuscatedValue is the obfuscated value of the API key.
	ObfuscatedValue string `json:"obfuscated_value"`
	// LastUsedAt is the timestamp when the API key was last used.
	LastUsedAt *string `json:"last_used_at"`
	// Permissions is the permissions granted to the API key.
	Permissions []string `json:"permissions"`
	// CreatedAt is the timestamp when the API key was created.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is the timestamp when the API key was last updated.
	UpdatedAt string `json:"updated_at"`
}

APIKeyCreatedData the event payload.

type APIKeyCreatedDataOwner 

type APIKeyCreatedDataOwner struct {
	// Type is the type of the API key owner.
	Type string `json:"type"`
	// ID is the unique identifier of the API key owner.
	ID string `json:"id"`
}

APIKeyCreatedDataOwner the owner of the API key.

type APIKeyOwner 

type APIKeyOwner = APIKeyCreatedDataOwner

APIKeyOwner is an alias for APIKeyCreatedDataOwner.

type APIKeyRevoked 

type APIKeyRevoked struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *APIKeyRevokedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

APIKeyRevoked represents an api key revoked.

type APIKeyRevokedData 

type APIKeyRevokedData struct {
	// Object distinguishes the API key object.
	Object string `json:"object"`
	// ID is unique identifier of the API key.
	ID string `json:"id"`
	// Owner is the owner of the API key.
	Owner *APIKeyRevokedDataOwner `json:"owner"`
	// Name is the name of the API key.
	Name string `json:"name"`
	// ObfuscatedValue is the obfuscated value of the API key.
	ObfuscatedValue string `json:"obfuscated_value"`
	// LastUsedAt is the timestamp when the API key was last used.
	LastUsedAt *string `json:"last_used_at"`
	// Permissions is the permissions granted to the API key.
	Permissions []string `json:"permissions"`
	// CreatedAt is the timestamp when the API key was created.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is the timestamp when the API key was last updated.
	UpdatedAt string `json:"updated_at"`
}

APIKeyRevokedData the event payload.

type APIKeyRevokedDataOwner 

type APIKeyRevokedDataOwner = APIKeyCreatedDataOwner

APIKeyRevokedDataOwner is an alias for APIKeyCreatedDataOwner.

type APIKeyService 

type APIKeyService struct {
	// contains filtered or unexported fields
}

APIKeyService handles ApiKeys operations.

func (*APIKeyService) CreateOrganizationAPIKey 

func (s *APIKeyService) CreateOrganizationAPIKey(ctx context.Context, organizationID string, params *APIKeysCreateOrganizationAPIKeyParams, opts ...RequestOption) (*APIKeyWithValue, error)

CreateOrganizationAPIKey create an API key for an organization Create a new API key for an organization.

func (*APIKeyService) CreateValidation 

func (s *APIKeyService) CreateValidation(ctx context.Context, params *APIKeysCreateValidationParams, opts ...RequestOption) (*APIKeyValidationResponse, error)

CreateValidation validate API key Validate an API key value and return the API key object if valid.

func (*APIKeyService) Delete 

func (s *APIKeyService) Delete(ctx context.Context, id string, opts ...RequestOption) error

Delete an API key Permanently deletes an API key. This action cannot be undone. Once deleted, any requests using this API key will fail authentication.

func (*APIKeyService) ListOrganizationAPIKeys 

func (s *APIKeyService) ListOrganizationAPIKeys(ctx context.Context, organizationID string, params *APIKeysListOrganizationAPIKeysParams, opts ...RequestOption) *Iterator[APIKey]

ListOrganizationAPIKeys list API keys for an organization Get a list of all API keys for an organization.

type APIKeyValidationResponse 

type APIKeyValidationResponse struct {
	APIKey *APIKey `json:"api_key"`
}

APIKeyValidationResponse represents an api key validation response.

type APIKeyWithValue 

type APIKeyWithValue struct {
	// Object distinguishes the API Key object.
	Object string `json:"object"`
	// ID is unique identifier of the API Key.
	ID string `json:"id"`
	// Owner is the entity that owns the API Key.
	Owner *APIKeyWithValueOwner `json:"owner"`
	// Name is a descriptive name for the API Key.
	Name string `json:"name"`
	// ObfuscatedValue is an obfuscated representation of the API Key value.
	ObfuscatedValue string `json:"obfuscated_value"`
	// LastUsedAt is timestamp of when the API Key was last used.
	LastUsedAt *string `json:"last_used_at"`
	// Permissions is the permission slugs assigned to the API Key.
	Permissions []string `json:"permissions"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// Value is the full API Key value. Only returned once at creation time.
	Value string `json:"value"`
}

APIKeyWithValue represents an api key with value.

type APIKeyWithValueOwner 

type APIKeyWithValueOwner = APIKeyCreatedDataOwner

APIKeyWithValueOwner is an alias for APIKeyCreatedDataOwner.

type APIKeysCreateOrganizationAPIKeyParams 

type APIKeysCreateOrganizationAPIKeyParams struct {
	// Name is the name for the API key.
	Name string `json:"name"`
	// Permissions is the permission slugs to assign to the API key.
	Permissions []string `json:"permissions,omitempty"`
}

APIKeysCreateOrganizationAPIKeyParams contains the parameters for CreateOrganizationAPIKey.

type APIKeysCreateValidationParams 

type APIKeysCreateValidationParams struct {
	// Value is the value for an API key.
	Value string `json:"value"`
}

APIKeysCreateValidationParams contains the parameters for CreateValidation.

type APIKeysListOrganizationAPIKeysParams 

type APIKeysListOrganizationAPIKeysParams struct {
	PaginationParams
}

APIKeysListOrganizationAPIKeysParams contains the parameters for ListOrganizationAPIKeys.

type ActionAuthenticationDenied 

type ActionAuthenticationDenied struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data    *ActionAuthenticationDeniedData `json:"data"`
	Context *EventContext                   `json:"context,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

ActionAuthenticationDenied represents an action authentication denied.

type ActionAuthenticationDeniedData 

type ActionAuthenticationDeniedData struct {
	// ActionEndpointID is the ID of the action endpoint.
	ActionEndpointID string `json:"action_endpoint_id"`
	// ActionExecutionID is the ID of the action execution.
	ActionExecutionID string `json:"action_execution_id"`
	// Type is the type of action that was denied.
	Type string `json:"type"`
	// Verdict is the verdict of the action.
	Verdict string `json:"verdict"`
	// UserID is the ID of the user.
	UserID string `json:"user_id"`
	// OrganizationID is the ID of the organization.
	OrganizationID *string `json:"organization_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
}

ActionAuthenticationDeniedData the event payload.

type ActionSignedResponse 

type ActionSignedResponse struct {
	// Payload is the base64-encoded JSON response body.
	Payload string `json:"payload"`
	// Sig is the signature header in the form "t=<timestamp>,v1=<hex>".
	Sig string `json:"sig"`
}

ActionSignedResponse is the result of signing an action response. Send Payload and Sig back to WorkOS as the action webhook response body.

type ActionType 

type ActionType string

ActionType represents the type of an AuthKit Action. 

const (
	ActionTypeAuthentication   ActionType = "authentication"
	ActionTypeUserRegistration ActionType = "user_registration"
)

type ActionUserRegistrationDenied 

type ActionUserRegistrationDenied struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data    *ActionUserRegistrationDeniedData `json:"data"`
	Context *EventContext                     `json:"context,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

ActionUserRegistrationDenied represents an action user registration denied.

type ActionUserRegistrationDeniedData 

type ActionUserRegistrationDeniedData struct {
	// ActionEndpointID is the ID of the action endpoint.
	ActionEndpointID string `json:"action_endpoint_id"`
	// ActionExecutionID is the ID of the action execution.
	ActionExecutionID string `json:"action_execution_id"`
	// Type is the type of action that was denied.
	Type string `json:"type"`
	// Verdict is the verdict of the action.
	Verdict string `json:"verdict"`
	// OrganizationID is the ID of the organization.
	OrganizationID *string `json:"organization_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
}

ActionUserRegistrationDeniedData the event payload.

type ActionVerdict 

type ActionVerdict string

ActionVerdict represents the verdict for an action response. 

const (
	ActionVerdictAllow ActionVerdict = "Allow"
	ActionVerdictDeny  ActionVerdict = "Deny"
)

type ActionsHelper 

type ActionsHelper struct {
	// contains filtered or unexported fields
}

ActionsHelper provides helpers for AuthKit Actions request verification and response signing.

func NewActionsHelper 

func NewActionsHelper() *ActionsHelper

NewActionsHelper creates a new ActionsHelper.

func (*ActionsHelper) ConstructAction 

func (a *ActionsHelper) ConstructAction(payload string, sigHeader string, secret string) (*EventSchema, error)

ConstructAction verifies and deserializes an Actions request into the standard WorkOS event envelope. Callers can inspect Event/Data to dispatch on action type.

func (*ActionsHelper) SignResponse 

func (a *ActionsHelper) SignResponse(actionType ActionType, verdict ActionVerdict, errorMessage string, secret string) (*ActionSignedResponse, error)

SignResponse signs an action response with the given secret.

func (*ActionsHelper) VerifyHeader 

func (a *ActionsHelper) VerifyHeader(payload string, sigHeader string, secret string) error

VerifyHeader verifies the signature of an Actions webhook request.

type AddRolePermission 

type AddRolePermission struct {
	// Slug is the slug of the permission to add to the role.
	Slug string `json:"slug"`
}

AddRolePermission represents an add role permission.

type AdminPortalGenerateLinkParams 

type AdminPortalGenerateLinkParams struct {
	// ReturnURL is the URL to go to when an admin clicks on your logo in the Admin Portal. If not specified, the return URL configured on the [Redirects](https://dashboard.workos.com/redirects) page will be used.
	ReturnURL *string `json:"return_url,omitempty"`
	// SuccessURL is the URL to redirect the admin to when they finish setup. If not specified, the success URL configured on the [Redirects](https://dashboard.workos.com/redirects) page will be used.
	SuccessURL *string `json:"success_url,omitempty"`
	// Organization is an [Organization](https://workos.com/docs/reference/organization) identifier.
	Organization string `json:"organization"`
	// Intent is       The intent of the Admin Portal.
	// - `sso` - Launch Admin Portal for creating SSO connections
	// - `dsync` - Launch Admin Portal for creating Directory Sync connections
	// - `audit_logs` - Launch Admin Portal for viewing Audit Logs
	// - `log_streams` - Launch Admin Portal for creating Log Streams
	// - `domain_verification` - Launch Admin Portal for Domain Verification
	// - `certificate_renewal` - Launch Admin Portal for renewing SAML Certificates
	// - `bring_your_own_key` - Launch Admin Portal for configuring Bring Your Own Key
	Intent *GenerateLinkIntent `json:"intent,omitempty"`
	// IntentOptions is options to configure the Admin Portal based on the intent.
	IntentOptions *IntentOptions `json:"intent_options,omitempty"`
	// AdminEmails is the email addresses of the IT admins to grant access to the Admin Portal for the given organization. Accepts up to 20 emails.
	AdminEmails []string `json:"admin_emails,omitempty"`
}

AdminPortalGenerateLinkParams contains the parameters for GenerateLink.

type AdminPortalService 

type AdminPortalService struct {
	// contains filtered or unexported fields
}

AdminPortalService handles AdminPortal operations. 

func (s *AdminPortalService) GenerateLink(ctx context.Context, params *AdminPortalGenerateLinkParams, opts ...RequestOption) (*PortalLinkResponse, error)

GenerateLink generate a Portal Link Generate a Portal Link scoped to an Organization.

type ApplicationCredentialsListItem 

type ApplicationCredentialsListItem struct {
	// Object distinguishes the connect application secret object.
	Object string `json:"object"`
	// ID is the unique ID of the client secret.
	ID string `json:"id"`
	// SecretHint is a hint showing the last few characters of the secret value.
	SecretHint string `json:"secret_hint"`
	// LastUsedAt is the timestamp when the client secret was last used, or null if never used.
	LastUsedAt *string `json:"last_used_at"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

ApplicationCredentialsListItem represents an application credentials list item.

type ApplicationsOrder 

type ApplicationsOrder string

ApplicationsOrder represents applications order values. 

const (
	ApplicationsOrderNormal ApplicationsOrder = "normal"
	ApplicationsOrderDesc   ApplicationsOrder = "desc"
	ApplicationsOrderAsc    ApplicationsOrder = "asc"
)

type AssignRole 

type AssignRole struct {
	// RoleSlug is the slug of the role to assign.
	RoleSlug string `json:"role_slug"`
	// ResourceID is the ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`.
	ResourceID *string `json:"resource_id,omitempty"`
	// ResourceExternalID is the external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`.
	ResourceExternalID *string `json:"resource_external_id,omitempty"`
	// ResourceTypeSlug is the resource type slug. Required with `resource_external_id`. Mutually exclusive with `resource_id`.
	ResourceTypeSlug *string `json:"resource_type_slug,omitempty"`
}

AssignRole represents an assign role.

type AuditLogActionJSON 

type AuditLogActionJSON struct {
	// Object distinguishes the Audit Log Action object.
	Object string `json:"object"`
	// Name is identifier of what action was taken.
	Name string `json:"name"`
	// Schema is the schema associated with the action.
	Schema *AuditLogSchemaJSON `json:"schema"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

AuditLogActionJSON represents an audit log action json.

type AuditLogConfiguration 

type AuditLogConfiguration struct {
	// OrganizationID is unique identifier of the Organization.
	OrganizationID string `json:"organization_id"`
	// RetentionPeriodInDays is the number of days Audit Log events will be retained before being permanently deleted.
	RetentionPeriodInDays int `json:"retention_period_in_days"`
	// State is the current state of the audit log configuration for the organization.
	State AuditLogConfigurationState `json:"state"`
	// LogStream is the Audit Log Stream currently configured for the organization, if any.
	LogStream *AuditLogConfigurationLogStream `json:"log_stream,omitempty"`
}

AuditLogConfiguration represents an audit log configuration.

type AuditLogConfigurationLogStream 

type AuditLogConfigurationLogStream struct {
	// ID is unique identifier of the Audit Log Stream.
	ID string `json:"id"`
	// Type is the type of the Audit Log Stream destination.
	Type AuditLogConfigurationLogStreamType `json:"type"`
	// State is the current state of the Audit Log Stream.
	State AuditLogConfigurationLogStreamState `json:"state"`
	// LastSyncedAt is iso-8601 timestamp of when the last event was successfully synced, or null if no events have been synced.
	LastSyncedAt *string `json:"last_synced_at"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
}

AuditLogConfigurationLogStream the Audit Log Stream currently configured for the organization, if any.

type AuditLogConfigurationLogStreamState 

type AuditLogConfigurationLogStreamState string

AuditLogConfigurationLogStreamState represents audit log configuration log stream state values. 

const (
	AuditLogConfigurationLogStreamStateActive   AuditLogConfigurationLogStreamState = "active"
	AuditLogConfigurationLogStreamStateInactive AuditLogConfigurationLogStreamState = "inactive"
	AuditLogConfigurationLogStreamStateError    AuditLogConfigurationLogStreamState = "error"
	AuditLogConfigurationLogStreamStateInvalid  AuditLogConfigurationLogStreamState = "invalid"
)

type AuditLogConfigurationLogStreamType 

type AuditLogConfigurationLogStreamType string

AuditLogConfigurationLogStreamType represents audit log configuration log stream type values. 

const (
	AuditLogConfigurationLogStreamTypeAzureSentinel      AuditLogConfigurationLogStreamType = "AzureSentinel"
	AuditLogConfigurationLogStreamTypeDatadog            AuditLogConfigurationLogStreamType = "Datadog"
	AuditLogConfigurationLogStreamTypeGenericHttps       AuditLogConfigurationLogStreamType = "GenericHttps"
	AuditLogConfigurationLogStreamTypeGoogleCloudStorage AuditLogConfigurationLogStreamType = "GoogleCloudStorage"
	AuditLogConfigurationLogStreamTypeS3                 AuditLogConfigurationLogStreamType = "S3"
	AuditLogConfigurationLogStreamTypeSplunk             AuditLogConfigurationLogStreamType = "Splunk"
)

type AuditLogConfigurationState 

type AuditLogConfigurationState string

AuditLogConfigurationState represents audit log configuration state values. 

const (
	AuditLogConfigurationStateActive   AuditLogConfigurationState = "active"
	AuditLogConfigurationStateInactive AuditLogConfigurationState = "inactive"
	AuditLogConfigurationStateDisabled AuditLogConfigurationState = "disabled"
)

type AuditLogEvent 

type AuditLogEvent struct {
	// Action is identifier of what happened.
	Action string `json:"action"`
	// OccurredAt is iso-8601 value of when the action occurred.
	OccurredAt string `json:"occurred_at"`
	// Actor is the entity that performed the action.
	Actor *AuditLogEventActor `json:"actor"`
	// Targets is the resources affected by the action.
	Targets []*AuditLogEventTarget `json:"targets"`
	// Context is additional context about where and how the action occurred.
	Context *AuditLogEventContext `json:"context"`
	// Metadata is additional data associated with the event or entity.
	Metadata map[string]interface{} `json:"metadata,omitempty"`
	// Version is what schema version the event is associated with.
	Version *int `json:"version,omitempty"`
}

AuditLogEvent represents an audit log event.

type AuditLogEventActor 

type AuditLogEventActor struct {
	// ID is actor identifier.
	ID string `json:"id"`
	// Type is actor type.
	Type string `json:"type"`
	// Name is optional actor name.
	Name *string `json:"name,omitempty"`
	// Metadata is additional data associated with the event or entity.
	Metadata map[string]interface{} `json:"metadata,omitempty"`
}

AuditLogEventActor represents an audit log event actor.

type AuditLogEventContext 

type AuditLogEventContext struct {
	// Location is ip Address or some other geolocation identifier.
	Location string `json:"location"`
	// UserAgent is user agent string.
	UserAgent *string `json:"user_agent,omitempty"`
}

AuditLogEventContext represents an audit log event context.

type AuditLogEventCreateResponse 

type AuditLogEventCreateResponse struct {
	// Success is whether the Audit Log event was created successfully.
	Success bool `json:"success"`
}

AuditLogEventCreateResponse represents an audit log event create response.

type AuditLogEventIngestion 

type AuditLogEventIngestion struct {
	// OrganizationID is the unique ID of the Organization.
	OrganizationID string `json:"organization_id"`
	// Event is the audit log event to create.
	Event *AuditLogEvent `json:"event"`
}

AuditLogEventIngestion represents an audit log event ingestion.

type AuditLogEventTarget 

type AuditLogEventTarget = AuditLogEventActor

AuditLogEventTarget is an alias for AuditLogEventActor.

type AuditLogExportCreation 

type AuditLogExportCreation struct {
	// OrganizationID is the unique ID of the Organization.
	OrganizationID string `json:"organization_id"`
	// RangeStart is iso-8601 value for start of the export range.
	RangeStart string `json:"range_start"`
	// RangeEnd is iso-8601 value for end of the export range.
	RangeEnd string `json:"range_end"`
	// Actions is list of actions to filter against.
	Actions []string `json:"actions,omitempty"`
	// Actors is deprecated. Use `actor_names` instead.
	//
	// Deprecated: Use `actor_names` instead.
	Actors []string `json:"actors,omitempty"`
	// ActorNames is list of actor names to filter against.
	ActorNames []string `json:"actor_names,omitempty"`
	// ActorIDs is list of actor IDs to filter against.
	ActorIDs []string `json:"actor_ids,omitempty"`
	// Targets is list of target types to filter against.
	Targets []string `json:"targets,omitempty"`
}

AuditLogExportCreation represents an audit log export creation.

type AuditLogExportJSON 

type AuditLogExportJSON struct {
	// Object distinguishes the Audit Log Export object.
	Object string `json:"object"`
	// ID is the unique ID of the Audit Log Export.
	ID string `json:"id"`
	// State is the state of the export. Possible values: pending, ready, error.
	State AuditLogExportJSONState `json:"state"`
	// URL is a URL to the CSV file. Only defined when the Audit Log Export is ready.
	URL *string `json:"url,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

AuditLogExportJSON represents an audit log export json.

type AuditLogExportJSONState 

type AuditLogExportJSONState string

AuditLogExportJSONState represents audit log export json state values. 

const (
	AuditLogExportJSONStatePending AuditLogExportJSONState = "pending"
	AuditLogExportJSONStateReady   AuditLogExportJSONState = "ready"
	AuditLogExportJSONStateError   AuditLogExportJSONState = "error"
)

type AuditLogSchema 

type AuditLogSchema struct {
	// Actor is the metadata schema for the actor.
	Actor *AuditLogSchemaActor `json:"actor,omitempty"`
	// Targets is the list of targets for the schema.
	Targets []*AuditLogSchemaTarget `json:"targets"`
	// Metadata is optional JSON schema for event metadata.
	Metadata map[string]interface{} `json:"metadata,omitempty"`
}

AuditLogSchema represents an audit log schema.

type AuditLogSchemaActor 

type AuditLogSchemaActor struct {
	// Metadata is json schema for actor metadata.
	Metadata map[string]interface{} `json:"metadata"`
}

AuditLogSchemaActor represents an audit log schema actor.

type AuditLogSchemaJSON 

type AuditLogSchemaJSON struct {
	// Object distinguishes the Audit Log Schema object.
	Object string `json:"object"`
	// Version is the version of the schema.
	Version int `json:"version"`
	// Actor is the metadata schema for the actor.
	Actor *AuditLogSchemaJSONActor `json:"actor,omitempty"`
	// Targets is the list of targets for the schema.
	Targets []*AuditLogSchemaJSONTarget `json:"targets"`
	// Metadata is additional data associated with the event or entity.
	Metadata map[string]interface{} `json:"metadata,omitempty"`
	// CreatedAt is the timestamp when the Audit Log Schema was created.
	CreatedAt string `json:"created_at"`
}

AuditLogSchemaJSON represents an audit log schema json.

type AuditLogSchemaJSONActor 

type AuditLogSchemaJSONActor = AuditLogSchemaActor

AuditLogSchemaJSONActor is an alias for AuditLogSchemaActor.

type AuditLogSchemaJSONTarget 

type AuditLogSchemaJSONTarget struct {
	// Type is the type of the target resource.
	Type string `json:"type"`
	// Metadata is additional data associated with the event or entity.
	Metadata map[string]interface{} `json:"metadata,omitempty"`
}

AuditLogSchemaJSONTarget represents an audit log schema json target.

type AuditLogSchemaTarget 

type AuditLogSchemaTarget = AuditLogSchemaJSONTarget

AuditLogSchemaTarget is an alias for AuditLogSchemaJSONTarget.

type AuditLogService 

type AuditLogService struct {
	// contains filtered or unexported fields
}

AuditLogService handles AuditLogs operations.

func (*AuditLogService) CreateEvent 

func (s *AuditLogService) CreateEvent(ctx context.Context, params *AuditLogsCreateEventParams, opts ...RequestOption) (*AuditLogEventCreateResponse, error)

CreateEvent Create an Audit Log Event. This API supports idempotency which guarantees that performing the same operation multiple times will have the same result as if the operation were performed only once. This is handy in situations where you may need to retry a request due to a failure or prevent accidental duplicate requests from creating more than one resource. To achieve idempotency, you can add `Idempotency-Key` request header to a Create Event request with a unique string as the value. Each subsequent request matching this unique string will return the same response. We suggest using [v4 UUIDs](https://en.wikipedia.org/wiki/Universally_unique_identifier) for idempotency keys to avoid collisions. Idempotency keys expire after 24 hours. The API will generate a new response if you submit a request with an expired key.

func (*AuditLogService) CreateExport 

func (s *AuditLogService) CreateExport(ctx context.Context, params *AuditLogsCreateExportParams, opts ...RequestOption) (*AuditLogExportJSON, error)

CreateExport Create an Audit Log Export. Exports are scoped to a single organization within a specified date range.

func (*AuditLogService) CreateSchema 

func (s *AuditLogService) CreateSchema(ctx context.Context, actionName string, params *AuditLogsCreateSchemaParams, opts ...RequestOption) (*AuditLogSchemaJSON, error)

CreateSchema Creates a new Audit Log schema used to validate the payload of incoming Audit Log Events. If the `action` does not exist, it will also be created.

func (*AuditLogService) GetExport 

func (s *AuditLogService) GetExport(ctx context.Context, auditLogExportID string, opts ...RequestOption) (*AuditLogExportJSON, error)

GetExport Get an Audit Log Export. The URL will expire after 10 minutes. If the export is needed again at a later time, refetching the export will regenerate the URL.

func (*AuditLogService) GetOrganizationAuditLogsRetention 

func (s *AuditLogService) GetOrganizationAuditLogsRetention(ctx context.Context, id string, opts ...RequestOption) (*AuditLogsRetentionJSON, error)

GetOrganizationAuditLogsRetention get Retention Get the configured event retention period for the given Organization.

func (*AuditLogService) ListActionSchemas 

func (s *AuditLogService) ListActionSchemas(ctx context.Context, actionName string, params *AuditLogsListActionSchemasParams, opts ...RequestOption) *Iterator[AuditLogSchemaJSON]

ListActionSchemas list Schemas Get a list of all schemas for the Audit Logs action identified by `:name`.

func (*AuditLogService) ListActions 

func (s *AuditLogService) ListActions(ctx context.Context, params *AuditLogsListActionsParams, opts ...RequestOption) *Iterator[AuditLogActionJSON]

ListActions Get a list of all Audit Log actions in the current environment.

func (*AuditLogService) UpdateOrganizationAuditLogsRetention 

func (s *AuditLogService) UpdateOrganizationAuditLogsRetention(ctx context.Context, id string, params *AuditLogsUpdateOrganizationAuditLogsRetentionParams, opts ...RequestOption) (*AuditLogsRetentionJSON, error)

UpdateOrganizationAuditLogsRetention set Retention Set the event retention period for the given Organization.

type AuditLogsCreateEventParams 

type AuditLogsCreateEventParams struct {
	// OrganizationID is the unique ID of the Organization.
	OrganizationID string `json:"organization_id"`
	// Event is the audit log event to create.
	Event *AuditLogEvent `json:"event"`
}

AuditLogsCreateEventParams contains the parameters for CreateEvent.

type AuditLogsCreateExportParams 

type AuditLogsCreateExportParams struct {
	// OrganizationID is the unique ID of the Organization.
	OrganizationID string `json:"organization_id"`
	// RangeStart is iso-8601 value for start of the export range.
	RangeStart string `json:"range_start"`
	// RangeEnd is iso-8601 value for end of the export range.
	RangeEnd string `json:"range_end"`
	// Actions is list of actions to filter against.
	Actions []string `json:"actions,omitempty"`
	// Actors is deprecated. Use `actor_names` instead.
	//
	// Deprecated: this field is deprecated.
	Actors []string `json:"actors,omitempty"`
	// ActorNames is list of actor names to filter against.
	ActorNames []string `json:"actor_names,omitempty"`
	// ActorIDs is list of actor IDs to filter against.
	ActorIDs []string `json:"actor_ids,omitempty"`
	// Targets is list of target types to filter against.
	Targets []string `json:"targets,omitempty"`
}

AuditLogsCreateExportParams contains the parameters for CreateExport.

type AuditLogsCreateSchemaParams 

type AuditLogsCreateSchemaParams struct {
	// Actor is the metadata schema for the actor.
	Actor *AuditLogSchemaActor `json:"actor,omitempty"`
	// Targets is the list of targets for the schema.
	Targets []*AuditLogSchemaTarget `json:"targets"`
	// Metadata is optional JSON schema for event metadata.
	Metadata map[string]interface{} `json:"metadata,omitempty"`
}

AuditLogsCreateSchemaParams contains the parameters for CreateSchema.

type AuditLogsListActionSchemasParams 

type AuditLogsListActionSchemasParams struct {
	PaginationParams
}

AuditLogsListActionSchemasParams contains the parameters for ListActionSchemas.

type AuditLogsListActionsParams 

type AuditLogsListActionsParams struct {
	PaginationParams
}

AuditLogsListActionsParams contains the parameters for ListActions.

type AuditLogsOrder 

type AuditLogsOrder = ApplicationsOrder

AuditLogsOrder is an alias for ApplicationsOrder.

type AuditLogsRetentionJSON 

type AuditLogsRetentionJSON struct {
	// RetentionPeriodInDays is the number of days Audit Log events will be retained before being permanently deleted. Valid values are 30 and 365.
	RetentionPeriodInDays *int `json:"retention_period_in_days"`
}

AuditLogsRetentionJSON represents an audit logs retention json.

type AuditLogsUpdateOrganizationAuditLogsRetentionParams 

type AuditLogsUpdateOrganizationAuditLogsRetentionParams struct {
	// RetentionPeriodInDays is the number of days Audit Log events will be retained. Valid values are `30` and `365`.
	RetentionPeriodInDays int `json:"retention_period_in_days"`
}

AuditLogsUpdateOrganizationAuditLogsRetentionParams contains the parameters for UpdateOrganizationAuditLogsRetention.

type AuthKitAuthorizationURLParams 

type AuthKitAuthorizationURLParams struct {
	RedirectURI         string
	ClientID            string // if empty, uses client's configured clientID
	Provider            *string
	ConnectionID        *string
	OrganizationID      *string
	DomainHint          *string
	LoginHint           *string
	State               *string
	CodeChallenge       *string
	CodeChallengeMethod *string
	ScreenHint          *string
}

AuthKitAuthorizationURLParams are parameters for building an AuthKit authorization URL.

type AuthKitPKCEAuthorizationURLResult 

type AuthKitPKCEAuthorizationURLResult struct {
	URL          string
	CodeVerifier string
	State        string
}

AuthKitPKCEAuthorizationURLResult contains the authorization URL plus the PKCE code verifier.

type AuthKitPKCECodeExchangeParams 

type AuthKitPKCECodeExchangeParams struct {
	Code         string
	CodeVerifier string
}

AuthKitPKCECodeExchangeParams holds the parameters for PKCE code exchange.

type AuthenticateResponse 

type AuthenticateResponse struct {
	// User is the corresponding [user](https://workos.com/docs/reference/authkit/user) object.
	User *User `json:"user"`
	// OrganizationID is the ID of the organization the user selected to sign in to.
	OrganizationID *string `json:"organization_id,omitempty"`
	// AuthkitAuthorizationCode is an authorization code that can be exchanged for tokens by a different application.
	AuthkitAuthorizationCode *string `json:"authkit_authorization_code,omitempty"`
	// AccessToken is a JWT containing information about the current session.
	AccessToken string `json:"access_token"`
	// RefreshToken is [Exchange this token](https://workos.com/docs/reference/authkit/authentication/refresh-token) for a new access token.
	RefreshToken string `json:"refresh_token"`
	// AuthenticationMethod is the authentication method used to initiate the session.
	AuthenticationMethod *AuthenticateResponseAuthenticationMethod `json:"authentication_method,omitempty"`
	// Impersonator is information about the impersonator if this session was created via impersonation.
	Impersonator *AuthenticateResponseImpersonator `json:"impersonator,omitempty"`
	// OAuthTokens is the OAuth tokens from the identity provider, if applicable.
	OAuthTokens *AuthenticateResponseOAuthToken `json:"oauth_tokens,omitempty"`
}

AuthenticateResponse represents an authenticate response.

type AuthenticateResponseAuthenticationMethod 

type AuthenticateResponseAuthenticationMethod string

AuthenticateResponseAuthenticationMethod represents authenticate response authentication method values. 

const (
	AuthenticateResponseAuthenticationMethodSSO                    AuthenticateResponseAuthenticationMethod = "SSO"
	AuthenticateResponseAuthenticationMethodPassword               AuthenticateResponseAuthenticationMethod = "Password"
	AuthenticateResponseAuthenticationMethodPasskey                AuthenticateResponseAuthenticationMethod = "Passkey"
	AuthenticateResponseAuthenticationMethodAppleOAuth             AuthenticateResponseAuthenticationMethod = "AppleOAuth"
	AuthenticateResponseAuthenticationMethodBitbucketOAuth         AuthenticateResponseAuthenticationMethod = "BitbucketOAuth"
	AuthenticateResponseAuthenticationMethodCrossAppAuth           AuthenticateResponseAuthenticationMethod = "CrossAppAuth"
	AuthenticateResponseAuthenticationMethodDiscordOAuth           AuthenticateResponseAuthenticationMethod = "DiscordOAuth"
	AuthenticateResponseAuthenticationMethodExternalAuth           AuthenticateResponseAuthenticationMethod = "ExternalAuth"
	AuthenticateResponseAuthenticationMethodGitHubOAuth            AuthenticateResponseAuthenticationMethod = "GitHubOAuth"
	AuthenticateResponseAuthenticationMethodGitLabOAuth            AuthenticateResponseAuthenticationMethod = "GitLabOAuth"
	AuthenticateResponseAuthenticationMethodGoogleOAuth            AuthenticateResponseAuthenticationMethod = "GoogleOAuth"
	AuthenticateResponseAuthenticationMethodIntuitOAuth            AuthenticateResponseAuthenticationMethod = "IntuitOAuth"
	AuthenticateResponseAuthenticationMethodLinkedInOAuth          AuthenticateResponseAuthenticationMethod = "LinkedInOAuth"
	AuthenticateResponseAuthenticationMethodMicrosoftOAuth         AuthenticateResponseAuthenticationMethod = "MicrosoftOAuth"
	AuthenticateResponseAuthenticationMethodSalesforceOAuth        AuthenticateResponseAuthenticationMethod = "SalesforceOAuth"
	AuthenticateResponseAuthenticationMethodSlackOAuth             AuthenticateResponseAuthenticationMethod = "SlackOAuth"
	AuthenticateResponseAuthenticationMethodVercelMarketplaceOAuth AuthenticateResponseAuthenticationMethod = "VercelMarketplaceOAuth"
	AuthenticateResponseAuthenticationMethodVercelOAuth            AuthenticateResponseAuthenticationMethod = "VercelOAuth"
	AuthenticateResponseAuthenticationMethodXeroOAuth              AuthenticateResponseAuthenticationMethod = "XeroOAuth"
	AuthenticateResponseAuthenticationMethodMagicAuth              AuthenticateResponseAuthenticationMethod = "MagicAuth"
	AuthenticateResponseAuthenticationMethodImpersonation          AuthenticateResponseAuthenticationMethod = "Impersonation"
	AuthenticateResponseAuthenticationMethodMigratedSession        AuthenticateResponseAuthenticationMethod = "MigratedSession"
)

type AuthenticateResponseImpersonator 

type AuthenticateResponseImpersonator struct {
	// Email is the email address of the WorkOS Dashboard user who is impersonating the user.
	Email string `json:"email"`
	// Reason is the justification the impersonator gave for impersonating the user.
	Reason *string `json:"reason"`
}

AuthenticateResponseImpersonator information about the impersonator if this session was created via impersonation.

type AuthenticateResponseOAuthToken 

type AuthenticateResponseOAuthToken struct {
	// Provider is the OAuth provider used for authentication.
	Provider string `json:"provider"`
	// RefreshToken is the refresh token from the OAuth provider.
	RefreshToken string `json:"refresh_token"`
	// AccessToken is the access token from the OAuth provider.
	AccessToken string `json:"access_token"`
	// ExpiresAt is the timestamp at which the access token expires.
	ExpiresAt int `json:"expires_at"`
	// Scopes is a list of OAuth scopes for which the access token is authorized.
	Scopes []string `json:"scopes"`
}

AuthenticateResponseOAuthToken the OAuth tokens from the identity provider, if applicable.

type AuthenticateSessionResult 

type AuthenticateSessionResult struct {
	Authenticated  bool
	SessionID      string
	OrganizationID string
	Role           string
	Permissions    []string
	Entitlements   []string
	User           *User
	Impersonator   *AuthenticateResponseImpersonator
	Reason         string // populated on failure: "no_session_cookie_provided", "invalid_session_cookie", "invalid_jwt", etc.
}

AuthenticateSessionResult holds the result of authenticating a session.

func AuthenticateSession 

func AuthenticateSession(sealedSession string, cookiePassword string) (*AuthenticateSessionResult, error)

AuthenticateSession is a convenience method for one-shot session authentication. It does not require a Client — only the sealed session and cookie password.

type AuthenticationChallenge 

type AuthenticationChallenge struct {
	// Object distinguishes the authentication challenge object.
	Object string `json:"object"`
	// ID is the unique ID of the authentication challenge.
	ID string `json:"id"`
	// ExpiresAt is the timestamp when the challenge will expire. Does not apply to TOTP factors.
	ExpiresAt *string `json:"expires_at,omitempty"`
	// Code is the one-time code for the challenge.
	Code *string `json:"code,omitempty"`
	// AuthenticationFactorID is the unique ID of the authentication factor the challenge belongs to.
	AuthenticationFactorID string `json:"authentication_factor_id"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

AuthenticationChallenge represents an authentication challenge.

type AuthenticationChallengeVerifyResponse 

type AuthenticationChallengeVerifyResponse struct {
	// Challenge is the authentication challenge object.
	Challenge *AuthenticationChallenge `json:"challenge"`
	// Valid is whether the code was valid.
	Valid bool `json:"valid"`
}

AuthenticationChallengeVerifyResponse represents an authentication challenge verify response.

type AuthenticationChallengesVerifyRequest 

type AuthenticationChallengesVerifyRequest struct {
	// Code is the one-time code to verify.
	Code string `json:"code"`
}

AuthenticationChallengesVerifyRequest represents an authentication challenges verify request.

type AuthenticationEmailVerificationFailed 

type AuthenticationEmailVerificationFailed struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationEmailVerificationFailedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationEmailVerificationFailed represents an authentication email verification failed.

type AuthenticationEmailVerificationFailedData 

type AuthenticationEmailVerificationFailedData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID *string `json:"user_id"`
	// Email is the email address of the user.
	Email *string `json:"email"`
	// Error is details about the authentication error.
	Error *AuthenticationEmailVerificationFailedDataError `json:"error"`
}

AuthenticationEmailVerificationFailedData the event payload.

type AuthenticationEmailVerificationFailedDataError 

type AuthenticationEmailVerificationFailedDataError struct {
	// Code is the error code.
	Code string `json:"code"`
	// Message is a human-readable error message.
	Message string `json:"message"`
}

AuthenticationEmailVerificationFailedDataError details about the authentication error.

type AuthenticationEmailVerificationSucceeded 

type AuthenticationEmailVerificationSucceeded struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationEmailVerificationSucceededData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationEmailVerificationSucceeded represents an authentication email verification succeeded.

type AuthenticationEmailVerificationSucceededData 

type AuthenticationEmailVerificationSucceededData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
}

AuthenticationEmailVerificationSucceededData the event payload.

type AuthenticationError 

type AuthenticationError struct {
	*APIError
}

AuthenticationError represents 401 authentication errors.

func (*AuthenticationError) Error 

func (e *AuthenticationError) Error() string

func (*AuthenticationError) Unwrap 

func (e *AuthenticationError) Unwrap() error

type AuthenticationFactor 

type AuthenticationFactor struct {
	// Object distinguishes the authentication factor object.
	Object string `json:"object"`
	// ID is the unique ID of the factor.
	ID string `json:"id"`
	// Type is the type of the factor to enroll.
	Type AuthenticationFactorType `json:"type"`
	// UserID is the ID of the [user](https://workos.com/docs/reference/authkit/user).
	UserID *string `json:"user_id,omitempty"`
	// Sms is sms-based authentication factor details.
	Sms *AuthenticationFactorSms `json:"sms,omitempty"`
	// TOTP is totp-based authentication factor details.
	TOTP *AuthenticationFactorTOTP `json:"totp,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

AuthenticationFactor represents an authentication factor.

type AuthenticationFactorEnrolled 

type AuthenticationFactorEnrolled struct {
	// Object distinguishes the authentication factor object.
	Object string `json:"object"`
	// ID is the unique ID of the factor.
	ID string `json:"id"`
	// Type is the type of the factor to enroll.
	Type AuthenticationFactorEnrolledType `json:"type"`
	// UserID is the ID of the [user](https://workos.com/docs/reference/authkit/user).
	UserID *string `json:"user_id,omitempty"`
	// Sms is sms-based authentication factor details.
	Sms *AuthenticationFactorEnrolledSms `json:"sms,omitempty"`
	// TOTP is totp-based authentication factor details. Includes enrollment secrets only available at creation time.
	TOTP *AuthenticationFactorEnrolledTOTP `json:"totp,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

AuthenticationFactorEnrolled represents an authentication factor enrolled.

type AuthenticationFactorEnrolledSms 

type AuthenticationFactorEnrolledSms struct {
	// PhoneNumber is the user's phone number for SMS-based authentication.
	PhoneNumber string `json:"phone_number"`
}

AuthenticationFactorEnrolledSms sms-based authentication factor details.

type AuthenticationFactorEnrolledTOTP 

type AuthenticationFactorEnrolledTOTP struct {
	// Issuer is your application or company name displayed in the user's authenticator app. Defaults to your WorkOS team name.
	Issuer string `json:"issuer"`
	// User is the user's account name displayed in their authenticator app. Defaults to the user's email.
	User string `json:"user"`
	// Secret is totp secret that can be manually entered into some authenticator apps in place of scanning a QR code.
	Secret string `json:"secret"`
	// QrCode is base64 encoded image containing scannable QR code.
	QrCode string `json:"qr_code"`
	// URI is the `otpauth` URI that is encoded by the provided `qr_code`.
	URI string `json:"uri"`
}

AuthenticationFactorEnrolledTOTP totp-based authentication factor details. Includes enrollment secrets only available at creation time.

type AuthenticationFactorEnrolledType 

type AuthenticationFactorEnrolledType string

AuthenticationFactorEnrolledType represents authentication factor enrolled type values. 

const (
	AuthenticationFactorEnrolledTypeGenericOtp AuthenticationFactorEnrolledType = "generic_otp"
	AuthenticationFactorEnrolledTypeSms        AuthenticationFactorEnrolledType = "sms"
	AuthenticationFactorEnrolledTypeTOTP       AuthenticationFactorEnrolledType = "totp"
	AuthenticationFactorEnrolledTypeWebauthn   AuthenticationFactorEnrolledType = "webauthn"
)

type AuthenticationFactorSms 

type AuthenticationFactorSms = AuthenticationFactorEnrolledSms

AuthenticationFactorSms is an alias for AuthenticationFactorEnrolledSms.

type AuthenticationFactorTOTP 

type AuthenticationFactorTOTP struct {
	// Issuer is your application or company name displayed in the user's authenticator app. Defaults to your WorkOS team name.
	Issuer string `json:"issuer"`
	// User is the user's account name displayed in their authenticator app. Defaults to the user's email.
	User string `json:"user"`
}

AuthenticationFactorTOTP totp-based authentication factor details.

type AuthenticationFactorType 

type AuthenticationFactorType = AuthenticationFactorEnrolledType

AuthenticationFactorType is an alias for AuthenticationFactorEnrolledType.

type AuthenticationFactorsCreateRequest 

type AuthenticationFactorsCreateRequest struct {
	// Type is the type of factor to enroll.
	Type AuthenticationFactorsCreateRequestType `json:"type"`
	// PhoneNumber is required when type is 'sms'.
	PhoneNumber *string `json:"phone_number,omitempty"`
	// TOTPIssuer is required when type is 'totp'.
	TOTPIssuer *string `json:"totp_issuer,omitempty"`
	// TOTPUser is required when type is 'totp'.
	TOTPUser *string `json:"totp_user,omitempty"`
	// UserID is the ID of the user to associate the factor with.
	UserID *string `json:"user_id,omitempty"`
}

AuthenticationFactorsCreateRequest represents an authentication factors create request.

type AuthenticationFactorsCreateRequestType 

type AuthenticationFactorsCreateRequestType string

AuthenticationFactorsCreateRequestType represents authentication factors create request type values. 

const (
	AuthenticationFactorsCreateRequestTypeGenericOtp AuthenticationFactorsCreateRequestType = "generic_otp"
	AuthenticationFactorsCreateRequestTypeSms        AuthenticationFactorsCreateRequestType = "sms"
	AuthenticationFactorsCreateRequestTypeTOTP       AuthenticationFactorsCreateRequestType = "totp"
)

type AuthenticationMFAFailed 

type AuthenticationMFAFailed struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationMFAFailedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationMFAFailed represents an authentication mfa failed.

type AuthenticationMFAFailedData 

type AuthenticationMFAFailedData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID *string `json:"user_id"`
	// Email is the email address of the user.
	Email *string `json:"email"`
	// Error is details about the authentication error.
	Error *AuthenticationMFAFailedDataError `json:"error"`
}

AuthenticationMFAFailedData the event payload.

type AuthenticationMFAFailedDataError 

type AuthenticationMFAFailedDataError = AuthenticationEmailVerificationFailedDataError

The following types are structurally identical to AuthenticationEmailVerificationFailedDataError.

type AuthenticationMFASucceeded 

type AuthenticationMFASucceeded struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationMFASucceededData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationMFASucceeded represents an authentication mfa succeeded.

type AuthenticationMFASucceededData 

type AuthenticationMFASucceededData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
}

AuthenticationMFASucceededData the event payload.

type AuthenticationMagicAuthFailed 

type AuthenticationMagicAuthFailed struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationMagicAuthFailedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationMagicAuthFailed represents an authentication magic auth failed.

type AuthenticationMagicAuthFailedData 

type AuthenticationMagicAuthFailedData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID *string `json:"user_id"`
	// Email is the email address of the user.
	Email *string `json:"email"`
	// Error is details about the authentication error.
	Error *AuthenticationMagicAuthFailedDataError `json:"error"`
}

AuthenticationMagicAuthFailedData the event payload.

type AuthenticationMagicAuthFailedDataError 

type AuthenticationMagicAuthFailedDataError = AuthenticationEmailVerificationFailedDataError

The following types are structurally identical to AuthenticationEmailVerificationFailedDataError.

type AuthenticationMagicAuthSucceeded 

type AuthenticationMagicAuthSucceeded struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationMagicAuthSucceededData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationMagicAuthSucceeded represents an authentication magic auth succeeded.

type AuthenticationMagicAuthSucceededData 

type AuthenticationMagicAuthSucceededData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
}

AuthenticationMagicAuthSucceededData the event payload.

type AuthenticationOAuthFailed 

type AuthenticationOAuthFailed struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationOAuthFailedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationOAuthFailed represents an authentication OAuth failed.

type AuthenticationOAuthFailedData 

type AuthenticationOAuthFailedData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID *string `json:"user_id"`
	// Email is the email address of the user.
	Email *string `json:"email"`
	// Error is details about the authentication error.
	Error *AuthenticationOAuthFailedDataError `json:"error"`
}

AuthenticationOAuthFailedData the event payload.

type AuthenticationOAuthFailedDataError 

type AuthenticationOAuthFailedDataError = AuthenticationEmailVerificationFailedDataError

The following types are structurally identical to AuthenticationEmailVerificationFailedDataError.

type AuthenticationOAuthSucceeded 

type AuthenticationOAuthSucceeded struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationOAuthSucceededData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationOAuthSucceeded represents an authentication OAuth succeeded.

type AuthenticationOAuthSucceededData 

type AuthenticationOAuthSucceededData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID *string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
}

AuthenticationOAuthSucceededData the event payload.

type AuthenticationPasskeyFailed 

type AuthenticationPasskeyFailed struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationPasskeyFailedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationPasskeyFailed represents an authentication passkey failed.

type AuthenticationPasskeyFailedData 

type AuthenticationPasskeyFailedData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID *string `json:"user_id"`
	// Email is the email address of the user.
	Email *string `json:"email"`
	// Error is details about the authentication error.
	Error *AuthenticationPasskeyFailedDataError `json:"error"`
}

AuthenticationPasskeyFailedData the event payload.

type AuthenticationPasskeyFailedDataError 

type AuthenticationPasskeyFailedDataError = AuthenticationEmailVerificationFailedDataError

The following types are structurally identical to AuthenticationEmailVerificationFailedDataError.

type AuthenticationPasskeySucceeded 

type AuthenticationPasskeySucceeded struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationPasskeySucceededData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationPasskeySucceeded represents an authentication passkey succeeded.

type AuthenticationPasskeySucceededData 

type AuthenticationPasskeySucceededData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
}

AuthenticationPasskeySucceededData the event payload.

type AuthenticationPasswordFailed 

type AuthenticationPasswordFailed struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationPasswordFailedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationPasswordFailed represents an authentication password failed.

type AuthenticationPasswordFailedData 

type AuthenticationPasswordFailedData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID *string `json:"user_id"`
	// Email is the email address of the user.
	Email *string `json:"email"`
	// Error is details about the authentication error.
	Error *AuthenticationPasswordFailedDataError `json:"error"`
}

AuthenticationPasswordFailedData the event payload.

type AuthenticationPasswordFailedDataError 

type AuthenticationPasswordFailedDataError = AuthenticationEmailVerificationFailedDataError

The following types are structurally identical to AuthenticationEmailVerificationFailedDataError.

type AuthenticationPasswordSucceeded 

type AuthenticationPasswordSucceeded struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationPasswordSucceededData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationPasswordSucceeded represents an authentication password succeeded.

type AuthenticationPasswordSucceededData 

type AuthenticationPasswordSucceededData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
}

AuthenticationPasswordSucceededData the event payload.

type AuthenticationRadarRiskDetected 

type AuthenticationRadarRiskDetected struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationRadarRiskDetectedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationRadarRiskDetected represents an authentication radar risk detected.

type AuthenticationRadarRiskDetectedData 

type AuthenticationRadarRiskDetectedData struct {
	// AuthMethod is the authentication method used.
	AuthMethod string                                    `json:"auth_method"`
	Action     AuthenticationRadarRiskDetectedDataAction `json:"action"`
	// Control is the control action taken for the detected risk.
	Control *string `json:"control"`
	// BlocklistType is the type of blocklist that triggered the risk detection.
	BlocklistType *string `json:"blocklist_type"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
}

AuthenticationRadarRiskDetectedData the event payload.

type AuthenticationRadarRiskDetectedDataAction 

type AuthenticationRadarRiskDetectedDataAction string

AuthenticationRadarRiskDetectedDataAction represents authentication radar risk detected data action values. 

const (
	AuthenticationRadarRiskDetectedDataActionSignup AuthenticationRadarRiskDetectedDataAction = "signup"
	AuthenticationRadarRiskDetectedDataActionLogin  AuthenticationRadarRiskDetectedDataAction = "login"
)

type AuthenticationSSOFailed 

type AuthenticationSSOFailed struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationSSOFailedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationSSOFailed represents an authentication SSO failed.

type AuthenticationSSOFailedData 

type AuthenticationSSOFailedData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID *string `json:"user_id"`
	// Email is the email address of the user.
	Email *string `json:"email"`
	// SSO is sso connection details.
	SSO *AuthenticationSSOFailedDataSSO `json:"sso"`
	// Error is details about the authentication error.
	Error *AuthenticationSSOFailedDataError `json:"error"`
}

AuthenticationSSOFailedData the event payload.

type AuthenticationSSOFailedDataError 

type AuthenticationSSOFailedDataError = AuthenticationEmailVerificationFailedDataError

The following types are structurally identical to AuthenticationEmailVerificationFailedDataError.

type AuthenticationSSOFailedDataSSO 

type AuthenticationSSOFailedDataSSO struct {
	// OrganizationID is the ID of the organization.
	OrganizationID *string `json:"organization_id"`
	// ConnectionID is the ID of the SSO connection.
	ConnectionID *string `json:"connection_id"`
	// SessionID is the ID of the SSO session.
	SessionID *string `json:"session_id"`
}

AuthenticationSSOFailedDataSSO sso connection details.

type AuthenticationSSOStarted 

type AuthenticationSSOStarted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationSSOStartedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationSSOStarted represents an authentication SSO started.

type AuthenticationSSOStartedData 

type AuthenticationSSOStartedData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID *string `json:"user_id"`
	// Email is the email address of the user.
	Email *string `json:"email"`
	// SSO is sso connection details.
	SSO *AuthenticationSSOStartedDataSSO `json:"sso"`
}

AuthenticationSSOStartedData the event payload.

type AuthenticationSSOStartedDataSSO 

type AuthenticationSSOStartedDataSSO = AuthenticationSSOFailedDataSSO

AuthenticationSSOStartedDataSSO is an alias for AuthenticationSSOFailedDataSSO.

type AuthenticationSSOSucceeded 

type AuthenticationSSOSucceeded struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationSSOSucceededData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationSSOSucceeded represents an authentication SSO succeeded.

type AuthenticationSSOSucceededData 

type AuthenticationSSOSucceededData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID *string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
	// SSO is sso connection details.
	SSO *AuthenticationSSOSucceededDataSSO `json:"sso"`
}

AuthenticationSSOSucceededData the event payload.

type AuthenticationSSOSucceededDataSSO 

type AuthenticationSSOSucceededDataSSO = AuthenticationSSOFailedDataSSO

AuthenticationSSOSucceededDataSSO is an alias for AuthenticationSSOFailedDataSSO.

type AuthenticationSSOTimedOut 

type AuthenticationSSOTimedOut struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *AuthenticationSSOTimedOutData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

AuthenticationSSOTimedOut represents an authentication SSO timed out.

type AuthenticationSSOTimedOutData 

type AuthenticationSSOTimedOutData struct {
	Type   string `json:"type"`
	Status string `json:"status"`
	// IPAddress is the IP address of the request.
	IPAddress *string `json:"ip_address"`
	// UserAgent is the user agent of the request.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user.
	UserID *string `json:"user_id"`
	// Email is the email address of the user.
	Email *string `json:"email"`
	// SSO is sso connection details.
	SSO *AuthenticationSSOTimedOutDataSSO `json:"sso"`
	// Error is details about the authentication error.
	Error *AuthenticationSSOTimedOutDataError `json:"error"`
}

AuthenticationSSOTimedOutData the event payload.

type AuthenticationSSOTimedOutDataError 

type AuthenticationSSOTimedOutDataError = AuthenticationEmailVerificationFailedDataError

The following types are structurally identical to AuthenticationEmailVerificationFailedDataError.

type AuthenticationSSOTimedOutDataSSO 

type AuthenticationSSOTimedOutDataSSO = AuthenticationSSOFailedDataSSO

AuthenticationSSOTimedOutDataSSO is an alias for AuthenticationSSOFailedDataSSO.

type AuthorizationAddEnvironmentRolePermissionParams 

type AuthorizationAddEnvironmentRolePermissionParams struct {
	// Slug is the slug of the permission to add to the role.
	Slug string `json:"slug"`
}

AuthorizationAddEnvironmentRolePermissionParams contains the parameters for AddEnvironmentRolePermission.

type AuthorizationAssignRoleParams 

type AuthorizationAssignRoleParams struct {
	// RoleSlug is the slug of the role to assign.
	RoleSlug string `json:"role_slug"`
	// ResourceTarget identifies the resource target (required).
	ResourceTarget AuthorizationResourceTarget `url:"-" json:"-"`
}

AuthorizationAssignRoleParams contains the parameters for AssignRole.

func (AuthorizationAssignRoleParams) MarshalJSON 

func (p AuthorizationAssignRoleParams) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for AuthorizationAssignRoleParams.

type AuthorizationAssignment 

type AuthorizationAssignment string

AuthorizationAssignment represents authorization assignment values. 

const (
	AuthorizationAssignmentDirect   AuthorizationAssignment = "direct"
	AuthorizationAssignmentIndirect AuthorizationAssignment = "indirect"
)

type AuthorizationCheck 

type AuthorizationCheck struct {
	// Authorized is whether the organization membership has the specified permission on the resource.
	Authorized bool `json:"authorized"`
}

AuthorizationCheck represents an authorization check.

type AuthorizationCheckParams 

type AuthorizationCheckParams struct {
	// PermissionSlug is the slug of the permission to check.
	PermissionSlug string `json:"permission_slug"`
	// ResourceTarget identifies the resource target (required).
	ResourceTarget AuthorizationResourceTarget `url:"-" json:"-"`
}

AuthorizationCheckParams contains the parameters for Check.

func (AuthorizationCheckParams) MarshalJSON 

func (p AuthorizationCheckParams) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for AuthorizationCheckParams.

type AuthorizationCodeSessionAuthenticateRequest 

type AuthorizationCodeSessionAuthenticateRequest struct {
	// ClientID is the client ID of the application.
	ClientID string `json:"client_id"`
	// ClientSecret is the client secret of the application.
	ClientSecret string `json:"client_secret"`
	GrantType    string `json:"grant_type"`
	// Code is the authorization code received from the redirect.
	Code string `json:"code"`
	// CodeVerifier is the PKCE code verifier used to derive the code challenge passed to the authorization URL.
	CodeVerifier *string `json:"code_verifier,omitempty"`
	// InvitationToken is an invitation token to accept during authentication.
	InvitationToken *string `json:"invitation_token,omitempty"`
	// IPAddress is the IP address of the user's request.
	IPAddress *string `json:"ip_address,omitempty"`
	// DeviceID is a unique identifier for the device.
	DeviceID *string `json:"device_id,omitempty"`
	// UserAgent is the user agent string from the user's browser.
	UserAgent *string `json:"user_agent,omitempty"`
}

AuthorizationCodeSessionAuthenticateRequest represents an authorization code session authenticate request.

type AuthorizationCreateEnvironmentRoleParams 

type AuthorizationCreateEnvironmentRoleParams struct {
	// Slug is a unique slug for the role.
	Slug string `json:"slug"`
	// Name is a descriptive name for the role.
	Name string `json:"name"`
	// Description is an optional description of the role.
	Description *string `json:"description,omitempty"`
	// ResourceTypeSlug is the slug of the resource type the role is scoped to.
	ResourceTypeSlug *string `json:"resource_type_slug,omitempty"`
}

AuthorizationCreateEnvironmentRoleParams contains the parameters for CreateEnvironmentRole.

type AuthorizationCreateOrganizationRoleParams 

type AuthorizationCreateOrganizationRoleParams struct {
	// Slug is a unique identifier for the role within the organization. When provided, must begin with 'org-' and contain only lowercase letters, numbers, hyphens, and underscores. When omitted, a slug is auto-generated from the role name and a random suffix.
	Slug *string `json:"slug,omitempty"`
	// Name is a descriptive name for the role.
	Name string `json:"name"`
	// Description is an optional description of the role's purpose.
	Description *string `json:"description,omitempty"`
	// ResourceTypeSlug is the slug of the resource type the role is scoped to.
	ResourceTypeSlug *string `json:"resource_type_slug,omitempty"`
}

AuthorizationCreateOrganizationRoleParams contains the parameters for CreateOrganizationRole.

type AuthorizationCreatePermissionParams 

type AuthorizationCreatePermissionParams struct {
	// Slug is a unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
	Slug string `json:"slug"`
	// Name is a descriptive name for the Permission.
	Name string `json:"name"`
	// Description is an optional description of the Permission.
	Description *string `json:"description,omitempty"`
	// ResourceTypeSlug is the slug of the resource type this permission is scoped to.
	ResourceTypeSlug *string `json:"resource_type_slug,omitempty"`
}

AuthorizationCreatePermissionParams contains the parameters for CreatePermission.

type AuthorizationCreateResourceParams 

type AuthorizationCreateResourceParams struct {
	// ExternalID is an external identifier for the resource.
	ExternalID string `json:"external_id"`
	// Name is a display name for the resource.
	Name string `json:"name"`
	// Description is an optional description of the resource.
	Description *string `json:"description,omitempty"`
	// ResourceTypeSlug is the slug of the resource type.
	ResourceTypeSlug string `json:"resource_type_slug"`
	// OrganizationID is the ID of the organization this resource belongs to.
	OrganizationID string `json:"organization_id"`
	// ParentResource optionally identifies the parent resource.
	ParentResource AuthorizationParentResource `url:"-" json:"-"`
}

AuthorizationCreateResourceParams contains the parameters for CreateResource.

func (AuthorizationCreateResourceParams) MarshalJSON 

func (p AuthorizationCreateResourceParams) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for AuthorizationCreateResourceParams.

type AuthorizationCreateRolePermissionParams 

type AuthorizationCreateRolePermissionParams struct {
	// Slug is the slug of the permission to add to the role.
	Slug string `json:"slug"`
}

AuthorizationCreateRolePermissionParams contains the parameters for CreateRolePermission.

type AuthorizationDeleteOrganizationResourceParams 

type AuthorizationDeleteOrganizationResourceParams struct {
	// CascadeDelete is if true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail.
	// Defaults to false.
	CascadeDelete *bool `url:"cascade_delete,omitempty" json:"-"`
}

AuthorizationDeleteOrganizationResourceParams contains the parameters for DeleteOrganizationResource.

type AuthorizationDeleteResourceParams 

type AuthorizationDeleteResourceParams struct {
	// CascadeDelete is if true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail.
	// Defaults to false.
	CascadeDelete *bool `url:"cascade_delete,omitempty" json:"-"`
}

AuthorizationDeleteResourceParams contains the parameters for DeleteResource.

type AuthorizationListEffectivePermissionsByExternalIDParams 

type AuthorizationListEffectivePermissionsByExternalIDParams struct {
	PaginationParams
}

AuthorizationListEffectivePermissionsByExternalIDParams contains the parameters for ListEffectivePermissionsByExternalID.

type AuthorizationListMembershipsForResourceParams 

type AuthorizationListMembershipsForResourceParams struct {
	PaginationParams
	// PermissionSlug is the permission slug to filter by. Only users with this permission on the resource are returned.
	PermissionSlug string `url:"permission_slug" json:"-"`
	// Assignment is filter by assignment type. Use `direct` for direct assignments only, or `indirect` to include inherited assignments.
	Assignment *AuthorizationAssignment `url:"assignment,omitempty" json:"-"`
}

AuthorizationListMembershipsForResourceParams contains the parameters for ListMembershipsForResource.

type AuthorizationListOrganizationMembershipResourcesParams 

type AuthorizationListOrganizationMembershipResourcesParams struct {
	PaginationParams
	// PermissionSlug is the permission slug to filter by. Only child resources where the organization membership has this permission are returned.
	PermissionSlug string `url:"permission_slug" json:"-"`
	// ParentResource identifies the parent resource (required).
	ParentResource AuthorizationParentResource `url:"-" json:"-"`
}

AuthorizationListOrganizationMembershipResourcesParams contains the parameters for ListOrganizationMembershipResources.

type AuthorizationListOrganizationMembershipRoleAssignmentsParams 

type AuthorizationListOrganizationMembershipRoleAssignmentsParams struct {
	PaginationParams
}

AuthorizationListOrganizationMembershipRoleAssignmentsParams contains the parameters for ListOrganizationMembershipRoleAssignments.

type AuthorizationListPermissionsParams 

type AuthorizationListPermissionsParams struct {
	PaginationParams
}

AuthorizationListPermissionsParams contains the parameters for ListPermissions.

type AuthorizationListResourceOrganizationMembershipsParams 

type AuthorizationListResourceOrganizationMembershipsParams struct {
	PaginationParams
	// PermissionSlug is the permission slug to filter by. Only users with this permission on the resource are returned.
	PermissionSlug string `url:"permission_slug" json:"-"`
	// Assignment is filter by assignment type. Use "direct" for direct assignments only, or "indirect" to include inherited assignments.
	Assignment *AuthorizationAssignment `url:"assignment,omitempty" json:"-"`
}

AuthorizationListResourceOrganizationMembershipsParams contains the parameters for ListResourceOrganizationMemberships.

type AuthorizationListResourcePermissionsParams 

type AuthorizationListResourcePermissionsParams struct {
	PaginationParams
}

AuthorizationListResourcePermissionsParams contains the parameters for ListResourcePermissions.

type AuthorizationListResourcesParams 

type AuthorizationListResourcesParams struct {
	PaginationParams
	// OrganizationID is filter resources by organization ID.
	OrganizationID *string `url:"organization_id,omitempty" json:"-"`
	// ResourceTypeSlug is filter resources by resource type slug.
	ResourceTypeSlug *string `url:"resource_type_slug,omitempty" json:"-"`
	// Search is search resources by name.
	Search *string `url:"search,omitempty" json:"-"`
	// Parent optionally identifies the parent.
	Parent AuthorizationParent `url:"-" json:"-"`
}

AuthorizationListResourcesParams contains the parameters for ListResources.

type AuthorizationOrder 

type AuthorizationOrder = ApplicationsOrder

AuthorizationOrder is an alias for ApplicationsOrder.

type AuthorizationParent 

type AuthorizationParent interface {
	// contains filtered or unexported methods
}

AuthorizationParent is one of:

  • AuthorizationParentByID
  • AuthorizationParentByExternalID

type AuthorizationParentByExternalID 

type AuthorizationParentByExternalID struct {
	ResourceTypeSlug string
	ExternalID       string
}

type AuthorizationParentByID 

type AuthorizationParentByID struct {
	ResourceID string
}

type AuthorizationParentResource 

type AuthorizationParentResource interface {
	// contains filtered or unexported methods
}

AuthorizationParentResource is one of:

  • AuthorizationParentResourceByID
  • AuthorizationParentResourceByExternalID

type AuthorizationParentResourceByExternalID 

type AuthorizationParentResourceByExternalID struct {
	TypeSlug   string
	ExternalID string
}

type AuthorizationParentResourceByID 

type AuthorizationParentResourceByID struct {
	ID string
}

type AuthorizationPermission 

type AuthorizationPermission struct {
	// Object distinguishes the Permission object.
	Object string `json:"object"`
	// ID is unique identifier of the Permission.
	ID string `json:"id"`
	// Slug is a unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
	Slug string `json:"slug"`
	// Name is a descriptive name for the Permission.
	Name string `json:"name"`
	// Description is an optional description of the Permission.
	Description *string `json:"description"`
	// System is whether the permission is a system permission. System permissions are managed by WorkOS and cannot be deleted.
	System bool `json:"system"`
	// ResourceTypeSlug is the slug of the resource type associated with the permission.
	ResourceTypeSlug string `json:"resource_type_slug"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

AuthorizationPermission represents an authorization permission.

type AuthorizationRemoveRoleParams 

type AuthorizationRemoveRoleParams struct {
	// RoleSlug is the slug of the role to remove.
	RoleSlug string `json:"role_slug"`
	// ResourceTarget identifies the resource target (required).
	ResourceTarget AuthorizationResourceTarget `url:"-" json:"-"`
}

AuthorizationRemoveRoleParams contains the parameters for RemoveRole.

func (AuthorizationRemoveRoleParams) MarshalJSON 

func (p AuthorizationRemoveRoleParams) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for AuthorizationRemoveRoleParams.

type AuthorizationResource 

type AuthorizationResource struct {
	// Object distinguishes the Resource object.
	Object string `json:"object"`
	// Name is a human-readable name for the Resource.
	Name string `json:"name"`
	// Description is an optional description of the Resource.
	Description *string `json:"description"`
	// OrganizationID is the ID of the organization that owns the resource.
	OrganizationID string `json:"organization_id"`
	// ParentResourceID is the ID of the parent resource, if this resource is nested.
	ParentResourceID *string `json:"parent_resource_id"`
	// ID is the unique ID of the Resource.
	ID string `json:"id"`
	// ExternalID is an identifier you provide to reference the resource in your system.
	ExternalID string `json:"external_id"`
	// ResourceTypeSlug is the slug of the resource type this resource belongs to.
	ResourceTypeSlug string `json:"resource_type_slug"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

AuthorizationResource represents an authorization resource.

type AuthorizationResourceTarget 

type AuthorizationResourceTarget interface {
	// contains filtered or unexported methods
}

AuthorizationResourceTarget is one of:

  • AuthorizationResourceTargetByID
  • AuthorizationResourceTargetByExternalID

type AuthorizationResourceTargetByExternalID 

type AuthorizationResourceTargetByExternalID struct {
	ResourceExternalID string
	ResourceTypeSlug   string
}

type AuthorizationResourceTargetByID 

type AuthorizationResourceTargetByID struct {
	ResourceID string
}

type AuthorizationService 

type AuthorizationService struct {
	// contains filtered or unexported fields
}

AuthorizationService handles Authorization operations.

func (*AuthorizationService) AddEnvironmentRolePermission 

func (s *AuthorizationService) AddEnvironmentRolePermission(ctx context.Context, slug string, params *AuthorizationAddEnvironmentRolePermissionParams, opts ...RequestOption) (*Role, error)

AddEnvironmentRolePermission add a permission to an environment role Add a single permission to an environment role. If the permission is already assigned to the role, this operation has no effect.

func (*AuthorizationService) AssignRole 

func (s *AuthorizationService) AssignRole(ctx context.Context, organizationMembershipID string, params *AuthorizationAssignRoleParams, opts ...RequestOption) (*RoleAssignment, error)

AssignRole assign a role Assign a role to an organization membership on a specific resource.

func (*AuthorizationService) Check 

func (s *AuthorizationService) Check(ctx context.Context, organizationMembershipID string, params *AuthorizationCheckParams, opts ...RequestOption) (*AuthorizationCheck, error)

Check authorization Check if an organization membership has a specific permission on a resource. Supports identification by resource_id OR by resource_external_id + resource_type_slug.

func (*AuthorizationService) CreateEnvironmentRole 

func (s *AuthorizationService) CreateEnvironmentRole(ctx context.Context, params *AuthorizationCreateEnvironmentRoleParams, opts ...RequestOption) (*Role, error)

CreateEnvironmentRole create an environment role Create a new environment role.

func (*AuthorizationService) CreateOrganizationRole 

func (s *AuthorizationService) CreateOrganizationRole(ctx context.Context, organizationID string, params *AuthorizationCreateOrganizationRoleParams, opts ...RequestOption) (*Role, error)

CreateOrganizationRole create a custom role Create a new custom role for this organization.

func (*AuthorizationService) CreatePermission 

func (s *AuthorizationService) CreatePermission(ctx context.Context, params *AuthorizationCreatePermissionParams, opts ...RequestOption) (*Permission, error)

CreatePermission create a permission Create a new permission in your WorkOS environment. The permission can then be assigned to environment roles and custom roles.

func (*AuthorizationService) CreateResource 

func (s *AuthorizationService) CreateResource(ctx context.Context, params *AuthorizationCreateResourceParams, opts ...RequestOption) (*AuthorizationResource, error)

CreateResource create an authorization resource Create a new authorization resource.

func (*AuthorizationService) CreateRolePermission 

func (s *AuthorizationService) CreateRolePermission(ctx context.Context, organizationID string, slug string, params *AuthorizationCreateRolePermissionParams, opts ...RequestOption) (*Role, error)

CreateRolePermission add a permission to a custom role Add a single permission to a custom role. If the permission is already assigned to the role, this operation has no effect.

func (*AuthorizationService) DeleteOrganizationMembershipRoleAssignment 

func (s *AuthorizationService) DeleteOrganizationMembershipRoleAssignment(ctx context.Context, organizationMembershipID string, roleAssignmentID string, opts ...RequestOption) error

DeleteOrganizationMembershipRoleAssignment remove a role assignment by ID Remove a role assignment using its ID.

func (*AuthorizationService) DeleteOrganizationResource 

func (s *AuthorizationService) DeleteOrganizationResource(ctx context.Context, organizationID string, resourceTypeSlug string, externalID string, params *AuthorizationDeleteOrganizationResourceParams, opts ...RequestOption) error

DeleteOrganizationResource delete an authorization resource by external ID Delete an authorization resource by organization, resource type, and external ID. This also deletes all descendant resources.

func (*AuthorizationService) DeleteOrganizationRole 

func (s *AuthorizationService) DeleteOrganizationRole(ctx context.Context, organizationID string, slug string, opts ...RequestOption) error

DeleteOrganizationRole delete a custom role Delete an existing custom role.

func (*AuthorizationService) DeletePermission 

func (s *AuthorizationService) DeletePermission(ctx context.Context, slug string, opts ...RequestOption) error

DeletePermission delete a permission Delete an existing permission. System permissions cannot be deleted.

func (*AuthorizationService) DeleteResource 

func (s *AuthorizationService) DeleteResource(ctx context.Context, resourceID string, params *AuthorizationDeleteResourceParams, opts ...RequestOption) error

DeleteResource delete an authorization resource Delete an authorization resource and all its descendants.

func (*AuthorizationService) DeleteRolePermission 

func (s *AuthorizationService) DeleteRolePermission(ctx context.Context, organizationID string, slug string, permissionSlug string, opts ...RequestOption) error

DeleteRolePermission remove a permission from a custom role Remove a single permission from a custom role by its slug.

func (*AuthorizationService) GetEnvironmentRole 

func (s *AuthorizationService) GetEnvironmentRole(ctx context.Context, slug string, opts ...RequestOption) (*Role, error)

GetEnvironmentRole get an environment role Get an environment role by its slug.

func (*AuthorizationService) GetOrganizationResource 

func (s *AuthorizationService) GetOrganizationResource(ctx context.Context, organizationID string, resourceTypeSlug string, externalID string, opts ...RequestOption) (*AuthorizationResource, error)

GetOrganizationResource get a resource by external ID Retrieve the details of an authorization resource by its external ID, organization, and resource type. This is useful when you only have the external ID from your system and need to fetch the full resource details.

func (*AuthorizationService) GetOrganizationRole 

func (s *AuthorizationService) GetOrganizationRole(ctx context.Context, organizationID string, slug string, opts ...RequestOption) (*Role, error)

GetOrganizationRole get a custom role Retrieve a role that applies to an organization by its slug. This can return either an environment role or a custom role.

func (*AuthorizationService) GetPermission 

func (s *AuthorizationService) GetPermission(ctx context.Context, slug string, opts ...RequestOption) (*AuthorizationPermission, error)

GetPermission get a permission Retrieve a permission by its unique slug.

func (*AuthorizationService) GetResource 

func (s *AuthorizationService) GetResource(ctx context.Context, resourceID string, opts ...RequestOption) (*AuthorizationResource, error)

GetResource get a resource Retrieve the details of an authorization resource by its ID.

func (*AuthorizationService) ListEffectivePermissionsByExternalID 

func (s *AuthorizationService) ListEffectivePermissionsByExternalID(ctx context.Context, organizationMembershipID string, resourceTypeSlug string, externalID string, params *AuthorizationListEffectivePermissionsByExternalIDParams, opts ...RequestOption) *Iterator[AuthorizationPermission]

ListEffectivePermissionsByExternalID list effective permissions for an organization membership on a resource by external ID Returns all permissions the organization membership effectively has on a resource identified by its external ID, including permissions inherited through roles assigned to ancestor resources.

func (*AuthorizationService) ListEnvironmentRoles 

func (s *AuthorizationService) ListEnvironmentRoles(ctx context.Context, opts ...RequestOption) (*RoleList, error)

ListEnvironmentRoles List all environment roles in priority order.

func (*AuthorizationService) ListMembershipsForResource 

func (s *AuthorizationService) ListMembershipsForResource(ctx context.Context, resourceID string, params *AuthorizationListMembershipsForResourceParams, opts ...RequestOption) *Iterator[UserOrganizationMembershipBaseListData]

ListMembershipsForResource list organization memberships for resource Returns all organization memberships that have a specific permission on a resource instance. This is useful for answering "Who can access this resource?".

func (*AuthorizationService) ListOrganizationMembershipResources 

func (s *AuthorizationService) ListOrganizationMembershipResources(ctx context.Context, organizationMembershipID string, params *AuthorizationListOrganizationMembershipResourcesParams, opts ...RequestOption) *Iterator[AuthorizationResource]

ListOrganizationMembershipResources list resources for organization membership Returns all child resources of a parent resource where the organization membership has a specific permission. This is useful for resource discovery—answering "What projects can this user access in this workspace?" You must provide either `parent_resource_id` or both `parent_resource_external_id` and `parent_resource_type_slug` to identify the parent resource.

func (*AuthorizationService) ListOrganizationMembershipRoleAssignments 

func (s *AuthorizationService) ListOrganizationMembershipRoleAssignments(ctx context.Context, organizationMembershipID string, params *AuthorizationListOrganizationMembershipRoleAssignmentsParams, opts ...RequestOption) *Iterator[RoleAssignment]

ListOrganizationMembershipRoleAssignments list role assignments List all role assignments for an organization membership. This returns all roles that have been assigned to the user on resources, including organization-level and sub-resource roles.

func (*AuthorizationService) ListOrganizationRoles 

func (s *AuthorizationService) ListOrganizationRoles(ctx context.Context, organizationID string, opts ...RequestOption) (*RoleList, error)

ListOrganizationRoles list custom roles Get a list of all roles that apply to an organization. This includes both environment roles and custom roles, returned in priority order.

func (*AuthorizationService) ListPermissions 

func (s *AuthorizationService) ListPermissions(ctx context.Context, params *AuthorizationListPermissionsParams, opts ...RequestOption) *Iterator[AuthorizationPermission]

ListPermissions Get a list of all permissions in your WorkOS environment.

func (*AuthorizationService) ListResourceOrganizationMemberships 

func (s *AuthorizationService) ListResourceOrganizationMemberships(ctx context.Context, organizationID string, resourceTypeSlug string, externalID string, params *AuthorizationListResourceOrganizationMembershipsParams, opts ...RequestOption) *Iterator[UserOrganizationMembershipBaseListData]

ListResourceOrganizationMemberships list memberships for a resource by external ID Returns all organization memberships that have a specific permission on a resource, using the resource's external ID. This is useful for answering "Who can access this resource?" when you only have the external ID.

func (*AuthorizationService) ListResourcePermissions 

func (s *AuthorizationService) ListResourcePermissions(ctx context.Context, organizationMembershipID string, resourceID string, params *AuthorizationListResourcePermissionsParams, opts ...RequestOption) *Iterator[AuthorizationPermission]

ListResourcePermissions list effective permissions for an organization membership on a resource Returns all permissions the organization membership effectively has on a resource, including permissions inherited through roles assigned to ancestor resources.

func (*AuthorizationService) ListResources 

func (s *AuthorizationService) ListResources(ctx context.Context, params *AuthorizationListResourcesParams, opts ...RequestOption) *Iterator[AuthorizationResource]

ListResources Get a paginated list of authorization resources.

func (*AuthorizationService) RemoveRole 

func (s *AuthorizationService) RemoveRole(ctx context.Context, organizationMembershipID string, params *AuthorizationRemoveRoleParams, opts ...RequestOption) error

RemoveRole remove a role assignment Remove a role assignment by role slug and resource.

func (*AuthorizationService) SetEnvironmentRolePermissions 

func (s *AuthorizationService) SetEnvironmentRolePermissions(ctx context.Context, slug string, params *AuthorizationSetEnvironmentRolePermissionsParams, opts ...RequestOption) (*Role, error)

SetEnvironmentRolePermissions set permissions for an environment role Replace all permissions on an environment role with the provided list.

func (*AuthorizationService) UpdateEnvironmentRole 

func (s *AuthorizationService) UpdateEnvironmentRole(ctx context.Context, slug string, params *AuthorizationUpdateEnvironmentRoleParams, opts ...RequestOption) (*Role, error)

UpdateEnvironmentRole update an environment role Update an existing environment role.

func (*AuthorizationService) UpdateOrganizationResource 

func (s *AuthorizationService) UpdateOrganizationResource(ctx context.Context, organizationID string, resourceTypeSlug string, externalID string, params *AuthorizationUpdateOrganizationResourceParams, opts ...RequestOption) (*AuthorizationResource, error)

UpdateOrganizationResource update a resource by external ID Update an existing authorization resource using its external ID.

func (*AuthorizationService) UpdateOrganizationRole 

func (s *AuthorizationService) UpdateOrganizationRole(ctx context.Context, organizationID string, slug string, params *AuthorizationUpdateOrganizationRoleParams, opts ...RequestOption) (*Role, error)

UpdateOrganizationRole update a custom role Update an existing custom role. Only the fields provided in the request body will be updated.

func (*AuthorizationService) UpdatePermission 

func (s *AuthorizationService) UpdatePermission(ctx context.Context, slug string, params *AuthorizationUpdatePermissionParams, opts ...RequestOption) (*AuthorizationPermission, error)

UpdatePermission update a permission Update an existing permission. Only the fields provided in the request body will be updated.

func (*AuthorizationService) UpdateResource 

func (s *AuthorizationService) UpdateResource(ctx context.Context, resourceID string, params *AuthorizationUpdateResourceParams, opts ...RequestOption) (*AuthorizationResource, error)

UpdateResource update a resource Update an existing authorization resource.

func (*AuthorizationService) UpdateRolePermissions 

func (s *AuthorizationService) UpdateRolePermissions(ctx context.Context, organizationID string, slug string, params *AuthorizationUpdateRolePermissionsParams, opts ...RequestOption) (*Role, error)

UpdateRolePermissions set permissions for a custom role Replace all permissions on a custom role with the provided list.

type AuthorizationSetEnvironmentRolePermissionsParams 

type AuthorizationSetEnvironmentRolePermissionsParams struct {
	// Permissions is the permission slugs to assign to the role.
	Permissions []string `json:"permissions"`
}

AuthorizationSetEnvironmentRolePermissionsParams contains the parameters for SetEnvironmentRolePermissions.

type AuthorizationUpdateEnvironmentRoleParams 

type AuthorizationUpdateEnvironmentRoleParams struct {
	// Name is a descriptive name for the role.
	Name *string `json:"name,omitempty"`
	// Description is an optional description of the role.
	Description *string `json:"description,omitempty"`
}

AuthorizationUpdateEnvironmentRoleParams contains the parameters for UpdateEnvironmentRole.

type AuthorizationUpdateOrganizationResourceParams 

type AuthorizationUpdateOrganizationResourceParams struct {
	// Name is a display name for the resource.
	Name *string `json:"name,omitempty"`
	// Description is an optional description of the resource.
	Description *string `json:"description,omitempty"`
	// ParentResource optionally identifies the parent resource.
	ParentResource AuthorizationParentResource `url:"-" json:"-"`
}

AuthorizationUpdateOrganizationResourceParams contains the parameters for UpdateOrganizationResource.

func (AuthorizationUpdateOrganizationResourceParams) MarshalJSON 

func (p AuthorizationUpdateOrganizationResourceParams) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for AuthorizationUpdateOrganizationResourceParams.

type AuthorizationUpdateOrganizationRoleParams 

type AuthorizationUpdateOrganizationRoleParams struct {
	// Name is a descriptive name for the role.
	Name *string `json:"name,omitempty"`
	// Description is an optional description of the role's purpose.
	Description *string `json:"description,omitempty"`
}

AuthorizationUpdateOrganizationRoleParams contains the parameters for UpdateOrganizationRole.

type AuthorizationUpdatePermissionParams 

type AuthorizationUpdatePermissionParams struct {
	// Name is a descriptive name for the Permission.
	Name *string `json:"name,omitempty"`
	// Description is an optional description of the Permission.
	Description *string `json:"description,omitempty"`
}

AuthorizationUpdatePermissionParams contains the parameters for UpdatePermission.

type AuthorizationUpdateResourceParams 

type AuthorizationUpdateResourceParams struct {
	// Name is a display name for the resource.
	Name *string `json:"name,omitempty"`
	// Description is an optional description of the resource.
	Description *string `json:"description,omitempty"`
	// ParentResource optionally identifies the parent resource.
	ParentResource AuthorizationParentResource `url:"-" json:"-"`
}

AuthorizationUpdateResourceParams contains the parameters for UpdateResource.

func (AuthorizationUpdateResourceParams) MarshalJSON 

func (p AuthorizationUpdateResourceParams) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for AuthorizationUpdateResourceParams.

type AuthorizationUpdateRolePermissionsParams 

type AuthorizationUpdateRolePermissionsParams struct {
	// Permissions is the permission slugs to assign to the role.
	Permissions []string `json:"permissions"`
}

AuthorizationUpdateRolePermissionsParams contains the parameters for UpdateRolePermissions.

type AuthorizedConnectApplicationListData 

type AuthorizedConnectApplicationListData struct {
	// Object distinguishes the authorized connect application object.
	Object string `json:"object"`
	// ID is the unique ID of the authorized connect application.
	ID string `json:"id"`
	// GrantedScopes is the scopes granted by the user to the application.
	GrantedScopes []string `json:"granted_scopes"`
	// OAuthResource is the OAuth resource associated with the authorized connect application, if one was requested.
	OAuthResource *string             `json:"oauth_resource,omitempty"`
	Application   *ConnectApplication `json:"application"`
}

AuthorizedConnectApplicationListData represents an authorized connect application list data.

type CORSOriginResponse 

type CORSOriginResponse struct {
	// Object distinguishes the CORS origin object.
	Object string `json:"object"`
	// ID is unique identifier of the CORS origin.
	ID string `json:"id"`
	// Origin is the origin URL.
	Origin string `json:"origin"`
	// CreatedAt is timestamp when the CORS origin was created.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is timestamp when the CORS origin was last updated.
	UpdatedAt string `json:"updated_at"`
}

CORSOriginResponse represents a cors origin response.

type ChallengeAuthenticationFactor 

type ChallengeAuthenticationFactor struct {
	// SmsTemplate is a custom template for the SMS message. Use the {{code}} placeholder to include the verification code.
	SmsTemplate *string `json:"sms_template,omitempty"`
}

ChallengeAuthenticationFactor represents a challenge authentication factor.

type CheckAuthorization 

type CheckAuthorization struct {
	// PermissionSlug is the slug of the permission to check.
	PermissionSlug string `json:"permission_slug"`
	// ResourceID is the ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`.
	ResourceID *string `json:"resource_id,omitempty"`
	// ResourceExternalID is the external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`.
	ResourceExternalID *string `json:"resource_external_id,omitempty"`
	// ResourceTypeSlug is the slug of the resource type. Required with `resource_external_id`. Mutually exclusive with `resource_id`.
	ResourceTypeSlug *string `json:"resource_type_slug,omitempty"`
}

CheckAuthorization represents a check authorization.

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is the WorkOS API client.

func NewClient 

func NewClient(apiKey string, opts ...ClientOption) *Client

NewClient creates a new WorkOS API client.

Example 
client := workos.NewClient(
	"sk_example_api_key",
	workos.WithClientID("client_example_id"),
)

// Use client to access services
_ = client.Organizations()
_ = client.UserManagement()
_ = client.SSO()

fmt.Println("client created")

Output:
client created

func (*Client) APIKeys 

func (c *Client) APIKeys() *APIKeyService

APIKeys returns the APIKeys service.

func (*Client) AdminPortal 

func (c *Client) AdminPortal() *AdminPortalService

AdminPortal returns the AdminPortal service.

func (*Client) AuditLogs 

func (c *Client) AuditLogs() *AuditLogService

AuditLogs returns the AuditLogs service.

func (*Client) AuthKitPKCECodeExchange 

func (c *Client) AuthKitPKCECodeExchange(ctx context.Context, params AuthKitPKCECodeExchangeParams, opts ...RequestOption) (*AuthenticateResponse, error)

AuthKitPKCECodeExchange exchanges an authorization code with a code verifier. This calls the authenticate endpoint with the code_verifier parameter.

func (*Client) AuthKitPollDeviceCode 

func (c *Client) AuthKitPollDeviceCode(ctx context.Context, deviceCode string, interval int, opts ...RequestOption) (*AuthenticateResponse, error)

AuthKitPollDeviceCode polls for device code completion (part 2). Returns the authentication response once the user completes authorization. This method blocks until authorization completes, an error occurs, or the context is cancelled.

func (*Client) AuthKitStartDeviceAuthorization 

func (c *Client) AuthKitStartDeviceAuthorization(ctx context.Context, opts ...RequestOption) (*DeviceAuthorizationResponse, error)

AuthKitStartDeviceAuthorization initiates a device authorization flow (part 1).

func (*Client) Authorization 

func (c *Client) Authorization() *AuthorizationService

Authorization returns the Authorization service.

func (*Client) Connect 

func (c *Client) Connect() *ConnectService

Connect returns the Connect service.

func (*Client) DirectorySync 

func (c *Client) DirectorySync() *DirectorySyncService

DirectorySync returns the DirectorySync service.

func (*Client) Events 

func (c *Client) Events() *EventService

Events returns the Events service.

func (*Client) FeatureFlags 

func (c *Client) FeatureFlags() *FeatureFlagService

FeatureFlags returns the FeatureFlags service.

func (*Client) GetAuthKitAuthorizationURL 

func (c *Client) GetAuthKitAuthorizationURL(params AuthKitAuthorizationURLParams) (string, error)

GetAuthKitAuthorizationURL builds an AuthKit authorization URL. This is a helper that constructs the URL client-side without making an HTTP request.

func (*Client) GetAuthKitPKCEAuthorizationURL 

func (c *Client) GetAuthKitPKCEAuthorizationURL(params AuthKitAuthorizationURLParams) (*AuthKitPKCEAuthorizationURLResult, error)

GetAuthKitPKCEAuthorizationURL generates PKCE parameters and builds an AuthKit authorization URL.

func (*Client) GetSSOAuthorizationURL 

func (c *Client) GetSSOAuthorizationURL(params SSOAuthorizationURLParams) (string, error)

GetSSOAuthorizationURL builds an SSO authorization URL client-side.

func (*Client) GetSSOPKCEAuthorizationURL 

func (c *Client) GetSSOPKCEAuthorizationURL(params SSOAuthorizationURLParams) (*SSOPKCEAuthorizationURLResult, error)

GetSSOPKCEAuthorizationURL generates PKCE parameters and builds an SSO authorization URL.

func (*Client) JWKSURLFromClient 

func (c *Client) JWKSURLFromClient() string

JWKSURLFromClient builds the JWKS URL using the client's configured base URL and client ID.

func (*Client) MultiFactorAuth 

func (c *Client) MultiFactorAuth() *MultiFactorAuthService

MultiFactorAuth returns the MultiFactorAuth service.

func (*Client) OrganizationDomains 

func (c *Client) OrganizationDomains() *OrganizationDomainService

OrganizationDomains returns the OrganizationDomains service.

func (*Client) Organizations 

func (c *Client) Organizations() *OrganizationService

Organizations returns the Organizations service.

func (*Client) Passwordless 

func (c *Client) Passwordless() *PasswordlessService

Passwordless returns the Passwordless service.

func (*Client) Pipes 

func (c *Client) Pipes() *PipeService

Pipes returns the Pipes service.

func (*Client) Radar 

func (c *Client) Radar() *RadarService

Radar returns the Radar service.

func (*Client) RefreshSession 

func (c *Client) RefreshSession(ctx context.Context, sealedSession string, cookiePassword string, opts ...RequestOption) (*RefreshSessionResult, error)

RefreshSession is a convenience method on Client for one-shot session refresh.

func (*Client) SSO 

func (c *Client) SSO() *SSOService

SSO returns the SSO service.

func (*Client) SSOLogout 

func (c *Client) SSOLogout(ctx context.Context, params SSOLogoutParams, opts ...RequestOption) (string, error)

SSOLogout initiates a logout flow. First obtains a logout token via AuthorizeLogout, then builds the logout redirect URL.

func (*Client) SSOPKCECodeExchange 

func (c *Client) SSOPKCECodeExchange(ctx context.Context, params SSOPKCECodeExchangeParams, opts ...RequestOption) (*SSOTokenResponse, error)

SSOPKCECodeExchange exchanges an SSO authorization code with PKCE.

func (*Client) UserManagement 

func (c *Client) UserManagement() *UserManagementService

UserManagement returns the UserManagement service.

func (*Client) Vault 

func (c *Client) Vault() *VaultService

Vault returns the Vault service.

func (*Client) Webhooks 

func (c *Client) Webhooks() *WebhookService

Webhooks returns the Webhooks service.

func (*Client) Widgets 

func (c *Client) Widgets() *WidgetService

Widgets returns the Widgets service.

type ClientOption 

type ClientOption func(*Client)

ClientOption configures the Client.

func WithAppInfo 

func WithAppInfo(name, version, url string) ClientOption

WithAppInfo sets application info that is appended to the User-Agent header. This is useful for framework vendors and integration libraries to identify themselves in API requests.

func WithBaseURL 

func WithBaseURL(url string) ClientOption

WithBaseURL sets a custom base URL.

func WithClientID 

func WithClientID(id string) ClientOption

WithClientID sets the client ID (used for authentication flows).

func WithHTTPClient 

func WithHTTPClient(client *http.Client) ClientOption

WithHTTPClient sets a custom HTTP client.

func WithLogger 

func WithLogger(l Logger) ClientOption

WithLogger sets a logger for HTTP request tracing (method, path, status, duration).

func WithMaxRetries 

func WithMaxRetries(n int) ClientOption

WithMaxRetries sets the maximum number of retries.

type ConfirmEmailChange 

type ConfirmEmailChange = AuthenticationChallengesVerifyRequest

ConfirmEmailChange is an alias for AuthenticationChallengesVerifyRequest.

type ConnectApplication 

type ConnectApplication struct {
	// Object distinguishes the connect application object.
	Object string `json:"object"`
	// ID is the unique ID of the connect application.
	ID string `json:"id"`
	// ClientID is the client ID of the connect application.
	ClientID string `json:"client_id"`
	// Description is a description of the connect application.
	Description *string `json:"description"`
	// Name is the name of the connect application.
	Name string `json:"name"`
	// Scopes is the scopes available for this application.
	Scopes []string `json:"scopes"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// ApplicationType is the type of the application.
	ApplicationType *string `json:"application_type,omitempty"`
	// OrganizationID is the ID of the organization the application belongs to.
	OrganizationID *string `json:"organization_id,omitempty"`
	// RedirectURIs is the redirect URIs configured for this application.
	RedirectURIs []*ConnectApplicationRedirectURI `json:"redirect_uris,omitempty"`
	// UsesPKCE is whether the application uses PKCE for authorization.
	UsesPKCE *bool `json:"uses_pkce,omitempty"`
	// IsFirstParty is whether the application is a first-party application.
	IsFirstParty *bool `json:"is_first_party,omitempty"`
	// WasDynamicallyRegistered is whether the application was dynamically registered.
	WasDynamicallyRegistered *bool `json:"was_dynamically_registered,omitempty"`
}

ConnectApplication represents a connect application.

type ConnectApplicationRedirectURI 

type ConnectApplicationRedirectURI struct {
	// URI is the redirect URI for the application.
	URI string `json:"uri"`
	// Default is whether this is the default redirect URI.
	Default bool `json:"default"`
}

ConnectApplicationRedirectURI represents a connect application_redirect_uri.

type ConnectCompleteOAuth2Params 

type ConnectCompleteOAuth2Params struct {
	// ExternalAuthID is identifier provided when AuthKit redirected to your login page.
	ExternalAuthID string `json:"external_auth_id"`
	// User is the user to create or update in AuthKit.
	User *UserObject `json:"user"`
	// UserConsentOptions is array of [User Consent Options](https://workos.com/docs/reference/workos-connect/standalone/user-consent-options) to store with the session.
	UserConsentOptions []*UserConsentOption `json:"user_consent_options,omitempty"`
}

ConnectCompleteOAuth2Params contains the parameters for CompleteOAuth2.

type ConnectCreateM2MApplicationParams 

type ConnectCreateM2MApplicationParams struct {
	// Name is the name of the application.
	Name string `json:"name"`
	// OrganizationID is the organization ID this application belongs to.
	OrganizationID string `json:"organization_id"`
	// Description is a description for the application.
	Description *string `json:"description,omitempty"`
	// Scopes is the OAuth scopes granted to the application.
	Scopes []string `json:"scopes,omitempty"`
}

ConnectCreateM2MApplicationParams contains the parameters for CreateM2MApplication.

type ConnectCreateOAuthApplicationParams 

type ConnectCreateOAuthApplicationParams struct {
	// Name is the name of the application.
	Name string `json:"name"`
	// IsFirstParty is whether this is a first-party application. Third-party applications require an organization_id.
	IsFirstParty bool `json:"is_first_party"`
	// Description is a description for the application.
	Description *string `json:"description,omitempty"`
	// Scopes is the OAuth scopes granted to the application.
	Scopes []string `json:"scopes,omitempty"`
	// RedirectURIs is redirect URIs for the application.
	RedirectURIs []*RedirectURIInput `json:"redirect_uris,omitempty"`
	// UsesPKCE is whether the application uses PKCE (Proof Key for Code Exchange).
	UsesPKCE *bool `json:"uses_pkce,omitempty"`
	// OrganizationID is the organization ID this application belongs to. Required when is_first_party is false.
	OrganizationID *string `json:"organization_id,omitempty"`
}

ConnectCreateOAuthApplicationParams contains the parameters for CreateOAuthApplication.

type ConnectListApplicationsParams 

type ConnectListApplicationsParams struct {
	PaginationParams
	// OrganizationID is filter Connect Applications by organization ID.
	OrganizationID *string `url:"organization_id,omitempty" json:"-"`
}

ConnectListApplicationsParams contains the parameters for ListApplications.

type ConnectService 

type ConnectService struct {
	// contains filtered or unexported fields
}

ConnectService handles Connect operations.

func (*ConnectService) CompleteOAuth2 

func (s *ConnectService) CompleteOAuth2(ctx context.Context, params *ConnectCompleteOAuth2Params, opts ...RequestOption) (*ExternalAuthCompleteResponse, error)

CompleteOAuth2 complete external authentication Completes an external authentication flow and returns control to AuthKit. This endpoint is used with [Standalone Connect](https://workos.com/docs/authkit/connect/standalone) to bridge your existing authentication system with the Connect OAuth API infrastructure. After successfully authenticating a user in your application, calling this endpoint will: - Create or update the user in AuthKit, using the given `id` as its `external_id`. - Return a `redirect_uri` your application should redirect to in order for AuthKit to complete the flow Users are automatically created or updated based on the `id` and `email` provided. If a user with the same `id` exists, their information is updated. Otherwise, a new user is created. If you provide a new `id` with an `email` that already belongs to an existing user, the request will fail with an error as email addresses are unique to a user.

func (*ConnectService) CreateApplicationClientSecret 

func (s *ConnectService) CreateApplicationClientSecret(ctx context.Context, id string, opts ...RequestOption) (*NewConnectApplicationSecret, error)

CreateApplicationClientSecret create a new client secret for a Connect Application Create new secrets for a Connect Application.

func (*ConnectService) CreateM2MApplication 

func (s *ConnectService) CreateM2MApplication(ctx context.Context, params *ConnectCreateM2MApplicationParams, opts ...RequestOption) (*ConnectApplication, error)

CreateM2MApplication Create m2m application.

func (*ConnectService) CreateOAuthApplication 

func (s *ConnectService) CreateOAuthApplication(ctx context.Context, params *ConnectCreateOAuthApplicationParams, opts ...RequestOption) (*ConnectApplication, error)

CreateOAuthApplication Create oauth application.

func (*ConnectService) DeleteApplication 

func (s *ConnectService) DeleteApplication(ctx context.Context, id string, opts ...RequestOption) error

DeleteApplication delete a Connect Application Delete an existing Connect Application.

func (*ConnectService) DeleteClientSecret 

func (s *ConnectService) DeleteClientSecret(ctx context.Context, id string, opts ...RequestOption) error

DeleteClientSecret delete a Client Secret Delete (revoke) an existing client secret.

func (*ConnectService) GetApplication 

func (s *ConnectService) GetApplication(ctx context.Context, id string, opts ...RequestOption) (*ConnectApplication, error)

GetApplication get a Connect Application Retrieve details for a specific Connect Application by ID or client ID.

func (*ConnectService) ListApplicationClientSecrets 

func (s *ConnectService) ListApplicationClientSecrets(ctx context.Context, id string, opts ...RequestOption) ([]ApplicationCredentialsListItem, error)

ListApplicationClientSecrets list Client Secrets for a Connect Application List all client secrets associated with a Connect Application.

func (*ConnectService) ListApplications 

func (s *ConnectService) ListApplications(ctx context.Context, params *ConnectListApplicationsParams, opts ...RequestOption) *Iterator[ConnectApplication]

ListApplications list Connect Applications List all Connect Applications in the current environment with optional filtering.

func (*ConnectService) UpdateApplication 

func (s *ConnectService) UpdateApplication(ctx context.Context, id string, params *ConnectUpdateApplicationParams, opts ...RequestOption) (*ConnectApplication, error)

UpdateApplication update a Connect Application Update an existing Connect Application. For OAuth applications, you can update redirect URIs. For all applications, you can update the name, description, and scopes.

type ConnectUpdateApplicationParams 

type ConnectUpdateApplicationParams struct {
	// Name is the name of the application.
	Name *string `json:"name,omitempty"`
	// Description is a description for the application.
	Description *string `json:"description,omitempty"`
	// Scopes is the OAuth scopes granted to the application.
	Scopes []string `json:"scopes,omitempty"`
	// RedirectURIs is updated redirect URIs for the application. OAuth applications only.
	RedirectURIs []*RedirectURIInput `json:"redirect_uris,omitempty"`
}

ConnectUpdateApplicationParams contains the parameters for UpdateApplication.

type ConnectedAccount 

type ConnectedAccount struct {
	// Object distinguishes the connected account object.
	Object string `json:"object"`
	// ID is the unique identifier of the connected account.
	ID string `json:"id"`
	// UserID is the [User](https://workos.com/docs/reference/authkit/user) identifier associated with this connection.
	UserID *string `json:"user_id"`
	// OrganizationID is the [Organization](https://workos.com/docs/reference/organization) identifier associated with this connection, or `null` if not scoped to an organization.
	OrganizationID *string `json:"organization_id"`
	// Scopes is the OAuth scopes granted for this connection.
	Scopes []string `json:"scopes"`
	// State is the state of the connected account:
	// - `connected`: The connection is active and tokens are valid.
	// - `needs_reauthorization`: The user needs to reauthorize the connection, typically because required scopes have changed.
	// - `disconnected`: The connection has been disconnected.
	State ConnectedAccountState `json:"state"`
	// CreatedAt is the timestamp when the connection was created.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is the timestamp when the connection was last updated.
	UpdatedAt string `json:"updated_at"`
}

ConnectedAccount represents a connected account.

type ConnectedAccountState 

type ConnectedAccountState string

ConnectedAccountState represents connected account state values. 

const (
	ConnectedAccountStateConnected            ConnectedAccountState = "connected"
	ConnectedAccountStateNeedsReauthorization ConnectedAccountState = "needs_reauthorization"
	ConnectedAccountStateDisconnected         ConnectedAccountState = "disconnected"
)

type Connection 

type Connection struct {
	// Object distinguishes the Connection object.
	Object string `json:"object"`
	// ID is unique identifier for the Connection.
	ID string `json:"id"`
	// OrganizationID is unique identifier for the Organization in which the Connection resides.
	OrganizationID *string `json:"organization_id,omitempty"`
	// ConnectionType is the type of the SSO Connection used to authenticate the user. The Connection type may be used to dynamically generate authorization URLs.
	ConnectionType ConnectionType `json:"connection_type"`
	// Name is a human-readable name for the Connection. This will most commonly be the organization's name.
	Name string `json:"name"`
	// State indicates whether a Connection is able to authenticate users.
	State ConnectionState `json:"state"`
	// Status is deprecated. Use `state` instead.
	//
	// Deprecated: Use `state` instead.
	Status ConnectionStatus `json:"status"`
	// Domains is list of Organization Domains.
	Domains []*ConnectionDomain `json:"domains"`
	// Options is configuration options for SAML connections. Only present for SAML connection types.
	Options *ConnectionOption `json:"options,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

Connection represents a connection.

type ConnectionActivated 

type ConnectionActivated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *ConnectionActivatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

ConnectionActivated represents a connection activated.

type ConnectionActivatedData 

type ConnectionActivatedData struct {
	// Object distinguishes the connection object.
	Object string `json:"object"`
	// ID is unique identifier of the connection.
	ID string `json:"id"`
	// State is the current state of the connection.
	State ConnectionActivatedDataState `json:"state"`
	// Name is the name of the connection.
	Name string `json:"name"`
	// ConnectionType is the type of the connection.
	ConnectionType ConnectionActivatedDataConnectionType `json:"connection_type"`
	// OrganizationID is the ID of the organization the connection belongs to.
	OrganizationID *string `json:"organization_id,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// ExternalKey is the external key of the connection.
	ExternalKey string `json:"external_key"`
	// Status is deprecated. Use state instead.
	Status ConnectionActivatedDataStatus `json:"status"`
	// Domains is the domains associated with the connection.
	Domains []*ConnectionActivatedDataDomain `json:"domains"`
}

ConnectionActivatedData the event payload.

type ConnectionActivatedDataConnectionType 

type ConnectionActivatedDataConnectionType string

ConnectionActivatedDataConnectionType represents connection activated data connection type values. 

const (
	ConnectionActivatedDataConnectionTypeAdfssaml               ConnectionActivatedDataConnectionType = "ADFSSAML"
	ConnectionActivatedDataConnectionTypeAdpOIDC                ConnectionActivatedDataConnectionType = "AdpOidc"
	ConnectionActivatedDataConnectionTypeAppleOAuth             ConnectionActivatedDataConnectionType = "AppleOAuth"
	ConnectionActivatedDataConnectionTypeAuth0Migration         ConnectionActivatedDataConnectionType = "Auth0Migration"
	ConnectionActivatedDataConnectionTypeAuth0SAML              ConnectionActivatedDataConnectionType = "Auth0SAML"
	ConnectionActivatedDataConnectionTypeAzureSAML              ConnectionActivatedDataConnectionType = "AzureSAML"
	ConnectionActivatedDataConnectionTypeBitbucketOAuth         ConnectionActivatedDataConnectionType = "BitbucketOAuth"
	ConnectionActivatedDataConnectionTypeCasSAML                ConnectionActivatedDataConnectionType = "CasSAML"
	ConnectionActivatedDataConnectionTypeClassLinkSAML          ConnectionActivatedDataConnectionType = "ClassLinkSAML"
	ConnectionActivatedDataConnectionTypeCleverOIDC             ConnectionActivatedDataConnectionType = "CleverOIDC"
	ConnectionActivatedDataConnectionTypeCloudflareSAML         ConnectionActivatedDataConnectionType = "CloudflareSAML"
	ConnectionActivatedDataConnectionTypeCyberArkSAML           ConnectionActivatedDataConnectionType = "CyberArkSAML"
	ConnectionActivatedDataConnectionTypeDiscordOAuth           ConnectionActivatedDataConnectionType = "DiscordOAuth"
	ConnectionActivatedDataConnectionTypeDuoSAML                ConnectionActivatedDataConnectionType = "DuoSAML"
	ConnectionActivatedDataConnectionTypeEntraIDOIDC            ConnectionActivatedDataConnectionType = "EntraIdOIDC"
	ConnectionActivatedDataConnectionTypeGenericOIDC            ConnectionActivatedDataConnectionType = "GenericOIDC"
	ConnectionActivatedDataConnectionTypeGenericSAML            ConnectionActivatedDataConnectionType = "GenericSAML"
	ConnectionActivatedDataConnectionTypeGitHubOAuth            ConnectionActivatedDataConnectionType = "GitHubOAuth"
	ConnectionActivatedDataConnectionTypeGitLabOAuth            ConnectionActivatedDataConnectionType = "GitLabOAuth"
	ConnectionActivatedDataConnectionTypeGoogleOAuth            ConnectionActivatedDataConnectionType = "GoogleOAuth"
	ConnectionActivatedDataConnectionTypeGoogleOIDC             ConnectionActivatedDataConnectionType = "GoogleOIDC"
	ConnectionActivatedDataConnectionTypeGoogleSAML             ConnectionActivatedDataConnectionType = "GoogleSAML"
	ConnectionActivatedDataConnectionTypeIntuitOAuth            ConnectionActivatedDataConnectionType = "IntuitOAuth"
	ConnectionActivatedDataConnectionTypeJumpCloudSAML          ConnectionActivatedDataConnectionType = "JumpCloudSAML"
	ConnectionActivatedDataConnectionTypeKeycloakSAML           ConnectionActivatedDataConnectionType = "KeycloakSAML"
	ConnectionActivatedDataConnectionTypeLastPassSAML           ConnectionActivatedDataConnectionType = "LastPassSAML"
	ConnectionActivatedDataConnectionTypeLinkedInOAuth          ConnectionActivatedDataConnectionType = "LinkedInOAuth"
	ConnectionActivatedDataConnectionTypeLoginGovOIDC           ConnectionActivatedDataConnectionType = "LoginGovOidc"
	ConnectionActivatedDataConnectionTypeMagicLink              ConnectionActivatedDataConnectionType = "MagicLink"
	ConnectionActivatedDataConnectionTypeMicrosoftOAuth         ConnectionActivatedDataConnectionType = "MicrosoftOAuth"
	ConnectionActivatedDataConnectionTypeMiniOrangeSAML         ConnectionActivatedDataConnectionType = "MiniOrangeSAML"
	ConnectionActivatedDataConnectionTypeNetIqSAML              ConnectionActivatedDataConnectionType = "NetIqSAML"
	ConnectionActivatedDataConnectionTypeOktaOIDC               ConnectionActivatedDataConnectionType = "OktaOIDC"
	ConnectionActivatedDataConnectionTypeOktaSAML               ConnectionActivatedDataConnectionType = "OktaSAML"
	ConnectionActivatedDataConnectionTypeOneLoginSAML           ConnectionActivatedDataConnectionType = "OneLoginSAML"
	ConnectionActivatedDataConnectionTypeOracleSAML             ConnectionActivatedDataConnectionType = "OracleSAML"
	ConnectionActivatedDataConnectionTypePingFederateSAML       ConnectionActivatedDataConnectionType = "PingFederateSAML"
	ConnectionActivatedDataConnectionTypePingOneSAML            ConnectionActivatedDataConnectionType = "PingOneSAML"
	ConnectionActivatedDataConnectionTypeRipplingSAML           ConnectionActivatedDataConnectionType = "RipplingSAML"
	ConnectionActivatedDataConnectionTypeSalesforceSAML         ConnectionActivatedDataConnectionType = "SalesforceSAML"
	ConnectionActivatedDataConnectionTypeShibbolethGenericSAML  ConnectionActivatedDataConnectionType = "ShibbolethGenericSAML"
	ConnectionActivatedDataConnectionTypeShibbolethSAML         ConnectionActivatedDataConnectionType = "ShibbolethSAML"
	ConnectionActivatedDataConnectionTypeSimpleSAMLPhpSAML      ConnectionActivatedDataConnectionType = "SimpleSamlPhpSAML"
	ConnectionActivatedDataConnectionTypeSalesforceOAuth        ConnectionActivatedDataConnectionType = "SalesforceOAuth"
	ConnectionActivatedDataConnectionTypeSlackOAuth             ConnectionActivatedDataConnectionType = "SlackOAuth"
	ConnectionActivatedDataConnectionTypeTestIdp                ConnectionActivatedDataConnectionType = "TestIdp"
	ConnectionActivatedDataConnectionTypeVercelMarketplaceOAuth ConnectionActivatedDataConnectionType = "VercelMarketplaceOAuth"
	ConnectionActivatedDataConnectionTypeVercelOAuth            ConnectionActivatedDataConnectionType = "VercelOAuth"
	ConnectionActivatedDataConnectionTypeVMwareSAML             ConnectionActivatedDataConnectionType = "VMwareSAML"
	ConnectionActivatedDataConnectionTypeXeroOAuth              ConnectionActivatedDataConnectionType = "XeroOAuth"
)

type ConnectionActivatedDataDomain 

type ConnectionActivatedDataDomain struct {
	// Object distinguishes the connection domain object.
	Object string `json:"object"`
	// ID is unique identifier of the connection domain.
	ID string `json:"id"`
	// Domain is the domain value.
	Domain string `json:"domain"`
}

ConnectionActivatedDataDomain represents a connection activated data domain.

type ConnectionActivatedDataState 

type ConnectionActivatedDataState string

ConnectionActivatedDataState represents connection activated data state values. 

const (
	ConnectionActivatedDataStateDraft      ConnectionActivatedDataState = "draft"
	ConnectionActivatedDataStateActive     ConnectionActivatedDataState = "active"
	ConnectionActivatedDataStateValidating ConnectionActivatedDataState = "validating"
	ConnectionActivatedDataStateInactive   ConnectionActivatedDataState = "inactive"
	ConnectionActivatedDataStateDeleting   ConnectionActivatedDataState = "deleting"
)

type ConnectionActivatedDataStatus 

type ConnectionActivatedDataStatus string

ConnectionActivatedDataStatus represents connection activated data status values. 

const (
	ConnectionActivatedDataStatusLinked   ConnectionActivatedDataStatus = "linked"
	ConnectionActivatedDataStatusUnlinked ConnectionActivatedDataStatus = "unlinked"
)

type ConnectionDeactivated 

type ConnectionDeactivated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *ConnectionDeactivatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

ConnectionDeactivated represents a connection deactivated.

type ConnectionDeactivatedData 

type ConnectionDeactivatedData struct {
	// Object distinguishes the connection object.
	Object string `json:"object"`
	// ID is unique identifier of the connection.
	ID string `json:"id"`
	// State is the current state of the connection.
	State ConnectionDeactivatedDataState `json:"state"`
	// Name is the name of the connection.
	Name string `json:"name"`
	// ConnectionType is the type of the connection.
	ConnectionType ConnectionDeactivatedDataConnectionType `json:"connection_type"`
	// OrganizationID is the ID of the organization the connection belongs to.
	OrganizationID *string `json:"organization_id,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// ExternalKey is the external key of the connection.
	ExternalKey string `json:"external_key"`
	// Status is deprecated. Use state instead.
	Status ConnectionDeactivatedDataStatus `json:"status"`
	// Domains is the domains associated with the connection.
	Domains []*ConnectionDeactivatedDataDomain `json:"domains"`
}

ConnectionDeactivatedData the event payload.

type ConnectionDeactivatedDataConnectionType 

type ConnectionDeactivatedDataConnectionType = ConnectionActivatedDataConnectionType

ConnectionDeactivatedDataConnectionType is an alias for ConnectionActivatedDataConnectionType.

type ConnectionDeactivatedDataDomain 

type ConnectionDeactivatedDataDomain = ConnectionActivatedDataDomain

ConnectionDeactivatedDataDomain is an alias for ConnectionActivatedDataDomain.

type ConnectionDeactivatedDataState 

type ConnectionDeactivatedDataState = ConnectionActivatedDataState

ConnectionDeactivatedDataState is an alias for ConnectionActivatedDataState.

type ConnectionDeactivatedDataStatus 

type ConnectionDeactivatedDataStatus = ConnectionActivatedDataStatus

ConnectionDeactivatedDataStatus is an alias for ConnectionActivatedDataStatus.

type ConnectionDeleted 

type ConnectionDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *ConnectionDeletedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

ConnectionDeleted represents a connection deleted.

type ConnectionDeletedData 

type ConnectionDeletedData struct {
	// Object distinguishes the connection object.
	Object string `json:"object"`
	// ID is unique identifier of the connection.
	ID string `json:"id"`
	// State is the current state of the connection.
	State ConnectionDeletedDataState `json:"state"`
	// Name is the name of the connection.
	Name string `json:"name"`
	// ConnectionType is the type of the connection.
	ConnectionType ConnectionDeletedDataConnectionType `json:"connection_type"`
	// OrganizationID is the ID of the organization the connection belongs to.
	OrganizationID *string `json:"organization_id,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

ConnectionDeletedData the event payload.

type ConnectionDeletedDataConnectionType 

type ConnectionDeletedDataConnectionType = ConnectionActivatedDataConnectionType

ConnectionDeletedDataConnectionType is an alias for ConnectionActivatedDataConnectionType.

type ConnectionDeletedDataState 

type ConnectionDeletedDataState = ConnectionActivatedDataState

ConnectionDeletedDataState is an alias for ConnectionActivatedDataState.

type ConnectionDomain 

type ConnectionDomain = ConnectionActivatedDataDomain

ConnectionDomain is an alias for ConnectionActivatedDataDomain.

type ConnectionOption 

type ConnectionOption struct {
	// SigningCert is the signing certificate of the SAML connection.
	SigningCert *string `json:"signing_cert"`
}

ConnectionOption configuration options for SAML connections. Only present for SAML connection types.

type ConnectionSAMLCertificateRenewalRequired 

type ConnectionSAMLCertificateRenewalRequired struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *ConnectionSAMLCertificateRenewalRequiredData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

ConnectionSAMLCertificateRenewalRequired represents a connection SAML certificate renewal required.

type ConnectionSAMLCertificateRenewalRequiredData 

type ConnectionSAMLCertificateRenewalRequiredData struct {
	// Connection is the connection with the expiring certificate.
	Connection *ConnectionSAMLCertificateRenewalRequiredDataConnection `json:"connection"`
	// Certificate is the SAML certificate details.
	Certificate *ConnectionSAMLCertificateRenewalRequiredDataCertificate `json:"certificate"`
	// DaysUntilExpiry is the number of days until the certificate expires.
	DaysUntilExpiry int `json:"days_until_expiry"`
}

ConnectionSAMLCertificateRenewalRequiredData the event payload.

type ConnectionSAMLCertificateRenewalRequiredDataCertificate 

type ConnectionSAMLCertificateRenewalRequiredDataCertificate struct {
	// CertificateType is the type of the SAML certificate.
	CertificateType ConnectionSAMLCertificateRenewalRequiredDataCertificateCertificateType `json:"certificate_type"`
	// ExpiryDate is an ISO 8601 timestamp.
	ExpiryDate string `json:"expiry_date"`
	// IsExpired is whether the certificate has already expired.
	IsExpired bool `json:"is_expired"`
}

ConnectionSAMLCertificateRenewalRequiredDataCertificate the SAML certificate details.

type ConnectionSAMLCertificateRenewalRequiredDataCertificateCertificateType 

type ConnectionSAMLCertificateRenewalRequiredDataCertificateCertificateType string

ConnectionSAMLCertificateRenewalRequiredDataCertificateCertificateType represents connection SAML certificate renewal required data certificate certificate type values. 

const (
	ConnectionSAMLCertificateRenewalRequiredDataCertificateCertificateTypeResponseSigning    ConnectionSAMLCertificateRenewalRequiredDataCertificateCertificateType = "ResponseSigning"
	ConnectionSAMLCertificateRenewalRequiredDataCertificateCertificateTypeRequestSigning     ConnectionSAMLCertificateRenewalRequiredDataCertificateCertificateType = "RequestSigning"
	ConnectionSAMLCertificateRenewalRequiredDataCertificateCertificateTypeResponseEncryption ConnectionSAMLCertificateRenewalRequiredDataCertificateCertificateType = "ResponseEncryption"
)

type ConnectionSAMLCertificateRenewalRequiredDataConnection 

type ConnectionSAMLCertificateRenewalRequiredDataConnection struct {
	// ID is unique identifier of the connection.
	ID string `json:"id"`
	// OrganizationID is the ID of the organization the connection belongs to.
	OrganizationID *string `json:"organization_id,omitempty"`
}

ConnectionSAMLCertificateRenewalRequiredDataConnection the connection with the expiring certificate.

type ConnectionSAMLCertificateRenewed 

type ConnectionSAMLCertificateRenewed struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *ConnectionSAMLCertificateRenewedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

ConnectionSAMLCertificateRenewed represents a connection SAML certificate renewed.

type ConnectionSAMLCertificateRenewedData 

type ConnectionSAMLCertificateRenewedData struct {
	// Connection is the connection with the renewed certificate.
	Connection *ConnectionSAMLCertificateRenewedDataConnection `json:"connection"`
	// Certificate is the renewed SAML certificate details.
	Certificate *ConnectionSAMLCertificateRenewedDataCertificate `json:"certificate"`
	// RenewedAt is an ISO 8601 timestamp.
	RenewedAt string `json:"renewed_at"`
}

ConnectionSAMLCertificateRenewedData the event payload.

type ConnectionSAMLCertificateRenewedDataCertificate 

type ConnectionSAMLCertificateRenewedDataCertificate struct {
	// CertificateType is the type of the SAML certificate.
	CertificateType ConnectionSAMLCertificateRenewedDataCertificateCertificateType `json:"certificate_type"`
	// ExpiryDate is an ISO 8601 timestamp.
	ExpiryDate string `json:"expiry_date"`
}

ConnectionSAMLCertificateRenewedDataCertificate the renewed SAML certificate details.

type ConnectionSAMLCertificateRenewedDataCertificateCertificateType 

type ConnectionSAMLCertificateRenewedDataCertificateCertificateType = ConnectionSAMLCertificateRenewalRequiredDataCertificateCertificateType

ConnectionSAMLCertificateRenewedDataCertificateCertificateType is an alias for ConnectionSAMLCertificateRenewalRequiredDataCertificateCertificateType.

type ConnectionSAMLCertificateRenewedDataConnection 

type ConnectionSAMLCertificateRenewedDataConnection = ConnectionSAMLCertificateRenewalRequiredDataConnection

ConnectionSAMLCertificateRenewedDataConnection is an alias for ConnectionSAMLCertificateRenewalRequiredDataConnection.

type ConnectionState 

type ConnectionState string

ConnectionState represents connection state values. 

const (
	ConnectionStateRequiresType ConnectionState = "requires_type"
	ConnectionStateDraft        ConnectionState = "draft"
	ConnectionStateActive       ConnectionState = "active"
	ConnectionStateValidating   ConnectionState = "validating"
	ConnectionStateInactive     ConnectionState = "inactive"
	ConnectionStateDeleting     ConnectionState = "deleting"
)

type ConnectionStatus 

type ConnectionStatus = ConnectionActivatedDataStatus

ConnectionStatus is an alias for ConnectionActivatedDataStatus.

type ConnectionType 

type ConnectionType string

ConnectionType represents connection type values. 

const (
	ConnectionTypePending                ConnectionType = "Pending"
	ConnectionTypeAdfssaml               ConnectionType = "ADFSSAML"
	ConnectionTypeAdpOIDC                ConnectionType = "AdpOidc"
	ConnectionTypeAppleOAuth             ConnectionType = "AppleOAuth"
	ConnectionTypeAuth0Migration         ConnectionType = "Auth0Migration"
	ConnectionTypeAuth0SAML              ConnectionType = "Auth0SAML"
	ConnectionTypeAzureSAML              ConnectionType = "AzureSAML"
	ConnectionTypeBitbucketOAuth         ConnectionType = "BitbucketOAuth"
	ConnectionTypeCasSAML                ConnectionType = "CasSAML"
	ConnectionTypeClassLinkSAML          ConnectionType = "ClassLinkSAML"
	ConnectionTypeCleverOIDC             ConnectionType = "CleverOIDC"
	ConnectionTypeCloudflareSAML         ConnectionType = "CloudflareSAML"
	ConnectionTypeCyberArkSAML           ConnectionType = "CyberArkSAML"
	ConnectionTypeDiscordOAuth           ConnectionType = "DiscordOAuth"
	ConnectionTypeDuoSAML                ConnectionType = "DuoSAML"
	ConnectionTypeEntraIDOIDC            ConnectionType = "EntraIdOIDC"
	ConnectionTypeGenericOIDC            ConnectionType = "GenericOIDC"
	ConnectionTypeGenericSAML            ConnectionType = "GenericSAML"
	ConnectionTypeGitHubOAuth            ConnectionType = "GitHubOAuth"
	ConnectionTypeGitLabOAuth            ConnectionType = "GitLabOAuth"
	ConnectionTypeGoogleOAuth            ConnectionType = "GoogleOAuth"
	ConnectionTypeGoogleOIDC             ConnectionType = "GoogleOIDC"
	ConnectionTypeGoogleSAML             ConnectionType = "GoogleSAML"
	ConnectionTypeIntuitOAuth            ConnectionType = "IntuitOAuth"
	ConnectionTypeJumpCloudSAML          ConnectionType = "JumpCloudSAML"
	ConnectionTypeKeycloakSAML           ConnectionType = "KeycloakSAML"
	ConnectionTypeLastPassSAML           ConnectionType = "LastPassSAML"
	ConnectionTypeLinkedInOAuth          ConnectionType = "LinkedInOAuth"
	ConnectionTypeLoginGovOIDC           ConnectionType = "LoginGovOidc"
	ConnectionTypeMagicLink              ConnectionType = "MagicLink"
	ConnectionTypeMicrosoftOAuth         ConnectionType = "MicrosoftOAuth"
	ConnectionTypeMiniOrangeSAML         ConnectionType = "MiniOrangeSAML"
	ConnectionTypeNetIqSAML              ConnectionType = "NetIqSAML"
	ConnectionTypeOktaOIDC               ConnectionType = "OktaOIDC"
	ConnectionTypeOktaSAML               ConnectionType = "OktaSAML"
	ConnectionTypeOneLoginSAML           ConnectionType = "OneLoginSAML"
	ConnectionTypeOracleSAML             ConnectionType = "OracleSAML"
	ConnectionTypePingFederateSAML       ConnectionType = "PingFederateSAML"
	ConnectionTypePingOneSAML            ConnectionType = "PingOneSAML"
	ConnectionTypeRipplingSAML           ConnectionType = "RipplingSAML"
	ConnectionTypeSalesforceSAML         ConnectionType = "SalesforceSAML"
	ConnectionTypeShibbolethGenericSAML  ConnectionType = "ShibbolethGenericSAML"
	ConnectionTypeShibbolethSAML         ConnectionType = "ShibbolethSAML"
	ConnectionTypeSimpleSAMLPhpSAML      ConnectionType = "SimpleSamlPhpSAML"
	ConnectionTypeSalesforceOAuth        ConnectionType = "SalesforceOAuth"
	ConnectionTypeSlackOAuth             ConnectionType = "SlackOAuth"
	ConnectionTypeTestIdp                ConnectionType = "TestIdp"
	ConnectionTypeVercelMarketplaceOAuth ConnectionType = "VercelMarketplaceOAuth"
	ConnectionTypeVercelOAuth            ConnectionType = "VercelOAuth"
	ConnectionTypeVMwareSAML             ConnectionType = "VMwareSAML"
	ConnectionTypeXeroOAuth              ConnectionType = "XeroOAuth"
)

type ConnectionsConnectionType 

type ConnectionsConnectionType string

ConnectionsConnectionType represents connections connection type values. 

const (
	ConnectionsConnectionTypeAdfssaml               ConnectionsConnectionType = "ADFSSAML"
	ConnectionsConnectionTypeAdpOIDC                ConnectionsConnectionType = "AdpOidc"
	ConnectionsConnectionTypeAppleOAuth             ConnectionsConnectionType = "AppleOAuth"
	ConnectionsConnectionTypeAuth0SAML              ConnectionsConnectionType = "Auth0SAML"
	ConnectionsConnectionTypeAzureSAML              ConnectionsConnectionType = "AzureSAML"
	ConnectionsConnectionTypeBitbucketOAuth         ConnectionsConnectionType = "BitbucketOAuth"
	ConnectionsConnectionTypeCasSAML                ConnectionsConnectionType = "CasSAML"
	ConnectionsConnectionTypeCloudflareSAML         ConnectionsConnectionType = "CloudflareSAML"
	ConnectionsConnectionTypeClassLinkSAML          ConnectionsConnectionType = "ClassLinkSAML"
	ConnectionsConnectionTypeCleverOIDC             ConnectionsConnectionType = "CleverOIDC"
	ConnectionsConnectionTypeCyberArkSAML           ConnectionsConnectionType = "CyberArkSAML"
	ConnectionsConnectionTypeDiscordOAuth           ConnectionsConnectionType = "DiscordOAuth"
	ConnectionsConnectionTypeDuoSAML                ConnectionsConnectionType = "DuoSAML"
	ConnectionsConnectionTypeEntraIDOIDC            ConnectionsConnectionType = "EntraIdOIDC"
	ConnectionsConnectionTypeGenericOIDC            ConnectionsConnectionType = "GenericOIDC"
	ConnectionsConnectionTypeGenericSAML            ConnectionsConnectionType = "GenericSAML"
	ConnectionsConnectionTypeGithubOAuth            ConnectionsConnectionType = "GithubOAuth"
	ConnectionsConnectionTypeGitLabOAuth            ConnectionsConnectionType = "GitLabOAuth"
	ConnectionsConnectionTypeGoogleOAuth            ConnectionsConnectionType = "GoogleOAuth"
	ConnectionsConnectionTypeGoogleOIDC             ConnectionsConnectionType = "GoogleOIDC"
	ConnectionsConnectionTypeGoogleSAML             ConnectionsConnectionType = "GoogleSAML"
	ConnectionsConnectionTypeIntuitOAuth            ConnectionsConnectionType = "IntuitOAuth"
	ConnectionsConnectionTypeJumpCloudSAML          ConnectionsConnectionType = "JumpCloudSAML"
	ConnectionsConnectionTypeKeycloakSAML           ConnectionsConnectionType = "KeycloakSAML"
	ConnectionsConnectionTypeLastPassSAML           ConnectionsConnectionType = "LastPassSAML"
	ConnectionsConnectionTypeLinkedInOAuth          ConnectionsConnectionType = "LinkedInOAuth"
	ConnectionsConnectionTypeLoginGovOIDC           ConnectionsConnectionType = "LoginGovOidc"
	ConnectionsConnectionTypeMagicLink              ConnectionsConnectionType = "MagicLink"
	ConnectionsConnectionTypeMicrosoftOAuth         ConnectionsConnectionType = "MicrosoftOAuth"
	ConnectionsConnectionTypeMiniOrangeSAML         ConnectionsConnectionType = "MiniOrangeSAML"
	ConnectionsConnectionTypeNetIqSAML              ConnectionsConnectionType = "NetIqSAML"
	ConnectionsConnectionTypeOktaOIDC               ConnectionsConnectionType = "OktaOIDC"
	ConnectionsConnectionTypeOktaSAML               ConnectionsConnectionType = "OktaSAML"
	ConnectionsConnectionTypeOneLoginSAML           ConnectionsConnectionType = "OneLoginSAML"
	ConnectionsConnectionTypeOracleSAML             ConnectionsConnectionType = "OracleSAML"
	ConnectionsConnectionTypePingFederateSAML       ConnectionsConnectionType = "PingFederateSAML"
	ConnectionsConnectionTypePingOneSAML            ConnectionsConnectionType = "PingOneSAML"
	ConnectionsConnectionTypeRipplingSAML           ConnectionsConnectionType = "RipplingSAML"
	ConnectionsConnectionTypeSalesforceSAML         ConnectionsConnectionType = "SalesforceSAML"
	ConnectionsConnectionTypeShibbolethGenericSAML  ConnectionsConnectionType = "ShibbolethGenericSAML"
	ConnectionsConnectionTypeShibbolethSAML         ConnectionsConnectionType = "ShibbolethSAML"
	ConnectionsConnectionTypeSimpleSAMLPhpSAML      ConnectionsConnectionType = "SimpleSamlPhpSAML"
	ConnectionsConnectionTypeSalesforceOAuth        ConnectionsConnectionType = "SalesforceOAuth"
	ConnectionsConnectionTypeSlackOAuth             ConnectionsConnectionType = "SlackOAuth"
	ConnectionsConnectionTypeVercelMarketplaceOAuth ConnectionsConnectionType = "VercelMarketplaceOAuth"
	ConnectionsConnectionTypeVercelOAuth            ConnectionsConnectionType = "VercelOAuth"
	ConnectionsConnectionTypeVMwareSAML             ConnectionsConnectionType = "VMwareSAML"
	ConnectionsConnectionTypeXeroOAuth              ConnectionsConnectionType = "XeroOAuth"
)

type ConnectionsOrder 

type ConnectionsOrder = ApplicationsOrder

ConnectionsOrder is an alias for ApplicationsOrder.

type CreateApplicationSecret 

type CreateApplicationSecret struct {
}

CreateApplicationSecret represents a create application secret.

type CreateAuthorizationPermission 

type CreateAuthorizationPermission struct {
	// Slug is a unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
	Slug string `json:"slug"`
	// Name is a descriptive name for the Permission.
	Name string `json:"name"`
	// Description is an optional description of the Permission.
	Description *string `json:"description,omitempty"`
	// ResourceTypeSlug is the slug of the resource type this permission is scoped to.
	ResourceTypeSlug *string `json:"resource_type_slug,omitempty"`
}

CreateAuthorizationPermission represents a create authorization permission.

type CreateAuthorizationResource 

type CreateAuthorizationResource struct {
	// ExternalID is an external identifier for the resource.
	ExternalID string `json:"external_id"`
	// Name is a display name for the resource.
	Name string `json:"name"`
	// Description is an optional description of the resource.
	Description *string `json:"description,omitempty"`
	// ResourceTypeSlug is the slug of the resource type.
	ResourceTypeSlug string `json:"resource_type_slug"`
	// OrganizationID is the ID of the organization this resource belongs to.
	OrganizationID string `json:"organization_id"`
	// ParentResourceID is the ID of the parent resource. Mutually exclusive with `parent_resource_external_id` and `parent_resource_type_slug`.
	ParentResourceID *string `json:"parent_resource_id,omitempty"`
	// ParentResourceExternalID is the external ID of the parent resource. Required with `parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`.
	ParentResourceExternalID *string `json:"parent_resource_external_id,omitempty"`
	// ParentResourceTypeSlug is the resource type slug of the parent resource. Required with `parent_resource_external_id`. Mutually exclusive with `parent_resource_id`.
	ParentResourceTypeSlug *string `json:"parent_resource_type_slug,omitempty"`
}

CreateAuthorizationResource represents a create authorization resource.

type CreateCORSOrigin 

type CreateCORSOrigin struct {
	// Origin is the origin URL to allow for CORS requests.
	Origin string `json:"origin"`
}

CreateCORSOrigin represents a create cors origin.

type CreateM2MApplication 

type CreateM2MApplication struct {
	// Name is the name of the application.
	Name string `json:"name"`
	// ApplicationType is the type of application to create.
	ApplicationType string `json:"application_type"`
	// Description is a description for the application.
	Description *string `json:"description,omitempty"`
	// Scopes is the OAuth scopes granted to the application.
	Scopes []string `json:"scopes,omitempty"`
	// OrganizationID is the organization ID this application belongs to.
	OrganizationID string `json:"organization_id"`
}

CreateM2MApplication represents a create m2m application.

type CreateMagicCodeAndReturn 

type CreateMagicCodeAndReturn struct {
	// Email is the email address to send the magic code to.
	Email string `json:"email"`
	// InvitationToken is the invitation token to associate with this magic code.
	InvitationToken *string `json:"invitation_token,omitempty"`
}

CreateMagicCodeAndReturn represents a create magic code and return.

type CreateOAuthApplication 

type CreateOAuthApplication struct {
	// Name is the name of the application.
	Name string `json:"name"`
	// ApplicationType is the type of application to create.
	ApplicationType string `json:"application_type"`
	// Description is a description for the application.
	Description *string `json:"description,omitempty"`
	// Scopes is the OAuth scopes granted to the application.
	Scopes []string `json:"scopes,omitempty"`
	// RedirectURIs is redirect URIs for the application.
	RedirectURIs []*RedirectURIInput `json:"redirect_uris,omitempty"`
	// UsesPKCE is whether the application uses PKCE (Proof Key for Code Exchange).
	UsesPKCE *bool `json:"uses_pkce,omitempty"`
	// IsFirstParty is whether this is a first-party application. Third-party applications require an organization_id.
	IsFirstParty bool `json:"is_first_party"`
	// OrganizationID is the organization ID this application belongs to. Required when is_first_party is false.
	OrganizationID *string `json:"organization_id,omitempty"`
}

CreateOAuthApplication represents a create OAuth application.

type CreateOrganizationAPIKey 

type CreateOrganizationAPIKey struct {
	// Name is the name for the API key.
	Name string `json:"name"`
	// Permissions is the permission slugs to assign to the API key.
	Permissions []string `json:"permissions,omitempty"`
}

CreateOrganizationAPIKey represents a create organization api key.

type CreateOrganizationDomain 

type CreateOrganizationDomain struct {
	// Domain is the domain to add to the organization.
	Domain string `json:"domain"`
	// OrganizationID is the ID of the organization to add the domain to.
	OrganizationID string `json:"organization_id"`
}

CreateOrganizationDomain represents a create organization domain.

type CreateOrganizationRole 

type CreateOrganizationRole struct {
	// Slug is a unique identifier for the role within the organization. When provided, must begin with 'org-' and contain only lowercase letters, numbers, hyphens, and underscores. When omitted, a slug is auto-generated from the role name and a random suffix.
	Slug *string `json:"slug,omitempty"`
	// Name is a descriptive name for the role.
	Name string `json:"name"`
	// Description is an optional description of the role's purpose.
	Description *string `json:"description,omitempty"`
	// ResourceTypeSlug is the slug of the resource type the role is scoped to.
	ResourceTypeSlug *string `json:"resource_type_slug,omitempty"`
}

CreateOrganizationRole represents a create organization role.

type CreatePasswordReset 

type CreatePasswordReset struct {
	// Token is the password reset token.
	Token string `json:"token"`
	// NewPassword is the new password to set for the user.
	NewPassword string `json:"new_password"`
}

CreatePasswordReset represents a create password reset.

type CreatePasswordResetToken 

type CreatePasswordResetToken struct {
	// Email is the email address of the user requesting a password reset.
	Email string `json:"email"`
}

CreatePasswordResetToken represents a create password reset token.

type CreateRedirectURI 

type CreateRedirectURI struct {
	// URI is the redirect URI to create.
	URI string `json:"uri"`
}

CreateRedirectURI represents a create redirect uri.

type CreateRole 

type CreateRole = CreateAuthorizationPermission

CreateRole is an alias for CreateAuthorizationPermission.

type CreateUser 

type CreateUser struct {
	// Email is the email address of the user.
	Email string `json:"email"`
	// FirstName is the first name of the user.
	FirstName *string `json:"first_name,omitempty"`
	// LastName is the last name of the user.
	LastName *string `json:"last_name,omitempty"`
	// EmailVerified is whether the user's email has been verified.
	EmailVerified *bool `json:"email_verified,omitempty"`
	// Metadata is object containing metadata key/value pairs associated with the user.
	Metadata map[string]string `json:"metadata,omitempty"`
	// ExternalID is the external ID of the user.
	ExternalID *string `json:"external_id,omitempty"`
	// Password is the password to set for the user. Mutually exclusive with `password_hash` and `password_hash_type`.
	Password *string `json:"password,omitempty"`
	// PasswordHash is the hashed password to set for the user. Required with `password_hash_type`. Mutually exclusive with `password`.
	PasswordHash *string `json:"password_hash,omitempty"`
	// PasswordHashType is the algorithm originally used to hash the password, used when providing a `password_hash`. Required with `password_hash`. Mutually exclusive with `password`.
	PasswordHashType *CreateUserPasswordHashType `json:"password_hash_type,omitempty"`
}

CreateUser represents a create user.

type CreateUserInviteOptions 

type CreateUserInviteOptions struct {
	// Email is the email address of the recipient.
	Email string `json:"email"`
	// OrganizationID is the ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join.
	OrganizationID *string `json:"organization_id,omitempty"`
	// RoleSlug is the [role](https://workos.com/docs/authkit/roles) that the recipient will receive when they join the organization in the invitation.
	RoleSlug *string `json:"role_slug,omitempty"`
	// ExpiresInDays is how many days the invitations will be valid for. Must be between 1 and 30 days. Defaults to 7 days if not specified.
	ExpiresInDays *int `json:"expires_in_days,omitempty"`
	// InviterUserID is the ID of the [user](https://workos.com/docs/reference/authkit/user) who invites the recipient. The invitation email will mention the name of this user.
	InviterUserID *string `json:"inviter_user_id,omitempty"`
	// Locale is the locale to use when rendering the invitation email. See [supported locales](https://workos.com/docs/authkit/hosted-ui/localization).
	Locale *CreateUserInviteOptionsLocale `json:"locale,omitempty"`
}

CreateUserInviteOptions represents a create user invite options.

type CreateUserInviteOptionsLocale 

type CreateUserInviteOptionsLocale string

CreateUserInviteOptionsLocale represents create user invite options locale values. 

const (
	CreateUserInviteOptionsLocaleAf    CreateUserInviteOptionsLocale = "af"
	CreateUserInviteOptionsLocaleAm    CreateUserInviteOptionsLocale = "am"
	CreateUserInviteOptionsLocaleAr    CreateUserInviteOptionsLocale = "ar"
	CreateUserInviteOptionsLocaleBg    CreateUserInviteOptionsLocale = "bg"
	CreateUserInviteOptionsLocaleBn    CreateUserInviteOptionsLocale = "bn"
	CreateUserInviteOptionsLocaleBs    CreateUserInviteOptionsLocale = "bs"
	CreateUserInviteOptionsLocaleCa    CreateUserInviteOptionsLocale = "ca"
	CreateUserInviteOptionsLocaleCs    CreateUserInviteOptionsLocale = "cs"
	CreateUserInviteOptionsLocaleDa    CreateUserInviteOptionsLocale = "da"
	CreateUserInviteOptionsLocaleDe    CreateUserInviteOptionsLocale = "de"
	CreateUserInviteOptionsLocaleDeDe  CreateUserInviteOptionsLocale = "de-DE"
	CreateUserInviteOptionsLocaleEl    CreateUserInviteOptionsLocale = "el"
	CreateUserInviteOptionsLocaleEn    CreateUserInviteOptionsLocale = "en"
	CreateUserInviteOptionsLocaleEnAu  CreateUserInviteOptionsLocale = "en-AU"
	CreateUserInviteOptionsLocaleEnCa  CreateUserInviteOptionsLocale = "en-CA"
	CreateUserInviteOptionsLocaleEnGb  CreateUserInviteOptionsLocale = "en-GB"
	CreateUserInviteOptionsLocaleEnUs  CreateUserInviteOptionsLocale = "en-US"
	CreateUserInviteOptionsLocaleEs    CreateUserInviteOptionsLocale = "es"
	CreateUserInviteOptionsLocaleEs419 CreateUserInviteOptionsLocale = "es-419"
	CreateUserInviteOptionsLocaleEsEs  CreateUserInviteOptionsLocale = "es-ES"
	CreateUserInviteOptionsLocaleEsUs  CreateUserInviteOptionsLocale = "es-US"
	CreateUserInviteOptionsLocaleEt    CreateUserInviteOptionsLocale = "et"
	CreateUserInviteOptionsLocaleFa    CreateUserInviteOptionsLocale = "fa"
	CreateUserInviteOptionsLocaleFi    CreateUserInviteOptionsLocale = "fi"
	CreateUserInviteOptionsLocaleFil   CreateUserInviteOptionsLocale = "fil"
	CreateUserInviteOptionsLocaleFr    CreateUserInviteOptionsLocale = "fr"
	CreateUserInviteOptionsLocaleFrBe  CreateUserInviteOptionsLocale = "fr-BE"
	CreateUserInviteOptionsLocaleFrCa  CreateUserInviteOptionsLocale = "fr-CA"
	CreateUserInviteOptionsLocaleFrFr  CreateUserInviteOptionsLocale = "fr-FR"
	CreateUserInviteOptionsLocaleFy    CreateUserInviteOptionsLocale = "fy"
	CreateUserInviteOptionsLocaleGl    CreateUserInviteOptionsLocale = "gl"
	CreateUserInviteOptionsLocaleGu    CreateUserInviteOptionsLocale = "gu"
	CreateUserInviteOptionsLocaleHa    CreateUserInviteOptionsLocale = "ha"
	CreateUserInviteOptionsLocaleHe    CreateUserInviteOptionsLocale = "he"
	CreateUserInviteOptionsLocaleHi    CreateUserInviteOptionsLocale = "hi"
	CreateUserInviteOptionsLocaleHr    CreateUserInviteOptionsLocale = "hr"
	CreateUserInviteOptionsLocaleHu    CreateUserInviteOptionsLocale = "hu"
	CreateUserInviteOptionsLocaleHy    CreateUserInviteOptionsLocale = "hy"
	CreateUserInviteOptionsLocaleID    CreateUserInviteOptionsLocale = "id"
	CreateUserInviteOptionsLocaleIs    CreateUserInviteOptionsLocale = "is"
	CreateUserInviteOptionsLocaleIt    CreateUserInviteOptionsLocale = "it"
	CreateUserInviteOptionsLocaleItIt  CreateUserInviteOptionsLocale = "it-IT"
	CreateUserInviteOptionsLocaleJa    CreateUserInviteOptionsLocale = "ja"
	CreateUserInviteOptionsLocaleJv    CreateUserInviteOptionsLocale = "jv"
	CreateUserInviteOptionsLocaleKa    CreateUserInviteOptionsLocale = "ka"
	CreateUserInviteOptionsLocaleKk    CreateUserInviteOptionsLocale = "kk"
	CreateUserInviteOptionsLocaleKm    CreateUserInviteOptionsLocale = "km"
	CreateUserInviteOptionsLocaleKn    CreateUserInviteOptionsLocale = "kn"
	CreateUserInviteOptionsLocaleKo    CreateUserInviteOptionsLocale = "ko"
	CreateUserInviteOptionsLocaleLt    CreateUserInviteOptionsLocale = "lt"
	CreateUserInviteOptionsLocaleLv    CreateUserInviteOptionsLocale = "lv"
	CreateUserInviteOptionsLocaleMk    CreateUserInviteOptionsLocale = "mk"
	CreateUserInviteOptionsLocaleMl    CreateUserInviteOptionsLocale = "ml"
	CreateUserInviteOptionsLocaleMn    CreateUserInviteOptionsLocale = "mn"
	CreateUserInviteOptionsLocaleMr    CreateUserInviteOptionsLocale = "mr"
	CreateUserInviteOptionsLocaleMs    CreateUserInviteOptionsLocale = "ms"
	CreateUserInviteOptionsLocaleMy    CreateUserInviteOptionsLocale = "my"
	CreateUserInviteOptionsLocaleNb    CreateUserInviteOptionsLocale = "nb"
	CreateUserInviteOptionsLocaleNe    CreateUserInviteOptionsLocale = "ne"
	CreateUserInviteOptionsLocaleNl    CreateUserInviteOptionsLocale = "nl"
	CreateUserInviteOptionsLocaleNlBe  CreateUserInviteOptionsLocale = "nl-BE"
	CreateUserInviteOptionsLocaleNlNl  CreateUserInviteOptionsLocale = "nl-NL"
	CreateUserInviteOptionsLocaleNn    CreateUserInviteOptionsLocale = "nn"
	CreateUserInviteOptionsLocaleNo    CreateUserInviteOptionsLocale = "no"
	CreateUserInviteOptionsLocalePa    CreateUserInviteOptionsLocale = "pa"
	CreateUserInviteOptionsLocalePl    CreateUserInviteOptionsLocale = "pl"
	CreateUserInviteOptionsLocalePt    CreateUserInviteOptionsLocale = "pt"
	CreateUserInviteOptionsLocalePtBr  CreateUserInviteOptionsLocale = "pt-BR"
	CreateUserInviteOptionsLocalePtPt  CreateUserInviteOptionsLocale = "pt-PT"
	CreateUserInviteOptionsLocaleRo    CreateUserInviteOptionsLocale = "ro"
	CreateUserInviteOptionsLocaleRu    CreateUserInviteOptionsLocale = "ru"
	CreateUserInviteOptionsLocaleSk    CreateUserInviteOptionsLocale = "sk"
	CreateUserInviteOptionsLocaleSl    CreateUserInviteOptionsLocale = "sl"
	CreateUserInviteOptionsLocaleSq    CreateUserInviteOptionsLocale = "sq"
	CreateUserInviteOptionsLocaleSr    CreateUserInviteOptionsLocale = "sr"
	CreateUserInviteOptionsLocaleSv    CreateUserInviteOptionsLocale = "sv"
	CreateUserInviteOptionsLocaleSw    CreateUserInviteOptionsLocale = "sw"
	CreateUserInviteOptionsLocaleTa    CreateUserInviteOptionsLocale = "ta"
	CreateUserInviteOptionsLocaleTe    CreateUserInviteOptionsLocale = "te"
	CreateUserInviteOptionsLocaleTh    CreateUserInviteOptionsLocale = "th"
	CreateUserInviteOptionsLocaleTr    CreateUserInviteOptionsLocale = "tr"
	CreateUserInviteOptionsLocaleUk    CreateUserInviteOptionsLocale = "uk"
	CreateUserInviteOptionsLocaleUr    CreateUserInviteOptionsLocale = "ur"
	CreateUserInviteOptionsLocaleUz    CreateUserInviteOptionsLocale = "uz"
	CreateUserInviteOptionsLocaleVi    CreateUserInviteOptionsLocale = "vi"
	CreateUserInviteOptionsLocaleZh    CreateUserInviteOptionsLocale = "zh"
	CreateUserInviteOptionsLocaleZhCn  CreateUserInviteOptionsLocale = "zh-CN"
	CreateUserInviteOptionsLocaleZhHk  CreateUserInviteOptionsLocale = "zh-HK"
	CreateUserInviteOptionsLocaleZhTw  CreateUserInviteOptionsLocale = "zh-TW"
	CreateUserInviteOptionsLocaleZu    CreateUserInviteOptionsLocale = "zu"
)

type CreateUserOrganizationMembership 

type CreateUserOrganizationMembership struct {
	// UserID is the ID of the [user](https://workos.com/docs/reference/authkit/user).
	UserID string `json:"user_id"`
	// OrganizationID is the ID of the [organization](https://workos.com/docs/reference/organization) which the user belongs to.
	OrganizationID string `json:"organization_id"`
	// RoleSlug is a single role identifier. Defaults to `member` or the explicit default role. Mutually exclusive with `role_slugs`.
	RoleSlug *string `json:"role_slug,omitempty"`
	// RoleSlugs is an array of role identifiers. Limited to one role when Multiple Roles is disabled. Mutually exclusive with `role_slug`.
	RoleSlugs []string `json:"role_slugs,omitempty"`
}

CreateUserOrganizationMembership represents a create user organization membership.

type CreateUserPasswordHashType 

type CreateUserPasswordHashType string

CreateUserPasswordHashType represents create user password hash type values. 

const (
	CreateUserPasswordHashTypeBcrypt         CreateUserPasswordHashType = "bcrypt"
	CreateUserPasswordHashTypeFirebaseScrypt CreateUserPasswordHashType = "firebase-scrypt"
	CreateUserPasswordHashTypeSsha           CreateUserPasswordHashType = "ssha"
	CreateUserPasswordHashTypeScrypt         CreateUserPasswordHashType = "scrypt"
	CreateUserPasswordHashTypePbkdf2         CreateUserPasswordHashType = "pbkdf2"
	CreateUserPasswordHashTypeArgon2         CreateUserPasswordHashType = "argon2"
)

type CreateWebhookEndpoint 

type CreateWebhookEndpoint struct {
	// EndpointURL is the HTTPS URL where webhooks will be sent.
	EndpointURL string `json:"endpoint_url"`
	// Events is the events that the Webhook Endpoint is subscribed to.
	Events []CreateWebhookEndpointEvents `json:"events"`
}

CreateWebhookEndpoint represents a create webhook endpoint.

type CreateWebhookEndpointEvents 

type CreateWebhookEndpointEvents string

CreateWebhookEndpointEvents represents create webhook endpoint events values. 

const (
	CreateWebhookEndpointEventsAuthenticationEmailVerificationSucceeded CreateWebhookEndpointEvents = "authentication.email_verification_succeeded"
	CreateWebhookEndpointEventsAuthenticationMagicAuthFailed            CreateWebhookEndpointEvents = "authentication.magic_auth_failed"
	CreateWebhookEndpointEventsAuthenticationMagicAuthSucceeded         CreateWebhookEndpointEvents = "authentication.magic_auth_succeeded"
	CreateWebhookEndpointEventsAuthenticationMFASucceeded               CreateWebhookEndpointEvents = "authentication.mfa_succeeded"
	CreateWebhookEndpointEventsAuthenticationOAuthFailed                CreateWebhookEndpointEvents = "authentication.oauth_failed"
	CreateWebhookEndpointEventsAuthenticationOAuthSucceeded             CreateWebhookEndpointEvents = "authentication.oauth_succeeded"
	CreateWebhookEndpointEventsAuthenticationPasswordFailed             CreateWebhookEndpointEvents = "authentication.password_failed"
	CreateWebhookEndpointEventsAuthenticationPasswordSucceeded          CreateWebhookEndpointEvents = "authentication.password_succeeded"
	CreateWebhookEndpointEventsAuthenticationPasskeyFailed              CreateWebhookEndpointEvents = "authentication.passkey_failed"
	CreateWebhookEndpointEventsAuthenticationPasskeySucceeded           CreateWebhookEndpointEvents = "authentication.passkey_succeeded"
	CreateWebhookEndpointEventsAuthenticationSSOFailed                  CreateWebhookEndpointEvents = "authentication.sso_failed"
	CreateWebhookEndpointEventsAuthenticationSSOStarted                 CreateWebhookEndpointEvents = "authentication.sso_started"
	CreateWebhookEndpointEventsAuthenticationSSOSucceeded               CreateWebhookEndpointEvents = "authentication.sso_succeeded"
	CreateWebhookEndpointEventsAuthenticationSSOTimedOut                CreateWebhookEndpointEvents = "authentication.sso_timed_out"
	CreateWebhookEndpointEventsAuthenticationRadarRiskDetected          CreateWebhookEndpointEvents = "authentication.radar_risk_detected"
	CreateWebhookEndpointEventsAPIKeyCreated                            CreateWebhookEndpointEvents = "api_key.created"
	CreateWebhookEndpointEventsAPIKeyRevoked                            CreateWebhookEndpointEvents = "api_key.revoked"
	CreateWebhookEndpointEventsConnectionActivated                      CreateWebhookEndpointEvents = "connection.activated"
	CreateWebhookEndpointEventsConnectionDeactivated                    CreateWebhookEndpointEvents = "connection.deactivated"
	CreateWebhookEndpointEventsConnectionSAMLCertificateRenewalRequired CreateWebhookEndpointEvents = "connection.saml_certificate_renewal_required"
	CreateWebhookEndpointEventsConnectionSAMLCertificateRenewed         CreateWebhookEndpointEvents = "connection.saml_certificate_renewed"
	CreateWebhookEndpointEventsConnectionDeleted                        CreateWebhookEndpointEvents = "connection.deleted"
	CreateWebhookEndpointEventsDsyncActivated                           CreateWebhookEndpointEvents = "dsync.activated"
	CreateWebhookEndpointEventsDsyncDeleted                             CreateWebhookEndpointEvents = "dsync.deleted"
	CreateWebhookEndpointEventsDsyncGroupCreated                        CreateWebhookEndpointEvents = "dsync.group.created"
	CreateWebhookEndpointEventsDsyncGroupDeleted                        CreateWebhookEndpointEvents = "dsync.group.deleted"
	CreateWebhookEndpointEventsDsyncGroupUpdated                        CreateWebhookEndpointEvents = "dsync.group.updated"
	CreateWebhookEndpointEventsDsyncGroupUserAdded                      CreateWebhookEndpointEvents = "dsync.group.user_added"
	CreateWebhookEndpointEventsDsyncGroupUserRemoved                    CreateWebhookEndpointEvents = "dsync.group.user_removed"
	CreateWebhookEndpointEventsDsyncUserCreated                         CreateWebhookEndpointEvents = "dsync.user.created"
	CreateWebhookEndpointEventsDsyncUserDeleted                         CreateWebhookEndpointEvents = "dsync.user.deleted"
	CreateWebhookEndpointEventsDsyncUserUpdated                         CreateWebhookEndpointEvents = "dsync.user.updated"
	CreateWebhookEndpointEventsEmailVerificationCreated                 CreateWebhookEndpointEvents = "email_verification.created"
	CreateWebhookEndpointEventsGroupCreated                             CreateWebhookEndpointEvents = "group.created"
	CreateWebhookEndpointEventsGroupDeleted                             CreateWebhookEndpointEvents = "group.deleted"
	CreateWebhookEndpointEventsGroupMemberAdded                         CreateWebhookEndpointEvents = "group.member_added"
	CreateWebhookEndpointEventsGroupMemberRemoved                       CreateWebhookEndpointEvents = "group.member_removed"
	CreateWebhookEndpointEventsGroupUpdated                             CreateWebhookEndpointEvents = "group.updated"
	CreateWebhookEndpointEventsFlagCreated                              CreateWebhookEndpointEvents = "flag.created"
	CreateWebhookEndpointEventsFlagDeleted                              CreateWebhookEndpointEvents = "flag.deleted"
	CreateWebhookEndpointEventsFlagUpdated                              CreateWebhookEndpointEvents = "flag.updated"
	CreateWebhookEndpointEventsFlagRuleUpdated                          CreateWebhookEndpointEvents = "flag.rule_updated"
	CreateWebhookEndpointEventsInvitationAccepted                       CreateWebhookEndpointEvents = "invitation.accepted"
	CreateWebhookEndpointEventsInvitationCreated                        CreateWebhookEndpointEvents = "invitation.created"
	CreateWebhookEndpointEventsInvitationResent                         CreateWebhookEndpointEvents = "invitation.resent"
	CreateWebhookEndpointEventsInvitationRevoked                        CreateWebhookEndpointEvents = "invitation.revoked"
	CreateWebhookEndpointEventsMagicAuthCreated                         CreateWebhookEndpointEvents = "magic_auth.created"
	CreateWebhookEndpointEventsOrganizationCreated                      CreateWebhookEndpointEvents = "organization.created"
	CreateWebhookEndpointEventsOrganizationDeleted                      CreateWebhookEndpointEvents = "organization.deleted"
	CreateWebhookEndpointEventsOrganizationUpdated                      CreateWebhookEndpointEvents = "organization.updated"
	CreateWebhookEndpointEventsOrganizationDomainCreated                CreateWebhookEndpointEvents = "organization_domain.created"
	CreateWebhookEndpointEventsOrganizationDomainDeleted                CreateWebhookEndpointEvents = "organization_domain.deleted"
	CreateWebhookEndpointEventsOrganizationDomainUpdated                CreateWebhookEndpointEvents = "organization_domain.updated"
	CreateWebhookEndpointEventsOrganizationDomainVerified               CreateWebhookEndpointEvents = "organization_domain.verified"
	CreateWebhookEndpointEventsOrganizationDomainVerificationFailed     CreateWebhookEndpointEvents = "organization_domain.verification_failed"
	CreateWebhookEndpointEventsPasswordResetCreated                     CreateWebhookEndpointEvents = "password_reset.created"
	CreateWebhookEndpointEventsPasswordResetSucceeded                   CreateWebhookEndpointEvents = "password_reset.succeeded"
	CreateWebhookEndpointEventsUserCreated                              CreateWebhookEndpointEvents = "user.created"
	CreateWebhookEndpointEventsUserUpdated                              CreateWebhookEndpointEvents = "user.updated"
	CreateWebhookEndpointEventsUserDeleted                              CreateWebhookEndpointEvents = "user.deleted"
	CreateWebhookEndpointEventsOrganizationMembershipCreated            CreateWebhookEndpointEvents = "organization_membership.created"
	CreateWebhookEndpointEventsOrganizationMembershipDeleted            CreateWebhookEndpointEvents = "organization_membership.deleted"
	CreateWebhookEndpointEventsOrganizationMembershipUpdated            CreateWebhookEndpointEvents = "organization_membership.updated"
	CreateWebhookEndpointEventsRoleCreated                              CreateWebhookEndpointEvents = "role.created"
	CreateWebhookEndpointEventsRoleDeleted                              CreateWebhookEndpointEvents = "role.deleted"
	CreateWebhookEndpointEventsRoleUpdated                              CreateWebhookEndpointEvents = "role.updated"
	CreateWebhookEndpointEventsOrganizationRoleCreated                  CreateWebhookEndpointEvents = "organization_role.created"
	CreateWebhookEndpointEventsOrganizationRoleDeleted                  CreateWebhookEndpointEvents = "organization_role.deleted"
	CreateWebhookEndpointEventsOrganizationRoleUpdated                  CreateWebhookEndpointEvents = "organization_role.updated"
	CreateWebhookEndpointEventsPermissionCreated                        CreateWebhookEndpointEvents = "permission.created"
	CreateWebhookEndpointEventsPermissionDeleted                        CreateWebhookEndpointEvents = "permission.deleted"
	CreateWebhookEndpointEventsPermissionUpdated                        CreateWebhookEndpointEvents = "permission.updated"
	CreateWebhookEndpointEventsSessionCreated                           CreateWebhookEndpointEvents = "session.created"
	CreateWebhookEndpointEventsSessionRevoked                           CreateWebhookEndpointEvents = "session.revoked"
)

type DataIntegrationAccessTokenResponse 

type DataIntegrationAccessTokenResponse struct {
	// Active indicates whether the access token is valid and ready for use, or if reauthorization is required.
	Active *bool `json:"active,omitempty"`
	// AccessToken is the [access token](https://workos.com/docs/reference/pipes/access-token) object, present when `active` is `true`.
	AccessToken *DataIntegrationAccessTokenResponseAccessToken `json:"access_token,omitempty"`
	// Error is - `"not_installed"`: The user does not have the integration installed.
	// - `"needs_reauthorization"`: The user needs to reauthorize the integration.
	Error *DataIntegrationAccessTokenResponseError `json:"error,omitempty"`
}

DataIntegrationAccessTokenResponse represents a data integration access token response.

type DataIntegrationAccessTokenResponseAccessToken 

type DataIntegrationAccessTokenResponseAccessToken struct {
	// Object distinguishes the access token object.
	Object string `json:"object"`
	// AccessToken is the OAuth access token for the connected integration.
	AccessToken string `json:"access_token"`
	// ExpiresAt is the ISO-8601 formatted timestamp indicating when the access token expires.
	ExpiresAt *string `json:"expires_at"`
	// Scopes is the scopes granted to the access token.
	Scopes []string `json:"scopes"`
	// MissingScopes is if the integration has requested scopes that aren't present on the access token, they're listed here.
	MissingScopes []string `json:"missing_scopes"`
}

DataIntegrationAccessTokenResponseAccessToken the [access token](https://workos.com/docs/reference/pipes/access-token) object, present when `active` is `true`.

type DataIntegrationAccessTokenResponseError 

type DataIntegrationAccessTokenResponseError string

DataIntegrationAccessTokenResponseError represents data integration access token response error values. 

const (
	DataIntegrationAccessTokenResponseErrorNeedsReauthorization DataIntegrationAccessTokenResponseError = "needs_reauthorization"
	DataIntegrationAccessTokenResponseErrorNotInstalled         DataIntegrationAccessTokenResponseError = "not_installed"
)

type DataIntegrationAuthorizeURLResponse 

type DataIntegrationAuthorizeURLResponse struct {
	// URL is the OAuth authorization URL to redirect the user to.
	URL string `json:"url"`
}

DataIntegrationAuthorizeURLResponse represents a data integration authorize url response.

type DataIntegrationsGetDataIntegrationAuthorizeURLRequest 

type DataIntegrationsGetDataIntegrationAuthorizeURLRequest struct {
	// UserID is the ID of the user to authorize.
	UserID string `json:"user_id"`
	// OrganizationID is an organization ID to scope the authorization to a specific organization.
	OrganizationID *string `json:"organization_id,omitempty"`
	// ReturnTo is the URL to redirect the user to after authorization.
	ReturnTo *string `json:"return_to,omitempty"`
}

DataIntegrationsGetDataIntegrationAuthorizeURLRequest represents a data integrations get data integration authorize url request.

type DataIntegrationsGetUserTokenRequest 

type DataIntegrationsGetUserTokenRequest struct {
	// UserID is a [User](https://workos.com/docs/reference/authkit/user) identifier.
	UserID string `json:"user_id"`
	// OrganizationID is an [Organization](https://workos.com/docs/reference/organization) identifier. Optional parameter to scope the connection to a specific organization.
	OrganizationID *string `json:"organization_id,omitempty"`
}

DataIntegrationsGetUserTokenRequest represents a data integrations get user token request.

type DataIntegrationsListResponse 

type DataIntegrationsListResponse struct {
	// Object indicates this is a list response.
	Object string `json:"object"`
	// Data is a list of [providers](https://workos.com/docs/reference/pipes/provider), each including a [`connected_account`](https://workos.com/docs/reference/pipes/connected-account) field with the user's connection status.
	Data []*DataIntegrationsListResponseData `json:"data"`
}

DataIntegrationsListResponse represents a data integrations list response.

type DataIntegrationsListResponseData 

type DataIntegrationsListResponseData struct {
	// Object distinguishes the data provider object.
	Object string `json:"object"`
	// ID is the unique identifier of the provider.
	ID string `json:"id"`
	// Name is the display name of the provider (e.g., "GitHub", "Slack").
	Name string `json:"name"`
	// Description is a description of the provider explaining how it will be used, if configured.
	Description *string `json:"description"`
	// Slug is the slug identifier used in API calls (e.g., `github`, `slack`, `notion`).
	Slug string `json:"slug"`
	// IntegrationType is the type of integration (e.g., `github`, `slack`).
	IntegrationType string `json:"integration_type"`
	// CredentialsType is the type of credentials used by the provider (e.g., `oauth2`).
	CredentialsType string `json:"credentials_type"`
	// Scopes is the OAuth scopes configured for this provider, or `null` if none are configured.
	Scopes []string `json:"scopes"`
	// Ownership is whether the provider is owned by a user or organization.
	Ownership DataIntegrationsListResponseDataOwnership `json:"ownership"`
	// CreatedAt is the timestamp when the provider was created.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is the timestamp when the provider was last updated.
	UpdatedAt string `json:"updated_at"`
	// ConnectedAccount is the user's [connected account](https://workos.com/docs/reference/pipes/connected-account) for this provider, or `null` if the user has not connected.
	ConnectedAccount *DataIntegrationsListResponseDataConnectedAccount `json:"connected_account"`
}

DataIntegrationsListResponseData represents a data integrations list response data.

type DataIntegrationsListResponseDataConnectedAccount 

type DataIntegrationsListResponseDataConnectedAccount struct {
	// Object distinguishes the connected account object.
	Object string `json:"object"`
	// ID is the unique identifier of the connected account.
	ID string `json:"id"`
	// UserID is the [User](https://workos.com/docs/reference/authkit/user) identifier associated with this connection.
	UserID *string `json:"user_id"`
	// OrganizationID is the [Organization](https://workos.com/docs/reference/organization) identifier associated with this connection, or `null` if not scoped to an organization.
	OrganizationID *string `json:"organization_id"`
	// Scopes is the OAuth scopes granted for this connection.
	Scopes []string `json:"scopes"`
	// State is the state of the connected account:
	// - `connected`: The connection is active and tokens are valid.
	// - `needs_reauthorization`: The user needs to reauthorize the connection, typically because required scopes have changed.
	// - `disconnected`: The connection has been disconnected.
	State DataIntegrationsListResponseDataConnectedAccountState `json:"state"`
	// CreatedAt is the timestamp when the connection was created.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is the timestamp when the connection was last updated.
	UpdatedAt string `json:"updated_at"`
	// UserlandUserID is use `user_id` instead.
	//
	// Deprecated: Use `user_id` instead.
	UserlandUserID *string `json:"userlandUserId"`
}

DataIntegrationsListResponseDataConnectedAccount represents a data integrations list response data connected account.

type DataIntegrationsListResponseDataConnectedAccountState 

type DataIntegrationsListResponseDataConnectedAccountState = ConnectedAccountState

DataIntegrationsListResponseDataConnectedAccountState is an alias for ConnectedAccountState.

type DataIntegrationsListResponseDataOwnership 

type DataIntegrationsListResponseDataOwnership string

DataIntegrationsListResponseDataOwnership represents data integrations list response data ownership values. 

const (
	DataIntegrationsListResponseDataOwnershipUserlandUser DataIntegrationsListResponseDataOwnership = "userland_user"
	DataIntegrationsListResponseDataOwnershipOrganization DataIntegrationsListResponseDataOwnership = "organization"
)

type DataKey 

type DataKey struct {
	// Key is the base64-encoded plaintext AES key.
	Key string `json:"key"`
}

DataKey holds a plaintext data key.

type DataKeyPair 

type DataKeyPair struct {
	// Context is the encryption key context for this data key.
	Context KeyContext `json:"context"`
	// DataKey is the plaintext data key for local encryption/decryption.
	DataKey DataKey `json:"data_key"`
	// EncryptedKeys is the base64-encoded encrypted key blob for server-side decryption.
	EncryptedKeys string `json:"encrypted_keys"`
}

DataKeyPair contains an encryption data key and its encrypted counterpart.

type DeviceAuthorizationResponse 

type DeviceAuthorizationResponse struct {
	// DeviceCode is the device verification code.
	DeviceCode string `json:"device_code"`
	// UserCode is the end-user verification code.
	UserCode string `json:"user_code"`
	// VerificationURI is the end-user verification URI.
	VerificationURI string `json:"verification_uri"`
	// VerificationURIComplete is verification URI that includes the user code.
	VerificationURIComplete *string `json:"verification_uri_complete,omitempty"`
	// ExpiresIn is lifetime in seconds of the codes.
	ExpiresIn float64 `json:"expires_in"`
	// Interval is minimum polling interval in seconds.
	Interval *float64 `json:"interval,omitempty"`
}

DeviceAuthorizationResponse represents a device authorization response.

type DeviceCodeSessionAuthenticateRequest 

type DeviceCodeSessionAuthenticateRequest struct {
	// ClientID is the client ID of the application.
	ClientID  string `json:"client_id"`
	GrantType string `json:"grant_type"`
	// DeviceCode is the device verification code.
	DeviceCode string `json:"device_code"`
	// IPAddress is the IP address of the user's request.
	IPAddress *string `json:"ip_address,omitempty"`
	// DeviceID is a unique identifier for the device.
	DeviceID *string `json:"device_id,omitempty"`
	// UserAgent is the user agent string from the user's browser.
	UserAgent *string `json:"user_agent,omitempty"`
}

DeviceCodeSessionAuthenticateRequest represents an urn ietf params OAuth grant type device code session authenticate request.

type DirectoriesOrder 

type DirectoriesOrder = ApplicationsOrder

DirectoriesOrder is an alias for ApplicationsOrder.

type Directory 

type Directory struct {
	// Object distinguishes the Directory object.
	Object string `json:"object"`
	// ID is unique identifier for the Directory.
	ID string `json:"id"`
	// OrganizationID is the unique identifier for the Organization in which the directory resides.
	OrganizationID string `json:"organization_id"`
	// ExternalKey is external Key for the Directory.
	ExternalKey string `json:"external_key"`
	// Type is the type of external Directory Provider integrated with.
	Type DirectoryType `json:"type"`
	// State describes whether the Directory has been successfully connected to an external provider.
	State DirectoryState `json:"state"`
	// Name is the name of the directory.
	Name string `json:"name"`
	// Domain is the URL associated with an Enterprise Client.
	Domain *string `json:"domain,omitempty"`
	// Metadata is aggregate counts of directory users and groups synced from the provider.
	Metadata *DirectoryMetadata `json:"metadata,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

Directory represents a directory.

type DirectoryGroup 

type DirectoryGroup struct {
	// Object distinguishes the Directory Group object.
	Object string `json:"object"`
	// ID is unique identifier for the Directory Group.
	ID string `json:"id"`
	// IdpID is unique identifier for the group, assigned by the Directory Provider. Different Directory Providers use different ID formats.
	IdpID string `json:"idp_id"`
	// DirectoryID is the identifier of the Directory the Directory Group belongs to.
	DirectoryID string `json:"directory_id"`
	// OrganizationID is the identifier for the Organization in which the Directory resides.
	OrganizationID string `json:"organization_id"`
	// Name is the name of the Directory Group.
	Name string `json:"name"`
	// RawAttributes is the raw attributes received from the directory provider.
	RawAttributes map[string]interface{} `json:"raw_attributes,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

DirectoryGroup represents a directory group.

type DirectoryGroupsOrder 

type DirectoryGroupsOrder = ApplicationsOrder

DirectoryGroupsOrder is an alias for ApplicationsOrder.

type DirectoryMetadata 

type DirectoryMetadata struct {
	// Users is counts of active and inactive directory users.
	Users *DirectoryMetadataUser `json:"users"`
	// Groups is count of directory groups.
	Groups int `json:"groups"`
}

DirectoryMetadata aggregate counts of directory users and groups synced from the provider.

type DirectoryMetadataUser 

type DirectoryMetadataUser struct {
	// Active is count of active directory users.
	Active int `json:"active"`
	// Inactive is count of inactive directory users.
	Inactive int `json:"inactive"`
}

DirectoryMetadataUser counts of active and inactive directory users.

type DirectoryState 

type DirectoryState string

DirectoryState represents directory state values. 

const (
	DirectoryStateLinked             DirectoryState = "linked"
	DirectoryStateValidating         DirectoryState = "validating"
	DirectoryStateInvalidCredentials DirectoryState = "invalid_credentials"
	DirectoryStateUnlinked           DirectoryState = "unlinked"
	DirectoryStateDeleting           DirectoryState = "deleting"
)

type DirectorySyncListGroupsParams 

type DirectorySyncListGroupsParams struct {
	PaginationParams
	// Directory is unique identifier of the WorkOS Directory. This value can be obtained from the WorkOS dashboard or from the WorkOS API.
	Directory *string `url:"directory,omitempty" json:"-"`
	// User is unique identifier of the WorkOS Directory User. This value can be obtained from the WorkOS API.
	User *string `url:"user,omitempty" json:"-"`
}

DirectorySyncListGroupsParams contains the parameters for ListGroups.

type DirectorySyncListParams 

type DirectorySyncListParams struct {
	PaginationParams
	// OrganizationID is filter Directories by their associated organization.
	OrganizationID *string `url:"organization_id,omitempty" json:"-"`
	// Search is searchable text to match against Directory names.
	Search *string `url:"search,omitempty" json:"-"`
	// Domain is filter Directories by their associated domain.
	//
	// Deprecated: this parameter is deprecated.
	Domain *string `url:"domain,omitempty" json:"-"`
}

DirectorySyncListParams contains the parameters for List.

type DirectorySyncListUsersParams 

type DirectorySyncListUsersParams struct {
	PaginationParams
	// Directory is unique identifier of the WorkOS Directory. This value can be obtained from the WorkOS dashboard or from the WorkOS API.
	Directory *string `url:"directory,omitempty" json:"-"`
	// Group is unique identifier of the WorkOS Directory Group. This value can be obtained from the WorkOS API.
	Group *string `url:"group,omitempty" json:"-"`
}

DirectorySyncListUsersParams contains the parameters for ListUsers.

type DirectorySyncService 

type DirectorySyncService struct {
	// contains filtered or unexported fields
}

DirectorySyncService handles DirectorySync operations.

func (*DirectorySyncService) Delete 

func (s *DirectorySyncService) Delete(ctx context.Context, id string, opts ...RequestOption) error

Delete a Directory Permanently deletes an existing directory. It cannot be undone.

func (*DirectorySyncService) Get 

func (s *DirectorySyncService) Get(ctx context.Context, id string, opts ...RequestOption) (*Directory, error)

Get a Directory Get the details of an existing directory.

func (*DirectorySyncService) GetGroup 

func (s *DirectorySyncService) GetGroup(ctx context.Context, id string, opts ...RequestOption) (*DirectoryGroup, error)

GetGroup get a Directory Group Get the details of an existing Directory Group.

func (*DirectorySyncService) GetUser 

func (s *DirectorySyncService) GetUser(ctx context.Context, id string, opts ...RequestOption) (*DirectoryUserWithGroups, error)

GetUser get a Directory User Get the details of an existing Directory User.

func (*DirectorySyncService) List 

func (s *DirectorySyncService) List(ctx context.Context, params *DirectorySyncListParams, opts ...RequestOption) *Iterator[Directory]

List directories Get a list of all of your existing directories matching the criteria specified.

func (*DirectorySyncService) ListGroups 

func (s *DirectorySyncService) ListGroups(ctx context.Context, params *DirectorySyncListGroupsParams, opts ...RequestOption) *Iterator[DirectoryGroup]

ListGroups list Directory Groups Get a list of all of existing directory groups matching the criteria specified.

func (*DirectorySyncService) ListUsers 

func (s *DirectorySyncService) ListUsers(ctx context.Context, params *DirectorySyncListUsersParams, opts ...RequestOption) *Iterator[DirectoryUserWithGroups]

ListUsers list Directory Users Get a list of all of existing Directory Users matching the criteria specified.

type DirectoryType 

type DirectoryType string

DirectoryType represents directory type values. 

const (
	DirectoryTypeAzureSCIMV20        DirectoryType = "azure scim v2.0"
	DirectoryTypeBamboohr            DirectoryType = "bamboohr"
	DirectoryTypeBreatheHr           DirectoryType = "breathe hr"
	DirectoryTypeCezanneHr           DirectoryType = "cezanne hr"
	DirectoryTypeCyberarkSCIMV20     DirectoryType = "cyberark scim v2.0"
	DirectoryTypeFourthHr            DirectoryType = "fourth hr"
	DirectoryTypeGenericSCIMV20      DirectoryType = "generic scim v2.0"
	DirectoryTypeGsuiteDirectory     DirectoryType = "gsuite directory"
	DirectoryTypeHibob               DirectoryType = "hibob"
	DirectoryTypeSailpointSCIMV20    DirectoryType = "sailpoint scim v2.0"
	DirectoryTypeJumpCloudSCIMV20    DirectoryType = "jump cloud scim v2.0"
	DirectoryTypeOktaSCIMV20         DirectoryType = "okta scim v2.0"
	DirectoryTypeOneloginSCIMV20     DirectoryType = "onelogin scim v2.0"
	DirectoryTypePeopleHr            DirectoryType = "people hr"
	DirectoryTypePersonio            DirectoryType = "personio"
	DirectoryTypePingfederateSCIMV20 DirectoryType = "pingfederate scim v2.0"
	DirectoryTypeRipplingSCIMV20     DirectoryType = "rippling scim v2.0"
	DirectoryTypeS3                  DirectoryType = "s3"
	DirectoryTypeSftp                DirectoryType = "sftp"
	DirectoryTypeSftpWorkday         DirectoryType = "sftp workday"
	DirectoryTypeWorkday             DirectoryType = "workday"
)

type DirectoryUser 

type DirectoryUser struct {
	// Object distinguishes the Directory User object.
	Object string `json:"object"`
	// ID is unique identifier for the Directory User.
	ID string `json:"id"`
	// DirectoryID is the identifier of the Directory the Directory User belongs to.
	DirectoryID string `json:"directory_id"`
	// OrganizationID is the identifier for the Organization in which the Directory resides.
	OrganizationID string `json:"organization_id"`
	// IdpID is unique identifier for the user, assigned by the Directory Provider. Different Directory Providers use different ID formats.
	IdpID string `json:"idp_id"`
	// Email is the email address of the user.
	Email *string `json:"email"`
	// FirstName is the first name of the user.
	FirstName *string `json:"first_name,omitempty"`
	// LastName is the last name of the user.
	LastName *string `json:"last_name,omitempty"`
	// Emails is a list of email addresses for the user.
	//
	// Deprecated: this field is deprecated.
	Emails []*DirectoryUserEmail `json:"emails,omitempty"`
	// JobTitle is the job title of the user.
	//
	// Deprecated: this field is deprecated.
	JobTitle *string `json:"job_title,omitempty"`
	// Username is the username of the user.
	//
	// Deprecated: this field is deprecated.
	Username *string `json:"username,omitempty"`
	// State is the state of the user.
	State DirectoryUserState `json:"state"`
	// RawAttributes is the raw attributes received from the directory provider.
	//
	// Deprecated: this field is deprecated.
	RawAttributes map[string]interface{} `json:"raw_attributes"`
	// CustomAttributes is an object containing the custom attribute mapping for the Directory Provider.
	CustomAttributes map[string]interface{} `json:"custom_attributes"`
	Role             *SlimRole              `json:"role,omitempty"`
	// Roles is all roles assigned to the user.
	Roles []*SlimRole `json:"roles,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

DirectoryUser represents a directory user.

type DirectoryUserEmail 

type DirectoryUserEmail struct {
	// Primary is whether this is the primary email address.
	Primary *bool `json:"primary,omitempty"`
	// Type is the type of email address.
	Type *string `json:"type,omitempty"`
	// Value is the email address value.
	Value *string `json:"value,omitempty"`
}

DirectoryUserEmail represents a directory user email.

type DirectoryUserState 

type DirectoryUserState string

DirectoryUserState represents directory user state values. 

const (
	DirectoryUserStateActive    DirectoryUserState = "active"
	DirectoryUserStateSuspended DirectoryUserState = "suspended"
	DirectoryUserStateInactive  DirectoryUserState = "inactive"
)

type DirectoryUserWithGroups 

type DirectoryUserWithGroups struct {
	// Object distinguishes the Directory User object.
	Object string `json:"object"`
	// ID is unique identifier for the Directory User.
	ID string `json:"id"`
	// DirectoryID is the identifier of the Directory the Directory User belongs to.
	DirectoryID string `json:"directory_id"`
	// OrganizationID is the identifier for the Organization in which the Directory resides.
	OrganizationID string `json:"organization_id"`
	// IdpID is unique identifier for the user, assigned by the Directory Provider. Different Directory Providers use different ID formats.
	IdpID string `json:"idp_id"`
	// Email is the email address of the user.
	Email *string `json:"email"`
	// FirstName is the first name of the user.
	FirstName *string `json:"first_name,omitempty"`
	// LastName is the last name of the user.
	LastName *string `json:"last_name,omitempty"`
	// Emails is a list of email addresses for the user.
	//
	// Deprecated: this field is deprecated.
	Emails []*DirectoryUserWithGroupsEmail `json:"emails,omitempty"`
	// JobTitle is the job title of the user.
	//
	// Deprecated: this field is deprecated.
	JobTitle *string `json:"job_title,omitempty"`
	// Username is the username of the user.
	//
	// Deprecated: this field is deprecated.
	Username *string `json:"username,omitempty"`
	// State is the state of the user.
	State DirectoryUserWithGroupsState `json:"state"`
	// RawAttributes is the raw attributes received from the directory provider.
	//
	// Deprecated: this field is deprecated.
	RawAttributes map[string]interface{} `json:"raw_attributes"`
	// CustomAttributes is an object containing the custom attribute mapping for the Directory Provider.
	CustomAttributes map[string]interface{} `json:"custom_attributes"`
	Role             *SlimRole              `json:"role,omitempty"`
	// Roles is all roles assigned to the user.
	Roles []*SlimRole `json:"roles,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// Groups is the directory groups the user belongs to.
	Groups []*DirectoryGroup `json:"groups"`
}

DirectoryUserWithGroups represents a directory user with groups.

type DirectoryUserWithGroupsEmail 

type DirectoryUserWithGroupsEmail = DirectoryUserEmail

DirectoryUserWithGroupsEmail is an alias for DirectoryUserEmail.

type DirectoryUserWithGroupsState 

type DirectoryUserWithGroupsState = DirectoryUserState

DirectoryUserWithGroupsState is an alias for DirectoryUserState.

type DirectoryUsersOrder 

type DirectoryUsersOrder = ApplicationsOrder

DirectoryUsersOrder is an alias for ApplicationsOrder.

type DsyncActivated 

type DsyncActivated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *DsyncActivatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

DsyncActivated represents a dsync activated.

type DsyncActivatedData 

type DsyncActivatedData struct {
	// Object distinguishes the directory object.
	Object string `json:"object"`
	// ID is unique identifier of the directory.
	ID string `json:"id"`
	// OrganizationID is the ID of the organization the directory belongs to.
	OrganizationID *string `json:"organization_id,omitempty"`
	// Type is the type of the directory.
	Type DsyncActivatedDataType `json:"type"`
	// State is the current state of the directory.
	State DsyncActivatedDataState `json:"state"`
	// Name is the name of the directory.
	Name string `json:"name"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// ExternalKey is the external key of the directory.
	ExternalKey string `json:"external_key"`
	// Domains is the domains associated with the directory.
	Domains []*DsyncActivatedDataDomain `json:"domains"`
}

DsyncActivatedData the event payload.

type DsyncActivatedDataDomain 

type DsyncActivatedDataDomain struct {
	// Object distinguishes the organization domain object.
	Object string `json:"object"`
	// ID is unique identifier of the organization domain.
	ID string `json:"id"`
	// Domain is the domain value.
	Domain string `json:"domain"`
}

DsyncActivatedDataDomain represents a dsync activated data domain.

type DsyncActivatedDataState 

type DsyncActivatedDataState string

DsyncActivatedDataState represents dsync activated data state values. 

const (
	DsyncActivatedDataStateActive             DsyncActivatedDataState = "active"
	DsyncActivatedDataStateValidating         DsyncActivatedDataState = "validating"
	DsyncActivatedDataStateInvalidCredentials DsyncActivatedDataState = "invalid_credentials"
	DsyncActivatedDataStateInactive           DsyncActivatedDataState = "inactive"
	DsyncActivatedDataStateDeleting           DsyncActivatedDataState = "deleting"
)

type DsyncActivatedDataType 

type DsyncActivatedDataType string

DsyncActivatedDataType represents dsync activated data type values. 

const (
	DsyncActivatedDataTypeAzureSCIMV20        DsyncActivatedDataType = "azure scim v2.0"
	DsyncActivatedDataTypeBamboohr            DsyncActivatedDataType = "bamboohr"
	DsyncActivatedDataTypeBreatheHr           DsyncActivatedDataType = "breathe hr"
	DsyncActivatedDataTypeCezanneHr           DsyncActivatedDataType = "cezanne hr"
	DsyncActivatedDataTypeCyberarkSCIMV20     DsyncActivatedDataType = "cyberark scim v2.0"
	DsyncActivatedDataTypeFourthHr            DsyncActivatedDataType = "fourth hr"
	DsyncActivatedDataTypeGenericSCIMV20      DsyncActivatedDataType = "generic scim v2.0"
	DsyncActivatedDataTypeGsuiteDirectory     DsyncActivatedDataType = "gsuite directory"
	DsyncActivatedDataTypeGusto               DsyncActivatedDataType = "gusto"
	DsyncActivatedDataTypeHibob               DsyncActivatedDataType = "hibob"
	DsyncActivatedDataTypeJumpCloudSCIMV20    DsyncActivatedDataType = "jump cloud scim v2.0"
	DsyncActivatedDataTypeOktaSCIMV20         DsyncActivatedDataType = "okta scim v2.0"
	DsyncActivatedDataTypeOneloginSCIMV20     DsyncActivatedDataType = "onelogin scim v2.0"
	DsyncActivatedDataTypePeopleHr            DsyncActivatedDataType = "people hr"
	DsyncActivatedDataTypePersonio            DsyncActivatedDataType = "personio"
	DsyncActivatedDataTypePingfederateSCIMV20 DsyncActivatedDataType = "pingfederate scim v2.0"
	DsyncActivatedDataTypeRipplingSCIMV20     DsyncActivatedDataType = "rippling scim v2.0"
	DsyncActivatedDataTypeRippling            DsyncActivatedDataType = "rippling"
	DsyncActivatedDataTypeSailpointSCIMV20    DsyncActivatedDataType = "sailpoint scim v2.0"
	DsyncActivatedDataTypeS3                  DsyncActivatedDataType = "s3"
	DsyncActivatedDataTypeSftp                DsyncActivatedDataType = "sftp"
	DsyncActivatedDataTypeSftpWorkday         DsyncActivatedDataType = "sftp workday"
	DsyncActivatedDataTypeWorkday             DsyncActivatedDataType = "workday"
)

type DsyncDeactivated 

type DsyncDeactivated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *DsyncDeactivatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

DsyncDeactivated represents a dsync deactivated.

type DsyncDeactivatedData 

type DsyncDeactivatedData struct {
	// Object distinguishes the directory object.
	Object string `json:"object"`
	// ID is unique identifier of the directory.
	ID string `json:"id"`
	// OrganizationID is the ID of the organization the directory belongs to.
	OrganizationID *string `json:"organization_id,omitempty"`
	// Type is the type of the directory.
	Type DsyncDeactivatedDataType `json:"type"`
	// State is the current state of the directory.
	State DsyncDeactivatedDataState `json:"state"`
	// Name is the name of the directory.
	Name string `json:"name"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// ExternalKey is the external key of the directory.
	ExternalKey string `json:"external_key"`
	// Domains is the domains associated with the directory.
	Domains []*DsyncDeactivatedDataDomain `json:"domains"`
}

DsyncDeactivatedData the event payload.

type DsyncDeactivatedDataDomain 

type DsyncDeactivatedDataDomain = DsyncActivatedDataDomain

DsyncDeactivatedDataDomain is an alias for DsyncActivatedDataDomain.

type DsyncDeactivatedDataState 

type DsyncDeactivatedDataState = DsyncActivatedDataState

DsyncDeactivatedDataState is an alias for DsyncActivatedDataState.

type DsyncDeactivatedDataType 

type DsyncDeactivatedDataType = DsyncActivatedDataType

DsyncDeactivatedDataType is an alias for DsyncActivatedDataType.

type DsyncDeleted 

type DsyncDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *DsyncDeletedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

DsyncDeleted represents a dsync deleted.

type DsyncDeletedData 

type DsyncDeletedData struct {
	// Object distinguishes the directory object.
	Object string `json:"object"`
	// ID is unique identifier of the directory.
	ID string `json:"id"`
	// OrganizationID is the ID of the organization the directory belongs to.
	OrganizationID *string `json:"organization_id,omitempty"`
	// Type is the type of the directory.
	Type DsyncDeletedDataType `json:"type"`
	// State is the current state of the directory.
	State DsyncDeletedDataState `json:"state"`
	// Name is the name of the directory.
	Name string `json:"name"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

DsyncDeletedData the event payload.

type DsyncDeletedDataState 

type DsyncDeletedDataState = DsyncActivatedDataState

DsyncDeletedDataState is an alias for DsyncActivatedDataState.

type DsyncDeletedDataType 

type DsyncDeletedDataType = DsyncActivatedDataType

DsyncDeletedDataType is an alias for DsyncActivatedDataType.

type DsyncGroupCreated 

type DsyncGroupCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *DirectoryGroup `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

DsyncGroupCreated represents a dsync group created.

type DsyncGroupDeleted 

type DsyncGroupDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *DirectoryGroup `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

DsyncGroupDeleted represents a dsync group deleted.

type DsyncGroupUpdated 

type DsyncGroupUpdated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *DsyncGroupUpdatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

DsyncGroupUpdated represents a dsync group updated.

type DsyncGroupUpdatedData 

type DsyncGroupUpdatedData struct {
	// Object distinguishes the Directory Group object.
	Object string `json:"object"`
	// ID is unique identifier for the Directory Group.
	ID string `json:"id"`
	// IdpID is unique identifier for the group, assigned by the Directory Provider. Different Directory Providers use different ID formats.
	IdpID string `json:"idp_id"`
	// DirectoryID is the identifier of the Directory the Directory Group belongs to.
	DirectoryID string `json:"directory_id"`
	// OrganizationID is the identifier for the Organization in which the Directory resides.
	OrganizationID string `json:"organization_id"`
	// Name is the name of the Directory Group.
	Name string `json:"name"`
	// RawAttributes is the raw attributes received from the directory provider.
	RawAttributes map[string]interface{} `json:"raw_attributes,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt          string                 `json:"updated_at"`
	PreviousAttributes map[string]interface{} `json:"previous_attributes,omitempty"`
}

DsyncGroupUpdatedData the event payload.

type DsyncGroupUserAdded 

type DsyncGroupUserAdded struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *DsyncGroupUserAddedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

DsyncGroupUserAdded represents a dsync group user added.

type DsyncGroupUserAddedData 

type DsyncGroupUserAddedData struct {
	// DirectoryID is the ID of the directory.
	DirectoryID string `json:"directory_id"`
	// User is the directory user added to the group.
	User *DirectoryUser `json:"user"`
	// Group is the directory group the user was added to.
	Group *DirectoryGroup `json:"group"`
}

DsyncGroupUserAddedData the event payload.

type DsyncGroupUserRemoved 

type DsyncGroupUserRemoved struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *DsyncGroupUserRemovedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

DsyncGroupUserRemoved represents a dsync group user removed.

type DsyncGroupUserRemovedData 

type DsyncGroupUserRemovedData = DsyncGroupUserAddedData

DsyncGroupUserRemovedData is an alias for DsyncGroupUserAddedData.

type DsyncUserCreated 

type DsyncUserCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *DirectoryUser `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

DsyncUserCreated represents a dsync user created.

type DsyncUserDeleted 

type DsyncUserDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *DirectoryUser `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

DsyncUserDeleted represents a dsync user deleted.

type DsyncUserUpdated 

type DsyncUserUpdated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *DsyncUserUpdatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

DsyncUserUpdated represents a dsync user updated.

type DsyncUserUpdatedData 

type DsyncUserUpdatedData struct {
	// Object distinguishes the Directory User object.
	Object string `json:"object"`
	// ID is unique identifier for the Directory User.
	ID string `json:"id"`
	// DirectoryID is the identifier of the Directory the Directory User belongs to.
	DirectoryID string `json:"directory_id"`
	// OrganizationID is the identifier for the Organization in which the Directory resides.
	OrganizationID string `json:"organization_id"`
	// IdpID is unique identifier for the user, assigned by the Directory Provider. Different Directory Providers use different ID formats.
	IdpID string `json:"idp_id"`
	// Email is the email address of the user.
	Email *string `json:"email"`
	// FirstName is the first name of the user.
	FirstName *string `json:"first_name,omitempty"`
	// LastName is the last name of the user.
	LastName *string `json:"last_name,omitempty"`
	// Emails is a list of email addresses for the user.
	//
	// Deprecated: this field is deprecated.
	Emails []*DsyncUserUpdatedDataEmail `json:"emails,omitempty"`
	// JobTitle is the job title of the user.
	//
	// Deprecated: this field is deprecated.
	JobTitle *string `json:"job_title,omitempty"`
	// Username is the username of the user.
	//
	// Deprecated: this field is deprecated.
	Username *string `json:"username,omitempty"`
	// State is the state of the user.
	State DsyncUserUpdatedDataState `json:"state"`
	// RawAttributes is the raw attributes received from the directory provider.
	//
	// Deprecated: this field is deprecated.
	RawAttributes map[string]interface{} `json:"raw_attributes"`
	// CustomAttributes is an object containing the custom attribute mapping for the Directory Provider.
	CustomAttributes map[string]interface{} `json:"custom_attributes"`
	Role             *SlimRole              `json:"role,omitempty"`
	// Roles is all roles assigned to the user.
	Roles []*SlimRole `json:"roles,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt          string                 `json:"updated_at"`
	PreviousAttributes map[string]interface{} `json:"previous_attributes,omitempty"`
}

DsyncUserUpdatedData the event payload.

type DsyncUserUpdatedDataEmail 

type DsyncUserUpdatedDataEmail = DirectoryUserEmail

DsyncUserUpdatedDataEmail is an alias for DirectoryUserEmail.

type DsyncUserUpdatedDataState 

type DsyncUserUpdatedDataState = DirectoryUserState

DsyncUserUpdatedDataState is an alias for DirectoryUserState.

type EmailChange 

type EmailChange struct {
	// Object distinguishes the email change object.
	Object string `json:"object"`
	User   *User  `json:"user"`
	// NewEmail is the new email address the user is changing to.
	NewEmail string `json:"new_email"`
	// ExpiresAt is the timestamp when the email change code expires.
	ExpiresAt string `json:"expires_at"`
	// CreatedAt is the timestamp when the email change challenge was created.
	CreatedAt string `json:"created_at"`
}

EmailChange represents an email change.

type EmailChangeConfirmation 

type EmailChangeConfirmation struct {
	// Object distinguishes the email change confirmation object.
	Object string `json:"object"`
	// User is the user object.
	User *EmailChangeConfirmationUser `json:"user"`
}

EmailChangeConfirmation represents an email change confirmation.

type EmailChangeConfirmationUser 

type EmailChangeConfirmationUser struct {
	// Object distinguishes the user object.
	Object string `json:"object"`
	// ID is the unique ID of the user.
	ID string `json:"id"`
	// FirstName is the first name of the user.
	FirstName *string `json:"first_name"`
	// LastName is the last name of the user.
	LastName *string `json:"last_name"`
	// ProfilePictureURL is a URL reference to an image representing the user.
	ProfilePictureURL *string `json:"profile_picture_url"`
	// Email is the email address of the user.
	Email string `json:"email"`
	// EmailVerified is whether the user's email has been verified.
	EmailVerified bool `json:"email_verified"`
	// ExternalID is the external ID of the user.
	ExternalID *string `json:"external_id"`
	// Metadata is object containing metadata key/value pairs associated with the user.
	Metadata map[string]string `json:"metadata,omitempty"`
	// LastSignInAt is the timestamp when the user last signed in.
	LastSignInAt *string `json:"last_sign_in_at"`
	// Locale is the user's preferred locale.
	Locale *string `json:"locale,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

EmailChangeConfirmationUser the user object.

type EmailVerification 

type EmailVerification struct {
	// Object distinguishes the email verification object.
	Object string `json:"object"`
	// ID is the unique ID of the email verification code.
	ID string `json:"id"`
	// UserID is the unique ID of the user.
	UserID string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
	// ExpiresAt is the timestamp when the email verification code expires.
	ExpiresAt string `json:"expires_at"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// Code is the code used to verify the email.
	Code string `json:"code"`
}

EmailVerification represents an email verification.

type EmailVerificationCodeSessionAuthenticateRequest 

type EmailVerificationCodeSessionAuthenticateRequest struct {
	// ClientID is the client ID of the application.
	ClientID string `json:"client_id"`
	// ClientSecret is the client secret of the application.
	ClientSecret string `json:"client_secret"`
	GrantType    string `json:"grant_type"`
	// Code is the email verification code.
	Code string `json:"code"`
	// PendingAuthenticationToken is the pending authentication token from a previous authentication attempt.
	PendingAuthenticationToken string `json:"pending_authentication_token"`
	// IPAddress is the IP address of the user's request.
	IPAddress *string `json:"ip_address,omitempty"`
	// DeviceID is a unique identifier for the device.
	DeviceID *string `json:"device_id,omitempty"`
	// UserAgent is the user agent string from the user's browser.
	UserAgent *string `json:"user_agent,omitempty"`
}

EmailVerificationCodeSessionAuthenticateRequest represents an urn workos OAuth grant type email verification code session authenticate request.

type EmailVerificationCreated 

type EmailVerificationCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *EmailVerificationCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

EmailVerificationCreated represents an email verification created.

type EmailVerificationCreatedData 

type EmailVerificationCreatedData struct {
	// Object distinguishes the email verification object.
	Object string `json:"object"`
	// ID is the unique ID of the email verification code.
	ID string `json:"id"`
	// UserID is the unique ID of the user.
	UserID string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
	// ExpiresAt is the timestamp when the email verification code expires.
	ExpiresAt string `json:"expires_at"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

EmailVerificationCreatedData the event payload.

type EmailVerificationRequiredError 

type EmailVerificationRequiredError struct {
	*APIError
	Email string `json:"email"`
}

EmailVerificationRequiredError occurs when a user with an unverified email attempts authentication.

func (*EmailVerificationRequiredError) Error 

func (e *EmailVerificationRequiredError) Error() string

func (*EmailVerificationRequiredError) Unwrap 

func (e *EmailVerificationRequiredError) Unwrap() error

type EnrollUserAuthenticationFactor 

type EnrollUserAuthenticationFactor struct {
	// Type is the type of the factor to enroll.
	Type string `json:"type"`
	// TOTPIssuer is your application or company name displayed in the user's authenticator app.
	TOTPIssuer *string `json:"totp_issuer,omitempty"`
	// TOTPUser is the user's account name displayed in their authenticator app.
	TOTPUser *string `json:"totp_user,omitempty"`
	// TOTPSecret is the Base32-encoded shared secret for TOTP factors. This can be provided when creating the auth factor, otherwise it will be generated. The algorithm used to derive TOTP codes is SHA-1, the code length is 6 digits, and the timestep is 30 seconds – the secret must be compatible with these parameters.
	TOTPSecret *string `json:"totp_secret,omitempty"`
}

EnrollUserAuthenticationFactor represents an enroll user authentication factor.

type EventContext 

type EventContext struct {
	// GoogleAnalyticsClientID is the Google Analytics client ID.
	GoogleAnalyticsClientID *string `json:"google_analytics_client_id,omitempty"`
	// GoogleAnalyticsSessions is the Google Analytics sessions associated with the event.
	GoogleAnalyticsSessions []*EventContextGoogleAnalyticsSession `json:"google_analytics_sessions,omitempty"`
	// AjsAnonymousID is the anonymous ID from analytics.
	AjsAnonymousID *string `json:"ajs_anonymous_id,omitempty"`
	// ClientID is the client ID associated with the event.
	ClientID *string            `json:"client_id,omitempty"`
	Actor    *EventContextActor `json:"actor,omitempty"`
	// PreviousAttributes is attributes that changed from their previous values.
	PreviousAttributes map[string]interface{} `json:"previous_attributes,omitempty"`
}

EventContext additional context about the event.

type EventContextActor 

type EventContextActor struct {
	// ID is unique identifier of the actor.
	ID string `json:"id"`
	// Source is the source of the actor that performed the action.
	Source EventContextActorSource `json:"source"`
	// Name is the name of the actor.
	Name *string `json:"name"`
}

EventContextActor the actor who performed the action.

type EventContextActorSource 

type EventContextActorSource string

EventContextActorSource represents event context actor source values. 

const (
	EventContextActorSourceAPI       EventContextActorSource = "api"
	EventContextActorSourceDashboard EventContextActorSource = "dashboard"
	EventContextActorSourceSystem    EventContextActorSource = "system"
)

type EventContextGoogleAnalyticsSession 

type EventContextGoogleAnalyticsSession struct {
	// ContainerID is the Google Analytics container ID.
	ContainerID string `json:"containerId"`
	// SessionID is the Google Analytics session ID.
	SessionID *string `json:"sessionId,omitempty"`
	// SessionNumber is the Google Analytics session number.
	SessionNumber *string `json:"sessionNumber,omitempty"`
}

EventContextGoogleAnalyticsSession represents an event context google analytics session.

type EventListListMetadata 

type EventListListMetadata struct {
	// After is an object ID that defines your place in the list. When the ID is not present, you are at the end of the list.
	After *string `json:"after"`
}

EventListListMetadata pagination cursor for navigating to the next page of results.

type EventSchema 

type EventSchema struct {
	// Object distinguishes the Event object.
	Object string `json:"object"`
	// ID is unique identifier for the Event.
	ID string `json:"id"`
	// Event is the type of event that occurred.
	Event string `json:"event"`
	// Data is the event payload.
	Data map[string]interface{} `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// Context is additional context about the event.
	Context map[string]interface{} `json:"context,omitempty"`
}

EventSchema an event emitted by WorkOS.

type EventSchemaContext 

type EventSchemaContext struct {
	// ClientID is the client ID associated with the flag event.
	ClientID string `json:"client_id"`
	// Actor is the actor who performed the action.
	Actor *EventSchemaContextActor `json:"actor"`
}

EventSchemaContext additional context about the event.

type EventSchemaContextActor 

type EventSchemaContextActor struct {
	// ID is unique identifier of the actor.
	ID string `json:"id"`
	// Source is the source of the actor that performed the action.
	Source EventSchemaContextActorSource `json:"source"`
	// Name is the name of the actor.
	Name *string `json:"name"`
}

EventSchemaContextActor the actor who performed the action.

type EventSchemaContextActorSource 

type EventSchemaContextActorSource = EventContextActorSource

EventSchemaContextActorSource is an alias for EventContextActorSource.

type EventSchemaData 

type EventSchemaData = ActionAuthenticationDeniedData

EventSchemaData is an alias for ActionAuthenticationDeniedData.

type EventService 

type EventService struct {
	// contains filtered or unexported fields
}

EventService handles Events operations.

func (*EventService) List 

func (s *EventService) List(ctx context.Context, params *EventsListParams, opts ...RequestOption) *Iterator[EventSchema]

List events List events for the current environment.

type EventsListParams 

type EventsListParams struct {
	PaginationParams
	// Events is filter events by one or more event types (e.g. `dsync.user.created`).
	Events []string `url:"events,omitempty" json:"-"`
	// RangeStart is iso-8601 date string to filter events created after this date.
	RangeStart *string `url:"range_start,omitempty" json:"-"`
	// RangeEnd is iso-8601 date string to filter events created before this date.
	RangeEnd *string `url:"range_end,omitempty" json:"-"`
	// OrganizationID is filter events by the [Organization](https://workos.com/docs/reference/organization) that the event is associated with.
	OrganizationID *string `url:"organization_id,omitempty" json:"-"`
}

EventsListParams contains the parameters for List.

type EventsOrder 

type EventsOrder = ApplicationsOrder

EventsOrder is an alias for ApplicationsOrder.

type ExternalAuthCompleteResponse 

type ExternalAuthCompleteResponse struct {
	// RedirectURI is uri to redirect the user back to AuthKit to complete the OAuth flow.
	RedirectURI string `json:"redirect_uri"`
}

ExternalAuthCompleteResponse represents an external auth complete response.

type FeatureFlag 

type FeatureFlag struct {
	// Object distinguishes the Feature Flag object.
	Object string `json:"object"`
	// ID is unique identifier of the Feature Flag.
	ID string `json:"id"`
	// Slug is a unique key to reference the Feature Flag.
	Slug string `json:"slug"`
	// Name is a descriptive name for the Feature Flag. This field does not need to be unique.
	Name string `json:"name"`
	// Description is a description for the Feature Flag.
	Description *string `json:"description"`
	// Owner is the owner of the Feature Flag.
	Owner *FeatureFlagOwner `json:"owner"`
	// Tags is labels assigned to the Feature Flag for categorizing and filtering.
	Tags []string `json:"tags"`
	// Enabled specifies whether the Feature Flag is active for the current environment.
	Enabled bool `json:"enabled"`
	// DefaultValue is the value returned for users and organizations who don't match any configured targeting rules.
	DefaultValue bool `json:"default_value"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

FeatureFlag represents a feature flag.

type FeatureFlagOwner 

type FeatureFlagOwner struct {
	// Email is the email address of the flag owner.
	Email string `json:"email"`
	// FirstName is the first name of the flag owner.
	FirstName *string `json:"first_name"`
	// LastName is the last name of the flag owner.
	LastName *string `json:"last_name"`
}

FeatureFlagOwner represents a feature flag owner.

type FeatureFlagService 

type FeatureFlagService struct {
	// contains filtered or unexported fields
}

FeatureFlagService handles FeatureFlags operations.

func (*FeatureFlagService) AddFlagTarget 

func (s *FeatureFlagService) AddFlagTarget(ctx context.Context, slug string, resourceID string, opts ...RequestOption) error

AddFlagTarget add a feature flag target Enables a feature flag for a specific target in the current environment. Currently, supported targets include users and organizations.

func (*FeatureFlagService) Disable 

func (s *FeatureFlagService) Disable(ctx context.Context, slug string, opts ...RequestOption) (*FeatureFlag, error)

Disable a feature flag Disables a feature flag in the current environment.

func (*FeatureFlagService) Enable 

func (s *FeatureFlagService) Enable(ctx context.Context, slug string, opts ...RequestOption) (*FeatureFlag, error)

Enable a feature flag Enables a feature flag in the current environment.

func (*FeatureFlagService) Get 

func (s *FeatureFlagService) Get(ctx context.Context, slug string, opts ...RequestOption) (*Flag, error)

Get a feature flag Get the details of an existing feature flag by its slug.

func (*FeatureFlagService) List 

func (s *FeatureFlagService) List(ctx context.Context, params *FeatureFlagsListParams, opts ...RequestOption) *Iterator[Flag]

List feature flags Get a list of all of your existing feature flags matching the criteria specified.

func (*FeatureFlagService) ListOrganizationFeatureFlags 

func (s *FeatureFlagService) ListOrganizationFeatureFlags(ctx context.Context, organizationID string, params *FeatureFlagsListOrganizationFeatureFlagsParams, opts ...RequestOption) *Iterator[Flag]

ListOrganizationFeatureFlags list enabled feature flags for an organization Get a list of all enabled feature flags for an organization.

func (*FeatureFlagService) ListUserFeatureFlags 

func (s *FeatureFlagService) ListUserFeatureFlags(ctx context.Context, userID string, params *FeatureFlagsListUserFeatureFlagsParams, opts ...RequestOption) *Iterator[Flag]

ListUserFeatureFlags list enabled feature flags for a user Get a list of all enabled feature flags for the provided user. This includes feature flags enabled specifically for the user as well as any organizations that the user is a member of.

func (*FeatureFlagService) RemoveFlagTarget 

func (s *FeatureFlagService) RemoveFlagTarget(ctx context.Context, slug string, resourceID string, opts ...RequestOption) error

RemoveFlagTarget remove a feature flag target Removes a target from the feature flag's target list in the current environment. Currently, supported targets include users and organizations.

type FeatureFlagsListOrganizationFeatureFlagsParams 

type FeatureFlagsListOrganizationFeatureFlagsParams struct {
	PaginationParams
}

FeatureFlagsListOrganizationFeatureFlagsParams contains the parameters for ListOrganizationFeatureFlags.

type FeatureFlagsListParams 

type FeatureFlagsListParams struct {
	PaginationParams
}

FeatureFlagsListParams contains the parameters for List.

type FeatureFlagsListUserFeatureFlagsParams 

type FeatureFlagsListUserFeatureFlagsParams struct {
	PaginationParams
}

FeatureFlagsListUserFeatureFlagsParams contains the parameters for ListUserFeatureFlags.

type FeatureFlagsOrder 

type FeatureFlagsOrder = ApplicationsOrder

FeatureFlagsOrder is an alias for ApplicationsOrder.

type FieldError 

type FieldError struct {
	Field string `json:"field"`
	Code  string `json:"code"`
}

FieldError represents a field-level validation error.

type Flag 

type Flag struct {
	// Object distinguishes the Feature Flag object.
	Object string `json:"object"`
	// ID is unique identifier of the Feature Flag.
	ID string `json:"id"`
	// Slug is a unique key to reference the Feature Flag.
	Slug string `json:"slug"`
	// Name is a descriptive name for the Feature Flag. This field does not need to be unique.
	Name string `json:"name"`
	// Description is a description for the Feature Flag.
	Description *string `json:"description"`
	// Owner is the owner of the Feature Flag.
	Owner *FlagOwner `json:"owner"`
	// Tags is labels assigned to the Feature Flag for categorizing and filtering.
	Tags []string `json:"tags"`
	// Enabled specifies whether the Feature Flag is active for the current environment.
	Enabled bool `json:"enabled"`
	// DefaultValue is the value returned for users and organizations who don't match any configured targeting rules.
	DefaultValue bool `json:"default_value"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

Flag represents a flag.

type FlagCreated 

type FlagCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *FlagCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// Context is additional context about the event.
	Context *FlagCreatedContext `json:"context"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

FlagCreated represents a flag created.

type FlagCreatedContext 

type FlagCreatedContext struct {
	// ClientID is the client ID associated with the flag event.
	ClientID string `json:"client_id"`
	// Actor is the actor who performed the action.
	Actor *FlagCreatedContextActor `json:"actor"`
}

FlagCreatedContext additional context about the event.

type FlagCreatedContextActor 

type FlagCreatedContextActor struct {
	// ID is unique identifier of the actor.
	ID string `json:"id"`
	// Source is the source of the actor that performed the action.
	Source FlagCreatedContextActorSource `json:"source"`
	// Name is the name of the actor.
	Name *string `json:"name"`
}

FlagCreatedContextActor the actor who performed the action.

type FlagCreatedContextActorSource 

type FlagCreatedContextActorSource = EventContextActorSource

FlagCreatedContextActorSource is an alias for EventContextActorSource.

type FlagCreatedData 

type FlagCreatedData struct {
	Object string `json:"object"`
	// ID is unique identifier of the Feature Flag.
	ID string `json:"id"`
	// EnvironmentID is the ID of the environment the Feature Flag belongs to.
	EnvironmentID string `json:"environment_id"`
	// Slug is a unique key to reference the Feature Flag.
	Slug string `json:"slug"`
	// Name is a descriptive name for the Feature Flag.
	Name string `json:"name"`
	// Description is a description for the Feature Flag.
	Description *string `json:"description"`
	// Owner is the owner of the Feature Flag.
	Owner *FlagCreatedDataOwner `json:"owner"`
	// Tags is labels assigned to the Feature Flag for categorizing and filtering.
	Tags []string `json:"tags"`
	// Enabled specifies whether the Feature Flag is active for the current environment.
	Enabled bool `json:"enabled"`
	// DefaultValue is the value returned for users and organizations who don't match any configured targeting rules.
	DefaultValue bool `json:"default_value"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

FlagCreatedData the event payload.

type FlagCreatedDataOwner 

type FlagCreatedDataOwner = FeatureFlagOwner

The following types are structurally identical to FeatureFlagOwner.

type FlagDeleted 

type FlagDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *FlagDeletedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// Context is additional context about the event.
	Context *FlagDeletedContext `json:"context"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

FlagDeleted represents a flag deleted.

type FlagDeletedContext 

type FlagDeletedContext struct {
	// ClientID is the client ID associated with the flag event.
	ClientID string `json:"client_id"`
	// Actor is the actor who performed the action.
	Actor *FlagDeletedContextActor `json:"actor"`
}

FlagDeletedContext additional context about the event.

type FlagDeletedContextActor 

type FlagDeletedContextActor struct {
	// ID is unique identifier of the actor.
	ID string `json:"id"`
	// Source is the source of the actor that performed the action.
	Source FlagDeletedContextActorSource `json:"source"`
	// Name is the name of the actor.
	Name *string `json:"name"`
}

FlagDeletedContextActor the actor who performed the action.

type FlagDeletedContextActorSource 

type FlagDeletedContextActorSource = EventContextActorSource

FlagDeletedContextActorSource is an alias for EventContextActorSource.

type FlagDeletedData 

type FlagDeletedData struct {
	Object string `json:"object"`
	// ID is unique identifier of the Feature Flag.
	ID string `json:"id"`
	// EnvironmentID is the ID of the environment the Feature Flag belongs to.
	EnvironmentID string `json:"environment_id"`
	// Slug is a unique key to reference the Feature Flag.
	Slug string `json:"slug"`
	// Name is a descriptive name for the Feature Flag.
	Name string `json:"name"`
	// Description is a description for the Feature Flag.
	Description *string `json:"description"`
	// Owner is the owner of the Feature Flag.
	Owner *FlagDeletedDataOwner `json:"owner"`
	// Tags is labels assigned to the Feature Flag for categorizing and filtering.
	Tags []string `json:"tags"`
	// Enabled specifies whether the Feature Flag is active for the current environment.
	Enabled bool `json:"enabled"`
	// DefaultValue is the value returned for users and organizations who don't match any configured targeting rules.
	DefaultValue bool `json:"default_value"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

FlagDeletedData the event payload.

type FlagDeletedDataOwner 

type FlagDeletedDataOwner = FeatureFlagOwner

The following types are structurally identical to FeatureFlagOwner.

type FlagOwner 

type FlagOwner = FeatureFlagOwner

The following types are structurally identical to FeatureFlagOwner.

type FlagRuleUpdated 

type FlagRuleUpdated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *FlagRuleUpdatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// Context is additional context about the event.
	Context *FlagRuleUpdatedContext `json:"context"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

FlagRuleUpdated represents a flag rule updated.

type FlagRuleUpdatedContext 

type FlagRuleUpdatedContext struct {
	// ClientID is the client ID associated with the flag event.
	ClientID string `json:"client_id"`
	// Actor is the actor who performed the action.
	Actor *FlagRuleUpdatedContextActor `json:"actor"`
	// AccessType is the access type of the flag rule.
	AccessType FlagRuleUpdatedContextAccessType `json:"access_type"`
	// ConfiguredTargets is the configured targets for the flag rule.
	ConfiguredTargets *FlagRuleUpdatedContextConfiguredTarget `json:"configured_targets"`
	// PreviousAttributes is attributes that changed from their previous values.
	PreviousAttributes *FlagRuleUpdatedContextPreviousAttribute `json:"previous_attributes"`
}

FlagRuleUpdatedContext additional context about the event.

type FlagRuleUpdatedContextAccessType 

type FlagRuleUpdatedContextAccessType string

FlagRuleUpdatedContextAccessType represents flag rule updated context access type values. 

const (
	FlagRuleUpdatedContextAccessTypeNone FlagRuleUpdatedContextAccessType = "none"
	FlagRuleUpdatedContextAccessTypeSome FlagRuleUpdatedContextAccessType = "some"
	FlagRuleUpdatedContextAccessTypeAll  FlagRuleUpdatedContextAccessType = "all"
)

type FlagRuleUpdatedContextActor 

type FlagRuleUpdatedContextActor struct {
	// ID is unique identifier of the actor.
	ID     string                            `json:"id"`
	Source FlagRuleUpdatedContextActorSource `json:"source"`
	// Name is the name of the actor.
	Name *string `json:"name"`
}

FlagRuleUpdatedContextActor the actor who performed the action.

type FlagRuleUpdatedContextActorSource 

type FlagRuleUpdatedContextActorSource = EventContextActorSource

FlagRuleUpdatedContextActorSource is an alias for EventContextActorSource.

type FlagRuleUpdatedContextConfiguredTarget 

type FlagRuleUpdatedContextConfiguredTarget struct {
	// Organizations is the organizations targeted by the flag rule.
	Organizations []*FlagRuleUpdatedContextConfiguredTargetOrganization `json:"organizations"`
	// Users is the users targeted by the flag rule.
	Users []*FlagRuleUpdatedContextConfiguredTargetUser `json:"users"`
}

FlagRuleUpdatedContextConfiguredTarget the configured targets for the flag rule.

type FlagRuleUpdatedContextConfiguredTargetOrganization 

type FlagRuleUpdatedContextConfiguredTargetOrganization struct {
	// ID is the ID of the organization.
	ID string `json:"id"`
	// Name is the name of the organization.
	Name string `json:"name"`
}

FlagRuleUpdatedContextConfiguredTargetOrganization represents a flag rule updated context configured target organization.

type FlagRuleUpdatedContextConfiguredTargetUser 

type FlagRuleUpdatedContextConfiguredTargetUser struct {
	// ID is the ID of the user.
	ID string `json:"id"`
	// Email is the email of the user.
	Email string `json:"email"`
}

FlagRuleUpdatedContextConfiguredTargetUser represents a flag rule updated context configured target user.

type FlagRuleUpdatedContextPreviousAttribute 

type FlagRuleUpdatedContextPreviousAttribute struct {
	// Data is the previous data attributes of the flag.
	Data *FlagRuleUpdatedContextPreviousAttributeData `json:"data,omitempty"`
	// Context is the previous context attributes of the flag rule.
	Context *FlagRuleUpdatedContextPreviousAttributeContext `json:"context,omitempty"`
}

FlagRuleUpdatedContextPreviousAttribute attributes that changed from their previous values.

type FlagRuleUpdatedContextPreviousAttributeContext 

type FlagRuleUpdatedContextPreviousAttributeContext struct {
	// AccessType is the previous access type of the flag rule.
	AccessType *FlagRuleUpdatedContextPreviousAttributeContextAccessType `json:"access_type,omitempty"`
	// ConfiguredTargets is the previous configured targets for the flag rule.
	ConfiguredTargets *FlagRuleUpdatedContextPreviousAttributeContextConfiguredTarget `json:"configured_targets,omitempty"`
}

FlagRuleUpdatedContextPreviousAttributeContext the previous context attributes of the flag rule.

type FlagRuleUpdatedContextPreviousAttributeContextAccessType 

type FlagRuleUpdatedContextPreviousAttributeContextAccessType = FlagRuleUpdatedContextAccessType

FlagRuleUpdatedContextPreviousAttributeContextAccessType is an alias for FlagRuleUpdatedContextAccessType.

type FlagRuleUpdatedContextPreviousAttributeContextConfiguredTarget 

type FlagRuleUpdatedContextPreviousAttributeContextConfiguredTarget struct {
	// Organizations is the organizations targeted by the flag rule.
	Organizations []*FlagRuleUpdatedContextPreviousAttributeContextConfiguredTargetOrganization `json:"organizations"`
	// Users is the users targeted by the flag rule.
	Users []*FlagRuleUpdatedContextPreviousAttributeContextConfiguredTargetUser `json:"users"`
}

FlagRuleUpdatedContextPreviousAttributeContextConfiguredTarget the previous configured targets for the flag rule.

type FlagRuleUpdatedContextPreviousAttributeContextConfiguredTargetOrganization 

type FlagRuleUpdatedContextPreviousAttributeContextConfiguredTargetOrganization = FlagRuleUpdatedContextConfiguredTargetOrganization

FlagRuleUpdatedContextPreviousAttributeContextConfiguredTargetOrganization is an alias for FlagRuleUpdatedContextConfiguredTargetOrganization.

type FlagRuleUpdatedContextPreviousAttributeContextConfiguredTargetUser 

type FlagRuleUpdatedContextPreviousAttributeContextConfiguredTargetUser = FlagRuleUpdatedContextConfiguredTargetUser

FlagRuleUpdatedContextPreviousAttributeContextConfiguredTargetUser is an alias for FlagRuleUpdatedContextConfiguredTargetUser.

type FlagRuleUpdatedContextPreviousAttributeData 

type FlagRuleUpdatedContextPreviousAttributeData struct {
	// Enabled is whether the flag was previously enabled.
	Enabled *bool `json:"enabled,omitempty"`
	// DefaultValue is the previous default value of the flag.
	DefaultValue *bool `json:"default_value,omitempty"`
}

FlagRuleUpdatedContextPreviousAttributeData the previous data attributes of the flag.

type FlagRuleUpdatedData 

type FlagRuleUpdatedData struct {
	Object string `json:"object"`
	// ID is unique identifier of the Feature Flag.
	ID string `json:"id"`
	// EnvironmentID is the ID of the environment the Feature Flag belongs to.
	EnvironmentID string `json:"environment_id"`
	// Slug is a unique key to reference the Feature Flag.
	Slug string `json:"slug"`
	// Name is a descriptive name for the Feature Flag.
	Name string `json:"name"`
	// Description is a description for the Feature Flag.
	Description *string `json:"description"`
	// Owner is the owner of the Feature Flag.
	Owner *FlagRuleUpdatedDataOwner `json:"owner"`
	// Tags is labels assigned to the Feature Flag for categorizing and filtering.
	Tags []string `json:"tags"`
	// Enabled specifies whether the Feature Flag is active for the current environment.
	Enabled bool `json:"enabled"`
	// DefaultValue is the value returned for users and organizations who don't match any configured targeting rules.
	DefaultValue bool `json:"default_value"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

FlagRuleUpdatedData the event payload.

type FlagRuleUpdatedDataOwner 

type FlagRuleUpdatedDataOwner = FeatureFlagOwner

The following types are structurally identical to FeatureFlagOwner.

type FlagUpdated 

type FlagUpdated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *FlagUpdatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// Context is additional context about the event.
	Context *FlagUpdatedContext `json:"context"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

FlagUpdated represents a flag updated.

type FlagUpdatedContext 

type FlagUpdatedContext struct {
	// ClientID is the client ID associated with the flag event.
	ClientID string `json:"client_id"`
	// Actor is the actor who performed the action.
	Actor *FlagUpdatedContextActor `json:"actor"`
	// PreviousAttributes is attributes that changed from their previous values.
	PreviousAttributes *FlagUpdatedContextPreviousAttribute `json:"previous_attributes,omitempty"`
}

FlagUpdatedContext additional context about the event.

type FlagUpdatedContextActor 

type FlagUpdatedContextActor struct {
	// ID is unique identifier of the actor.
	ID string `json:"id"`
	// Source is the source of the actor that performed the action.
	Source FlagUpdatedContextActorSource `json:"source"`
	// Name is the name of the actor.
	Name *string `json:"name"`
}

FlagUpdatedContextActor the actor who performed the action.

type FlagUpdatedContextActorSource 

type FlagUpdatedContextActorSource = EventContextActorSource

FlagUpdatedContextActorSource is an alias for EventContextActorSource.

type FlagUpdatedContextPreviousAttribute 

type FlagUpdatedContextPreviousAttribute struct {
	// Data is the previous data attributes of the flag.
	Data *FlagUpdatedContextPreviousAttributeData `json:"data,omitempty"`
}

FlagUpdatedContextPreviousAttribute attributes that changed from their previous values.

type FlagUpdatedContextPreviousAttributeData 

type FlagUpdatedContextPreviousAttributeData struct {
	// Name is the previous name of the flag.
	Name *string `json:"name,omitempty"`
	// Description is the previous description of the flag.
	Description *string `json:"description,omitempty"`
	// Tags is the previous tags of the flag.
	Tags []string `json:"tags,omitempty"`
	// Enabled is whether the flag was previously enabled.
	Enabled *bool `json:"enabled,omitempty"`
	// DefaultValue is the previous default value of the flag.
	DefaultValue *bool `json:"default_value,omitempty"`
}

FlagUpdatedContextPreviousAttributeData the previous data attributes of the flag.

type FlagUpdatedData 

type FlagUpdatedData struct {
	Object string `json:"object"`
	// ID is unique identifier of the Feature Flag.
	ID string `json:"id"`
	// EnvironmentID is the ID of the environment the Feature Flag belongs to.
	EnvironmentID string `json:"environment_id"`
	// Slug is a unique key to reference the Feature Flag.
	Slug string `json:"slug"`
	// Name is a descriptive name for the Feature Flag.
	Name string `json:"name"`
	// Description is a description for the Feature Flag.
	Description *string `json:"description"`
	// Owner is the owner of the Feature Flag.
	Owner *FlagUpdatedDataOwner `json:"owner"`
	// Tags is labels assigned to the Feature Flag for categorizing and filtering.
	Tags []string `json:"tags"`
	// Enabled specifies whether the Feature Flag is active for the current environment.
	Enabled bool `json:"enabled"`
	// DefaultValue is the value returned for users and organizations who don't match any configured targeting rules.
	DefaultValue bool `json:"default_value"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

FlagUpdatedData the event payload.

type FlagUpdatedDataOwner 

type FlagUpdatedDataOwner = FeatureFlagOwner

The following types are structurally identical to FeatureFlagOwner. 

type GenerateLink struct {
	// ReturnURL is the URL to go to when an admin clicks on your logo in the Admin Portal. If not specified, the return URL configured on the [Redirects](https://dashboard.workos.com/redirects) page will be used.
	ReturnURL *string `json:"return_url,omitempty"`
	// SuccessURL is the URL to redirect the admin to when they finish setup. If not specified, the success URL configured on the [Redirects](https://dashboard.workos.com/redirects) page will be used.
	SuccessURL *string `json:"success_url,omitempty"`
	// Organization is an [Organization](https://workos.com/docs/reference/organization) identifier.
	Organization string `json:"organization"`
	// Intent is       The intent of the Admin Portal.
	// - `sso` - Launch Admin Portal for creating SSO connections
	// - `dsync` - Launch Admin Portal for creating Directory Sync connections
	// - `audit_logs` - Launch Admin Portal for viewing Audit Logs
	// - `log_streams` - Launch Admin Portal for creating Log Streams
	// - `domain_verification` - Launch Admin Portal for Domain Verification
	// - `certificate_renewal` - Launch Admin Portal for renewing SAML Certificates
	// - `bring_your_own_key` - Launch Admin Portal for configuring Bring Your Own Key
	Intent *GenerateLinkIntent `json:"intent,omitempty"`
	// IntentOptions is options to configure the Admin Portal based on the intent.
	IntentOptions *IntentOptions `json:"intent_options,omitempty"`
	// AdminEmails is the email addresses of the IT admins to grant access to the Admin Portal for the given organization. Accepts up to 20 emails.
	AdminEmails []string `json:"admin_emails,omitempty"`
}

GenerateLink represents a generate link.

type GenerateLinkIntent 

type GenerateLinkIntent string

GenerateLinkIntent represents generate link intent values. 

const (
	GenerateLinkIntentSSO                GenerateLinkIntent = "sso"
	GenerateLinkIntentDsync              GenerateLinkIntent = "dsync"
	GenerateLinkIntentAuditLogs          GenerateLinkIntent = "audit_logs"
	GenerateLinkIntentLogStreams         GenerateLinkIntent = "log_streams"
	GenerateLinkIntentDomainVerification GenerateLinkIntent = "domain_verification"
	GenerateLinkIntentCertificateRenewal GenerateLinkIntent = "certificate_renewal"
	GenerateLinkIntentBringYourOwnKey    GenerateLinkIntent = "bring_your_own_key"
)

type Group 

type Group struct {
	// Object is the Group object.
	Object string `json:"object"`
	// ID is the unique ID of the Group.
	ID string `json:"id"`
	// OrganizationID is the ID of the Organization the Group belongs to.
	OrganizationID string `json:"organization_id"`
	// Name is the name of the Group.
	Name string `json:"name"`
	// Description is an optional description of the Group.
	Description *string `json:"description"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

Group represents a group.

type GroupCreated 

type GroupCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *Group `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

GroupCreated represents a group created.

type GroupDeleted 

type GroupDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *Group `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

GroupDeleted represents a group deleted.

type GroupMemberAdded 

type GroupMemberAdded struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *GroupMemberAddedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

GroupMemberAdded represents a group member added.

type GroupMemberAddedData 

type GroupMemberAddedData struct {
	// GroupID is the ID of the Group.
	GroupID string `json:"group_id"`
	// OrganizationMembershipID is the ID of the OrganizationMembership.
	OrganizationMembershipID string `json:"organization_membership_id"`
}

GroupMemberAddedData the event payload.

type GroupMemberRemoved 

type GroupMemberRemoved struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *GroupMemberRemovedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

GroupMemberRemoved represents a group member removed.

type GroupMemberRemovedData 

type GroupMemberRemovedData = GroupMemberAddedData

GroupMemberRemovedData is an alias for GroupMemberAddedData.

type GroupUpdated 

type GroupUpdated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *Group `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

GroupUpdated represents a group updated.

type IntentOptions 

type IntentOptions struct {
	// SSO is sso-specific options for the Admin Portal.
	SSO *SSOIntentOptions `json:"sso"`
}

IntentOptions represents an intent options.

type Invitation 

type Invitation struct {
	// Object distinguishes the invitation object.
	Object string `json:"object"`
	// ID is the unique ID of the invitation.
	ID string `json:"id"`
	// Email is the email address of the recipient.
	Email string `json:"email"`
	// State is the state of the invitation.
	State InvitationState `json:"state"`
	// AcceptedAt is the timestamp when the invitation was accepted, or null if not yet accepted.
	AcceptedAt *string `json:"accepted_at"`
	// RevokedAt is the timestamp when the invitation was revoked, or null if not revoked.
	RevokedAt *string `json:"revoked_at"`
	// ExpiresAt is the timestamp when the invitation expires.
	ExpiresAt string `json:"expires_at"`
	// OrganizationID is the ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join.
	OrganizationID *string `json:"organization_id"`
	// InviterUserID is the ID of the user who invited the recipient, if provided.
	InviterUserID *string `json:"inviter_user_id"`
	// AcceptedUserID is the ID of the user who accepted the invitation, once accepted.
	AcceptedUserID *string `json:"accepted_user_id"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// Token is the token used to accept the invitation.
	Token string `json:"token"`
	// AcceptInvitationURL is the URL where the recipient can accept the invitation.
	AcceptInvitationURL string `json:"accept_invitation_url"`
}

Invitation represents an invitation.

type InvitationAccepted 

type InvitationAccepted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *InvitationAcceptedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

InvitationAccepted represents an invitation accepted.

type InvitationAcceptedData 

type InvitationAcceptedData struct {
	// Object distinguishes the invitation object.
	Object string `json:"object"`
	// ID is the unique ID of the invitation.
	ID string `json:"id"`
	// Email is the email address of the recipient.
	Email string `json:"email"`
	// State is the state of the invitation.
	State InvitationAcceptedDataState `json:"state"`
	// AcceptedAt is the timestamp when the invitation was accepted, or null if not yet accepted.
	AcceptedAt *string `json:"accepted_at"`
	// RevokedAt is the timestamp when the invitation was revoked, or null if not revoked.
	RevokedAt *string `json:"revoked_at"`
	// ExpiresAt is the timestamp when the invitation expires.
	ExpiresAt string `json:"expires_at"`
	// OrganizationID is the ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join.
	OrganizationID *string `json:"organization_id"`
	// InviterUserID is the ID of the user who invited the recipient, if provided.
	InviterUserID *string `json:"inviter_user_id"`
	// AcceptedUserID is the ID of the user who accepted the invitation, once accepted.
	AcceptedUserID *string `json:"accepted_user_id"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

InvitationAcceptedData the event payload.

type InvitationAcceptedDataState 

type InvitationAcceptedDataState string

InvitationAcceptedDataState represents invitation accepted data state values. 

const (
	InvitationAcceptedDataStatePending  InvitationAcceptedDataState = "pending"
	InvitationAcceptedDataStateAccepted InvitationAcceptedDataState = "accepted"
	InvitationAcceptedDataStateExpired  InvitationAcceptedDataState = "expired"
	InvitationAcceptedDataStateRevoked  InvitationAcceptedDataState = "revoked"
)

type InvitationCreated 

type InvitationCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *InvitationCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

InvitationCreated represents an invitation created.

type InvitationCreatedData 

type InvitationCreatedData struct {
	// Object distinguishes the invitation object.
	Object string `json:"object"`
	// ID is the unique ID of the invitation.
	ID string `json:"id"`
	// Email is the email address of the recipient.
	Email string `json:"email"`
	// State is the state of the invitation.
	State InvitationCreatedDataState `json:"state"`
	// AcceptedAt is the timestamp when the invitation was accepted, or null if not yet accepted.
	AcceptedAt *string `json:"accepted_at"`
	// RevokedAt is the timestamp when the invitation was revoked, or null if not revoked.
	RevokedAt *string `json:"revoked_at"`
	// ExpiresAt is the timestamp when the invitation expires.
	ExpiresAt string `json:"expires_at"`
	// OrganizationID is the ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join.
	OrganizationID *string `json:"organization_id"`
	// InviterUserID is the ID of the user who invited the recipient, if provided.
	InviterUserID *string `json:"inviter_user_id"`
	// AcceptedUserID is the ID of the user who accepted the invitation, once accepted.
	AcceptedUserID *string `json:"accepted_user_id"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

InvitationCreatedData the event payload.

type InvitationCreatedDataState 

type InvitationCreatedDataState = InvitationAcceptedDataState

InvitationCreatedDataState is an alias for InvitationAcceptedDataState.

type InvitationResent 

type InvitationResent struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *InvitationResentData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

InvitationResent represents an invitation resent.

type InvitationResentData 

type InvitationResentData struct {
	// Object distinguishes the invitation object.
	Object string `json:"object"`
	// ID is the unique ID of the invitation.
	ID string `json:"id"`
	// Email is the email address of the recipient.
	Email string `json:"email"`
	// State is the state of the invitation.
	State InvitationResentDataState `json:"state"`
	// AcceptedAt is the timestamp when the invitation was accepted, or null if not yet accepted.
	AcceptedAt *string `json:"accepted_at"`
	// RevokedAt is the timestamp when the invitation was revoked, or null if not revoked.
	RevokedAt *string `json:"revoked_at"`
	// ExpiresAt is the timestamp when the invitation expires.
	ExpiresAt string `json:"expires_at"`
	// OrganizationID is the ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join.
	OrganizationID *string `json:"organization_id"`
	// InviterUserID is the ID of the user who invited the recipient, if provided.
	InviterUserID *string `json:"inviter_user_id"`
	// AcceptedUserID is the ID of the user who accepted the invitation, once accepted.
	AcceptedUserID *string `json:"accepted_user_id"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

InvitationResentData the event payload.

type InvitationResentDataState 

type InvitationResentDataState = InvitationAcceptedDataState

InvitationResentDataState is an alias for InvitationAcceptedDataState.

type InvitationRevoked 

type InvitationRevoked struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *InvitationRevokedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

InvitationRevoked represents an invitation revoked.

type InvitationRevokedData 

type InvitationRevokedData struct {
	// Object distinguishes the invitation object.
	Object string `json:"object"`
	// ID is the unique ID of the invitation.
	ID string `json:"id"`
	// Email is the email address of the recipient.
	Email string `json:"email"`
	// State is the state of the invitation.
	State InvitationRevokedDataState `json:"state"`
	// AcceptedAt is the timestamp when the invitation was accepted, or null if not yet accepted.
	AcceptedAt *string `json:"accepted_at"`
	// RevokedAt is the timestamp when the invitation was revoked, or null if not revoked.
	RevokedAt *string `json:"revoked_at"`
	// ExpiresAt is the timestamp when the invitation expires.
	ExpiresAt string `json:"expires_at"`
	// OrganizationID is the ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join.
	OrganizationID *string `json:"organization_id"`
	// InviterUserID is the ID of the user who invited the recipient, if provided.
	InviterUserID *string `json:"inviter_user_id"`
	// AcceptedUserID is the ID of the user who accepted the invitation, once accepted.
	AcceptedUserID *string `json:"accepted_user_id"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

InvitationRevokedData the event payload.

type InvitationRevokedDataState 

type InvitationRevokedDataState = InvitationAcceptedDataState

InvitationRevokedDataState is an alias for InvitationAcceptedDataState.

type InvitationState 

type InvitationState = InvitationAcceptedDataState

InvitationState is an alias for InvitationAcceptedDataState.

type Iterator 

type Iterator[T any] struct {
	// contains filtered or unexported fields
}

Iterator provides auto-pagination over list endpoints.

Example usage: 

iter := client.UserManagement().ListUsers(ctx, &workos.UserManagementListUsersParams{})
for iter.Next() {
    user := iter.Current()
    fmt.Println(user.Email)
}
if err := iter.Err(); err != nil {
    log.Fatal(err)
}
Example 
client := workos.NewClient("sk_example_api_key")

iter := client.Organizations().List(context.Background(), &workos.OrganizationsListParams{})
for iter.Next() {
	org := iter.Current()
	fmt.Println(org.Name)
}
if err := iter.Err(); err != nil {
	log.Fatal(err)
}

func (*Iterator[T]) Current 

func (it *Iterator[T]) Current() *T

Current returns the current item.

func (*Iterator[T]) Cursor 

func (it *Iterator[T]) Cursor() *string

Cursor returns the current pagination cursor, which can be used to resume iteration across process restarts by passing it as the "after" parameter.

func (*Iterator[T]) Err 

func (it *Iterator[T]) Err() error

Err returns any error from the last page fetch.

func (*Iterator[T]) Next 

func (it *Iterator[T]) Next() bool

Next advances the iterator. Returns false when done or on error.

type JWKSResponse 

type JWKSResponse struct {
	// Keys is the public keys used for verifying access tokens.
	Keys []*JWKSResponseKeys `json:"keys"`
}

JWKSResponse represents a jwks response.

type JWKSResponseKeys 

type JWKSResponseKeys struct {
	// Alg is algorithm.
	Alg string `json:"alg"`
	// Kty is key type.
	Kty string `json:"kty"`
	// Use is key use (signature).
	Use string `json:"use"`
	// X5C is x.509 certificate chain.
	X5C []string `json:"x5c"`
	// N is rsa modulus.
	N string `json:"n"`
	// E is rsa exponent.
	E string `json:"e"`
	// Kid is key ID.
	Kid string `json:"kid"`
	// X5TS256 is x.509 certificate SHA-256 thumbprint.
	X5TS256 string `json:"x5t#S256"`
}

JWKSResponseKeys represents a jwks response keys.

type JWTClaims 

type JWTClaims struct {
	SessionID      string   `json:"sid"`
	OrganizationID string   `json:"org_id"`
	Role           string   `json:"role"`
	Permissions    []string `json:"permissions"`
	Entitlements   []string `json:"entitlements"`
}

JWTClaims represents the claims extracted from a session JWT payload.

type JWTTemplateResponse 

type JWTTemplateResponse struct {
	// Object is the object type.
	Object string `json:"object"`
	// Content is the JWT template content as a Liquid template string.
	Content string `json:"content"`
	// CreatedAt is the timestamp when the JWT template was created.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is the timestamp when the JWT template was last updated.
	UpdatedAt string `json:"updated_at"`
}

JWTTemplateResponse represents a JWT template response.

type KeyContext 

type KeyContext struct {
	// Type is the key context type (e.g., "environment").
	Type string `json:"type"`
	// EnvironmentID is the WorkOS environment ID this key is scoped to.
	EnvironmentID string `json:"environment_id"`
}

KeyContext describes the encryption context for a vault key.

type Logger 

type Logger interface {
	Printf(format string, args ...any)
}

Logger is a minimal logging interface for HTTP request tracing.

type MFAChallengeError 

type MFAChallengeError struct {
	*APIError
	User                  User                   `json:"user"`
	AuthenticationFactors []AuthenticationFactor `json:"authentication_factors"`
}

MFAChallengeError occurs when a user needs to complete an MFA challenge.

func (*MFAChallengeError) Error 

func (e *MFAChallengeError) Error() string

func (*MFAChallengeError) Unwrap 

func (e *MFAChallengeError) Unwrap() error

type MFAEnrollmentError 

type MFAEnrollmentError struct {
	*APIError
	User User `json:"user"`
}

MFAEnrollmentError occurs when a user needs to enroll in MFA.

func (*MFAEnrollmentError) Error 

func (e *MFAEnrollmentError) Error() string

func (*MFAEnrollmentError) Unwrap 

func (e *MFAEnrollmentError) Unwrap() error

type MFATOTPSessionAuthenticateRequest 

type MFATOTPSessionAuthenticateRequest struct {
	// ClientID is the client ID of the application.
	ClientID string `json:"client_id"`
	// ClientSecret is the client secret of the application.
	ClientSecret string `json:"client_secret"`
	GrantType    string `json:"grant_type"`
	// Code is the TOTP code from the authenticator app.
	Code string `json:"code"`
	// PendingAuthenticationToken is the pending authentication token from a previous authentication attempt.
	PendingAuthenticationToken string `json:"pending_authentication_token"`
	// AuthenticationChallengeID is the ID of the MFA authentication challenge.
	AuthenticationChallengeID string `json:"authentication_challenge_id"`
	// IPAddress is the IP address of the user's request.
	IPAddress *string `json:"ip_address,omitempty"`
	// DeviceID is a unique identifier for the device.
	DeviceID *string `json:"device_id,omitempty"`
	// UserAgent is the user agent string from the user's browser.
	UserAgent *string `json:"user_agent,omitempty"`
}

MFATOTPSessionAuthenticateRequest represents an urn workos OAuth grant type mfa totp session authenticate request.

type MagicAuth 

type MagicAuth struct {
	// Object distinguishes the Magic Auth object.
	Object string `json:"object"`
	// ID is the unique ID of the Magic Auth code.
	ID string `json:"id"`
	// UserID is the unique ID of the user.
	UserID string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
	// ExpiresAt is the timestamp when the Magic Auth code expires.
	ExpiresAt string `json:"expires_at"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// Code is the code used to verify the Magic Auth code.
	Code string `json:"code"`
}

MagicAuth represents a magic auth.

type MagicAuthCodeSessionAuthenticateRequest 

type MagicAuthCodeSessionAuthenticateRequest struct {
	// ClientID is the client ID of the application.
	ClientID string `json:"client_id"`
	// ClientSecret is the client secret of the application.
	ClientSecret string `json:"client_secret"`
	GrantType    string `json:"grant_type"`
	// Code is the one-time code for Magic Auth authentication.
	Code string `json:"code"`
	// Email is the user's email address.
	Email string `json:"email"`
	// InvitationToken is an invitation token to accept during authentication.
	InvitationToken *string `json:"invitation_token,omitempty"`
	// IPAddress is the IP address of the user's request.
	IPAddress *string `json:"ip_address,omitempty"`
	// DeviceID is a unique identifier for the device.
	DeviceID *string `json:"device_id,omitempty"`
	// UserAgent is the user agent string from the user's browser.
	UserAgent *string `json:"user_agent,omitempty"`
}

MagicAuthCodeSessionAuthenticateRequest represents an urn workos OAuth grant type magic auth code session authenticate request.

type MagicAuthCreated 

type MagicAuthCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *MagicAuthCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

MagicAuthCreated represents a magic auth created.

type MagicAuthCreatedData 

type MagicAuthCreatedData struct {
	// Object distinguishes the Magic Auth object.
	Object string `json:"object"`
	// ID is the unique ID of the Magic Auth code.
	ID string `json:"id"`
	// UserID is the unique ID of the user.
	UserID string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
	// ExpiresAt is the timestamp when the Magic Auth code expires.
	ExpiresAt string `json:"expires_at"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

MagicAuthCreatedData the event payload.

type MultiFactorAuthChallengeFactorParams 

type MultiFactorAuthChallengeFactorParams struct {
	// SmsTemplate is a custom template for the SMS message. Use the {{code}} placeholder to include the verification code.
	SmsTemplate *string `json:"sms_template,omitempty"`
}

MultiFactorAuthChallengeFactorParams contains the parameters for ChallengeFactor.

type MultiFactorAuthCreateUserAuthFactorParams 

type MultiFactorAuthCreateUserAuthFactorParams struct {
	// Type is the type of the factor to enroll.
	Type string `json:"type"`
	// TOTPIssuer is your application or company name displayed in the user's authenticator app.
	TOTPIssuer *string `json:"totp_issuer,omitempty"`
	// TOTPUser is the user's account name displayed in their authenticator app.
	TOTPUser *string `json:"totp_user,omitempty"`
	// TOTPSecret is the Base32-encoded shared secret for TOTP factors. This can be provided when creating the auth factor, otherwise it will be generated. The algorithm used to derive TOTP codes is SHA-1, the code length is 6 digits, and the timestep is 30 seconds – the secret must be compatible with these parameters.
	TOTPSecret *string `json:"totp_secret,omitempty"`
}

MultiFactorAuthCreateUserAuthFactorParams contains the parameters for CreateUserAuthFactor.

type MultiFactorAuthEnrollFactorParams 

type MultiFactorAuthEnrollFactorParams struct {
	// Type is the type of factor to enroll.
	Type AuthenticationFactorsCreateRequestType `json:"type"`
	// PhoneNumber is required when type is 'sms'.
	PhoneNumber *string `json:"phone_number,omitempty"`
	// TOTPIssuer is required when type is 'totp'.
	TOTPIssuer *string `json:"totp_issuer,omitempty"`
	// TOTPUser is required when type is 'totp'.
	TOTPUser *string `json:"totp_user,omitempty"`
	// UserID is the ID of the user to associate the factor with.
	UserID *string `json:"user_id,omitempty"`
}

MultiFactorAuthEnrollFactorParams contains the parameters for EnrollFactor.

type MultiFactorAuthListUserAuthFactorsParams 

type MultiFactorAuthListUserAuthFactorsParams struct {
	PaginationParams
}

MultiFactorAuthListUserAuthFactorsParams contains the parameters for ListUserAuthFactors.

type MultiFactorAuthService 

type MultiFactorAuthService struct {
	// contains filtered or unexported fields
}

MultiFactorAuthService handles MultiFactorAuth operations.

func (*MultiFactorAuthService) ChallengeFactor 

func (s *MultiFactorAuthService) ChallengeFactor(ctx context.Context, id string, params *MultiFactorAuthChallengeFactorParams, opts ...RequestOption) (*AuthenticationChallenge, error)

ChallengeFactor Creates a Challenge for an Authentication Factor.

func (*MultiFactorAuthService) CreateUserAuthFactor 

func (s *MultiFactorAuthService) CreateUserAuthFactor(ctx context.Context, userlandUserID string, params *MultiFactorAuthCreateUserAuthFactorParams, opts ...RequestOption) (*UserAuthenticationFactorEnrollResponse, error)

CreateUserAuthFactor enroll an authentication factor Enrolls a user in a new [authentication factor](https://workos.com/docs/reference/authkit/mfa/authentication-factor).

func (*MultiFactorAuthService) DeleteFactor 

func (s *MultiFactorAuthService) DeleteFactor(ctx context.Context, id string, opts ...RequestOption) error

DeleteFactor Permanently deletes an Authentication Factor. It cannot be undone.

func (*MultiFactorAuthService) EnrollFactor 

func (s *MultiFactorAuthService) EnrollFactor(ctx context.Context, params *MultiFactorAuthEnrollFactorParams, opts ...RequestOption) (*AuthenticationFactorEnrolled, error)

EnrollFactor Enrolls an Authentication Factor to be used as an additional factor of authentication. The returned ID should be used to create an authentication Challenge.

func (*MultiFactorAuthService) GetFactor 

func (s *MultiFactorAuthService) GetFactor(ctx context.Context, id string, opts ...RequestOption) (*AuthenticationFactor, error)

GetFactor Gets an Authentication Factor.

func (*MultiFactorAuthService) ListUserAuthFactors 

func (s *MultiFactorAuthService) ListUserAuthFactors(ctx context.Context, userlandUserID string, params *MultiFactorAuthListUserAuthFactorsParams, opts ...RequestOption) *Iterator[AuthenticationFactor]

ListUserAuthFactors list authentication factors Lists the [authentication factors](https://workos.com/docs/reference/authkit/mfa/authentication-factor) for a user.

func (*MultiFactorAuthService) VerifyChallenge 

func (s *MultiFactorAuthService) VerifyChallenge(ctx context.Context, id string, params *MultiFactorAuthVerifyChallengeParams, opts ...RequestOption) (*AuthenticationChallengeVerifyResponse, error)

VerifyChallenge Verifies an Authentication Challenge.

type MultiFactorAuthVerifyChallengeParams 

type MultiFactorAuthVerifyChallengeParams struct {
	// Code is the one-time code to verify.
	Code string `json:"code"`
}

MultiFactorAuthVerifyChallengeParams contains the parameters for VerifyChallenge.

type NetworkError 

type NetworkError struct {
	Err error
}

NetworkError represents a connection failure.

func (*NetworkError) Error 

func (e *NetworkError) Error() string

func (*NetworkError) Unwrap 

func (e *NetworkError) Unwrap() error

type NewConnectApplicationSecret 

type NewConnectApplicationSecret struct {
	// Object distinguishes the connect application secret object.
	Object string `json:"object"`
	// ID is the unique ID of the client secret.
	ID string `json:"id"`
	// SecretHint is a hint showing the last few characters of the secret value.
	SecretHint string `json:"secret_hint"`
	// LastUsedAt is the timestamp when the client secret was last used, or null if never used.
	LastUsedAt *string `json:"last_used_at"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// Secret is the plaintext secret value. Only returned at creation time and cannot be retrieved later.
	Secret string `json:"secret"`
}

NewConnectApplicationSecret represents a new connect application secret.

type NotFoundError 

type NotFoundError struct {
	*APIError
}

NotFoundError represents 404 not found errors.

func (*NotFoundError) Error 

func (e *NotFoundError) Error() string

func (*NotFoundError) Unwrap 

func (e *NotFoundError) Unwrap() error

type ObjectMetadata 

type ObjectMetadata struct {
	// Context is the encryption key context used for this object.
	Context KeyContext `json:"context"`
	// EnvironmentID is the WorkOS environment ID.
	EnvironmentID string `json:"environment_id"`
	// ID is the unique identifier of the vault object.
	ID string `json:"id"`
	// KeyID is the identifier of the encryption key used.
	KeyID string `json:"key_id"`
	// UpdatedAt is the ISO-8601 timestamp of the last update.
	UpdatedAt string `json:"updated_at"`
	// UpdatedBy is the identifier of the actor who last updated the object.
	UpdatedBy string `json:"updated_by"`
	// VersionID is the current version identifier.
	VersionID string `json:"version_id"`
}

ObjectMetadata contains metadata about a vault object.

type Organization 

type Organization struct {
	// Object distinguishes the Organization object.
	Object string `json:"object"`
	// ID is unique identifier of the Organization.
	ID string `json:"id"`
	// Name is a descriptive name for the Organization. This field does not need to be unique.
	Name string `json:"name"`
	// Domains is list of Organization Domains.
	Domains []*OrganizationDomain `json:"domains"`
	// Metadata is object containing [metadata](https://workos.com/docs/authkit/metadata) key/value pairs associated with the Organization.
	Metadata map[string]string `json:"metadata"`
	// ExternalID is the external ID of the Organization.
	ExternalID *string `json:"external_id"`
	// StripeCustomerID is the Stripe customer ID of the Organization.
	StripeCustomerID *string `json:"stripe_customer_id,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// AllowProfilesOutsideOrganization is whether the Organization allows profiles outside of its managed domains.
	//
	// Deprecated: this field is deprecated.
	AllowProfilesOutsideOrganization *bool `json:"allow_profiles_outside_organization,omitempty"`
}

Organization represents an organization.

type OrganizationAuthenticationMethodsRequiredError 

type OrganizationAuthenticationMethodsRequiredError struct {
	*APIError
	Email            string          `json:"email"`
	SSOConnectionIDs []string        `json:"sso_connection_ids"`
	AuthMethods      map[string]bool `json:"auth_methods"`
}

OrganizationAuthenticationMethodsRequiredError occurs when an organization restricts auth methods.

func (*OrganizationAuthenticationMethodsRequiredError) Error 

func (e *OrganizationAuthenticationMethodsRequiredError) Error() string

func (*OrganizationAuthenticationMethodsRequiredError) Unwrap 

func (e *OrganizationAuthenticationMethodsRequiredError) Unwrap() error

type OrganizationCreated 

type OrganizationCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationCreated represents an organization created.

type OrganizationCreatedData 

type OrganizationCreatedData struct {
	// Object distinguishes the Organization object.
	Object string `json:"object"`
	// ID is unique identifier of the Organization.
	ID string `json:"id"`
	// Name is a descriptive name for the Organization. This field does not need to be unique.
	Name string `json:"name"`
	// Domains is list of Organization Domains.
	Domains []*OrganizationCreatedDataDomain `json:"domains"`
	// Metadata is object containing [metadata](https://workos.com/docs/authkit/metadata) key/value pairs associated with the Organization.
	Metadata map[string]string `json:"metadata"`
	// ExternalID is the external ID of the Organization.
	ExternalID *string `json:"external_id"`
	// StripeCustomerID is the Stripe customer ID of the Organization.
	StripeCustomerID *string `json:"stripe_customer_id,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationCreatedData the event payload.

type OrganizationCreatedDataDomain 

type OrganizationCreatedDataDomain struct {
	// Object distinguishes the organization domain object.
	Object string `json:"object"`
	// ID is unique identifier of the organization domain.
	ID string `json:"id"`
	// OrganizationID is id of the parent Organization.
	OrganizationID string `json:"organization_id"`
	// Domain is domain for the organization domain.
	Domain string `json:"domain"`
	// State is verification state of the domain.
	State *OrganizationCreatedDataDomainState `json:"state,omitempty"`
	// VerificationPrefix is the prefix used in DNS verification.
	VerificationPrefix *string `json:"verification_prefix,omitempty"`
	// VerificationToken is validation token to be used in DNS TXT record.
	VerificationToken *string `json:"verification_token,omitempty"`
	// VerificationStrategy is strategy used to verify the domain.
	VerificationStrategy *OrganizationCreatedDataDomainVerificationStrategy `json:"verification_strategy,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationCreatedDataDomain represents an organization created data domain.

type OrganizationCreatedDataDomainState 

type OrganizationCreatedDataDomainState string

OrganizationCreatedDataDomainState represents organization created data domain state values. 

const (
	OrganizationCreatedDataDomainStateFailed         OrganizationCreatedDataDomainState = "failed"
	OrganizationCreatedDataDomainStateLegacyVerified OrganizationCreatedDataDomainState = "legacy_verified"
	OrganizationCreatedDataDomainStatePending        OrganizationCreatedDataDomainState = "pending"
	OrganizationCreatedDataDomainStateUnverified     OrganizationCreatedDataDomainState = "unverified"
	OrganizationCreatedDataDomainStateVerified       OrganizationCreatedDataDomainState = "verified"
)

type OrganizationCreatedDataDomainVerificationStrategy 

type OrganizationCreatedDataDomainVerificationStrategy string

OrganizationCreatedDataDomainVerificationStrategy represents organization created data domain verification strategy values. 

const (
	OrganizationCreatedDataDomainVerificationStrategyDns    OrganizationCreatedDataDomainVerificationStrategy = "dns"
	OrganizationCreatedDataDomainVerificationStrategyManual OrganizationCreatedDataDomainVerificationStrategy = "manual"
)

type OrganizationDeleted 

type OrganizationDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationDeletedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationDeleted represents an organization deleted.

type OrganizationDeletedData 

type OrganizationDeletedData struct {
	// Object distinguishes the Organization object.
	Object string `json:"object"`
	// ID is unique identifier of the Organization.
	ID string `json:"id"`
	// Name is a descriptive name for the Organization. This field does not need to be unique.
	Name string `json:"name"`
	// Domains is list of Organization Domains.
	Domains []*OrganizationDeletedDataDomain `json:"domains"`
	// Metadata is object containing [metadata](https://workos.com/docs/authkit/metadata) key/value pairs associated with the Organization.
	Metadata map[string]string `json:"metadata"`
	// ExternalID is the external ID of the Organization.
	ExternalID *string `json:"external_id"`
	// StripeCustomerID is the Stripe customer ID of the Organization.
	StripeCustomerID *string `json:"stripe_customer_id,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationDeletedData the event payload.

type OrganizationDeletedDataDomain 

type OrganizationDeletedDataDomain struct {
	// Object distinguishes the organization domain object.
	Object string `json:"object"`
	// ID is unique identifier of the organization domain.
	ID string `json:"id"`
	// OrganizationID is id of the parent Organization.
	OrganizationID string `json:"organization_id"`
	// Domain is domain for the organization domain.
	Domain string `json:"domain"`
	// State is verification state of the domain.
	State *OrganizationDeletedDataDomainState `json:"state,omitempty"`
	// VerificationPrefix is the prefix used in DNS verification.
	VerificationPrefix *string `json:"verification_prefix,omitempty"`
	// VerificationToken is validation token to be used in DNS TXT record.
	VerificationToken *string `json:"verification_token,omitempty"`
	// VerificationStrategy is strategy used to verify the domain.
	VerificationStrategy *OrganizationDeletedDataDomainVerificationStrategy `json:"verification_strategy,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationDeletedDataDomain represents an organization deleted data domain.

type OrganizationDeletedDataDomainState 

type OrganizationDeletedDataDomainState = OrganizationCreatedDataDomainState

OrganizationDeletedDataDomainState is an alias for OrganizationCreatedDataDomainState.

type OrganizationDeletedDataDomainVerificationStrategy 

type OrganizationDeletedDataDomainVerificationStrategy = OrganizationCreatedDataDomainVerificationStrategy

OrganizationDeletedDataDomainVerificationStrategy is an alias for OrganizationCreatedDataDomainVerificationStrategy.

type OrganizationDomain 

type OrganizationDomain struct {
	// Object distinguishes the organization domain object.
	Object string `json:"object"`
	// ID is unique identifier of the organization domain.
	ID string `json:"id"`
	// OrganizationID is id of the parent Organization.
	OrganizationID string `json:"organization_id"`
	// Domain is domain for the organization domain.
	Domain string `json:"domain"`
	// State is verification state of the domain.
	State *OrganizationDomainState `json:"state,omitempty"`
	// VerificationPrefix is the prefix used in DNS verification.
	VerificationPrefix *string `json:"verification_prefix,omitempty"`
	// VerificationToken is validation token to be used in DNS TXT record.
	VerificationToken *string `json:"verification_token,omitempty"`
	// VerificationStrategy is strategy used to verify the domain.
	VerificationStrategy *OrganizationDomainVerificationStrategy `json:"verification_strategy,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationDomain represents an organization domain.

type OrganizationDomainCreated 

type OrganizationDomainCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationDomainCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationDomainCreated represents an organization domain created.

type OrganizationDomainCreatedData 

type OrganizationDomainCreatedData struct {
	// Object distinguishes the organization domain object.
	Object string `json:"object"`
	// ID is unique identifier of the organization domain.
	ID string `json:"id"`
	// OrganizationID is id of the parent Organization.
	OrganizationID string `json:"organization_id"`
	// Domain is domain for the organization domain.
	Domain string `json:"domain"`
	// State is verification state of the domain.
	State *OrganizationDomainCreatedDataState `json:"state,omitempty"`
	// VerificationPrefix is the prefix used in DNS verification.
	VerificationPrefix *string `json:"verification_prefix,omitempty"`
	// VerificationToken is validation token to be used in DNS TXT record.
	VerificationToken *string `json:"verification_token,omitempty"`
	// VerificationStrategy is strategy used to verify the domain.
	VerificationStrategy *OrganizationDomainCreatedDataVerificationStrategy `json:"verification_strategy,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationDomainCreatedData the event payload.

type OrganizationDomainCreatedDataState 

type OrganizationDomainCreatedDataState = OrganizationCreatedDataDomainState

OrganizationDomainCreatedDataState is an alias for OrganizationCreatedDataDomainState.

type OrganizationDomainCreatedDataVerificationStrategy 

type OrganizationDomainCreatedDataVerificationStrategy = OrganizationCreatedDataDomainVerificationStrategy

OrganizationDomainCreatedDataVerificationStrategy is an alias for OrganizationCreatedDataDomainVerificationStrategy.

type OrganizationDomainData 

type OrganizationDomainData struct {
	// Domain is the domain value.
	Domain string `json:"domain"`
	// State is the verification state of the domain.
	State OrganizationDomainDataState `json:"state"`
}

OrganizationDomainData represents an organization domain data.

type OrganizationDomainDataState 

type OrganizationDomainDataState string

OrganizationDomainDataState represents organization domain data state values. 

const (
	OrganizationDomainDataStatePending  OrganizationDomainDataState = "pending"
	OrganizationDomainDataStateVerified OrganizationDomainDataState = "verified"
)

type OrganizationDomainDeleted 

type OrganizationDomainDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationDomainDeletedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationDomainDeleted represents an organization domain deleted.

type OrganizationDomainDeletedData 

type OrganizationDomainDeletedData struct {
	// Object distinguishes the organization domain object.
	Object string `json:"object"`
	// ID is unique identifier of the organization domain.
	ID string `json:"id"`
	// OrganizationID is id of the parent Organization.
	OrganizationID string `json:"organization_id"`
	// Domain is domain for the organization domain.
	Domain string `json:"domain"`
	// State is verification state of the domain.
	State *OrganizationDomainDeletedDataState `json:"state,omitempty"`
	// VerificationPrefix is the prefix used in DNS verification.
	VerificationPrefix *string `json:"verification_prefix,omitempty"`
	// VerificationToken is validation token to be used in DNS TXT record.
	VerificationToken *string `json:"verification_token,omitempty"`
	// VerificationStrategy is strategy used to verify the domain.
	VerificationStrategy *OrganizationDomainDeletedDataVerificationStrategy `json:"verification_strategy,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationDomainDeletedData the event payload.

type OrganizationDomainDeletedDataState 

type OrganizationDomainDeletedDataState = OrganizationCreatedDataDomainState

OrganizationDomainDeletedDataState is an alias for OrganizationCreatedDataDomainState.

type OrganizationDomainDeletedDataVerificationStrategy 

type OrganizationDomainDeletedDataVerificationStrategy = OrganizationCreatedDataDomainVerificationStrategy

OrganizationDomainDeletedDataVerificationStrategy is an alias for OrganizationCreatedDataDomainVerificationStrategy.

type OrganizationDomainService 

type OrganizationDomainService struct {
	// contains filtered or unexported fields
}

OrganizationDomainService handles OrganizationDomains operations.

func (*OrganizationDomainService) Create 

func (s *OrganizationDomainService) Create(ctx context.Context, params *OrganizationDomainsCreateParams, opts ...RequestOption) (*OrganizationDomain, error)

Create an Organization Domain Creates a new Organization Domain.

func (*OrganizationDomainService) Delete 

func (s *OrganizationDomainService) Delete(ctx context.Context, id string, opts ...RequestOption) error

Delete an Organization Domain Permanently deletes an organization domain. It cannot be undone.

func (*OrganizationDomainService) Get 

func (s *OrganizationDomainService) Get(ctx context.Context, id string, opts ...RequestOption) (*OrganizationDomainStandAlone, error)

Get an Organization Domain Get the details of an existing organization domain.

func (*OrganizationDomainService) Verify 

func (s *OrganizationDomainService) Verify(ctx context.Context, id string, opts ...RequestOption) (*OrganizationDomainStandAlone, error)

Verify an Organization Domain Initiates verification process for an Organization Domain.

type OrganizationDomainStandAlone 

type OrganizationDomainStandAlone struct {
	// Object distinguishes the organization domain object.
	Object string `json:"object"`
	// ID is unique identifier of the organization domain.
	ID string `json:"id"`
	// OrganizationID is id of the parent Organization.
	OrganizationID string `json:"organization_id"`
	// Domain is domain for the organization domain.
	Domain string `json:"domain"`
	// State is verification state of the domain.
	State *OrganizationDomainStandAloneState `json:"state,omitempty"`
	// VerificationPrefix is the prefix used in DNS verification.
	VerificationPrefix *string `json:"verification_prefix,omitempty"`
	// VerificationToken is validation token to be used in DNS TXT record.
	VerificationToken *string `json:"verification_token,omitempty"`
	// VerificationStrategy is strategy used to verify the domain.
	VerificationStrategy *OrganizationDomainStandAloneVerificationStrategy `json:"verification_strategy,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationDomainStandAlone represents an organization domain stand alone.

type OrganizationDomainStandAloneState 

type OrganizationDomainStandAloneState = OrganizationCreatedDataDomainState

OrganizationDomainStandAloneState is an alias for OrganizationCreatedDataDomainState.

type OrganizationDomainStandAloneVerificationStrategy 

type OrganizationDomainStandAloneVerificationStrategy = OrganizationCreatedDataDomainVerificationStrategy

OrganizationDomainStandAloneVerificationStrategy is an alias for OrganizationCreatedDataDomainVerificationStrategy.

type OrganizationDomainState 

type OrganizationDomainState = OrganizationCreatedDataDomainState

OrganizationDomainState is an alias for OrganizationCreatedDataDomainState.

type OrganizationDomainUpdated 

type OrganizationDomainUpdated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationDomainUpdatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationDomainUpdated represents an organization domain updated.

type OrganizationDomainUpdatedData 

type OrganizationDomainUpdatedData struct {
	// Object distinguishes the organization domain object.
	Object string `json:"object"`
	// ID is unique identifier of the organization domain.
	ID string `json:"id"`
	// OrganizationID is id of the parent Organization.
	OrganizationID string `json:"organization_id"`
	// Domain is domain for the organization domain.
	Domain string `json:"domain"`
	// State is verification state of the domain.
	State *OrganizationDomainUpdatedDataState `json:"state,omitempty"`
	// VerificationPrefix is the prefix used in DNS verification.
	VerificationPrefix *string `json:"verification_prefix,omitempty"`
	// VerificationToken is validation token to be used in DNS TXT record.
	VerificationToken *string `json:"verification_token,omitempty"`
	// VerificationStrategy is strategy used to verify the domain.
	VerificationStrategy *OrganizationDomainUpdatedDataVerificationStrategy `json:"verification_strategy,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationDomainUpdatedData the event payload.

type OrganizationDomainUpdatedDataState 

type OrganizationDomainUpdatedDataState = OrganizationCreatedDataDomainState

OrganizationDomainUpdatedDataState is an alias for OrganizationCreatedDataDomainState.

type OrganizationDomainUpdatedDataVerificationStrategy 

type OrganizationDomainUpdatedDataVerificationStrategy = OrganizationCreatedDataDomainVerificationStrategy

OrganizationDomainUpdatedDataVerificationStrategy is an alias for OrganizationCreatedDataDomainVerificationStrategy.

type OrganizationDomainVerificationFailed 

type OrganizationDomainVerificationFailed struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationDomainVerificationFailedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationDomainVerificationFailed represents an organization domain verification failed.

type OrganizationDomainVerificationFailedData 

type OrganizationDomainVerificationFailedData struct {
	// Reason is the reason the domain verification failed.
	Reason OrganizationDomainVerificationFailedDataReason `json:"reason"`
	// OrganizationDomain is the organization domain that failed verification.
	OrganizationDomain *OrganizationDomainVerificationFailedDataOrganizationDomain `json:"organization_domain"`
}

OrganizationDomainVerificationFailedData the event payload.

type OrganizationDomainVerificationFailedDataOrganizationDomain 

type OrganizationDomainVerificationFailedDataOrganizationDomain struct {
	// Object distinguishes the organization domain object.
	Object string `json:"object"`
	// ID is unique identifier of the organization domain.
	ID string `json:"id"`
	// OrganizationID is id of the parent Organization.
	OrganizationID string `json:"organization_id"`
	// Domain is domain for the organization domain.
	Domain string `json:"domain"`
	// State is verification state of the domain.
	State *OrganizationDomainVerificationFailedDataOrganizationDomainState `json:"state,omitempty"`
	// VerificationPrefix is the prefix used in DNS verification.
	VerificationPrefix *string `json:"verification_prefix,omitempty"`
	// VerificationToken is validation token to be used in DNS TXT record.
	VerificationToken *string `json:"verification_token,omitempty"`
	// VerificationStrategy is strategy used to verify the domain.
	VerificationStrategy *OrganizationDomainVerificationFailedDataOrganizationDomainVerificationStrategy `json:"verification_strategy,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationDomainVerificationFailedDataOrganizationDomain the organization domain that failed verification.

type OrganizationDomainVerificationFailedDataOrganizationDomainState 

type OrganizationDomainVerificationFailedDataOrganizationDomainState = OrganizationCreatedDataDomainState

OrganizationDomainVerificationFailedDataOrganizationDomainState is an alias for OrganizationCreatedDataDomainState.

type OrganizationDomainVerificationFailedDataOrganizationDomainVerificationStrategy 

type OrganizationDomainVerificationFailedDataOrganizationDomainVerificationStrategy = OrganizationCreatedDataDomainVerificationStrategy

OrganizationDomainVerificationFailedDataOrganizationDomainVerificationStrategy is an alias for OrganizationCreatedDataDomainVerificationStrategy.

type OrganizationDomainVerificationFailedDataReason 

type OrganizationDomainVerificationFailedDataReason string

OrganizationDomainVerificationFailedDataReason represents organization domain verification failed data reason values. 

const (
	OrganizationDomainVerificationFailedDataReasonDomainVerificationPeriodExpired   OrganizationDomainVerificationFailedDataReason = "domain_verification_period_expired"
	OrganizationDomainVerificationFailedDataReasonDomainVerifiedByOtherOrganization OrganizationDomainVerificationFailedDataReason = "domain_verified_by_other_organization"
)

type OrganizationDomainVerificationStrategy 

type OrganizationDomainVerificationStrategy = OrganizationCreatedDataDomainVerificationStrategy

OrganizationDomainVerificationStrategy is an alias for OrganizationCreatedDataDomainVerificationStrategy.

type OrganizationDomainVerified 

type OrganizationDomainVerified struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationDomainVerifiedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationDomainVerified represents an organization domain verified.

type OrganizationDomainVerifiedData 

type OrganizationDomainVerifiedData struct {
	// Object distinguishes the organization domain object.
	Object string `json:"object"`
	// ID is unique identifier of the organization domain.
	ID string `json:"id"`
	// OrganizationID is id of the parent Organization.
	OrganizationID string `json:"organization_id"`
	// Domain is domain for the organization domain.
	Domain string `json:"domain"`
	// State is verification state of the domain.
	State *OrganizationDomainVerifiedDataState `json:"state,omitempty"`
	// VerificationPrefix is the prefix used in DNS verification.
	VerificationPrefix *string `json:"verification_prefix,omitempty"`
	// VerificationToken is validation token to be used in DNS TXT record.
	VerificationToken *string `json:"verification_token,omitempty"`
	// VerificationStrategy is strategy used to verify the domain.
	VerificationStrategy *OrganizationDomainVerifiedDataVerificationStrategy `json:"verification_strategy,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationDomainVerifiedData the event payload.

type OrganizationDomainVerifiedDataState 

type OrganizationDomainVerifiedDataState = OrganizationCreatedDataDomainState

OrganizationDomainVerifiedDataState is an alias for OrganizationCreatedDataDomainState.

type OrganizationDomainVerifiedDataVerificationStrategy 

type OrganizationDomainVerifiedDataVerificationStrategy = OrganizationCreatedDataDomainVerificationStrategy

OrganizationDomainVerifiedDataVerificationStrategy is an alias for OrganizationCreatedDataDomainVerificationStrategy.

type OrganizationDomainsCreateParams 

type OrganizationDomainsCreateParams struct {
	// Domain is the domain to add to the organization.
	Domain string `json:"domain"`
	// OrganizationID is the ID of the organization to add the domain to.
	OrganizationID string `json:"organization_id"`
}

OrganizationDomainsCreateParams contains the parameters for Create.

type OrganizationInput 

type OrganizationInput struct {
	// Name is the name of the organization.
	Name string `json:"name"`
	// AllowProfilesOutsideOrganization is whether the organization allows profiles from outside the organization to sign in.
	AllowProfilesOutsideOrganization *bool `json:"allow_profiles_outside_organization,omitempty"`
	// Domains is the domains associated with the organization. Deprecated in favor of `domain_data`.
	Domains []string `json:"domains,omitempty"`
	// DomainData is the domains associated with the organization, including verification state.
	DomainData []*OrganizationDomainData `json:"domain_data,omitempty"`
	// Metadata is object containing [metadata](https://workos.com/docs/authkit/metadata) key/value pairs associated with the Organization.
	Metadata map[string]string `json:"metadata,omitempty"`
	// ExternalID is an external identifier for the Organization.
	ExternalID *string `json:"external_id,omitempty"`
}

OrganizationInput represents an organization input.

type OrganizationMembership 

type OrganizationMembership struct {
	// Object distinguishes the organization membership object.
	Object string `json:"object"`
	// ID is the unique ID of the organization membership.
	ID string `json:"id"`
	// UserID is the ID of the user.
	UserID string `json:"user_id"`
	// OrganizationID is the ID of the organization which the user belongs to.
	OrganizationID string `json:"organization_id"`
	// Status is the status of the organization membership. One of `active`, `inactive`, or `pending`.
	Status OrganizationMembershipStatus `json:"status"`
	// DirectoryManaged is whether this organization membership is managed by a directory sync connection.
	DirectoryManaged bool `json:"directory_managed"`
	// OrganizationName is the name of the organization which the user belongs to.
	OrganizationName *string `json:"organization_name,omitempty"`
	// CustomAttributes is an object containing IdP-sourced attributes from the linked [Directory User](https://workos.com/docs/reference/directory-sync/directory-user) or [SSO Profile](https://workos.com/docs/reference/sso/profile). Directory User attributes take precedence when both are linked.
	CustomAttributes map[string]interface{} `json:"custom_attributes,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// Role is the primary role assigned to the user within the organization.
	Role *SlimRole `json:"role"`
}

OrganizationMembership represents an organization membership.

type OrganizationMembershipCreated 

type OrganizationMembershipCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationMembershipCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationMembershipCreated represents an organization membership created.

type OrganizationMembershipCreatedData 

type OrganizationMembershipCreatedData struct {
	// Object distinguishes the organization membership object.
	Object string `json:"object"`
	// ID is unique identifier of the organization membership.
	ID string `json:"id"`
	// UserID is the ID of the user.
	UserID string `json:"user_id"`
	// OrganizationID is the ID of the organization.
	OrganizationID string `json:"organization_id"`
	// Status is the status of the organization membership.
	Status OrganizationMembershipCreatedDataStatus `json:"status"`
	// Role is the role associated with the membership.
	Role *SlimRole `json:"role"`
	// Roles is the roles associated with the membership.
	Roles []*SlimRole `json:"roles,omitempty"`
	// CustomAttributes is custom attributes associated with the membership.
	CustomAttributes map[string]interface{} `json:"custom_attributes"`
	// DirectoryManaged is whether the membership is managed by a directory sync provider.
	DirectoryManaged bool `json:"directory_managed"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationMembershipCreatedData the event payload.

type OrganizationMembershipCreatedDataStatus 

type OrganizationMembershipCreatedDataStatus string

OrganizationMembershipCreatedDataStatus represents organization membership created data status values. 

const (
	OrganizationMembershipCreatedDataStatusActive   OrganizationMembershipCreatedDataStatus = "active"
	OrganizationMembershipCreatedDataStatusInactive OrganizationMembershipCreatedDataStatus = "inactive"
	OrganizationMembershipCreatedDataStatusPending  OrganizationMembershipCreatedDataStatus = "pending"
)

type OrganizationMembershipDeleted 

type OrganizationMembershipDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationMembershipDeletedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationMembershipDeleted represents an organization membership deleted.

type OrganizationMembershipDeletedData 

type OrganizationMembershipDeletedData struct {
	// Object distinguishes the organization membership object.
	Object string `json:"object"`
	// ID is unique identifier of the organization membership.
	ID string `json:"id"`
	// UserID is the ID of the user.
	UserID string `json:"user_id"`
	// OrganizationID is the ID of the organization.
	OrganizationID string `json:"organization_id"`
	// Status is the status of the organization membership.
	Status OrganizationMembershipDeletedDataStatus `json:"status"`
	// Role is the role associated with the membership.
	Role *SlimRole `json:"role"`
	// Roles is the roles associated with the membership.
	Roles []*SlimRole `json:"roles,omitempty"`
	// CustomAttributes is custom attributes associated with the membership.
	CustomAttributes map[string]interface{} `json:"custom_attributes"`
	// DirectoryManaged is whether the membership is managed by a directory sync provider.
	DirectoryManaged bool `json:"directory_managed"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationMembershipDeletedData the event payload.

type OrganizationMembershipDeletedDataStatus 

type OrganizationMembershipDeletedDataStatus = OrganizationMembershipCreatedDataStatus

OrganizationMembershipDeletedDataStatus is an alias for OrganizationMembershipCreatedDataStatus.

type OrganizationMembershipStatus 

type OrganizationMembershipStatus = OrganizationMembershipCreatedDataStatus

OrganizationMembershipStatus is an alias for OrganizationMembershipCreatedDataStatus.

type OrganizationMembershipUpdated 

type OrganizationMembershipUpdated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationMembershipUpdatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationMembershipUpdated represents an organization membership updated.

type OrganizationMembershipUpdatedData 

type OrganizationMembershipUpdatedData struct {
	// Object distinguishes the organization membership object.
	Object string `json:"object"`
	// ID is unique identifier of the organization membership.
	ID string `json:"id"`
	// UserID is the ID of the user.
	UserID string `json:"user_id"`
	// OrganizationID is the ID of the organization.
	OrganizationID string `json:"organization_id"`
	// Status is the status of the organization membership.
	Status OrganizationMembershipUpdatedDataStatus `json:"status"`
	// Role is the role associated with the membership.
	Role *SlimRole `json:"role"`
	// Roles is the roles associated with the membership.
	Roles []*SlimRole `json:"roles,omitempty"`
	// CustomAttributes is custom attributes associated with the membership.
	CustomAttributes map[string]interface{} `json:"custom_attributes"`
	// DirectoryManaged is whether the membership is managed by a directory sync provider.
	DirectoryManaged bool `json:"directory_managed"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationMembershipUpdatedData the event payload.

type OrganizationMembershipUpdatedDataStatus 

type OrganizationMembershipUpdatedDataStatus = OrganizationMembershipCreatedDataStatus

OrganizationMembershipUpdatedDataStatus is an alias for OrganizationMembershipCreatedDataStatus.

type OrganizationRoleCreated 

type OrganizationRoleCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationRoleCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationRoleCreated represents an organization role created.

type OrganizationRoleCreatedData 

type OrganizationRoleCreatedData struct {
	// Object distinguishes the organization role object.
	Object string `json:"object"`
	// OrganizationID is the ID of the organization the role belongs to.
	OrganizationID string `json:"organization_id"`
	// Slug is the slug identifier of the role.
	Slug string `json:"slug"`
	// Name is the name of the role.
	Name string `json:"name"`
	// Description is a description of the role.
	Description *string `json:"description"`
	// ResourceTypeSlug is the slug of the resource type the role applies to.
	ResourceTypeSlug string `json:"resource_type_slug"`
	// Permissions is the permissions granted by the role.
	Permissions []string `json:"permissions"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationRoleCreatedData the event payload.

type OrganizationRoleDeleted 

type OrganizationRoleDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationRoleDeletedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationRoleDeleted represents an organization role deleted.

type OrganizationRoleDeletedData 

type OrganizationRoleDeletedData = OrganizationRoleCreatedData

OrganizationRoleDeletedData is an alias for OrganizationRoleCreatedData.

type OrganizationRoleUpdated 

type OrganizationRoleUpdated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationRoleUpdatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationRoleUpdated represents an organization role updated.

type OrganizationRoleUpdatedData 

type OrganizationRoleUpdatedData = OrganizationRoleCreatedData

OrganizationRoleUpdatedData is an alias for OrganizationRoleCreatedData.

type OrganizationSelectionRequiredError 

type OrganizationSelectionRequiredError struct {
	*APIError
	User          User                                `json:"user"`
	Organizations []PendingAuthenticationOrganization `json:"organizations"`
}

OrganizationSelectionRequiredError occurs when a user must choose an organization.

func (*OrganizationSelectionRequiredError) Error 

func (e *OrganizationSelectionRequiredError) Error() string

func (*OrganizationSelectionRequiredError) Unwrap 

func (e *OrganizationSelectionRequiredError) Unwrap() error

type OrganizationSelectionSessionAuthenticateRequest 

type OrganizationSelectionSessionAuthenticateRequest struct {
	// ClientID is the client ID of the application.
	ClientID string `json:"client_id"`
	// ClientSecret is the client secret of the application.
	ClientSecret string `json:"client_secret"`
	GrantType    string `json:"grant_type"`
	// PendingAuthenticationToken is the pending authentication token from a previous authentication attempt.
	PendingAuthenticationToken string `json:"pending_authentication_token"`
	// OrganizationID is the ID of the organization the user selected.
	OrganizationID string `json:"organization_id"`
	// IPAddress is the IP address of the user's request.
	IPAddress *string `json:"ip_address,omitempty"`
	// DeviceID is a unique identifier for the device.
	DeviceID *string `json:"device_id,omitempty"`
	// UserAgent is the user agent string from the user's browser.
	UserAgent *string `json:"user_agent,omitempty"`
}

OrganizationSelectionSessionAuthenticateRequest represents an urn workos OAuth grant type organization selection session authenticate request.

type OrganizationService 

type OrganizationService struct {
	// contains filtered or unexported fields
}

OrganizationService handles Organizations operations.

func (*OrganizationService) Create 

func (s *OrganizationService) Create(ctx context.Context, params *OrganizationsCreateParams, opts ...RequestOption) (*Organization, error)

Create an Organization Creates a new organization in the current environment.

func (*OrganizationService) Delete 

func (s *OrganizationService) Delete(ctx context.Context, id string, opts ...RequestOption) error

Delete an Organization Permanently deletes an organization in the current environment. It cannot be undone.

func (*OrganizationService) Get 

func (s *OrganizationService) Get(ctx context.Context, id string, opts ...RequestOption) (*Organization, error)

Get an Organization Get the details of an existing organization.

func (*OrganizationService) GetAuditLogConfiguration 

func (s *OrganizationService) GetAuditLogConfiguration(ctx context.Context, id string, opts ...RequestOption) (*AuditLogConfiguration, error)

GetAuditLogConfiguration Get the unified view of audit log trail and stream configuration for an organization.

func (*OrganizationService) GetByExternalID 

func (s *OrganizationService) GetByExternalID(ctx context.Context, externalID string, opts ...RequestOption) (*Organization, error)

GetByExternalID get an Organization by External ID Get the details of an existing organization by an [external identifier](https://workos.com/docs/authkit/metadata/external-identifiers).

func (*OrganizationService) List 

func (s *OrganizationService) List(ctx context.Context, params *OrganizationsListParams, opts ...RequestOption) *Iterator[Organization]

List organizations Get a list of all of your existing organizations matching the criteria specified.

func (*OrganizationService) Update 

func (s *OrganizationService) Update(ctx context.Context, id string, params *OrganizationsUpdateParams, opts ...RequestOption) (*Organization, error)

Update an Organization Updates an organization in the current environment.

type OrganizationUpdated 

type OrganizationUpdated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *OrganizationUpdatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

OrganizationUpdated represents an organization updated.

type OrganizationUpdatedData 

type OrganizationUpdatedData struct {
	// Object distinguishes the Organization object.
	Object string `json:"object"`
	// ID is unique identifier of the Organization.
	ID string `json:"id"`
	// Name is a descriptive name for the Organization. This field does not need to be unique.
	Name string `json:"name"`
	// Domains is list of Organization Domains.
	Domains []*OrganizationUpdatedDataDomain `json:"domains"`
	// Metadata is object containing [metadata](https://workos.com/docs/authkit/metadata) key/value pairs associated with the Organization.
	Metadata map[string]string `json:"metadata"`
	// ExternalID is the external ID of the Organization.
	ExternalID *string `json:"external_id"`
	// StripeCustomerID is the Stripe customer ID of the Organization.
	StripeCustomerID *string `json:"stripe_customer_id,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationUpdatedData the event payload.

type OrganizationUpdatedDataDomain 

type OrganizationUpdatedDataDomain struct {
	// Object distinguishes the organization domain object.
	Object string `json:"object"`
	// ID is unique identifier of the organization domain.
	ID string `json:"id"`
	// OrganizationID is id of the parent Organization.
	OrganizationID string `json:"organization_id"`
	// Domain is domain for the organization domain.
	Domain string `json:"domain"`
	// State is verification state of the domain.
	State *OrganizationUpdatedDataDomainState `json:"state,omitempty"`
	// VerificationPrefix is the prefix used in DNS verification.
	VerificationPrefix *string `json:"verification_prefix,omitempty"`
	// VerificationToken is validation token to be used in DNS TXT record.
	VerificationToken *string `json:"verification_token,omitempty"`
	// VerificationStrategy is strategy used to verify the domain.
	VerificationStrategy *OrganizationUpdatedDataDomainVerificationStrategy `json:"verification_strategy,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

OrganizationUpdatedDataDomain represents an organization updated data domain.

type OrganizationUpdatedDataDomainState 

type OrganizationUpdatedDataDomainState = OrganizationCreatedDataDomainState

OrganizationUpdatedDataDomainState is an alias for OrganizationCreatedDataDomainState.

type OrganizationUpdatedDataDomainVerificationStrategy 

type OrganizationUpdatedDataDomainVerificationStrategy = OrganizationCreatedDataDomainVerificationStrategy

OrganizationUpdatedDataDomainVerificationStrategy is an alias for OrganizationCreatedDataDomainVerificationStrategy.

type OrganizationsAPIKeysOrder 

type OrganizationsAPIKeysOrder = ApplicationsOrder

OrganizationsAPIKeysOrder is an alias for ApplicationsOrder.

type OrganizationsCreateParams 

type OrganizationsCreateParams struct {
	// Name is the name of the organization.
	Name string `json:"name"`
	// AllowProfilesOutsideOrganization is whether the organization allows profiles from outside the organization to sign in.
	AllowProfilesOutsideOrganization *bool `json:"allow_profiles_outside_organization,omitempty"`
	// Domains is the domains associated with the organization. Deprecated in favor of `domain_data`.
	Domains []string `json:"domains,omitempty"`
	// DomainData is the domains associated with the organization, including verification state.
	DomainData []*OrganizationDomainData `json:"domain_data,omitempty"`
	// Metadata is object containing [metadata](https://workos.com/docs/authkit/metadata) key/value pairs associated with the Organization.
	Metadata map[string]string `json:"metadata,omitempty"`
	// ExternalID is an external identifier for the Organization.
	ExternalID *string `json:"external_id,omitempty"`
}

OrganizationsCreateParams contains the parameters for Create.

type OrganizationsFeatureFlagsOrder 

type OrganizationsFeatureFlagsOrder = ApplicationsOrder

OrganizationsFeatureFlagsOrder is an alias for ApplicationsOrder.

type OrganizationsListParams 

type OrganizationsListParams struct {
	PaginationParams
	// Domains is the domains of an Organization. Any Organization with a matching domain will be returned.
	Domains []string `url:"domains,omitempty" json:"-"`
	// Search is searchable text for an Organization. Matches against the organization name.
	Search *string `url:"search,omitempty" json:"-"`
}

OrganizationsListParams contains the parameters for List.

type OrganizationsOrder 

type OrganizationsOrder = ApplicationsOrder

OrganizationsOrder is an alias for ApplicationsOrder.

type OrganizationsUpdateParams 

type OrganizationsUpdateParams struct {
	// Name is the name of the organization.
	Name *string `json:"name,omitempty"`
	// AllowProfilesOutsideOrganization is whether the organization allows profiles from outside the organization to sign in.
	AllowProfilesOutsideOrganization *bool `json:"allow_profiles_outside_organization,omitempty"`
	// Domains is the domains associated with the organization. Deprecated in favor of `domain_data`.
	//
	// Deprecated: this field is deprecated.
	Domains []string `json:"domains,omitempty"`
	// DomainData is the domains associated with the organization, including verification state.
	DomainData []*OrganizationDomainData `json:"domain_data,omitempty"`
	// StripeCustomerID is the Stripe customer ID associated with the organization.
	StripeCustomerID *string `json:"stripe_customer_id,omitempty"`
	// Metadata is object containing [metadata](https://workos.com/docs/authkit/metadata) key/value pairs associated with the Organization.
	Metadata map[string]string `json:"metadata,omitempty"`
	// ExternalID is an external identifier for the Organization.
	ExternalID *string `json:"external_id,omitempty"`
}

OrganizationsUpdateParams contains the parameters for Update.

type PKCEPair 

type PKCEPair struct {
	CodeVerifier        string
	CodeChallenge       string
	CodeChallengeMethod string // always "S256"
}

PKCEPair holds a PKCE code verifier and challenge.

func GeneratePKCEPair 

func GeneratePKCEPair() (*PKCEPair, error)

GeneratePKCEPair generates a complete PKCE pair (verifier + challenge).

type PaginationParams 

type PaginationParams struct {
	// Before is a cursor for reverse pagination.
	Before *string `url:"before,omitempty" json:"-"`
	// After is a cursor for forward pagination.
	After *string `url:"after,omitempty" json:"-"`
	// Limit is the maximum number of items to return per page.
	Limit *int `url:"limit,omitempty" json:"-"`
	// Order is the sort order for results (asc or desc).
	Order *string `url:"order,omitempty" json:"-"`
}

PaginationParams contains common pagination parameters for list operations.

type PasswordReset 

type PasswordReset struct {
	// Object distinguishes the password reset object.
	Object string `json:"object"`
	// ID is the unique ID of the password reset object.
	ID string `json:"id"`
	// UserID is the unique ID of the user.
	UserID string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
	// ExpiresAt is the timestamp when the password reset token expires.
	ExpiresAt string `json:"expires_at"`
	// CreatedAt is the timestamp when the password reset token was created.
	CreatedAt string `json:"created_at"`
	// PasswordResetToken is the token used to reset the password.
	PasswordResetToken string `json:"password_reset_token"`
	// PasswordResetURL is the URL where the user can reset their password.
	PasswordResetURL string `json:"password_reset_url"`
}

PasswordReset represents a password reset.

type PasswordResetCreated 

type PasswordResetCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *PasswordResetCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

PasswordResetCreated represents a password reset created.

type PasswordResetCreatedData 

type PasswordResetCreatedData struct {
	// Object distinguishes the password reset object.
	Object string `json:"object"`
	// ID is the unique ID of the password reset object.
	ID string `json:"id"`
	// UserID is the unique ID of the user.
	UserID string `json:"user_id"`
	// Email is the email address of the user.
	Email string `json:"email"`
	// ExpiresAt is the timestamp when the password reset token expires.
	ExpiresAt string `json:"expires_at"`
	// CreatedAt is the timestamp when the password reset token was created.
	CreatedAt string `json:"created_at"`
}

PasswordResetCreatedData the event payload.

type PasswordResetSucceeded 

type PasswordResetSucceeded struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *PasswordResetSucceededData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

PasswordResetSucceeded represents a password reset succeeded.

type PasswordResetSucceededData 

type PasswordResetSucceededData = PasswordResetCreatedData

PasswordResetSucceededData is an alias for PasswordResetCreatedData.

type PasswordSessionAuthenticateRequest 

type PasswordSessionAuthenticateRequest struct {
	// ClientID is the client ID of the application.
	ClientID string `json:"client_id"`
	// ClientSecret is the client secret of the application.
	ClientSecret string `json:"client_secret"`
	GrantType    string `json:"grant_type"`
	// Email is the user's email address.
	Email string `json:"email"`
	// Password is the user's password.
	Password string `json:"password"`
	// InvitationToken is an invitation token to accept during authentication.
	InvitationToken *string `json:"invitation_token,omitempty"`
	// IPAddress is the IP address of the user's request.
	IPAddress *string `json:"ip_address,omitempty"`
	// DeviceID is a unique identifier for the device.
	DeviceID *string `json:"device_id,omitempty"`
	// UserAgent is the user agent string from the user's browser.
	UserAgent *string `json:"user_agent,omitempty"`
}

PasswordSessionAuthenticateRequest represents a password session authenticate request.

type PasswordlessCreateSessionParams 

type PasswordlessCreateSessionParams struct {
	Email       string                  `json:"email"`
	Type        PasswordlessSessionType `json:"type"`
	RedirectURI *string                 `json:"redirect_uri,omitempty"`
	State       *string                 `json:"state,omitempty"`
	ExpiresIn   *int                    `json:"expires_in,omitempty"`
}

PasswordlessCreateSessionParams are the parameters for creating a passwordless session.

type PasswordlessService 

type PasswordlessService struct {
	// contains filtered or unexported fields
}

PasswordlessService handles Passwordless session operations.

func (*PasswordlessService) CreateSession 

func (s *PasswordlessService) CreateSession(ctx context.Context, params *PasswordlessCreateSessionParams, opts ...RequestOption) (*PasswordlessSession, error)

CreateSession creates a new passwordless session (POST /passwordless/sessions).

func (*PasswordlessService) SendSession 

func (s *PasswordlessService) SendSession(ctx context.Context, sessionID string, opts ...RequestOption) error

SendSession sends the magic-link email for a session (POST /passwordless/sessions/{id}/send).

type PasswordlessSession 

type PasswordlessSession struct {
	ID        string `json:"id"`
	Email     string `json:"email"`
	ExpiresAt string `json:"expires_at"`
	Link      string `json:"link"`
	Object    string `json:"object"`
}

PasswordlessSession represents a passwordless session.

type PasswordlessSessionType 

type PasswordlessSessionType string

PasswordlessSessionType is the type of passwordless session. 

const PasswordlessSessionTypeMagicLink PasswordlessSessionType = "MagicLink"

PasswordlessSessionTypeMagicLink is the MagicLink session type.

type PendingAuthenticationOrganization 

type PendingAuthenticationOrganization struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

PendingAuthenticationOrganization represents an organization in an organization selection error.

type Permission 

type Permission = AuthorizationPermission

Permission is an alias for AuthorizationPermission.

type PermissionCreated 

type PermissionCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *PermissionCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

PermissionCreated represents a permission created.

type PermissionCreatedData 

type PermissionCreatedData struct {
	// Object distinguishes the permission object.
	Object string `json:"object"`
	// ID is unique identifier of the permission.
	ID string `json:"id"`
	// Slug is the slug identifier of the permission.
	Slug string `json:"slug"`
	// Name is the name of the permission.
	Name string `json:"name"`
	// Description is a description of the permission.
	Description *string `json:"description"`
	// System is whether the permission is a system permission.
	System bool `json:"system"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

PermissionCreatedData the event payload.

type PermissionDeleted 

type PermissionDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *PermissionDeletedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

PermissionDeleted represents a permission deleted.

type PermissionDeletedData 

type PermissionDeletedData = PermissionCreatedData

PermissionDeletedData is an alias for PermissionCreatedData.

type PermissionUpdated 

type PermissionUpdated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *PermissionUpdatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

PermissionUpdated represents a permission updated.

type PermissionUpdatedData 

type PermissionUpdatedData = PermissionCreatedData

PermissionUpdatedData is an alias for PermissionCreatedData.

type PermissionsOrder 

type PermissionsOrder = ApplicationsOrder

PermissionsOrder is an alias for ApplicationsOrder.

type PipeService 

type PipeService struct {
	// contains filtered or unexported fields
}

PipeService handles Pipes operations.

func (*PipeService) AuthorizeDataIntegration 

func (s *PipeService) AuthorizeDataIntegration(ctx context.Context, slug string, params *PipesAuthorizeDataIntegrationParams, opts ...RequestOption) (*DataIntegrationAuthorizeURLResponse, error)

AuthorizeDataIntegration get authorization URL Generates an OAuth authorization URL to initiate the connection flow for a user. Redirect the user to the returned URL to begin the OAuth flow with the third-party provider.

func (*PipeService) CreateDataIntegrationToken 

func (s *PipeService) CreateDataIntegrationToken(ctx context.Context, slug string, params *PipesCreateDataIntegrationTokenParams, opts ...RequestOption) (*DataIntegrationAccessTokenResponse, error)

CreateDataIntegrationToken get an access token for a connected account Fetches a valid OAuth access token for a user's connected account. WorkOS automatically handles token refresh, ensuring you always receive a valid, non-expired token.

func (*PipeService) DeleteUserConnectedAccount 

func (s *PipeService) DeleteUserConnectedAccount(ctx context.Context, userID string, slug string, params *PipesDeleteUserConnectedAccountParams, opts ...RequestOption) error

DeleteUserConnectedAccount delete a connected account Disconnects WorkOS's account for the user, including removing any stored access and refresh tokens. The user will need to reauthorize if they want to reconnect. This does not revoke access on the provider side.

func (*PipeService) GetUserConnectedAccount 

func (s *PipeService) GetUserConnectedAccount(ctx context.Context, userID string, slug string, params *PipesGetUserConnectedAccountParams, opts ...RequestOption) (*ConnectedAccount, error)

GetUserConnectedAccount get a connected account Retrieves a user's [connected account](https://workos.com/docs/reference/pipes/connected-account) for a specific provider.

func (*PipeService) ListUserDataProviders 

func (s *PipeService) ListUserDataProviders(ctx context.Context, userID string, params *PipesListUserDataProvidersParams, opts ...RequestOption) (*DataIntegrationsListResponse, error)

ListUserDataProviders list providers Retrieves a list of available providers and the user's connection status for each. Returns all providers configured for your environment, along with the user's [connected account](https://workos.com/docs/reference/pipes/connected-account) information where applicable.

type PipesAuthorizeDataIntegrationParams 

type PipesAuthorizeDataIntegrationParams struct {
	// UserID is the ID of the user to authorize.
	UserID string `json:"user_id"`
	// OrganizationID is an organization ID to scope the authorization to a specific organization.
	OrganizationID *string `json:"organization_id,omitempty"`
	// ReturnTo is the URL to redirect the user to after authorization.
	ReturnTo *string `json:"return_to,omitempty"`
}

PipesAuthorizeDataIntegrationParams contains the parameters for AuthorizeDataIntegration.

type PipesCreateDataIntegrationTokenParams 

type PipesCreateDataIntegrationTokenParams struct {
	// UserID is a [User](https://workos.com/docs/reference/authkit/user) identifier.
	UserID string `json:"user_id"`
	// OrganizationID is an [Organization](https://workos.com/docs/reference/organization) identifier. Optional parameter to scope the connection to a specific organization.
	OrganizationID *string `json:"organization_id,omitempty"`
}

PipesCreateDataIntegrationTokenParams contains the parameters for CreateDataIntegrationToken.

type PipesDeleteUserConnectedAccountParams 

type PipesDeleteUserConnectedAccountParams struct {
	// OrganizationID is an [Organization](https://workos.com/docs/reference/organization) identifier. Optional parameter if the connection is scoped to an organization.
	OrganizationID *string `url:"organization_id,omitempty" json:"-"`
}

PipesDeleteUserConnectedAccountParams contains the parameters for DeleteUserConnectedAccount.

type PipesGetUserConnectedAccountParams 

type PipesGetUserConnectedAccountParams struct {
	// OrganizationID is an [Organization](https://workos.com/docs/reference/organization) identifier. Optional parameter if the connection is scoped to an organization.
	OrganizationID *string `url:"organization_id,omitempty" json:"-"`
}

PipesGetUserConnectedAccountParams contains the parameters for GetUserConnectedAccount.

type PipesListUserDataProvidersParams 

type PipesListUserDataProvidersParams struct {
	// OrganizationID is an [Organization](https://workos.com/docs/reference/organization) identifier. Optional parameter to filter connections for a specific organization.
	OrganizationID *string `url:"organization_id,omitempty" json:"-"`
}

PipesListUserDataProvidersParams contains the parameters for ListUserDataProviders.

type PortalLinkResponse 

type PortalLinkResponse struct {
	// Link is an ephemeral link to initiate the Admin Portal.
	Link string `json:"link"`
}

PortalLinkResponse represents a portal link response.

type Profile 

type Profile struct {
	// Object distinguishes the profile object.
	Object string `json:"object"`
	// ID is unique identifier of the profile.
	ID string `json:"id"`
	// OrganizationID is the ID of the organization the user belongs to.
	OrganizationID *string `json:"organization_id"`
	// ConnectionID is the ID of the SSO connection used for authentication.
	ConnectionID string `json:"connection_id"`
	// ConnectionType is the type of SSO connection.
	ConnectionType ProfileConnectionType `json:"connection_type"`
	// IdpID is the user's unique identifier from the identity provider.
	IdpID string `json:"idp_id"`
	// Email is the user's email address.
	Email string `json:"email"`
	// FirstName is the user's first name.
	FirstName *string `json:"first_name"`
	// LastName is the user's last name.
	LastName *string `json:"last_name"`
	// Role is the role assigned to the user within the organization, if applicable.
	Role *SlimRole `json:"role,omitempty"`
	// Roles is the roles assigned to the user within the organization, if applicable.
	Roles []*SlimRole `json:"roles,omitempty"`
	// Groups is the groups the user belongs to, as returned by the identity provider.
	Groups []string `json:"groups,omitempty"`
	// CustomAttributes is custom attribute mappings defined for the connection, returned as key-value pairs.
	CustomAttributes map[string]interface{} `json:"custom_attributes,omitempty"`
	// RawAttributes is the complete set of raw attributes returned by the identity provider.
	RawAttributes map[string]interface{} `json:"raw_attributes"`
}

Profile represents a profile.

type ProfileConnectionType 

type ProfileConnectionType = ConnectionType

ProfileConnectionType is an alias for ConnectionType.

type PublicClient 

type PublicClient struct {
	// contains filtered or unexported fields
}

PublicClient is a client that only supports PKCE-based flows (no API key / client secret). It exposes only the helper surface suitable for public/browser clients.

func NewPublicClient 

func NewPublicClient(clientID string, opts ...PublicClientOption) *PublicClient

NewPublicClient creates a public client that only supports PKCE flows. No API key is required.

func (*PublicClient) GetAuthorizationURL 

func (p *PublicClient) GetAuthorizationURL(params AuthKitAuthorizationURLParams) (*AuthKitPKCEAuthorizationURLResult, error)

GetAuthorizationURL builds an AuthKit authorization URL with auto-generated PKCE. Returns the authorization URL and the PKCE code verifier that should be stored securely for the token exchange step.

func (*PublicClient) GetSSOAuthorizationURL 

func (p *PublicClient) GetSSOAuthorizationURL(params SSOAuthorizationURLParams) (*SSOPKCEAuthorizationURLResult, error)

GetSSOAuthorizationURL builds an SSO authorization URL with auto-generated PKCE. Returns the authorization URL and the PKCE code verifier that should be stored securely for the token exchange step.

type PublicClientOption 

type PublicClientOption func(*publicClientConfig)

PublicClientOption configures a PublicClient.

func WithPublicClientBaseURL 

func WithPublicClientBaseURL(baseURL string) PublicClientOption

WithPublicClientBaseURL sets a custom base URL for the public client.

type RadarAction 

type RadarAction string

RadarAction represents radar action values. 

const (
	RadarActionBlock RadarAction = "block"
	RadarActionAllow RadarAction = "allow"
)

type RadarAddListEntryParams 

type RadarAddListEntryParams struct {
	// Entry is the value to add to the list. Must match the format of the list type (e.g. a valid IP address for `ip_address`, a valid email for `email`).
	Entry string `json:"entry"`
}

RadarAddListEntryParams contains the parameters for AddListEntry.

type RadarCreateAttemptParams 

type RadarCreateAttemptParams struct {
	// IPAddress is the IP address of the request to assess.
	IPAddress string `json:"ip_address"`
	// UserAgent is the user agent string of the request to assess.
	UserAgent string `json:"user_agent"`
	// Email is the email address of the user making the request.
	Email string `json:"email"`
	// AuthMethod is the authentication method being used.
	AuthMethod RadarStandaloneAssessRequestAuthMethod `json:"auth_method"`
	// Action is the action being performed.
	Action RadarStandaloneAssessRequestAction `json:"action"`
	// DeviceFingerprint is an optional device fingerprint for the request.
	DeviceFingerprint *string `json:"device_fingerprint,omitempty"`
	// BotScore is an optional bot detection score for the request.
	BotScore *string `json:"bot_score,omitempty"`
}

RadarCreateAttemptParams contains the parameters for CreateAttempt.

type RadarListEntryAlreadyPresentResponse 

type RadarListEntryAlreadyPresentResponse struct {
	// Message is a message indicating the entry already exists.
	Message string `json:"message"`
}

RadarListEntryAlreadyPresentResponse represents a radar list entry already present response.

type RadarRemoveListEntryParams 

type RadarRemoveListEntryParams struct {
	// Entry is the value to remove from the list. Must match an existing entry.
	Entry string `json:"entry"`
}

RadarRemoveListEntryParams contains the parameters for RemoveListEntry.

type RadarService 

type RadarService struct {
	// contains filtered or unexported fields
}

RadarService handles Radar operations.

func (*RadarService) AddListEntry 

func (s *RadarService) AddListEntry(ctx context.Context, typeParam RadarType, action RadarAction, params *RadarAddListEntryParams, opts ...RequestOption) (*RadarListEntryAlreadyPresentResponse, error)

AddListEntry add an entry to a Radar list Add an entry to a Radar list.

func (*RadarService) CreateAttempt 

func (s *RadarService) CreateAttempt(ctx context.Context, params *RadarCreateAttemptParams, opts ...RequestOption) (*RadarStandaloneResponse, error)

CreateAttempt create an attempt Assess a request for risk using the Radar engine and receive a verdict.

func (*RadarService) RemoveListEntry 

func (s *RadarService) RemoveListEntry(ctx context.Context, typeParam RadarType, action RadarAction, params *RadarRemoveListEntryParams, opts ...RequestOption) error

RemoveListEntry remove an entry from a Radar list Remove an entry from a Radar list.

func (*RadarService) UpdateAttempt 

func (s *RadarService) UpdateAttempt(ctx context.Context, id string, params *RadarUpdateAttemptParams, opts ...RequestOption) error

UpdateAttempt update a Radar attempt You may optionally inform Radar that an authentication attempt or challenge was successful using this endpoint. Some Radar controls depend on tracking recent successful attempts, such as impossible travel.

type RadarStandaloneAssessRequest 

type RadarStandaloneAssessRequest struct {
	// IPAddress is the IP address of the request to assess.
	IPAddress string `json:"ip_address"`
	// UserAgent is the user agent string of the request to assess.
	UserAgent string `json:"user_agent"`
	// Email is the email address of the user making the request.
	Email string `json:"email"`
	// AuthMethod is the authentication method being used.
	AuthMethod RadarStandaloneAssessRequestAuthMethod `json:"auth_method"`
	// Action is the action being performed.
	Action RadarStandaloneAssessRequestAction `json:"action"`
	// DeviceFingerprint is an optional device fingerprint for the request.
	DeviceFingerprint *string `json:"device_fingerprint,omitempty"`
	// BotScore is an optional bot detection score for the request.
	BotScore *string `json:"bot_score,omitempty"`
}

RadarStandaloneAssessRequest represents a radar standalone assess request.

type RadarStandaloneAssessRequestAction 

type RadarStandaloneAssessRequestAction string

RadarStandaloneAssessRequestAction represents radar standalone assess request action values. 

const (
	RadarStandaloneAssessRequestActionLogin   RadarStandaloneAssessRequestAction = "login"
	RadarStandaloneAssessRequestActionSignup  RadarStandaloneAssessRequestAction = "signup"
	RadarStandaloneAssessRequestActionSignUp  RadarStandaloneAssessRequestAction = "sign-up"
	RadarStandaloneAssessRequestActionSignIn  RadarStandaloneAssessRequestAction = "sign-in"
	RadarStandaloneAssessRequestActionSignUp2 RadarStandaloneAssessRequestAction = "sign_up"
	RadarStandaloneAssessRequestActionSignIn2 RadarStandaloneAssessRequestAction = "sign_in"
	RadarStandaloneAssessRequestActionSignIn3 RadarStandaloneAssessRequestAction = "sign in"
	RadarStandaloneAssessRequestActionSignUp3 RadarStandaloneAssessRequestAction = "sign up"
)

type RadarStandaloneAssessRequestAuthMethod 

type RadarStandaloneAssessRequestAuthMethod string

RadarStandaloneAssessRequestAuthMethod represents radar standalone assess request auth method values. 

const (
	RadarStandaloneAssessRequestAuthMethodPassword      RadarStandaloneAssessRequestAuthMethod = "Password"
	RadarStandaloneAssessRequestAuthMethodPasskey       RadarStandaloneAssessRequestAuthMethod = "Passkey"
	RadarStandaloneAssessRequestAuthMethodAuthenticator RadarStandaloneAssessRequestAuthMethod = "Authenticator"
	RadarStandaloneAssessRequestAuthMethodSmsOtp        RadarStandaloneAssessRequestAuthMethod = "SMS_OTP"
	RadarStandaloneAssessRequestAuthMethodEmailOtp      RadarStandaloneAssessRequestAuthMethod = "Email_OTP"
	RadarStandaloneAssessRequestAuthMethodSocial        RadarStandaloneAssessRequestAuthMethod = "Social"
	RadarStandaloneAssessRequestAuthMethodSSO           RadarStandaloneAssessRequestAuthMethod = "SSO"
	RadarStandaloneAssessRequestAuthMethodOther         RadarStandaloneAssessRequestAuthMethod = "Other"
)

type RadarStandaloneDeleteRadarListEntryRequest 

type RadarStandaloneDeleteRadarListEntryRequest struct {
	// Entry is the value to remove from the list. Must match an existing entry.
	Entry string `json:"entry"`
}

RadarStandaloneDeleteRadarListEntryRequest represents a radar standalone delete radar list entry request.

type RadarStandaloneResponse 

type RadarStandaloneResponse struct {
	// Verdict is the verdict of the risk assessment.
	Verdict RadarStandaloneResponseVerdict `json:"verdict"`
	// Reason is a human-readable reason for the verdict.
	Reason string `json:"reason"`
	// AttemptID is unique identifier of the authentication attempt.
	AttemptID string `json:"attempt_id"`
	// Control is the Radar control that triggered the verdict. Only present if the verdict is `block` or `challenge`.
	Control *RadarStandaloneResponseControl `json:"control,omitempty"`
	// BlocklistType is the type of blocklist entry that triggered the verdict. Only present if the control is `restriction`.
	BlocklistType *RadarStandaloneResponseBlocklistType `json:"blocklist_type,omitempty"`
}

RadarStandaloneResponse represents a radar standalone response.

type RadarStandaloneResponseBlocklistType 

type RadarStandaloneResponseBlocklistType string

RadarStandaloneResponseBlocklistType represents radar standalone response blocklist type values. 

const (
	RadarStandaloneResponseBlocklistTypeIPAddress         RadarStandaloneResponseBlocklistType = "ip_address"
	RadarStandaloneResponseBlocklistTypeDomain            RadarStandaloneResponseBlocklistType = "domain"
	RadarStandaloneResponseBlocklistTypeEmail             RadarStandaloneResponseBlocklistType = "email"
	RadarStandaloneResponseBlocklistTypeDevice            RadarStandaloneResponseBlocklistType = "device"
	RadarStandaloneResponseBlocklistTypeUserAgent         RadarStandaloneResponseBlocklistType = "user_agent"
	RadarStandaloneResponseBlocklistTypeDeviceFingerprint RadarStandaloneResponseBlocklistType = "device_fingerprint"
	RadarStandaloneResponseBlocklistTypeCountry           RadarStandaloneResponseBlocklistType = "country"
)

type RadarStandaloneResponseControl 

type RadarStandaloneResponseControl string

RadarStandaloneResponseControl represents radar standalone response control values. 

const (
	RadarStandaloneResponseControlBotDetection          RadarStandaloneResponseControl = "bot_detection"
	RadarStandaloneResponseControlBruteForceAttack      RadarStandaloneResponseControl = "brute_force_attack"
	RadarStandaloneResponseControlCredentialStuffing    RadarStandaloneResponseControl = "credential_stuffing"
	RadarStandaloneResponseControlDomainSignUpRateLimit RadarStandaloneResponseControl = "domain_sign_up_rate_limit"
	RadarStandaloneResponseControlIPSignUpRateLimit     RadarStandaloneResponseControl = "ip_sign_up_rate_limit"
	RadarStandaloneResponseControlImpossibleTravel      RadarStandaloneResponseControl = "impossible_travel"
	RadarStandaloneResponseControlRepeatSignUp          RadarStandaloneResponseControl = "repeat_sign_up"
	RadarStandaloneResponseControlStaleAccount          RadarStandaloneResponseControl = "stale_account"
	RadarStandaloneResponseControlUnrecognizedDevice    RadarStandaloneResponseControl = "unrecognized_device"
	RadarStandaloneResponseControlRestriction           RadarStandaloneResponseControl = "restriction"
)

type RadarStandaloneResponseVerdict 

type RadarStandaloneResponseVerdict string

RadarStandaloneResponseVerdict represents radar standalone response verdict values. 

const (
	RadarStandaloneResponseVerdictAllow     RadarStandaloneResponseVerdict = "allow"
	RadarStandaloneResponseVerdictBlock     RadarStandaloneResponseVerdict = "block"
	RadarStandaloneResponseVerdictChallenge RadarStandaloneResponseVerdict = "challenge"
)

type RadarStandaloneUpdateRadarAttemptRequest 

type RadarStandaloneUpdateRadarAttemptRequest struct {
	// ChallengeStatus is set to `"success"` to mark the challenge as completed.
	ChallengeStatus *string `json:"challenge_status,omitempty"`
	// AttemptStatus is set to `"success"` to mark the authentication attempt as successful.
	AttemptStatus *string `json:"attempt_status,omitempty"`
}

RadarStandaloneUpdateRadarAttemptRequest represents a radar standalone update radar attempt request.

type RadarStandaloneUpdateRadarListRequest 

type RadarStandaloneUpdateRadarListRequest = RadarStandaloneDeleteRadarListEntryRequest

RadarStandaloneUpdateRadarListRequest is an alias for RadarStandaloneDeleteRadarListEntryRequest.

type RadarType 

type RadarType = RadarStandaloneResponseBlocklistType

RadarType is an alias for RadarStandaloneResponseBlocklistType.

type RadarUpdateAttemptParams 

type RadarUpdateAttemptParams struct {
	// ChallengeStatus is set to `"success"` to mark the challenge as completed.
	ChallengeStatus *string `json:"challenge_status,omitempty"`
	// AttemptStatus is set to `"success"` to mark the authentication attempt as successful.
	AttemptStatus *string `json:"attempt_status,omitempty"`
}

RadarUpdateAttemptParams contains the parameters for UpdateAttempt.

type RateLimitExceededError 

type RateLimitExceededError struct {
	*APIError
}

RateLimitExceededError represents 429 rate limit errors.

func (*RateLimitExceededError) Error 

func (e *RateLimitExceededError) Error() string

func (*RateLimitExceededError) Unwrap 

func (e *RateLimitExceededError) Unwrap() error

type RedirectURI 

type RedirectURI struct {
	// Object is the object type.
	Object string `json:"object"`
	// ID is the ID of the redirect URI.
	ID string `json:"id"`
	// URI is the redirect URI.
	URI string `json:"uri"`
	// Default is whether this is the default redirect URI.
	Default bool `json:"default"`
	// CreatedAt is the timestamp when the redirect URI was created.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is the timestamp when the redirect URI was last updated.
	UpdatedAt string `json:"updated_at"`
}

RedirectURI represents a redirect uri.

type RedirectURIInput 

type RedirectURIInput struct {
	// URI is the redirect URI.
	URI string `json:"uri"`
	// Default is whether this is the default redirect URI.
	Default *bool `json:"default,omitempty"`
}

RedirectURIInput represents a redirect uri input.

type RefreshSessionResult 

type RefreshSessionResult struct {
	Authenticated bool
	SealedSession string
	Session       *SessionData
	Reason        string
}

RefreshSessionResult holds the result of refreshing a session.

type RefreshTokenSessionAuthenticateRequest 

type RefreshTokenSessionAuthenticateRequest struct {
	// ClientID is the client ID of the application.
	ClientID string `json:"client_id"`
	// ClientSecret is the client secret of the application.
	ClientSecret string `json:"client_secret"`
	GrantType    string `json:"grant_type"`
	// RefreshToken is the refresh token to exchange for new tokens.
	RefreshToken string `json:"refresh_token"`
	// OrganizationID is the ID of the organization to scope the session to.
	OrganizationID *string `json:"organization_id,omitempty"`
	// IPAddress is the IP address of the user's request.
	IPAddress *string `json:"ip_address,omitempty"`
	// DeviceID is a unique identifier for the device.
	DeviceID *string `json:"device_id,omitempty"`
	// UserAgent is the user agent string from the user's browser.
	UserAgent *string `json:"user_agent,omitempty"`
}

RefreshTokenSessionAuthenticateRequest represents a refresh token session authenticate request.

type RemoveRole 

type RemoveRole = AssignRole

RemoveRole is an alias for AssignRole.

type RequestOption 

type RequestOption func(*requestConfig)

RequestOption configures a single API request.

func WithExtraHeaders 

func WithExtraHeaders(h http.Header) RequestOption

WithExtraHeaders adds extra headers to the request.

func WithIdempotencyKey 

func WithIdempotencyKey(key string) RequestOption

WithIdempotencyKey sets an idempotency key for the request.

func WithRequestBaseURL 

func WithRequestBaseURL(url string) RequestOption

WithRequestBaseURL overrides the base URL for a single request.

func WithRequestMaxRetries 

func WithRequestMaxRetries(n int) RequestOption

WithRequestMaxRetries overrides the max retries for a single request.

func WithTimeout 

func WithTimeout(d time.Duration) RequestOption

WithTimeout sets a timeout for the request.

type ResendUserInviteOptions 

type ResendUserInviteOptions struct {
	// Locale is the locale to use when rendering the invitation email. See [supported locales](https://workos.com/docs/authkit/hosted-ui/localization).
	Locale *ResendUserInviteOptionsLocale `json:"locale,omitempty"`
}

ResendUserInviteOptions represents a resend user invite options.

type ResendUserInviteOptionsLocale 

type ResendUserInviteOptionsLocale = CreateUserInviteOptionsLocale

ResendUserInviteOptionsLocale is an alias for CreateUserInviteOptionsLocale.

type ResetPasswordResponse 

type ResetPasswordResponse struct {
	// User is the user whose password was reset.
	User *User `json:"user"`
}

ResetPasswordResponse represents a reset password response.

type RevokeSession 

type RevokeSession struct {
	// SessionID is the ID of the session to revoke. This can be extracted from the `sid` claim of the access token.
	SessionID string `json:"session_id"`
	// ReturnTo is the URL to redirect the user to after session revocation.
	ReturnTo *string `json:"return_to,omitempty"`
}

RevokeSession represents a revoke session.

type Role 

type Role struct {
	// Slug is a unique slug for the role.
	Slug string `json:"slug"`
	// Object distinguishes the role object.
	Object string `json:"object"`
	// ID is unique identifier of the role.
	ID string `json:"id"`
	// Name is a descriptive name for the role.
	Name string `json:"name"`
	// Description is an optional description of the role.
	Description *string `json:"description"`
	// Type is whether the role is scoped to the environment or an organization (custom role).
	Type RoleType `json:"type"`
	// ResourceTypeSlug is the slug of the resource type the role is scoped to.
	ResourceTypeSlug string `json:"resource_type_slug"`
	// Permissions is the permission slugs assigned to the role.
	Permissions []string `json:"permissions"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

Role represents a role.

type RoleAssignment 

type RoleAssignment struct {
	// Object distinguishes the role assignment object.
	Object string `json:"object"`
	// ID is unique identifier of the role assignment.
	ID string `json:"id"`
	// Role is the role included in the assignment.
	Role *SlimRole `json:"role"`
	// Resource is the resource to which the role is assigned.
	Resource *RoleAssignmentResource `json:"resource"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

RoleAssignment represents a role assignment.

type RoleAssignmentResource 

type RoleAssignmentResource struct {
	// ID is the unique ID of the Resource.
	ID string `json:"id"`
	// ExternalID is an identifier you provide to reference the resource in your system.
	ExternalID string `json:"external_id"`
	// ResourceTypeSlug is the slug of the resource type this resource belongs to.
	ResourceTypeSlug string `json:"resource_type_slug"`
}

RoleAssignmentResource the resource to which the role is assigned.

type RoleCreated 

type RoleCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *RoleCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

RoleCreated represents a role created.

type RoleCreatedData 

type RoleCreatedData struct {
	// Object distinguishes the role object.
	Object string `json:"object"`
	// Slug is the slug identifier of the role.
	Slug string `json:"slug"`
	// ResourceTypeSlug is the slug of the resource type the role applies to.
	ResourceTypeSlug string `json:"resource_type_slug"`
	// Permissions is the permissions granted by the role.
	Permissions []string `json:"permissions,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

RoleCreatedData the event payload.

type RoleDeleted 

type RoleDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *RoleDeletedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

RoleDeleted represents a role deleted.

type RoleDeletedData 

type RoleDeletedData = RoleCreatedData

RoleDeletedData is an alias for RoleCreatedData.

type RoleList 

type RoleList struct {
	Object string `json:"object"`
	// Data is the list of records for the current page.
	Data []*Role `json:"data"`
}

RoleList represents a role list.

type RoleType 

type RoleType string

RoleType represents role type values. 

const (
	RoleTypeEnvironmentRole  RoleType = "EnvironmentRole"
	RoleTypeOrganizationRole RoleType = "OrganizationRole"
)

type RoleUpdated 

type RoleUpdated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *RoleUpdatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

RoleUpdated represents a role updated.

type RoleUpdatedData 

type RoleUpdatedData = RoleCreatedData

RoleUpdatedData is an alias for RoleCreatedData.

type SSOAuthorizationURLParams 

type SSOAuthorizationURLParams struct {
	RedirectURI         string
	ClientID            string // if empty, uses client's configured clientID
	Provider            *string
	ConnectionID        *string
	OrganizationID      *string
	DomainHint          *string
	LoginHint           *string
	State               *string
	CodeChallenge       *string
	CodeChallengeMethod *string
}

SSOAuthorizationURLParams are parameters for building an SSO authorization URL.

type SSOAuthorizeLogoutParams 

type SSOAuthorizeLogoutParams struct {
	// ProfileID is the unique ID of the profile to log out.
	ProfileID string `json:"profile_id"`
}

SSOAuthorizeLogoutParams contains the parameters for AuthorizeLogout.

type SSOAuthorizeURLResponse 

type SSOAuthorizeURLResponse struct {
	// URL is an OAuth 2.0 authorization URL.
	URL string `json:"url"`
}

SSOAuthorizeURLResponse represents a SSOauth_acr norize url response.

type SSODeviceAuthorizationRequest 

type SSODeviceAuthorizationRequest struct {
	// ClientID is the WorkOS client ID for your application.
	ClientID string `json:"client_id"`
}

SSODeviceAuthorizationRequest represents a SSO device authorization request.

type SSOGetAuthorizationURLParams 

type SSOGetAuthorizationURLParams struct {
	// ProviderScopes is additional scopes to request from the identity provider. Applicable when using OAuth or OpenID Connect connections.
	ProviderScopes []string `url:"provider_scopes,omitempty" json:"-"`
	// ProviderQueryParams is key/value pairs of query parameters to pass to the OAuth provider. Only applicable when using OAuth connections.
	ProviderQueryParams map[string]string `url:"provider_query_params,omitempty" json:"-"`
	// Domain is deprecated. Use `connection` or `organization` instead. Used to initiate SSO for a connection by domain. The domain must be associated with a connection in your WorkOS environment.
	//
	// Deprecated: this parameter is deprecated.
	Domain *string `url:"domain,omitempty" json:"-"`
	// Provider is used to initiate OAuth authentication with Google, Microsoft, GitHub, or Apple.
	Provider *SSOProvider `url:"provider,omitempty" json:"-"`
	// RedirectURI is where to redirect the user after they complete the authentication process. You must use one of the redirect URIs configured via the [Redirects](https://dashboard.workos.com/redirects) page on the dashboard.
	RedirectURI string `url:"redirect_uri" json:"-"`
	// State is an optional parameter that can be used to encode arbitrary information to help restore application state between redirects. If included, the redirect URI received from WorkOS will contain the exact `state` that was passed.
	State *string `url:"state,omitempty" json:"-"`
	// Connection is used to initiate SSO for a connection. The value should be a WorkOS connection ID.
	// You can persist the WorkOS connection ID with application user or team identifiers. WorkOS will use the connection indicated by the connection parameter to direct the user to the corresponding IdP for authentication.
	Connection *string `url:"connection,omitempty" json:"-"`
	// Organization is used to initiate SSO for an organization. The value should be a WorkOS organization ID.
	// You can persist the WorkOS organization ID with application user or team identifiers. WorkOS will use the organization ID to determine the appropriate connection and the IdP to direct the user to for authentication.
	Organization *string `url:"organization,omitempty" json:"-"`
	// DomainHint is can be used to pre-fill the domain field when initiating authentication with Microsoft OAuth or with a Google SAML connection type.
	DomainHint *string `url:"domain_hint,omitempty" json:"-"`
	// LoginHint is can be used to pre-fill the username/email address field of the IdP sign-in page for the user, if you know their username ahead of time. Currently supported for OAuth, OpenID Connect, Okta, and Entra ID connections.
	LoginHint *string `url:"login_hint,omitempty" json:"-"`
	// Nonce is a random string generated by the client that is used to mitigate replay attacks.
	Nonce *string `url:"nonce,omitempty" json:"-"`
}

SSOGetAuthorizationURLParams contains the parameters for GetAuthorizationURL.

type SSOGetLogoutURLParams 

type SSOGetLogoutURLParams struct {
	// Token is the logout token returned from the [Logout Authorize](https://workos.com/docs/reference/sso/logout/authorize) endpoint.
	Token string `url:"token" json:"-"`
}

SSOGetLogoutURLParams contains the parameters for GetLogoutURL.

type SSOGetProfileAndTokenParams 

type SSOGetProfileAndTokenParams struct {
	// Code is the authorization code received from the authorization callback.
	Code string `json:"code" url:"code"`
}

SSOGetProfileAndTokenParams contains the parameters for GetProfileAndToken.

type SSOIntentOptions 

type SSOIntentOptions struct {
	// BookmarkSlug is the bookmark slug to use for SSO.
	BookmarkSlug *string `json:"bookmark_slug,omitempty"`
	// ProviderType is the SSO provider type to configure.
	ProviderType *string `json:"provider_type,omitempty"`
}

SSOIntentOptions represents a SSO intent options.

type SSOListConnectionsParams 

type SSOListConnectionsParams struct {
	PaginationParams
	// ConnectionType is filter Connections by their type.
	ConnectionType *ConnectionsConnectionType `url:"connection_type,omitempty" json:"-"`
	// Domain is filter Connections by their associated domain.
	Domain *string `url:"domain,omitempty" json:"-"`
	// OrganizationID is filter Connections by their associated organization.
	OrganizationID *string `url:"organization_id,omitempty" json:"-"`
	// Search is searchable text to match against Connection names.
	Search *string `url:"search,omitempty" json:"-"`
}

SSOListConnectionsParams contains the parameters for ListConnections.

type SSOLogoutAuthorizeRequest 

type SSOLogoutAuthorizeRequest struct {
	// ProfileID is the unique ID of the profile to log out.
	ProfileID string `json:"profile_id"`
}

SSOLogoutAuthorizeRequest represents a SSO logout authorize request.

type SSOLogoutAuthorizeResponse 

type SSOLogoutAuthorizeResponse struct {
	// LogoutURL is the URL to redirect the user to in order to log out ([Logout Redirect](https://workos.com/docs/reference/sso/logout) endpoint ready to use).
	LogoutURL string `json:"logout_url"`
	// LogoutToken is the logout token to be used in the [Logout Redirect](https://workos.com/docs/reference/sso/logout) endpoint.
	LogoutToken string `json:"logout_token"`
}

SSOLogoutAuthorizeResponse represents a SSO logout authorize response.

type SSOLogoutParams 

type SSOLogoutParams struct {
	SessionID string
	ReturnTo  *string
}

SSOLogoutParams holds parameters for SSO logout.

type SSOPKCEAuthorizationURLResult 

type SSOPKCEAuthorizationURLResult struct {
	URL          string
	CodeVerifier string
	State        string
}

SSOPKCEAuthorizationURLResult holds the URL and PKCE verifier.

type SSOPKCECodeExchangeParams 

type SSOPKCECodeExchangeParams struct {
	Code         string
	CodeVerifier string
}

SSOPKCECodeExchangeParams for SSO PKCE code exchange.

type SSOProvider 

type SSOProvider string

SSOProvider represents SSO provider values. 

const (
	SSOProviderAppleOAuth     SSOProvider = "AppleOAuth"
	SSOProviderGitHubOAuth    SSOProvider = "GitHubOAuth"
	SSOProviderGoogleOAuth    SSOProvider = "GoogleOAuth"
	SSOProviderMicrosoftOAuth SSOProvider = "MicrosoftOAuth"
)

type SSORequiredError 

type SSORequiredError struct {
	*APIError
	Email         string   `json:"email"`
	ConnectionIDs []string `json:"connection_ids"`
}

SSORequiredError occurs when a user must authenticate via SSO.

func (*SSORequiredError) Error 

func (e *SSORequiredError) Error() string

func (*SSORequiredError) Unwrap 

func (e *SSORequiredError) Unwrap() error

type SSOService 

type SSOService struct {
	// contains filtered or unexported fields
}

SSOService handles SSO operations.

func (*SSOService) AuthorizeLogout 

func (s *SSOService) AuthorizeLogout(ctx context.Context, params *SSOAuthorizeLogoutParams, opts ...RequestOption) (*SSOLogoutAuthorizeResponse, error)

AuthorizeLogout logout Authorize You should call this endpoint from your server to generate a logout token which is required for the [Logout Redirect](https://workos.com/docs/reference/sso/logout) endpoint.

func (*SSOService) DeleteConnection 

func (s *SSOService) DeleteConnection(ctx context.Context, id string, opts ...RequestOption) error

DeleteConnection delete a Connection Permanently deletes an existing connection. It cannot be undone.

func (*SSOService) GetAuthorizationURL 

func (s *SSOService) GetAuthorizationURL(params *SSOGetAuthorizationURLParams, opts ...RequestOption) string

GetAuthorizationURL initiate SSO Initiates the single sign-on flow.

func (*SSOService) GetConnection 

func (s *SSOService) GetConnection(ctx context.Context, id string, opts ...RequestOption) (*Connection, error)

GetConnection get a Connection Get the details of an existing connection.

func (*SSOService) GetLogoutURL 

func (s *SSOService) GetLogoutURL(params *SSOGetLogoutURLParams, opts ...RequestOption) string

GetLogoutURL logout Redirect Logout allows to sign out a user from your application by triggering the identity provider sign out flow. This `GET` endpoint should be a redirection, since the identity provider user will be identified in the browser session. Before redirecting to this endpoint, you need to generate a short-lived logout token using the [Logout Authorize](https://workos.com/docs/reference/sso/logout/authorize) endpoint.

func (*SSOService) GetProfile 

func (s *SSOService) GetProfile(ctx context.Context, opts ...RequestOption) (*Profile, error)

GetProfile get a User Profile Exchange an access token for a user's Profile(https://workos.com/docs/reference/sso/profile). Because this profile is returned in the [Get a Profile and Token endpoint](https://workos.com/docs/reference/sso/profile/get-profile-and-token) your application usually does not need to call this endpoint. It is available for any authentication flows that require an additional endpoint to retrieve a user's profile.

func (*SSOService) GetProfileAndToken 

func (s *SSOService) GetProfileAndToken(ctx context.Context, params *SSOGetProfileAndTokenParams, opts ...RequestOption) (*SSOTokenResponse, error)

GetProfileAndToken get a Profile and Token Get an access token along with the user Profile(https://workos.com/docs/reference/sso/profile) using the code passed to your [Redirect URI](https://workos.com/docs/reference/sso/get-authorization-url/redirect-uri).

func (*SSOService) ListConnections 

func (s *SSOService) ListConnections(ctx context.Context, params *SSOListConnectionsParams, opts ...RequestOption) *Iterator[Connection]

ListConnections Get a list of all of your existing connections matching the criteria specified.

type SSOTokenResponse 

type SSOTokenResponse struct {
	// TokenType is the type of token issued.
	TokenType string `json:"token_type"`
	// AccessToken is an access token that can be exchanged for a user profile. Access tokens are short-lived — see the `expires_in` field for the exact lifetime.
	AccessToken string `json:"access_token"`
	// ExpiresIn is the lifetime of the access token in seconds.
	ExpiresIn int `json:"expires_in"`
	// Profile is the user profile returned by the identity provider.
	Profile *Profile `json:"profile"`
	// OAuthTokens is oAuth tokens issued by the identity provider, if available.
	OAuthTokens *SSOTokenResponseOAuthToken `json:"oauth_tokens,omitempty"`
}

SSOTokenResponse represents a SSO token response.

type SSOTokenResponseOAuthToken 

type SSOTokenResponseOAuthToken = AuthenticateResponseOAuthToken

SSOTokenResponseOAuthToken is an alias for AuthenticateResponseOAuthToken.

type SendEmailChange 

type SendEmailChange struct {
	// NewEmail is the new email address to change to.
	NewEmail string `json:"new_email"`
}

SendEmailChange represents a send email change.

type SendVerificationEmailResponse 

type SendVerificationEmailResponse = ResetPasswordResponse

SendVerificationEmailResponse is an alias for ResetPasswordResponse.

type ServerError 

type ServerError struct {
	*APIError
}

ServerError represents 5xx server errors.

func (*ServerError) Error 

func (e *ServerError) Error() string

func (*ServerError) Unwrap 

func (e *ServerError) Unwrap() error

type Session 

type Session struct {
	// contains filtered or unexported fields
}

Session provides session cookie management.

func NewSession 

func NewSession(client *Client, sessionData string, cookiePassword string) *Session

NewSession creates a new Session helper.

func (*Session) Authenticate 

func (s *Session) Authenticate() (*AuthenticateSessionResult, error)

Authenticate validates the session cookie. Unseals the session data, validates that the access token is present, and extracts claims from the JWT payload.

func (*Session) GetLogoutURL 

func (s *Session) GetLogoutURL(ctx context.Context, returnTo string, opts ...RequestOption) (string, error)

GetLogoutURL returns a logout URL for the session. The returnTo parameter is optional — pass an empty string to omit it.

func (*Session) Refresh 

func (s *Session) Refresh(ctx context.Context, opts ...RequestOption) (*RefreshSessionResult, error)

Refresh refreshes the session using the refresh token.

type SessionCreated 

type SessionCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *SessionCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

SessionCreated represents a session created.

type SessionCreatedData 

type SessionCreatedData struct {
	// Object distinguishes the session object.
	Object string `json:"object"`
	// ID is the unique ID of the session.
	ID string `json:"id"`
	// Impersonator is information about the impersonator if this session was created via impersonation.
	Impersonator *SessionCreatedDataImpersonator `json:"impersonator,omitempty"`
	// IPAddress is the IP address from which the session was created.
	IPAddress *string `json:"ip_address"`
	// OrganizationID is the ID of the organization this session is associated with.
	OrganizationID *string `json:"organization_id,omitempty"`
	// UserAgent is the user agent string from the device that created the session.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user this session belongs to.
	UserID string `json:"user_id"`
	// AuthMethod is the authentication method used to create this session.
	AuthMethod SessionCreatedDataAuthMethod `json:"auth_method"`
	// Status is the current status of the session.
	Status SessionCreatedDataStatus `json:"status"`
	// ExpiresAt is the timestamp when the session expires.
	ExpiresAt string `json:"expires_at"`
	// EndedAt is the timestamp when the session ended.
	EndedAt *string `json:"ended_at"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

SessionCreatedData the event payload.

type SessionCreatedDataAuthMethod 

type SessionCreatedDataAuthMethod string

SessionCreatedDataAuthMethod represents session created data auth method values. 

const (
	SessionCreatedDataAuthMethodCrossAppAuth    SessionCreatedDataAuthMethod = "cross_app_auth"
	SessionCreatedDataAuthMethodExternalAuth    SessionCreatedDataAuthMethod = "external_auth"
	SessionCreatedDataAuthMethodImpersonation   SessionCreatedDataAuthMethod = "impersonation"
	SessionCreatedDataAuthMethodMagicCode       SessionCreatedDataAuthMethod = "magic_code"
	SessionCreatedDataAuthMethodMigratedSession SessionCreatedDataAuthMethod = "migrated_session"
	SessionCreatedDataAuthMethodOAuth           SessionCreatedDataAuthMethod = "oauth"
	SessionCreatedDataAuthMethodPasskey         SessionCreatedDataAuthMethod = "passkey"
	SessionCreatedDataAuthMethodPassword        SessionCreatedDataAuthMethod = "password"
	SessionCreatedDataAuthMethodSSO             SessionCreatedDataAuthMethod = "sso"
	SessionCreatedDataAuthMethodUnknown         SessionCreatedDataAuthMethod = "unknown"
)

type SessionCreatedDataImpersonator 

type SessionCreatedDataImpersonator = AuthenticateResponseImpersonator

SessionCreatedDataImpersonator is an alias for AuthenticateResponseImpersonator.

type SessionCreatedDataStatus 

type SessionCreatedDataStatus string

SessionCreatedDataStatus represents session created data status values. 

const (
	SessionCreatedDataStatusActive  SessionCreatedDataStatus = "active"
	SessionCreatedDataStatusExpired SessionCreatedDataStatus = "expired"
	SessionCreatedDataStatusRevoked SessionCreatedDataStatus = "revoked"
)

type SessionData 

type SessionData struct {
	AccessToken  string                            `json:"access_token"`
	RefreshToken string                            `json:"refresh_token"`
	User         *User                             `json:"user,omitempty"`
	Impersonator *AuthenticateResponseImpersonator `json:"impersonator,omitempty"`
}

SessionData represents the unsealed session cookie data.

type SessionRevoked 

type SessionRevoked struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *SessionRevokedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

SessionRevoked represents a session revoked.

type SessionRevokedData 

type SessionRevokedData struct {
	// Object distinguishes the session object.
	Object string `json:"object"`
	// ID is the unique ID of the session.
	ID string `json:"id"`
	// Impersonator is information about the impersonator if this session was created via impersonation.
	Impersonator *SessionRevokedDataImpersonator `json:"impersonator,omitempty"`
	// IPAddress is the IP address from which the session was created.
	IPAddress *string `json:"ip_address"`
	// OrganizationID is the ID of the organization this session is associated with.
	OrganizationID *string `json:"organization_id,omitempty"`
	// UserAgent is the user agent string from the device that created the session.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user this session belongs to.
	UserID string `json:"user_id"`
	// AuthMethod is the authentication method used to create this session.
	AuthMethod SessionRevokedDataAuthMethod `json:"auth_method"`
	// Status is the current status of the session.
	Status SessionRevokedDataStatus `json:"status"`
	// ExpiresAt is the timestamp when the session expires.
	ExpiresAt string `json:"expires_at"`
	// EndedAt is the timestamp when the session ended.
	EndedAt *string `json:"ended_at"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

SessionRevokedData the event payload.

type SessionRevokedDataAuthMethod 

type SessionRevokedDataAuthMethod = SessionCreatedDataAuthMethod

SessionRevokedDataAuthMethod is an alias for SessionCreatedDataAuthMethod.

type SessionRevokedDataImpersonator 

type SessionRevokedDataImpersonator = AuthenticateResponseImpersonator

SessionRevokedDataImpersonator is an alias for AuthenticateResponseImpersonator.

type SessionRevokedDataStatus 

type SessionRevokedDataStatus = SessionCreatedDataStatus

SessionRevokedDataStatus is an alias for SessionCreatedDataStatus.

type SetRolePermissions 

type SetRolePermissions struct {
	// Permissions is the permission slugs to assign to the role.
	Permissions []string `json:"permissions"`
}

SetRolePermissions represents a set role permissions.

type SlimRole 

type SlimRole = AddRolePermission

SlimRole is an alias for AddRolePermission.

type TokenQuery 

type TokenQuery struct {
	// ClientID is the client ID of the WorkOS environment.
	ClientID string `json:"client_id"`
	// ClientSecret is the client secret of the WorkOS environment.
	ClientSecret string `json:"client_secret"`
	// Code is the authorization code received from the authorization callback.
	Code string `json:"code"`
	// GrantType is the grant type for the token request.
	GrantType string `json:"grant_type"`
}

TokenQuery represents a token query.

type UnprocessableEntityError 

type UnprocessableEntityError struct {
	*APIError
}

UnprocessableEntityError represents 422 validation errors.

func (*UnprocessableEntityError) Error 

func (e *UnprocessableEntityError) Error() string

func (*UnprocessableEntityError) Unwrap 

func (e *UnprocessableEntityError) Unwrap() error

type UpdateAuditLogsRetention 

type UpdateAuditLogsRetention struct {
	// RetentionPeriodInDays is the number of days Audit Log events will be retained. Valid values are `30` and `365`.
	RetentionPeriodInDays int `json:"retention_period_in_days"`
}

UpdateAuditLogsRetention represents an update audit logs retention.

type UpdateAuthorizationPermission 

type UpdateAuthorizationPermission struct {
	// Name is a descriptive name for the Permission.
	Name *string `json:"name,omitempty"`
	// Description is an optional description of the Permission.
	Description *string `json:"description,omitempty"`
}

UpdateAuthorizationPermission represents an update authorization permission.

type UpdateAuthorizationResource 

type UpdateAuthorizationResource struct {
	// Name is a display name for the resource.
	Name *string `json:"name,omitempty"`
	// Description is an optional description of the resource.
	Description *string `json:"description,omitempty"`
	// ParentResourceID is the ID of the parent resource. Mutually exclusive with `parent_resource_external_id` and `parent_resource_type_slug`.
	ParentResourceID *string `json:"parent_resource_id,omitempty"`
	// ParentResourceExternalID is the external ID of the parent resource. Required with `parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`.
	ParentResourceExternalID *string `json:"parent_resource_external_id,omitempty"`
	// ParentResourceTypeSlug is the resource type slug of the parent resource. Required with `parent_resource_external_id`. Mutually exclusive with `parent_resource_id`.
	ParentResourceTypeSlug *string `json:"parent_resource_type_slug,omitempty"`
}

UpdateAuthorizationResource represents an update authorization resource.

type UpdateJWTTemplate 

type UpdateJWTTemplate struct {
	// Content is the JWT template content as a Liquid template string.
	Content string `json:"content"`
}

UpdateJWTTemplate represents an update JWT template.

type UpdateOAuthApplication 

type UpdateOAuthApplication struct {
	// Name is the name of the application.
	Name *string `json:"name,omitempty"`
	// Description is a description for the application.
	Description *string `json:"description,omitempty"`
	// Scopes is the OAuth scopes granted to the application.
	Scopes []string `json:"scopes,omitempty"`
	// RedirectURIs is updated redirect URIs for the application. OAuth applications only.
	RedirectURIs []*RedirectURIInput `json:"redirect_uris,omitempty"`
}

UpdateOAuthApplication represents an update OAuth application.

type UpdateOrganization 

type UpdateOrganization struct {
	// Name is the name of the organization.
	Name *string `json:"name,omitempty"`
	// AllowProfilesOutsideOrganization is whether the organization allows profiles from outside the organization to sign in.
	AllowProfilesOutsideOrganization *bool `json:"allow_profiles_outside_organization,omitempty"`
	// Domains is the domains associated with the organization. Deprecated in favor of `domain_data`.
	//
	// Deprecated: Deprecated in favor of `domain_data.
	Domains []string `json:"domains,omitempty"`
	// DomainData is the domains associated with the organization, including verification state.
	DomainData []*OrganizationDomainData `json:"domain_data,omitempty"`
	// StripeCustomerID is the Stripe customer ID associated with the organization.
	StripeCustomerID *string `json:"stripe_customer_id,omitempty"`
	// Metadata is object containing [metadata](https://workos.com/docs/authkit/metadata) key/value pairs associated with the Organization.
	Metadata map[string]string `json:"metadata,omitempty"`
	// ExternalID is an external identifier for the Organization.
	ExternalID *string `json:"external_id,omitempty"`
}

UpdateOrganization represents an update organization.

type UpdateOrganizationRole 

type UpdateOrganizationRole = UpdateAuthorizationPermission

UpdateOrganizationRole is an alias for UpdateAuthorizationPermission.

type UpdateRole 

type UpdateRole = UpdateAuthorizationPermission

UpdateRole is an alias for UpdateAuthorizationPermission.

type UpdateUser 

type UpdateUser struct {
	// Email is the email address of the user.
	Email *string `json:"email,omitempty"`
	// FirstName is the first name of the user.
	FirstName *string `json:"first_name,omitempty"`
	// LastName is the last name of the user.
	LastName *string `json:"last_name,omitempty"`
	// EmailVerified is whether the user's email has been verified.
	EmailVerified *bool `json:"email_verified,omitempty"`
	// Metadata is object containing metadata key/value pairs associated with the user.
	Metadata map[string]string `json:"metadata,omitempty"`
	// ExternalID is the external ID of the user.
	ExternalID *string `json:"external_id,omitempty"`
	// Locale is the user's preferred locale.
	Locale *string `json:"locale,omitempty"`
	// Password is the password to set for the user. Mutually exclusive with `password_hash` and `password_hash_type`.
	Password *string `json:"password,omitempty"`
	// PasswordHash is the hashed password to set for the user. Required with `password_hash_type`. Mutually exclusive with `password`.
	PasswordHash *string `json:"password_hash,omitempty"`
	// PasswordHashType is the algorithm originally used to hash the password, used when providing a `password_hash`. Required with `password_hash`. Mutually exclusive with `password`.
	PasswordHashType *UpdateUserPasswordHashType `json:"password_hash_type,omitempty"`
}

UpdateUser represents an update user.

type UpdateUserOrganizationMembership 

type UpdateUserOrganizationMembership struct {
	// RoleSlug is a single role identifier. Defaults to `member` or the explicit default role. Mutually exclusive with `role_slugs`.
	RoleSlug *string `json:"role_slug,omitempty"`
	// RoleSlugs is an array of role identifiers. Limited to one role when Multiple Roles is disabled. Mutually exclusive with `role_slug`.
	RoleSlugs []string `json:"role_slugs,omitempty"`
}

UpdateUserOrganizationMembership represents an update user organization membership.

type UpdateUserPasswordHashType 

type UpdateUserPasswordHashType = CreateUserPasswordHashType

UpdateUserPasswordHashType is an alias for CreateUserPasswordHashType.

type UpdateWebhookEndpoint 

type UpdateWebhookEndpoint struct {
	// EndpointURL is the HTTPS URL where webhooks will be sent.
	EndpointURL *string `json:"endpoint_url,omitempty"`
	// Status is whether the Webhook Endpoint is enabled or disabled.
	Status *UpdateWebhookEndpointStatus `json:"status,omitempty"`
	// Events is the events that the Webhook Endpoint is subscribed to.
	Events []UpdateWebhookEndpointEvents `json:"events,omitempty"`
}

UpdateWebhookEndpoint represents an update webhook endpoint.

type UpdateWebhookEndpointEvents 

type UpdateWebhookEndpointEvents = CreateWebhookEndpointEvents

UpdateWebhookEndpointEvents is an alias for CreateWebhookEndpointEvents.

type UpdateWebhookEndpointStatus 

type UpdateWebhookEndpointStatus string

UpdateWebhookEndpointStatus represents update webhook endpoint status values. 

const (
	UpdateWebhookEndpointStatusEnabled  UpdateWebhookEndpointStatus = "enabled"
	UpdateWebhookEndpointStatusDisabled UpdateWebhookEndpointStatus = "disabled"
)

type User 

type User = EmailChangeConfirmationUser

User is an alias for EmailChangeConfirmationUser.

type UserAuthenticationFactorEnrollResponse 

type UserAuthenticationFactorEnrollResponse struct {
	// AuthenticationFactor is the [authentication factor](https://workos.com/docs/reference/authkit/mfa/authentication-factor) object that represents the additional authentication method used on top of the existing authentication strategy.
	AuthenticationFactor *AuthenticationFactorEnrolled `json:"authentication_factor"`
	// AuthenticationChallenge is the [authentication challenge](https://workos.com/docs/reference/authkit/mfa/authentication-challenge) object that is used to complete the authentication process.
	AuthenticationChallenge *AuthenticationChallenge `json:"authentication_challenge"`
}

UserAuthenticationFactorEnrollResponse represents a user authentication factor enroll response.

type UserConsentOption 

type UserConsentOption struct {
	// Claim is the claim name for this consent option.
	Claim string `json:"claim"`
	// Type is the type of consent option.
	Type string `json:"type"`
	// Label is a human-readable label for this consent option.
	Label string `json:"label"`
	// Choices is the available choices for this consent option.
	Choices []*UserConsentOptionChoice `json:"choices"`
}

UserConsentOption represents a user consent option.

type UserConsentOptionChoice 

type UserConsentOptionChoice struct {
	// Value is the value of this choice.
	Value *string `json:"value,omitempty"`
	// Label is a human-readable label for this choice.
	Label *string `json:"label,omitempty"`
}

UserConsentOptionChoice represents a user consent option choice.

type UserCreated 

type UserCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *User `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

UserCreated represents a user created.

type UserDeleted 

type UserDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *User `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

UserDeleted represents a user deleted.

type UserIdentitiesGetItem 

type UserIdentitiesGetItem struct {
	// IdpID is the unique ID of the user in the external identity provider.
	IdpID string `json:"idp_id"`
	// Type is the type of the identity.
	Type string `json:"type"`
	// Provider is the type of OAuth provider for the identity.
	Provider UserIdentitiesGetItemProvider `json:"provider"`
}

UserIdentitiesGetItem represents a user identities get item.

type UserIdentitiesGetItemProvider 

type UserIdentitiesGetItemProvider string

UserIdentitiesGetItemProvider represents user identities get item provider values. 

const (
	UserIdentitiesGetItemProviderAppleOAuth             UserIdentitiesGetItemProvider = "AppleOAuth"
	UserIdentitiesGetItemProviderBitbucketOAuth         UserIdentitiesGetItemProvider = "BitbucketOAuth"
	UserIdentitiesGetItemProviderDiscordOAuth           UserIdentitiesGetItemProvider = "DiscordOAuth"
	UserIdentitiesGetItemProviderGithubOAuth            UserIdentitiesGetItemProvider = "GithubOAuth"
	UserIdentitiesGetItemProviderGitLabOAuth            UserIdentitiesGetItemProvider = "GitLabOAuth"
	UserIdentitiesGetItemProviderGoogleOAuth            UserIdentitiesGetItemProvider = "GoogleOAuth"
	UserIdentitiesGetItemProviderIntuitOAuth            UserIdentitiesGetItemProvider = "IntuitOAuth"
	UserIdentitiesGetItemProviderLinkedInOAuth          UserIdentitiesGetItemProvider = "LinkedInOAuth"
	UserIdentitiesGetItemProviderMicrosoftOAuth         UserIdentitiesGetItemProvider = "MicrosoftOAuth"
	UserIdentitiesGetItemProviderSalesforceOAuth        UserIdentitiesGetItemProvider = "SalesforceOAuth"
	UserIdentitiesGetItemProviderSlackOAuth             UserIdentitiesGetItemProvider = "SlackOAuth"
	UserIdentitiesGetItemProviderVercelMarketplaceOAuth UserIdentitiesGetItemProvider = "VercelMarketplaceOAuth"
	UserIdentitiesGetItemProviderVercelOAuth            UserIdentitiesGetItemProvider = "VercelOAuth"
	UserIdentitiesGetItemProviderXeroOAuth              UserIdentitiesGetItemProvider = "XeroOAuth"
)

type UserInvite 

type UserInvite struct {
	// Object distinguishes the invitation object.
	Object string `json:"object"`
	// ID is the unique ID of the invitation.
	ID string `json:"id"`
	// Email is the email address of the recipient.
	Email string `json:"email"`
	// State is the state of the invitation.
	State UserInviteState `json:"state"`
	// AcceptedAt is the timestamp when the invitation was accepted, or null if not yet accepted.
	AcceptedAt *string `json:"accepted_at"`
	// RevokedAt is the timestamp when the invitation was revoked, or null if not revoked.
	RevokedAt *string `json:"revoked_at"`
	// ExpiresAt is the timestamp when the invitation expires.
	ExpiresAt string `json:"expires_at"`
	// OrganizationID is the ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join.
	OrganizationID *string `json:"organization_id"`
	// InviterUserID is the ID of the user who invited the recipient, if provided.
	InviterUserID *string `json:"inviter_user_id"`
	// AcceptedUserID is the ID of the user who accepted the invitation, once accepted.
	AcceptedUserID *string `json:"accepted_user_id"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// Token is the token used to accept the invitation.
	Token string `json:"token"`
	// AcceptInvitationURL is the URL where the recipient can accept the invitation.
	AcceptInvitationURL string `json:"accept_invitation_url"`
}

UserInvite represents a user invite.

type UserInviteState 

type UserInviteState = InvitationAcceptedDataState

UserInviteState is an alias for InvitationAcceptedDataState.

type UserManagementAuthenticateWithCodeParams 

type UserManagementAuthenticateWithCodeParams struct {
	// Code is the authorization code received from the redirect.
	Code string `json:"code"`
	// CodeVerifier is the PKCE code verifier used to derive the code challenge passed to the authorization URL.
	CodeVerifier *string `json:"code_verifier,omitempty"`
	// InvitationToken is an invitation token to accept during authentication.
	InvitationToken *string `json:"invitation_token,omitempty"`
	// IPAddress is the IP address of the user's request.
	IPAddress *string `json:"ip_address,omitempty"`
	// DeviceID is a unique identifier for the device.
	DeviceID *string `json:"device_id,omitempty"`
	// UserAgent is the user agent string from the user's browser.
	UserAgent *string `json:"user_agent,omitempty"`
}

UserManagementAuthenticateWithCodeParams contains the parameters for AuthenticateWithCode.

type UserManagementAuthenticateWithDeviceCodeParams 

type UserManagementAuthenticateWithDeviceCodeParams struct {
	DeviceCode string  `json:"device_code"`
	IPAddress  *string `json:"ip_address,omitempty"`
	DeviceID   *string `json:"device_id,omitempty"`
	UserAgent  *string `json:"user_agent,omitempty"`
}

UserManagementAuthenticateWithDeviceCodeParams contains the parameters for AuthenticateWithDeviceCode.

type UserManagementAuthenticateWithEmailVerificationParams 

type UserManagementAuthenticateWithEmailVerificationParams struct {
	Code                       string  `json:"code"`
	PendingAuthenticationToken string  `json:"pending_authentication_token"`
	IPAddress                  *string `json:"ip_address,omitempty"`
	DeviceID                   *string `json:"device_id,omitempty"`
	UserAgent                  *string `json:"user_agent,omitempty"`
}

UserManagementAuthenticateWithEmailVerificationParams contains the parameters for AuthenticateWithEmailVerification.

type UserManagementAuthenticateWithMagicAuthParams 

type UserManagementAuthenticateWithMagicAuthParams struct {
	Code            string  `json:"code"`
	Email           string  `json:"email"`
	InvitationToken *string `json:"invitation_token,omitempty"`
	IPAddress       *string `json:"ip_address,omitempty"`
	DeviceID        *string `json:"device_id,omitempty"`
	UserAgent       *string `json:"user_agent,omitempty"`
}

UserManagementAuthenticateWithMagicAuthParams contains the parameters for AuthenticateWithMagicAuth.

type UserManagementAuthenticateWithOrganizationSelectionParams 

type UserManagementAuthenticateWithOrganizationSelectionParams struct {
	PendingAuthenticationToken string  `json:"pending_authentication_token"`
	OrganizationID             string  `json:"organization_id"`
	IPAddress                  *string `json:"ip_address,omitempty"`
	DeviceID                   *string `json:"device_id,omitempty"`
	UserAgent                  *string `json:"user_agent,omitempty"`
}

UserManagementAuthenticateWithOrganizationSelectionParams contains the parameters for AuthenticateWithOrganizationSelection.

type UserManagementAuthenticateWithPasswordParams 

type UserManagementAuthenticateWithPasswordParams struct {
	// Email is the user's email address.
	Email string `json:"email"`
	// Password is the user's password.
	Password string `json:"password"`
	// InvitationToken is an invitation token to accept during authentication.
	InvitationToken *string `json:"invitation_token,omitempty"`
	// IPAddress is the IP address of the user's request.
	IPAddress *string `json:"ip_address,omitempty"`
	// DeviceID is a unique identifier for the device.
	DeviceID *string `json:"device_id,omitempty"`
	// UserAgent is the user agent string from the user's browser.
	UserAgent *string `json:"user_agent,omitempty"`
}

UserManagementAuthenticateWithPasswordParams contains the parameters for AuthenticateWithPassword.

type UserManagementAuthenticateWithRefreshTokenParams 

type UserManagementAuthenticateWithRefreshTokenParams struct {
	// RefreshToken is the refresh token to exchange for new tokens.
	RefreshToken string `json:"refresh_token"`
	// OrganizationID is the ID of the organization to scope the session to.
	OrganizationID *string `json:"organization_id,omitempty"`
	// IPAddress is the IP address of the user's request.
	IPAddress *string `json:"ip_address,omitempty"`
	// DeviceID is a unique identifier for the device.
	DeviceID *string `json:"device_id,omitempty"`
	// UserAgent is the user agent string from the user's browser.
	UserAgent *string `json:"user_agent,omitempty"`
}

UserManagementAuthenticateWithRefreshTokenParams contains the parameters for AuthenticateWithRefreshToken.

type UserManagementAuthenticateWithTOTPParams 

type UserManagementAuthenticateWithTOTPParams struct {
	Code                       string  `json:"code"`
	PendingAuthenticationToken string  `json:"pending_authentication_token"`
	AuthenticationChallengeID  string  `json:"authentication_challenge_id"`
	IPAddress                  *string `json:"ip_address,omitempty"`
	DeviceID                   *string `json:"device_id,omitempty"`
	UserAgent                  *string `json:"user_agent,omitempty"`
}

UserManagementAuthenticateWithTOTPParams contains the parameters for AuthenticateWithTOTP.

type UserManagementAuthenticationProvider 

type UserManagementAuthenticationProvider string

UserManagementAuthenticationProvider represents user management authentication provider values. 

const (
	UserManagementAuthenticationProviderAuthkit        UserManagementAuthenticationProvider = "authkit"
	UserManagementAuthenticationProviderAppleOAuth     UserManagementAuthenticationProvider = "AppleOAuth"
	UserManagementAuthenticationProviderGitHubOAuth    UserManagementAuthenticationProvider = "GitHubOAuth"
	UserManagementAuthenticationProviderGoogleOAuth    UserManagementAuthenticationProvider = "GoogleOAuth"
	UserManagementAuthenticationProviderMicrosoftOAuth UserManagementAuthenticationProvider = "MicrosoftOAuth"
)

type UserManagementAuthenticationScreenHint 

type UserManagementAuthenticationScreenHint string

UserManagementAuthenticationScreenHint represents user management authentication screen hint values. 

const (
	UserManagementAuthenticationScreenHintSignUp UserManagementAuthenticationScreenHint = "sign-up"
	UserManagementAuthenticationScreenHintSignIn UserManagementAuthenticationScreenHint = "sign-in"
)

type UserManagementConfirmEmailChangeParams 

type UserManagementConfirmEmailChangeParams struct {
	// Code is the one-time code used to confirm the email change.
	Code string `json:"code"`
}

UserManagementConfirmEmailChangeParams contains the parameters for ConfirmEmailChange.

type UserManagementConfirmPasswordResetParams 

type UserManagementConfirmPasswordResetParams struct {
	// Token is the password reset token.
	Token string `json:"token"`
	// NewPassword is the new password to set for the user.
	NewPassword string `json:"new_password"`
}

UserManagementConfirmPasswordResetParams contains the parameters for ConfirmPasswordReset.

type UserManagementCreateCORSOriginParams 

type UserManagementCreateCORSOriginParams struct {
	// Origin is the origin URL to allow for CORS requests.
	Origin string `json:"origin"`
}

UserManagementCreateCORSOriginParams contains the parameters for CreateCORSOrigin.

type UserManagementCreateDeviceParams 

type UserManagementCreateDeviceParams struct {
	// ClientID is the WorkOS client ID for your application.
	ClientID string `json:"client_id"`
}

UserManagementCreateDeviceParams contains the parameters for CreateDevice.

type UserManagementCreateMagicAuthParams 

type UserManagementCreateMagicAuthParams struct {
	// Email is the email address to send the magic code to.
	Email string `json:"email"`
	// InvitationToken is the invitation token to associate with this magic code.
	InvitationToken *string `json:"invitation_token,omitempty"`
}

UserManagementCreateMagicAuthParams contains the parameters for CreateMagicAuth.

type UserManagementCreateOrganizationMembershipParams 

type UserManagementCreateOrganizationMembershipParams struct {
	// UserID is the ID of the [user](https://workos.com/docs/reference/authkit/user).
	UserID string `json:"user_id"`
	// OrganizationID is the ID of the [organization](https://workos.com/docs/reference/organization) which the user belongs to.
	OrganizationID string `json:"organization_id"`
	// Role optionally identifies the role.
	Role UserManagementRole `url:"-" json:"-"`
}

UserManagementCreateOrganizationMembershipParams contains the parameters for CreateOrganizationMembership.

func (UserManagementCreateOrganizationMembershipParams) MarshalJSON 

func (p UserManagementCreateOrganizationMembershipParams) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for UserManagementCreateOrganizationMembershipParams.

type UserManagementCreateParams 

type UserManagementCreateParams struct {
	// Email is the email address of the user.
	Email string `json:"email"`
	// FirstName is the first name of the user.
	FirstName *string `json:"first_name,omitempty"`
	// LastName is the last name of the user.
	LastName *string `json:"last_name,omitempty"`
	// EmailVerified is whether the user's email has been verified.
	EmailVerified *bool `json:"email_verified,omitempty"`
	// Metadata is object containing metadata key/value pairs associated with the user.
	Metadata map[string]string `json:"metadata,omitempty"`
	// ExternalID is the external ID of the user.
	ExternalID *string `json:"external_id,omitempty"`
	// Password optionally identifies the password.
	Password UserManagementPassword `url:"-" json:"-"`
}

UserManagementCreateParams contains the parameters for Create.

func (UserManagementCreateParams) MarshalJSON 

func (p UserManagementCreateParams) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for UserManagementCreateParams.

type UserManagementCreateRedirectURIParams 

type UserManagementCreateRedirectURIParams struct {
	// URI is the redirect URI to create.
	URI string `json:"uri"`
}

UserManagementCreateRedirectURIParams contains the parameters for CreateRedirectURI.

type UserManagementGetAuthorizationURLParams 

type UserManagementGetAuthorizationURLParams struct {
	// CodeChallengeMethod is the only valid PKCE code challenge method is `"S256"`. Required when specifying a `code_challenge`.
	CodeChallengeMethod *string `url:"code_challenge_method,omitempty" json:"-"`
	// CodeChallenge is code challenge derived from the code verifier used for the PKCE flow.
	CodeChallenge *string `url:"code_challenge,omitempty" json:"-"`
	// DomainHint is a domain hint for SSO connection lookup.
	DomainHint *string `url:"domain_hint,omitempty" json:"-"`
	// ConnectionID is the ID of an SSO connection to use for authentication.
	ConnectionID *string `url:"connection_id,omitempty" json:"-"`
	// ProviderQueryParams is key/value pairs of query parameters to pass to the OAuth provider.
	ProviderQueryParams map[string]string `url:"provider_query_params,omitempty" json:"-"`
	// ProviderScopes is additional OAuth scopes to request from the identity provider.
	ProviderScopes []string `url:"provider_scopes,omitempty" json:"-"`
	// InvitationToken is a token representing a user invitation to redeem during authentication.
	InvitationToken *string `url:"invitation_token,omitempty" json:"-"`
	// ScreenHint is used to specify which screen to display when the provider is `authkit`.
	// Defaults to "sign-in".
	ScreenHint *UserManagementAuthenticationScreenHint `url:"screen_hint,omitempty" json:"-"`
	// LoginHint is a hint to the authorization server about the login identifier the user might use.
	LoginHint *string `url:"login_hint,omitempty" json:"-"`
	// Provider is the OAuth provider to authenticate with (e.g., GoogleOAuth, MicrosoftOAuth, GitHubOAuth).
	Provider *UserManagementAuthenticationProvider `url:"provider,omitempty" json:"-"`
	// Prompt controls the authentication flow behavior for the user.
	Prompt *string `url:"prompt,omitempty" json:"-"`
	// State is an opaque value used to maintain state between the request and the callback.
	State *string `url:"state,omitempty" json:"-"`
	// OrganizationID is the ID of the organization to authenticate the user against.
	OrganizationID *string `url:"organization_id,omitempty" json:"-"`
	// RedirectURI is the callback URI where the authorization code will be sent after authentication.
	RedirectURI string `url:"redirect_uri" json:"-"`
}

UserManagementGetAuthorizationURLParams contains the parameters for GetAuthorizationURL.

type UserManagementGetLogoutURLParams 

type UserManagementGetLogoutURLParams struct {
	// SessionID is the ID of the session to revoke. This can be extracted from the `sid` claim of the access token.
	SessionID string `url:"session_id" json:"-"`
	// ReturnTo is the URL to redirect the user to after session revocation.
	ReturnTo *string `url:"return_to,omitempty" json:"-"`
}

UserManagementGetLogoutURLParams contains the parameters for GetLogoutURL.

type UserManagementInvitationsOrder 

type UserManagementInvitationsOrder = ApplicationsOrder

UserManagementInvitationsOrder is an alias for ApplicationsOrder.

type UserManagementListAuthorizedApplicationsParams 

type UserManagementListAuthorizedApplicationsParams struct {
	PaginationParams
}

UserManagementListAuthorizedApplicationsParams contains the parameters for ListAuthorizedApplications.

type UserManagementListInvitationsParams 

type UserManagementListInvitationsParams struct {
	PaginationParams
	// OrganizationID is the ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join.
	OrganizationID *string `url:"organization_id,omitempty" json:"-"`
	// Email is the email address of the recipient.
	Email *string `url:"email,omitempty" json:"-"`
}

UserManagementListInvitationsParams contains the parameters for ListInvitations.

type UserManagementListOrganizationMembershipsParams 

type UserManagementListOrganizationMembershipsParams struct {
	PaginationParams
	// OrganizationID is the ID of the [organization](https://workos.com/docs/reference/organization) which the user belongs to.
	OrganizationID *string `url:"organization_id,omitempty" json:"-"`
	// Statuses is filter by the status of the organization membership. Array including any of `active`, `inactive`, or `pending`.
	Statuses []UserManagementOrganizationMembershipStatuses `url:"statuses,omitempty" json:"-"`
	// UserID is the ID of the [user](https://workos.com/docs/reference/authkit/user).
	UserID *string `url:"user_id,omitempty" json:"-"`
}

UserManagementListOrganizationMembershipsParams contains the parameters for ListOrganizationMemberships.

type UserManagementListParams 

type UserManagementListParams struct {
	PaginationParams
	// Organization is filter users by the organization they are a member of. Deprecated in favor of `organization_id`.
	//
	// Deprecated: this parameter is deprecated.
	Organization *string `url:"organization,omitempty" json:"-"`
	// OrganizationID is filter users by the organization they are a member of.
	OrganizationID *string `url:"organization_id,omitempty" json:"-"`
	// Email is filter users by their email address.
	Email *string `url:"email,omitempty" json:"-"`
}

UserManagementListParams contains the parameters for List.

type UserManagementListSessionsParams 

type UserManagementListSessionsParams struct {
	PaginationParams
}

UserManagementListSessionsParams contains the parameters for ListSessions.

type UserManagementLoginRequest 

type UserManagementLoginRequest struct {
	// ExternalAuthID is identifier provided when AuthKit redirected to your login page.
	ExternalAuthID string `json:"external_auth_id"`
	// User is the user to create or update in AuthKit.
	User *UserObject `json:"user"`
	// UserConsentOptions is array of [User Consent Options](https://workos.com/docs/reference/workos-connect/standalone/user-consent-options) to store with the session.
	UserConsentOptions []*UserConsentOption `json:"user_consent_options,omitempty"`
}

UserManagementLoginRequest represents a user management login request.

type UserManagementMultiFactorAuthenticationOrder 

type UserManagementMultiFactorAuthenticationOrder = ApplicationsOrder

UserManagementMultiFactorAuthenticationOrder is an alias for ApplicationsOrder.

type UserManagementOrganizationMembershipOrder 

type UserManagementOrganizationMembershipOrder = ApplicationsOrder

UserManagementOrganizationMembershipOrder is an alias for ApplicationsOrder.

type UserManagementOrganizationMembershipStatuses 

type UserManagementOrganizationMembershipStatuses = OrganizationMembershipCreatedDataStatus

UserManagementOrganizationMembershipStatuses is an alias for OrganizationMembershipCreatedDataStatus.

type UserManagementPassword 

type UserManagementPassword interface {
	// contains filtered or unexported methods
}

UserManagementPassword is one of:

  • UserManagementPasswordPlaintext
  • UserManagementPasswordHashed

type UserManagementPasswordHashed 

type UserManagementPasswordHashed struct {
	Hash     string
	HashType UpdateUserPasswordHashType
}

type UserManagementPasswordPlaintext 

type UserManagementPasswordPlaintext struct {
	Password string
}

type UserManagementResendInvitationParams 

type UserManagementResendInvitationParams struct {
	// Locale is the locale to use when rendering the invitation email. See [supported locales](https://workos.com/docs/authkit/hosted-ui/localization).
	Locale *ResendUserInviteOptionsLocale `json:"locale,omitempty"`
}

UserManagementResendInvitationParams contains the parameters for ResendInvitation.

type UserManagementResetPasswordParams 

type UserManagementResetPasswordParams struct {
	// Email is the email address of the user requesting a password reset.
	Email string `json:"email"`
}

UserManagementResetPasswordParams contains the parameters for ResetPassword.

type UserManagementRevokeSessionParams 

type UserManagementRevokeSessionParams struct {
	// SessionID is the ID of the session to revoke. This can be extracted from the `sid` claim of the access token.
	SessionID string `json:"session_id"`
	// ReturnTo is the URL to redirect the user to after session revocation.
	ReturnTo *string `json:"return_to,omitempty"`
}

UserManagementRevokeSessionParams contains the parameters for RevokeSession.

type UserManagementRole 

type UserManagementRole interface {
	// contains filtered or unexported methods
}

UserManagementRole is one of:

  • UserManagementRoleSingle
  • UserManagementRoleMultiple

type UserManagementRoleMultiple 

type UserManagementRoleMultiple struct {
	Slugs []string
}

type UserManagementRoleSingle 

type UserManagementRoleSingle struct {
	Slug string
}

type UserManagementSendEmailChangeParams 

type UserManagementSendEmailChangeParams struct {
	// NewEmail is the new email address to change to.
	NewEmail string `json:"new_email"`
}

UserManagementSendEmailChangeParams contains the parameters for SendEmailChange.

type UserManagementSendInvitationParams 

type UserManagementSendInvitationParams struct {
	// Email is the email address of the recipient.
	Email string `json:"email"`
	// OrganizationID is the ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join.
	OrganizationID *string `json:"organization_id,omitempty"`
	// RoleSlug is the [role](https://workos.com/docs/authkit/roles) that the recipient will receive when they join the organization in the invitation.
	RoleSlug *string `json:"role_slug,omitempty"`
	// ExpiresInDays is how many days the invitations will be valid for. Must be between 1 and 30 days. Defaults to 7 days if not specified.
	ExpiresInDays *int `json:"expires_in_days,omitempty"`
	// InviterUserID is the ID of the [user](https://workos.com/docs/reference/authkit/user) who invites the recipient. The invitation email will mention the name of this user.
	InviterUserID *string `json:"inviter_user_id,omitempty"`
	// Locale is the locale to use when rendering the invitation email. See [supported locales](https://workos.com/docs/authkit/hosted-ui/localization).
	Locale *CreateUserInviteOptionsLocale `json:"locale,omitempty"`
}

UserManagementSendInvitationParams contains the parameters for SendInvitation.

type UserManagementService 

type UserManagementService struct {
	// contains filtered or unexported fields
}

UserManagementService handles UserManagement operations.

func (*UserManagementService) AcceptInvitation 

func (s *UserManagementService) AcceptInvitation(ctx context.Context, id string, opts ...RequestOption) (*Invitation, error)

AcceptInvitation accept an invitation Accepts an invitation and, if linked to an organization, activates the user's membership in that organization.

func (*UserManagementService) AuthenticateWithCode 

func (s *UserManagementService) AuthenticateWithCode(ctx context.Context, params *UserManagementAuthenticateWithCodeParams, opts ...RequestOption) (*AuthenticateResponse, error)

AuthenticateWithCode Authenticate with code.

func (*UserManagementService) AuthenticateWithDeviceCode 

func (s *UserManagementService) AuthenticateWithDeviceCode(ctx context.Context, params *UserManagementAuthenticateWithDeviceCodeParams, opts ...RequestOption) (*AuthenticateResponse, error)

AuthenticateWithDeviceCode Authenticate with device code.

func (*UserManagementService) AuthenticateWithEmailVerification 

func (s *UserManagementService) AuthenticateWithEmailVerification(ctx context.Context, params *UserManagementAuthenticateWithEmailVerificationParams, opts ...RequestOption) (*AuthenticateResponse, error)

AuthenticateWithEmailVerification Authenticate with email verification.

func (*UserManagementService) AuthenticateWithMagicAuth 

func (s *UserManagementService) AuthenticateWithMagicAuth(ctx context.Context, params *UserManagementAuthenticateWithMagicAuthParams, opts ...RequestOption) (*AuthenticateResponse, error)

AuthenticateWithMagicAuth Authenticate with magic auth.

func (*UserManagementService) AuthenticateWithOrganizationSelection 

func (s *UserManagementService) AuthenticateWithOrganizationSelection(ctx context.Context, params *UserManagementAuthenticateWithOrganizationSelectionParams, opts ...RequestOption) (*AuthenticateResponse, error)

AuthenticateWithOrganizationSelection Authenticate with organization selection.

func (*UserManagementService) AuthenticateWithPassword 

func (s *UserManagementService) AuthenticateWithPassword(ctx context.Context, params *UserManagementAuthenticateWithPasswordParams, opts ...RequestOption) (*AuthenticateResponse, error)

AuthenticateWithPassword Authenticate with password.

func (*UserManagementService) AuthenticateWithRefreshToken 

func (s *UserManagementService) AuthenticateWithRefreshToken(ctx context.Context, params *UserManagementAuthenticateWithRefreshTokenParams, opts ...RequestOption) (*AuthenticateResponse, error)

AuthenticateWithRefreshToken Authenticate with refresh token.

func (*UserManagementService) AuthenticateWithTOTP 

func (s *UserManagementService) AuthenticateWithTOTP(ctx context.Context, params *UserManagementAuthenticateWithTOTPParams, opts ...RequestOption) (*AuthenticateResponse, error)

AuthenticateWithTOTP Authenticate with totp.

func (*UserManagementService) ConfirmEmailChange 

func (s *UserManagementService) ConfirmEmailChange(ctx context.Context, id string, params *UserManagementConfirmEmailChangeParams, opts ...RequestOption) (*EmailChangeConfirmation, error)

ConfirmEmailChange Confirms an email change using the one-time code received by the user.

func (*UserManagementService) ConfirmPasswordReset 

func (s *UserManagementService) ConfirmPasswordReset(ctx context.Context, params *UserManagementConfirmPasswordResetParams, opts ...RequestOption) (*ResetPasswordResponse, error)

ConfirmPasswordReset reset the password Sets a new password using the `token` query parameter from the link that the user received. Successfully resetting the password will verify a user's email, if it hasn't been verified yet.

func (*UserManagementService) Create 

func (s *UserManagementService) Create(ctx context.Context, params *UserManagementCreateParams, opts ...RequestOption) (*User, error)

Create a user Create a new user in the current environment.

func (*UserManagementService) CreateCORSOrigin 

func (s *UserManagementService) CreateCORSOrigin(ctx context.Context, params *UserManagementCreateCORSOriginParams, opts ...RequestOption) (*CORSOriginResponse, error)

CreateCORSOrigin create a CORS origin Creates a new CORS origin for the current environment. CORS origins allow browser-based applications to make requests to the WorkOS API.

func (*UserManagementService) CreateDevice 

func (s *UserManagementService) CreateDevice(ctx context.Context, params *UserManagementCreateDeviceParams, opts ...RequestOption) (*DeviceAuthorizationResponse, error)

CreateDevice get device authorization URL Initiates the CLI Auth flow by requesting a device code and verification URLs. This endpoint implements the OAuth 2.0 Device Authorization Flow ([RFC 8628](https://datatracker.ietf.org/doc/html/rfc8628)) and is designed for command-line applications or other devices with limited input capabilities.

func (*UserManagementService) CreateMagicAuth 

func (s *UserManagementService) CreateMagicAuth(ctx context.Context, params *UserManagementCreateMagicAuthParams, opts ...RequestOption) (*MagicAuth, error)

CreateMagicAuth create a Magic Auth code Creates a one-time authentication code that can be sent to the user's email address. The code expires in 10 minutes. To verify the code, [authenticate the user with Magic Auth](https://workos.com/docs/reference/authkit/authentication/magic-auth).

func (*UserManagementService) CreateOrganizationMembership 

func (s *UserManagementService) CreateOrganizationMembership(ctx context.Context, params *UserManagementCreateOrganizationMembershipParams, opts ...RequestOption) (*OrganizationMembership, error)

CreateOrganizationMembership create an organization membership Creates a new `active` organization membership for the given organization and user. Calling this API with an organization and user that match an `inactive` organization membership will activate the membership with the specified role(s).

func (*UserManagementService) CreateRedirectURI 

func (s *UserManagementService) CreateRedirectURI(ctx context.Context, params *UserManagementCreateRedirectURIParams, opts ...RequestOption) (*RedirectURI, error)

CreateRedirectURI create a redirect URI Creates a new redirect URI for an environment.

func (*UserManagementService) DeactivateOrganizationMembership 

func (s *UserManagementService) DeactivateOrganizationMembership(ctx context.Context, id string, opts ...RequestOption) (*OrganizationMembership, error)

DeactivateOrganizationMembership deactivate an organization membership Deactivates an `active` organization membership. Emits an [organization_membership.updated](https://workos.com/docs/events/organization-membership) event upon successful deactivation. - Deactivating an `inactive` membership is a no-op and does not emit an event. - Deactivating a `pending` membership returns an error. This membership should be [deleted](https://workos.com/docs/reference/authkit/organization-membership/delete) instead. See the [membership management documentation](https://workos.com/docs/authkit/users-organizations/organizations/membership-management) for additional details.

func (*UserManagementService) Delete 

func (s *UserManagementService) Delete(ctx context.Context, id string, opts ...RequestOption) error

Delete a user Permanently deletes a user in the current environment. It cannot be undone.

func (*UserManagementService) DeleteAuthorizedApplication 

func (s *UserManagementService) DeleteAuthorizedApplication(ctx context.Context, userID string, applicationID string, opts ...RequestOption) error

DeleteAuthorizedApplication delete an authorized application Delete an existing Authorized Connect Application.

func (*UserManagementService) DeleteOrganizationMembership 

func (s *UserManagementService) DeleteOrganizationMembership(ctx context.Context, id string, opts ...RequestOption) error

DeleteOrganizationMembership delete an organization membership Permanently deletes an existing organization membership. It cannot be undone.

func (*UserManagementService) FindInvitationByToken 

func (s *UserManagementService) FindInvitationByToken(ctx context.Context, token string, opts ...RequestOption) (*UserInvite, error)

FindInvitationByToken find an invitation by token Retrieve an existing invitation using the token.

func (*UserManagementService) Get 

func (s *UserManagementService) Get(ctx context.Context, id string, opts ...RequestOption) (*User, error)

Get a user Get the details of an existing user.

func (*UserManagementService) GetAuthorizationURL 

func (s *UserManagementService) GetAuthorizationURL(params *UserManagementGetAuthorizationURLParams, opts ...RequestOption) string

GetAuthorizationURL get an authorization URL Generates an OAuth 2.0 authorization URL to authenticate a user with AuthKit or SSO.

func (*UserManagementService) GetByExternalID 

func (s *UserManagementService) GetByExternalID(ctx context.Context, externalID string, opts ...RequestOption) (*User, error)

GetByExternalID get a user by external ID Get the details of an existing user by an [external identifier](https://workos.com/docs/authkit/metadata/external-identifiers).

func (*UserManagementService) GetEmailVerification 

func (s *UserManagementService) GetEmailVerification(ctx context.Context, id string, opts ...RequestOption) (*EmailVerification, error)

GetEmailVerification get an email verification code Get the details of an existing email verification code that can be used to send an email to a user for verification.

func (*UserManagementService) GetIdentities 

func (s *UserManagementService) GetIdentities(ctx context.Context, id string, opts ...RequestOption) ([]UserIdentitiesGetItem, error)

GetIdentities get user identities Get a list of identities associated with the user. A user can have multiple associated identities after going through [identity linking](https://workos.com/docs/authkit/identity-linking). Currently only OAuth identities are supported. More provider types may be added in the future.

func (*UserManagementService) GetInvitation 

func (s *UserManagementService) GetInvitation(ctx context.Context, id string, opts ...RequestOption) (*UserInvite, error)

GetInvitation get an invitation Get the details of an existing invitation.

func (*UserManagementService) GetJWKS 

func (s *UserManagementService) GetJWKS(ctx context.Context, clientID string, opts ...RequestOption) (*JWKSResponse, error)

GetJWKS Returns the JSON Web Key Set (JWKS) containing the public keys used for verifying access tokens.

func (*UserManagementService) GetLogoutURL 

func (s *UserManagementService) GetLogoutURL(params *UserManagementGetLogoutURLParams, opts ...RequestOption) string

GetLogoutURL logout Logout a user from the current [session](https://workos.com/docs/reference/authkit/session).

func (*UserManagementService) GetMagicAuth 

func (s *UserManagementService) GetMagicAuth(ctx context.Context, id string, opts ...RequestOption) (*MagicAuth, error)

GetMagicAuth code details Get the details of an existing [Magic Auth](https://workos.com/docs/reference/authkit/magic-auth) code that can be used to send an email to a user for authentication.

func (*UserManagementService) GetOrganizationMembership 

func (s *UserManagementService) GetOrganizationMembership(ctx context.Context, id string, opts ...RequestOption) (*UserOrganizationMembership, error)

GetOrganizationMembership get an organization membership Get the details of an existing organization membership.

func (*UserManagementService) GetPasswordReset 

func (s *UserManagementService) GetPasswordReset(ctx context.Context, id string, opts ...RequestOption) (*PasswordReset, error)

GetPasswordReset get a password reset token Get the details of an existing password reset token that can be used to reset a user's password.

func (*UserManagementService) List 

func (s *UserManagementService) List(ctx context.Context, params *UserManagementListParams, opts ...RequestOption) *Iterator[User]

List users Get a list of all of your existing users matching the criteria specified.

func (*UserManagementService) ListAuthorizedApplications 

func (s *UserManagementService) ListAuthorizedApplications(ctx context.Context, userID string, params *UserManagementListAuthorizedApplicationsParams, opts ...RequestOption) *Iterator[AuthorizedConnectApplicationListData]

ListAuthorizedApplications Get a list of all Connect applications that the user has authorized.

func (*UserManagementService) ListInvitations 

func (s *UserManagementService) ListInvitations(ctx context.Context, params *UserManagementListInvitationsParams, opts ...RequestOption) *Iterator[UserInvite]

ListInvitations Get a list of all of invitations matching the criteria specified.

func (*UserManagementService) ListOrganizationMemberships 

func (s *UserManagementService) ListOrganizationMemberships(ctx context.Context, params *UserManagementListOrganizationMembershipsParams, opts ...RequestOption) *Iterator[UserOrganizationMembership]

ListOrganizationMemberships Get a list of all organization memberships matching the criteria specified. At least one of `user_id` or `organization_id` must be provided. By default only active memberships are returned. Use the `statuses` parameter to filter by other statuses.

func (*UserManagementService) ListSessions 

func (s *UserManagementService) ListSessions(ctx context.Context, id string, params *UserManagementListSessionsParams, opts ...RequestOption) *Iterator[UserSessionsListItem]

ListSessions Get a list of all active sessions for a specific user.

func (*UserManagementService) ReactivateOrganizationMembership 

func (s *UserManagementService) ReactivateOrganizationMembership(ctx context.Context, id string, opts ...RequestOption) (*UserOrganizationMembership, error)

ReactivateOrganizationMembership reactivate an organization membership Reactivates an `inactive` organization membership, retaining the pre-existing role(s). Emits an [organization_membership.updated](https://workos.com/docs/events/organization-membership) event upon successful reactivation. - Reactivating an `active` membership is a no-op and does not emit an event. - Reactivating a `pending` membership returns an error. The user needs to [accept the invitation](https://workos.com/docs/authkit/invitations) instead. See the [membership management documentation](https://workos.com/docs/authkit/users-organizations/organizations/membership-management) for additional details.

func (*UserManagementService) ResendInvitation 

func (s *UserManagementService) ResendInvitation(ctx context.Context, id string, params *UserManagementResendInvitationParams, opts ...RequestOption) (*UserInvite, error)

ResendInvitation resend an invitation Resends an invitation email to the recipient. The invitation must be in a pending state.

func (*UserManagementService) ResetPassword 

func (s *UserManagementService) ResetPassword(ctx context.Context, params *UserManagementResetPasswordParams, opts ...RequestOption) (*PasswordReset, error)

ResetPassword create a password reset token Creates a one-time token that can be used to reset a user's password.

func (*UserManagementService) RevokeInvitation 

func (s *UserManagementService) RevokeInvitation(ctx context.Context, id string, opts ...RequestOption) (*Invitation, error)

RevokeInvitation revoke an invitation Revokes an existing invitation.

func (*UserManagementService) RevokeSession 

func (s *UserManagementService) RevokeSession(ctx context.Context, params *UserManagementRevokeSessionParams, opts ...RequestOption) error

RevokeSession Revoke a [user session](https://workos.com/docs/reference/authkit/session).

func (*UserManagementService) SendEmailChange 

func (s *UserManagementService) SendEmailChange(ctx context.Context, id string, params *UserManagementSendEmailChangeParams, opts ...RequestOption) (*EmailChange, error)

SendEmailChange code Sends an email that contains a one-time code used to change a user's email address.

func (*UserManagementService) SendInvitation 

func (s *UserManagementService) SendInvitation(ctx context.Context, params *UserManagementSendInvitationParams, opts ...RequestOption) (*UserInvite, error)

SendInvitation send an invitation Sends an invitation email to the recipient.

func (*UserManagementService) SendVerificationEmail 

func (s *UserManagementService) SendVerificationEmail(ctx context.Context, id string, opts ...RequestOption) (*SendVerificationEmailResponse, error)

SendVerificationEmail Sends an email that contains a one-time code used to verify a user’s email address.

func (*UserManagementService) Update 

func (s *UserManagementService) Update(ctx context.Context, id string, params *UserManagementUpdateParams, opts ...RequestOption) (*User, error)

Update a user Updates properties of a user. The omitted properties will be left unchanged.

func (*UserManagementService) UpdateJWTTemplate 

func (s *UserManagementService) UpdateJWTTemplate(ctx context.Context, params *UserManagementUpdateJWTTemplateParams, opts ...RequestOption) (*JWTTemplateResponse, error)

UpdateJWTTemplate update JWT template Update the JWT template for the current environment.

func (*UserManagementService) UpdateOrganizationMembership 

func (s *UserManagementService) UpdateOrganizationMembership(ctx context.Context, id string, params *UserManagementUpdateOrganizationMembershipParams, opts ...RequestOption) (*UserOrganizationMembership, error)

UpdateOrganizationMembership update an organization membership Update the details of an existing organization membership.

func (*UserManagementService) VerifyEmail 

func (s *UserManagementService) VerifyEmail(ctx context.Context, id string, params *UserManagementVerifyEmailParams, opts ...RequestOption) (*VerifyEmailResponse, error)

VerifyEmail Verifies an email address using the one-time code received by the user.

type UserManagementUpdateJWTTemplateParams 

type UserManagementUpdateJWTTemplateParams struct {
	// Content is the JWT template content as a Liquid template string.
	Content string `json:"content"`
}

UserManagementUpdateJWTTemplateParams contains the parameters for UpdateJWTTemplate.

type UserManagementUpdateOrganizationMembershipParams 

type UserManagementUpdateOrganizationMembershipParams struct {
	// Role optionally identifies the role.
	Role UserManagementRole `url:"-" json:"-"`
}

UserManagementUpdateOrganizationMembershipParams contains the parameters for UpdateOrganizationMembership.

func (UserManagementUpdateOrganizationMembershipParams) MarshalJSON 

func (p UserManagementUpdateOrganizationMembershipParams) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for UserManagementUpdateOrganizationMembershipParams.

type UserManagementUpdateParams 

type UserManagementUpdateParams struct {
	// Email is the email address of the user.
	Email *string `json:"email,omitempty"`
	// FirstName is the first name of the user.
	FirstName *string `json:"first_name,omitempty"`
	// LastName is the last name of the user.
	LastName *string `json:"last_name,omitempty"`
	// EmailVerified is whether the user's email has been verified.
	EmailVerified *bool `json:"email_verified,omitempty"`
	// Metadata is object containing metadata key/value pairs associated with the user.
	Metadata map[string]string `json:"metadata,omitempty"`
	// ExternalID is the external ID of the user.
	ExternalID *string `json:"external_id,omitempty"`
	// Locale is the user's preferred locale.
	Locale *string `json:"locale,omitempty"`
	// Password optionally identifies the password.
	Password UserManagementPassword `url:"-" json:"-"`
}

UserManagementUpdateParams contains the parameters for Update.

func (UserManagementUpdateParams) MarshalJSON 

func (p UserManagementUpdateParams) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for UserManagementUpdateParams.

type UserManagementUsersAuthorizedApplicationsOrder 

type UserManagementUsersAuthorizedApplicationsOrder = ApplicationsOrder

UserManagementUsersAuthorizedApplicationsOrder is an alias for ApplicationsOrder.

type UserManagementUsersFeatureFlagsOrder 

type UserManagementUsersFeatureFlagsOrder = ApplicationsOrder

UserManagementUsersFeatureFlagsOrder is an alias for ApplicationsOrder.

type UserManagementUsersOrder 

type UserManagementUsersOrder = ApplicationsOrder

UserManagementUsersOrder is an alias for ApplicationsOrder.

type UserManagementVerifyEmailParams 

type UserManagementVerifyEmailParams struct {
	// Code is the one-time email verification code.
	Code string `json:"code"`
}

UserManagementVerifyEmailParams contains the parameters for VerifyEmail.

type UserObject 

type UserObject struct {
	// ID is your application's user identifier, which will be stored as an [`external_id`](https://workos.com/docs/authkit/metadata/external-identifiers). Used for upserting and deduplication.
	ID string `json:"id"`
	// Email is the user's email address.
	Email string `json:"email"`
	// FirstName is the user's first name.
	FirstName *string `json:"first_name,omitempty"`
	// LastName is the user's last name.
	LastName *string `json:"last_name,omitempty"`
	// Metadata is a set of key-value pairs to attach to the user.
	Metadata map[string]string `json:"metadata,omitempty"`
}

UserObject represents a user object.

type UserOrganizationMembership 

type UserOrganizationMembership struct {
	// Object distinguishes the organization membership object.
	Object string `json:"object"`
	// ID is the unique ID of the organization membership.
	ID string `json:"id"`
	// UserID is the ID of the user.
	UserID string `json:"user_id"`
	// OrganizationID is the ID of the organization which the user belongs to.
	OrganizationID string `json:"organization_id"`
	// Status is the status of the organization membership. One of `active`, `inactive`, or `pending`.
	Status UserOrganizationMembershipStatus `json:"status"`
	// DirectoryManaged is whether this organization membership is managed by a directory sync connection.
	DirectoryManaged bool `json:"directory_managed"`
	// OrganizationName is the name of the organization which the user belongs to.
	OrganizationName *string `json:"organization_name,omitempty"`
	// CustomAttributes is an object containing IdP-sourced attributes from the linked [Directory User](https://workos.com/docs/reference/directory-sync/directory-user) or [SSO Profile](https://workos.com/docs/reference/sso/profile). Directory User attributes take precedence when both are linked.
	CustomAttributes map[string]interface{} `json:"custom_attributes,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
	// Role is the primary role assigned to the user within the organization.
	Role *SlimRole `json:"role"`
}

UserOrganizationMembership represents a user organization membership.

type UserOrganizationMembershipBaseListData 

type UserOrganizationMembershipBaseListData struct {
	// Object distinguishes the organization membership object.
	Object string `json:"object"`
	// ID is the unique ID of the organization membership.
	ID string `json:"id"`
	// UserID is the ID of the user.
	UserID string `json:"user_id"`
	// OrganizationID is the ID of the organization which the user belongs to.
	OrganizationID string `json:"organization_id"`
	// Status is the status of the organization membership. One of `active`, `inactive`, or `pending`.
	Status UserOrganizationMembershipBaseListDataStatus `json:"status"`
	// DirectoryManaged is whether this organization membership is managed by a directory sync connection.
	DirectoryManaged bool `json:"directory_managed"`
	// OrganizationName is the name of the organization which the user belongs to.
	OrganizationName *string `json:"organization_name,omitempty"`
	// CustomAttributes is an object containing IdP-sourced attributes from the linked [Directory User](https://workos.com/docs/reference/directory-sync/directory-user) or [SSO Profile](https://workos.com/docs/reference/sso/profile). Directory User attributes take precedence when both are linked.
	CustomAttributes map[string]interface{} `json:"custom_attributes,omitempty"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

UserOrganizationMembershipBaseListData represents a user organization membership base list data.

type UserOrganizationMembershipBaseListDataStatus 

type UserOrganizationMembershipBaseListDataStatus = OrganizationMembershipCreatedDataStatus

UserOrganizationMembershipBaseListDataStatus is an alias for OrganizationMembershipCreatedDataStatus.

type UserOrganizationMembershipStatus 

type UserOrganizationMembershipStatus = OrganizationMembershipCreatedDataStatus

UserOrganizationMembershipStatus is an alias for OrganizationMembershipCreatedDataStatus.

type UserSessionsAuthMethod 

type UserSessionsAuthMethod = SessionCreatedDataAuthMethod

UserSessionsAuthMethod is an alias for SessionCreatedDataAuthMethod.

type UserSessionsImpersonator 

type UserSessionsImpersonator = AuthenticateResponseImpersonator

UserSessionsImpersonator is an alias for AuthenticateResponseImpersonator.

type UserSessionsListItem 

type UserSessionsListItem struct {
	// Object distinguishes the session object.
	Object string `json:"object"`
	// ID is the unique ID of the session.
	ID string `json:"id"`
	// Impersonator is information about the impersonator if this session was created via impersonation.
	Impersonator *UserSessionsImpersonator `json:"impersonator,omitempty"`
	// IPAddress is the IP address from which the session was created.
	IPAddress *string `json:"ip_address"`
	// OrganizationID is the ID of the organization this session is associated with.
	OrganizationID *string `json:"organization_id,omitempty"`
	// UserAgent is the user agent string from the device that created the session.
	UserAgent *string `json:"user_agent"`
	// UserID is the ID of the user this session belongs to.
	UserID string `json:"user_id"`
	// AuthMethod is the authentication method used to create this session.
	AuthMethod UserSessionsAuthMethod `json:"auth_method"`
	// Status is the current status of the session.
	Status UserSessionsStatus `json:"status"`
	// ExpiresAt is the timestamp when the session expires.
	ExpiresAt string `json:"expires_at"`
	// EndedAt is the timestamp when the session ended.
	EndedAt *string `json:"ended_at"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

UserSessionsListItem represents a user sessions list item.

type UserSessionsStatus 

type UserSessionsStatus = SessionCreatedDataStatus

UserSessionsStatus is an alias for SessionCreatedDataStatus.

type UserUpdated 

type UserUpdated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *User `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

UserUpdated represents a user updated.

type ValidateAPIKey 

type ValidateAPIKey struct {
	// Value is the value for an API key.
	Value string `json:"value"`
}

ValidateAPIKey represents a validate api key.

type VaultByokKeyVerificationCompleted 

type VaultByokKeyVerificationCompleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *VaultByokKeyVerificationCompletedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

VaultByokKeyVerificationCompleted represents a vault byok key verification completed.

type VaultByokKeyVerificationCompletedData 

type VaultByokKeyVerificationCompletedData struct {
	// OrganizationID is the unique identifier of the organization.
	OrganizationID string `json:"organization_id"`
	// KeyProvider is the external key provider used for BYOK.
	KeyProvider VaultByokKeyVerificationCompletedDataKeyProvider `json:"key_provider"`
	// Verified is whether the BYOK key verification completed successfully.
	Verified bool `json:"verified"`
}

VaultByokKeyVerificationCompletedData the event payload.

type VaultByokKeyVerificationCompletedDataKeyProvider 

type VaultByokKeyVerificationCompletedDataKeyProvider string

VaultByokKeyVerificationCompletedDataKeyProvider represents vault byok key verification completed data key provider values. 

const (
	VaultByokKeyVerificationCompletedDataKeyProviderAwsKms        VaultByokKeyVerificationCompletedDataKeyProvider = "AWS_KMS"
	VaultByokKeyVerificationCompletedDataKeyProviderGcpKms        VaultByokKeyVerificationCompletedDataKeyProvider = "GCP_KMS"
	VaultByokKeyVerificationCompletedDataKeyProviderAzureKeyVault VaultByokKeyVerificationCompletedDataKeyProvider = "AZURE_KEY_VAULT"
)

type VaultCreateDataKeyParams 

type VaultCreateDataKeyParams struct {
	Context KeyContext `json:"context"`
}

VaultCreateDataKeyParams contains the parameters for CreateDataKey.

type VaultCreateObjectParams 

type VaultCreateObjectParams struct {
	Name        string      `json:"name"`
	Value       string      `json:"value"`
	KeyContext  *KeyContext `json:"key_context,omitempty"`
	Description *string     `json:"description,omitempty"`
}

VaultCreateObjectParams contains the parameters for CreateObject.

type VaultDataCreated 

type VaultDataCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *VaultDataCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

VaultDataCreated represents a vault data created.

type VaultDataCreatedData 

type VaultDataCreatedData struct {
	// ActorID is the unique identifier of the actor.
	ActorID     string                          `json:"actor_id"`
	ActorSource VaultDataCreatedDataActorSource `json:"actor_source"`
	// ActorName is the name of the actor.
	ActorName string `json:"actor_name"`
	// KvName is the name of the key-value store.
	KvName string `json:"kv_name"`
	// KeyID is the unique identifier of the encryption key.
	KeyID      string            `json:"key_id"`
	KeyContext map[string]string `json:"key_context"`
}

VaultDataCreatedData the event payload.

type VaultDataCreatedDataActorSource 

type VaultDataCreatedDataActorSource string

VaultDataCreatedDataActorSource represents vault data created data actor source values. 

const (
	VaultDataCreatedDataActorSourceAPI       VaultDataCreatedDataActorSource = "api"
	VaultDataCreatedDataActorSourceDashboard VaultDataCreatedDataActorSource = "dashboard"
)

type VaultDataDeleted 

type VaultDataDeleted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *VaultDataDeletedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

VaultDataDeleted represents a vault data deleted.

type VaultDataDeletedData 

type VaultDataDeletedData struct {
	// ActorID is the unique identifier of the actor.
	ActorID     string                          `json:"actor_id"`
	ActorSource VaultDataDeletedDataActorSource `json:"actor_source"`
	// ActorName is the name of the actor.
	ActorName string `json:"actor_name"`
	// KvName is the name of the key-value store.
	KvName string `json:"kv_name"`
}

VaultDataDeletedData the event payload.

type VaultDataDeletedDataActorSource 

type VaultDataDeletedDataActorSource = VaultDataCreatedDataActorSource

VaultDataDeletedDataActorSource is an alias for VaultDataCreatedDataActorSource.

type VaultDataRead 

type VaultDataRead struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *VaultDataReadData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

VaultDataRead represents a vault data read.

type VaultDataReadData 

type VaultDataReadData struct {
	// ActorID is the unique identifier of the actor.
	ActorID     string                       `json:"actor_id"`
	ActorSource VaultDataReadDataActorSource `json:"actor_source"`
	// ActorName is the name of the actor.
	ActorName string `json:"actor_name"`
	// KvName is the name of the key-value store.
	KvName string `json:"kv_name"`
	// KeyID is the unique identifier of the encryption key.
	KeyID string `json:"key_id"`
}

VaultDataReadData the event payload.

type VaultDataReadDataActorSource 

type VaultDataReadDataActorSource = VaultDataCreatedDataActorSource

VaultDataReadDataActorSource is an alias for VaultDataCreatedDataActorSource.

type VaultDataUpdated 

type VaultDataUpdated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *VaultDataUpdatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

VaultDataUpdated represents a vault data updated.

type VaultDataUpdatedData 

type VaultDataUpdatedData struct {
	// ActorID is the unique identifier of the actor.
	ActorID     string                          `json:"actor_id"`
	ActorSource VaultDataUpdatedDataActorSource `json:"actor_source"`
	// ActorName is the name of the actor.
	ActorName string `json:"actor_name"`
	// KvName is the name of the key-value store.
	KvName string `json:"kv_name"`
	// KeyID is the unique identifier of the encryption key.
	KeyID      string            `json:"key_id"`
	KeyContext map[string]string `json:"key_context"`
}

VaultDataUpdatedData the event payload.

type VaultDataUpdatedDataActorSource 

type VaultDataUpdatedDataActorSource = VaultDataCreatedDataActorSource

VaultDataUpdatedDataActorSource is an alias for VaultDataCreatedDataActorSource.

type VaultDecryptDataKeyParams 

type VaultDecryptDataKeyParams struct {
	Context       KeyContext `json:"context"`
	EncryptedKeys string     `json:"encrypted_keys"`
}

VaultDecryptDataKeyParams contains the parameters for DecryptDataKey.

type VaultDekDecrypted 

type VaultDekDecrypted struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *VaultDekDecryptedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

VaultDekDecrypted represents a vault dek decrypted.

type VaultDekDecryptedData 

type VaultDekDecryptedData struct {
	// ActorID is the unique identifier of the actor.
	ActorID     string                           `json:"actor_id"`
	ActorSource VaultDekDecryptedDataActorSource `json:"actor_source"`
	// ActorName is the name of the actor.
	ActorName string `json:"actor_name"`
	// KeyID is the unique identifier of the data encryption key.
	KeyID string `json:"key_id"`
}

VaultDekDecryptedData the event payload.

type VaultDekDecryptedDataActorSource 

type VaultDekDecryptedDataActorSource = VaultDataCreatedDataActorSource

VaultDekDecryptedDataActorSource is an alias for VaultDataCreatedDataActorSource.

type VaultDekRead 

type VaultDekRead struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *VaultDekReadData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

VaultDekRead represents a vault dek read.

type VaultDekReadData 

type VaultDekReadData struct {
	// ActorID is the unique identifier of the actor.
	ActorID     string                      `json:"actor_id"`
	ActorSource VaultDekReadDataActorSource `json:"actor_source"`
	// ActorName is the name of the actor.
	ActorName string `json:"actor_name"`
	// KeyIDs is the unique identifiers of the data encryption keys.
	KeyIDs     []string          `json:"key_ids"`
	KeyContext map[string]string `json:"key_context"`
}

VaultDekReadData the event payload.

type VaultDekReadDataActorSource 

type VaultDekReadDataActorSource = VaultDataCreatedDataActorSource

VaultDekReadDataActorSource is an alias for VaultDataCreatedDataActorSource.

type VaultEncryptResult 

type VaultEncryptResult struct {
	// EncryptedData is the base64-encoded ciphertext (LEB128 header + encrypted keys + nonce + AES-GCM output).
	EncryptedData string
	// KeyContext is the encryption key context used for this operation.
	KeyContext KeyContext
	// EncryptedKeys is the base64-encoded encrypted key blob for later decryption via the API.
	EncryptedKeys string
}

VaultEncryptResult is the result of a Vault.Encrypt call.

type VaultKekCreated 

type VaultKekCreated struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *VaultKekCreatedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

VaultKekCreated represents a vault kek created.

type VaultKekCreatedData 

type VaultKekCreatedData struct {
	// ActorID is the unique identifier of the actor.
	ActorID     string                         `json:"actor_id"`
	ActorSource VaultKekCreatedDataActorSource `json:"actor_source"`
	// ActorName is the name of the actor.
	ActorName string `json:"actor_name"`
	// KeyName is the name of the key encryption key.
	KeyName string `json:"key_name"`
	// KeyID is the unique identifier of the key encryption key.
	KeyID string `json:"key_id"`
}

VaultKekCreatedData the event payload.

type VaultKekCreatedDataActorSource 

type VaultKekCreatedDataActorSource = VaultDataCreatedDataActorSource

VaultKekCreatedDataActorSource is an alias for VaultDataCreatedDataActorSource.

type VaultListObjectVersionsResponse 

type VaultListObjectVersionsResponse struct {
	Data []VaultObjectVersion `json:"data"`
}

VaultListObjectVersionsResponse is the response from ListObjectVersions.

type VaultListObjectsParams 

type VaultListObjectsParams struct {
	IncludeValues *bool `url:"include_values,omitempty" json:"-"`
}

VaultListObjectsParams contains the parameters for ListObjects.

type VaultListObjectsResponse 

type VaultListObjectsResponse struct {
	Data []VaultObjectDigest `json:"data"`
}

VaultListObjectsResponse is the response from ListObjects.

type VaultMetadataRead 

type VaultMetadataRead struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *VaultMetadataReadData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

VaultMetadataRead represents a vault metadata read.

type VaultMetadataReadData 

type VaultMetadataReadData struct {
	// ActorID is the unique identifier of the actor.
	ActorID     string                           `json:"actor_id"`
	ActorSource VaultMetadataReadDataActorSource `json:"actor_source"`
	// ActorName is the name of the actor.
	ActorName string `json:"actor_name"`
	// KvName is the name of the key-value store.
	KvName string `json:"kv_name"`
}

VaultMetadataReadData the event payload.

type VaultMetadataReadDataActorSource 

type VaultMetadataReadDataActorSource = VaultDataCreatedDataActorSource

VaultMetadataReadDataActorSource is an alias for VaultDataCreatedDataActorSource.

type VaultNamesListed 

type VaultNamesListed struct {
	// ID is unique identifier for the event.
	ID    string `json:"id"`
	Event string `json:"event"`
	// Data is the event payload.
	Data *VaultNamesListedData `json:"data"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string        `json:"created_at"`
	Context   *EventContext `json:"context,omitempty"`
	// Object distinguishes the Event object.
	Object string `json:"object"`
}

VaultNamesListed represents a vault names listed.

type VaultNamesListedData 

type VaultNamesListedData struct {
	// ActorID is the unique identifier of the actor.
	ActorID     string                          `json:"actor_id"`
	ActorSource VaultNamesListedDataActorSource `json:"actor_source"`
	// ActorName is the name of the actor.
	ActorName string `json:"actor_name"`
}

VaultNamesListedData the event payload.

type VaultNamesListedDataActorSource 

type VaultNamesListedDataActorSource = VaultDataCreatedDataActorSource

VaultNamesListedDataActorSource is an alias for VaultDataCreatedDataActorSource.

type VaultObject 

type VaultObject struct {
	ID       string          `json:"id"`
	Metadata *ObjectMetadata `json:"metadata,omitempty"`
	Name     string          `json:"name"`
	Value    *string         `json:"value,omitempty"`
}

VaultObject represents a vault key-value object.

type VaultObjectDigest 

type VaultObjectDigest struct {
	ID            string  `json:"id"`
	Name          string  `json:"name"`
	EnvironmentID string  `json:"environment_id"`
	UpdatedAt     string  `json:"updated_at"`
	VersionID     *string `json:"version_id,omitempty"`
}

VaultObjectDigest is a summary representation of a vault object.

type VaultObjectVersion 

type VaultObjectVersion struct {
	VersionID string `json:"version_id"`
	UpdatedAt string `json:"updated_at"`
	UpdatedBy string `json:"updated_by"`
}

VaultObjectVersion represents a specific version of a vault object.

type VaultService 

type VaultService struct {
	// contains filtered or unexported fields
}

VaultService handles Vault operations.

func (*VaultService) CreateDataKey 

func (s *VaultService) CreateDataKey(ctx context.Context, params *VaultCreateDataKeyParams, opts ...RequestOption) (*DataKeyPair, error)

CreateDataKey creates a new data key pair (POST /vault/v1/keys/data-key).

func (*VaultService) CreateObject 

func (s *VaultService) CreateObject(ctx context.Context, params *VaultCreateObjectParams, opts ...RequestOption) (*ObjectMetadata, error)

CreateObject creates a new vault object (POST /vault/v1/kv).

func (*VaultService) Decrypt 

func (s *VaultService) Decrypt(ctx context.Context, encryptedData string, associatedData string, opts ...RequestOption) (string, error)

Decrypt decrypts locally encrypted data by first decrypting the data key via the API.

func (*VaultService) DecryptDataKey 

func (s *VaultService) DecryptDataKey(ctx context.Context, params *VaultDecryptDataKeyParams, opts ...RequestOption) (*DataKey, error)

DecryptDataKey decrypts a data key (POST /vault/v1/keys/decrypt).

func (*VaultService) DeleteObject 

func (s *VaultService) DeleteObject(ctx context.Context, objectID string, opts ...RequestOption) error

DeleteObject deletes a vault object (DELETE /vault/v1/kv/{id}).

func (*VaultService) DescribeObject 

func (s *VaultService) DescribeObject(ctx context.Context, objectID string, opts ...RequestOption) (*VaultObject, error)

DescribeObject retrieves metadata for a vault object (GET /vault/v1/kv/{id}/metadata).

func (*VaultService) Encrypt 

func (s *VaultService) Encrypt(ctx context.Context, data string, keyContext KeyContext, associatedData string, opts ...RequestOption) (*VaultEncryptResult, error)

Encrypt generates a data key and encrypts data locally using AES-256-GCM.

func (*VaultService) ListObjectVersions 

func (s *VaultService) ListObjectVersions(ctx context.Context, objectID string, opts ...RequestOption) ([]VaultObjectVersion, error)

ListObjectVersions lists versions of a vault object (GET /vault/v1/kv/{id}/versions).

func (*VaultService) ListObjects 

func (s *VaultService) ListObjects(ctx context.Context, params *VaultListObjectsParams, opts ...RequestOption) (*VaultListObjectsResponse, error)

ListObjects lists vault objects (GET /vault/v1/kv).

func (*VaultService) ReadObject 

func (s *VaultService) ReadObject(ctx context.Context, objectID string, opts ...RequestOption) (*VaultObject, error)

ReadObject reads a vault object by ID (GET /vault/v1/kv/{id}).

func (*VaultService) ReadObjectByName 

func (s *VaultService) ReadObjectByName(ctx context.Context, name string, opts ...RequestOption) (*VaultObject, error)

ReadObjectByName reads a vault object by name (GET /vault/v1/kv/name/{name}).

func (*VaultService) UpdateObject 

func (s *VaultService) UpdateObject(ctx context.Context, objectID string, params *VaultUpdateObjectParams, opts ...RequestOption) (*VaultObject, error)

UpdateObject updates a vault object (PUT /vault/v1/kv/{id}).

type VaultUpdateObjectParams 

type VaultUpdateObjectParams struct {
	Value       string      `json:"value"`
	KeyContext  *KeyContext `json:"key_context,omitempty"`
	Description *string     `json:"description,omitempty"`
}

VaultUpdateObjectParams contains the parameters for UpdateObject.

type VerifyEmailAddress 

type VerifyEmailAddress = AuthenticationChallengesVerifyRequest

VerifyEmailAddress is an alias for AuthenticationChallengesVerifyRequest.

type VerifyEmailResponse 

type VerifyEmailResponse = ResetPasswordResponse

VerifyEmailResponse is an alias for ResetPasswordResponse.

type WebhookEndpointJSON 

type WebhookEndpointJSON struct {
	// Object distinguishes the Webhook Endpoint object.
	Object string `json:"object"`
	// ID is unique identifier of the Webhook Endpoint.
	ID string `json:"id"`
	// EndpointURL is the URL to which webhooks are sent.
	EndpointURL string `json:"endpoint_url"`
	// Secret is the secret used to sign webhook payloads.
	Secret string `json:"secret"`
	// Status is whether the Webhook Endpoint is enabled or disabled.
	Status WebhookEndpointJSONStatus `json:"status"`
	// Events is the events that the Webhook Endpoint is subscribed to.
	Events []string `json:"events"`
	// CreatedAt is an ISO 8601 timestamp.
	CreatedAt string `json:"created_at"`
	// UpdatedAt is an ISO 8601 timestamp.
	UpdatedAt string `json:"updated_at"`
}

WebhookEndpointJSON represents a webhook endpoint json.

type WebhookEndpointJSONStatus 

type WebhookEndpointJSONStatus = UpdateWebhookEndpointStatus

WebhookEndpointJSONStatus is an alias for UpdateWebhookEndpointStatus.

type WebhookService 

type WebhookService struct {
	// contains filtered or unexported fields
}

WebhookService handles Webhooks operations.

func (*WebhookService) CreateEndpoint 

func (s *WebhookService) CreateEndpoint(ctx context.Context, params *WebhooksCreateEndpointParams, opts ...RequestOption) (*WebhookEndpointJSON, error)

CreateEndpoint create a Webhook Endpoint Create a new webhook endpoint to receive event notifications.

func (*WebhookService) DeleteEndpoint 

func (s *WebhookService) DeleteEndpoint(ctx context.Context, id string, opts ...RequestOption) error

DeleteEndpoint delete a Webhook Endpoint Delete an existing webhook endpoint.

func (*WebhookService) ListEndpoints 

func (s *WebhookService) ListEndpoints(ctx context.Context, params *WebhooksListEndpointsParams, opts ...RequestOption) *Iterator[WebhookEndpointJSON]

ListEndpoints list Webhook Endpoints Get a list of all of your existing webhook endpoints.

func (*WebhookService) UpdateEndpoint 

func (s *WebhookService) UpdateEndpoint(ctx context.Context, id string, params *WebhooksUpdateEndpointParams, opts ...RequestOption) (*WebhookEndpointJSON, error)

UpdateEndpoint update a Webhook Endpoint Update the properties of an existing webhook endpoint.

type WebhookVerifier 

type WebhookVerifier struct {
	// contains filtered or unexported fields
}

WebhookVerifier verifies WorkOS webhook signatures.

func NewWebhookVerifier 

func NewWebhookVerifier(secret string, opts ...WebhookVerifierOption) *WebhookVerifier

NewWebhookVerifier creates a new verifier with the given secret.

func (*WebhookVerifier) ConstructEvent 

func (w *WebhookVerifier) ConstructEvent(sigHeader string, body string) (*EventSchema, error)

ConstructEvent verifies the webhook and returns the deserialized event. The returned EventSchema carries the standard envelope fields; callers can inspect Event/Data to dispatch on event type.

func (*WebhookVerifier) SetTolerance 

func (w *WebhookVerifier) SetTolerance(d time.Duration)

SetTolerance sets the maximum age tolerance for webhook timestamps.

func (*WebhookVerifier) VerifyPayload 

func (w *WebhookVerifier) VerifyPayload(sigHeader string, body string) (string, error)

VerifyPayload verifies a webhook signature header against the body and returns the verified body. The sigHeader format is "t=<timestamp>, v1=<signature>".

type WebhookVerifierOption 

type WebhookVerifierOption func(*WebhookVerifier)

WebhookVerifierOption configures a WebhookVerifier.

func WithWebhookTolerance 

func WithWebhookTolerance(d time.Duration) WebhookVerifierOption

WithWebhookTolerance sets the maximum age tolerance for webhook timestamps.

type WebhooksCreateEndpointParams 

type WebhooksCreateEndpointParams struct {
	// EndpointURL is the HTTPS URL where webhooks will be sent.
	EndpointURL string `json:"endpoint_url"`
	// Events is the events that the Webhook Endpoint is subscribed to.
	Events []CreateWebhookEndpointEvents `json:"events"`
}

WebhooksCreateEndpointParams contains the parameters for CreateEndpoint.

type WebhooksListEndpointsParams 

type WebhooksListEndpointsParams struct {
	PaginationParams
}

WebhooksListEndpointsParams contains the parameters for ListEndpoints.

type WebhooksOrder 

type WebhooksOrder = ApplicationsOrder

WebhooksOrder is an alias for ApplicationsOrder.

type WebhooksUpdateEndpointParams 

type WebhooksUpdateEndpointParams struct {
	// EndpointURL is the HTTPS URL where webhooks will be sent.
	EndpointURL *string `json:"endpoint_url,omitempty"`
	// Status is whether the Webhook Endpoint is enabled or disabled.
	Status *UpdateWebhookEndpointStatus `json:"status,omitempty"`
	// Events is the events that the Webhook Endpoint is subscribed to.
	Events []UpdateWebhookEndpointEvents `json:"events,omitempty"`
}

WebhooksUpdateEndpointParams contains the parameters for UpdateEndpoint.

type WidgetService 

type WidgetService struct {
	// contains filtered or unexported fields
}

WidgetService handles Widgets operations.

func (*WidgetService) CreateToken 

func (s *WidgetService) CreateToken(ctx context.Context, params *WidgetsCreateTokenParams, opts ...RequestOption) (*WidgetSessionTokenResponse, error)

CreateToken generate a widget token Generate a widget token scoped to an organization and user with the specified scopes.

type WidgetSessionToken 

type WidgetSessionToken struct {
	// OrganizationID is the ID of the organization to scope the widget session to.
	OrganizationID string `json:"organization_id"`
	// UserID is the ID of the user to issue the widget session token for.
	UserID *string `json:"user_id,omitempty"`
	// Scopes is the scopes to grant the widget session.
	Scopes []WidgetSessionTokenScopes `json:"scopes,omitempty"`
}

WidgetSessionToken represents a widget session token.

type WidgetSessionTokenResponse 

type WidgetSessionTokenResponse struct {
	// Token is the widget session token.
	Token string `json:"token"`
}

WidgetSessionTokenResponse represents a widget session token response.

type WidgetSessionTokenScopes 

type WidgetSessionTokenScopes string

WidgetSessionTokenScopes represents widget session token scopes values. 

const (
	WidgetSessionTokenScopesWidgetsUsersTableManage         WidgetSessionTokenScopes = "widgets:users-table:manage"
	WidgetSessionTokenScopesWidgetsDomainVerificationManage WidgetSessionTokenScopes = "widgets:domain-verification:manage"
	WidgetSessionTokenScopesWidgetsSSOManage                WidgetSessionTokenScopes = "widgets:sso:manage"
	WidgetSessionTokenScopesWidgetsAPIKeysManage            WidgetSessionTokenScopes = "widgets:api-keys:manage"
	WidgetSessionTokenScopesWidgetsDsyncManage              WidgetSessionTokenScopes = "widgets:dsync:manage"
	WidgetSessionTokenScopesWidgetsAuditLogStreamingManage  WidgetSessionTokenScopes = "widgets:audit-log-streaming:manage"
)

type WidgetsCreateTokenParams 

type WidgetsCreateTokenParams struct {
	// OrganizationID is the ID of the organization to scope the widget session to.
	OrganizationID string `json:"organization_id"`
	// UserID is the ID of the user to issue the widget session token for.
	UserID *string `json:"user_id,omitempty"`
	// Scopes is the scopes to grant the widget session.
	Scopes []WidgetSessionTokenScopes `json:"scopes,omitempty"`
}

WidgetsCreateTokenParams contains the parameters for CreateToken.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.