Skip to content

feat(generated): AdminPortal, Authorization, Webhooks, UserManagement, AuditLogs (batch 08085e9d)#683

Merged
workos-sdk-automation[bot] merged 2 commits into
mainfrom
oagen/batch-08085e9d
Jul 1, 2026
Merged

feat(generated): AdminPortal, Authorization, Webhooks, UserManagement, AuditLogs (batch 08085e9d)#683
workos-sdk-automation[bot] merged 2 commits into
mainfrom
oagen/batch-08085e9d

Conversation

@workos-sdk-automation

Copy link
Copy Markdown
Contributor

Summary

Regenerated SDK from spec changes.

Triggered by workos/openapi-spec@704603f

@workos-sdk-automation workos-sdk-automation Bot added the autogenerated Autogenerated code or content label Jul 1, 2026
@workos-sdk-automation workos-sdk-automation Bot requested review from a team as code owners July 1, 2026 18:19
@workos-sdk-automation workos-sdk-automation Bot requested a review from nicknisi July 1, 2026 18:19
@workos-sdk-automation workos-sdk-automation Bot added the autogenerated Autogenerated code or content label Jul 1, 2026

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 2 potential issues.

Open in Devin Review

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 PKCE convenience wrapper silently drops the new re-authentication age limit parameter

The new re-authentication age limit is added to the authorization URL builder (max_age at src/workos/user_management/_resource.py:462) but is never accepted or forwarded by the PKCE convenience wrapper that delegates to it, so callers using the wrapper cannot force re-authentication.
Impact: Users relying on the PKCE helper cannot request re-authentication; they must bypass the helper and build the URL manually.

Hand-maintained wrapper omits new parameter added to auto-generated method

The PR adds max_age: Optional[int] = None to both the sync get_authorization_url (src/workos/user_management/_resource.py:462) and async version (src/workos/user_management/_resource.py:2593), and correctly includes it in the URL params dict.

However, the hand-maintained get_authorization_url_with_pkce (sync at line 2097, async at line 4228) calls get_authorization_url without passing max_age. Both wrappers are inside the @oagen-ignore-start / @oagen-ignore-end block so the code generator does not update them.

Sync wrapper call at src/workos/user_management/_resource.py:2140-2155:

url = self.get_authorization_url(
    redirect_uri=redirect_uri,
    code_challenge=pair.code_challenge,
    code_challenge_method="S256",
    state=state,
    provider=provider,
    connection_id=connection_id,
    organization_id=organization_id,
    domain_hint=domain_hint,
    login_hint=login_hint,
    screen_hint=screen_hint,
    prompt=prompt,
    provider_scopes=provider_scopes,
    provider_query_params=provider_query_params,
    invitation_token=invitation_token,
    # max_age is missing here
)

The same omission exists in the async wrapper at src/workos/user_management/_resource.py:4271-4286.

(Refers to lines 2097-2156)

Prompt for agents
The hand-maintained get_authorization_url_with_pkce method (both sync at line 2097 and async at line 4228) needs to be updated to accept and forward the new max_age parameter to get_authorization_url.

For both the sync version (UserManagement class) and async version (AsyncUserManagement class):
1. Add max_age: Optional[int] = None to the method signature of get_authorization_url_with_pkce
2. Pass max_age=max_age in the call to self.get_authorization_url inside the method body
3. Update the docstring to document the new parameter

The sync wrapper is at line 2097-2156 and the async wrapper is at line 4228-4287.
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.


from .._types import RequestOptions, enum_value
from .models import IntentOptions, PortalLinkResponse
from .models import PortalLinkResponse

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚩 Removal of intent_options is a breaking API change for existing callers

The intent_options parameter was removed from both AdminPortal.generate_link and AsyncAdminPortal.generate_link (src/workos/admin_portal/_resource.py:11,28-29), and from the GenerateLink model. The IntentOptions, SSOIntentOptions, and DomainVerificationIntentOptions classes still exist in src/workos/admin_portal/models/ and are still exported from __init__.py via wildcard imports. Any existing callers passing intent_options=... will get a TypeError at runtime. Since this is auto-generated and reflects an API spec change, it's presumably intentional, but it's a breaking change worth noting.

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR regenerates SDK models, fixtures, and resource methods from updated API specs. The main changes are:

  • New User Management list endpoints for CORS origins and redirect URIs.
  • max_age support for generated authorization URLs.
  • New authorization role assignment source model and enum.
  • New audit log export expired state.
  • Additional webhook event enum values.
  • Generated round-trip tests and fixtures for the updated models.

Confidence Score: 4/5

This PR has one contained compatibility bug that should be fixed before release.

Most changes are generated model and endpoint additions with matching fixtures and tests. AuditLogExportCreation.to_dict() now breaks existing string-valued range_start and range_end usage.

src/workos/audit_logs/models/audit_log_export_creation.py

T-Rex T-Rex Logs

What T-Rex did

  • Reproduced the string-date handling failure by building AuditLogExportCreation with ISO-8601 string range_start and range_end and calling to_dict, which raised an AttributeError.
  • Ran the user-management-endpoints tests and captured before/after artifacts that document the test command, working directory, commit, script, verbose pytest output, and the resulting mocked 200 OK response with request path and response details.
  • Compared the before and after artifacts to summarize the code changes: added UserRoleAssignmentSource imports, to_dict including a source field, unknown source type round-tripping, and updated GenerateLink behavior around intent_options.

View all artifacts

T-Rex Ran code and verified through T-Rex

Important Files Changed

Filename Overview
src/workos/user_management/_resource.py Adds max_age authorization URL support and list endpoints for CORS origins and redirect URIs.
src/workos/audit_logs/models/audit_log_export_creation.py Changed export creation ranges from strings to datetimes; to_dict() now breaks existing string-valued constructions.
src/workos/authorization/models/user_role_assignment.py Adds required source parsing and serialization to user role assignments.
src/workos/admin_portal/_resource.py Removes intent_options from sync and async Admin Portal link generation.
tests/test_user_management.py Adds sync and async tests for listing CORS origins and redirect URIs.
tests/test_audit_logs_models_round_trip.py Adds generated round-trip coverage for audit log models, but does not cover string-valued export creation construction.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
participant App as SDK caller
participant UM as UserManagement resource
participant AP as AdminPortal resource
participant AuthZ as Authorization models
participant API as WorkOS API

App->>UM: get_authorization_url(max_age)
UM-->>App: authorization URL with query params
App->>UM: list_cors_origins()/list_redirect_uris()
UM->>API: GET /user_management/cors_origins or /redirect_uris
API-->>UM: paginated response
UM-->>App: SyncPage/AsyncPage models
API-->>AuthZ: user role assignment with source
AuthZ-->>App: UserRoleAssignment(source)
App->>AP: generate_link(...)
AP->>API: POST /portal/generate_link without intent_options
API-->>AP: PortalLinkResponse
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
participant App as SDK caller
participant UM as UserManagement resource
participant AP as AdminPortal resource
participant AuthZ as Authorization models
participant API as WorkOS API

App->>UM: get_authorization_url(max_age)
UM-->>App: authorization URL with query params
App->>UM: list_cors_origins()/list_redirect_uris()
UM->>API: GET /user_management/cors_origins or /redirect_uris
API-->>UM: paginated response
UM-->>App: SyncPage/AsyncPage models
API-->>AuthZ: user role assignment with source
AuthZ-->>App: UserRoleAssignment(source)
App->>AP: generate_link(...)
AP->>API: POST /portal/generate_link without intent_options
API-->>AP: PortalLinkResponse
Loading
Prompt To Fix All With AI
Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
src/workos/audit_logs/models/audit_log_export_creation.py:56-57
**Preserve string dates**
`range_start` and `range_end` were public ISO-8601 string fields before this regeneration, but `to_dict()` now unconditionally calls `_format_datetime()`. Existing callers that construct `AuditLogExportCreation(range_start="2022-...Z", range_end="2022-...Z")` now hit `AttributeError: 'str' object has no attribute 'isoformat'` during serialization, even though the resource method and docs still accept strings for export ranges.

Reviews (1): Last reviewed commit: "chore(generated): add release notes frag..." | Re-trigger Greptile

Comment on lines +56 to +57
result["range_start"] = _format_datetime(self.range_start)
result["range_end"] = _format_datetime(self.range_end)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Preserve string dates
range_start and range_end were public ISO-8601 string fields before this regeneration, but to_dict() now unconditionally calls _format_datetime(). Existing callers that construct AuditLogExportCreation(range_start="2022-...Z", range_end="2022-...Z") now hit AttributeError: 'str' object has no attribute 'isoformat' during serialization, even though the resource method and docs still accept strings for export ranges.

Artifacts

Repro: minimal script constructing AuditLogExportCreation with string dates and calling to_dict

  • Contains supporting evidence from the run (text/x-python; charset=utf-8).

Repro: command output and full traceback showing AttributeError from to_dict/_format_datetime

  • Keeps the command output available without making the summary code-heavy.

View artifacts

T-Rex Ran code and verified through T-Rex

Prompt To Fix With AI
This is a comment left during a code review.
Path: src/workos/audit_logs/models/audit_log_export_creation.py
Line: 56-57

Comment:
**Preserve string dates**
`range_start` and `range_end` were public ISO-8601 string fields before this regeneration, but `to_dict()` now unconditionally calls `_format_datetime()`. Existing callers that construct `AuditLogExportCreation(range_start="2022-...Z", range_end="2022-...Z")` now hit `AttributeError: 'str' object has no attribute 'isoformat'` during serialization, even though the resource method and docs still accept strings for export ranges.

How can I resolve this? If you propose a fix, please make it concise.

@workos-sdk-automation workos-sdk-automation Bot merged commit ed5b29a into main Jul 1, 2026
10 checks passed
@workos-sdk-automation workos-sdk-automation Bot deleted the oagen/batch-08085e9d branch July 1, 2026 18:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

autogenerated Autogenerated code or content

Development

Successfully merging this pull request may close these issues.

0 participants