fix: redesign authorization resource targeting and default order handling

Author: gjtorikian

.oagen-manifest.json

@@ -13,11 +13,11 @@
     public function __construct(
         /** The slug of the role to assign. */
         public string $roleSlug,
-        /** The ID of the resource. Use either this or `resource_external_id` and `resource_type_slug`. */
+        /** The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. */
         public ?string $resourceId = null,
-        /** The external ID of the resource. Requires `resource_type_slug`. */
+        /** The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. */
         public ?string $resourceExternalId = null,
-        /** The resource type slug. Required with `resource_external_id`. */
+        /** The resource type slug. Required with `resource_external_id`. Mutually exclusive with `resource_id`. */
         public ?string $resourceTypeSlug = null,
     ) {
     }

lib/Resource/AssignRole.php

@@ -18,6 +18,10 @@ public function __construct(
         public string $grantType,
         /** The authorization code received from the redirect. */
         public string $code,
+        /** The PKCE code verifier used to derive the code challenge passed to the authorization URL. */
+        public ?string $codeVerifier = null,
+        /** An invitation token to accept during authentication. */
+        public ?string $invitationToken = null,
         /** The IP address of the user's request. */
         public ?string $ipAddress = null,
         /** A unique identifier for the device. */
@@ -34,6 +38,8 @@ public static function fromArray(array $data): self
             clientSecret: $data['client_secret'],
             grantType: $data['grant_type'],
             code: $data['code'],
+            codeVerifier: $data['code_verifier'] ?? null,
+            invitationToken: $data['invitation_token'] ?? null,
             ipAddress: $data['ip_address'] ?? null,
             deviceId: $data['device_id'] ?? null,
             userAgent: $data['user_agent'] ?? null,
@@ -47,6 +53,8 @@ public function toArray(): array
             'client_secret' => $this->clientSecret,
             'grant_type' => $this->grantType,
             'code' => $this->code,
+            'code_verifier' => $this->codeVerifier,
+            'invitation_token' => $this->invitationToken,
             'ip_address' => $this->ipAddress,
             'device_id' => $this->deviceId,
             'user_agent' => $this->userAgent,

lib/Resource/AuthorizationCodeSessionAuthenticateRequest.php

@@ -21,6 +21,8 @@ public function __construct(
          */
         public array $grantedScopes,
         public ConnectApplication $application,
+        /** The OAuth resource associated with the authorized connect application, if one was requested. */
+        public ?string $oauthResource = null,
     ) {
     }
 
@@ -31,6 +33,7 @@ public static function fromArray(array $data): self
             id: $data['id'],
             grantedScopes: $data['granted_scopes'],
             application: ConnectApplication::fromArray($data['application']),
+            oauthResource: $data['oauth_resource'] ?? null,
         );
     }
 
@@ -41,6 +44,7 @@ public function toArray(): array
             'id' => $this->id,
             'granted_scopes' => $this->grantedScopes,
             'application' => $this->application->toArray(),
+            'oauth_resource' => $this->oauthResource,
         ];
     }
 }

lib/Resource/AuthorizedConnectApplicationListData.php

@@ -13,11 +13,11 @@
     public function __construct(
         /** The slug of the permission to check. */
         public string $permissionSlug,
-        /** The ID of the resource. */
+        /** The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. */
         public ?string $resourceId = null,
-        /** The external ID of the resource. */
+        /** The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. */
         public ?string $resourceExternalId = null,
-        /** The slug of the resource type. */
+        /** The slug of the resource type. Required with `resource_external_id`. Mutually exclusive with `resource_id`. */
         public ?string $resourceTypeSlug = null,
     ) {
     }

lib/Resource/CheckAuthorization.php

@@ -30,6 +30,10 @@ public function __construct(
         public \DateTimeImmutable $createdAt,
         /** An ISO 8601 timestamp. */
         public \DateTimeImmutable $updatedAt,
+        /** The type of the application. */
+        public ?string $applicationType = null,
+        /** The ID of the organization the application belongs to. */
+        public ?string $organizationId = null,
     ) {
     }
 
@@ -44,6 +48,8 @@ public static function fromArray(array $data): self
             scopes: $data['scopes'],
             createdAt: new \DateTimeImmutable($data['created_at']),
             updatedAt: new \DateTimeImmutable($data['updated_at']),
+            applicationType: $data['application_type'] ?? null,
+            organizationId: $data['organization_id'] ?? null,
         );
     }
 
@@ -58,6 +64,8 @@ public function toArray(): array
             'scopes' => $this->scopes,
             'created_at' => $this->createdAt->format(\DateTimeInterface::RFC3339_EXTENDED),
             'updated_at' => $this->updatedAt->format(\DateTimeInterface::RFC3339_EXTENDED),
+            'application_type' => $this->applicationType,
+            'organization_id' => $this->organizationId,
         ];
     }
 }

lib/Resource/ConnectApplication.php

@@ -21,11 +21,11 @@ public function __construct(
         public string $organizationId,
         /** An optional description of the resource. */
         public ?string $description = null,
-        /** The ID of the parent resource. */
+        /** The ID of the parent resource. Mutually exclusive with `parent_resource_external_id` and `parent_resource_type_slug`. */
         public ?string $parentResourceId = null,
-        /** The external ID of the parent resource. */
+        /** The external ID of the parent resource. Required with `parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`. */
         public ?string $parentResourceExternalId = null,
-        /** The resource type slug of the parent resource. */
+        /** The resource type slug of the parent resource. Required with `parent_resource_external_id`. Mutually exclusive with `parent_resource_id`. */
         public ?string $parentResourceTypeSlug = null,
     ) {
     }

lib/Resource/CreateAuthorizationResource.php

@@ -13,12 +13,6 @@
     public function __construct(
         /** The email address of the user. */
         public string $email,
-        /** The password to set for the user. Mutually exclusive with `password_hash` and `password_hash_type`. */
-        public ?string $password = null,
-        /** The hashed password to set for the user. Mutually exclusive with `password`. */
-        public ?string $passwordHash = null,
-        /** The algorithm originally used to hash the password, used when providing a `password_hash`. */
-        public ?CreateUserPasswordHashType $passwordHashType = null,
         /** The first name of the user. */
         public ?string $firstName = null,
         /** The last name of the user. */
@@ -32,36 +26,42 @@ public function __construct(
         public ?array $metadata = null,
         /** The external ID of the user. */
         public ?string $externalId = null,
+        /** The password to set for the user. Mutually exclusive with `password_hash` and `password_hash_type`. */
+        public ?string $password = null,
+        /** The hashed password to set for the user. Required with `password_hash_type`. Mutually exclusive with `password`. */
+        public ?string $passwordHash = null,
+        /** The algorithm originally used to hash the password, used when providing a `password_hash`. Required with `password_hash`. Mutually exclusive with `password`. */
+        public ?CreateUserPasswordHashType $passwordHashType = null,
     ) {
     }
 
     public static function fromArray(array $data): self
     {
         return new self(
             email: $data['email'],
-            password: $data['password'] ?? null,
-            passwordHash: $data['password_hash'] ?? null,
-            passwordHashType: isset($data['password_hash_type']) ? CreateUserPasswordHashType::from($data['password_hash_type']) : null,
             firstName: $data['first_name'] ?? null,
             lastName: $data['last_name'] ?? null,
             emailVerified: $data['email_verified'] ?? null,
             metadata: $data['metadata'] ?? null,
             externalId: $data['external_id'] ?? null,
+            password: $data['password'] ?? null,
+            passwordHash: $data['password_hash'] ?? null,
+            passwordHashType: isset($data['password_hash_type']) ? CreateUserPasswordHashType::from($data['password_hash_type']) : null,
         );
     }
 
     public function toArray(): array
     {
         return [
             'email' => $this->email,
-            'password' => $this->password,
-            'password_hash' => $this->passwordHash,
-            'password_hash_type' => $this->passwordHashType?->value,
             'first_name' => $this->firstName,
             'last_name' => $this->lastName,
             'email_verified' => $this->emailVerified,
             'metadata' => $this->metadata,
             'external_id' => $this->externalId,
+            'password' => $this->password,
+            'password_hash' => $this->passwordHash,
+            'password_hash_type' => $this->passwordHashType?->value,
         ];
     }
 }

lib/Resource/CreateUser.php

@@ -41,6 +41,11 @@ enum CreateWebhookEndpointEvents: string
     case DsyncUserDeleted = 'dsync.user.deleted';
     case DsyncUserUpdated = 'dsync.user.updated';
     case EmailVerificationCreated = 'email_verification.created';
+    case GroupCreated = 'group.created';
+    case GroupDeleted = 'group.deleted';
+    case GroupMemberAdded = 'group.member_added';
+    case GroupMemberRemoved = 'group.member_removed';
+    case GroupUpdated = 'group.updated';
     case FlagCreated = 'flag.created';
     case FlagDeleted = 'flag.deleted';
     case FlagUpdated = 'flag.updated';

lib/Resource/CreateWebhookEndpointEvents.php

@@ -11,18 +11,33 @@
     use JsonSerializableTrait;
 
     public function __construct(
+        /** Indicates whether the access token is valid and ready for use, or if reauthorization is required. */
+        public ?bool $active = null,
+        /** The [access token](https://workos.com/docs/reference/pipes/access-token) object, present when `active` is `true`. */
+        public ?DataIntegrationAccessTokenResponseAccessToken $accessToken = null,
+        /**
+         * - `"not_installed"`: The user does not have the integration installed.
+         * - `"needs_reauthorization"`: The user needs to reauthorize the integration.
+         */
+        public ?DataIntegrationAccessTokenResponseError $error = null,
     ) {
     }
 
     public static function fromArray(array $data): self
     {
         return new self(
+            active: $data['active'] ?? null,
+            accessToken: isset($data['access_token']) ? DataIntegrationAccessTokenResponseAccessToken::fromArray($data['access_token']) : null,
+            error: isset($data['error']) ? DataIntegrationAccessTokenResponseError::from($data['error']) : null,
         );
     }
 
     public function toArray(): array
     {
         return [
+            'active' => $this->active,
+            'access_token' => $this->accessToken?->toArray(),
+            'error' => $this->error?->value,
         ];
     }
 }