Changelog

9.2.0 (2026-06-18)

  • #501 feat(generated)!: regenerate from spec (12 changes)

    Features

    • authorization:
      • Added model ReplaceGroupRoleAssignmentEntry
      • Added model ReplaceGroupRoleAssignments
      • Added model DeleteGroupRoleAssignmentsByCriteria
      • Added endpoint POST /authorization/groups/{group_id}/role_assignments
      • Added endpoint PUT /authorization/groups/{group_id}/role_assignments
      • Added endpoint DELETE /authorization/groups/{group_id}/role_assignments
      • Added endpoint GET /authorization/groups/{group_id}/role_assignments/{role_assignment_id}
      • Added endpoint DELETE /authorization/groups/{group_id}/role_assignments/{role_assignment_id}
    • client:
      • Added model ClientApiToken
      • Added model ClientApiTokenResponse
      • Added service Client
    • connect:
      • Added auth_method to ConnectedAccount
      • Added api_key_last_4 to ConnectedAccount
      • Added enum ConnectedAccountAuthMethod
    • groups:
      • Added model CreateGroupRoleAssignment
      • Added model GroupRoleAssignment
      • Added model GroupRoleAssignmentList
      • Added model GroupRoleAssignmentResource
    • organization_membership:
      • Added model UserOrganizationMembershipList
      • Added model UserOrganizationMembershipListListMetadata
    • pipes:
      • Added model DataIntegrationCredentials
      • Added model DataIntegrationConfigurationResponse
      • Added model DataIntegrationConfigurationListResponse
      • Added model ConfigureDataIntegrationBody
      • Added auth_methods to DataIntegrationsListResponseData
      • Added auth_method to DataIntegrationsListResponseDataConnectedAccount
      • Added api_key_last_4 to DataIntegrationsListResponseDataConnectedAccount
      • Added enum DataIntegrationCredentialsCredentialsType
      • Added enum DataIntegrationsListResponseDataAuthMethods
      • Added enum DataIntegrationsListResponseDataConnectedAccountAuthMethod
      • Added service PipesProvider
    • user_management:
      • Added model UserInviteList
      • Added model UserInviteListListMetadata
      • Made AuthorizationCodeSessionAuthenticateRequest.client_secret optional
      • Made RefreshTokenSessionAuthenticateRequest.client_secret optional
    • widgets:
      • Added widgets:pipes:manage to WidgetSessionTokenScopes

    Fixes

    • organization_membership:
      • Changed response of UserManagementOrganizationMembership.list from UserOrganizationMembership to UserOrganizationMembershipList
    • user_management:
      • Changed response of UserManagementInvitations.list from UserInvite to UserInviteList

9.1.0 (2026-06-17)

Bug Fixes

  • #495 feat(generated): regenerate from spec (8 changes)

    Features

    • api_keys:
      • Added model ExpireApiKey
      • Added model ApiKeyUpdated
      • Added model ApiKeyUpdatedData
      • Added model ApiKeyUpdatedDataOwner
      • Added model UserApiKeyUpdatedDataOwner
      • Added model ApiKeyUpdatedDataPreviousAttribute
      • Added endpoint POST /api_keys/{id}/expire
    • audit_logs:
      • Added Snowflake to AuditLogConfigurationLogStreamType
    • connect:
      • Added name to UserObject
    • directory_sync:
      • Added model DsyncTokenCreated
      • Added model DsyncTokenCreatedData
      • Added model DsyncTokenRevoked
      • Added model DsyncTokenRevokedData
    • user_management:
      • Added name to user management models
    • webhooks:
      • Added api_key.updated to CreateWebhookEndpointEvents
      • Added api_key.updated to UpdateWebhookEndpointEvents

9.0.0 (2026-05-26)

Bug Fixes

  • ci: extract version from PR title in changelog inline step (93768a1)

  • #491 feat(generated)!: regenerate from spec (9 changes)

    ⚠️ Breaking

    • organization_membership: Migrate organization membership to dedicated service
      • Moved organization membership methods from UserManagement to new OrganizationMembershipService class
      • Methods create_organization_membership, get_organization_membership, update_organization_membership, delete_organization_membership, deactivate_organization_membership, reactivate_organization_membership, list_organization_memberships, and list_organization_membership_groups now accessed via client.organization_membership instead of client.user_management
      • Removed UserManagement::RoleSingle and UserManagement::RoleMultiple data classes (moved to OrganizationMembershipService)
    • api_keys: Add expires_at field to API key models
      • Added expires_at optional field to ApiKey, OrganizationApiKey, OrganizationApiKeyWithValue, UserApiKey, and UserApiKeyWithValue models
      • Added expires_at field to CreateOrganizationApiKey and CreateUserApiKey request models
      • Updated create_organization_api_key and create_user_api_key methods to accept expires_at parameter
    • radar: Remove device_fingerprint and bot_score fields from Radar
      • Removed device_fingerprint and bot_score parameters from Radar.create_attempt method
      • Removed device_fingerprint and bot_score fields from RadarStandaloneAssessRequest model
      • Updated enum values in RadarStandaloneAssessRequestAction: removed LOGIN, SIGNUP, SIGN_UP_2, SIGN_IN_2, SIGN_IN_3, SIGN_UP_3; standardized to SIGN_UP and SIGN_IN
      • Removed CREDENTIAL_STUFFING and IP_SIGN_UP_RATE_LIMIT from RadarStandaloneResponseControl enum
    • audit_logs: Refactor audit logs models and type names
      • Merged AuditLogSchemaJson fields into AuditLogSchema; removed AuditLogSchemaJson class
      • Added new AuditLogSchemaInput class (write-side schema without read-only fields)
      • Renamed AuditLogSchemaJsonActor to AuditLogSchemaActorInput
      • Renamed AuditLogSchemaJsonTarget to AuditLogSchemaTargetInput
      • Removed AuditLogActionJson; AuditLogAction now extends BaseModel
      • Renamed AuditLogExportJson to AuditLogExport (now extends BaseModel)
      • Renamed AuditLogsRetentionJson to AuditLogsRetention (now extends BaseModel)
      • Removed AuditLogExportJsonState type; replaced with AuditLogExportState
      • Updated list_actions method return type from AuditLogActionJson to AuditLogAction
      • Updated create_export and get_export method return types from AuditLogExportJson to AuditLogExport
    • webhooks: Rename WebhookEndpointJson to WebhookEndpoint
      • Renamed WebhookEndpointJson to WebhookEndpoint
      • Updated list_webhook_endpoints, create_webhook_endpoint, and update_webhook_endpoint method return types
      • WebhookEndpointStatus is now an alias for UpdateWebhookEndpointStatus (no longer a standalone class); removed WebhookEndpointJsonStatus alias
      • Updated WebhookEndpoint to extend BaseModel for consistency
    • authorization: Add filtering parameters to authorization list methods
      • Added resource_id, resource_external_id, resource_type_slug filter parameters to list_role_assignments method
      • Added role_slug filter parameter to list_role_assignments_for_resource_by_external_id and list_role_assignments_for_resource methods
      • Removed search parameter from list_resources method

    Features

    • vault: Add new Vault service with key-value operations
      • Added new Vault service class with methods: create_data_key, create_decrypt, create_rekey, list_kv, create_kv, get_name, get_kv, update_kv, delete_kv, list_kv_metadata, list_kv_versions
      • Added vault model classes: Actor, CreateDataKeyRequest, CreateDataKeyResponse, CreateObjectRequest, DecryptRequest, DecryptResponse, DeleteObjectResponse, ObjectModel, ObjectMetadata, ObjectSummary, ObjectVersion, ObjectWithoutValue, RekeyRequest, UpdateObjectRequest
      • Added VaultOrder enum for sorting operations
      • Added client.vault accessor to access the new service
    • pipes: Add Pipes connected account event models
      • Added PipeConnectedAccount model for representing connected accounts
      • Added three new event models: PipesConnectedAccountConnected, PipesConnectedAccountDisconnected, PipesConnectedAccountReauthorizationNeeded
      • Added PipeConnectedAccountState enum with CONNECTED and NEEDS_REAUTHORIZATION values
      • Added new webhook event types to CreateWebhookEndpointEvents and UpdateWebhookEndpointEvents
    • generated: Add Error and Actor shared models
      • Added Error model in shared module for error responses
      • Added Actor model in vault module representing user/actor information
      • Updated inflections to map 'object' to 'ObjectModel' to avoid conflicts

8.0.1 (2026-05-12)

Bug Fixes

  • harden session sealing, log redaction, and webhook tolerance checks (#482) (347fe1e)

8.0.0 (2026-05-06)

⚠ BREAKING CHANGES

  • authorization: Consolidate order enums to PaginationOrder
  • api_keys: Separate organization and user API key types
  • user_management: Consolidate order enums to PaginationOrder
  • vault: Add BYOK key deleted event and consolidate key provider enum
  • types: Consolidate pagination order enums
  • authorization: Rename RoleAssignment to UserRoleAssignment

Features

  • api_keys: Separate organization and user API key types (956386a)
  • authorization: Add new role assignment listing endpoints (956386a)
  • authorization: Consolidate order enums to PaginationOrder (956386a)
  • authorization: Rename RoleAssignment to UserRoleAssignment (956386a)
  • directory_sync: Add name field to directory users (956386a)
  • docs: publish YARD API docs + llms.txt to GitHub Pages (#480) (117eeac)
  • events: Add admin_portal source to event context actor (956386a)
  • sso: Add name field to SSO profile (956386a)
  • types: Consolidate pagination order enums (956386a)
  • user_management: Add get JWT template endpoint (956386a)
  • user_management: Add user API key management (956386a)
  • user_management: Add user field to membership and organization membership (956386a)
  • user_management: Consolidate order enums to PaginationOrder (956386a)
  • vault: Add BYOK key deleted event and consolidate key provider enum (956386a)

7.1.2 (2026-05-06)

Bug Fixes

  • decode legacy v6 sealed sessions on unseal (#479) (1d8b4aa)
  • replace parameter-group hashes with typed variant classes (#473) (a66c15b)
  • set canonical User-Agent header format (#476) (6728358)

7.1.1 (2026-04-29)

Bug Fixes

  • seal session client-side in Session#refresh (#470) (32662ab)

7.1.0 (2026-04-27)

Features

  • generated: update generated SDK from spec changes (#465) (6c145d2)

Bug Fixes

  • add ruby/setup-ruby to release-please workflow (aa5ebd0)
  • eagerly load configuration.rb to fix WorkOS.configure (#467) (eea391c)
  • remove stale URN-prefixed alias files breaking Zeitwerk (#466) (92b2aa5)
  • update Gemfile.lock in release-please PR and bump action pins (2aa0574)
  • update Zeitwerk autoload for inflections.rb (#460) (4fa1332)

7.0.0 (2026-04-20)

This is a major release that introduces a fully redesigned SDK architecture. The SDK is now generated from the WorkOS OpenAPI spec, bringing type safety, consistent interfaces, and improved developer ergonomics.

High-Level Changes

  • Client-centric architecture: The SDK now revolves around an instantiated WorkOS::Client rather than module-level service calls. All product areas are accessed through client methods (e.g., client.organizations, client.user_management, client.sso).

  • Generated request/response models: Typed models replace raw hashes. Response models no longer inherit from Hash — use accessor methods instead of bracket notation.

  • Per-request overrides: The new runtime supports request_options: for per-request API key, timeout, base URL, and retry overrides — useful for multi-tenant setups.

  • Minimum Ruby 3.3+: The minimum Ruby version has been raised to 3.3.

  • Renamed services and methods: Several top-level services were renamed (e.g., WorkOS::Portalclient.admin_portal, WorkOS::MFAclient.multi_factor_auth). Method signatures now use explicit keyword arguments.

  • Session management refactor: AuthKit session sealing, refresh, and authentication flows were overhauled with a dedicated SessionManager on the client instance.

  • New capabilities: Device code flow, public/PKCE clients, auto_paging_each pagination, and last_response observability on all responses.

Migration Guide

For detailed instructions on updating your application, see the v7 Migration Guide.

6.2.0 (2026-03-06)

Features

  • user-management: add directory_managed to OrganizationMembership (#446) (914d824)
  • user-management: add invitation accept endpoint (#448) (b5b4da1)

Bug Fixes

6.1.0 (2026-02-10)

Features

  • add support for totp_secret (#300) (c0a26bf)
  • Include Feature Flags decoded from the JWT in the payload of a Session (#386) (31a0e79)
  • workos-ruby: Add connection to authorization_url (#78) (c3a0e8e)

Bug Fixes

  • add invitation_token parameter to authentication methods (#438) (d24e3dc)