Skip to content

Update OpenAPI spec (2026-06-19)#33

Closed
workos-sdk-automation[bot] wants to merge 1 commit into
mainfrom
update-spec-20260619-181747-27841828868
Closed

Update OpenAPI spec (2026-06-19)#33
workos-sdk-automation[bot] wants to merge 1 commit into
mainfrom
update-spec-20260619-181747-27841828868

Conversation

@workos-sdk-automation

Copy link
Copy Markdown
Contributor

🤖 I see new OpenAPI changes beep boop

Automated update from https://github.com/workos/workos/tree/816db9000356077d919cab813fdf8980a35c1589

Source PRs

  • workos/workos#62669
Changes



└─┬Paths
  └─┬/user_management/authenticate
    └─┬POST
      └─┬Responses
        └─┬400
          └─┬Content
            └─┬application/json
              └─┬Schema
                └─┬ONEOF
                  └─┬ONEOF
                    └─┬ALLOF
                      └──[➕] properties/pending_authentication_token (11713:31)


| Document Element | Total Changes | Breaking Changes |
|------------------|---------------|------------------|
| paths            | 1             | 0                |

Date: 06/19/26 | Commit: Update OpenAPI spec from workos/workos@816db9000356077d919cab813fdf8980a35c1589

- **Total Changes**: _1_
- **Additions**: _1_

@greptile-apps

greptile-apps Bot commented Jun 19, 2026

Copy link
Copy Markdown

Greptile Summary

This automated PR adds a single new field, pending_authentication_token, to the sso_required 400 error response for POST /user_management/authenticate. The token is intended to link a subsequent SSO authentication back to the pending authorization session.

  • New optional field in error schema: pending_authentication_token (string) is added to the second object of the allOf block describing SSO-specific error properties; it is not included in the required array, making it optional per the spec.
  • Non-breaking change: The addition only expands an existing response schema and does not remove or rename any existing fields.

Confidence Score: 4/5

Safe to merge — the change is additive and non-breaking; the only open question is whether pending_authentication_token should be marked required.

The diff is a single-field addition to a 400 error response schema. The field is not listed as required, which may be intentional if the token is sometimes absent, but could mislead SDK consumers if the backend always returns it. Everything else in the change is routine bookkeeping.

spec/open-api-spec.yaml — specifically whether pending_authentication_token belongs in the required list of the sso_required error object.

Important Files Changed

Filename Overview
spec/open-api-spec.yaml Adds pending_authentication_token (string, optional) to the sso_required 400 error response for POST /user_management/authenticate; field is not marked required, which may or may not reflect actual API behavior.
.last-synced-sha Bumps the tracked upstream commit SHA — routine bookkeeping for the automated sync.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant Client
    participant WorkOS as WorkOS /user_management/authenticate

    Client->>WorkOS: POST /user_management/authenticate
    WorkOS-->>Client: 400 sso_required
    Note over Client,WorkOS: Body includes connection_ids, email,<br/>and (new) pending_authentication_token

    Client->>WorkOS: POST /user_management/authenticate (SSO)
    Note over Client,WorkOS: Client passes pending_authentication_token<br/>to link back to the original session
    WorkOS-->>Client: 200 Authenticated
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant Client
    participant WorkOS as WorkOS /user_management/authenticate

    Client->>WorkOS: POST /user_management/authenticate
    WorkOS-->>Client: 400 sso_required
    Note over Client,WorkOS: Body includes connection_ids, email,<br/>and (new) pending_authentication_token

    Client->>WorkOS: POST /user_management/authenticate (SSO)
    Note over Client,WorkOS: Client passes pending_authentication_token<br/>to link back to the original session
    WorkOS-->>Client: 200 Authenticated
Loading

Fix All in Devin Fix All in Claude Code

Prompt To Fix All With AI
Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
spec/open-api-spec.yaml:11721-11723
**`pending_authentication_token` missing from `required`**

The new `pending_authentication_token` field is not listed in the `required` array alongside `connection_ids` and `email`. If this token must always be present when the `sso_required` error fires — so that the client can link the subsequent SSO leg back to the pending session — leaving it optional means SDK consumers have to handle a `null`/absent token case that may never actually occur in practice, and could silently produce a broken flow if the backend ever fails to include it.

Reviews (1): Last reviewed commit: "Update OpenAPI spec from workos/workos@8..." | Re-trigger Greptile

Comment thread spec/open-api-spec.yaml
Comment on lines 11721 to 11723
required:
- connection_ids
- email

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 pending_authentication_token missing from required

The new pending_authentication_token field is not listed in the required array alongside connection_ids and email. If this token must always be present when the sso_required error fires — so that the client can link the subsequent SSO leg back to the pending session — leaving it optional means SDK consumers have to handle a null/absent token case that may never actually occur in practice, and could silently produce a broken flow if the backend ever fails to include it.

Is pending_authentication_token always returned when sso_required fires, or are there cases where it can be absent?

Prompt To Fix With AI
This is a comment left during a code review.
Path: spec/open-api-spec.yaml
Line: 11721-11723

Comment:
**`pending_authentication_token` missing from `required`**

The new `pending_authentication_token` field is not listed in the `required` array alongside `connection_ids` and `email`. If this token must always be present when the `sso_required` error fires — so that the client can link the subsequent SSO leg back to the pending session — leaving it optional means SDK consumers have to handle a `null`/absent token case that may never actually occur in practice, and could silently produce a broken flow if the backend ever fails to include it.

 Is `pending_authentication_token` always returned when `sso_required` fires, or are there cases where it can be absent?

How can I resolve this? If you propose a fix, please make it concise.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Fix in Devin Fix in Claude Code

github-actions Bot added a commit that referenced this pull request Jun 19, 2026
@github-actions

Copy link
Copy Markdown
Contributor

SDK compatibility report

📄 View full code diff

Language Breaking Soft-risk Additive
dotnet 0 0 0
go 0 0 0
kotlin 0 0 0
php 0 0 0
python 0 0 0
ruby 0 0 0
rust 4 0 119

Changes by domain

Domain Breaking Soft-risk Additive Languages
CreateDataIntegrationTokenParams 2 rust
AuthorizationCodeSessionAuthenticateRequest 1 rust
RefreshTokenSessionAuthenticateRequest 1 rust
GroupRoleAssignment 16 rust
DataIntegrationConfigurationResponse 11 rust
DataIntegrationCredentials 11 rust
DataIntegrationsListResponseData 11 rust
ClientApi 7 rust
CreateGroupRoleAssignment 7 rust
UserInviteList 7 rust
UserOrganizationMembershipList 7 rust
ConnectedAccount 6 rust
ConfigureDataIntegrationBody 5 rust
DeleteGroupRoleAssignmentsByCriteria 5 rust
ListGroupRoleAssignmentsParams 5 rust
ReplaceGroupRoleAssignmentEntry 5 rust
DataIntegrationConfigurationListResponse 3 rust
DeleteGroupRoleAssignmentsParams 2 rust
GetAccessTokenParams 2 rust
PipesProviderApi 2 rust
ReplaceGroupRoleAssignments 2 rust
UpdateGroupRoleAssignmentsParams 2 rust
UpdateOrganizationDataIntegrationConfigurationParams 2 rust
WidgetSessionTokenScopes 1 rust

Breaking (4)

AuthorizationCodeSessionAuthenticateRequest

Type changes (1)

AuthorizationCodeSessionAuthenticateRequest.client_secret type changed (field)

Language Before After
rust
📄 src/models/authorization_code_session_authenticate_request.rs
AuthorizationCodeSessionAuthenticateRequest.client_secret
type: crate::SecretString
AuthorizationCodeSessionAuthenticateRequest.client_secret
type: Option<crate::SecretString>

CreateDataIntegrationTokenParams

Removed methods (2)

Method Languages
CreateDataIntegrationTokenParams rust
CreateDataIntegrationTokenParams.new rust

RefreshTokenSessionAuthenticateRequest

Type changes (1)

RefreshTokenSessionAuthenticateRequest.client_secret type changed (field)

Language Before After
rust
📄 src/models/refresh_token_session_authenticate_request.rs
RefreshTokenSessionAuthenticateRequest.client_secret
type: crate::SecretString
RefreshTokenSessionAuthenticateRequest.client_secret
type: Option<crate::SecretString>

Additive (119)

ClientApi

Change Languages
ClientApi added (type) rust
📄 src/resources/client_api.rs
ClientApi.client added (field) rust
📄 src/resources/client_api.rs
ClientApiToken added (type) rust
📄 src/models/client_api_token.rs
ClientApiToken.organization_id added (field) rust
📄 src/models/client_api_token.rs
ClientApiToken.user_id added (field) rust
📄 src/models/client_api_token.rs
ClientApiTokenResponse added (type) rust
📄 src/models/client_api_token_response.rs
ClientApiTokenResponse.token added (field) rust
📄 src/models/client_api_token_response.rs

ConfigureDataIntegrationBody

Change Languages
ConfigureDataIntegrationBody added (type) rust
📄 src/models/configure_data_integration_body.rs
ConfigureDataIntegrationBody.client_id added (field) rust
📄 src/models/configure_data_integration_body.rs
ConfigureDataIntegrationBody.client_secret added (field) rust
📄 src/models/configure_data_integration_body.rs
ConfigureDataIntegrationBody.enabled added (field) rust
📄 src/models/configure_data_integration_body.rs
ConfigureDataIntegrationBody.scopes added (field) rust
📄 src/models/configure_data_integration_body.rs

ConnectedAccount

Change Languages
ConnectedAccount.api_key_last_4 added (field) rust
📄 src/models/connected_account.rs
ConnectedAccount.auth_method added (field) rust
📄 src/models/connected_account.rs
ConnectedAccountAuthMethod added (enum) rust
📄 src/enums/connected_account_auth_method.rs
ConnectedAccountAuthMethod.ApiKey added (enum value) rust
📄 src/enums/connected_account_auth_method.rs
ConnectedAccountAuthMethod.OAuth added (enum value) rust
📄 src/enums/connected_account_auth_method.rs
ConnectedAccountAuthMethod.Unknown added (enum value) rust
📄 src/enums/connected_account_auth_method.rs

CreateGroupRoleAssignment

Change Languages
CreateGroupRoleAssignment added (type) rust
📄 src/models/create_group_role_assignment.rs
CreateGroupRoleAssignment.resource_external_id added (field) rust
📄 src/models/create_group_role_assignment.rs
CreateGroupRoleAssignment.resource_id added (field) rust
📄 src/models/create_group_role_assignment.rs
CreateGroupRoleAssignment.resource_type_slug added (field) rust
📄 src/models/create_group_role_assignment.rs
CreateGroupRoleAssignment.role_slug added (field) rust
📄 src/models/create_group_role_assignment.rs
CreateGroupRoleAssignmentParams added (service) rust
📄 src/resources/authorization.rs
CreateGroupRoleAssignmentParams.new(body) added (function) rust
📄 src/resources/authorization.rs

DataIntegrationConfigurationListResponse

Change Languages
DataIntegrationConfigurationListResponse added (type) rust
📄 src/models/data_integration_configuration_list_response.rs
DataIntegrationConfigurationListResponse.data added (field) rust
📄 src/models/data_integration_configuration_list_response.rs
DataIntegrationConfigurationListResponse.object added (field) rust
📄 src/models/data_integration_configuration_list_response.rs

DataIntegrationConfigurationResponse

Change Languages
DataIntegrationConfigurationResponse added (type) rust
📄 src/models/data_integration_configuration_response.rs
DataIntegrationConfigurationResponse.created_at added (field) rust
📄 src/models/data_integration_configuration_response.rs
DataIntegrationConfigurationResponse.credentials added (field) rust
📄 src/models/data_integration_configuration_response.rs
DataIntegrationConfigurationResponse.enabled added (field) rust
📄 src/models/data_integration_configuration_response.rs
DataIntegrationConfigurationResponse.id added (field) rust
📄 src/models/data_integration_configuration_response.rs
DataIntegrationConfigurationResponse.name added (field) rust
📄 src/models/data_integration_configuration_response.rs
DataIntegrationConfigurationResponse.object added (field) rust
📄 src/models/data_integration_configuration_response.rs
DataIntegrationConfigurationResponse.organization_id added (field) rust
📄 src/models/data_integration_configuration_response.rs
DataIntegrationConfigurationResponse.scopes added (field) rust
📄 src/models/data_integration_configuration_response.rs
DataIntegrationConfigurationResponse.slug added (field) rust
📄 src/models/data_integration_configuration_response.rs
DataIntegrationConfigurationResponse.updated_at added (field) rust
📄 src/models/data_integration_configuration_response.rs

DataIntegrationCredentials

Change Languages
DataIntegrationCredentials added (type) rust
📄 src/models/data_integration_credentials.rs
DataIntegrationCredentials.client_id added (field) rust
📄 src/models/data_integration_credentials.rs
DataIntegrationCredentials.client_secret_last_four added (field) rust
📄 src/models/data_integration_credentials.rs
DataIntegrationCredentials.credentials_type added (field) rust
📄 src/models/data_integration_credentials.rs
DataIntegrationCredentials.has_credentials added (field) rust
📄 src/models/data_integration_credentials.rs
DataIntegrationCredentials.redirect_uri added (field) rust
📄 src/models/data_integration_credentials.rs
DataIntegrationCredentialsCredentialsType added (enum) rust
📄 src/enums/data_integration_credentials_credentials_type.rs
DataIntegrationCredentialsCredentialsType.Custom added (enum value) rust
📄 src/enums/data_integration_credentials_credentials_type.rs
DataIntegrationCredentialsCredentialsType.Organization added (enum value) rust
📄 src/enums/data_integration_credentials_credentials_type.rs
DataIntegrationCredentialsCredentialsType.Shared added (enum value) rust
📄 src/enums/data_integration_credentials_credentials_type.rs
DataIntegrationCredentialsCredentialsType.Unknown added (enum value) rust
📄 src/enums/data_integration_credentials_credentials_type.rs

DataIntegrationsListResponseData

Change Languages
DataIntegrationsListResponseData.auth_methods added (field) rust
📄 src/models/data_integrations_list_response_data.rs
DataIntegrationsListResponseDataAuthMethods added (enum) rust
📄 src/enums/data_integrations_list_response_data_auth_methods.rs
DataIntegrationsListResponseDataAuthMethods.ApiKey added (enum value) rust
📄 src/enums/data_integrations_list_response_data_auth_methods.rs
DataIntegrationsListResponseDataAuthMethods.OAuth added (enum value) rust
📄 src/enums/data_integrations_list_response_data_auth_methods.rs
DataIntegrationsListResponseDataAuthMethods.Unknown added (enum value) rust
📄 src/enums/data_integrations_list_response_data_auth_methods.rs
DataIntegrationsListResponseDataConnectedAccount.api_key_last_4 added (field) rust
📄 src/models/data_integrations_list_response_data_connected_account.rs
DataIntegrationsListResponseDataConnectedAccount.auth_method added (field) rust
📄 src/models/data_integrations_list_response_data_connected_account.rs
DataIntegrationsListResponseDataConnectedAccountAuthMethod added (enum) rust
📄 src/enums/data_integrations_list_response_data_connected_account_auth_method.rs
DataIntegrationsListResponseDataConnectedAccountAuthMethod.ApiKey added (enum value) rust
📄 src/enums/data_integrations_list_response_data_connected_account_auth_method.rs
DataIntegrationsListResponseDataConnectedAccountAuthMethod.OAuth added (enum value) rust
📄 src/enums/data_integrations_list_response_data_connected_account_auth_method.rs
DataIntegrationsListResponseDataConnectedAccountAuthMethod.Unknown added (enum value) rust
📄 src/enums/data_integrations_list_response_data_connected_account_auth_method.rs

DeleteGroupRoleAssignmentsByCriteria

Change Languages
DeleteGroupRoleAssignmentsByCriteria added (type) rust
📄 src/models/delete_group_role_assignments_by_criteria.rs
DeleteGroupRoleAssignmentsByCriteria.resource_external_id added (field) rust
📄 src/models/delete_group_role_assignments_by_criteria.rs
DeleteGroupRoleAssignmentsByCriteria.resource_id added (field) rust
📄 src/models/delete_group_role_assignments_by_criteria.rs
DeleteGroupRoleAssignmentsByCriteria.resource_type_slug added (field) rust
📄 src/models/delete_group_role_assignments_by_criteria.rs
DeleteGroupRoleAssignmentsByCriteria.role_slug added (field) rust
📄 src/models/delete_group_role_assignments_by_criteria.rs

DeleteGroupRoleAssignmentsParams

Change Languages
DeleteGroupRoleAssignmentsParams added (service) rust
📄 src/resources/authorization.rs
DeleteGroupRoleAssignmentsParams.new(body) added (function) rust
📄 src/resources/authorization.rs

GetAccessTokenParams

Change Languages
GetAccessTokenParams added (service) rust
📄 src/resources/pipes.rs
GetAccessTokenParams.new(body) added (function) rust
📄 src/resources/pipes.rs

GroupRoleAssignment

Change Languages
GroupRoleAssignment added (type) rust
📄 src/models/group_role_assignment.rs
GroupRoleAssignment.created_at added (field) rust
📄 src/models/group_role_assignment.rs
GroupRoleAssignment.group_id added (field) rust
📄 src/models/group_role_assignment.rs
GroupRoleAssignment.id added (field) rust
📄 src/models/group_role_assignment.rs
GroupRoleAssignment.object added (field) rust
📄 src/models/group_role_assignment.rs
GroupRoleAssignment.resource added (field) rust
📄 src/models/group_role_assignment.rs
GroupRoleAssignment.role added (field) rust
📄 src/models/group_role_assignment.rs
GroupRoleAssignment.updated_at added (field) rust
📄 src/models/group_role_assignment.rs
GroupRoleAssignmentList added (type) rust
📄 src/models/group_role_assignment_list.rs
GroupRoleAssignmentList.data added (field) rust
📄 src/models/group_role_assignment_list.rs
GroupRoleAssignmentList.list_metadata added (field) rust
📄 src/models/group_role_assignment_list.rs
GroupRoleAssignmentList.object added (field) rust
📄 src/models/group_role_assignment_list.rs
GroupRoleAssignmentResource added (type) rust
📄 src/models/group_role_assignment_resource.rs
GroupRoleAssignmentResource.external_id added (field) rust
📄 src/models/group_role_assignment_resource.rs
GroupRoleAssignmentResource.id added (field) rust
📄 src/models/group_role_assignment_resource.rs
GroupRoleAssignmentResource.resource_type_slug added (field) rust
📄 src/models/group_role_assignment_resource.rs

ListGroupRoleAssignmentsParams

Change Languages
ListGroupRoleAssignmentsParams added (type) rust
📄 src/resources/authorization.rs
ListGroupRoleAssignmentsParams.after added (field) rust
📄 src/resources/authorization.rs
ListGroupRoleAssignmentsParams.before added (field) rust
📄 src/resources/authorization.rs
ListGroupRoleAssignmentsParams.limit added (field) rust
📄 src/resources/authorization.rs
ListGroupRoleAssignmentsParams.order added (field) rust
📄 src/resources/authorization.rs

PipesProviderApi

Change Languages
PipesProviderApi added (type) rust
📄 src/resources/pipes_provider.rs
PipesProviderApi.client added (field) rust
📄 src/resources/pipes_provider.rs

ReplaceGroupRoleAssignmentEntry

Change Languages
ReplaceGroupRoleAssignmentEntry added (type) rust
📄 src/models/replace_group_role_assignment_entry.rs
ReplaceGroupRoleAssignmentEntry.resource_external_id added (field) rust
📄 src/models/replace_group_role_assignment_entry.rs
ReplaceGroupRoleAssignmentEntry.resource_id added (field) rust
📄 src/models/replace_group_role_assignment_entry.rs
ReplaceGroupRoleAssignmentEntry.resource_type_slug added (field) rust
📄 src/models/replace_group_role_assignment_entry.rs
ReplaceGroupRoleAssignmentEntry.role_slug added (field) rust
📄 src/models/replace_group_role_assignment_entry.rs

ReplaceGroupRoleAssignments

Change Languages
ReplaceGroupRoleAssignments added (type) rust
📄 src/models/replace_group_role_assignments.rs
ReplaceGroupRoleAssignments.role_assignments added (field) rust
📄 src/models/replace_group_role_assignments.rs

UpdateGroupRoleAssignmentsParams

Change Languages
UpdateGroupRoleAssignmentsParams added (service) rust
📄 src/resources/authorization.rs
UpdateGroupRoleAssignmentsParams.new(body) added (function) rust
📄 src/resources/authorization.rs

UpdateOrganizationDataIntegrationConfigurationParams

Change Languages
UpdateOrganizationDataIntegrationConfigurationParams added (service) rust
📄 src/resources/pipes_provider.rs
UpdateOrganizationDataIntegrationConfigurationParams.new(body) added (function) rust
📄 src/resources/pipes_provider.rs

UserInviteList

Change Languages
UserInviteList added (type) rust
📄 src/models/user_invite_list.rs
UserInviteList.data added (field) rust
📄 src/models/user_invite_list.rs
UserInviteList.list_metadata added (field) rust
📄 src/models/user_invite_list.rs
UserInviteList.object added (field) rust
📄 src/models/user_invite_list.rs
UserInviteListListMetadata added (type) rust
📄 src/models/user_invite_list_list_metadata.rs
UserInviteListListMetadata.after added (field) rust
📄 src/models/user_invite_list_list_metadata.rs
UserInviteListListMetadata.before added (field) rust
📄 src/models/user_invite_list_list_metadata.rs

UserOrganizationMembershipList

Change Languages
UserOrganizationMembershipList added (type) rust
📄 src/models/user_organization_membership_list.rs
UserOrganizationMembershipList.data added (field) rust
📄 src/models/user_organization_membership_list.rs
UserOrganizationMembershipList.list_metadata added (field) rust
📄 src/models/user_organization_membership_list.rs
UserOrganizationMembershipList.object added (field) rust
📄 src/models/user_organization_membership_list.rs
UserOrganizationMembershipListListMetadata added (type) rust
📄 src/models/user_organization_membership_list_list_metadata.rs
UserOrganizationMembershipListListMetadata.after added (field) rust
📄 src/models/user_organization_membership_list_list_metadata.rs
UserOrganizationMembershipListListMetadata.before added (field) rust
📄 src/models/user_organization_membership_list_list_metadata.rs

WidgetSessionTokenScopes

Change Languages
WidgetSessionTokenScopes.WidgetsPipesManage added (enum value) rust
📄 src/enums/widget_session_token_scopes.rs

@gjtorikian gjtorikian closed this Jun 20, 2026
github-actions Bot added a commit that referenced this pull request Jun 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Development

Successfully merging this pull request may close these issues.

1 participant