UserManagement.php

<?php

declare(strict_types=1);

// This file is auto-generated by oagen. Do not edit.

namespace WorkOS\Service;

use WorkOS\Resource\AuthenticateResponse;
use WorkOS\Resource\AuthorizedConnectApplicationListData;
use WorkOS\Resource\CORSOriginResponse;
use WorkOS\Resource\DeviceAuthorizationResponse;
use WorkOS\Resource\EmailChange;
use WorkOS\Resource\EmailChangeConfirmation;
use WorkOS\Resource\EmailVerification;
use WorkOS\Resource\Invitation;
use WorkOS\Resource\JwksResponse;
use WorkOS\Resource\JWTTemplateResponse;
use WorkOS\Resource\MagicAuth;
use WorkOS\Resource\OrganizationMembership;
use WorkOS\Resource\PasswordReset;
use WorkOS\Resource\RedirectUri;
use WorkOS\Resource\ResetPasswordResponse;
use WorkOS\Resource\SendVerificationEmailResponse;
use WorkOS\Resource\User;
use WorkOS\Resource\UserIdentitiesGetItem;
use WorkOS\Resource\UserInvite;
use WorkOS\Resource\UserOrganizationMembership;
use WorkOS\Resource\UserSessionsListItem;
use WorkOS\Resource\VerifyEmailResponse;

class UserManagement
{
    public function __construct(
        private readonly \WorkOS\HttpClient $client,
    ) {
    }

    /**
     * Get JWKS
     *
     * Returns the JSON Web Key Set (JWKS) containing the public keys used for verifying access tokens.
     * @param string $clientId Identifies the application making the request to the WorkOS server. You can obtain your client ID from the [API Keys](https://dashboard.workos.com/api-keys) page in the dashboard.
     * @return \WorkOS\Resource\JwksResponse
     */
    public function getJwks(
        string $clientId,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\JwksResponse {
        $response = $this->client->request(
            method: 'GET',
            path: "sso/jwks/{$clientId}",
            options: $options,
        );
        return JwksResponse::fromArray($response);
    }

    /**
     * @param string $email
     * @param string $password
     * @param string|null $invitationToken
     * @param string|null $ipAddress
     * @param string|null $deviceId
     * @param string|null $userAgent
     * @return \WorkOS\Resource\AuthenticateResponse
     */
    public function authenticateWithPassword(
        string $email,
        string $password,
        ?string $invitationToken = null,
        ?string $ipAddress = null,
        ?string $deviceId = null,
        ?string $userAgent = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\AuthenticateResponse {
        $body = array_filter([
            'grant_type' => 'password',
            'email' => $email,
            'password' => $password,
            'invitation_token' => $invitationToken,
            'ip_address' => $ipAddress,
            'device_id' => $deviceId,
            'user_agent' => $userAgent,
        ], fn ($v) => $v !== null);
        $body['client_id'] = $this->client->requireClientId();
        $body['client_secret'] = $this->client->requireApiKey();

        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/authenticate',
            body: $body,
            options: $options,
        );
        return AuthenticateResponse::fromArray($response);
    }

    /**
     * @param mixed $code
     * @param mixed|null $ipAddress
     * @param mixed|null $deviceId
     * @param mixed|null $userAgent
     * @return \WorkOS\Resource\AuthenticateResponse
     */
    public function authenticateWithCode(
        mixed $code = null,
        mixed $ipAddress = null,
        mixed $deviceId = null,
        mixed $userAgent = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\AuthenticateResponse {
        $body = array_filter([
            'grant_type' => 'authorization_code',
            'code' => $code,
            'ip_address' => $ipAddress,
            'device_id' => $deviceId,
            'user_agent' => $userAgent,
        ], fn ($v) => $v !== null);
        $body['client_id'] = $this->client->requireClientId();
        $body['client_secret'] = $this->client->requireApiKey();

        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/authenticate',
            body: $body,
            options: $options,
        );
        return AuthenticateResponse::fromArray($response);
    }

    /**
     * @param string $refreshToken
     * @param string|null $organizationId
     * @param string|null $ipAddress
     * @param string|null $deviceId
     * @param string|null $userAgent
     * @return \WorkOS\Resource\AuthenticateResponse
     */
    public function authenticateWithRefreshToken(
        string $refreshToken,
        ?string $organizationId = null,
        ?string $ipAddress = null,
        ?string $deviceId = null,
        ?string $userAgent = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\AuthenticateResponse {
        $body = array_filter([
            'grant_type' => 'refresh_token',
            'refresh_token' => $refreshToken,
            'organization_id' => $organizationId,
            'ip_address' => $ipAddress,
            'device_id' => $deviceId,
            'user_agent' => $userAgent,
        ], fn ($v) => $v !== null);
        $body['client_id'] = $this->client->requireClientId();
        $body['client_secret'] = $this->client->requireApiKey();

        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/authenticate',
            body: $body,
            options: $options,
        );
        return AuthenticateResponse::fromArray($response);
    }

    /**
     * @param mixed $code
     * @param mixed $email
     * @param mixed|null $invitationToken
     * @param mixed|null $ipAddress
     * @param mixed|null $deviceId
     * @param mixed|null $userAgent
     * @return \WorkOS\Resource\AuthenticateResponse
     */
    public function authenticateWithMagicAuth(
        mixed $code = null,
        mixed $email = null,
        mixed $invitationToken = null,
        mixed $ipAddress = null,
        mixed $deviceId = null,
        mixed $userAgent = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\AuthenticateResponse {
        $body = array_filter([
            'grant_type' => 'urn:workos:oauth:grant-type:magic-auth:code',
            'code' => $code,
            'email' => $email,
            'invitation_token' => $invitationToken,
            'ip_address' => $ipAddress,
            'device_id' => $deviceId,
            'user_agent' => $userAgent,
        ], fn ($v) => $v !== null);
        $body['client_id'] = $this->client->requireClientId();
        $body['client_secret'] = $this->client->requireApiKey();

        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/authenticate',
            body: $body,
            options: $options,
        );
        return AuthenticateResponse::fromArray($response);
    }

    /**
     * @param mixed $code
     * @param mixed|null $pendingAuthenticationToken
     * @param mixed|null $ipAddress
     * @param mixed|null $deviceId
     * @param mixed|null $userAgent
     * @return \WorkOS\Resource\AuthenticateResponse
     */
    public function authenticateWithEmailVerification(
        mixed $code = null,
        mixed $pendingAuthenticationToken = null,
        mixed $ipAddress = null,
        mixed $deviceId = null,
        mixed $userAgent = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\AuthenticateResponse {
        $body = array_filter([
            'grant_type' => 'urn:workos:oauth:grant-type:email-verification:code',
            'code' => $code,
            'pending_authentication_token' => $pendingAuthenticationToken,
            'ip_address' => $ipAddress,
            'device_id' => $deviceId,
            'user_agent' => $userAgent,
        ], fn ($v) => $v !== null);
        $body['client_id'] = $this->client->requireClientId();
        $body['client_secret'] = $this->client->requireApiKey();

        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/authenticate',
            body: $body,
            options: $options,
        );
        return AuthenticateResponse::fromArray($response);
    }

    /**
     * @param mixed $code
     * @param mixed $pendingAuthenticationToken
     * @param mixed $authenticationChallengeId
     * @param mixed|null $ipAddress
     * @param mixed|null $deviceId
     * @param mixed|null $userAgent
     * @return \WorkOS\Resource\AuthenticateResponse
     */
    public function authenticateWithTotp(
        mixed $code = null,
        mixed $pendingAuthenticationToken = null,
        mixed $authenticationChallengeId = null,
        mixed $ipAddress = null,
        mixed $deviceId = null,
        mixed $userAgent = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\AuthenticateResponse {
        $body = array_filter([
            'grant_type' => 'urn:workos:oauth:grant-type:mfa-totp',
            'code' => $code,
            'pending_authentication_token' => $pendingAuthenticationToken,
            'authentication_challenge_id' => $authenticationChallengeId,
            'ip_address' => $ipAddress,
            'device_id' => $deviceId,
            'user_agent' => $userAgent,
        ], fn ($v) => $v !== null);
        $body['client_id'] = $this->client->requireClientId();
        $body['client_secret'] = $this->client->requireApiKey();

        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/authenticate',
            body: $body,
            options: $options,
        );
        return AuthenticateResponse::fromArray($response);
    }

    /**
     * @param mixed $pendingAuthenticationToken
     * @param mixed $organizationId
     * @param mixed|null $ipAddress
     * @param mixed|null $deviceId
     * @param mixed|null $userAgent
     * @return \WorkOS\Resource\AuthenticateResponse
     */
    public function authenticateWithOrganizationSelection(
        mixed $pendingAuthenticationToken = null,
        mixed $organizationId = null,
        mixed $ipAddress = null,
        mixed $deviceId = null,
        mixed $userAgent = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\AuthenticateResponse {
        $body = array_filter([
            'grant_type' => 'urn:workos:oauth:grant-type:organization-selection',
            'pending_authentication_token' => $pendingAuthenticationToken,
            'organization_id' => $organizationId,
            'ip_address' => $ipAddress,
            'device_id' => $deviceId,
            'user_agent' => $userAgent,
        ], fn ($v) => $v !== null);
        $body['client_id'] = $this->client->requireClientId();
        $body['client_secret'] = $this->client->requireApiKey();

        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/authenticate',
            body: $body,
            options: $options,
        );
        return AuthenticateResponse::fromArray($response);
    }

    /**
     * @param mixed $deviceCode
     * @param mixed|null $ipAddress
     * @param mixed|null $deviceId
     * @param mixed|null $userAgent
     * @return \WorkOS\Resource\AuthenticateResponse
     */
    public function authenticateWithDeviceCode(
        mixed $deviceCode = null,
        mixed $ipAddress = null,
        mixed $deviceId = null,
        mixed $userAgent = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\AuthenticateResponse {
        $body = array_filter([
            'grant_type' => 'urn:ietf:params:oauth:grant-type:device_code',
            'device_code' => $deviceCode,
            'ip_address' => $ipAddress,
            'device_id' => $deviceId,
            'user_agent' => $userAgent,
        ], fn ($v) => $v !== null);
        $body['client_id'] = $this->client->requireClientId();

        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/authenticate',
            body: $body,
            options: $options,
        );
        return AuthenticateResponse::fromArray($response);
    }

    /**
     * Get an authorization URL
     *
     * Generates an OAuth 2.0 authorization URL to authenticate a user with AuthKit or SSO.
     * @param string|null $codeChallengeMethod The only valid PKCE code challenge method is `"S256"`. Required when specifying a `code_challenge`.
     * @param string|null $codeChallenge Code challenge derived from the code verifier used for the PKCE flow.
     * @param string|null $domainHint A domain hint for SSO connection lookup.
     * @param string|null $connectionId The ID of an SSO connection to use for authentication.
     * @param array<string, string>|null $providerQueryParams Key/value pairs of query parameters to pass to the OAuth provider.
     * @param array<string>|null $providerScopes Additional OAuth scopes to request from the identity provider.
     * @param string|null $invitationToken A token representing a user invitation to redeem during authentication.
     * @param \WorkOS\Resource\UserManagementAuthenticationScreenHint|null $screenHint Used to specify which screen to display when the provider is `authkit`. Defaults to "sign-in".
     * @param string|null $loginHint A hint to the authorization server about the login identifier the user might use.
     * @param \WorkOS\Resource\UserManagementAuthenticationProvider|null $provider The OAuth provider to authenticate with (e.g., GoogleOAuth, MicrosoftOAuth, GitHubOAuth).
     * @param string|null $prompt Controls the authentication flow behavior for the user.
     * @param string|null $state An opaque value used to maintain state between the request and the callback.
     * @param string|null $organizationId The ID of the organization to authenticate the user against.
     * @param string $redirectUri The callback URI where the authorization code will be sent after authentication.
     * @return string
     */
    public function getAuthorizationUrl(
        string $redirectUri,
        ?string $codeChallengeMethod = null,
        ?string $codeChallenge = null,
        ?string $domainHint = null,
        ?string $connectionId = null,
        ?array $providerQueryParams = null,
        ?array $providerScopes = null,
        ?string $invitationToken = null,
        ?\WorkOS\Resource\UserManagementAuthenticationScreenHint $screenHint = null,
        ?string $loginHint = null,
        ?\WorkOS\Resource\UserManagementAuthenticationProvider $provider = null,
        ?string $prompt = null,
        ?string $state = null,
        ?string $organizationId = null,
        ?\WorkOS\RequestOptions $options = null,
    ): string {
        $query = array_filter([
            'code_challenge_method' => $codeChallengeMethod,
            'code_challenge' => $codeChallenge,
            'domain_hint' => $domainHint,
            'connection_id' => $connectionId,
            'provider_query_params' => $providerQueryParams,
            'provider_scopes' => $providerScopes,
            'invitation_token' => $invitationToken,
            'screen_hint' => $screenHint?->value,
            'login_hint' => $loginHint,
            'provider' => $provider?->value,
            'prompt' => $prompt,
            'state' => $state,
            'organization_id' => $organizationId,
            'redirect_uri' => $redirectUri,
            'response_type' => 'code',
        ], fn ($v) => $v !== null);
        $query['client_id'] = $this->client->requireClientId();
        return $this->client->buildUrl('user_management/authorize', $query, $options);
    }

    /**
     * Get device authorization URL
     *
     * Initiates the CLI Auth flow by requesting a device code and verification URLs. This endpoint implements the OAuth 2.0 Device Authorization Flow ([RFC 8628](https://datatracker.ietf.org/doc/html/rfc8628)) and is designed for command-line applications or other devices with limited input capabilities.
     * @param string $clientId The WorkOS client ID for your application.
     * @return \WorkOS\Resource\DeviceAuthorizationResponse
     */
    public function createDevice(
        string $clientId,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\DeviceAuthorizationResponse {
        $body = [
            'client_id' => $clientId,
        ];
        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/authorize/device',
            body: $body,
            options: $options,
        );
        return DeviceAuthorizationResponse::fromArray($response);
    }

    /**
     * Logout
     *
     * Logout a user from the current [session](https://workos.com/docs/reference/authkit/session).
     * @param string $sessionId The ID of the session to revoke. This can be extracted from the `sid` claim of the access token.
     * @param string|null $returnTo The URL to redirect the user to after session revocation.
     * @return string
     */
    public function getLogoutUrl(
        string $sessionId,
        ?string $returnTo = null,
        ?\WorkOS\RequestOptions $options = null,
    ): string {
        $query = array_filter([
            'session_id' => $sessionId,
            'return_to' => $returnTo,
        ], fn ($v) => $v !== null);
        return $this->client->buildUrl('user_management/sessions/logout', $query, $options);
    }

    /**
     * Revoke Session
     *
     * Revoke a [user session](https://workos.com/docs/reference/authkit/session).
     * @param string $sessionId The ID of the session to revoke. This can be extracted from the `sid` claim of the access token.
     * @param string|null $returnTo The URL to redirect the user to after session revocation.
     * @return mixed
     */
    public function revokeSession(
        string $sessionId,
        ?string $returnTo = null,
        ?\WorkOS\RequestOptions $options = null,
    ): mixed {
        $body = array_filter([
            'session_id' => $sessionId,
            'return_to' => $returnTo,
        ], fn ($v) => $v !== null);
        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/sessions/revoke',
            body: $body,
            options: $options,
        );
        return $response;
    }

    /**
     * Create a CORS origin
     *
     * Creates a new CORS origin for the current environment. CORS origins allow browser-based applications to make requests to the WorkOS API.
     * @param string $origin The origin URL to allow for CORS requests.
     * @return \WorkOS\Resource\CORSOriginResponse
     */
    public function createCorsOrigin(
        string $origin,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\CORSOriginResponse {
        $body = [
            'origin' => $origin,
        ];
        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/cors_origins',
            body: $body,
            options: $options,
        );
        return CORSOriginResponse::fromArray($response);
    }

    /**
     * Get an email verification code
     *
     * Get the details of an existing email verification code that can be used to send an email to a user for verification.
     * @param string $id The ID of the email verification code.
     * @return \WorkOS\Resource\EmailVerification
     */
    public function getEmailVerification(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\EmailVerification {
        $response = $this->client->request(
            method: 'GET',
            path: "user_management/email_verification/{$id}",
            options: $options,
        );
        return EmailVerification::fromArray($response);
    }

    /**
     * Create a password reset token
     *
     * Creates a one-time token that can be used to reset a user's password.
     * @param string $email The email address of the user requesting a password reset.
     * @return \WorkOS\Resource\PasswordReset
     */
    public function resetPassword(
        string $email,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\PasswordReset {
        $body = [
            'email' => $email,
        ];
        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/password_reset',
            body: $body,
            options: $options,
        );
        return PasswordReset::fromArray($response);
    }

    /**
     * Reset the password
     *
     * Sets a new password using the `token` query parameter from the link that the user received. Successfully resetting the password will verify a user's email, if it hasn't been verified yet.
     * @param string $token The password reset token.
     * @param string $newPassword The new password to set for the user.
     * @return \WorkOS\Resource\ResetPasswordResponse
     */
    public function confirmPasswordReset(
        string $token,
        string $newPassword,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\ResetPasswordResponse {
        $body = [
            'token' => $token,
            'new_password' => $newPassword,
        ];
        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/password_reset/confirm',
            body: $body,
            options: $options,
        );
        return ResetPasswordResponse::fromArray($response);
    }

    /**
     * Get a password reset token
     *
     * Get the details of an existing password reset token that can be used to reset a user's password.
     * @param string $id The ID of the password reset token.
     * @return \WorkOS\Resource\PasswordReset
     */
    public function getPasswordReset(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\PasswordReset {
        $response = $this->client->request(
            method: 'GET',
            path: "user_management/password_reset/{$id}",
            options: $options,
        );
        return PasswordReset::fromArray($response);
    }

    /**
     * List users
     *
     * Get a list of all of your existing users matching the criteria specified.
     * @param string|null $before An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
     * @param string|null $after An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
     * @param int|null $limit Upper limit on the number of objects to return, between `1` and `100`. Defaults to 10.
     * @param \WorkOS\Resource\EventsOrder|null $order Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending. Defaults to "desc".
     * @param string|null $organization (deprecated) Filter users by the organization they are a member of. Deprecated in favor of `organization_id`.
     * @param string|null $organizationId Filter users by the organization they are a member of.
     * @param string|null $email Filter users by their email address.
     * @return \WorkOS\PaginatedResponse<\WorkOS\Resource\User>
     */
    public function listUsers(
        ?string $before = null,
        ?string $after = null,
        ?int $limit = null,
        ?\WorkOS\Resource\EventsOrder $order = null,
        ?string $organization = null,
        ?string $organizationId = null,
        ?string $email = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\PaginatedResponse {
        $query = array_filter([
            'before' => $before,
            'after' => $after,
            'limit' => $limit,
            'order' => $order?->value,
            'organization' => $organization,
            'organization_id' => $organizationId,
            'email' => $email,
        ], fn ($v) => $v !== null);
        return $this->client->requestPage(
            method: 'GET',
            path: 'user_management/users',
            query: $query,
            modelClass: User::class,
            options: $options,
        );
    }

    /**
     * Create a user
     *
     * Create a new user in the current environment.
     * @param string $email The email address of the user.
     * @param string|null $password The password to set for the user. Mutually exclusive with `password_hash` and `password_hash_type`.
     * @param string|null $passwordHash The hashed password to set for the user. Mutually exclusive with `password`.
     * @param \WorkOS\Resource\CreateUserPasswordHashType|null $passwordHashType The algorithm originally used to hash the password, used when providing a `password_hash`.
     * @param string|null $firstName The first name of the user.
     * @param string|null $lastName The last name of the user.
     * @param bool|null $emailVerified Whether the user's email has been verified.
     * @param array<string, string>|null $metadata Object containing metadata key/value pairs associated with the user.
     * @param string|null $externalId The external ID of the user.
     * @return \WorkOS\Resource\User
     */
    public function createUser(
        string $email,
        ?string $password = null,
        ?string $passwordHash = null,
        ?\WorkOS\Resource\CreateUserPasswordHashType $passwordHashType = null,
        ?string $firstName = null,
        ?string $lastName = null,
        ?bool $emailVerified = null,
        ?array $metadata = null,
        ?string $externalId = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\User {
        $body = array_filter([
            'email' => $email,
            'password' => $password,
            'password_hash' => $passwordHash,
            'password_hash_type' => $passwordHashType?->value,
            'first_name' => $firstName,
            'last_name' => $lastName,
            'email_verified' => $emailVerified,
            'metadata' => $metadata,
            'external_id' => $externalId,
        ], fn ($v) => $v !== null);
        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/users',
            body: $body,
            options: $options,
        );
        return User::fromArray($response);
    }

    /**
     * Get a user by external ID
     *
     * Get the details of an existing user by an [external identifier](https://workos.com/docs/authkit/metadata/external-identifiers).
     * @param string $externalId The external ID of the user.
     * @return \WorkOS\Resource\User
     */
    public function getUserByExternalId(
        string $externalId,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\User {
        $response = $this->client->request(
            method: 'GET',
            path: "user_management/users/external_id/{$externalId}",
            options: $options,
        );
        return User::fromArray($response);
    }

    /**
     * Get a user
     *
     * Get the details of an existing user.
     * @param string $id The unique ID of the user.
     * @return \WorkOS\Resource\User
     */
    public function getUser(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\User {
        $response = $this->client->request(
            method: 'GET',
            path: "user_management/users/{$id}",
            options: $options,
        );
        return User::fromArray($response);
    }

    /**
     * Update a user
     *
     * Updates properties of a user. The omitted properties will be left unchanged.
     * @param string $id The unique ID of the user.
     * @param string|null $email The email address of the user.
     * @param string|null $firstName The first name of the user.
     * @param string|null $lastName The last name of the user.
     * @param bool|null $emailVerified Whether the user's email has been verified.
     * @param string|null $password The password to set for the user.
     * @param string|null $passwordHash The hashed password to set for the user. Mutually exclusive with `password`.
     * @param \WorkOS\Resource\CreateUserPasswordHashType|null $passwordHashType The algorithm originally used to hash the password, used when providing a `password_hash`.
     * @param array<string, string>|null $metadata Object containing metadata key/value pairs associated with the user.
     * @param string|null $externalId The external ID of the user.
     * @param string|null $locale The user's preferred locale.
     * @return \WorkOS\Resource\User
     */
    public function updateUser(
        string $id,
        ?string $email = null,
        ?string $firstName = null,
        ?string $lastName = null,
        ?bool $emailVerified = null,
        ?string $password = null,
        ?string $passwordHash = null,
        ?\WorkOS\Resource\CreateUserPasswordHashType $passwordHashType = null,
        ?array $metadata = null,
        ?string $externalId = null,
        ?string $locale = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\User {
        $body = array_filter([
            'email' => $email,
            'first_name' => $firstName,
            'last_name' => $lastName,
            'email_verified' => $emailVerified,
            'password' => $password,
            'password_hash' => $passwordHash,
            'password_hash_type' => $passwordHashType?->value,
            'metadata' => $metadata,
            'external_id' => $externalId,
            'locale' => $locale,
        ], fn ($v) => $v !== null);
        $response = $this->client->request(
            method: 'PUT',
            path: "user_management/users/{$id}",
            body: $body,
            options: $options,
        );
        return User::fromArray($response);
    }

    /**
     * Delete a user
     *
     * Permanently deletes a user in the current environment. It cannot be undone.
     * @param string $id The unique ID of the user.
     * @return void
     */
    public function deleteUser(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): void {
        $this->client->request(
            method: 'DELETE',
            path: "user_management/users/{$id}",
            options: $options,
        );
    }

    /**
     * Confirm email change
     *
     * Confirms an email change using the one-time code received by the user.
     * @param string $id The unique ID of the user.
     * @param string $code The one-time code used to confirm the email change.
     * @return \WorkOS\Resource\EmailChangeConfirmation
     */
    public function confirmEmailChange(
        string $id,
        string $code,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\EmailChangeConfirmation {
        $body = [
            'code' => $code,
        ];
        $response = $this->client->request(
            method: 'POST',
            path: "user_management/users/{$id}/email_change/confirm",
            body: $body,
            options: $options,
        );
        return EmailChangeConfirmation::fromArray($response);
    }

    /**
     * Send email change code
     *
     * Sends an email that contains a one-time code used to change a user's email address.
     * @param string $id The unique ID of the user.
     * @param string $newEmail The new email address to change to.
     * @return \WorkOS\Resource\EmailChange
     */
    public function sendEmailChange(
        string $id,
        string $newEmail,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\EmailChange {
        $body = [
            'new_email' => $newEmail,
        ];
        $response = $this->client->request(
            method: 'POST',
            path: "user_management/users/{$id}/email_change/send",
            body: $body,
            options: $options,
        );
        return EmailChange::fromArray($response);
    }

    /**
     * Verify email
     *
     * Verifies an email address using the one-time code received by the user.
     * @param string $id The ID of the user.
     * @param string $code The one-time email verification code.
     * @return \WorkOS\Resource\VerifyEmailResponse
     */
    public function verifyEmail(
        string $id,
        string $code,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\VerifyEmailResponse {
        $body = [
            'code' => $code,
        ];
        $response = $this->client->request(
            method: 'POST',
            path: "user_management/users/{$id}/email_verification/confirm",
            body: $body,
            options: $options,
        );
        return VerifyEmailResponse::fromArray($response);
    }

    /**
     * Send verification email
     *
     * Sends an email that contains a one-time code used to verify a user’s email address.
     * @param string $id The ID of the user.
     * @return \WorkOS\Resource\SendVerificationEmailResponse
     */
    public function sendVerificationEmail(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\SendVerificationEmailResponse {
        $response = $this->client->request(
            method: 'POST',
            path: "user_management/users/{$id}/email_verification/send",
            options: $options,
        );
        return SendVerificationEmailResponse::fromArray($response);
    }

    /**
     * Get user identities
     *
     * Get a list of identities associated with the user. A user can have multiple associated identities after going through [identity linking](https://workos.com/docs/authkit/identity-linking). Currently only OAuth identities are supported. More provider types may be added in the future.
     * @param string $id The unique ID of the user.
     * @return array
     */
    public function getUserIdentities(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): array {
        $response = $this->client->request(
            method: 'GET',
            path: "user_management/users/{$id}/identities",
            options: $options,
        );
        return array_map(fn ($item) => UserIdentitiesGetItem::fromArray($item), $response);
    }

    /**
     * List sessions
     *
     * Get a list of all active sessions for a specific user.
     * @param string $id The ID of the user.
     * @param string|null $before An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
     * @param string|null $after An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
     * @param int|null $limit Upper limit on the number of objects to return, between `1` and `100`. Defaults to 10.
     * @param \WorkOS\Resource\EventsOrder|null $order Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending. Defaults to "desc".
     * @return \WorkOS\PaginatedResponse<\WorkOS\Resource\UserSessionsListItem>
     */
    public function listSessions(
        string $id,
        ?string $before = null,
        ?string $after = null,
        ?int $limit = null,
        ?\WorkOS\Resource\EventsOrder $order = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\PaginatedResponse {
        $query = array_filter([
            'before' => $before,
            'after' => $after,
            'limit' => $limit,
            'order' => $order?->value,
        ], fn ($v) => $v !== null);
        return $this->client->requestPage(
            method: 'GET',
            path: "user_management/users/{$id}/sessions",
            query: $query,
            modelClass: UserSessionsListItem::class,
            options: $options,
        );
    }

    /**
     * List invitations
     *
     * Get a list of all of invitations matching the criteria specified.
     * @param string|null $before An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
     * @param string|null $after An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
     * @param int|null $limit Upper limit on the number of objects to return, between `1` and `100`. Defaults to 10.
     * @param \WorkOS\Resource\EventsOrder|null $order Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending. Defaults to "desc".
     * @param string|null $organizationId The ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join.
     * @param string|null $email The email address of the recipient.
     * @return \WorkOS\PaginatedResponse<\WorkOS\Resource\UserInvite>
     */
    public function listInvitations(
        ?string $before = null,
        ?string $after = null,
        ?int $limit = null,
        ?\WorkOS\Resource\EventsOrder $order = null,
        ?string $organizationId = null,
        ?string $email = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\PaginatedResponse {
        $query = array_filter([
            'before' => $before,
            'after' => $after,
            'limit' => $limit,
            'order' => $order?->value,
            'organization_id' => $organizationId,
            'email' => $email,
        ], fn ($v) => $v !== null);
        return $this->client->requestPage(
            method: 'GET',
            path: 'user_management/invitations',
            query: $query,
            modelClass: UserInvite::class,
            options: $options,
        );
    }

    /**
     * Send an invitation
     *
     * Sends an invitation email to the recipient.
     * @param string $email The email address of the recipient.
     * @param string|null $organizationId The ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join.
     * @param string|null $roleSlug The [role](https://workos.com/docs/authkit/roles) that the recipient will receive when they join the organization in the invitation.
     * @param int|null $expiresInDays How many days the invitations will be valid for. Must be between 1 and 30 days. Defaults to 7 days if not specified.
     * @param string|null $inviterUserId The ID of the [user](https://workos.com/docs/reference/authkit/user) who invites the recipient. The invitation email will mention the name of this user.
     * @param \WorkOS\Resource\CreateUserInviteOptionsLocale|null $locale The locale to use when rendering the invitation email. See [supported locales](https://workos.com/docs/authkit/hosted-ui/localization).
     * @return \WorkOS\Resource\UserInvite
     */
    public function sendInvitation(
        string $email,
        ?string $organizationId = null,
        ?string $roleSlug = null,
        ?int $expiresInDays = null,
        ?string $inviterUserId = null,
        ?\WorkOS\Resource\CreateUserInviteOptionsLocale $locale = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\UserInvite {
        $body = array_filter([
            'email' => $email,
            'organization_id' => $organizationId,
            'role_slug' => $roleSlug,
            'expires_in_days' => $expiresInDays,
            'inviter_user_id' => $inviterUserId,
            'locale' => $locale?->value,
        ], fn ($v) => $v !== null);
        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/invitations',
            body: $body,
            options: $options,
        );
        return UserInvite::fromArray($response);
    }

    /**
     * Find an invitation by token
     *
     * Retrieve an existing invitation using the token.
     * @param string $token The token used to accept the invitation.
     * @return \WorkOS\Resource\UserInvite
     */
    public function findInvitationByToken(
        string $token,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\UserInvite {
        $response = $this->client->request(
            method: 'GET',
            path: "user_management/invitations/by_token/{$token}",
            options: $options,
        );
        return UserInvite::fromArray($response);
    }

    /**
     * Get an invitation
     *
     * Get the details of an existing invitation.
     * @param string $id The unique ID of the invitation.
     * @return \WorkOS\Resource\UserInvite
     */
    public function getInvitation(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\UserInvite {
        $response = $this->client->request(
            method: 'GET',
            path: "user_management/invitations/{$id}",
            options: $options,
        );
        return UserInvite::fromArray($response);
    }

    /**
     * Accept an invitation
     *
     * Accepts an invitation and, if linked to an organization, activates the user's membership in that organization.
     * @param string $id The unique ID of the invitation.
     * @return \WorkOS\Resource\Invitation
     */
    public function acceptInvitation(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\Invitation {
        $response = $this->client->request(
            method: 'POST',
            path: "user_management/invitations/{$id}/accept",
            options: $options,
        );
        return Invitation::fromArray($response);
    }

    /**
     * Resend an invitation
     *
     * Resends an invitation email to the recipient. The invitation must be in a pending state.
     * @param string $id The unique ID of the invitation.
     * @param \WorkOS\Resource\CreateUserInviteOptionsLocale|null $locale The locale to use when rendering the invitation email. See [supported locales](https://workos.com/docs/authkit/hosted-ui/localization).
     * @return \WorkOS\Resource\UserInvite
     */
    public function resendInvitation(
        string $id,
        ?\WorkOS\Resource\CreateUserInviteOptionsLocale $locale = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\UserInvite {
        $body = array_filter([
            'locale' => $locale?->value,
        ], fn ($v) => $v !== null);
        $response = $this->client->request(
            method: 'POST',
            path: "user_management/invitations/{$id}/resend",
            body: $body,
            options: $options,
        );
        return UserInvite::fromArray($response);
    }

    /**
     * Revoke an invitation
     *
     * Revokes an existing invitation.
     * @param string $id The unique ID of the invitation.
     * @return \WorkOS\Resource\Invitation
     */
    public function revokeInvitation(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\Invitation {
        $response = $this->client->request(
            method: 'POST',
            path: "user_management/invitations/{$id}/revoke",
            options: $options,
        );
        return Invitation::fromArray($response);
    }

    /**
     * Update JWT template
     *
     * Update the JWT template for the current environment.
     * @param string $content The JWT template content as a Liquid template string.
     * @return \WorkOS\Resource\JWTTemplateResponse
     */
    public function updateJWTTemplate(
        string $content,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\JWTTemplateResponse {
        $body = [
            'content' => $content,
        ];
        $response = $this->client->request(
            method: 'PUT',
            path: 'user_management/jwt_template',
            body: $body,
            options: $options,
        );
        return JWTTemplateResponse::fromArray($response);
    }

    /**
     * Create a Magic Auth code
     *
     * Creates a one-time authentication code that can be sent to the user's email address. The code expires in 10 minutes. To verify the code, [authenticate the user with Magic Auth](https://workos.com/docs/reference/authkit/authentication/magic-auth).
     * @param string $email The email address to send the magic code to.
     * @param string|null $invitationToken The invitation token to associate with this magic code.
     * @return \WorkOS\Resource\MagicAuth
     */
    public function createMagicAuth(
        string $email,
        ?string $invitationToken = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\MagicAuth {
        $body = array_filter([
            'email' => $email,
            'invitation_token' => $invitationToken,
        ], fn ($v) => $v !== null);
        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/magic_auth',
            body: $body,
            options: $options,
        );
        return MagicAuth::fromArray($response);
    }

    /**
     * Get Magic Auth code details
     *
     * Get the details of an existing [Magic Auth](https://workos.com/docs/reference/authkit/magic-auth) code that can be used to send an email to a user for authentication.
     * @param string $id The unique ID of the Magic Auth code.
     * @return \WorkOS\Resource\MagicAuth
     */
    public function getMagicAuth(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\MagicAuth {
        $response = $this->client->request(
            method: 'GET',
            path: "user_management/magic_auth/{$id}",
            options: $options,
        );
        return MagicAuth::fromArray($response);
    }

    /**
     * List organization memberships
     *
     * Get a list of all organization memberships matching the criteria specified. At least one of `user_id` or `organization_id` must be provided. By default only active memberships are returned. Use the `statuses` parameter to filter by other statuses.
     * @param string|null $before An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
     * @param string|null $after An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
     * @param int|null $limit Upper limit on the number of objects to return, between `1` and `100`. Defaults to 10.
     * @param \WorkOS\Resource\EventsOrder|null $order Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending. Defaults to "desc".
     * @param string|null $organizationId The ID of the [organization](https://workos.com/docs/reference/organization) which the user belongs to.
     * @param array<\WorkOS\Resource\OrganizationMembershipStatus>|null $statuses Filter by the status of the organization membership. Array including any of `active`, `inactive`, or `pending`.
     * @param string|null $userId The ID of the [user](https://workos.com/docs/reference/authkit/user).
     * @return \WorkOS\PaginatedResponse<\WorkOS\Resource\UserOrganizationMembership>
     */
    public function listOrganizationMemberships(
        ?string $before = null,
        ?string $after = null,
        ?int $limit = null,
        ?\WorkOS\Resource\EventsOrder $order = null,
        ?string $organizationId = null,
        ?array $statuses = null,
        ?string $userId = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\PaginatedResponse {
        $query = array_filter([
            'before' => $before,
            'after' => $after,
            'limit' => $limit,
            'order' => $order?->value,
            'organization_id' => $organizationId,
            'statuses' => $statuses,
            'user_id' => $userId,
        ], fn ($v) => $v !== null);
        return $this->client->requestPage(
            method: 'GET',
            path: 'user_management/organization_memberships',
            query: $query,
            modelClass: UserOrganizationMembership::class,
            options: $options,
        );
    }

    /**
     * Create an organization membership
     *
     * Creates a new `active` organization membership for the given organization and user.
     *
     * Calling this API with an organization and user that match an `inactive` organization membership will activate the membership with the specified role(s).
     * @param string $userId The ID of the [user](https://workos.com/docs/reference/authkit/user).
     * @param string $organizationId The ID of the [organization](https://workos.com/docs/reference/organization) which the user belongs to.
     * @param string|null $roleSlug A single role identifier. Defaults to `member` or the explicit default role. Mutually exclusive with `role_slugs`.
     * @param array<string>|null $roleSlugs An array of role identifiers. Limited to one role when Multiple Roles is disabled. Mutually exclusive with `role_slug`.
     * @return \WorkOS\Resource\OrganizationMembership
     */
    public function createOrganizationMembership(
        string $userId,
        string $organizationId,
        ?string $roleSlug = null,
        ?array $roleSlugs = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\OrganizationMembership {
        $body = array_filter([
            'user_id' => $userId,
            'organization_id' => $organizationId,
            'role_slug' => $roleSlug,
            'role_slugs' => $roleSlugs,
        ], fn ($v) => $v !== null);
        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/organization_memberships',
            body: $body,
            options: $options,
        );
        return OrganizationMembership::fromArray($response);
    }

    /**
     * Get an organization membership
     *
     * Get the details of an existing organization membership.
     * @param string $id The unique ID of the organization membership.
     * @return \WorkOS\Resource\UserOrganizationMembership
     */
    public function getOrganizationMembership(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\UserOrganizationMembership {
        $response = $this->client->request(
            method: 'GET',
            path: "user_management/organization_memberships/{$id}",
            options: $options,
        );
        return UserOrganizationMembership::fromArray($response);
    }

    /**
     * Update an organization membership
     *
     * Update the details of an existing organization membership.
     * @param string $id The unique ID of the organization membership.
     * @param string|null $roleSlug A single role identifier. Defaults to `member` or the explicit default role. Mutually exclusive with `role_slugs`.
     * @param array<string>|null $roleSlugs An array of role identifiers. Limited to one role when Multiple Roles is disabled. Mutually exclusive with `role_slug`.
     * @return \WorkOS\Resource\UserOrganizationMembership
     */
    public function updateOrganizationMembership(
        string $id,
        ?string $roleSlug = null,
        ?array $roleSlugs = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\UserOrganizationMembership {
        $body = array_filter([
            'role_slug' => $roleSlug,
            'role_slugs' => $roleSlugs,
        ], fn ($v) => $v !== null);
        $response = $this->client->request(
            method: 'PUT',
            path: "user_management/organization_memberships/{$id}",
            body: $body,
            options: $options,
        );
        return UserOrganizationMembership::fromArray($response);
    }

    /**
     * Delete an organization membership
     *
     * Permanently deletes an existing organization membership. It cannot be undone.
     * @param string $id The unique ID of the organization membership.
     * @return void
     */
    public function deleteOrganizationMembership(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): void {
        $this->client->request(
            method: 'DELETE',
            path: "user_management/organization_memberships/{$id}",
            options: $options,
        );
    }

    /**
     * Deactivate an organization membership
     *
     * Deactivates an `active` organization membership. Emits an [organization_membership.updated](https://workos.com/docs/events/organization-membership) event upon successful deactivation.
     *
     * - Deactivating an `inactive` membership is a no-op and does not emit an event.
     * - Deactivating a `pending` membership returns an error. This membership should be [deleted](https://workos.com/docs/reference/authkit/organization-membership/delete) instead.
     *
     * See the [membership management documentation](https://workos.com/docs/authkit/users-organizations/organizations/membership-management) for additional details.
     * @param string $id The unique ID of the organization membership.
     * @return \WorkOS\Resource\OrganizationMembership
     */
    public function deactivateOrganizationMembership(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\OrganizationMembership {
        $response = $this->client->request(
            method: 'PUT',
            path: "user_management/organization_memberships/{$id}/deactivate",
            options: $options,
        );
        return OrganizationMembership::fromArray($response);
    }

    /**
     * Reactivate an organization membership
     *
     * Reactivates an `inactive` organization membership, retaining the pre-existing role(s). Emits an [organization_membership.updated](https://workos.com/docs/events/organization-membership) event upon successful reactivation.
     *
     * - Reactivating an `active` membership is a no-op and does not emit an event.
     * - Reactivating a `pending` membership returns an error. The user needs to [accept the invitation](https://workos.com/docs/authkit/invitations) instead.
     *
     * See the [membership management documentation](https://workos.com/docs/authkit/users-organizations/organizations/membership-management) for additional details.
     * @param string $id The unique ID of the organization membership.
     * @return \WorkOS\Resource\UserOrganizationMembership
     */
    public function reactivateOrganizationMembership(
        string $id,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\UserOrganizationMembership {
        $response = $this->client->request(
            method: 'PUT',
            path: "user_management/organization_memberships/{$id}/reactivate",
            options: $options,
        );
        return UserOrganizationMembership::fromArray($response);
    }

    /**
     * Create a redirect URI
     *
     * Creates a new redirect URI for an environment.
     * @param string $uri The redirect URI to create.
     * @return \WorkOS\Resource\RedirectUri
     */
    public function createRedirectUri(
        string $uri,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\Resource\RedirectUri {
        $body = [
            'uri' => $uri,
        ];
        $response = $this->client->request(
            method: 'POST',
            path: 'user_management/redirect_uris',
            body: $body,
            options: $options,
        );
        return RedirectUri::fromArray($response);
    }

    /**
     * List authorized applications
     *
     * Get a list of all Connect applications that the user has authorized.
     * @param string $userId The ID of the user.
     * @param string|null $before An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
     * @param string|null $after An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
     * @param int|null $limit Upper limit on the number of objects to return, between `1` and `100`. Defaults to 10.
     * @param \WorkOS\Resource\EventsOrder|null $order Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending. Defaults to "desc".
     * @return \WorkOS\PaginatedResponse<\WorkOS\Resource\AuthorizedConnectApplicationListData>
     */
    public function listUserAuthorizedApplications(
        string $userId,
        ?string $before = null,
        ?string $after = null,
        ?int $limit = null,
        ?\WorkOS\Resource\EventsOrder $order = null,
        ?\WorkOS\RequestOptions $options = null,
    ): \WorkOS\PaginatedResponse {
        $query = array_filter([
            'before' => $before,
            'after' => $after,
            'limit' => $limit,
            'order' => $order?->value,
        ], fn ($v) => $v !== null);
        return $this->client->requestPage(
            method: 'GET',
            path: "user_management/users/{$userId}/authorized_applications",
            query: $query,
            modelClass: AuthorizedConnectApplicationListData::class,
            options: $options,
        );
    }

    /**
     * Delete an authorized application
     *
     * Delete an existing Authorized Connect Application.
     * @param string $applicationId The ID or client ID of the application.
     * @param string $userId The ID of the user.
     * @return void
     */
    public function deleteUserAuthorizedApplication(
        string $applicationId,
        string $userId,
        ?\WorkOS\RequestOptions $options = null,
    ): void {
        $this->client->request(
            method: 'DELETE',
            path: "user_management/users/{$userId}/authorized_applications/{$applicationId}",
            options: $options,
        );
    }
}