corrections from a merge conflict

gjtorikian · gjtorikian · commit 27913bcb80ec · 2026-04-08T16:35:46.000-04:00
diff --git a/lib/Service/SSO.php b/lib/Service/SSO.php
@@ -106,9 +106,13 @@ public function deleteConnection(
      * Initiates the single sign-on flow.
      * @param array<string>|null $providerScopes Additional OAuth scopes to request from the identity provider. Only applicable when using OAuth connections.
      * @param array<string, string>|null $providerQueryParams Key/value pairs of query parameters to pass to the OAuth provider. Only applicable when using OAuth connections.
+     * @param string $clientId The unique identifier of the WorkOS environment client.
      * @param string|null $domain (deprecated) Deprecated. Use `connection` or `organization` instead. Used to initiate SSO for a connection by domain. The domain must be associated with a connection in your WorkOS environment.
      * @param \WorkOS\Resource\SSOProvider|null $provider Used to initiate OAuth authentication with Google, Microsoft, GitHub, or Apple.
      * @param string $redirectUri Where to redirect the user after they complete the authentication process. You must use one of the redirect URIs configured via the [Redirects](https://dashboard.workos.com/redirects) page on the dashboard.
+     * @param string $responseType The only valid option for the response type parameter is `"code"`.
+     *
+     * The `"code"` parameter value initiates an [authorization code grant type](https://tools.ietf.org/html/rfc6749#section-4.1). This grant type allows you to exchange an authorization code for an access token during the redirect that takes place after a user has authenticated with an identity provider.
      * @param string|null $state An optional parameter that can be used to encode arbitrary information to help restore application state between redirects. If included, the redirect URI received from WorkOS will contain the exact `state` that was passed.
      * @param string|null $connection Used to initiate SSO for a connection. The value should be a WorkOS connection ID.
      *
@@ -122,7 +126,9 @@ public function deleteConnection(
      * @return \WorkOS\Resource\SSOAuthorizeUrlResponse
      */
     public function getAuthorizationUrl(
+        string $clientId,
         string $redirectUri,
+        string $responseType,
         ?array $providerScopes = null,
         ?array $providerQueryParams = null,
         ?string $domain = null,
@@ -138,18 +144,18 @@ public function getAuthorizationUrl(
         $query = array_filter([
             'provider_scopes' => $providerScopes,
             'provider_query_params' => $providerQueryParams,
+            'client_id' => $clientId,
             'domain' => $domain,
             'provider' => $provider?->value,
             'redirect_uri' => $redirectUri,
+            'response_type' => $responseType,
             'state' => $state,
             'connection' => $connection,
             'organization' => $organization,
             'domain_hint' => $domainHint,
             'login_hint' => $loginHint,
             'nonce' => $nonce,
-            'response_type' => 'code',
         ], fn ($v) => $v !== null);
-        $query['client_id'] = $this->client->requireClientId();
         $response = $this->client->request(
             method: 'GET',
             path: 'sso/authorize',
@@ -228,19 +234,25 @@ public function getProfile(
      * Get a Profile and Token
      *
      * Get an access token along with the user [Profile](https://workos.com/docs/reference/sso/profile) using the code passed to your [Redirect URI](https://workos.com/docs/reference/sso/get-authorization-url/redirect-uri).
+     * @param string $clientId The client ID of the WorkOS environment.
+     * @param string $clientSecret The client secret of the WorkOS environment.
      * @param string $code The authorization code received from the authorization callback.
+     * @param string $grantType The grant type for the token request.
      * @return \WorkOS\Resource\SSOTokenResponse
      */
     public function getProfileAndToken(
+        string $clientId,
+        string $clientSecret,
         string $code,
+        string $grantType,
         ?\WorkOS\RequestOptions $options = null,
     ): \WorkOS\Resource\SSOTokenResponse {
         $body = [
+            'client_id' => $clientId,
+            'client_secret' => $clientSecret,
             'code' => $code,
-            'grant_type' => 'authorization_code',
+            'grant_type' => $grantType,
         ];
-        $body['client_id'] = $this->client->requireClientId();
-        $body['client_secret'] = $this->client->requireApiKey();
         $response = $this->client->request(
             method: 'POST',
             path: 'sso/token',
diff --git a/lib/Service/UserManagement.php b/lib/Service/UserManagement.php
@@ -290,11 +290,15 @@ public function authenticateWithDeviceCode(
      * @param string|null $prompt Controls the authentication flow behavior for the user.
      * @param string|null $state An opaque value used to maintain state between the request and the callback.
      * @param string|null $organizationId The ID of the organization to authenticate the user against.
+     * @param string $responseType The response type of the application.
      * @param string $redirectUri The callback URI where the authorization code will be sent after authentication.
+     * @param string $clientId The unique identifier of the WorkOS environment client.
      * @return mixed
      */
     public function getAuthorizationUrl(
+        string $responseType,
         string $redirectUri,
+        string $clientId,
         ?string $codeChallengeMethod = null,
         ?string $codeChallenge = null,
         ?string $domainHint = null,
@@ -324,10 +328,10 @@ public function getAuthorizationUrl(
             'prompt' => $prompt,
             'state' => $state,
             'organization_id' => $organizationId,
+            'response_type' => $responseType,
             'redirect_uri' => $redirectUri,
-            'response_type' => 'code',
+            'client_id' => $clientId,
         ], fn ($v) => $v !== null);
-        $query['client_id'] = $this->client->requireClientId();
         $response = $this->client->request(
             method: 'GET',
             path: 'user_management/authorize',
diff --git a/tests/Service/SSOTest.php b/tests/Service/SSOTest.php
@@ -60,7 +60,7 @@ public function testGetAuthorizationUrl(): void
     {
         $fixture = $this->loadFixture('sso_authorize_url_response');
         $client = $this->createMockClient([['status' => 200, 'body' => $fixture]]);
-        $result = $client->sso()->getAuthorizationUrl(redirectUri: 'test_value');
+        $result = $client->sso()->getAuthorizationUrl(clientId: 'test_value', redirectUri: 'test_value', responseType: 'test_value');
         $this->assertInstanceOf(\WorkOS\Resource\SSOAuthorizeUrlResponse::class, $result);
         $this->assertIsArray($result->toArray());
         $request = $this->getLastRequest();
@@ -110,15 +110,18 @@ public function testGetProfileAndToken(): void
     {
         $fixture = $this->loadFixture('sso_token_response');
         $client = $this->createMockClient([['status' => 200, 'body' => $fixture]]);
-        $result = $client->sso()->getProfileAndToken(code: 'test_value');
+        $result = $client->sso()->getProfileAndToken(clientId: 'test_value', clientSecret: 'test_value', code: 'test_value', grantType: 'test_value');
         $this->assertInstanceOf(\WorkOS\Resource\SSOTokenResponse::class, $result);
         $this->assertSame($fixture['access_token'], $result->accessToken);
         $this->assertIsArray($result->toArray());
         $request = $this->getLastRequest();
         $this->assertSame('POST', $request->getMethod());
         $this->assertStringEndsWith('sso/token', $request->getUri()->getPath());
         $body = json_decode((string) $request->getBody(), true);
+        $this->assertSame('test_value', $body['client_id']);
+        $this->assertSame('test_value', $body['client_secret']);
         $this->assertSame('test_value', $body['code']);
+        $this->assertArrayHasKey('grant_type', $body);
     }
 
     public function testPaginationBoundary(): void
diff --git a/tests/Service/UserManagementTest.php b/tests/Service/UserManagementTest.php
@@ -28,7 +28,7 @@ public function testGetJwks(): void
     public function testGetAuthorizationUrl(): void
     {
         $client = $this->createMockClient([['status' => 200, 'body' => []]]);
-        $client->userManagement()->getAuthorizationUrl(redirectUri: 'test_value');
+        $client->userManagement()->getAuthorizationUrl(responseType: 'test_value', redirectUri: 'test_value', clientId: 'test_value');
         $request = $this->getLastRequest();
         $this->assertSame('GET', $request->getMethod());
         $this->assertStringEndsWith('user_management/authorize', $request->getUri()->getPath());

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ public function testGetJwks(): void`
`28`	`28`	`public function testGetAuthorizationUrl(): void`
`29`	`29`	`{`
`30`	`30`	`$client = $this->createMockClient([['status' => 200, 'body' => []]]);`
`31`		`- $client->userManagement()->getAuthorizationUrl(redirectUri: 'test_value');`
	`31`	`+ $client->userManagement()->getAuthorizationUrl(responseType: 'test_value', redirectUri: 'test_value', clientId: 'test_value');`
`32`	`32`	`$request = $this->getLastRequest();`
`33`	`33`	`$this->assertSame('GET', $request->getMethod());`
`34`	`34`	`$this->assertStringEndsWith('user_management/authorize', $request->getUri()->getPath());`