updates

Author: gjtorikian

lib/Resource/ApiKey.php

@@ -23,7 +23,7 @@ public function __construct(
         /** An obfuscated representation of the API Key value. */
         public string $obfuscatedValue,
         /** Timestamp of when the API Key was last used. */
-        public ?string $lastUsedAt,
+        public ?\DateTimeImmutable $lastUsedAt,
         /**
          * The permission slugs assigned to the API Key.
          * @var array<string>
@@ -44,7 +44,7 @@ public static function fromArray(array $data): self
             owner: ApiKeyOwner::fromArray($data['owner']),
             name: $data['name'],
             obfuscatedValue: $data['obfuscated_value'],
-            lastUsedAt: $data['last_used_at'] ?? null,
+            lastUsedAt: isset($data['last_used_at']) ? new \DateTimeImmutable($data['last_used_at']) : null,
             permissions: $data['permissions'],
             createdAt: new \DateTimeImmutable($data['created_at']),
             updatedAt: new \DateTimeImmutable($data['updated_at']),
@@ -59,7 +59,7 @@ public function toArray(): array
             'owner' => $this->owner->toArray(),
             'name' => $this->name,
             'obfuscated_value' => $this->obfuscatedValue,
-            'last_used_at' => $this->lastUsedAt,
+            'last_used_at' => $this->lastUsedAt?->format(\DateTimeInterface::RFC3339_EXTENDED),
             'permissions' => $this->permissions,
             'created_at' => $this->createdAt->format(\DateTimeInterface::RFC3339_EXTENDED),
             'updated_at' => $this->updatedAt->format(\DateTimeInterface::RFC3339_EXTENDED),

lib/Resource/ApiKeyWithValue.php

@@ -22,7 +22,7 @@ public function __construct(
         /** An obfuscated representation of the API Key value. */
         public string $obfuscatedValue,
         /** Timestamp of when the API Key was last used. */
-        public ?string $lastUsedAt,
+        public ?\DateTimeImmutable $lastUsedAt,
         /**
          * The permission slugs assigned to the API Key.
          * @var array<string>
@@ -45,7 +45,7 @@ public static function fromArray(array $data): self
             owner: ApiKeyWithValueOwner::fromArray($data['owner']),
             name: $data['name'],
             obfuscatedValue: $data['obfuscated_value'],
-            lastUsedAt: $data['last_used_at'] ?? null,
+            lastUsedAt: isset($data['last_used_at']) ? new \DateTimeImmutable($data['last_used_at']) : null,
             permissions: $data['permissions'],
             createdAt: new \DateTimeImmutable($data['created_at']),
             updatedAt: new \DateTimeImmutable($data['updated_at']),
@@ -61,7 +61,7 @@ public function toArray(): array
             'owner' => $this->owner->toArray(),
             'name' => $this->name,
             'obfuscated_value' => $this->obfuscatedValue,
-            'last_used_at' => $this->lastUsedAt,
+            'last_used_at' => $this->lastUsedAt?->format(\DateTimeInterface::RFC3339_EXTENDED),
             'permissions' => $this->permissions,
             'created_at' => $this->createdAt->format(\DateTimeInterface::RFC3339_EXTENDED),
             'updated_at' => $this->updatedAt->format(\DateTimeInterface::RFC3339_EXTENDED),

lib/Resource/AuditLogEvent.php

@@ -14,7 +14,7 @@ public function __construct(
         /** Identifier of what happened. */
         public string $action,
         /** ISO-8601 value of when the action occurred. */
-        public string $occurredAt,
+        public \DateTimeImmutable $occurredAt,
         /** The entity that performed the action. */
         public AuditLogEventActor $actor,
         /**
@@ -38,7 +38,7 @@ public static function fromArray(array $data): self
     {
         return new self(
             action: $data['action'],
-            occurredAt: $data['occurred_at'],
+            occurredAt: new \DateTimeImmutable($data['occurred_at']),
             actor: AuditLogEventActor::fromArray($data['actor']),
             targets: array_map(fn ($item) => AuditLogEventTarget::fromArray($item), $data['targets']),
             context: AuditLogEventContext::fromArray($data['context']),
@@ -51,7 +51,7 @@ public function toArray(): array
     {
         return [
             'action' => $this->action,
-            'occurred_at' => $this->occurredAt,
+            'occurred_at' => $this->occurredAt->format(\DateTimeInterface::RFC3339_EXTENDED),
             'actor' => $this->actor->toArray(),
             'targets' => array_map(fn ($item) => $item->toArray(), $this->targets),
             'context' => $this->context->toArray(),

lib/Resource/GenerateLink.php

@@ -31,6 +31,11 @@ public function __construct(
         public ?GenerateLinkIntent $intent = null,
         /** Options to configure the Admin Portal based on the intent. */
         public ?IntentOptions $intentOptions = null,
+        /**
+         * The email addresses of the IT admins to grant access to the Admin Portal for the given organization. Accepts up to 20 emails.
+         * @var array<string>|null
+         */
+        public ?array $adminEmails = null,
     ) {
     }
 
@@ -42,6 +47,7 @@ public static function fromArray(array $data): self
             successUrl: $data['success_url'] ?? null,
             intent: isset($data['intent']) ? GenerateLinkIntent::from($data['intent']) : null,
             intentOptions: isset($data['intent_options']) ? IntentOptions::fromArray($data['intent_options']) : null,
+            adminEmails: $data['admin_emails'] ?? null,
         );
     }
 
@@ -53,6 +59,7 @@ public function toArray(): array
             'success_url' => $this->successUrl,
             'intent' => $this->intent?->value,
             'intent_options' => $this->intentOptions?->toArray(),
+            'admin_emails' => $this->adminEmails,
         ];
     }
 }

lib/Service/AdminPortal.php

@@ -32,6 +32,7 @@ public function __construct(
      *         - `certificate_renewal` - Launch Admin Portal for renewing SAML Certificates
      *         - `bring_your_own_key` - Launch Admin Portal for configuring Bring Your Own Key
      * @param \WorkOS\Resource\IntentOptions|null $intentOptions Options to configure the Admin Portal based on the intent.
+     * @param array<string>|null $adminEmails The email addresses of the IT admins to grant access to the Admin Portal for the given organization. Accepts up to 20 emails.
      * @return \WorkOS\Resource\PortalLinkResponse
      */
     public function generateLink(
@@ -40,6 +41,7 @@ public function generateLink(
         ?string $successUrl = null,
         ?\WorkOS\Resource\GenerateLinkIntent $intent = null,
         ?\WorkOS\Resource\IntentOptions $intentOptions = null,
+        ?array $adminEmails = null,
         ?\WorkOS\RequestOptions $options = null,
     ): \WorkOS\Resource\PortalLinkResponse {
         $body = array_filter([
@@ -48,6 +50,7 @@ public function generateLink(
             'organization' => $organization,
             'intent' => $intent?->value,
             'intent_options' => $intentOptions,
+            'admin_emails' => $adminEmails,
         ], fn ($v) => $v !== null);
         $response = $this->client->request(
             method: 'POST',

lib/Service/SSO.php

@@ -106,13 +106,9 @@ public function deleteConnection(
      * Initiates the single sign-on flow.
      * @param array<string>|null $providerScopes Additional OAuth scopes to request from the identity provider. Only applicable when using OAuth connections.
      * @param array<string, string>|null $providerQueryParams Key/value pairs of query parameters to pass to the OAuth provider. Only applicable when using OAuth connections.
-     * @param string $clientId The unique identifier of the WorkOS environment client.
      * @param string|null $domain (deprecated) Deprecated. Use `connection` or `organization` instead. Used to initiate SSO for a connection by domain. The domain must be associated with a connection in your WorkOS environment.
      * @param \WorkOS\Resource\SSOProvider|null $provider Used to initiate OAuth authentication with Google, Microsoft, GitHub, or Apple.
      * @param string $redirectUri Where to redirect the user after they complete the authentication process. You must use one of the redirect URIs configured via the [Redirects](https://dashboard.workos.com/redirects) page on the dashboard.
-     * @param string $responseType The only valid option for the response type parameter is `"code"`.
-     *
-     * The `"code"` parameter value initiates an [authorization code grant type](https://tools.ietf.org/html/rfc6749#section-4.1). This grant type allows you to exchange an authorization code for an access token during the redirect that takes place after a user has authenticated with an identity provider.
      * @param string|null $state An optional parameter that can be used to encode arbitrary information to help restore application state between redirects. If included, the redirect URI received from WorkOS will contain the exact `state` that was passed.
      * @param string|null $connection Used to initiate SSO for a connection. The value should be a WorkOS connection ID.
      *
@@ -126,9 +122,7 @@ public function deleteConnection(
      * @return \WorkOS\Resource\SSOAuthorizeUrlResponse
      */
     public function getAuthorizationUrl(
-        string $clientId,
         string $redirectUri,
-        string $responseType,
         ?array $providerScopes = null,
         ?array $providerQueryParams = null,
         ?string $domain = null,
@@ -144,18 +138,18 @@ public function getAuthorizationUrl(
         $query = array_filter([
             'provider_scopes' => $providerScopes,
             'provider_query_params' => $providerQueryParams,
-            'client_id' => $clientId,
             'domain' => $domain,
             'provider' => $provider?->value,
             'redirect_uri' => $redirectUri,
-            'response_type' => $responseType,
             'state' => $state,
             'connection' => $connection,
             'organization' => $organization,
             'domain_hint' => $domainHint,
             'login_hint' => $loginHint,
             'nonce' => $nonce,
+            'response_type' => 'code',
         ], fn ($v) => $v !== null);
+        $query['client_id'] = $this->client->requireClientId();
         $response = $this->client->request(
             method: 'GET',
             path: 'sso/authorize',
@@ -234,25 +228,19 @@ public function getProfile(
      * Get a Profile and Token
      *
      * Get an access token along with the user [Profile](https://workos.com/docs/reference/sso/profile) using the code passed to your [Redirect URI](https://workos.com/docs/reference/sso/get-authorization-url/redirect-uri).
-     * @param string $clientId The client ID of the WorkOS environment.
-     * @param string $clientSecret The client secret of the WorkOS environment.
      * @param string $code The authorization code received from the authorization callback.
-     * @param string $grantType The grant type for the token request.
      * @return \WorkOS\Resource\SSOTokenResponse
      */
     public function getProfileAndToken(
-        string $clientId,
-        string $clientSecret,
         string $code,
-        string $grantType,
         ?\WorkOS\RequestOptions $options = null,
     ): \WorkOS\Resource\SSOTokenResponse {
         $body = [
-            'client_id' => $clientId,
-            'client_secret' => $clientSecret,
             'code' => $code,
-            'grant_type' => $grantType,
+            'grant_type' => 'authorization_code',
         ];
+        $body['client_id'] = $this->client->requireClientId();
+        $body['client_secret'] = $this->client->requireApiKey();
         $response = $this->client->request(
             method: 'POST',
             path: 'sso/token',

lib/Service/UserManagement.php

@@ -290,15 +290,11 @@ public function authenticateWithDeviceCode(
      * @param string|null $prompt Controls the authentication flow behavior for the user.
      * @param string|null $state An opaque value used to maintain state between the request and the callback.
      * @param string|null $organizationId The ID of the organization to authenticate the user against.
-     * @param string $responseType The response type of the application.
      * @param string $redirectUri The callback URI where the authorization code will be sent after authentication.
-     * @param string $clientId The unique identifier of the WorkOS environment client.
      * @return mixed
      */
     public function getAuthorizationUrl(
-        string $responseType,
         string $redirectUri,
-        string $clientId,
         ?string $codeChallengeMethod = null,
         ?string $codeChallenge = null,
         ?string $domainHint = null,
@@ -328,10 +324,10 @@ public function getAuthorizationUrl(
             'prompt' => $prompt,
             'state' => $state,
             'organization_id' => $organizationId,
-            'response_type' => $responseType,
             'redirect_uri' => $redirectUri,
-            'client_id' => $clientId,
+            'response_type' => 'code',
         ], fn ($v) => $v !== null);
+        $query['client_id'] = $this->client->requireClientId();
         $response = $this->client->request(
             method: 'GET',
             path: 'user_management/authorize',

tests/Fixtures/generate_link.json

@@ -8,5 +8,8 @@
       "bookmark_slug": "chatgpt",
       "provider_type": "GoogleSAML"
     }
-  }
+  },
+  "admin_emails": [
+    "admin@example.com"
+  ]
 }

tests/Service/SSOTest.php

@@ -60,7 +60,7 @@ public function testGetAuthorizationUrl(): void
     {
         $fixture = $this->loadFixture('sso_authorize_url_response');
         $client = $this->createMockClient([['status' => 200, 'body' => $fixture]]);
-        $result = $client->sso()->getAuthorizationUrl(clientId: 'test_value', redirectUri: 'test_value', responseType: 'test_value');
+        $result = $client->sso()->getAuthorizationUrl(redirectUri: 'test_value');
         $this->assertInstanceOf(\WorkOS\Resource\SSOAuthorizeUrlResponse::class, $result);
         $this->assertIsArray($result->toArray());
         $request = $this->getLastRequest();
@@ -110,18 +110,15 @@ public function testGetProfileAndToken(): void
     {
         $fixture = $this->loadFixture('sso_token_response');
         $client = $this->createMockClient([['status' => 200, 'body' => $fixture]]);
-        $result = $client->sso()->getProfileAndToken(clientId: 'test_value', clientSecret: 'test_value', code: 'test_value', grantType: 'test_value');
+        $result = $client->sso()->getProfileAndToken(code: 'test_value');
         $this->assertInstanceOf(\WorkOS\Resource\SSOTokenResponse::class, $result);
         $this->assertSame($fixture['access_token'], $result->accessToken);
         $this->assertIsArray($result->toArray());
         $request = $this->getLastRequest();
         $this->assertSame('POST', $request->getMethod());
         $this->assertStringEndsWith('sso/token', $request->getUri()->getPath());
         $body = json_decode((string) $request->getBody(), true);
-        $this->assertSame('test_value', $body['client_id']);
-        $this->assertSame('test_value', $body['client_secret']);
         $this->assertSame('test_value', $body['code']);
-        $this->assertArrayHasKey('grant_type', $body);
     }
 
     public function testPaginationBoundary(): void

tests/Service/UserManagementTest.php

@@ -28,7 +28,7 @@ public function testGetJwks(): void
     public function testGetAuthorizationUrl(): void
     {
         $client = $this->createMockClient([['status' => 200, 'body' => []]]);
-        $client->userManagement()->getAuthorizationUrl(responseType: 'test_value', redirectUri: 'test_value', clientId: 'test_value');
+        $client->userManagement()->getAuthorizationUrl(redirectUri: 'test_value');
         $request = $this->getLastRequest();
         $this->assertSame('GET', $request->getMethod());
         $this->assertStringEndsWith('user_management/authorize', $request->getUri()->getPath());