cleanup

swaroopAkkineniWorkos · swaroopAkkineniWorkos · commit 0fb70d2af24e · 2026-02-23T05:25:14.000-10:00
diff --git a/src/workos/authorization.py b/src/workos/authorization.py
@@ -9,6 +9,7 @@
 )
 from workos.types.authorization.organization_role import OrganizationRole
 from workos.types.authorization.permission import Permission
+from workos.types.authorization.resource_identifier import ResourceIdentifier
 from workos.types.authorization.role import Role, RoleList
 from workos.types.list_resource import (
     ListArgs,
@@ -169,9 +170,7 @@ def check(
         organization_membership_id: str,
         *,
         permission_slug: str,
-        resource_id: Optional[str] = None,
-        resource_external_id: Optional[str] = None,
-        resource_type_slug: Optional[str] = None,
+        resource: ResourceIdentifier,
     ) -> SyncOrAsync[AccessEvaluation]: ...
 
 
@@ -457,26 +456,10 @@ def check(
         organization_membership_id: str,
         *,
         permission_slug: str,
-        resource_id: Optional[str] = None,
-        resource_external_id: Optional[str] = None,
-        resource_type_slug: Optional[str] = None,
+        resource: ResourceIdentifier,
     ) -> AccessEvaluation:
-        if resource_id is not None and resource_external_id is not None:
-            raise ValueError(
-                "resource_id and resource_external_id are mutually exclusive"
-            )
-        if resource_external_id is not None and resource_type_slug is None:
-            raise ValueError(
-                "resource_type_slug is required when resource_external_id is provided"
-            )
-
         json: Dict[str, Any] = {"permission_slug": permission_slug}
-        if resource_id is not None:
-            json["resource_id"] = resource_id
-        if resource_external_id is not None:
-            json["resource_external_id"] = resource_external_id
-        if resource_type_slug is not None:
-            json["resource_type_slug"] = resource_type_slug
+        json.update(resource)
 
         response = self._http_client.request(
             f"authorization/organization_memberships/{organization_membership_id}/check",
@@ -769,26 +752,10 @@ async def check(
         organization_membership_id: str,
         *,
         permission_slug: str,
-        resource_id: Optional[str] = None,
-        resource_external_id: Optional[str] = None,
-        resource_type_slug: Optional[str] = None,
+        resource: ResourceIdentifier,
     ) -> AccessEvaluation:
-        if resource_id is not None and resource_external_id is not None:
-            raise ValueError(
-                "resource_id and resource_external_id are mutually exclusive"
-            )
-        if resource_external_id is not None and resource_type_slug is None:
-            raise ValueError(
-                "resource_type_slug is required when resource_external_id is provided"
-            )
-
         json: Dict[str, Any] = {"permission_slug": permission_slug}
-        if resource_id is not None:
-            json["resource_id"] = resource_id
-        if resource_external_id is not None:
-            json["resource_external_id"] = resource_external_id
-        if resource_type_slug is not None:
-            json["resource_type_slug"] = resource_type_slug
+        json.update(resource)
 
         response = await self._http_client.request(
             f"authorization/organization_memberships/{organization_membership_id}/check",
diff --git a/src/workos/types/authorization/__init__.py b/src/workos/types/authorization/__init__.py
@@ -13,6 +13,11 @@
 )
 from workos.types.authorization.permission import Permission
 from workos.types.authorization.resource import Resource
+from workos.types.authorization.resource_identifier import (
+    ResourceIdentifier,
+    ResourceIdentifierByExternalId,
+    ResourceIdentifierById,
+)
 from workos.types.authorization.role import (
     Role,
     RoleList,
diff --git a/src/workos/types/authorization/resource_identifier.py b/src/workos/types/authorization/resource_identifier.py
@@ -0,0 +1,15 @@
+from typing import Union
+
+from typing_extensions import TypedDict
+
+
+class ResourceIdentifierById(TypedDict):
+    resource_id: str
+
+
+class ResourceIdentifierByExternalId(TypedDict):
+    resource_external_id: str
+    resource_type_slug: str
+
+
+ResourceIdentifier = Union[ResourceIdentifierById, ResourceIdentifierByExternalId]
diff --git a/tests/test_authorization_check.py b/tests/test_authorization_check.py
@@ -3,6 +3,10 @@
 import pytest
 from tests.utils.syncify import syncify
 from workos.authorization import AsyncAuthorization, Authorization
+from workos.types.authorization.resource_identifier import (
+    ResourceIdentifierByExternalId,
+    ResourceIdentifierById,
+)
 
 
 @pytest.mark.sync_and_async(Authorization, AsyncAuthorization)
@@ -31,7 +35,7 @@ def test_check_authorized(
             self.authorization.check(
                 "om_01ABC",
                 permission_slug="documents:read",
-                resource_id="res_01ABC",
+                resource=ResourceIdentifierById(resource_id="res_01ABC"),
             )
         )
 
@@ -52,7 +56,7 @@ def test_check_unauthorized(
             self.authorization.check(
                 "om_01ABC",
                 permission_slug="documents:write",
-                resource_id="res_01ABC",
+                resource=ResourceIdentifierById(resource_id="res_01ABC"),
             )
         )
 
@@ -70,7 +74,7 @@ def test_check_with_resource_id(
             self.authorization.check(
                 "om_01ABC",
                 permission_slug="documents:read",
-                resource_id="res_01XYZ",
+                resource=ResourceIdentifierById(resource_id="res_01XYZ"),
             )
         )
 
@@ -90,8 +94,10 @@ def test_check_with_resource_external_id(
             self.authorization.check(
                 "om_01ABC",
                 permission_slug="documents:read",
-                resource_external_id="ext_doc_123",
-                resource_type_slug="document",
+                resource=ResourceIdentifierByExternalId(
+                    resource_external_id="ext_doc_123",
+                    resource_type_slug="document",
+                ),
             )
         )
 
@@ -112,32 +118,10 @@ def test_check_url_construction(
             self.authorization.check(
                 "om_01MEMBERSHIP",
                 permission_slug="admin:access",
+                resource=ResourceIdentifierById(resource_id="res_01ABC"),
             )
         )
 
         assert request_kwargs["url"].endswith(
             "/authorization/organization_memberships/om_01MEMBERSHIP/check"
         )
-        assert request_kwargs["json"] == {"permission_slug": "admin:access"}
-
-    def test_check_raises_when_both_resource_identifiers_provided(self):
-        with pytest.raises(ValueError, match="mutually exclusive"):
-            syncify(
-                self.authorization.check(
-                    "om_01ABC",
-                    permission_slug="documents:read",
-                    resource_id="res_01ABC",
-                    resource_external_id="ext_doc_123",
-                    resource_type_slug="document",
-                )
-            )
-
-    def test_check_raises_when_external_id_without_type_slug(self):
-        with pytest.raises(ValueError, match="resource_type_slug is required"):
-            syncify(
-                self.authorization.check(
-                    "om_01ABC",
-                    permission_slug="documents:read",
-                    resource_external_id="ext_doc_123",
-                )
-            )
