1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
// Code generated by oagen. DO NOT EDIT.
use crate::client::Client;
#[allow(unused_imports)]
use crate::enums::*;
use crate::error::Error;
#[allow(unused_imports)]
use crate::models::*;
use serde::Serialize;
pub struct ConnectApi<'a> {
pub(crate) client: &'a Client,
}
#[derive(Debug, Clone, Serialize)]
pub struct CompleteOAuth2Params {
/// Request body sent with this call.
///
/// Required.
#[serde(skip)]
pub body: UserManagementLoginRequest,
}
impl CompleteOAuth2Params {
/// Construct a new `CompleteOAuth2Params` with the required fields set.
#[allow(deprecated)]
pub fn new(body: UserManagementLoginRequest) -> Self {
Self { body }
}
}
#[derive(Debug, Clone, Default, Serialize)]
pub struct ListApplicationsParams {
/// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
#[serde(skip_serializing_if = "Option::is_none")]
pub before: Option<String>,
/// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
#[serde(skip_serializing_if = "Option::is_none")]
pub after: Option<String>,
/// Upper limit on the number of objects to return, between `1` and `100`.
#[serde(skip_serializing_if = "Option::is_none")]
pub limit: Option<i64>,
/// Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
#[serde(skip_serializing_if = "Option::is_none")]
pub order: Option<PaginationOrder>,
/// Filter Connect Applications by organization ID.
#[serde(skip_serializing_if = "Option::is_none")]
pub organization_id: Option<String>,
}
#[derive(Debug, Clone, Serialize)]
pub struct CreateOAuthApplicationParams {
/// The name of the application.
///
/// Required.
pub name: String,
/// Whether this is a first-party application. Third-party applications require an organization_id.
///
/// Required.
pub is_first_party: bool,
/// A description for the application.
#[serde(skip_serializing_if = "Option::is_none")]
pub description: Option<String>,
/// The OAuth scopes granted to the application.
#[serde(skip_serializing_if = "Option::is_none")]
pub scopes: Option<Vec<String>>,
/// Redirect URIs for the application.
#[serde(skip_serializing_if = "Option::is_none")]
pub redirect_uris: Option<Vec<RedirectUriInput>>,
/// Whether the application uses PKCE (Proof Key for Code Exchange).
#[serde(skip_serializing_if = "Option::is_none")]
pub uses_pkce: Option<bool>,
/// The organization ID this application belongs to. Required when is_first_party is false.
#[serde(skip_serializing_if = "Option::is_none")]
pub organization_id: Option<String>,
}
impl CreateOAuthApplicationParams {
/// Construct a new `CreateOAuthApplicationParams` with the required fields set.
pub fn new(name: impl Into<String>, is_first_party: bool) -> Self {
Self {
name: name.into(),
is_first_party,
description: Default::default(),
scopes: Default::default(),
redirect_uris: Default::default(),
uses_pkce: Default::default(),
organization_id: Default::default(),
}
}
}
#[derive(Debug, Clone, Serialize)]
pub struct CreateM2MApplicationParams {
/// The name of the application.
///
/// Required.
pub name: String,
/// The organization ID this application belongs to.
///
/// Required.
pub organization_id: String,
/// A description for the application.
#[serde(skip_serializing_if = "Option::is_none")]
pub description: Option<String>,
/// The OAuth scopes granted to the application.
#[serde(skip_serializing_if = "Option::is_none")]
pub scopes: Option<Vec<String>>,
}
impl CreateM2MApplicationParams {
/// Construct a new `CreateM2MApplicationParams` with the required fields set.
pub fn new(name: impl Into<String>, organization_id: impl Into<String>) -> Self {
Self {
name: name.into(),
organization_id: organization_id.into(),
description: Default::default(),
scopes: Default::default(),
}
}
}
#[derive(Debug, Clone, Serialize)]
pub struct UpdateApplicationParams {
/// Request body sent with this call.
///
/// Required.
#[serde(skip)]
pub body: UpdateOAuthApplication,
}
impl UpdateApplicationParams {
/// Construct a new `UpdateApplicationParams` with the required fields set.
#[allow(deprecated)]
pub fn new(body: UpdateOAuthApplication) -> Self {
Self { body }
}
}
#[derive(Debug, Clone, Serialize)]
pub struct CreateApplicationClientSecretParams {
/// Request body sent with this call.
///
/// Required.
#[serde(skip)]
pub body: CreateApplicationSecret,
}
impl CreateApplicationClientSecretParams {
/// Construct a new `CreateApplicationClientSecretParams` with the required fields set.
#[allow(deprecated)]
pub fn new(body: CreateApplicationSecret) -> Self {
Self { body }
}
}
impl<'a> ConnectApi<'a> {
/// Complete external authentication
///
/// Completes an external authentication flow and returns control to AuthKit. This endpoint is used with [Standalone Connect](https://workos.com/docs/authkit/connect/standalone) to bridge your existing authentication system with the Connect OAuth API infrastructure.
///
/// After successfully authenticating a user in your application, calling this endpoint will:
///
/// - Create or update the user in AuthKit, using the given `id` as its `external_id`.
/// - Return a `redirect_uri` your application should redirect to in order for AuthKit to complete the flow
///
/// Users are automatically created or updated based on the `id` and `email` provided. If a user with the same `id` exists, their information is updated. Otherwise, a new user is created.
///
/// If you provide a new `id` with an `email` that already belongs to an existing user, the request will fail with an error as email addresses are unique to a user.
pub async fn complete_oauth_2(
&self,
params: CompleteOAuth2Params,
) -> Result<ExternalAuthCompleteResponse, Error> {
self.complete_oauth_2_with_options(params, None).await
}
/// Variant of [`Self::complete_oauth_2`] that accepts per-request [`crate::RequestOptions`].
pub async fn complete_oauth_2_with_options(
&self,
params: CompleteOAuth2Params,
options: Option<&crate::RequestOptions>,
) -> Result<ExternalAuthCompleteResponse, Error> {
let path = "/authkit/oauth2/complete".to_string();
let method = http::Method::POST;
self.client
.request_with_body_opts(method, &path, ¶ms, Some(¶ms.body), options)
.await
}
/// List Connect Applications
///
/// List all Connect Applications in the current environment with optional filtering.
pub async fn list_applications(
&self,
params: ListApplicationsParams,
) -> Result<ConnectApplicationList, Error> {
self.list_applications_with_options(params, None).await
}
/// Variant of [`Self::list_applications`] that accepts per-request [`crate::RequestOptions`].
pub async fn list_applications_with_options(
&self,
params: ListApplicationsParams,
options: Option<&crate::RequestOptions>,
) -> Result<ConnectApplicationList, Error> {
let path = "/connect/applications".to_string();
let method = http::Method::GET;
self.client
.request_with_query_opts(method, &path, ¶ms, options)
.await
}
/// Returns an async [`futures_util::Stream`] that yields every `ConnectApplication`
/// across all pages, advancing the `after` cursor under the hood.
///
/// ```ignore
/// use futures_util::TryStreamExt;
/// let all: Vec<ConnectApplication> = self
/// .list_applications_auto_paging(params)
/// .try_collect()
/// .await?;
/// ```
pub fn list_applications_auto_paging(
&self,
params: ListApplicationsParams,
) -> impl futures_util::Stream<Item = Result<ConnectApplication, Error>> + '_ {
crate::pagination::auto_paginate_pages(move |after| {
let mut params = params.clone();
params.after = after;
async move {
let page = self.list_applications(params).await?;
Ok((page.data, page.list_metadata.after))
}
})
}
/// Create a Connect Application
///
/// Create a new Connect Application. Supports both OAuth and Machine-to-Machine (M2M) application types.
pub async fn create_oauth_application(
&self,
params: CreateOAuthApplicationParams,
) -> Result<ConnectApplication, Error> {
self.create_oauth_application_with_options(params, None)
.await
}
/// Variant of [`Self::create_oauth_application`] that accepts per-request [`crate::RequestOptions`].
pub async fn create_oauth_application_with_options(
&self,
params: CreateOAuthApplicationParams,
options: Option<&crate::RequestOptions>,
) -> Result<ConnectApplication, Error> {
let path = "/connect/applications".to_string();
let method = http::Method::POST;
let body = serde_json::json!({
"application_type": "oauth",
"name": params.name,
"is_first_party": params.is_first_party,
"description": params.description,
"scopes": params.scopes,
"redirect_uris": params.redirect_uris,
"uses_pkce": params.uses_pkce,
"organization_id": params.organization_id,
});
#[derive(Serialize)]
struct EmptyQuery {}
self.client
.request_with_body_opts(method, &path, &EmptyQuery {}, Some(&body), options)
.await
}
/// Create a Connect Application
///
/// Create a new Connect Application. Supports both OAuth and Machine-to-Machine (M2M) application types.
pub async fn create_m2m_application(
&self,
params: CreateM2MApplicationParams,
) -> Result<ConnectApplication, Error> {
self.create_m2m_application_with_options(params, None).await
}
/// Variant of [`Self::create_m2m_application`] that accepts per-request [`crate::RequestOptions`].
pub async fn create_m2m_application_with_options(
&self,
params: CreateM2MApplicationParams,
options: Option<&crate::RequestOptions>,
) -> Result<ConnectApplication, Error> {
let path = "/connect/applications".to_string();
let method = http::Method::POST;
let body = serde_json::json!({
"application_type": "m2m",
"name": params.name,
"organization_id": params.organization_id,
"description": params.description,
"scopes": params.scopes,
});
#[derive(Serialize)]
struct EmptyQuery {}
self.client
.request_with_body_opts(method, &path, &EmptyQuery {}, Some(&body), options)
.await
}
/// Get a Connect Application
///
/// Retrieve details for a specific Connect Application by ID or client ID.
pub async fn get_application(&self, id: &str) -> Result<ConnectApplication, Error> {
self.get_application_with_options(id, None).await
}
/// Variant of [`Self::get_application`] that accepts per-request [`crate::RequestOptions`].
pub async fn get_application_with_options(
&self,
id: &str,
options: Option<&crate::RequestOptions>,
) -> Result<ConnectApplication, Error> {
let id = crate::client::path_segment(id);
let path = format!("/connect/applications/{id}");
let method = http::Method::GET;
self.client
.request_with_query_opts(method, &path, &(), options)
.await
}
/// Update a Connect Application
///
/// Update an existing Connect Application. For OAuth applications, you can update redirect URIs. For all applications, you can update the name, description, and scopes.
pub async fn update_application(
&self,
id: &str,
params: UpdateApplicationParams,
) -> Result<ConnectApplication, Error> {
self.update_application_with_options(id, params, None).await
}
/// Variant of [`Self::update_application`] that accepts per-request [`crate::RequestOptions`].
pub async fn update_application_with_options(
&self,
id: &str,
params: UpdateApplicationParams,
options: Option<&crate::RequestOptions>,
) -> Result<ConnectApplication, Error> {
let id = crate::client::path_segment(id);
let path = format!("/connect/applications/{id}");
let method = http::Method::PUT;
self.client
.request_with_body_opts(method, &path, ¶ms, Some(¶ms.body), options)
.await
}
/// Delete a Connect Application
///
/// Delete an existing Connect Application.
pub async fn delete_application(&self, id: &str) -> Result<(), Error> {
self.delete_application_with_options(id, None).await
}
/// Variant of [`Self::delete_application`] that accepts per-request [`crate::RequestOptions`].
pub async fn delete_application_with_options(
&self,
id: &str,
options: Option<&crate::RequestOptions>,
) -> Result<(), Error> {
let id = crate::client::path_segment(id);
let path = format!("/connect/applications/{id}");
let method = http::Method::DELETE;
self.client
.request_with_query_opts_empty(method, &path, &(), options)
.await
}
/// List Client Secrets for a Connect Application
///
/// List all client secrets associated with a Connect Application.
pub async fn list_application_client_secrets(
&self,
id: &str,
) -> Result<Vec<ApplicationCredentialsListItem>, Error> {
self.list_application_client_secrets_with_options(id, None)
.await
}
/// Variant of [`Self::list_application_client_secrets`] that accepts per-request [`crate::RequestOptions`].
pub async fn list_application_client_secrets_with_options(
&self,
id: &str,
options: Option<&crate::RequestOptions>,
) -> Result<Vec<ApplicationCredentialsListItem>, Error> {
let id = crate::client::path_segment(id);
let path = format!("/connect/applications/{id}/client_secrets");
let method = http::Method::GET;
self.client
.request_with_query_opts(method, &path, &(), options)
.await
}
/// Create a new client secret for a Connect Application
///
/// Create new secrets for a Connect Application.
pub async fn create_application_client_secret(
&self,
id: &str,
params: CreateApplicationClientSecretParams,
) -> Result<NewConnectApplicationSecret, Error> {
self.create_application_client_secret_with_options(id, params, None)
.await
}
/// Variant of [`Self::create_application_client_secret`] that accepts per-request [`crate::RequestOptions`].
pub async fn create_application_client_secret_with_options(
&self,
id: &str,
params: CreateApplicationClientSecretParams,
options: Option<&crate::RequestOptions>,
) -> Result<NewConnectApplicationSecret, Error> {
let id = crate::client::path_segment(id);
let path = format!("/connect/applications/{id}/client_secrets");
let method = http::Method::POST;
self.client
.request_with_body_opts(method, &path, ¶ms, Some(¶ms.body), options)
.await
}
/// Delete a Client Secret
///
/// Delete (revoke) an existing client secret.
pub async fn delete_client_secret(&self, id: &str) -> Result<(), Error> {
self.delete_client_secret_with_options(id, None).await
}
/// Variant of [`Self::delete_client_secret`] that accepts per-request [`crate::RequestOptions`].
pub async fn delete_client_secret_with_options(
&self,
id: &str,
options: Option<&crate::RequestOptions>,
) -> Result<(), Error> {
let id = crate::client::path_segment(id);
let path = format!("/connect/client_secrets/{id}");
let method = http::Method::DELETE;
self.client
.request_with_query_opts_empty(method, &path, &(), options)
.await
}
}