workos 1.0.0

// Code generated by oagen. DO NOT EDIT.

use crate::client::Client;
#[allow(unused_imports)]
use crate::enums::*;
use crate::error::Error;
#[allow(unused_imports)]
use crate::models::*;
use serde::Serialize;

pub struct UserManagementApi<'a> {
    pub(crate) client: &'a Client,
}

#[derive(Debug, Clone, Serialize)]
pub struct AuthenticateWithPasswordParams {
    /// The user's email address.
    ///
    /// Required.
    pub email: String,
    /// The user's password.
    ///
    /// Required.
    pub password: crate::SecretString,
    /// An invitation token to accept during authentication.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub invitation_token: Option<crate::SecretString>,
    /// The IP address of the user's request.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub ip_address: Option<String>,
    /// A unique identifier for the device.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub device_id: Option<String>,
    /// The user agent string from the user's browser.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub user_agent: Option<String>,
}

impl AuthenticateWithPasswordParams {
    /// Construct a new `AuthenticateWithPasswordParams` with the required fields set.
    pub fn new(email: impl Into<String>, password: impl Into<crate::SecretString>) -> Self {
        Self {
            email: email.into(),
            password: password.into(),
            invitation_token: Default::default(),
            ip_address: Default::default(),
            device_id: Default::default(),
            user_agent: Default::default(),
        }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct AuthenticateWithCodeParams {
    /// The authorization code received from the redirect.
    ///
    /// Required.
    pub code: String,
    /// The PKCE code verifier used to derive the code challenge passed to the authorization URL.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub code_verifier: Option<String>,
    /// An invitation token to accept during authentication.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub invitation_token: Option<crate::SecretString>,
    /// The IP address of the user's request.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub ip_address: Option<String>,
    /// A unique identifier for the device.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub device_id: Option<String>,
    /// The user agent string from the user's browser.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub user_agent: Option<String>,
}

impl AuthenticateWithCodeParams {
    /// Construct a new `AuthenticateWithCodeParams` with the required fields set.
    pub fn new(code: impl Into<String>) -> Self {
        Self {
            code: code.into(),
            code_verifier: Default::default(),
            invitation_token: Default::default(),
            ip_address: Default::default(),
            device_id: Default::default(),
            user_agent: Default::default(),
        }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct AuthenticateWithRefreshTokenParams {
    /// The refresh token to exchange for new tokens.
    ///
    /// Required.
    pub refresh_token: crate::SecretString,
    /// The ID of the organization to scope the session to.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub organization_id: Option<String>,
    /// The IP address of the user's request.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub ip_address: Option<String>,
    /// A unique identifier for the device.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub device_id: Option<String>,
    /// The user agent string from the user's browser.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub user_agent: Option<String>,
}

impl AuthenticateWithRefreshTokenParams {
    /// Construct a new `AuthenticateWithRefreshTokenParams` with the required fields set.
    pub fn new(refresh_token: impl Into<crate::SecretString>) -> Self {
        Self {
            refresh_token: refresh_token.into(),
            organization_id: Default::default(),
            ip_address: Default::default(),
            device_id: Default::default(),
            user_agent: Default::default(),
        }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct AuthenticateWithMagicAuthParams {
    /// Required.
    pub code: String,
    /// Required.
    pub email: String,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub invitation_token: Option<crate::SecretString>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub ip_address: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub device_id: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub user_agent: Option<String>,
}

impl AuthenticateWithMagicAuthParams {
    /// Construct a new `AuthenticateWithMagicAuthParams` with the required fields set.
    pub fn new(code: impl Into<String>, email: impl Into<String>) -> Self {
        Self {
            code: code.into(),
            email: email.into(),
            invitation_token: Default::default(),
            ip_address: Default::default(),
            device_id: Default::default(),
            user_agent: Default::default(),
        }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct AuthenticateWithEmailVerificationParams {
    /// Required.
    pub code: String,
    /// Required.
    pub pending_authentication_token: crate::SecretString,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub ip_address: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub device_id: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub user_agent: Option<String>,
}

impl AuthenticateWithEmailVerificationParams {
    /// Construct a new `AuthenticateWithEmailVerificationParams` with the required fields set.
    pub fn new(
        code: impl Into<String>,
        pending_authentication_token: impl Into<crate::SecretString>,
    ) -> Self {
        Self {
            code: code.into(),
            pending_authentication_token: pending_authentication_token.into(),
            ip_address: Default::default(),
            device_id: Default::default(),
            user_agent: Default::default(),
        }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct AuthenticateWithTotpParams {
    /// Required.
    pub code: String,
    /// Required.
    pub pending_authentication_token: crate::SecretString,
    /// Required.
    pub authentication_challenge_id: String,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub ip_address: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub device_id: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub user_agent: Option<String>,
}

impl AuthenticateWithTotpParams {
    /// Construct a new `AuthenticateWithTotpParams` with the required fields set.
    pub fn new(
        code: impl Into<String>,
        pending_authentication_token: impl Into<crate::SecretString>,
        authentication_challenge_id: impl Into<String>,
    ) -> Self {
        Self {
            code: code.into(),
            pending_authentication_token: pending_authentication_token.into(),
            authentication_challenge_id: authentication_challenge_id.into(),
            ip_address: Default::default(),
            device_id: Default::default(),
            user_agent: Default::default(),
        }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct AuthenticateWithOrganizationSelectionParams {
    /// Required.
    pub pending_authentication_token: crate::SecretString,
    /// Required.
    pub organization_id: String,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub ip_address: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub device_id: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub user_agent: Option<String>,
}

impl AuthenticateWithOrganizationSelectionParams {
    /// Construct a new `AuthenticateWithOrganizationSelectionParams` with the required fields set.
    pub fn new(
        pending_authentication_token: impl Into<crate::SecretString>,
        organization_id: impl Into<String>,
    ) -> Self {
        Self {
            pending_authentication_token: pending_authentication_token.into(),
            organization_id: organization_id.into(),
            ip_address: Default::default(),
            device_id: Default::default(),
            user_agent: Default::default(),
        }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct AuthenticateWithDeviceCodeParams {
    /// Required.
    pub device_code: String,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub ip_address: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub device_id: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub user_agent: Option<String>,
}

impl AuthenticateWithDeviceCodeParams {
    /// Construct a new `AuthenticateWithDeviceCodeParams` with the required fields set.
    pub fn new(device_code: impl Into<String>) -> Self {
        Self {
            device_code: device_code.into(),
            ip_address: Default::default(),
            device_id: Default::default(),
            user_agent: Default::default(),
        }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct GetAuthorizationUrlParams {
    /// The only valid PKCE code challenge method is `"S256"`. Required when specifying a `code_challenge`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub code_challenge_method: Option<String>,
    /// Code challenge derived from the code verifier used for the PKCE flow.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub code_challenge: Option<String>,
    /// A domain hint for SSO connection lookup.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub domain_hint: Option<String>,
    /// The ID of an SSO connection to use for authentication.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub connection_id: Option<String>,
    /// Key/value pairs of query parameters to pass to the OAuth provider.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub provider_query_params: Option<std::collections::HashMap<String, String>>,
    /// Additional OAuth scopes to request from the identity provider.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub provider_scopes: Option<Vec<String>>,
    /// A token representing a user invitation to redeem during authentication.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub invitation_token: Option<crate::SecretString>,
    /// Used to specify which screen to display when the provider is `authkit`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub screen_hint: Option<UserManagementAuthenticationScreenHint>,
    /// A hint to the authorization server about the login identifier the user might use.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub login_hint: Option<String>,
    /// The OAuth provider to authenticate with (e.g., GoogleOAuth, MicrosoftOAuth, GitHubOAuth).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub provider: Option<UserManagementAuthenticationProvider>,
    /// Controls the authentication flow behavior for the user.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub prompt: Option<String>,
    /// An opaque value used to maintain state between the request and the callback.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub state: Option<String>,
    /// The ID of the organization to authenticate the user against.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub organization_id: Option<String>,
    /// The callback URI where the authorization code will be sent after authentication.
    ///
    /// Required.
    pub redirect_uri: String,
}

impl GetAuthorizationUrlParams {
    /// Construct a new `GetAuthorizationUrlParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(redirect_uri: impl Into<String>) -> Self {
        Self {
            code_challenge_method: Default::default(),
            code_challenge: Default::default(),
            domain_hint: Default::default(),
            connection_id: Default::default(),
            provider_query_params: Default::default(),
            provider_scopes: Default::default(),
            invitation_token: Default::default(),
            screen_hint: Default::default(),
            login_hint: Default::default(),
            provider: Default::default(),
            prompt: Default::default(),
            state: Default::default(),
            organization_id: Default::default(),
            redirect_uri: redirect_uri.into(),
        }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct CreateDeviceParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: SSODeviceAuthorizationRequest,
}

impl CreateDeviceParams {
    /// Construct a new `CreateDeviceParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: SSODeviceAuthorizationRequest) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct GetLogoutUrlParams {
    /// The ID of the session to revoke. This can be extracted from the `sid` claim of the access token.
    ///
    /// Required.
    pub session_id: String,
    /// The URL to redirect the user to after session revocation.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub return_to: Option<String>,
}

impl GetLogoutUrlParams {
    /// Construct a new `GetLogoutUrlParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(session_id: impl Into<String>) -> Self {
        Self {
            session_id: session_id.into(),
            return_to: Default::default(),
        }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct RevokeSessionParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: RevokeSession,
}

impl RevokeSessionParams {
    /// Construct a new `RevokeSessionParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: RevokeSession) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct CreateCorsOriginParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: CreateCorsOrigin,
}

impl CreateCorsOriginParams {
    /// Construct a new `CreateCorsOriginParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: CreateCorsOrigin) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct ResetPasswordParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: CreatePasswordResetToken,
}

impl ResetPasswordParams {
    /// Construct a new `ResetPasswordParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: CreatePasswordResetToken) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct ConfirmPasswordResetParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: CreatePasswordReset,
}

impl ConfirmPasswordResetParams {
    /// Construct a new `ConfirmPasswordResetParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: CreatePasswordReset) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Default, Serialize)]
pub struct ListUsersParams {
    /// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub before: Option<String>,
    /// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub after: Option<String>,
    /// Upper limit on the number of objects to return, between `1` and `100`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub limit: Option<i64>,
    /// Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub order: Option<PaginationOrder>,
    /// Filter users by the organization they are a member of. Deprecated in favor of `organization_id`.
    #[serde(skip_serializing_if = "Option::is_none")]
    #[deprecated]
    pub organization: Option<String>,
    /// Filter users by the organization they are a member of.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub organization_id: Option<String>,
    /// Filter users by their email address.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub email: Option<String>,
}

#[derive(Debug, Clone, Serialize)]
pub struct CreateUserParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: CreateUser,
}

impl CreateUserParams {
    /// Construct a new `CreateUserParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: CreateUser) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct UpdateUserParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: UpdateUser,
}

impl UpdateUserParams {
    /// Construct a new `UpdateUserParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: UpdateUser) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct ConfirmEmailChangeParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: ConfirmEmailChange,
}

impl ConfirmEmailChangeParams {
    /// Construct a new `ConfirmEmailChangeParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: ConfirmEmailChange) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct SendEmailChangeParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: SendEmailChange,
}

impl SendEmailChangeParams {
    /// Construct a new `SendEmailChangeParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: SendEmailChange) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct VerifyEmailParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: VerifyEmailAddress,
}

impl VerifyEmailParams {
    /// Construct a new `VerifyEmailParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: VerifyEmailAddress) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Default, Serialize)]
pub struct ListSessionsParams {
    /// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub before: Option<String>,
    /// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub after: Option<String>,
    /// Upper limit on the number of objects to return, between `1` and `100`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub limit: Option<i64>,
    /// Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub order: Option<PaginationOrder>,
}

#[derive(Debug, Clone, Default, Serialize)]
pub struct ListInvitationsParams {
    /// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub before: Option<String>,
    /// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub after: Option<String>,
    /// Upper limit on the number of objects to return, between `1` and `100`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub limit: Option<i64>,
    /// Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub order: Option<PaginationOrder>,
    /// The ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub organization_id: Option<String>,
    /// The email address of the recipient.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub email: Option<String>,
}

#[derive(Debug, Clone, Serialize)]
pub struct SendInvitationParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: CreateUserInviteOptions,
}

impl SendInvitationParams {
    /// Construct a new `SendInvitationParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: CreateUserInviteOptions) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct ResendInvitationParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: ResendUserInviteOptions,
}

impl ResendInvitationParams {
    /// Construct a new `ResendInvitationParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: ResendUserInviteOptions) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct UpdateJWTTemplateParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: UpdateJWTTemplate,
}

impl UpdateJWTTemplateParams {
    /// Construct a new `UpdateJWTTemplateParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: UpdateJWTTemplate) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct CreateMagicAuthParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: CreateMagicCodeAndReturn,
}

impl CreateMagicAuthParams {
    /// Construct a new `CreateMagicAuthParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: CreateMagicCodeAndReturn) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Default, Serialize)]
pub struct ListOrganizationMembershipsParams {
    /// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub before: Option<String>,
    /// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub after: Option<String>,
    /// Upper limit on the number of objects to return, between `1` and `100`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub limit: Option<i64>,
    /// Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub order: Option<PaginationOrder>,
    /// The ID of the [organization](https://workos.com/docs/reference/organization) which the user belongs to.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub organization_id: Option<String>,
    /// Filter by the status of the organization membership. Array including any of `active`, `inactive`, or `pending`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub statuses: Option<Vec<UserManagementOrganizationMembershipStatuses>>,
    /// The ID of the [user](https://workos.com/docs/reference/authkit/user).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub user_id: Option<String>,
}

#[derive(Debug, Clone, Serialize)]
pub struct CreateOrganizationMembershipParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: CreateUserOrganizationMembership,
}

impl CreateOrganizationMembershipParams {
    /// Construct a new `CreateOrganizationMembershipParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: CreateUserOrganizationMembership) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct UpdateOrganizationMembershipParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: UpdateUserOrganizationMembership,
}

impl UpdateOrganizationMembershipParams {
    /// Construct a new `UpdateOrganizationMembershipParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: UpdateUserOrganizationMembership) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Serialize)]
pub struct CreateRedirectUriParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: CreateRedirectUri,
}

impl CreateRedirectUriParams {
    /// Construct a new `CreateRedirectUriParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: CreateRedirectUri) -> Self {
        Self { body }
    }
}

#[derive(Debug, Clone, Default, Serialize)]
pub struct ListUserAuthorizedApplicationsParams {
    /// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `before="obj_123"` to fetch a new batch of objects before `"obj_123"`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub before: Option<String>,
    /// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with `"obj_123"`, your subsequent call can include `after="obj_123"` to fetch a new batch of objects after `"obj_123"`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub after: Option<String>,
    /// Upper limit on the number of objects to return, between `1` and `100`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub limit: Option<i64>,
    /// Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub order: Option<PaginationOrder>,
}

#[derive(Debug, Clone, Default, Serialize)]
pub struct ListUserApiKeysParams {
    /// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub before: Option<String>,
    /// An object ID that defines your place in the list. When the ID is not present, you are at the end of the list.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub after: Option<String>,
    /// Upper limit on the number of objects to return, between `1` and `100`.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub limit: Option<i64>,
    /// Order the results by the creation time.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub order: Option<PaginationOrder>,
    /// The ID of the organization to filter user API keys by. When provided, only API keys created against that organization membership are returned.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub organization_id: Option<String>,
}

#[derive(Debug, Clone, Serialize)]
pub struct CreateUserApiKeyParams {
    /// Request body sent with this call.
    ///
    /// Required.
    #[serde(skip)]
    pub body: CreateUserApiKey,
}

impl CreateUserApiKeyParams {
    /// Construct a new `CreateUserApiKeyParams` with the required fields set.
    #[allow(deprecated)]
    pub fn new(body: CreateUserApiKey) -> Self {
        Self { body }
    }
}

impl<'a> UserManagementApi<'a> {
    /// Get JWKS
    ///
    /// Returns the JSON Web Key Set (JWKS) containing the public keys used for verifying access tokens.
    pub async fn get_jwks(&self, client_id: &str) -> Result<JwksResponse, Error> {
        self.get_jwks_with_options(client_id, None).await
    }

    /// Variant of [`Self::get_jwks`] that accepts per-request [`crate::RequestOptions`].
    pub async fn get_jwks_with_options(
        &self,
        client_id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<JwksResponse, Error> {
        let client_id = crate::client::path_segment(client_id);
        let path = format!("/sso/jwks/{client_id}");
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// Authenticate
    ///
    /// Authenticate a user with a specified [authentication method](https://workos.com/docs/reference/authkit/authentication).
    pub async fn authenticate_with_password(
        &self,
        params: AuthenticateWithPasswordParams,
    ) -> Result<AuthenticateResponse, Error> {
        self.authenticate_with_password_with_options(params, None)
            .await
    }

    /// Variant of [`Self::authenticate_with_password`] that accepts per-request [`crate::RequestOptions`].
    pub async fn authenticate_with_password_with_options(
        &self,
        params: AuthenticateWithPasswordParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<AuthenticateResponse, Error> {
        let path = "/user_management/authenticate".to_string();
        let method = http::Method::POST;
        let body = serde_json::json!({
            "grant_type": "password",
            "client_id": self.client.client_id(),
            "client_secret": self.client.api_key(),
            "email": params.email,
            "password": params.password,
            "invitation_token": params.invitation_token,
            "ip_address": params.ip_address,
            "device_id": params.device_id,
            "user_agent": params.user_agent,
        });
        #[derive(Serialize)]
        struct EmptyQuery {}
        self.client
            .request_with_body_opts(method, &path, &EmptyQuery {}, Some(&body), options)
            .await
    }

    /// Authenticate
    ///
    /// Authenticate a user with a specified [authentication method](https://workos.com/docs/reference/authkit/authentication).
    pub async fn authenticate_with_code(
        &self,
        params: AuthenticateWithCodeParams,
    ) -> Result<AuthenticateResponse, Error> {
        self.authenticate_with_code_with_options(params, None).await
    }

    /// Variant of [`Self::authenticate_with_code`] that accepts per-request [`crate::RequestOptions`].
    pub async fn authenticate_with_code_with_options(
        &self,
        params: AuthenticateWithCodeParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<AuthenticateResponse, Error> {
        let path = "/user_management/authenticate".to_string();
        let method = http::Method::POST;
        let body = serde_json::json!({
            "grant_type": "authorization_code",
            "client_id": self.client.client_id(),
            "client_secret": self.client.api_key(),
            "code": params.code,
            "code_verifier": params.code_verifier,
            "invitation_token": params.invitation_token,
            "ip_address": params.ip_address,
            "device_id": params.device_id,
            "user_agent": params.user_agent,
        });
        #[derive(Serialize)]
        struct EmptyQuery {}
        self.client
            .request_with_body_opts(method, &path, &EmptyQuery {}, Some(&body), options)
            .await
    }

    /// Authenticate
    ///
    /// Authenticate a user with a specified [authentication method](https://workos.com/docs/reference/authkit/authentication).
    pub async fn authenticate_with_refresh_token(
        &self,
        params: AuthenticateWithRefreshTokenParams,
    ) -> Result<AuthenticateResponse, Error> {
        self.authenticate_with_refresh_token_with_options(params, None)
            .await
    }

    /// Variant of [`Self::authenticate_with_refresh_token`] that accepts per-request [`crate::RequestOptions`].
    pub async fn authenticate_with_refresh_token_with_options(
        &self,
        params: AuthenticateWithRefreshTokenParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<AuthenticateResponse, Error> {
        let path = "/user_management/authenticate".to_string();
        let method = http::Method::POST;
        let body = serde_json::json!({
            "grant_type": "refresh_token",
            "client_id": self.client.client_id(),
            "client_secret": self.client.api_key(),
            "refresh_token": params.refresh_token,
            "organization_id": params.organization_id,
            "ip_address": params.ip_address,
            "device_id": params.device_id,
            "user_agent": params.user_agent,
        });
        #[derive(Serialize)]
        struct EmptyQuery {}
        self.client
            .request_with_body_opts(method, &path, &EmptyQuery {}, Some(&body), options)
            .await
    }

    /// Authenticate
    ///
    /// Authenticate a user with a specified [authentication method](https://workos.com/docs/reference/authkit/authentication).
    pub async fn authenticate_with_magic_auth(
        &self,
        params: AuthenticateWithMagicAuthParams,
    ) -> Result<AuthenticateResponse, Error> {
        self.authenticate_with_magic_auth_with_options(params, None)
            .await
    }

    /// Variant of [`Self::authenticate_with_magic_auth`] that accepts per-request [`crate::RequestOptions`].
    pub async fn authenticate_with_magic_auth_with_options(
        &self,
        params: AuthenticateWithMagicAuthParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<AuthenticateResponse, Error> {
        let path = "/user_management/authenticate".to_string();
        let method = http::Method::POST;
        let body = serde_json::json!({
            "grant_type": "urn:workos:oauth:grant-type:magic-auth:code",
            "client_id": self.client.client_id(),
            "client_secret": self.client.api_key(),
            "code": params.code,
            "email": params.email,
            "invitation_token": params.invitation_token,
            "ip_address": params.ip_address,
            "device_id": params.device_id,
            "user_agent": params.user_agent,
        });
        #[derive(Serialize)]
        struct EmptyQuery {}
        self.client
            .request_with_body_opts(method, &path, &EmptyQuery {}, Some(&body), options)
            .await
    }

    /// Authenticate
    ///
    /// Authenticate a user with a specified [authentication method](https://workos.com/docs/reference/authkit/authentication).
    pub async fn authenticate_with_email_verification(
        &self,
        params: AuthenticateWithEmailVerificationParams,
    ) -> Result<AuthenticateResponse, Error> {
        self.authenticate_with_email_verification_with_options(params, None)
            .await
    }

    /// Variant of [`Self::authenticate_with_email_verification`] that accepts per-request [`crate::RequestOptions`].
    pub async fn authenticate_with_email_verification_with_options(
        &self,
        params: AuthenticateWithEmailVerificationParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<AuthenticateResponse, Error> {
        let path = "/user_management/authenticate".to_string();
        let method = http::Method::POST;
        let body = serde_json::json!({
            "grant_type": "urn:workos:oauth:grant-type:email-verification:code",
            "client_id": self.client.client_id(),
            "client_secret": self.client.api_key(),
            "code": params.code,
            "pending_authentication_token": params.pending_authentication_token,
            "ip_address": params.ip_address,
            "device_id": params.device_id,
            "user_agent": params.user_agent,
        });
        #[derive(Serialize)]
        struct EmptyQuery {}
        self.client
            .request_with_body_opts(method, &path, &EmptyQuery {}, Some(&body), options)
            .await
    }

    /// Authenticate
    ///
    /// Authenticate a user with a specified [authentication method](https://workos.com/docs/reference/authkit/authentication).
    pub async fn authenticate_with_totp(
        &self,
        params: AuthenticateWithTotpParams,
    ) -> Result<AuthenticateResponse, Error> {
        self.authenticate_with_totp_with_options(params, None).await
    }

    /// Variant of [`Self::authenticate_with_totp`] that accepts per-request [`crate::RequestOptions`].
    pub async fn authenticate_with_totp_with_options(
        &self,
        params: AuthenticateWithTotpParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<AuthenticateResponse, Error> {
        let path = "/user_management/authenticate".to_string();
        let method = http::Method::POST;
        let body = serde_json::json!({
            "grant_type": "urn:workos:oauth:grant-type:mfa-totp",
            "client_id": self.client.client_id(),
            "client_secret": self.client.api_key(),
            "code": params.code,
            "pending_authentication_token": params.pending_authentication_token,
            "authentication_challenge_id": params.authentication_challenge_id,
            "ip_address": params.ip_address,
            "device_id": params.device_id,
            "user_agent": params.user_agent,
        });
        #[derive(Serialize)]
        struct EmptyQuery {}
        self.client
            .request_with_body_opts(method, &path, &EmptyQuery {}, Some(&body), options)
            .await
    }

    /// Authenticate
    ///
    /// Authenticate a user with a specified [authentication method](https://workos.com/docs/reference/authkit/authentication).
    pub async fn authenticate_with_organization_selection(
        &self,
        params: AuthenticateWithOrganizationSelectionParams,
    ) -> Result<AuthenticateResponse, Error> {
        self.authenticate_with_organization_selection_with_options(params, None)
            .await
    }

    /// Variant of [`Self::authenticate_with_organization_selection`] that accepts per-request [`crate::RequestOptions`].
    pub async fn authenticate_with_organization_selection_with_options(
        &self,
        params: AuthenticateWithOrganizationSelectionParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<AuthenticateResponse, Error> {
        let path = "/user_management/authenticate".to_string();
        let method = http::Method::POST;
        let body = serde_json::json!({
            "grant_type": "urn:workos:oauth:grant-type:organization-selection",
            "client_id": self.client.client_id(),
            "client_secret": self.client.api_key(),
            "pending_authentication_token": params.pending_authentication_token,
            "organization_id": params.organization_id,
            "ip_address": params.ip_address,
            "device_id": params.device_id,
            "user_agent": params.user_agent,
        });
        #[derive(Serialize)]
        struct EmptyQuery {}
        self.client
            .request_with_body_opts(method, &path, &EmptyQuery {}, Some(&body), options)
            .await
    }

    /// Authenticate
    ///
    /// Authenticate a user with a specified [authentication method](https://workos.com/docs/reference/authkit/authentication).
    pub async fn authenticate_with_device_code(
        &self,
        params: AuthenticateWithDeviceCodeParams,
    ) -> Result<AuthenticateResponse, Error> {
        self.authenticate_with_device_code_with_options(params, None)
            .await
    }

    /// Variant of [`Self::authenticate_with_device_code`] that accepts per-request [`crate::RequestOptions`].
    pub async fn authenticate_with_device_code_with_options(
        &self,
        params: AuthenticateWithDeviceCodeParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<AuthenticateResponse, Error> {
        let path = "/user_management/authenticate".to_string();
        let method = http::Method::POST;
        let body = serde_json::json!({
            "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
            "client_id": self.client.client_id(),
            "device_code": params.device_code,
            "ip_address": params.ip_address,
            "device_id": params.device_id,
            "user_agent": params.user_agent,
        });
        #[derive(Serialize)]
        struct EmptyQuery {}
        self.client
            .request_with_body_opts(method, &path, &EmptyQuery {}, Some(&body), options)
            .await
    }

    /// Get an authorization URL
    ///
    /// Generates an OAuth 2.0 authorization URL to authenticate a user with AuthKit or SSO.
    pub async fn get_authorization_url(
        &self,
        params: GetAuthorizationUrlParams,
    ) -> Result<(), Error> {
        self.get_authorization_url_with_options(params, None).await
    }

    /// Variant of [`Self::get_authorization_url`] that accepts per-request [`crate::RequestOptions`].
    pub async fn get_authorization_url_with_options(
        &self,
        params: GetAuthorizationUrlParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<(), Error> {
        let path = "/user_management/authorize".to_string();
        let method = http::Method::GET;
        self.client
            .request_with_query_opts_empty(method, &path, &params, options)
            .await
    }

    /// Get device authorization URL
    ///
    /// Initiates the CLI Auth flow by requesting a device code and verification URLs. This endpoint implements the OAuth 2.0 Device Authorization Flow ([RFC 8628](https://datatracker.ietf.org/doc/html/rfc8628)) and is designed for command-line applications or other devices with limited input capabilities.
    pub async fn create_device(
        &self,
        params: CreateDeviceParams,
    ) -> Result<DeviceAuthorizationResponse, Error> {
        self.create_device_with_options(params, None).await
    }

    /// Variant of [`Self::create_device`] that accepts per-request [`crate::RequestOptions`].
    pub async fn create_device_with_options(
        &self,
        params: CreateDeviceParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<DeviceAuthorizationResponse, Error> {
        let path = "/user_management/authorize/device".to_string();
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Logout
    ///
    /// Logout a user from the current [session](https://workos.com/docs/reference/authkit/session).
    pub async fn get_logout_url(&self, params: GetLogoutUrlParams) -> Result<(), Error> {
        self.get_logout_url_with_options(params, None).await
    }

    /// Variant of [`Self::get_logout_url`] that accepts per-request [`crate::RequestOptions`].
    pub async fn get_logout_url_with_options(
        &self,
        params: GetLogoutUrlParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<(), Error> {
        let path = "/user_management/sessions/logout".to_string();
        let method = http::Method::GET;
        self.client
            .request_with_query_opts_empty(method, &path, &params, options)
            .await
    }

    /// Revoke Session
    ///
    /// Revoke a [user session](https://workos.com/docs/reference/authkit/session).
    pub async fn revoke_session(&self, params: RevokeSessionParams) -> Result<(), Error> {
        self.revoke_session_with_options(params, None).await
    }

    /// Variant of [`Self::revoke_session`] that accepts per-request [`crate::RequestOptions`].
    pub async fn revoke_session_with_options(
        &self,
        params: RevokeSessionParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<(), Error> {
        let path = "/user_management/sessions/revoke".to_string();
        let method = http::Method::POST;
        self.client
            .request_with_body_opts_empty(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Create a CORS origin
    ///
    /// Creates a new CORS origin for the current environment. CORS origins allow browser-based applications to make requests to the WorkOS API.
    pub async fn create_cors_origin(
        &self,
        params: CreateCorsOriginParams,
    ) -> Result<CorsOriginResponse, Error> {
        self.create_cors_origin_with_options(params, None).await
    }

    /// Variant of [`Self::create_cors_origin`] that accepts per-request [`crate::RequestOptions`].
    pub async fn create_cors_origin_with_options(
        &self,
        params: CreateCorsOriginParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<CorsOriginResponse, Error> {
        let path = "/user_management/cors_origins".to_string();
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Get an email verification code
    ///
    /// Get the details of an existing email verification code that can be used to send an email to a user for verification.
    pub async fn get_email_verification(&self, id: &str) -> Result<EmailVerification, Error> {
        self.get_email_verification_with_options(id, None).await
    }

    /// Variant of [`Self::get_email_verification`] that accepts per-request [`crate::RequestOptions`].
    pub async fn get_email_verification_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<EmailVerification, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/email_verification/{id}");
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// Create a password reset token
    ///
    /// Creates a one-time token that can be used to reset a user's password.
    pub async fn reset_password(
        &self,
        params: ResetPasswordParams,
    ) -> Result<PasswordReset, Error> {
        self.reset_password_with_options(params, None).await
    }

    /// Variant of [`Self::reset_password`] that accepts per-request [`crate::RequestOptions`].
    pub async fn reset_password_with_options(
        &self,
        params: ResetPasswordParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<PasswordReset, Error> {
        let path = "/user_management/password_reset".to_string();
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Reset the password
    ///
    /// Sets a new password using the `token` query parameter from the link that the user received. Successfully resetting the password will verify a user's email, if it hasn't been verified yet.
    pub async fn confirm_password_reset(
        &self,
        params: ConfirmPasswordResetParams,
    ) -> Result<ResetPasswordResponse, Error> {
        self.confirm_password_reset_with_options(params, None).await
    }

    /// Variant of [`Self::confirm_password_reset`] that accepts per-request [`crate::RequestOptions`].
    pub async fn confirm_password_reset_with_options(
        &self,
        params: ConfirmPasswordResetParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<ResetPasswordResponse, Error> {
        let path = "/user_management/password_reset/confirm".to_string();
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Get a password reset token
    ///
    /// Get the details of an existing password reset token that can be used to reset a user's password.
    pub async fn get_password_reset(&self, id: &str) -> Result<PasswordReset, Error> {
        self.get_password_reset_with_options(id, None).await
    }

    /// Variant of [`Self::get_password_reset`] that accepts per-request [`crate::RequestOptions`].
    pub async fn get_password_reset_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<PasswordReset, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/password_reset/{id}");
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// List users
    ///
    /// Get a list of all of your existing users matching the criteria specified.
    pub async fn list_users(&self, params: ListUsersParams) -> Result<UserList, Error> {
        self.list_users_with_options(params, None).await
    }

    /// Variant of [`Self::list_users`] that accepts per-request [`crate::RequestOptions`].
    pub async fn list_users_with_options(
        &self,
        params: ListUsersParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<UserList, Error> {
        let path = "/user_management/users".to_string();
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &params, options)
            .await
    }

    /// Returns an async [`futures_util::Stream`] that yields every `User`
    /// across all pages, advancing the `after` cursor under the hood.
    ///
    /// ```ignore
    /// use futures_util::TryStreamExt;
    /// let all: Vec<User> = self
    ///     .list_users_auto_paging(params)
    ///     .try_collect()
    ///     .await?;
    /// ```
    pub fn list_users_auto_paging(
        &self,
        params: ListUsersParams,
    ) -> impl futures_util::Stream<Item = Result<User, Error>> + '_ {
        crate::pagination::auto_paginate_pages(move |after| {
            let mut params = params.clone();
            params.after = after;
            async move {
                let page = self.list_users(params).await?;
                Ok((page.data, page.list_metadata.after))
            }
        })
    }

    /// Create a user
    ///
    /// Create a new user in the current environment.
    pub async fn create_user(&self, params: CreateUserParams) -> Result<User, Error> {
        self.create_user_with_options(params, None).await
    }

    /// Variant of [`Self::create_user`] that accepts per-request [`crate::RequestOptions`].
    pub async fn create_user_with_options(
        &self,
        params: CreateUserParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<User, Error> {
        let path = "/user_management/users".to_string();
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Get a user by external ID
    ///
    /// Get the details of an existing user by an [external identifier](https://workos.com/docs/authkit/metadata/external-identifiers).
    pub async fn get_user_by_external_id(&self, external_id: &str) -> Result<User, Error> {
        self.get_user_by_external_id_with_options(external_id, None)
            .await
    }

    /// Variant of [`Self::get_user_by_external_id`] that accepts per-request [`crate::RequestOptions`].
    pub async fn get_user_by_external_id_with_options(
        &self,
        external_id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<User, Error> {
        let external_id = crate::client::path_segment(external_id);
        let path = format!("/user_management/users/external_id/{external_id}");
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// Get a user
    ///
    /// Get the details of an existing user.
    pub async fn get_user(&self, id: &str) -> Result<User, Error> {
        self.get_user_with_options(id, None).await
    }

    /// Variant of [`Self::get_user`] that accepts per-request [`crate::RequestOptions`].
    pub async fn get_user_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<User, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/users/{id}");
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// Update a user
    ///
    /// Updates properties of a user. The omitted properties will be left unchanged.
    pub async fn update_user(&self, id: &str, params: UpdateUserParams) -> Result<User, Error> {
        self.update_user_with_options(id, params, None).await
    }

    /// Variant of [`Self::update_user`] that accepts per-request [`crate::RequestOptions`].
    pub async fn update_user_with_options(
        &self,
        id: &str,
        params: UpdateUserParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<User, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/users/{id}");
        let method = http::Method::PUT;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Delete a user
    ///
    /// Permanently deletes a user in the current environment. It cannot be undone.
    pub async fn delete_user(&self, id: &str) -> Result<(), Error> {
        self.delete_user_with_options(id, None).await
    }

    /// Variant of [`Self::delete_user`] that accepts per-request [`crate::RequestOptions`].
    pub async fn delete_user_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<(), Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/users/{id}");
        let method = http::Method::DELETE;
        self.client
            .request_with_query_opts_empty(method, &path, &(), options)
            .await
    }

    /// Confirm email change
    ///
    /// Confirms an email change using the one-time code received by the user.
    pub async fn confirm_email_change(
        &self,
        id: &str,
        params: ConfirmEmailChangeParams,
    ) -> Result<EmailChangeConfirmation, Error> {
        self.confirm_email_change_with_options(id, params, None)
            .await
    }

    /// Variant of [`Self::confirm_email_change`] that accepts per-request [`crate::RequestOptions`].
    pub async fn confirm_email_change_with_options(
        &self,
        id: &str,
        params: ConfirmEmailChangeParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<EmailChangeConfirmation, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/users/{id}/email_change/confirm");
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Send email change code
    ///
    /// Sends an email that contains a one-time code used to change a user's email address.
    pub async fn send_email_change(
        &self,
        id: &str,
        params: SendEmailChangeParams,
    ) -> Result<EmailChange, Error> {
        self.send_email_change_with_options(id, params, None).await
    }

    /// Variant of [`Self::send_email_change`] that accepts per-request [`crate::RequestOptions`].
    pub async fn send_email_change_with_options(
        &self,
        id: &str,
        params: SendEmailChangeParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<EmailChange, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/users/{id}/email_change/send");
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Verify email
    ///
    /// Verifies an email address using the one-time code received by the user.
    pub async fn verify_email(
        &self,
        id: &str,
        params: VerifyEmailParams,
    ) -> Result<VerifyEmailResponse, Error> {
        self.verify_email_with_options(id, params, None).await
    }

    /// Variant of [`Self::verify_email`] that accepts per-request [`crate::RequestOptions`].
    pub async fn verify_email_with_options(
        &self,
        id: &str,
        params: VerifyEmailParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<VerifyEmailResponse, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/users/{id}/email_verification/confirm");
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Send verification email
    ///
    /// Sends an email that contains a one-time code used to verify a user’s email address.
    pub async fn send_verification_email(
        &self,
        id: &str,
    ) -> Result<SendVerificationEmailResponse, Error> {
        self.send_verification_email_with_options(id, None).await
    }

    /// Variant of [`Self::send_verification_email`] that accepts per-request [`crate::RequestOptions`].
    pub async fn send_verification_email_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<SendVerificationEmailResponse, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/users/{id}/email_verification/send");
        let method = http::Method::POST;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// Get user identities
    ///
    /// Get a list of identities associated with the user. A user can have multiple associated identities after going through [identity linking](https://workos.com/docs/authkit/identity-linking). Currently only OAuth identities are supported. More provider types may be added in the future.
    pub async fn get_user_identities(&self, id: &str) -> Result<Vec<UserIdentitiesGetItem>, Error> {
        self.get_user_identities_with_options(id, None).await
    }

    /// Variant of [`Self::get_user_identities`] that accepts per-request [`crate::RequestOptions`].
    pub async fn get_user_identities_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<Vec<UserIdentitiesGetItem>, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/users/{id}/identities");
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// List sessions
    ///
    /// Get a list of all active sessions for a specific user.
    pub async fn list_sessions(
        &self,
        id: &str,
        params: ListSessionsParams,
    ) -> Result<Vec<UserSessionsListItem>, Error> {
        self.list_sessions_with_options(id, params, None).await
    }

    /// Variant of [`Self::list_sessions`] that accepts per-request [`crate::RequestOptions`].
    pub async fn list_sessions_with_options(
        &self,
        id: &str,
        params: ListSessionsParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<Vec<UserSessionsListItem>, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/users/{id}/sessions");
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &params, options)
            .await
    }

    /// List invitations
    ///
    /// Get a list of all of invitations matching the criteria specified.
    pub async fn list_invitations(
        &self,
        params: ListInvitationsParams,
    ) -> Result<Vec<UserInvite>, Error> {
        self.list_invitations_with_options(params, None).await
    }

    /// Variant of [`Self::list_invitations`] that accepts per-request [`crate::RequestOptions`].
    pub async fn list_invitations_with_options(
        &self,
        params: ListInvitationsParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<Vec<UserInvite>, Error> {
        let path = "/user_management/invitations".to_string();
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &params, options)
            .await
    }

    /// Send an invitation
    ///
    /// Sends an invitation email to the recipient.
    pub async fn send_invitation(&self, params: SendInvitationParams) -> Result<UserInvite, Error> {
        self.send_invitation_with_options(params, None).await
    }

    /// Variant of [`Self::send_invitation`] that accepts per-request [`crate::RequestOptions`].
    pub async fn send_invitation_with_options(
        &self,
        params: SendInvitationParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<UserInvite, Error> {
        let path = "/user_management/invitations".to_string();
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Find an invitation by token
    ///
    /// Retrieve an existing invitation using the token.
    pub async fn find_invitation_by_token(&self, token: &str) -> Result<UserInvite, Error> {
        self.find_invitation_by_token_with_options(token, None)
            .await
    }

    /// Variant of [`Self::find_invitation_by_token`] that accepts per-request [`crate::RequestOptions`].
    pub async fn find_invitation_by_token_with_options(
        &self,
        token: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<UserInvite, Error> {
        let token = crate::client::path_segment(token);
        let path = format!("/user_management/invitations/by_token/{token}");
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// Get an invitation
    ///
    /// Get the details of an existing invitation.
    pub async fn get_invitation(&self, id: &str) -> Result<UserInvite, Error> {
        self.get_invitation_with_options(id, None).await
    }

    /// Variant of [`Self::get_invitation`] that accepts per-request [`crate::RequestOptions`].
    pub async fn get_invitation_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<UserInvite, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/invitations/{id}");
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// Accept an invitation
    ///
    /// Accepts an invitation and, if linked to an organization, activates the user's membership in that organization.
    pub async fn accept_invitation(&self, id: &str) -> Result<Invitation, Error> {
        self.accept_invitation_with_options(id, None).await
    }

    /// Variant of [`Self::accept_invitation`] that accepts per-request [`crate::RequestOptions`].
    pub async fn accept_invitation_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<Invitation, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/invitations/{id}/accept");
        let method = http::Method::POST;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// Resend an invitation
    ///
    /// Resends an invitation email to the recipient. The invitation must be in a pending state.
    pub async fn resend_invitation(
        &self,
        id: &str,
        params: ResendInvitationParams,
    ) -> Result<UserInvite, Error> {
        self.resend_invitation_with_options(id, params, None).await
    }

    /// Variant of [`Self::resend_invitation`] that accepts per-request [`crate::RequestOptions`].
    pub async fn resend_invitation_with_options(
        &self,
        id: &str,
        params: ResendInvitationParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<UserInvite, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/invitations/{id}/resend");
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Revoke an invitation
    ///
    /// Revokes an existing invitation.
    pub async fn revoke_invitation(&self, id: &str) -> Result<Invitation, Error> {
        self.revoke_invitation_with_options(id, None).await
    }

    /// Variant of [`Self::revoke_invitation`] that accepts per-request [`crate::RequestOptions`].
    pub async fn revoke_invitation_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<Invitation, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/invitations/{id}/revoke");
        let method = http::Method::POST;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// Get JWT template
    ///
    /// Get the JWT template for the current environment.
    pub async fn list_jwt_template(&self) -> Result<JWTTemplateResponse, Error> {
        self.list_jwt_template_with_options(None).await
    }

    /// Variant of [`Self::list_jwt_template`] that accepts per-request [`crate::RequestOptions`].
    pub async fn list_jwt_template_with_options(
        &self,
        options: Option<&crate::RequestOptions>,
    ) -> Result<JWTTemplateResponse, Error> {
        let path = "/user_management/jwt_template".to_string();
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// Update JWT template
    ///
    /// Update the JWT template for the current environment.
    pub async fn update_jwt_template(
        &self,
        params: UpdateJWTTemplateParams,
    ) -> Result<JWTTemplateResponse, Error> {
        self.update_jwt_template_with_options(params, None).await
    }

    /// Variant of [`Self::update_jwt_template`] that accepts per-request [`crate::RequestOptions`].
    pub async fn update_jwt_template_with_options(
        &self,
        params: UpdateJWTTemplateParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<JWTTemplateResponse, Error> {
        let path = "/user_management/jwt_template".to_string();
        let method = http::Method::PUT;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Create a Magic Auth code
    ///
    /// Creates a one-time authentication code that can be sent to the user's email address. The code expires in 10 minutes. To verify the code, [authenticate the user with Magic Auth](https://workos.com/docs/reference/authkit/authentication/magic-auth).
    pub async fn create_magic_auth(
        &self,
        params: CreateMagicAuthParams,
    ) -> Result<MagicAuth, Error> {
        self.create_magic_auth_with_options(params, None).await
    }

    /// Variant of [`Self::create_magic_auth`] that accepts per-request [`crate::RequestOptions`].
    pub async fn create_magic_auth_with_options(
        &self,
        params: CreateMagicAuthParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<MagicAuth, Error> {
        let path = "/user_management/magic_auth".to_string();
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Get Magic Auth code details
    ///
    /// Get the details of an existing [Magic Auth](https://workos.com/docs/reference/authkit/magic-auth) code that can be used to send an email to a user for authentication.
    pub async fn get_magic_auth(&self, id: &str) -> Result<MagicAuth, Error> {
        self.get_magic_auth_with_options(id, None).await
    }

    /// Variant of [`Self::get_magic_auth`] that accepts per-request [`crate::RequestOptions`].
    pub async fn get_magic_auth_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<MagicAuth, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/magic_auth/{id}");
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// List organization memberships
    ///
    /// Get a list of all organization memberships matching the criteria specified. At least one of `user_id` or `organization_id` must be provided. By default only active memberships are returned. Use the `statuses` parameter to filter by other statuses.
    pub async fn list_organization_memberships(
        &self,
        params: ListOrganizationMembershipsParams,
    ) -> Result<Vec<UserOrganizationMembership>, Error> {
        self.list_organization_memberships_with_options(params, None)
            .await
    }

    /// Variant of [`Self::list_organization_memberships`] that accepts per-request [`crate::RequestOptions`].
    pub async fn list_organization_memberships_with_options(
        &self,
        params: ListOrganizationMembershipsParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<Vec<UserOrganizationMembership>, Error> {
        let path = "/user_management/organization_memberships".to_string();
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &params, options)
            .await
    }

    /// Create an organization membership
    ///
    /// Creates a new `active` organization membership for the given organization and user.
    ///
    /// Calling this API with an organization and user that match an `inactive` organization membership will activate the membership with the specified role(s).
    pub async fn create_organization_membership(
        &self,
        params: CreateOrganizationMembershipParams,
    ) -> Result<OrganizationMembership, Error> {
        self.create_organization_membership_with_options(params, None)
            .await
    }

    /// Variant of [`Self::create_organization_membership`] that accepts per-request [`crate::RequestOptions`].
    pub async fn create_organization_membership_with_options(
        &self,
        params: CreateOrganizationMembershipParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<OrganizationMembership, Error> {
        let path = "/user_management/organization_memberships".to_string();
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Get an organization membership
    ///
    /// Get the details of an existing organization membership.
    pub async fn get_organization_membership(
        &self,
        id: &str,
    ) -> Result<UserOrganizationMembership, Error> {
        self.get_organization_membership_with_options(id, None)
            .await
    }

    /// Variant of [`Self::get_organization_membership`] that accepts per-request [`crate::RequestOptions`].
    pub async fn get_organization_membership_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<UserOrganizationMembership, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/organization_memberships/{id}");
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// Update an organization membership
    ///
    /// Update the details of an existing organization membership.
    pub async fn update_organization_membership(
        &self,
        id: &str,
        params: UpdateOrganizationMembershipParams,
    ) -> Result<UserOrganizationMembership, Error> {
        self.update_organization_membership_with_options(id, params, None)
            .await
    }

    /// Variant of [`Self::update_organization_membership`] that accepts per-request [`crate::RequestOptions`].
    pub async fn update_organization_membership_with_options(
        &self,
        id: &str,
        params: UpdateOrganizationMembershipParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<UserOrganizationMembership, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/organization_memberships/{id}");
        let method = http::Method::PUT;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// Delete an organization membership
    ///
    /// Permanently deletes an existing organization membership. It cannot be undone.
    pub async fn delete_organization_membership(&self, id: &str) -> Result<(), Error> {
        self.delete_organization_membership_with_options(id, None)
            .await
    }

    /// Variant of [`Self::delete_organization_membership`] that accepts per-request [`crate::RequestOptions`].
    pub async fn delete_organization_membership_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<(), Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/organization_memberships/{id}");
        let method = http::Method::DELETE;
        self.client
            .request_with_query_opts_empty(method, &path, &(), options)
            .await
    }

    /// Deactivate an organization membership
    ///
    /// Deactivates an `active` organization membership. Emits an [organization_membership.updated](https://workos.com/docs/events/organization-membership) event upon successful deactivation.
    ///
    /// - Deactivating an `inactive` membership is a no-op and does not emit an event.
    /// - Deactivating a `pending` membership returns an error. This membership should be [deleted](https://workos.com/docs/reference/authkit/organization-membership/delete) instead.
    ///
    /// See the [membership management documentation](https://workos.com/docs/authkit/users-organizations/organizations/membership-management) for additional details.
    pub async fn deactivate_organization_membership(
        &self,
        id: &str,
    ) -> Result<OrganizationMembership, Error> {
        self.deactivate_organization_membership_with_options(id, None)
            .await
    }

    /// Variant of [`Self::deactivate_organization_membership`] that accepts per-request [`crate::RequestOptions`].
    pub async fn deactivate_organization_membership_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<OrganizationMembership, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/organization_memberships/{id}/deactivate");
        let method = http::Method::PUT;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// Reactivate an organization membership
    ///
    /// Reactivates an `inactive` organization membership, retaining the pre-existing role(s). Emits an [organization_membership.updated](https://workos.com/docs/events/organization-membership) event upon successful reactivation.
    ///
    /// - Reactivating an `active` membership is a no-op and does not emit an event.
    /// - Reactivating a `pending` membership returns an error. The user needs to [accept the invitation](https://workos.com/docs/authkit/invitations) instead.
    ///
    /// See the [membership management documentation](https://workos.com/docs/authkit/users-organizations/organizations/membership-management) for additional details.
    pub async fn reactivate_organization_membership(
        &self,
        id: &str,
    ) -> Result<UserOrganizationMembership, Error> {
        self.reactivate_organization_membership_with_options(id, None)
            .await
    }

    /// Variant of [`Self::reactivate_organization_membership`] that accepts per-request [`crate::RequestOptions`].
    pub async fn reactivate_organization_membership_with_options(
        &self,
        id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<UserOrganizationMembership, Error> {
        let id = crate::client::path_segment(id);
        let path = format!("/user_management/organization_memberships/{id}/reactivate");
        let method = http::Method::PUT;
        self.client
            .request_with_query_opts(method, &path, &(), options)
            .await
    }

    /// Create a redirect URI
    ///
    /// Creates a new redirect URI for an environment.
    pub async fn create_redirect_uri(
        &self,
        params: CreateRedirectUriParams,
    ) -> Result<RedirectUri, Error> {
        self.create_redirect_uri_with_options(params, None).await
    }

    /// Variant of [`Self::create_redirect_uri`] that accepts per-request [`crate::RequestOptions`].
    pub async fn create_redirect_uri_with_options(
        &self,
        params: CreateRedirectUriParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<RedirectUri, Error> {
        let path = "/user_management/redirect_uris".to_string();
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }

    /// List authorized applications
    ///
    /// Get a list of all Connect applications that the user has authorized.
    pub async fn list_user_authorized_applications(
        &self,
        user_id: &str,
        params: ListUserAuthorizedApplicationsParams,
    ) -> Result<AuthorizedConnectApplicationList, Error> {
        self.list_user_authorized_applications_with_options(user_id, params, None)
            .await
    }

    /// Variant of [`Self::list_user_authorized_applications`] that accepts per-request [`crate::RequestOptions`].
    pub async fn list_user_authorized_applications_with_options(
        &self,
        user_id: &str,
        params: ListUserAuthorizedApplicationsParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<AuthorizedConnectApplicationList, Error> {
        let user_id = crate::client::path_segment(user_id);
        let path = format!("/user_management/users/{user_id}/authorized_applications");
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &params, options)
            .await
    }

    /// Returns an async [`futures_util::Stream`] that yields every `AuthorizedConnectApplicationListData`
    /// across all pages, advancing the `after` cursor under the hood.
    ///
    /// ```ignore
    /// use futures_util::TryStreamExt;
    /// let all: Vec<AuthorizedConnectApplicationListData> = self
    ///     .list_user_authorized_applications_auto_paging(user_id, params)
    ///     .try_collect()
    ///     .await?;
    /// ```
    pub fn list_user_authorized_applications_auto_paging(
        &self,
        user_id: impl Into<String>,
        params: ListUserAuthorizedApplicationsParams,
    ) -> impl futures_util::Stream<Item = Result<AuthorizedConnectApplicationListData, Error>> + '_
    {
        let user_id: String = user_id.into();
        crate::pagination::auto_paginate_pages(move |after| {
            let user_id = user_id.clone();
            let mut params = params.clone();
            params.after = after;
            async move {
                let page = self
                    .list_user_authorized_applications(&user_id, params)
                    .await?;
                Ok((page.data, page.list_metadata.after))
            }
        })
    }

    /// Delete an authorized application
    ///
    /// Delete an existing Authorized Connect Application.
    pub async fn delete_user_authorized_application(
        &self,
        application_id: &str,
        user_id: &str,
    ) -> Result<(), Error> {
        self.delete_user_authorized_application_with_options(application_id, user_id, None)
            .await
    }

    /// Variant of [`Self::delete_user_authorized_application`] that accepts per-request [`crate::RequestOptions`].
    pub async fn delete_user_authorized_application_with_options(
        &self,
        application_id: &str,
        user_id: &str,
        options: Option<&crate::RequestOptions>,
    ) -> Result<(), Error> {
        let application_id = crate::client::path_segment(application_id);
        let user_id = crate::client::path_segment(user_id);
        let path =
            format!("/user_management/users/{user_id}/authorized_applications/{application_id}");
        let method = http::Method::DELETE;
        self.client
            .request_with_query_opts_empty(method, &path, &(), options)
            .await
    }

    /// List API keys for a user
    ///
    /// Get a list of API keys owned by a specific user.
    pub async fn list_user_api_keys(
        &self,
        user_id: &str,
        params: ListUserApiKeysParams,
    ) -> Result<UserApiKeyList, Error> {
        self.list_user_api_keys_with_options(user_id, params, None)
            .await
    }

    /// Variant of [`Self::list_user_api_keys`] that accepts per-request [`crate::RequestOptions`].
    pub async fn list_user_api_keys_with_options(
        &self,
        user_id: &str,
        params: ListUserApiKeysParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<UserApiKeyList, Error> {
        let user_id = crate::client::path_segment(user_id);
        let path = format!("/user_management/users/{user_id}/api_keys");
        let method = http::Method::GET;
        self.client
            .request_with_query_opts(method, &path, &params, options)
            .await
    }

    /// Returns an async [`futures_util::Stream`] that yields every `UserApiKey`
    /// across all pages, advancing the `after` cursor under the hood.
    ///
    /// ```ignore
    /// use futures_util::TryStreamExt;
    /// let all: Vec<UserApiKey> = self
    ///     .list_user_api_keys_auto_paging(user_id, params)
    ///     .try_collect()
    ///     .await?;
    /// ```
    pub fn list_user_api_keys_auto_paging(
        &self,
        user_id: impl Into<String>,
        params: ListUserApiKeysParams,
    ) -> impl futures_util::Stream<Item = Result<UserApiKey, Error>> + '_ {
        let user_id: String = user_id.into();
        crate::pagination::auto_paginate_pages(move |after| {
            let user_id = user_id.clone();
            let mut params = params.clone();
            params.after = after;
            async move {
                let page = self.list_user_api_keys(&user_id, params).await?;
                Ok((page.data, page.list_metadata.after))
            }
        })
    }

    /// Create an API key for a user
    ///
    /// Create a new API key owned by a user. The user must have an active membership in the specified organization.
    pub async fn create_user_api_key(
        &self,
        user_id: &str,
        params: CreateUserApiKeyParams,
    ) -> Result<UserApiKeyWithValue, Error> {
        self.create_user_api_key_with_options(user_id, params, None)
            .await
    }

    /// Variant of [`Self::create_user_api_key`] that accepts per-request [`crate::RequestOptions`].
    pub async fn create_user_api_key_with_options(
        &self,
        user_id: &str,
        params: CreateUserApiKeyParams,
        options: Option<&crate::RequestOptions>,
    ) -> Result<UserApiKeyWithValue, Error> {
        let user_id = crate::client::path_segment(user_id);
        let path = format!("/user_management/users/{user_id}/api_keys");
        let method = http::Method::POST;
        self.client
            .request_with_body_opts(method, &path, &params, Some(&params.body), options)
            .await
    }
}