Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support entitlements in the Session #336

Open
adam-h opened this issue Dec 10, 2024 · 2 comments · May be fixed by #349
Open

Support entitlements in the Session #336

adam-h opened this issue Dec 10, 2024 · 2 comments · May be fixed by #349

Comments

@adam-h
Copy link

adam-h commented Dec 10, 2024

With WorkOS now integrating with Stripe to include entitlements in the session [1], it'd be great to have this built-in to the ruby library.

For now we're working around it by re-decoding the access token in our application to access the entitlements, something like:

# Assuming `session_data` is already defined with the sealed session data
session_instance = WorkOS::UserManagement.load_sealed_session \
  client_id: credentials.client_id,
  session_data:,
  cookie_password: credentials.cookie_password

# Reach into `WorkOS::Session` and re-decode the JWT to get the underlying access token
unsealed_session = WorkOS::Session.unseal_data(session_instance.session_data, session_instance.cookie_password)
token = JWT.decode(unsealed_session[:access_token], nil, true, algorithms: session_instance.jwks_algorithms, jwks: session_instance.jwks).first

# We now have the underlying token, and through it the entitlements
puts token["entitlements"]

This works for now, so it's not super urgent for us, it's just not very clean code :)

1: https://workos.com/docs/user-management/entitlements
@adam-h
Copy link
Author

adam-h commented Dec 10, 2024

Also, as this may be useful to others, we have a service class to use the internal WorkOS API methods to be able to get and set the stripe_customer_id on the organisation until it's also available in the API.

# Manually implemented organisation API integration
# until workos-ruby includes the stripe_customer_id attr
class WorkosStripeService
  class << self
    include WorkOS::Client

    def fetch_workos_organization(id)
      fail "Missing organization id" unless id.present?

      org_response = execute_request(request: get_request(
        auth: true,
        path: "/organizations/#{id}",
      ))
      JSON.parse(org_response.body, symbolize_names: true)
    end

    # Manually implemented until workos-ruby includes the stripe_customer_id attr
    def update_workos_organisation!(id, name:, stripe_customer_id:)
      update_response = execute_request(request: put_request(
        auth: true,
        body: {
          name:,
          stripe_customer_id:
        },
        path: "/organizations/#{id}"
      ))
      parsed = JSON.parse(update_response.body, symbolize_names: true)
      fail parsed["message"] if parsed["message"]
      parsed
    end
  end
end

Usage:

# Get
workos_organization_data = WorkosStripeService.fetch_workos_organization(org_id)
puts workos_organization_data[:stripe_customer_id]

# Set
WorkosStripeService.update_workos_organisation!(org_id, name: org_name, stripe_customer_id: stripe_customer_id)

@Teyler7
Copy link
Contributor

Teyler7 commented Jan 22, 2025
edited
Loading

The second comment is related to #346.

adam-h added a commit to adam-h/workos-ruby that referenced this issue Jan 24, 2025
@adam-h
Include entitlements in the authenticated session
42a94d6 
If the users organisation has a stripe link the token includes any entitlements, this should be exposed to client code.

Fixes workos#336
@adam-h adam-h linked a pull request Jan 24, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add entitlements to session adam-h/workos-ruby
2 participants
@adam-h @Teyler7