@spec authenticate_with_code(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(WorkOS.UserManagement.Authentication.t())

Authenticates an OAuth or SSO User.

Parameter options:

• :code - The authorization value which was passed back as a query parameter in the callback to the Redirect URI. (required)
• :ip_address - The IP address of the request from the user who is attempting to authenticate.
• :user_agent - The user agent of the request from the user who is attempting to authenticate. This should be the value of the User-Agent header.

@spec authenticate_with_email_verification(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(WorkOS.UserManagement.Authentication.t())

Authenticates with Email Verification Code

Parameter options:

• :code - The one-time code that was emailed to the user. (required)
• :pending_authentication_code - The pending_authentication_token returned from an authentication attempt due to an unverified email address. (required)
• :ip_address - The IP address of the request from the user who is attempting to authenticate.
• :user_agent - The user agent of the request from the user who is attempting to authenticate. This should be the value of the User-Agent header.

@spec authenticate_with_magic_auth(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(WorkOS.UserManagement.Authentication.t())

Authenticates with Magic Auth.

Parameter options:

• :code - The one-time code that was emailed to the user. (required)
• :email - The email the User who will be authenticated. (required)
• :link_authorization_code - An authorization code used in a previous authenticate request that resulted in an existing user error response.
• :ip_address - The IP address of the request from the user who is attempting to authenticate.
• :user_agent - The user agent of the request from the user who is attempting to authenticate. This should be the value of the User-Agent header.

@spec authenticate_with_password(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(WorkOS.UserManagement.Authentication.t())

Authenticates a user with password.

Parameter options:

• :email - The email address of the user. (required)
• :password - The password of the user. (required)
• :ip_address - The IP address of the request from the user who is attempting to authenticate.
• :user_agent - The user agent of the request from the user who is attempting to authenticate. This should be the value of the User-Agent header.

@spec authenticate_with_selected_organization(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(WorkOS.UserManagement.Authentication.t())

Authenticates with Selected Organization

Parameter options:

• :pending_authentication_code - The token returned from a failed authentication attempt due to organization selection being required. (required)
• :organization_id - The Organization ID the user selected. (required)
• :ip_address - The IP address of the request from the user who is attempting to authenticate.
• :user_agent - The user agent of the request from the user who is attempting to authenticate. This should be the value of the User-Agent header.

@spec authenticate_with_totp(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(WorkOS.UserManagement.Authentication.t())

Authenticates with MFA TOTP

Parameter options:

• :code - The time-based-one-time-password generated by the Factor that was challenged. (required)
• :authentication_challenge_id - The unique ID of the authentication Challenge created for the TOTP Factor for which the user is enrolled. (required)
• :pending_authentication_code - The token returned from a failed authentication attempt due to MFA challenge. (required)
• :ip_address - The IP address of the request from the user who is attempting to authenticate.
• :user_agent - The user agent of the request from the user who is attempting to authenticate. This should be the value of the User-Agent header.

@spec create_organization_membership(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(WorkOS.UserManagement.OrganizationMembership.t())

Creates an organization membership.

Parameter options:

• :user_id - The ID of the User. (required)
• :organization_id - The ID of the Organization to which the user belongs to. (required)

@spec create_user(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(WorkOS.UserManagement.User.t())

Creates a user.

Parameter options:

• :email - The email address of the user. (required)
• :domains - The password to set for the user.
• :first_name - The user's first name.
• :last_name - The user's last name.
• :email_verified - Whether the user's email address was previously verified.

@spec delete_organization_membership(WorkOS.Client.t(), String.t()) ::
  WorkOS.Client.response(nil)

Deletes an organization membership.

@spec delete_user(WorkOS.Client.t(), String.t()) :: WorkOS.Client.response(nil)

Deletes a user.

@spec enroll_auth_factor(WorkOS.Client.t(), String.t(), map()) ::
  WorkOS.Client.response(WorkOS.UserManagement.MultiFactor.EnrollAuthFactor.t())

Enrolls a user in a new Factor.

Parameter options:

• :type - The type of the factor to enroll. Only option available is totp. (required)
• :totp_issuer - For totp factors. Typically your application or company name, this helps users distinguish between factors in authenticator apps.
• :totp_user - For totp factors. Used as the account name in authenticator apps. Defaults to the user's email.

@spec get_authorization_url(map()) :: {:ok, String.t()} | {:error, String.t()}

Generates an OAuth 2.0 authorization URL.

Parameter options:

• :organization_id - The organization_id connection selector is used to initiate SSO for an Organization.
• :connection_id - The connection_id connection selector is used to initiate SSO for a Connection.
• :redirect_uri - A Redirect URI to return an authorized user to. (required)
• :client_id - This value can be obtained from the SSO Configuration page in the WorkOS dashboard.
• :provider - The provider connection selector is used to initiate SSO using an OAuth-compatible provider.
• :state - An optional parameter that can be used to encode arbitrary information to help restore application state between redirects.
• :login_hint - Can be used to pre-fill the username/email address field of the IdP sign-in page for the user, if you know their username ahead of time.
• :domain_hint - Can be used to pre-fill the domain field when initiating authentication with Microsoft OAuth, or with a GoogleSAML connection type.

@spec get_invitation(WorkOS.Client.t(), String.t()) ::
  WorkOS.Client.response(WorkOS.UserManagement.Invitation.t())

Gets an invitation.

@spec get_organization_membership(WorkOS.Client.t(), String.t()) ::
  WorkOS.Client.response(WorkOS.UserManagement.OrganizationMembership.t())

Gets an organization membership.

@spec get_user(WorkOS.Client.t(), String.t()) ::
  WorkOS.Client.response(WorkOS.UserManagement.User.t())

Gets a user.

@spec list_auth_factors(WorkOS.Client.t(), String.t()) ::
  WorkOS.Client.response(
    WorkOS.List.t(WorkOS.UserManagement.MultiFactor.AuthenticationFactor.t())
  )

Lists all auth factors of a user.

@spec list_invitations(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(WorkOS.List.t(WorkOS.UserManagement.Invitation.t()))

Lists all invitations.

Parameter options:

• :email - The email address of a recipient.
• :organization_id - The ID of the Organization that the recipient was invited to join.
• :limit - Maximum number of records to return. Accepts values between 1 and 100. Default is 10.
• :after - Pagination cursor to receive records after a provided event ID.
• :before - An object ID that defines your place in the list. When the ID is not present, you are at the end of the list.
• :order - Order the results by the creation time. Supported values are "asc" and "desc" for showing older and newer records first respectively.

@spec list_organization_memberships(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(
    WorkOS.List.t(WorkOS.UserManagement.OrganizationMembership.t())
  )

Lists all organization memberships.

Parameter options:

• :user_id - The ID of the User.
• :organization_id - The ID of the Organization to which the user belongs to.
• :limit - Maximum number of records to return. Accepts values between 1 and 100. Default is 10.
• :after - Pagination cursor to receive records after a provided event ID.
• :before - An object ID that defines your place in the list. When the ID is not present, you are at the end of the list.
• :order - Order the results by the creation time. Supported values are "asc" and "desc" for showing older and newer records first respectively.

@spec list_users(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(WorkOS.List.t(WorkOS.UserManagement.User.t()))

Lists all users.

Parameter options:

• :email - Filter Users by their email.
• :organization_id - Filter Users by the organization they are members of.
• :limit - Maximum number of records to return. Accepts values between 1 and 100. Default is 10.
• :after - Pagination cursor to receive records after a provided event ID.
• :before - An object ID that defines your place in the list. When the ID is not present, you are at the end of the list.
• :order - Order the results by the creation time. Supported values are "asc" and "desc" for showing older and newer records first respectively.

@spec reset_password(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(WorkOS.UserManagement.ResetPassword.t())

Resets password.

Parameter options:

• :token - The reset token emailed to the user. (required)
• :new_password - The new password to be set for the user. (required)

@spec revoke_invitation(WorkOS.Client.t(), String.t()) ::
  WorkOS.Client.response(WorkOS.UserManagement.Invitation.t())

Revokes an invitation.

@spec send_invitation(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(WorkOS.UserManagement.Invitation.t())

Sends an invitation.

Parameter options:

• :email - The email address of the recipient. (required)
• :organization_id - The ID of the Organization to which the recipient is being invited.
• :expires_in_days - The number of days the invitations will be valid for.
• :inviter_user_id - The ID of the User sending the invitation.

@spec send_magic_auth_code(WorkOS.Client.t(), String.t()) ::
  WorkOS.Client.response(WorkOS.UserManagement.MagicAuth.SendMagicAuthCode.t())

Creates a one-time Magic Auth code.

Parameter options:

• :email - The email address the one-time code will be sent to. (required)

@spec send_password_reset_email(WorkOS.Client.t(), map()) ::
  WorkOS.Client.response(WorkOS.UserManagement.OrganizationMembership.t())

Sends a password reset email to a user.

Parameter options:

• :email - The email of the user that wishes to reset their password. (required)
• :password_reset_url - The password to set for the user. (required)

@spec send_verification_email(WorkOS.Client.t(), String.t()) ::
  WorkOS.Client.response(
    WorkOS.UserManagement.EmailVerification.SendVerificationEmail.t()
  )

Sends verification email.

@spec update_user(WorkOS.Client.t(), String.t(), map()) ::
  WorkOS.Client.response(WorkOS.UserManagement.User.t())

Updates a user.

Parameter options:

• :first_name - The user's first name.
• :last_name - The user's last name.
• :email_verified - Whether the user's email address was previously verified.
• :password - The password to set for the user.
• :password_hash - The hashed password to set for the user, used when migrating from another user store. Mutually exclusive with password.
• :password_hash_type - The algorithm originally used to hash the password, used when providing a password_hash. Valid values are bcrypt.

@spec verify_email(WorkOS.Client.t(), String.t(), map()) ::
  WorkOS.Client.response(
    WorkOS.UserManagement.EmailVerification.VerifyEmail.t()
  )

Verifies user email.

Parameter options:

• :code - The one-time code emailed to the user. (required)