feat(generated): regenerate from spec (10 changes)

[workos-sdk-automation]

Summary

feat(authorization): Remove DomainSignUpRateLimit enum value

• Removed RadarStandaloneResponseControl::DomainSignUpRateLimit enum variant
• This is a breaking change as code matching on this enum value will no longer compile

feat(directory_sync): Remove deactivation event models

• Removed DsyncDeactivated event model
• Removed DsyncDeactivatedData model
• Removed DsyncDeactivatedDataDomain model
• Removed DsyncDeactivatedDataType enum
• Removed DsyncDeactivatedDataState enum
• These models and enums are no longer emitted by the API

feat(user_management): Remove return_to field from RevokeSession

• Removed return_to optional field from RevokeSession struct
• This field is no longer used in session revocation operations

feat(api_keys): Make expires_at required in API key events

• Changed expires_at field from optional to required in ApiKeyCreatedData
• Changed expires_at field from optional to required in ApiKeyRevokedData
• API key events now always include an expiration timestamp

feat(api_keys): Add expire endpoint and API key updated event

• Added create_api_key_expire() method to expire API keys immediately or schedule future expiration
• Added ExpireApiKey request model
• Added ApiKeyUpdated event model with ApiKeyUpdatedData payload
• Added ApiKeyUpdatedDataOwner and UserApiKeyUpdatedDataOwner owner types
• Added ApiKeyUpdatedDataPreviousAttribute to track previous expiration values
• Added API_KEY_UPDATED webhook event type to CreateWebhookEndpointEvents and UpdateWebhookEndpointEvents

feat(directory_sync): Add directory token lifecycle events

• Added DsyncTokenCreated event model with DsyncTokenCreatedData payload
• Added DsyncTokenRevoked event model with DsyncTokenRevokedData payload
• Directory tokens now emit lifecycle events when created or revoked

feat(user_management): Add name field to user models

• Added optional name field to User model
• Added optional name field to CreateUser request model
• Added optional name field to UpdateUser request model
• Added optional name field to UserObject model
• Added optional name field to EmailChangeConfirmationUser model
• Users can now have a full name field in addition to first/last names

feat(audit_log_configuration): Add Snowflake log stream type

• Added Snowflake variant to AuditLogConfigurationLogStreamType enum
• Audit log streams can now be configured to write to Snowflake

chore(generated): Update docstrings for pagination order parameter

• Clarified docstrings for order parameter across multiple list endpoints
• Removed redundant "Defaults to descending" text that was already in separate Defaults comment

chore(generated): Update logout URL documentation

• Updated GetLogoutUrlParams docstring: "session to revoke" → "session"
• Updated return_to parameter docstring: "after session revocation" → "after logout"

Triggered by workos/openapi-spec@dee95fc

BEGIN_COMMIT_OVERRIDE
feat(authorization): Remove DomainSignUpRateLimit enum value (#105)
feat(directory_sync): Remove deactivation event models (#105)
feat(user_management): Remove return_to field from RevokeSession (#105)
feat(api_keys): Make expires_at required in API key events (#105)
feat(api_keys): Add expire endpoint and API key updated event (#105)
feat(directory_sync): Add directory token lifecycle events (#105)
feat(user_management): Add name field to user models (#105)
feat(audit_log_configuration): Add Snowflake log stream type (#105)
chore(generated): Update docstrings for pagination order parameter (#105)
chore(generated): Update logout URL documentation (#105)
END_COMMIT_OVERRIDE

[greptile-apps]

Greptile Summary

Auto-generated spec regeneration covering 10 changes: several model/enum removals (DsyncDeactivated*, DomainSignUpRateLimit, RevokeSession.return_to), new additions (ExpireApiKey endpoint, ApiKeyUpdated event, DsyncToken* events, Snowflake log stream type), and optional name fields on user models.

• Breaking removals are cleanly executed — enum variants, model files, and their mod.rs/enum mod.rs exports are all removed consistently.
• expires_at made required (API key events) — the test fixtures were updated to include the field, but ApiKeyCreatedData and ApiKeyRevokedData structs were not changed; expires_at remains Option<String> in both, leaving the Rust type out of sync with the spec contract declared in the changelog.
• ExpireApiKey gains thorough HTTP-scenario test coverage; the previously noted null-vs-omit behaviour for clearing a future expiry remains unaddressed.

Confidence Score: 4/5

Safe to merge for all newly added features; the expires_at type mismatch in ApiKeyCreatedData and ApiKeyRevokedData means the Rust SDK does not enforce the required-field contract the changelog promises.

The model files api_key_created_data.rs and api_key_revoked_data.rs were not updated in this PR: expires_at remains Option while the spec and changelog both declare it required. Callers who read the changelog and remove their None-handling branches will be relying on a guarantee the types do not enforce. Everything else — removals, new event models, the expire endpoint, user name fields, Snowflake enum addition — looks correct and is consistent with the existing codegen patterns.

src/models/api_key_created_data.rs and src/models/api_key_revoked_data.rs — both need expires_at changed from Option to String to match the spec change declared in the changelog.

Important Files Changed

Filename	Overview
src/models/api_key_created_data.rs	expires_at field remains Option despite the spec and changelog declaring it required — model type not updated to match the breaking change.
src/models/api_key_revoked_data.rs	Same as ApiKeyCreatedData: expires_at stays Option while the spec declares it required.
src/models/expire_api_key.rs	New ExpireApiKey request model; the null-vs-omit distinction for clearing a scheduled expiry was flagged in a previous review thread and is not addressed here.
src/resources/api_keys.rs	Adds create_api_key_expire / create_api_key_expire_with_options with correct path building and body serialization; follows the established pattern in the file.
src/models/_unions.rs	Adds ApiKeyUpdatedDataOwnerOneOf with internally-tagged serde enum, consistent with the existing ApiKeyCreatedDataOwnerOneOf and ApiKeyRevokedDataOwnerOneOf patterns.
src/models/api_key_updated_data.rs	New ApiKeyUpdatedData event payload model with all expected fields; expires_at is intentionally optional here (key may not expire).
src/enums/radar_standalone_response_control.rs	Removes DomainSignUpRateLimit variant cleanly from all three match arms and the enum definition.
tests/api_keys_test.rs	Comprehensive HTTP-scenario tests added for create_api_key_expire covering 200, 400, 401, 404, 422, 429, and 500 responses.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant Caller
    participant ApiKeysApi
    participant WorkOS API

    Caller->>ApiKeysApi: "create_api_key_expire(id, ExpireApiKey { expires_at })"
    Note over ApiKeysApi: Builds POST /api_keys/{id}/expire
    ApiKeysApi->>WorkOS API: POST /api_keys/{id}/expire (body: ExpireApiKey)
    WorkOS API-->>ApiKeysApi: ApiKey (updated)
    ApiKeysApi-->>Caller: "Result<ApiKey, Error>"

    Note over WorkOS API,Caller: Webhook events emitted
    WorkOS API-->>Caller: api_key.updated → ApiKeyUpdated { data: ApiKeyUpdatedData }
    WorkOS API-->>Caller: dsync.token.created → DsyncTokenCreated { data: DsyncTokenCreatedData }
    WorkOS API-->>Caller: dsync.token.revoked → DsyncTokenRevoked { data: DsyncTokenRevokedData }

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant Caller
    participant ApiKeysApi
    participant WorkOS API

    Caller->>ApiKeysApi: "create_api_key_expire(id, ExpireApiKey { expires_at })"
    Note over ApiKeysApi: Builds POST /api_keys/{id}/expire
    ApiKeysApi->>WorkOS API: POST /api_keys/{id}/expire (body: ExpireApiKey)
    WorkOS API-->>ApiKeysApi: ApiKey (updated)
    ApiKeysApi-->>Caller: "Result<ApiKey, Error>"

    Note over WorkOS API,Caller: Webhook events emitted
    WorkOS API-->>Caller: api_key.updated → ApiKeyUpdated { data: ApiKeyUpdatedData }
    WorkOS API-->>Caller: dsync.token.created → DsyncTokenCreated { data: DsyncTokenCreatedData }
    WorkOS API-->>Caller: dsync.token.revoked → DsyncTokenRevoked { data: DsyncTokenRevokedData }

Loading

_{Reviews (2): Last reviewed commit: "update changelog" | Re-trigger Greptile}

[greptile-apps]

null vs omit distinction lost for clearing expiration

The docstring says "Use null to clear a scheduled future expiration," but #[serde(skip_serializing_if = "Option::is_none")] means a None value is omitted entirely, not serialized as null. A caller who sets expires_at: None to clear a scheduled expiry will instead send {}, which triggers the "expire immediately" branch on the server — silently producing the wrong behavior. There is currently no way through this struct to send {"expires_at": null} to the API.