Add invitation_token parameter to authentication methods (#438)

gjtorikian · web-flow · commit d24e3dc2995d · 2026-02-10T13:51:55.000-05:00
diff --git a/lib/workos/user_management.rb b/lib/workos/user_management.rb
@@ -298,16 +298,19 @@ def delete_user(id:)
       # @param [String] client_id The WorkOS client ID for the environment
       # @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
       # @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
+      # @param [String] invitation_token The token of an Invitation, if required.
       # @param [Hash] session An optional hash that determines whether the session should be sealed and
       # the optional cookie password.
       #
       # @return WorkOS::AuthenticationResponse
+      # rubocop:disable Metrics/ParameterLists
       def authenticate_with_password(
         email:,
         password:,
         client_id:,
         ip_address: nil,
         user_agent: nil,
+        invitation_token: nil,
         session: nil
       )
         validate_session(session)
@@ -322,13 +325,15 @@ def authenticate_with_password(
               password: password,
               ip_address: ip_address,
               user_agent: user_agent,
+              invitation_token: invitation_token,
               grant_type: 'password',
             },
           ),
         )
 
         WorkOS::AuthenticationResponse.new(response.body, session)
       end
+      # rubocop:enable Metrics/ParameterLists
 
       # Authenticate a user using OAuth or an organization's SSO connection.
       #
@@ -337,6 +342,7 @@ def authenticate_with_password(
       # @param [String] client_id The WorkOS client ID for the environment
       # @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
       # @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
+      # @param [String] invitation_token The token of an Invitation, if required.
       # @param [Hash] session An optional hash that determines whether the session should be sealed and
       # the optional cookie password.
       #
@@ -346,6 +352,7 @@ def authenticate_with_code(
         client_id:,
         ip_address: nil,
         user_agent: nil,
+        invitation_token: nil,
         session: nil
       )
         validate_session(session)
@@ -359,6 +366,7 @@ def authenticate_with_code(
               client_secret: WorkOS.config.key!,
               ip_address: ip_address,
               user_agent: user_agent,
+              invitation_token: invitation_token,
               grant_type: 'authorization_code',
             },
           ),
@@ -415,6 +423,7 @@ def authenticate_with_refresh_token(
       # @param [String] link_authorization_code Used to link an OAuth profile to an existing user,
       # after having completed a Magic Code challenge.
       # @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
+      # @param [String] invitation_token The token of an Invitation, if required.
       # @param [Hash] session An optional hash that determines whether the session should be sealed and
       # the optional cookie password.
       #
@@ -427,6 +436,7 @@ def authenticate_with_magic_auth(
         ip_address: nil,
         user_agent: nil,
         link_authorization_code: nil,
+        invitation_token: nil,
         session: nil
       )
         validate_session(session)
@@ -443,6 +453,7 @@ def authenticate_with_magic_auth(
               user_agent: user_agent,
               grant_type: 'urn:workos:oauth:grant-type:magic-auth:code',
               link_authorization_code: link_authorization_code,
+              invitation_token: invitation_token,
             },
           ),
         )
diff --git a/spec/lib/workos/user_management_spec.rb b/spec/lib/workos/user_management_spec.rb
@@ -588,6 +588,28 @@
         end
       end
     end
+
+    context 'with an invitation_token' do
+      it 'includes invitation_token in the request body' do
+        expect(described_class).to receive(:post_request) do |options|
+          body = options[:body]
+          expect(body[:invitation_token]).to eq('invitation_token_123')
+
+          double('request')
+        end.and_return(double('request'))
+
+        expect(described_class).to receive(:execute_request).and_return(
+          double('response', body: '{"user": {"id": "user_123"}, "access_token": "token", "refresh_token": "refresh"}'),
+        )
+
+        described_class.authenticate_with_password(
+          email: 'test@workos.app',
+          password: 'password123',
+          client_id: 'client_123',
+          invitation_token: 'invitation_token_123',
+        )
+      end
+    end
   end
 
   describe '.authenticate_with_code' do
@@ -671,6 +693,27 @@
         end
       end
     end
+
+    context 'with an invitation_token' do
+      it 'includes invitation_token in the request body' do
+        expect(described_class).to receive(:post_request) do |options|
+          body = options[:body]
+          expect(body[:invitation_token]).to eq('invitation_token_123')
+
+          double('request')
+        end.and_return(double('request'))
+
+        expect(described_class).to receive(:execute_request).and_return(
+          double('response', body: '{"user": {"id": "user_123"}, "access_token": "token", "refresh_token": "refresh"}'),
+        )
+
+        described_class.authenticate_with_code(
+          code: '01H93ZZHA0JBHFJH9RR11S83YN',
+          client_id: 'client_123',
+          invitation_token: 'invitation_token_123',
+        )
+      end
+    end
   end
 
   describe '.authenticate_with_refresh_token' do
@@ -735,6 +778,28 @@
         end
       end
     end
+
+    context 'with an invitation_token' do
+      it 'includes invitation_token in the request body' do
+        expect(described_class).to receive(:post_request) do |options|
+          body = options[:body]
+          expect(body[:invitation_token]).to eq('invitation_token_123')
+
+          double('request')
+        end.and_return(double('request'))
+
+        expect(described_class).to receive(:execute_request).and_return(
+          double('response', body: '{"user": {"id": "user_123"}, "access_token": "token", "refresh_token": "refresh"}'),
+        )
+
+        described_class.authenticate_with_magic_auth(
+          code: '452079',
+          client_id: 'client_123',
+          email: 'test@workos.com',
+          invitation_token: 'invitation_token_123',
+        )
+      end
+    end
   end
 
   describe '.authenticate_with_organization_selection' do
