Adding in Authorization Access Evaluation endpoint

[swaroopAkkineniWorkos]

linear: https://linear.app/workos/issue/ENT-4372/sdk-updates

I decided to break up the work for ENT-4372 into a smaller pr's that we can be easily reviewed and merge them into ENT-4372-base-authorization-branch. Then we can have one final merge that merges ENT-4372-base-authorization-branch into the main.

desc: the goal of this pr is to implement the following endpoints in the node sdk.

check() | POST /authorization/organization_memberships/{om_id}/check

check() ~ https://github.com/workos/workos/blob/44963176350da59515a31bfeb5f5355b153d18e9/packages/api/src/authorization/authorization.controller.ts#L94

[linear]

ENT-4372 SDK Updates

[swaroopAkkineniWorkos]

@greptile review this pr plz

[greptile-apps]

Greptile Overview

Greptile Summary

This PR implements the check() endpoint for the Node SDK, allowing evaluation of authorization permissions for organization memberships against specific resources.

Key Changes:

• Added check() method to Authorization class that posts to /authorization/organization_memberships/{om_id}/check
• Created interfaces for authorization check options and results with flexible resource identification (resourceId, resourceExternalId, or resourceTypeSlug)
• Implemented serializer that converts camelCase to snake_case and conditionally includes only provided resource fields
• Added comprehensive test coverage for authorized/unauthorized cases and field serialization

Issue Found:

• Missing semicolon in src/authorization/serializers/index.ts (inconsistent with other exports in the file)

Confidence Score: 4/5

• Safe to merge after fixing the missing semicolon
• The implementation follows existing patterns in the codebase, has comprehensive test coverage, and properly handles optional resource identification fields. Only issue is a minor syntax inconsistency (missing semicolon) that should be fixed before merging.
• Fix the semicolon in src/authorization/serializers/index.ts

Important Files Changed

Filename	Overview
src/authorization/authorization.ts	Added check() method to evaluate authorization permissions for organization memberships
src/authorization/serializers/authorization-check-options.serializer.ts	Serializer to convert camelCase options to snake_case API format, conditionally including resource fields
src/authorization/serializers/index.ts	Added export for new serializer but missing semicolon (inconsistent with other exports)
src/authorization/authorization.spec.ts	Added comprehensive tests for check() method covering authorized/unauthorized cases and field serialization

Sequence Diagram

sequenceDiagram
    participant Client
    participant SDK as WorkOS SDK
    participant Serializer
    participant API as WorkOS API
    
    Client->>SDK: check(options)
    SDK->>Serializer: serializeAuthorizationCheckOptions(options)
    Note over Serializer: Convert camelCase to snake_case<br/>Include only provided resource fields
    Serializer-->>SDK: serialized payload
    SDK->>API: POST /authorization/organization_memberships/{om_id}/check
    API-->>SDK: { authorized: boolean }
    SDK-->>Client: AuthorizationCheckResult

Loading

[greptile-apps]

_{6 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Consider adding test cases for resourceExternalId + resourceTypeSlug and resourceTypeSlug alone to validate all resource identification methods

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

[swaroopAkkineniWorkos]

added in

[greptile-apps]

_{6 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Missing semicolon (all other exports have semicolons)

Suggested change

	export * from './authorization-check-options.serializer';
	export * from './authorization-check-options.serializer';

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}