feat(authorization): add role assignment methods #1474
+1,000
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add listRoleAssignments() for listing role assignments - Add assignRole() for assigning roles to resources - Add removeRole() for removing by role/resource criteria (via query params) - Add removeRoleAssignment() for removing by assignment ID Includes: - 5 new interface files for role assignments - 3 new serializer files - 2 fixture files for testing - 8 new tests (all passing) ENT-4372 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Contributor
Author
|
@greptile do a first pass review plz |
Contributor
Greptile OverviewGreptile SummaryThis PR implements four role assignment methods for the WorkOS Node SDK's authorization module: Key Changes:
Testing: Confidence Score: 5/5
Important Files Changed
Sequence DiagramsequenceDiagram
participant Client
participant SDK as Authorization SDK
participant Serializer
participant API as WorkOS API
Note over Client,API: List Role Assignments
Client->>SDK: listRoleAssignments(options)
SDK->>API: GET /authorization/organization_memberships/{id}/role_assignments
API-->>SDK: RoleAssignmentListResponse (snake_case)
SDK->>Serializer: deserializeRoleAssignment()
Serializer-->>SDK: RoleAssignment (camelCase)
SDK-->>Client: RoleAssignmentList
Note over Client,API: Assign Role
Client->>SDK: assignRole(options)
SDK->>Serializer: serializeAssignRoleOptions()
Serializer-->>SDK: SerializedOptions (snake_case)
SDK->>API: POST /authorization/organization_memberships/{id}/role_assignments
API-->>SDK: RoleAssignmentResponse (snake_case)
SDK->>Serializer: deserializeRoleAssignment()
Serializer-->>SDK: RoleAssignment (camelCase)
SDK-->>Client: RoleAssignment
Note over Client,API: Remove Role (by resource)
Client->>SDK: removeRole(options)
SDK->>Serializer: serializeRemoveRoleOptions()
Serializer-->>SDK: Query params (snake_case)
SDK->>API: DELETE /authorization/organization_memberships/{id}/role_assignments?params
API-->>SDK: 204 No Content
SDK-->>Client: void
Note over Client,API: Remove Role Assignment (by ID)
Client->>SDK: removeRoleAssignment(options)
SDK->>API: DELETE /authorization/organization_memberships/{id}/role_assignments/{ra_id}
API-->>SDK: 204 No Content
SDK-->>Client: void
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
swaroopAkkineniWorkos
requested review from
atainter,
csrbarber,
mattgd and
rwtombaugh
and removed request for
a team
Base automatically changed from
ENT-4372-Internal-ID
to
ENT-4372-base-authorization-branch
February 11, 2026 19:12
atainter
reviewed
Feb 11, 2026
| organizationMembershipId: string; | ||
| roleSlug: string; | ||
| resourceId?: string; | ||
| resourceExternalId?: string; |
Contributor
There was a problem hiding this comment.
I wonder if we should actually make resource argument this for all endpoints
resource: {id: string} | {external_id: string, type_slug: string}
Because we also have it for remove/assign role options
It could be a union of types
type ResourceOptions = {id: string} | {external_id: string, type_slug: string}[3:17 PM]export interface RemoveRoleOptions {
organizationMembershipId: string;
roleSlug: string;
resource: ResourceOptions
}
| await this.workos.delete(`/authorization/resources/${resourceId}`); | ||
| } | ||
|
|
||
| // phase 3 |
Contributor
There was a problem hiding this comment.
Suggested change
| // phase 3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
linear: https://linear.app/workos/issue/ENT-4372/sdk-updates
I decided to break up the work for ENT-4372 into a smaller pr's that we can be easily reviewed and merge them into ENT-4372-base-authorization-branch. Then we can have one final merge that merges ENT-4372-base-authorization-branch into the main.
desc: the goal of this pr is to implement the following endpoints in the node sdk.
listRoleAssignments() ~ https://github.com/workos/workos/blob/1bf21e074e2cde476d83660ca41e05853fa081b8/packages/api/src/authorization/authorization-role-assignments.controller.ts#L83
assignRole() ~ https://github.com/workos/workos/blob/1bf21e074e2cde476d83660ca41e05853fa081b8/packages/api/src/authorization/authorization-role-assignments.controller.ts#L140
removeRole() ~ https://github.com/workos/workos/blob/1bf21e074e2cde476d83660ca41e05853fa081b8/packages/api/src/authorization/authorization-role-assignments.controller.ts#L205
removeRoleAssignment() ~ https://github.com/workos/workos/blob/1bf21e074e2cde476d83660ca41e05853fa081b8/packages/api/src/authorization/authorization-role-assignments.controller.ts#L264