feat(generated)!: regenerate from spec (9 changes)

[workos-sdk-automation]

Summary

feat(user_management)!: Remove return_to parameter from revoke_session

• Removed return_to parameter from UserManagement.revoke_session and AsyncUserManagement.revoke_session methods
• Updated RevokeSession model to remove the return_to field
• The parameter was optional but is now completely removed from the API

feat(api_keys): Add create_api_key_expire operation

• Added new create_api_key_expire method to both ApiKeys and AsyncApiKeys classes
• Added ExpireApiKey model with optional expires_at field
• New operation allows expiring an API key immediately, scheduling future expiration, or clearing scheduled expiration

feat(common): Remove DsyncDeactivated models and add DsyncToken events

• Removed DsyncDeactivated, DsyncDeactivatedData, DsyncDeactivatedDataDomain, DsyncDeactivatedDataState, and DsyncDeactivatedDataType models (breaking change)
• Added new event models: DsyncTokenCreated, DsyncTokenCreatedData, DsyncTokenRevoked, DsyncTokenRevokedData
• Updated event schema to reflect removal of dsync.deactivated event and addition of dsync.token.created and dsync.token.revoked events
• Updated webhook endpoint events to support new api_key.updated event

feat(common): Add ApiKeyUpdated event models

• Added ApiKeyUpdated, ApiKeyUpdatedData, ApiKeyUpdatedDataOwner, ApiKeyUpdatedDataPreviousAttribute, and UserApiKeyUpdatedDataOwner models
• New event models support tracking API key updates with previous attribute values
• Updated create and update webhook endpoint events to include api_key.updated

feat(common): Make expires_at required in ApiKeyCreatedData and ApiKeyRevokedData

• Changed expires_at field from optional to required in ApiKeyCreatedData model
• Changed expires_at field from optional to required in ApiKeyRevokedData model
• Reordered fields to move expires_at before permissions in serialization

feat(user_management)!: Add name field to User, CreateUser, and UpdateUser models

• Added name field to User model for the user's full name
• Added name parameter to create_user and update_user methods
• Added name field to CreateUser and UpdateUser models
• Allows setting user's full name in addition to first and last name separately

feat(connect): Add name field to UserObject model

• Added name field to UserObject model for the user's full name
• Allows Connect endpoints to return and accept user's full name alongside first and last name

feat(authorization): Remove DOMAIN_SIGN_UP_RATE_LIMIT from RadarStandaloneResponseControl enum

• Removed DOMAIN_SIGN_UP_RATE_LIMIT value from RadarStandaloneResponseControl enum (breaking change)
• Updated enum type alias to exclude the removed value

feat(audit_logs): Add SNOWFLAKE to AuditLogConfigurationLogStreamType enum

• Added SNOWFLAKE value to AuditLogConfigurationLogStreamType enum
• Extends audit log configuration to support Snowflake as a log stream destination

Triggered by workos/openapi-spec@dee95fc

BEGIN_COMMIT_OVERRIDE
feat(user_management)!: Remove return_to parameter from revoke_session (#665)
feat(api_keys): Add create_api_key_expire operation (#665)
feat(common): Remove DsyncDeactivated models and add DsyncToken events (#665)
feat(common): Add ApiKeyUpdated event models (#665)
feat(common): Make expires_at required in ApiKeyCreatedData and ApiKeyRevokedData (#665)
feat(user_management)!: Add name field to User, CreateUser, and UpdateUser models (#665)
feat(connect): Add name field to UserObject model (#665)
feat(authorization): Remove DOMAIN_SIGN_UP_RATE_LIMIT from RadarStandaloneResponseControl enum (#665)
feat(audit_logs): Add SNOWFLAKE to AuditLogConfigurationLogStreamType enum (#665)
END_COMMIT_OVERRIDE

[greptile-apps]

Greptile Summary

This auto-generated PR regenerates the Python SDK from the OpenAPI spec, adding 9 changes across user management, API keys, common event models, connect, authorization, and audit logs.

• Breaking changes: removes return_to from revoke_session, removes DsyncDeactivated models and DOMAIN_SIGN_UP_RATE_LIMIT enum value; expires_at becomes required in ApiKeyCreatedData and ApiKeyRevokedData.
• Additions: new create_api_key_expire operation, ApiKeyUpdated event models, DsyncTokenCreated/DsyncTokenRevoked event models, name field on User/CreateUser/UpdateUser/UserObject, and SNOWFLAKE to AuditLogConfigurationLogStreamType.
• Bug in create_api_key_expire: the body builder filters out None values, making it impossible to send {\"expires_at\": null} — the documented way to clear a scheduled future expiration.

Confidence Score: 4/5

The PR is mostly safe to merge; the breaking changes are intentional and well-reflected in models and fixtures. One functional gap exists in create_api_key_expire where the clear scheduled expiration use case cannot be expressed through the current API.

Nearly all changes are straightforward model additions and removals that match the spec. The one concrete defect is in create_api_key_expire: omitting None values from the request body makes it impossible to send the null payload the API requires to clear a scheduled expiration, breaking a documented use case on both the sync and async paths.

src/workos/api_keys/_resource.py — both sync and async create_api_key_expire need attention for the null-clearing use case.

Important Files Changed

Filename	Overview
src/workos/api_keys/_resource.py	Adds create_api_key_expire (sync + async); the None-filtering body builder makes it impossible to send explicit null to clear a scheduled expiration as documented.
src/workos/api_keys/models/expire_api_key.py	New ExpireApiKey model with optional expires_at field; well-formed but not used by the resource (body is built inline as a dict).
src/workos/common/models/api_key_created_data.py	expires_at promoted from optional (with default) to required non-default field; field ordering adjusted accordingly.
src/workos/common/models/api_key_updated_data.py	New ApiKeyUpdatedData event payload with discriminated owner union and previous_attributes tracking; correctly implemented.
src/workos/common/models/dsync_token_created.py	New DsyncTokenCreated event model; straightforward addition mirroring the existing event pattern.
src/workos/common/models/dsync_token_revoked_data.py	DsyncTokenRevokedData is a TypeAlias for DsyncTokenCreatedData — correct reuse of shared schema.
src/workos/common/models/user.py	Adds optional name field to User model with correct optional deserialization and always-present serialization.
src/workos/user_management/models/revoke_session.py	Removes return_to field from RevokeSession model as documented breaking change.
src/workos/events/models/event_schema.py	Adds api_key.updated, dsync.token.created, dsync.token.revoked event mappings and removes dsync.deactivated.
tests/test_api_keys.py	Adds sync and async tests for create_api_key_expire; no test covers passing null to clear a scheduled expiration.

Sequence Diagram

sequenceDiagram
    participant Caller
    participant ApiKeys
    participant WorkOSAPI

    Caller->>ApiKeys: "create_api_key_expire(id, expires_at="2026-01-01")"
    Note over ApiKeys: body = {"expires_at": "2026-01-01"}
    ApiKeys->>WorkOSAPI: "POST /api_keys/{id}/expire"
    WorkOSAPI-->>ApiKeys: ApiKey (scheduled expiry)
    ApiKeys-->>Caller: ApiKey

    Caller->>ApiKeys: create_api_key_expire(id)
    Note over ApiKeys: body = {} (expires immediately)
    ApiKeys->>WorkOSAPI: "POST /api_keys/{id}/expire"
    WorkOSAPI-->>ApiKeys: ApiKey (expired now)
    ApiKeys-->>Caller: ApiKey

    Caller->>ApiKeys: "create_api_key_expire(id, expires_at=None)"
    Note over ApiKeys: None filtered out — body = {}<br/>Cannot send {expires_at: null}<br/>to clear scheduled expiry
    ApiKeys->>WorkOSAPI: "POST /api_keys/{id}/expire"
    Note over WorkOSAPI: Treated as immediate expire,<br/>NOT as clear scheduled expiry
    WorkOSAPI-->>ApiKeys: ApiKey
    ApiKeys-->>Caller: ApiKey (wrong behaviour)

Loading

_{Reviews (1): Last reviewed commit: "chore(generated): add release notes frag..." | Re-trigger Greptile}

[greptile-apps]

Cannot send explicit null to clear scheduled expiration

The docstring for expires_at states: "Use null to clear a scheduled future expiration." However the body-building filter if v is not None silently drops a None value, so calling create_api_key_expire(id, expires_at=None) produces an empty body {} — identical to omitting the argument. There is no way for callers to send {"expires_at": null} to the API, making the "clear scheduled expiration" use case completely unreachable. The same issue is present in AsyncApiKeys.create_api_key_expire at line 415.