From ec1ab6714f73b8220962ef119b238832a8be544a Mon Sep 17 00:00:00 2001 From: Ken Lynch Date: Wed, 13 May 2026 18:39:37 +0000 Subject: [PATCH] fix: include custom_attributes on SSO Profile struct WorkOS.SSO.Profile.cast/1 silently dropped the custom_attributes field returned by /sso/token, leaving callers unable to read custom attributes configured on a connection. This breaks the documented migration away from raw_attributes (deprecated 2026-04-15) for callers that rely on IdP-issued claims such as the front-channel logout sid. Adds :custom_attributes to the struct (optional, may be nil when the connection has no custom attributes configured), mirroring the field handling in WorkOS.DirectorySync.Directory.User. --- lib/workos/sso/profile.ex | 9 ++++++--- test/support/sso_client_mock.ex | 6 ++++++ test/workos/sso_test.exs | 24 ++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/lib/workos/sso/profile.ex b/lib/workos/sso/profile.ex index 5816c954..a9f424fe 100644 --- a/lib/workos/sso/profile.ex +++ b/lib/workos/sso/profile.ex @@ -15,7 +15,8 @@ defmodule WorkOS.SSO.Profile do first_name: String.t() | nil, last_name: String.t() | nil, groups: [String.t()] | nil, - raw_attributes: %{String.t() => any()} | nil + raw_attributes: %{String.t() => any()} | nil, + custom_attributes: %{String.t() => any()} | nil } @enforce_keys [:id, :idp_id, :connection_id, :connection_type, :email] @@ -29,7 +30,8 @@ defmodule WorkOS.SSO.Profile do :first_name, :last_name, :groups, - :raw_attributes + :raw_attributes, + :custom_attributes ] @impl true @@ -45,7 +47,8 @@ defmodule WorkOS.SSO.Profile do first_name: map["first_name"], last_name: map["last_name"], groups: map["groups"], - raw_attributes: map["raw_attributes"] + raw_attributes: map["raw_attributes"], + custom_attributes: map["custom_attributes"] } end end diff --git a/test/support/sso_client_mock.ex b/test/support/sso_client_mock.ex index ba4ac0fe..5e8d02db 100644 --- a/test/support/sso_client_mock.ex +++ b/test/support/sso_client_mock.ex @@ -42,6 +42,9 @@ defmodule WorkOS.SSO.ClientMock do "first_name" => "foo", "last_name" => "bar", "groups" => groups + }, + "custom_attributes" => %{ + "sid" => "S-1-5-21-1004336348-1177238915-682003330-512" } } } @@ -74,6 +77,9 @@ defmodule WorkOS.SSO.ClientMock do "email" => "foo@test.com", "first_name" => "foo", "last_name" => "bar" + }, + "custom_attributes" => %{ + "sid" => "S-1-5-21-1004336348-1177238915-682003330-512" } } diff --git a/test/workos/sso_test.exs b/test/workos/sso_test.exs index 6bf0e341..d1e8598f 100644 --- a/test/workos/sso_test.exs +++ b/test/workos/sso_test.exs @@ -145,6 +145,19 @@ defmodule WorkOS.SSOTest do refute is_nil(access_token) refute is_nil(profile) end + + test "casts custom_attributes from the profile response", context do + opts = [code: "authorization_code"] + + context |> ClientMock.get_profile_and_token(assert_fields: opts) + + assert {:ok, %WorkOS.SSO.ProfileAndToken{profile: profile}} = + WorkOS.SSO.get_profile_and_token(opts |> Keyword.get(:code)) + + assert profile.custom_attributes == %{ + "sid" => "S-1-5-21-1004336348-1177238915-682003330-512" + } + end end describe "get_profile" do @@ -158,6 +171,17 @@ defmodule WorkOS.SSOTest do refute is_nil(id) end + + test "casts custom_attributes from the profile response", context do + opts = [access_token: "access_token"] + + context |> ClientMock.get_profile(assert_fields: opts) + + assert {:ok, %WorkOS.SSO.Profile{custom_attributes: custom_attributes}} = + WorkOS.SSO.get_profile(opts |> Keyword.get(:access_token)) + + assert custom_attributes == %{"sid" => "S-1-5-21-1004336348-1177238915-682003330-512"} + end end describe "get_connection" do