chore(main): release 9.0.0

[workos-sdk-automation]

🤖 I have created a release beep boop

9.0.0 (2026-06-17)

⚠ BREAKING CHANGES

• organization_membership: Add new OrganizationMembershipService with membership and group operations (#662)
• vault: Add new Vault service with encryption and object storage APIs (#662)
• radar: Remove device_fingerprint and bot_score parameters from assess request (#662)
• authorization: Remove search parameter and add resource/role filtering (#662)
• api_keys: Add expires_at field to API key models (#662)
• audit_logs: Rename audit log models and update service references (#662)
• webhooks: Rename WebhookEndpointJson to WebhookEndpoint (#662)
• user_management: Remove organization membership methods, move to new service (#662)
• api_keys: Restructure API key models for dual ownership
• common: Add user API key event models and refactor BYOK key provider
• authorization: Refactor role assignment models and add list endpoints
• release new version of Python SDK library (#599)

Features

• add get_jwks_url helper to UserManagement (#644) (53134d3)
• Add ability to accept invitations (#552) (47b34e9)
• Add Connect Applications and Client Secrets module (#585) (1ad1623)
• add cross app auth method (#577) (c67972f)
• add resource_type_slug to permissions, environment and organization roles (#576) (1004bd7)
• add support for totp_secret (#273) (2171558)
• api_keys: Add create_api_key_expire operation (#665) (4af7da4)
• api_keys: Add expires_at field to API key models (#662) (ab992b5)
• api_keys: Restructure API key models for dual ownership (8b5e91d)
• audit_logs: Add SNOWFLAKE to AuditLogConfigurationLogStreamType enum (#665) (4af7da4)
• audit_logs: Rename audit log models and update service references (#662) (ab992b5)
• authorization: Refactor role assignment models and add list endpoints (8b5e91d)
• authorization: Remove DOMAIN_SIGN_UP_RATE_LIMIT from RadarStandaloneResponseControl enum (#665) (4af7da4)
• authorization: Remove search parameter and add resource/role filtering (#662) (ab992b5)
• common: Add ApiKeyUpdated event models (#665) (4af7da4)
• common: Add new models for pipes events and enhancements (#662) (ab992b5)
• common: Add user API key event models and refactor BYOK key provider (8b5e91d)
• common: Make expires_at required in ApiKeyCreatedData and ApiKeyRevokedData (#665) (4af7da4)
• common: Remove DsyncDeactivated models and add DsyncToken events (#665) (4af7da4)
• connect: Add name field to UserObject model (#665) (4af7da4)
• docs: Publish pdoc-generated API reference to GitHub Pages (#651) (05831ea)
• generated: Add Groups API and Waitlist User events support (#640) (a10d02b)
• generated: use explicit re-export form in service init.py (#645) (7ecb2e9)
• make vault events available in SDK (#588) (75322fb)
• organization_domain events (#457) (795eb8f)
• organization_membership: Add new OrganizationMembershipService with membership and group operations (#662) (ab992b5)
• radar: Remove device_fingerprint and bot_score parameters from assess request (#662) (ab992b5)
• release new version of Python SDK library (#599) (9aaec74)
• return organization_name on OrganizationMembership (#574) (dae4dab)
• Support screen_hint in user_management.get_authorization_url (#396) (4b3c7bf)
• update authorization module for fga (#581) (aa5f1d8)
• user_management: Add name field to User, CreateUser, and UpdateUser models (#665) (4af7da4)
• user_management: Add user API key management endpoints (8b5e91d)
• user_management: Remove organization membership methods, move to new service (#662) (ab992b5)
• user_management: Remove return_to parameter from revoke_session (#665) (4af7da4)
• user-management: add directory_managed to OrganizationMembership (#583) (f0e716e)
• vault: Add new Vault service with encryption and object storage APIs (#662) (ab992b5)
• webhooks: Rename WebhookEndpointJson to WebhookEndpoint (#662) (ab992b5)
• workos-python: Add connection to get_authorization_url (#61) (542e36d)
• workos-python: Implement __str__ for BaseRequestException (#57) (2cecd7b)

Bug Fixes

• add documentation on sealing sessions (#625) (5ae90d0)
• Allow organization_name to be empty on organization membership events (#595) (865aeb5)
• deps: update dependency cryptography to v48 (#659) (1ccc411)
• deps: update dependency pyjwt to v2.12.0 [security] (#589) (0d50534)
• do not JSON parse arbitrary bodies (#627) (1a8ef00)
• Don't validate aud claim (#409) (3cef282)
• export missing types and update event tests (#631) (0bd6cf8)
• forward Radar context from authenticate_with_code_pkce (#620) (32aea77)
• generated: Remove service-specific pagination order enums across SDK (8b5e91d)
• Harden webhook, vault, session, and base client paths (#654) (d21f3b4)
• Install ruff globally in setup script for code generation (b12b1d3)
• list Slack as an auth provider for the authorization URL (#633) (87fc5ab)
• list_client_secrets returns raw list, not paginated response (#586) (ccc8cd5)
• one more regen (187f83f)
• parse email verification id in exception (#485) (b9a93d4)
• regenerate methods to include missing params (#610) (6792792)
• Remove Coana workflow files (#580) (bb8d2f1)
• Remove extractVersion from matchUpdateTypes rules (#623) (09a2e5d)
• renovate: explicitly enable minor and patch updates (#663) (ff8ad1b)
• restore typed EventSchema discriminated union dispatcher (#629) (af95901)
• restore typing to events (bbff53f)
• set canonical User-Agent header format (#643) (f9cf9a1)
• slight rename (2b2e9e2)
• update renovate rules (#572) (401976b)

---

This PR was generated with Release Please. See documentation.

[greptile-apps]

Greptile Summary

This is an automated release PR generated by Release Please, bumping the SDK version from 8.1.0 to 9.0.0. It updates the version string in pyproject.toml, uv.lock, and .release-please-manifest.json, and prepends the corresponding changelog entry to CHANGELOG.md.

• Version bump: 8.1.0 → 9.0.0 across pyproject.toml, uv.lock, and .release-please-manifest.json.
• Changelog: New 9.0.0 entry documents numerous breaking changes (new OrganizationMembershipService, new VaultService, Radar parameter removals, model renames) alongside a large set of features and bug fixes accumulated since 8.0.0.

Confidence Score: 5/5

Purely a metadata release PR — no executable code changes, only version strings and changelog text updated.

All four changed files are release bookkeeping: version numbers in pyproject.toml, uv.lock, and the manifest are consistent with each other at 9.0.0, and the CHANGELOG entry accurately reflects the commits listed in the PR description.

No files require special attention.

Important Files Changed

Filename	Overview
pyproject.toml	Version field updated from 8.1.0 to 9.0.0; no other changes.
.release-please-manifest.json	Manifest version token updated from 8.1.0 to 9.0.0 by Release Please automation.
CHANGELOG.md	9.0.0 changelog section prepended; content matches the PR description and commit history.
uv.lock	workos package version entry updated from 8.1.0 to 9.0.0 in the lock file.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Release Please Bot] -->|reads commits since v8.1.0| B[Generates 9.0.0 changelog]
    B --> C[Updates .release-please-manifest.json 8.1.0 → 9.0.0]
    B --> D[Updates pyproject.toml version = 9.0.0]
    B --> E[Updates uv.lock workos 9.0.0]
    B --> F[Prepends CHANGELOG.md ## 9.0.0 section]
    C & D & E & F --> G[PR merged → tag v9.0.0 publish to PyPI]

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[Release Please Bot] -->|reads commits since v8.1.0| B[Generates 9.0.0 changelog]
    B --> C[Updates .release-please-manifest.json 8.1.0 → 9.0.0]
    B --> D[Updates pyproject.toml version = 9.0.0]
    B --> E[Updates uv.lock workos 9.0.0]
    B --> F[Prepends CHANGELOG.md ## 9.0.0 section]
    C & D & E & F --> G[PR merged → tag v9.0.0 publish to PyPI]

Loading

_{Reviews (1): Last reviewed commit: "chore: update uv.lock" | Re-trigger Greptile}