feat: fga adding base types and module registraiton

[swaroopAkkineniWorkos]

Description

Documentation

Does this require changes to the WorkOS Docs? E.g. the API Reference or code snippets need updates.

[ ] Yes

If yes, link a related docs PR and add a docs maintainer as a reviewer. Their approval is required.

[linear]

ENT-5224 Update Python sdk for fga

[swaroopAkkineniWorkos]

@greptile review

[greptile-apps]

_{19 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Duplicated OrganizationMembershipStatus literal

This exact same Literal["active", "inactive", "pending"] type alias is already defined in src/workos/types/user_management/organization_membership.py:7. Consider importing from a shared location or re-exporting from one module to the other to avoid the definitions drifting apart over time.

[swaroopAkkineniWorkos]

Just pushed up a change where I moved "OrganizationMembershipStatus" to it's own file to be imported

[greptile-apps]

_{17 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[swaroopAkkineniWorkos]

Change branch name before merging

[csrbarber]

This adds cascade_delete to the body, but I believe it should be passed as a query param instead. Which is what delete_resource_by_external_id does here

[swaroopAkkineniWorkos]

updated to be a param

[csrbarber]

Does description here need the same treatment as in update_resource?

[csrbarber]

Should we update this test since parent isn't a required field?

[swaroopAkkineniWorkos]

updated and added a test

[csrbarber]

It looks like we don't include organization_name in the responses where this gets used. For instance listOrganizationMembershipsForResource calls serializeBase, which doesn't include organization_name.

[swaroopAkkineniWorkos]

@greptile plz re-review

[greptile-apps]

Greptile Summary

This PR adds foundational types and CRUD operations for Fine-Grained Authorization (FGA) resources to the WorkOS Python SDK. The implementation introduces resource management capabilities with support for both ID-based and external-ID-based operations.

Key Changes:

• Added complete CRUD operations for authorization resources (get_resource, create_resource, update_resource, delete_resource, list_resources)
• Implemented external ID-based resource operations for more flexible resource identification
• Added check method for permission-based access control
• Enhanced HTTP client to support exclude_none parameter for precise control over null value handling in API requests
• Introduced delete_with_body method (though not used in this PR, likely for future functionality)
• Refactored OrganizationMembership to extract BaseOrganizationMembership for code reuse across modules
• Comprehensive test coverage for all new functionality

Implementation Quality:

• Uses the UNSET pattern correctly to distinguish between "don't update field" vs "set field to null"
• Proper handling of optional parent resources (by ID or external ID)
• Well-tested with both sync and async implementations
• Type-safe with Pydantic models and proper TypedDict usage

Minor Issue:

• TODO comment on line 56 of authorization.py should be resolved

Confidence Score: 4/5

• This PR is safe to merge with minimal risk
• The implementation is well-structured with comprehensive test coverage for all new functionality. The code follows established patterns in the codebase and properly handles edge cases. The only issue is a minor TODO comment that should be addressed.
• Pay attention to src/workos/authorization.py due to the TODO comment on line 56

Important Files Changed

Filename	Overview
src/workos/authorization.py	Adds resource CRUD operations and access check functionality; contains TODO comment on line 56
src/workos/utils/http_client.py	Adds exclude_none parameter and delete_with_body method for enhanced HTTP request handling
src/workos/utils/_base_http_client.py	Adds force_include_body and exclude_none parameters to support DELETE with body and optional null values
src/workos/types/authorization/authorization_resource.py	Defines AuthorizationResource model with proper typing and optional fields

_{Last reviewed commit: 954bb37}

[greptile-apps]

TODO comment needs resolution

Either rename ResourcesListResource to something more descriptive (like AuthorizationResourceList) or remove the TODO if the current name is acceptable.

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

[swaroopAkkineniWorkos]

updated and changed name

[atainter]

Looks good to me. Should probably get a review from python code owners as well