workos · gjtorikian · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026
@@ -1,5 +1,6 @@
 from .authentication_payload import *
 from .connection_payload_with_legacy_fields import *
+from .connection_saml_certificate_payload import *
 from .directory_group_membership_payload import *
 from .directory_group_with_previous_attributes import *
 from .directory_payload import *
@@ -8,6 +9,9 @@
 from .event_model import *
 from .event_type import *
 from .event import *
+from .flag_payload import *
 from .organization_domain_verification_failed_payload import *
+from .organization_role_payload import *
+from .permission_payload import *
 from .previous_attributes import *
 from .session_payload import *
@@ -29,6 +29,10 @@ class AuthenticationEmailVerificationSucceededPayload(AuthenticationResultSuccee
     user_id: str
 
 
+class AuthenticationEmailVerificationFailedPayload(AuthenticationResultFailed):
+    type: Literal["email_verification"]
+
+
 class AuthenticationMagicAuthFailedPayload(AuthenticationResultFailed):
     type: Literal["magic_auth"]
 
@@ -43,6 +47,10 @@ class AuthenticationMfaSucceededPayload(AuthenticationResultSucceeded):
     user_id: Optional[str] = None
 
 
+class AuthenticationMfaFailedPayload(AuthenticationResultFailed):
+    type: Literal["mfa"]
+
+
 class AuthenticationOauthFailedPayload(AuthenticationResultFailed):
     type: Literal["oauth"]
 
@@ -52,6 +60,15 @@ class AuthenticationOauthSucceededPayload(AuthenticationResultSucceeded):
     user_id: Optional[str] = None
 
 
+class AuthenticationPasskeyFailedPayload(AuthenticationResultFailed):
+    type: Literal["passkey"]
+
+
+class AuthenticationPasskeySucceededPayload(AuthenticationResultSucceeded):
+    type: Literal["passkey"]
+    user_id: str
+
+
 class AuthenticationPasswordFailedPayload(AuthenticationResultFailed):
     type: Literal["password"]
 
@@ -69,10 +86,19 @@ class AuthenticationSsoData(WorkOSModel):
 
 class AuthenticationSsoFailedPayload(AuthenticationResultFailed):
     type: Literal["sso"]
-    sso: Optional[AuthenticationSsoData] = None
+    sso: AuthenticationSsoData
 
 
 class AuthenticationSsoSucceededPayload(AuthenticationResultSucceeded):
     type: Literal["sso"]
     user_id: Optional[str] = None
-    sso: Optional[AuthenticationSsoData] = None
+    sso: AuthenticationSsoData
+
+
+class AuthenticationRadarRiskDetectedPayload(AuthenticationResultCommon):
+    auth_method: str
+    action: str
+    control: Optional[str] = None
+    blocklist_type: Optional[str] = None
+    user_id: str
+    email: str
@@ -0,0 +1,30 @@
+from typing import Literal, Optional
+from workos.types.workos_model import WorkOSModel
+
+SamlCertificateType = Literal["ResponseSigning", "RequestSigning", "ResponseEncryption"]
+
+
+class SamlCertificateConnection(WorkOSModel):
+    id: str
+    organization_id: Optional[str] = None
+
+
+class SamlCertificate(WorkOSModel):
+    certificate_type: SamlCertificateType
+    expiry_date: str
+
+
+class SamlCertificateWithExpiry(SamlCertificate):
+    is_expired: bool
+
+
+class ConnectionSamlCertificateRenewedPayload(WorkOSModel):
+    connection: SamlCertificateConnection
+    certificate: SamlCertificate
+    renewed_at: str
+
+
+class ConnectionSamlCertificateRenewalRequiredPayload(WorkOSModel):
+    connection: SamlCertificateConnection
+    certificate: SamlCertificateWithExpiry
+    days_until_expiry: int
@@ -4,21 +4,31 @@
 from workos.types.user_management import OrganizationMembership, User
 from workos.types.directory_sync.directory_group import DirectoryGroup
 from workos.types.directory_sync.directory_user import DirectoryUser
+from workos.types.api_keys import ApiKey
 from workos.types.events.authentication_payload import (
+    AuthenticationEmailVerificationFailedPayload,
     AuthenticationEmailVerificationSucceededPayload,
     AuthenticationMagicAuthFailedPayload,
     AuthenticationMagicAuthSucceededPayload,
+    AuthenticationMfaFailedPayload,
     AuthenticationMfaSucceededPayload,
     AuthenticationOauthFailedPayload,
     AuthenticationOauthSucceededPayload,
+    AuthenticationPasskeyFailedPayload,
+    AuthenticationPasskeySucceededPayload,
     AuthenticationPasswordFailedPayload,
     AuthenticationPasswordSucceededPayload,
+    AuthenticationRadarRiskDetectedPayload,
     AuthenticationSsoFailedPayload,
     AuthenticationSsoSucceededPayload,
 )
 from workos.types.events.connection_payload_with_legacy_fields import (
     ConnectionPayloadWithLegacyFields,
 )
+from workos.types.events.connection_saml_certificate_payload import (
+    ConnectionSamlCertificateRenewedPayload,
+    ConnectionSamlCertificateRenewalRequiredPayload,
+)
 from workos.types.events.directory_group_membership_payload import (
     DirectoryGroupMembershipPayload,
 )
@@ -33,9 +43,12 @@
     DirectoryUserWithPreviousAttributes,
 )
 from workos.types.events.event_model import EventModel
+from workos.types.events.flag_payload import FlagPayload, FlagRuleUpdatedContext
 from workos.types.events.organization_domain_verification_failed_payload import (
     OrganizationDomainVerificationFailedPayload,
 )
+from workos.types.events.organization_role_payload import OrganizationRolePayload
+from workos.types.events.permission_payload import PermissionPayload
 from workos.types.events.session_payload import (
     SessionCreatedPayload,
     SessionRevokedPayload,
@@ -58,6 +71,20 @@
 # the event name is added to the EventType union type in event_type.py.
 
 
+class ApiKeyCreatedEvent(EventModel[ApiKey]):
+    event: Literal["api_key.created"]
+
+
+class ApiKeyRevokedEvent(EventModel[ApiKey]):
+    event: Literal["api_key.revoked"]
+
+
+class AuthenticationEmailVerificationFailedEvent(
+    EventModel[AuthenticationEmailVerificationFailedPayload,]
+):
+    event: Literal["authentication.email_verification_failed"]
+
+
 class AuthenticationEmailVerificationSucceededEvent(
     EventModel[AuthenticationEmailVerificationSucceededPayload,]
 ):
@@ -76,6 +103,10 @@ class AuthenticationMagicAuthSucceededEvent(
     event: Literal["authentication.magic_auth_succeeded"]
 
 
+class AuthenticationMfaFailedEvent(EventModel[AuthenticationMfaFailedPayload]):
+    event: Literal["authentication.mfa_failed"]
+
+
 class AuthenticationMfaSucceededEvent(EventModel[AuthenticationMfaSucceededPayload]):
     event: Literal["authentication.mfa_succeeded"]
 
@@ -90,6 +121,16 @@ class AuthenticationOauthSucceededEvent(
     event: Literal["authentication.oauth_succeeded"]
 
 
+class AuthenticationPasskeyFailedEvent(EventModel[AuthenticationPasskeyFailedPayload]):
+    event: Literal["authentication.passkey_failed"]
+
+
+class AuthenticationPasskeySucceededEvent(
+    EventModel[AuthenticationPasskeySucceededPayload]
+):
+    event: Literal["authentication.passkey_succeeded"]
+
+
 class AuthenticationPasswordFailedEvent(
     EventModel[AuthenticationPasswordFailedPayload]
 ):
@@ -102,6 +143,12 @@ class AuthenticationPasswordSucceededEvent(
     event: Literal["authentication.password_succeeded"]
 
 
+class AuthenticationRadarRiskDetectedEvent(
+    EventModel[AuthenticationRadarRiskDetectedPayload]
+):
+    event: Literal["authentication.radar_risk_detected"]
+
+
 class AuthenticationSsoFailedEvent(EventModel[AuthenticationSsoFailedPayload]):
     event: Literal["authentication.sso_failed"]
 
@@ -122,6 +169,18 @@ class ConnectionDeletedEvent(EventModel[Connection]):
     event: Literal["connection.deleted"]
 
 
+class ConnectionSamlCertificateRenewedEvent(
+    EventModel[ConnectionSamlCertificateRenewedPayload]
+):
+    event: Literal["connection.saml_certificate_renewed"]
+
+
+class ConnectionSamlCertificateRenewalRequiredEvent(
+    EventModel[ConnectionSamlCertificateRenewalRequiredPayload]
+):
+    event: Literal["connection.saml_certificate_renewal_required"]
+
+
 class DirectoryActivatedEvent(EventModel[DirectoryPayloadWithLegacyFieldsForEventsApi]):
     event: Literal["dsync.activated"]
 
@@ -166,6 +225,23 @@ class EmailVerificationCreatedEvent(EventModel[EmailVerificationCommon]):
     event: Literal["email_verification.created"]
 
 
+class FlagCreatedEvent(EventModel[FlagPayload]):
+    event: Literal["flag.created"]
+
+
+class FlagDeletedEvent(EventModel[FlagPayload]):
+    event: Literal["flag.deleted"]
+
+
+class FlagRuleUpdatedEvent(EventModel[FlagPayload]):
+    event: Literal["flag.rule_updated"]
+    context: FlagRuleUpdatedContext
+
+
+class FlagUpdatedEvent(EventModel[FlagPayload]):
+    event: Literal["flag.updated"]
+
+
 class InvitationAcceptedEvent(EventModel[InvitationCommon]):
     event: Literal["invitation.accepted"]
 
@@ -174,6 +250,10 @@ class InvitationCreatedEvent(EventModel[InvitationCommon]):
     event: Literal["invitation.created"]
 
 
+class InvitationResentEvent(EventModel[InvitationCommon]):
+    event: Literal["invitation.resent"]
+
+
 class InvitationRevokedEvent(EventModel[InvitationCommon]):
     event: Literal["invitation.revoked"]
 
@@ -228,6 +308,18 @@ class OrganizationMembershipUpdatedEvent(EventModel[OrganizationMembership]):
     event: Literal["organization_membership.updated"]
 
 
+class OrganizationRoleCreatedEvent(EventModel[OrganizationRolePayload]):
+    event: Literal["organization_role.created"]
+
+
+class OrganizationRoleDeletedEvent(EventModel[OrganizationRolePayload]):
+    event: Literal["organization_role.deleted"]
+
+
+class OrganizationRoleUpdatedEvent(EventModel[OrganizationRolePayload]):
+    event: Literal["organization_role.updated"]
+
+
 class PasswordResetCreatedEvent(EventModel[PasswordResetCommon]):
     event: Literal["password_reset.created"]
 
@@ -236,6 +328,18 @@ class PasswordResetSucceededEvent(EventModel[PasswordResetCommon]):
     event: Literal["password_reset.succeeded"]
 
 
+class PermissionCreatedEvent(EventModel[PermissionPayload]):
+    event: Literal["permission.created"]
+
+
+class PermissionDeletedEvent(EventModel[PermissionPayload]):
+    event: Literal["permission.deleted"]
+
+
+class PermissionUpdatedEvent(EventModel[PermissionPayload]):
+    event: Literal["permission.updated"]
+
+
 class RoleCreatedEvent(EventModel[EventRole]):
     event: Literal["role.created"]
 
@@ -270,19 +374,28 @@ class UserUpdatedEvent(EventModel[User]):
 
 Event = Annotated[
     Union[
+        ApiKeyCreatedEvent,
+        ApiKeyRevokedEvent,
+        AuthenticationEmailVerificationFailedEvent,
         AuthenticationEmailVerificationSucceededEvent,
         AuthenticationMagicAuthFailedEvent,
         AuthenticationMagicAuthSucceededEvent,
+        AuthenticationMfaFailedEvent,
         AuthenticationMfaSucceededEvent,
         AuthenticationOauthFailedEvent,
         AuthenticationOauthSucceededEvent,
+        AuthenticationPasskeyFailedEvent,
+        AuthenticationPasskeySucceededEvent,
         AuthenticationPasswordFailedEvent,
         AuthenticationPasswordSucceededEvent,
+        AuthenticationRadarRiskDetectedEvent,
         AuthenticationSsoFailedEvent,
         AuthenticationSsoSucceededEvent,
         ConnectionActivatedEvent,
         ConnectionDeactivatedEvent,
         ConnectionDeletedEvent,
+        ConnectionSamlCertificateRenewedEvent,
+        ConnectionSamlCertificateRenewalRequiredEvent,
         DirectoryActivatedEvent,
         DirectoryDeletedEvent,
         DirectoryGroupCreatedEvent,
@@ -294,8 +407,13 @@ class UserUpdatedEvent(EventModel[User]):
         DirectoryUserAddedToGroupEvent,
         DirectoryUserRemovedFromGroupEvent,
         EmailVerificationCreatedEvent,
+        FlagCreatedEvent,
+        FlagDeletedEvent,
+        FlagRuleUpdatedEvent,
+        FlagUpdatedEvent,
         InvitationAcceptedEvent,
         InvitationCreatedEvent,
+        InvitationResentEvent,
         InvitationRevokedEvent,
         MagicAuthCreatedEvent,
         OrganizationCreatedEvent,
@@ -309,8 +427,14 @@ class UserUpdatedEvent(EventModel[User]):
         OrganizationMembershipCreatedEvent,
         OrganizationMembershipDeletedEvent,
         OrganizationMembershipUpdatedEvent,
+        OrganizationRoleCreatedEvent,
+        OrganizationRoleDeletedEvent,
+        OrganizationRoleUpdatedEvent,
         PasswordResetCreatedEvent,
         PasswordResetSucceededEvent,
+        PermissionCreatedEvent,
+        PermissionDeletedEvent,
+        PermissionUpdatedEvent,
         RoleCreatedEvent,
         RoleDeletedEvent,
         RoleUpdatedEvent,