stytch 10.18.0 → 10.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 26ba81ec692e40404551a32a7d24d6d6155bd40eb7d3160c36fe8083659c6a17
-  data.tar.gz: 1dd97ca9b7f73bbe6a2fe383209eb0ca8e49aeae3c70efc9ab3b8d3b23956147
+  metadata.gz: 2e638ef6189392a14cc312951f14b9882c9c9479bb9bccd2e87884576cd944a8
+  data.tar.gz: c070606c02c73bb54aa6b90c755491e6da2d38e7a5dff07ac661712bef1c6e14
 SHA512:
-  metadata.gz: 3656b11e34e17ccd252222ebb5ea8c1dc22199b751f5f5d9bf74cf47937f9e59e88af3f0911a500c0221d7efc284bf119158f211f460d5907d446b710df57ec8
-  data.tar.gz: e902ceeca28587154d2d5a1880fb56ef87263b9131a24ab11ba405ff9790a83229e3def2095dd54833283470de230ae66339fb9b6d240c202d019facd7030880
+  metadata.gz: c48b5f1e1a8a5b25061175848c74997918af834e0d499deace18fcbf670885821b3281158b8a41a8d6ada238b372ceb61a61a8bb48a2ee406be984c058ee88b1
+  data.tar.gz: 4400e4caea7dcedd1e81fdea293997583bb4eebe6f4b5687f2ab0f0a60bc9ef22e95f7a377ab4c6064a6b4d36f91066dc8f4425e4fffa4eb2e362b063799f55b

data/lib/stytch/b2b_discovery.rb

@@ -27,20 +27,21 @@ module StytchB2B
         @connection = connection
       end
 
-      # Exchange an Intermediate Session for a fully realized [Member Session](https://stytch.com/docs/b2b/api/session-object) in a desired [Organization](https://stytch.com/docs/b2b/api/organization-object).
-      # This operation consumes the Intermediate Session.
+      # Exchange an Intermediate Session for a fully realized [Member Session](https://stytch.com/docs/b2b/api/session-object) for the [Organization](https://stytch.com/docs/b2b/api/organization-object) that the user wishes to log into.
       #
-      # This endpoint can be used to accept invites and create new members via domain matching.
+      # This endpoint can be used to accept invites and into a new Organization on the basis of the user's email domain or OAuth tenant.
       #
-      # If the is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`.
-      # The `intermediate_session_token` will not be consumed and instead will be returned in the response.
-      # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
-      # The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one.
-      # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
+      # If the user **has** already satisfied the authentication requirements of the Organization they are trying to exchange into and logged in with a method that verifies their email address, this API will return `member_authenticated: true` and a `session_token` and `session_jwt`.
       #
-      # If the Member is logging in via an OAuth provider that does not fully verify the email, the returned value of `member_authenticated` will be `false`.
-      # The `intermediate_session_token` will not be consumed and instead will be returned in the response.
-      # The `primary_required` field details the authentication flow the Member must perform in order to [complete a step-up authentication](https://stytch.com/docs/b2b/guides/oauth/auth-flows) into the organization. The `intermediate_session_token` must be passed into that authentication flow.
+      # If the user **has not** satisfied the primary or secondary authentication requirements of the Organization they are attempting to exchange into or is JIT Provisioning but did not log in via a method that provides email verification, this API will return `member_authenticated: false` and an `intermediate_session_token`.
+      #
+      # If `primary_required` is returned, prompt the user to fulfill the Organization's auth requirements using the options returned in `primary_required.allowed_auth_methods`.
+      #
+      # If `primary_required` is null and `mfa_required` is set, check `mfa_required.member_options` to determine if the Member has SMS OTP or TOTP set up for MFA and prompt accordingly. If the Member has SMS OTP, check `mfa_required.secondary_auth_initiated` to see if the OTP has already been sent.
+      #
+      # Include the `intermediate_session_token` returned above when calling the `authenticate()` method that the user needed to perform. Once the user has completed the authentication requirements they were missing, they will be granted a full `session_token` and `session_jwt` to indicate they have successfully logged into the Organization.
+      #
+      # The `intermediate_session_token` can also be used with the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization instead of joining an existing one.
       #
       # == Parameters:
       # intermediate_session_token::
@@ -143,21 +144,21 @@ module StytchB2B
         @connection = connection
       end
 
-      # If an end user does not want to join any already-existing, or has no possible Organizations to join, this endpoint can be used to create a new
-      # [Organization](https://stytch.com/docs/b2b/api/organization-object) and [Member](https://stytch.com/docs/b2b/api/member-object).
+      # This endpoint allows you to exchange the `intermediate_session_token` returned when the user successfully completes a authentication flow to create a new
+      # [Organization](https://stytch.com/docs/b2b/api/organization-object) and [Member](https://stytch.com/docs/b2b/api/member-object) and log the user in. If the user wants to log into an existing Organization, use the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) instead.
       #
-      # This operation consumes the Intermediate Session.
+      # Stytch **requires that users verify their email address** prior to creating a new Organization in order to prevent Account Takeover (ATO) attacks and phishing.
       #
-      # This endpoint will also create an initial Member Session for the newly created Member.
+      # If the user authenticated using a method that **does not** provide real-time email verification (returning password auth, Github/Slack/Hubspot OAuth) this API will return `member_authenticated: false` and an `intermediate_session_token` to indicate that the user must perform additional authentication via one of the options listed in `primary_required.allowed_auth_methods` to finish logging in.
       #
-      # The created by this endpoint will automatically be granted the `stytch_admin` Role. See the
-      # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for more details on this Role.
+      # If you specified an `mfa_policy: REQUIRED_FOR_ALL` in the request, this API will return `member_authenticated: false`, an `intermediate_session_token`, and `mfa_required` in order to indicate that you must prompt the user to enroll in MFA.
+      #
+      # Include the `intermediate_session_token` when calling the `authenticate()` method that the user needed to perform to verify their email or enroll in MFA. Once the user has completed the authentication requirements they were missing, they will be granted a full `session_token` and `session_jwt` and be successfully logged in.
       #
-      # If the new Organization is created with a `mfa_policy` of `REQUIRED_FOR_ALL`, the newly created Member will need to complete an MFA step to log in to the Organization.
-      # The `intermediate_session_token` will not be consumed and instead will be returned in the response.
-      # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
-      # The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one.
-      # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
+      # If the user logged in with a method that **does** provide real-time email verification (Email Magic Links, Email OTP, Google/Microsoft OAuth, initial email verification when creating a new password) this API will return `member_authenticated: true` and a `session_jwt` and `session_token` to indicate that the user has successfully logged in.
+      #
+      # The Member created by this endpoint will automatically be granted the `stytch_admin` Role. See the
+      # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for more details on this Role.
       #
       # == Parameters:
       # intermediate_session_token::

data/lib/stytch/b2b_organizations.rb

@@ -48,6 +48,44 @@ module StytchB2B
       end
     end
 
+    class ConnectedAppsRequestOptions
+      # Optional authorization object.
+      # Pass in an active Stytch Member session token or session JWT and the request
+      # will be run using that member's permissions.
+      attr_accessor :authorization
+
+      def initialize(
+        authorization: nil
+      )
+        @authorization = authorization
+      end
+
+      def to_headers
+        headers = {}
+        headers.merge!(@authorization.to_headers) if authorization
+        headers
+      end
+    end
+
+    class GetConnectedAppRequestOptions
+      # Optional authorization object.
+      # Pass in an active Stytch Member session token or session JWT and the request
+      # will be run using that member's permissions.
+      attr_accessor :authorization
+
+      def initialize(
+        authorization: nil
+      )
+        @authorization = authorization
+      end
+
+      def to_headers
+        headers = {}
+        headers.merge!(@authorization.to_headers) if authorization
+        headers
+      end
+    end
+
     include Stytch::RequestHelper
     attr_reader :members
 
@@ -164,6 +202,18 @@ module StytchB2B
     # claimed_email_domains::
     #   A list of email domains that are claimed by the Organization.
     #   The type of this field is nilable list of +String+.
+    # first_party_connected_apps_allowed_type::
+    #   (no documentation yet)
+    #   The type of this field is nilable +CreateRequestFirstPartyConnectedAppsAllowedType+ (string enum).
+    # allowed_first_party_connected_apps::
+    #   (no documentation yet)
+    #   The type of this field is nilable list of +String+.
+    # third_party_connected_apps_allowed_type::
+    #   (no documentation yet)
+    #   The type of this field is nilable +CreateRequestThirdPartyConnectedAppsAllowedType+ (string enum).
+    # allowed_third_party_connected_apps::
+    #   (no documentation yet)
+    #   The type of this field is nilable list of +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -193,7 +243,11 @@ module StytchB2B
       allowed_mfa_methods: nil,
       oauth_tenant_jit_provisioning: nil,
       allowed_oauth_tenants: nil,
-      claimed_email_domains: nil
+      claimed_email_domains: nil,
+      first_party_connected_apps_allowed_type: nil,
+      allowed_first_party_connected_apps: nil,
+      third_party_connected_apps_allowed_type: nil,
+      allowed_third_party_connected_apps: nil
     )
       headers = {}
       request = {
@@ -215,6 +269,10 @@ module StytchB2B
       request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
       request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
       request[:claimed_email_domains] = claimed_email_domains unless claimed_email_domains.nil?
+      request[:first_party_connected_apps_allowed_type] = first_party_connected_apps_allowed_type unless first_party_connected_apps_allowed_type.nil?
+      request[:allowed_first_party_connected_apps] = allowed_first_party_connected_apps unless allowed_first_party_connected_apps.nil?
+      request[:third_party_connected_apps_allowed_type] = third_party_connected_apps_allowed_type unless third_party_connected_apps_allowed_type.nil?
+      request[:allowed_third_party_connected_apps] = allowed_third_party_connected_apps unless allowed_third_party_connected_apps.nil?
 
       post_request('/v1/b2b/organizations', request, headers)
     end
@@ -397,6 +455,18 @@ module StytchB2B
     # claimed_email_domains::
     #   A list of email domains that are claimed by the Organization.
     #   The type of this field is nilable list of +String+.
+    # first_party_connected_apps_allowed_type::
+    #   (no documentation yet)
+    #   The type of this field is nilable +UpdateRequestFirstPartyConnectedAppsAllowedType+ (string enum).
+    # allowed_first_party_connected_apps::
+    #   (no documentation yet)
+    #   The type of this field is nilable list of +String+.
+    # third_party_connected_apps_allowed_type::
+    #   (no documentation yet)
+    #   The type of this field is nilable +UpdateRequestThirdPartyConnectedAppsAllowedType+ (string enum).
+    # allowed_third_party_connected_apps::
+    #   (no documentation yet)
+    #   The type of this field is nilable list of +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -433,6 +503,10 @@ module StytchB2B
       oauth_tenant_jit_provisioning: nil,
       allowed_oauth_tenants: nil,
       claimed_email_domains: nil,
+      first_party_connected_apps_allowed_type: nil,
+      allowed_first_party_connected_apps: nil,
+      third_party_connected_apps_allowed_type: nil,
+      allowed_third_party_connected_apps: nil,
       method_options: nil
     )
       headers = {}
@@ -457,6 +531,10 @@ module StytchB2B
       request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
       request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
       request[:claimed_email_domains] = claimed_email_domains unless claimed_email_domains.nil?
+      request[:first_party_connected_apps_allowed_type] = first_party_connected_apps_allowed_type unless first_party_connected_apps_allowed_type.nil?
+      request[:allowed_first_party_connected_apps] = allowed_first_party_connected_apps unless allowed_first_party_connected_apps.nil?
+      request[:third_party_connected_apps_allowed_type] = third_party_connected_apps_allowed_type unless third_party_connected_apps_allowed_type.nil?
+      request[:allowed_third_party_connected_apps] = allowed_third_party_connected_apps unless allowed_third_party_connected_apps.nil?
 
       put_request("/v1/b2b/organizations/#{organization_id}", request, headers)
     end
@@ -541,6 +619,92 @@ module StytchB2B
       get_request(request, headers)
     end
 
+    # Retrieves a list of Connected Apps for the Organization that have been installed by Members. Installation comprises
+    # successful completion of an authorization flow with a Connected App that has not been revoked.
+    #
+    # Connected Apps may be uninstalled if an Organization changes its `first_party_connected_apps_allowed_type`
+    # or `third_party_connected_apps_allowed_type` policies.
+    #
+    # == Parameters:
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug here as a convenience.
+    #   The type of this field is +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # connected_apps::
+    #   (no documentation yet)
+    #   The type of this field is list of +OrganizationConnectedApp+ (+object+).
+    # status_code::
+    #   (no documentation yet)
+    #   The type of this field is +Integer+.
+    #
+    # == Method Options:
+    # This method supports an optional +StytchB2B::Organizations::ConnectedAppsRequestOptions+ object which will modify the headers sent in the HTTP request.
+    def connected_apps(
+      organization_id:,
+      method_options: nil
+    )
+      headers = {}
+      headers = headers.merge(method_options.to_headers) unless method_options.nil?
+      query_params = {}
+      request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/connected_apps", query_params)
+      get_request(request, headers)
+    end
+
+    # Get Connected App for Organization retrieves information about the specified Connected App as well as a list of the
+    # Organization's Members who have the App installed along with the scopes they requested at completion of their last
+    # authorization with the App.
+    #
+    # == Parameters:
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug here as a convenience.
+    #   The type of this field is +String+.
+    # connected_app_id::
+    #   The ID of the Connected App.
+    #   The type of this field is +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # connected_app_id::
+    #   The ID of the Connected App.
+    #   The type of this field is +String+.
+    # name::
+    #   The name of the Connected App.
+    #   The type of this field is +String+.
+    # description::
+    #   A description of the Connected App.
+    #   The type of this field is +String+.
+    # client_type::
+    #   The type of Connected App. Supported values are `first_party`, `first_party_public`, `third_party`, and `third_party_public`.
+    #   The type of this field is +String+.
+    # active_members::
+    #   Details about Members who has installed a Connected App.
+    #   The type of this field is list of +OrganizationConnectedAppActiveMember+ (+object+).
+    # status_code::
+    #   (no documentation yet)
+    #   The type of this field is +Integer+.
+    # logo_url::
+    #   (no documentation yet)
+    #   The type of this field is nilable +String+.
+    #
+    # == Method Options:
+    # This method supports an optional +StytchB2B::Organizations::GetConnectedAppRequestOptions+ object which will modify the headers sent in the HTTP request.
+    def get_connected_app(
+      organization_id:,
+      connected_app_id:,
+      method_options: nil
+    )
+      headers = {}
+      headers = headers.merge(method_options.to_headers) unless method_options.nil?
+      query_params = {}
+      request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/connected_apps/#{connected_app_id}", query_params)
+      get_request(request, headers)
+    end
+
     class Members
       class UpdateRequestOptions
         # Optional authorization object.
@@ -694,6 +858,25 @@ module StytchB2B
         end
       end
 
+      class GetConnectedAppsRequestOptions
+        # Optional authorization object.
+        # Pass in an active Stytch Member session token or session JWT and the request
+        # will be run using that member's permissions.
+        attr_accessor :authorization
+
+        def initialize(
+          authorization: nil
+        )
+          @authorization = authorization
+        end
+
+        def to_headers
+          headers = {}
+          headers.merge!(@authorization.to_headers) if authorization
+          headers
+        end
+      end
+
       class CreateRequestOptions
         # Optional authorization object.
         # Pass in an active Stytch Member session token or session JWT and the request
@@ -714,12 +897,13 @@ module StytchB2B
       end
 
       include Stytch::RequestHelper
-      attr_reader :oauth_providers
+      attr_reader :oauth_providers, :connected_apps
 
       def initialize(connection)
         @connection = connection
 
         @oauth_providers = StytchB2B::Organizations::Members::OAuthProviders.new(@connection)
+        @connected_apps = StytchB2B::Organizations::Members::ConnectedApps.new(@connection)
       end
 
       # Updates a specified by `organization_id` and `member_id`.
@@ -1264,6 +1448,46 @@ module StytchB2B
         post_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/unlink_retired_email", request, headers)
       end
 
+      # Member Get Connected Apps retrieves a list of Connected Apps with which the Member has successfully completed an
+      # authorization flow.
+      # If the Member revokes a Connected App's access (e.g. via the Revoke Connected App endpoint) then the Connected App will
+      # no longer be returned in the response. A Connected App's access may also be revoked if the Organization's allowed Connected
+      # App policy changes.
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug here as a convenience.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.
+      #   The type of this field is +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # connected_apps::
+      #   An array of Connected Apps with which the Member has successfully completed an authorization flow.
+      #   The type of this field is list of +MemberConnectedApp+ (+object+).
+      # status_code::
+      #   (no documentation yet)
+      #   The type of this field is +Integer+.
+      #
+      # == Method Options:
+      # This method supports an optional +StytchB2B::Organizations::Members::GetConnectedAppsRequestOptions+ object which will modify the headers sent in the HTTP request.
+      def get_connected_apps(
+        organization_id:,
+        member_id:,
+        method_options: nil
+      )
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
+        query_params = {}
+        request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/connected_apps", query_params)
+        get_request(request, headers)
+      end
+
       # Creates a. An `organization_id` and `email_address` are required.
       #
       # == Parameters:
@@ -1646,6 +1870,72 @@ module StytchB2B
           get_request(request, headers)
         end
       end
+
+      class ConnectedApps
+        class RevokeRequestOptions
+          # Optional authorization object.
+          # Pass in an active Stytch Member session token or session JWT and the request
+          # will be run using that member's permissions.
+          attr_accessor :authorization
+
+          def initialize(
+            authorization: nil
+          )
+            @authorization = authorization
+          end
+
+          def to_headers
+            headers = {}
+            headers.merge!(@authorization.to_headers) if authorization
+            headers
+          end
+        end
+
+        include Stytch::RequestHelper
+
+        def initialize(connection)
+          @connection = connection
+        end
+
+        # Revoke Connected App revokes a Connected App's access to a Member and revokes all active tokens that have been created
+        # on the Member's behalf. New tokens cannot be created until the Member completes a new authorization flow with the
+        # Connected App.
+        #
+        # == Parameters:
+        # organization_id::
+        #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug here as a convenience.
+        #   The type of this field is +String+.
+        # member_id::
+        #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.
+        #   The type of this field is +String+.
+        # connected_app_id::
+        #   The ID of the Connected App.
+        #   The type of this field is +String+.
+        #
+        # == Returns:
+        # An object with the following fields:
+        # request_id::
+        #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+        #   The type of this field is +String+.
+        # status_code::
+        #   (no documentation yet)
+        #   The type of this field is +Integer+.
+        #
+        # == Method Options:
+        # This method supports an optional +StytchB2B::Organizations::Members::ConnectedApps::RevokeRequestOptions+ object which will modify the headers sent in the HTTP request.
+        def revoke(
+          organization_id:,
+          member_id:,
+          connected_app_id:,
+          method_options: nil
+        )
+          headers = {}
+          headers = headers.merge(method_options.to_headers) unless method_options.nil?
+          request = {}
+
+          post_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/connected_apps/#{connected_app_id}/revoke", request, headers)
+        end
+      end
     end
   end
 end

data/lib/stytch/b2b_passwords.rb

@@ -35,7 +35,7 @@ module StytchB2B
     #
     # == Parameters:
     # password::
-    #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
+    #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.
     #   The type of this field is +String+.
     # email_address::
     #   The email address of the Member.
@@ -237,7 +237,7 @@ module StytchB2B
     #   The email address of the Member.
     #   The type of this field is +String+.
     # password::
-    #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
+    #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.
     #   The type of this field is +String+.
     # session_token::
     #   A secret token for a given Stytch Session.
@@ -477,7 +477,7 @@ module StytchB2B
       #   The password reset token to authenticate.
       #   The type of this field is +String+.
       # password::
-      #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
+      #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.
       #   The type of this field is +String+.
       # session_token::
       #   Reuse an existing session instead of creating a new one. If you provide a `session_token`, Stytch will update the session.
@@ -656,7 +656,7 @@ module StytchB2B
       #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug here as a convenience.
       #   The type of this field is +String+.
       # password::
-      #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
+      #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.
       #   The type of this field is +String+.
       # session_token::
       #   A secret token for a given Stytch Session.
@@ -905,7 +905,7 @@ module StytchB2B
       #   The email address of the Member.
       #   The type of this field is +String+.
       # password::
-      #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
+      #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.
       #   The type of this field is +String+.
       #
       # == Returns:
@@ -1044,7 +1044,7 @@ module StytchB2B
         #   The password reset token to authenticate.
         #   The type of this field is +String+.
         # password::
-        #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
+        #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.
         #   The type of this field is +String+.
         # pkce_code_verifier::
         #   (no documentation yet)

data/lib/stytch/b2b_sessions.rb

@@ -231,15 +231,18 @@ module StytchB2B
 
     # Use this endpoint to exchange a's existing session for another session in a different. This can be used to accept an invite, but not to create a new member via domain matching.
     #
-    # To create a new member via domain matching, use the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) flow instead.
+    # To create a new member via email domain, use the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) flow instead.
     #
-    # Only Email Magic Link, OAuth, and SMS OTP factors can be transferred between sessions. Other authentication factors, such as password factors, will not be transferred to the new session.
-    # Any OAuth Tokens owned by the Member will not be transferred to the new Organization.
-    # SMS OTP factors can be used to fulfill MFA requirements for the target Organization if both the original and target Member have the same phone number and the phone number is verified for both Members.
-    # HubSpot and Slack OAuth registrations will not be transferred between sessions. Instead, you will receive a corresponding factor with type `"oauth_exchange_slack"` or `"oauth_exchange_hubspot"`
+    # If the user **has** already satisfied the authentication requirements of the Organization they are trying to switch into, this API will return `member_authenticated: true` and a `session_token` and `session_jwt`.
+    #
+    # If the user **has not** satisfied the primary or secondary authentication requirements of the Organization they are attempting to switch into, this API will return `member_authenticated: false` and an `intermediate_session_token`.
+    #
+    # If `primary_required` is set, prompt the user to fulfill the Organization's auth requirements using the options returned in `primary_required.allowed_auth_methods`.
+    #
+    # If `primary_required` is null and `mfa_required` is set, check `mfa_required.member_options` to determine if the Member has SMS OTP or TOTP set up for MFA and prompt accordingly. If the Member has SMS OTP, check `mfa_required.secondary_auth_initiated` to see if the OTP has already been sent.
+    #
+    # Include the `intermediate_session_token` returned above when calling the `authenticate()` method that the user needed to perform. Once the user has completed the authentication requirements they were missing, they will be granted a full `session_token` and `session_jwt` to indicate they have successfully logged into the Organization.
     #
-    # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
-    # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
     # The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one.
     # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
     #
@@ -318,7 +321,7 @@ module StytchB2B
     #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
     #   The type of this field is nilable +MfaRequired+ (+object+).
     # primary_required::
-    #   (no documentation yet)
+    #   Information about the primary authentication requirements of the Organization.
     #   The type of this field is nilable +PrimaryRequired+ (+object+).
     def exchange(
       organization_id:,
@@ -485,13 +488,13 @@ module StytchB2B
 
     # Get the JSON Web Key Set (JWKS) for a project.
     #
-    # JWKS are rotated every ~6 months. Upon rotation, new JWTs will be signed using the new key, and both keys will be returned by this endpoint for a period of 1 month.
+    # Within the JWKS, the JSON Web Keys are rotated every ~6 months. Upon rotation, new JWTs will be signed using the new key, and both keys will be returned by this endpoint for a period of 1 month.
     #
-    # JWTs have a set lifetime of 5 minutes, so there will be a 5 minute period where some JWTs will be signed by the old JWKS, and some JWTs will be signed by the new JWKS. The correct JWKS to use for validation is determined by matching the `kid` value of the JWT and JWKS.
+    # JWTs have a set lifetime of 5 minutes, so there will be a 5 minute period where some JWTs will be signed by the old keys, and some JWTs will be signed by the new keys. The correct key to use for validation is determined by matching the `kid` value of the JWT and key.
     #
-    # If you're using one of our [backend SDKs](https://stytch.com/docs/b2b/sdks), the JWKS rotation will be handled for you.
+    # If you're using one of our [backend SDKs](https://stytch.com/docs/b2b/sdks), the JSON Web Key (JWK) rotation will be handled for you.
     #
-    # If you're using your own JWT validation library, many have built-in support for JWKS rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWKS to use for validation by inspecting the `kid` value.
+    # If you're using your own JWT validation library, many have built-in support for JWK rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWK to use for validation by inspecting the `kid` value.
     #
     # See our [How to use Stytch Session JWTs](https://stytch.com/docs/b2b/guides/sessions/resources/using-jwts) guide for more information.
     #

data/lib/stytch/crypto_wallets.rb

@@ -31,7 +31,7 @@ module Stytch
     #   The crypto wallet address to authenticate.
     #   The type of this field is +String+.
     # user_id::
-    #   The unique ID of a specific User. You may use an external_id here if one is set for the user.
+    #   The unique ID of a specific User. You may use an `external_id` here if one is set for the user.
     #   The type of this field is nilable +String+.
     # session_token::
     #   The `session_token` associated with a User's existing Session.
@@ -139,7 +139,7 @@ module Stytch
     # session::
     #   If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response.
     #
-    #   See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields.
+    #   See [Session object](https://stytch.com/docs/api/session-object) for complete response fields.
     #
     #   The type of this field is nilable +Session+ (+object+).
     # siwe_params::

data/lib/stytch/fraud.rb

@@ -27,7 +27,7 @@ module Stytch
         @connection = connection
       end
 
-      # Lookup the associated fingerprint for the `telemetry_id` returned from the `GetTelemetryID` function. Learn more about the different fingerprint types and verdicts in our [DFP guide](https://stytch.com/docs/fraud/guides/device-fingerprinting/overview).
+      # Lookup the associated fingerprint for the `telemetry_id` returned from the `GetTelemetryID()` function. Learn more about the different fingerprint types and verdicts in our [DFP guide](https://stytch.com/docs/fraud/guides/device-fingerprinting/overview).
       #
       # Make a decision based on the returned `verdict`:
       # * `ALLOW` - This is a known valid device grouping or device profile that is part of the default `ALLOW` listed set of known devices by Stytch. This grouping is made up of  verified device profiles that match the characteristics of known/authentic traffic origins.

data/lib/stytch/impersonation.rb

@@ -49,7 +49,7 @@ module Stytch
     # session::
     #   If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response.
     #
-    #   See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields.
+    #   See [Session object](https://stytch.com/docs/api/session-object) for complete response fields.
     #
     #   The type of this field is nilable +Session+ (+object+).
     def authenticate(