stytch 10.18.0 → 10.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 26ba81ec692e40404551a32a7d24d6d6155bd40eb7d3160c36fe8083659c6a17
-  data.tar.gz: 1dd97ca9b7f73bbe6a2fe383209eb0ca8e49aeae3c70efc9ab3b8d3b23956147
+  metadata.gz: c952f51df5bedbec2f8ea1a1067d4f48f6e286ad4d3995a637fbbd9d0f8d2fd2
+  data.tar.gz: f2aefae357b0bffc0d60766e0c135bb4d196f15d7eca7a85aba8a6c4cea6b9a7
 SHA512:
-  metadata.gz: 3656b11e34e17ccd252222ebb5ea8c1dc22199b751f5f5d9bf74cf47937f9e59e88af3f0911a500c0221d7efc284bf119158f211f460d5907d446b710df57ec8
-  data.tar.gz: e902ceeca28587154d2d5a1880fb56ef87263b9131a24ab11ba405ff9790a83229e3def2095dd54833283470de230ae66339fb9b6d240c202d019facd7030880
+  metadata.gz: 0cbab2c8cec7e1f94a2573ff9e36abe59d511c75e773be046dfe9cd12fd0e17be70b6410581496a3d0a37ed40324fb1f8256628ed329ee3e62d0485efead885f
+  data.tar.gz: 633239b9adaa11ccb7dd0baabb7b5b8ff2259feca39284efee3809cf83cfef2171c317eb2917496ed54ee729174f347c6f240f24111b1b60ade90f9c08f1e1dd

data/lib/stytch/b2b_discovery.rb

@@ -27,20 +27,21 @@ module StytchB2B
         @connection = connection
       end
 
-      # Exchange an Intermediate Session for a fully realized [Member Session](https://stytch.com/docs/b2b/api/session-object) in a desired [Organization](https://stytch.com/docs/b2b/api/organization-object).
-      # This operation consumes the Intermediate Session.
+      # Exchange an Intermediate Session for a fully realized [Member Session](https://stytch.com/docs/b2b/api/session-object) for the [Organization](https://stytch.com/docs/b2b/api/organization-object) that the user wishes to log into.
       #
-      # This endpoint can be used to accept invites and create new members via domain matching.
+      # This endpoint can be used to accept invites and into a new Organization on the basis of the user's email domain or OAuth tenant.
       #
-      # If the is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`.
-      # The `intermediate_session_token` will not be consumed and instead will be returned in the response.
-      # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
-      # The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one.
-      # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
+      # If the user **has** already satisfied the authentication requirements of the Organization they are trying to exchange into and logged in with a method that verifies their email address, this API will return `member_authenticated: true` and a `session_token` and `session_jwt`.
       #
-      # If the Member is logging in via an OAuth provider that does not fully verify the email, the returned value of `member_authenticated` will be `false`.
-      # The `intermediate_session_token` will not be consumed and instead will be returned in the response.
-      # The `primary_required` field details the authentication flow the Member must perform in order to [complete a step-up authentication](https://stytch.com/docs/b2b/guides/oauth/auth-flows) into the organization. The `intermediate_session_token` must be passed into that authentication flow.
+      # If the user **has not** satisfied the primary or secondary authentication requirements of the Organization they are attempting to exchange into or is JIT Provisioning but did not log in via a method that provides email verification, this API will return `member_authenticated: false` and an `intermediate_session_token`.
+      #
+      # If `primary_required` is returned, prompt the user to fulfill the Organization's auth requirements using the options returned in `primary_required.allowed_auth_methods`.
+      #
+      # If `primary_required` is null and `mfa_required` is set, check `mfa_required.member_options` to determine if the Member has SMS OTP or TOTP set up for MFA and prompt accordingly. If the Member has SMS OTP, check `mfa_required.secondary_auth_initiated` to see if the OTP has already been sent.
+      #
+      # Include the `intermediate_session_token` returned above when calling the `authenticate()` method that the user needed to perform. Once the user has completed the authentication requirements they were missing, they will be granted a full `session_token` and `session_jwt` to indicate they have successfully logged into the Organization.
+      #
+      # The `intermediate_session_token` can also be used with the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization instead of joining an existing one.
       #
       # == Parameters:
       # intermediate_session_token::
@@ -143,21 +144,21 @@ module StytchB2B
         @connection = connection
       end
 
-      # If an end user does not want to join any already-existing, or has no possible Organizations to join, this endpoint can be used to create a new
-      # [Organization](https://stytch.com/docs/b2b/api/organization-object) and [Member](https://stytch.com/docs/b2b/api/member-object).
+      # This endpoint allows you to exchange the `intermediate_session_token` returned when the user successfully completes a authentication flow to create a new
+      # [Organization](https://stytch.com/docs/b2b/api/organization-object) and [Member](https://stytch.com/docs/b2b/api/member-object) and log the user in. If the user wants to log into an existing Organization, use the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) instead.
       #
-      # This operation consumes the Intermediate Session.
+      # Stytch **requires that users verify their email address** prior to creating a new Organization in order to prevent Account Takeover (ATO) attacks and phishing.
       #
-      # This endpoint will also create an initial Member Session for the newly created Member.
+      # If the user authenticated using a method that **does not** provide real-time email verification (returning password auth, Github/Slack/Hubspot OAuth) this API will return `member_authenticated: false` and an `intermediate_session_token` to indicate that the user must perform additional authentication via one of the options listed in `primary_required.allowed_auth_methods` to finish logging in.
       #
-      # The created by this endpoint will automatically be granted the `stytch_admin` Role. See the
-      # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for more details on this Role.
+      # If you specified an `mfa_policy: REQUIRED_FOR_ALL` in the request, this API will return `member_authenticated: false`, an `intermediate_session_token`, and `mfa_required` in order to indicate that you must prompt the user to enroll in MFA.
+      #
+      # Include the `intermediate_session_token` when calling the `authenticate()` method that the user needed to perform to verify their email or enroll in MFA. Once the user has completed the authentication requirements they were missing, they will be granted a full `session_token` and `session_jwt` and be successfully logged in.
       #
-      # If the new Organization is created with a `mfa_policy` of `REQUIRED_FOR_ALL`, the newly created Member will need to complete an MFA step to log in to the Organization.
-      # The `intermediate_session_token` will not be consumed and instead will be returned in the response.
-      # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
-      # The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one.
-      # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
+      # If the user logged in with a method that **does** provide real-time email verification (Email Magic Links, Email OTP, Google/Microsoft OAuth, initial email verification when creating a new password) this API will return `member_authenticated: true` and a `session_jwt` and `session_token` to indicate that the user has successfully logged in.
+      #
+      # The Member created by this endpoint will automatically be granted the `stytch_admin` Role. See the
+      # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for more details on this Role.
       #
       # == Parameters:
       # intermediate_session_token::

data/lib/stytch/b2b_magic_links.rb

@@ -124,6 +124,9 @@ module StytchB2B
     # mfa_required::
     #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
     #   The type of this field is nilable +MfaRequired+ (+object+).
+    # primary_required::
+    #   (no documentation yet)
+    #   The type of this field is nilable +PrimaryRequired+ (+object+).
     def authenticate(
       magic_links_token:,
       pkce_code_verifier: nil,

data/lib/stytch/b2b_organizations.rb

@@ -48,6 +48,44 @@ module StytchB2B
       end
     end
 
+    class ConnectedAppsRequestOptions
+      # Optional authorization object.
+      # Pass in an active Stytch Member session token or session JWT and the request
+      # will be run using that member's permissions.
+      attr_accessor :authorization
+
+      def initialize(
+        authorization: nil
+      )
+        @authorization = authorization
+      end
+
+      def to_headers
+        headers = {}
+        headers.merge!(@authorization.to_headers) if authorization
+        headers
+      end
+    end
+
+    class GetConnectedAppRequestOptions
+      # Optional authorization object.
+      # Pass in an active Stytch Member session token or session JWT and the request
+      # will be run using that member's permissions.
+      attr_accessor :authorization
+
+      def initialize(
+        authorization: nil
+      )
+        @authorization = authorization
+      end
+
+      def to_headers
+        headers = {}
+        headers.merge!(@authorization.to_headers) if authorization
+        headers
+      end
+    end
+
     include Stytch::RequestHelper
     attr_reader :members
 
@@ -164,6 +202,18 @@ module StytchB2B
     # claimed_email_domains::
     #   A list of email domains that are claimed by the Organization.
     #   The type of this field is nilable list of +String+.
+    # first_party_connected_apps_allowed_type::
+    #   (no documentation yet)
+    #   The type of this field is nilable +CreateRequestFirstPartyConnectedAppsAllowedType+ (string enum).
+    # allowed_first_party_connected_apps::
+    #   (no documentation yet)
+    #   The type of this field is nilable list of +String+.
+    # third_party_connected_apps_allowed_type::
+    #   (no documentation yet)
+    #   The type of this field is nilable +CreateRequestThirdPartyConnectedAppsAllowedType+ (string enum).
+    # allowed_third_party_connected_apps::
+    #   (no documentation yet)
+    #   The type of this field is nilable list of +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -193,7 +243,11 @@ module StytchB2B
       allowed_mfa_methods: nil,
       oauth_tenant_jit_provisioning: nil,
       allowed_oauth_tenants: nil,
-      claimed_email_domains: nil
+      claimed_email_domains: nil,
+      first_party_connected_apps_allowed_type: nil,
+      allowed_first_party_connected_apps: nil,
+      third_party_connected_apps_allowed_type: nil,
+      allowed_third_party_connected_apps: nil
     )
       headers = {}
       request = {
@@ -215,6 +269,10 @@ module StytchB2B
       request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
       request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
       request[:claimed_email_domains] = claimed_email_domains unless claimed_email_domains.nil?
+      request[:first_party_connected_apps_allowed_type] = first_party_connected_apps_allowed_type unless first_party_connected_apps_allowed_type.nil?
+      request[:allowed_first_party_connected_apps] = allowed_first_party_connected_apps unless allowed_first_party_connected_apps.nil?
+      request[:third_party_connected_apps_allowed_type] = third_party_connected_apps_allowed_type unless third_party_connected_apps_allowed_type.nil?
+      request[:allowed_third_party_connected_apps] = allowed_third_party_connected_apps unless allowed_third_party_connected_apps.nil?
 
       post_request('/v1/b2b/organizations', request, headers)
     end
@@ -397,6 +455,18 @@ module StytchB2B
     # claimed_email_domains::
     #   A list of email domains that are claimed by the Organization.
     #   The type of this field is nilable list of +String+.
+    # first_party_connected_apps_allowed_type::
+    #   (no documentation yet)
+    #   The type of this field is nilable +UpdateRequestFirstPartyConnectedAppsAllowedType+ (string enum).
+    # allowed_first_party_connected_apps::
+    #   (no documentation yet)
+    #   The type of this field is nilable list of +String+.
+    # third_party_connected_apps_allowed_type::
+    #   (no documentation yet)
+    #   The type of this field is nilable +UpdateRequestThirdPartyConnectedAppsAllowedType+ (string enum).
+    # allowed_third_party_connected_apps::
+    #   (no documentation yet)
+    #   The type of this field is nilable list of +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -433,6 +503,10 @@ module StytchB2B
       oauth_tenant_jit_provisioning: nil,
       allowed_oauth_tenants: nil,
       claimed_email_domains: nil,
+      first_party_connected_apps_allowed_type: nil,
+      allowed_first_party_connected_apps: nil,
+      third_party_connected_apps_allowed_type: nil,
+      allowed_third_party_connected_apps: nil,
       method_options: nil
     )
       headers = {}
@@ -457,6 +531,10 @@ module StytchB2B
       request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
       request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
       request[:claimed_email_domains] = claimed_email_domains unless claimed_email_domains.nil?
+      request[:first_party_connected_apps_allowed_type] = first_party_connected_apps_allowed_type unless first_party_connected_apps_allowed_type.nil?
+      request[:allowed_first_party_connected_apps] = allowed_first_party_connected_apps unless allowed_first_party_connected_apps.nil?
+      request[:third_party_connected_apps_allowed_type] = third_party_connected_apps_allowed_type unless third_party_connected_apps_allowed_type.nil?
+      request[:allowed_third_party_connected_apps] = allowed_third_party_connected_apps unless allowed_third_party_connected_apps.nil?
 
       put_request("/v1/b2b/organizations/#{organization_id}", request, headers)
     end
@@ -541,6 +619,92 @@ module StytchB2B
       get_request(request, headers)
     end
 
+    # Retrieves a list of Connected Apps for the Organization that have been installed by Members. Installation comprises
+    # successful completion of an authorization flow with a Connected App that has not been revoked.
+    #
+    # Connected Apps may be uninstalled if an Organization changes its `first_party_connected_apps_allowed_type`
+    # or `third_party_connected_apps_allowed_type` policies.
+    #
+    # == Parameters:
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug here as a convenience.
+    #   The type of this field is +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # connected_apps::
+    #   (no documentation yet)
+    #   The type of this field is list of +OrganizationConnectedApp+ (+object+).
+    # status_code::
+    #   (no documentation yet)
+    #   The type of this field is +Integer+.
+    #
+    # == Method Options:
+    # This method supports an optional +StytchB2B::Organizations::ConnectedAppsRequestOptions+ object which will modify the headers sent in the HTTP request.
+    def connected_apps(
+      organization_id:,
+      method_options: nil
+    )
+      headers = {}
+      headers = headers.merge(method_options.to_headers) unless method_options.nil?
+      query_params = {}
+      request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/connected_apps", query_params)
+      get_request(request, headers)
+    end
+
+    # Get Connected App for Organization retrieves information about the specified Connected App as well as a list of the
+    # Organization's Members who have the App installed along with the scopes they requested at completion of their last
+    # authorization with the App.
+    #
+    # == Parameters:
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug here as a convenience.
+    #   The type of this field is +String+.
+    # connected_app_id::
+    #   The ID of the Connected App.
+    #   The type of this field is +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # connected_app_id::
+    #   The ID of the Connected App.
+    #   The type of this field is +String+.
+    # name::
+    #   The name of the Connected App.
+    #   The type of this field is +String+.
+    # description::
+    #   A description of the Connected App.
+    #   The type of this field is +String+.
+    # client_type::
+    #   The type of Connected App. Supported values are `first_party`, `first_party_public`, `third_party`, and `third_party_public`.
+    #   The type of this field is +String+.
+    # active_members::
+    #   Details about Members who has installed a Connected App.
+    #   The type of this field is list of +OrganizationConnectedAppActiveMember+ (+object+).
+    # status_code::
+    #   (no documentation yet)
+    #   The type of this field is +Integer+.
+    # logo_url::
+    #   (no documentation yet)
+    #   The type of this field is nilable +String+.
+    #
+    # == Method Options:
+    # This method supports an optional +StytchB2B::Organizations::GetConnectedAppRequestOptions+ object which will modify the headers sent in the HTTP request.
+    def get_connected_app(
+      organization_id:,
+      connected_app_id:,
+      method_options: nil
+    )
+      headers = {}
+      headers = headers.merge(method_options.to_headers) unless method_options.nil?
+      query_params = {}
+      request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/connected_apps/#{connected_app_id}", query_params)
+      get_request(request, headers)
+    end
+
     class Members
       class UpdateRequestOptions
         # Optional authorization object.
@@ -694,6 +858,25 @@ module StytchB2B
         end
       end
 
+      class GetConnectedAppsRequestOptions
+        # Optional authorization object.
+        # Pass in an active Stytch Member session token or session JWT and the request
+        # will be run using that member's permissions.
+        attr_accessor :authorization
+
+        def initialize(
+          authorization: nil
+        )
+          @authorization = authorization
+        end
+
+        def to_headers
+          headers = {}
+          headers.merge!(@authorization.to_headers) if authorization
+          headers
+        end
+      end
+
       class CreateRequestOptions
         # Optional authorization object.
         # Pass in an active Stytch Member session token or session JWT and the request
@@ -714,12 +897,13 @@ module StytchB2B
       end
 
       include Stytch::RequestHelper
-      attr_reader :oauth_providers
+      attr_reader :oauth_providers, :connected_apps
 
       def initialize(connection)
         @connection = connection
 
         @oauth_providers = StytchB2B::Organizations::Members::OAuthProviders.new(@connection)
+        @connected_apps = StytchB2B::Organizations::Members::ConnectedApps.new(@connection)
       end
 
       # Updates a specified by `organization_id` and `member_id`.
@@ -1264,6 +1448,46 @@ module StytchB2B
         post_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/unlink_retired_email", request, headers)
       end
 
+      # Member Get Connected Apps retrieves a list of Connected Apps with which the Member has successfully completed an
+      # authorization flow.
+      # If the Member revokes a Connected App's access (e.g. via the Revoke Connected App endpoint) then the Connected App will
+      # no longer be returned in the response. A Connected App's access may also be revoked if the Organization's allowed Connected
+      # App policy changes.
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug here as a convenience.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.
+      #   The type of this field is +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # connected_apps::
+      #   An array of Connected Apps with which the Member has successfully completed an authorization flow.
+      #   The type of this field is list of +MemberConnectedApp+ (+object+).
+      # status_code::
+      #   (no documentation yet)
+      #   The type of this field is +Integer+.
+      #
+      # == Method Options:
+      # This method supports an optional +StytchB2B::Organizations::Members::GetConnectedAppsRequestOptions+ object which will modify the headers sent in the HTTP request.
+      def get_connected_apps(
+        organization_id:,
+        member_id:,
+        method_options: nil
+      )
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
+        query_params = {}
+        request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/connected_apps", query_params)
+        get_request(request, headers)
+      end
+
       # Creates a. An `organization_id` and `email_address` are required.
       #
       # == Parameters:
@@ -1646,6 +1870,72 @@ module StytchB2B
           get_request(request, headers)
         end
       end
+
+      class ConnectedApps
+        class RevokeRequestOptions
+          # Optional authorization object.
+          # Pass in an active Stytch Member session token or session JWT and the request
+          # will be run using that member's permissions.
+          attr_accessor :authorization
+
+          def initialize(
+            authorization: nil
+          )
+            @authorization = authorization
+          end
+
+          def to_headers
+            headers = {}
+            headers.merge!(@authorization.to_headers) if authorization
+            headers
+          end
+        end
+
+        include Stytch::RequestHelper
+
+        def initialize(connection)
+          @connection = connection
+        end
+
+        # Revoke Connected App revokes a Connected App's access to a Member and revokes all active tokens that have been created
+        # on the Member's behalf. New tokens cannot be created until the Member completes a new authorization flow with the
+        # Connected App.
+        #
+        # == Parameters:
+        # organization_id::
+        #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug here as a convenience.
+        #   The type of this field is +String+.
+        # member_id::
+        #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.
+        #   The type of this field is +String+.
+        # connected_app_id::
+        #   The ID of the Connected App.
+        #   The type of this field is +String+.
+        #
+        # == Returns:
+        # An object with the following fields:
+        # request_id::
+        #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+        #   The type of this field is +String+.
+        # status_code::
+        #   (no documentation yet)
+        #   The type of this field is +Integer+.
+        #
+        # == Method Options:
+        # This method supports an optional +StytchB2B::Organizations::Members::ConnectedApps::RevokeRequestOptions+ object which will modify the headers sent in the HTTP request.
+        def revoke(
+          organization_id:,
+          member_id:,
+          connected_app_id:,
+          method_options: nil
+        )
+          headers = {}
+          headers = headers.merge(method_options.to_headers) unless method_options.nil?
+          request = {}
+
+          post_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/connected_apps/#{connected_app_id}/revoke", request, headers)
+        end
+      end
     end
   end
 end

data/lib/stytch/b2b_otp.rb

@@ -405,9 +405,6 @@ module StytchB2B
       # session_jwt::
       #   The JSON Web Token (JWT) for a given Stytch Session.
       #   The type of this field is +String+.
-      # member_session::
-      #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
-      #   The type of this field is +MemberSession+ (+object+).
       # organization::
       #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
       #   The type of this field is +Organization+ (+object+).
@@ -420,9 +417,15 @@ module StytchB2B
       # status_code::
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
+      # member_session::
+      #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
+      #   The type of this field is nilable +MemberSession+ (+object+).
       # mfa_required::
       #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
       #   The type of this field is nilable +MfaRequired+ (+object+).
+      # primary_required::
+      #   (no documentation yet)
+      #   The type of this field is nilable +PrimaryRequired+ (+object+).
       def authenticate(
         organization_id:,
         email_address:,

data/lib/stytch/b2b_passwords.rb

@@ -35,7 +35,7 @@ module StytchB2B
     #
     # == Parameters:
     # password::
-    #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
+    #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.
     #   The type of this field is +String+.
     # email_address::
     #   The email address of the Member.
@@ -237,7 +237,7 @@ module StytchB2B
     #   The email address of the Member.
     #   The type of this field is +String+.
     # password::
-    #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
+    #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.
     #   The type of this field is +String+.
     # session_token::
     #   A secret token for a given Stytch Session.
@@ -315,6 +315,9 @@ module StytchB2B
     # mfa_required::
     #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
     #   The type of this field is nilable +MfaRequired+ (+object+).
+    # primary_required::
+    #   Information about the primary authentication requirements of the Organization.
+    #   The type of this field is nilable +PrimaryRequired+ (+object+).
     def authenticate(
       organization_id:,
       email_address:,
@@ -412,7 +415,7 @@ module StytchB2B
       #   Use a custom template for reset password emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Reset Password.
       #   The type of this field is nilable +String+.
       # verify_email_template_id::
-      #   Use a custom template for verification emails sent during password reset flows. This template will be used the first time a user sets a password via a
+      #   Use a custom template for verification emails sent during password reset flows. When cross-organization passwords are enabled for your Project, this template will be used the first time a user sets a password via a
       #   password reset flow. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Email Verification.
       #   The type of this field is nilable +String+.
       #
@@ -477,7 +480,7 @@ module StytchB2B
       #   The password reset token to authenticate.
       #   The type of this field is +String+.
       # password::
-      #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
+      #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.
       #   The type of this field is +String+.
       # session_token::
       #   Reuse an existing session instead of creating a new one. If you provide a `session_token`, Stytch will update the session.
@@ -565,6 +568,9 @@ module StytchB2B
       # mfa_required::
       #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
       #   The type of this field is nilable +MfaRequired+ (+object+).
+      # primary_required::
+      #   Information about the primary authentication requirements of the Organization.
+      #   The type of this field is nilable +PrimaryRequired+ (+object+).
       def reset(
         password_reset_token:,
         password:,
@@ -656,7 +662,7 @@ module StytchB2B
       #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug here as a convenience.
       #   The type of this field is +String+.
       # password::
-      #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
+      #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.
       #   The type of this field is +String+.
       # session_token::
       #   A secret token for a given Stytch Session.
@@ -856,6 +862,9 @@ module StytchB2B
       # mfa_required::
       #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
       #   The type of this field is nilable +MfaRequired+ (+object+).
+      # primary_required::
+      #   Information about the primary authentication requirements of the Organization.
+      #   The type of this field is nilable +PrimaryRequired+ (+object+).
       def reset(
         email_address:,
         existing_password:,
@@ -905,7 +914,7 @@ module StytchB2B
       #   The email address of the Member.
       #   The type of this field is +String+.
       # password::
-      #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
+      #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.
       #   The type of this field is +String+.
       #
       # == Returns:
@@ -996,7 +1005,7 @@ module StytchB2B
         #
         #   The type of this field is nilable +String+.
         # verify_email_template_id::
-        #   Use a custom template for verification emails sent during password reset flows. This template will be used the first time a user sets a password via a
+        #   Use a custom template for verification emails sent during password reset flows. When cross-organization passwords are enabled for your Project, this template will be used the first time a user sets a password via a
         #   password reset flow. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Email Verification.
         #   The type of this field is nilable +String+.
         #
@@ -1044,7 +1053,7 @@ module StytchB2B
         #   The password reset token to authenticate.
         #   The type of this field is +String+.
         # password::
-        #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
+        #   The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.
         #   The type of this field is +String+.
         # pkce_code_verifier::
         #   (no documentation yet)