stytch 10.19.0 → 10.21.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e638ef6189392a14cc312951f14b9882c9c9479bb9bccd2e87884576cd944a8
-  data.tar.gz: c070606c02c73bb54aa6b90c755491e6da2d38e7a5dff07ac661712bef1c6e14
+  metadata.gz: 92655a5f974bb3fc56399b60d2ce6e3689dc00fab9ec6a13e61144960937f8b0
+  data.tar.gz: bca0fc61a0cbbc0b357bd044b2ef52f87e82ecc5c542dd7637f1d64fa5e1ffdd
 SHA512:
-  metadata.gz: c48b5f1e1a8a5b25061175848c74997918af834e0d499deace18fcbf670885821b3281158b8a41a8d6ada238b372ceb61a61a8bb48a2ee406be984c058ee88b1
-  data.tar.gz: 4400e4caea7dcedd1e81fdea293997583bb4eebe6f4b5687f2ab0f0a60bc9ef22e95f7a377ab4c6064a6b4d36f91066dc8f4425e4fffa4eb2e362b063799f55b
+  metadata.gz: 4f770d5d5fe2d5d62780fc80ec0328801ad1cd00a45772c56d0b881b7c4c3291002bbfa84a1d21a332518483da7068a6ca21655c48ebe304aea999be46e3bd5d
+  data.tar.gz: 4cbfab64433fbc29c3b5256387f74e7de8ab05fe9427c11ab510b7415d1c164eaf1e52e1a62561de76b41122f198e8701e8a6a6c36c6043ea6f555184d4b6ffa

data/lib/stytch/b2b_magic_links.rb

@@ -124,6 +124,9 @@ module StytchB2B
     # mfa_required::
     #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
     #   The type of this field is nilable +MfaRequired+ (+object+).
+    # primary_required::
+    #   (no documentation yet)
+    #   The type of this field is nilable +PrimaryRequired+ (+object+).
     def authenticate(
       magic_links_token:,
       pkce_code_verifier: nil,

data/lib/stytch/b2b_organizations.rb

@@ -203,16 +203,30 @@ module StytchB2B
     #   A list of email domains that are claimed by the Organization.
     #   The type of this field is nilable list of +String+.
     # first_party_connected_apps_allowed_type::
-    #   (no documentation yet)
+    #   The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are:
+    #
+    #   `ALL_ALLOWED` – any first party Connected App in the Project is permitted for use by Members.
+    #
+    #   `RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+    #
+    #   `NOT_ALLOWED` – no first party Connected Apps are permitted.
+    #
     #   The type of this field is nilable +CreateRequestFirstPartyConnectedAppsAllowedType+ (string enum).
     # allowed_first_party_connected_apps::
-    #   (no documentation yet)
+    #   An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization's `first_party_connected_apps_allowed_type` is `RESTRICTED`.
     #   The type of this field is nilable list of +String+.
     # third_party_connected_apps_allowed_type::
-    #   (no documentation yet)
+    #   The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are:
+    #
+    #   `ALL_ALLOWED` – any third party Connected App in the Project is permitted for use by Members.
+    #
+    #   `RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+    #
+    #   `NOT_ALLOWED` – no third party Connected Apps are permitted.
+    #
     #   The type of this field is nilable +CreateRequestThirdPartyConnectedAppsAllowedType+ (string enum).
     # allowed_third_party_connected_apps::
-    #   (no documentation yet)
+    #   An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization's `third_party_connected_apps_allowed_type` is `RESTRICTED`.
     #   The type of this field is nilable list of +String+.
     #
     # == Returns:
@@ -456,16 +470,30 @@ module StytchB2B
     #   A list of email domains that are claimed by the Organization.
     #   The type of this field is nilable list of +String+.
     # first_party_connected_apps_allowed_type::
-    #   (no documentation yet)
+    #   The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are:
+    #
+    #   `ALL_ALLOWED` – any first party Connected App in the Project is permitted for use by Members.
+    #
+    #   `RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+    #
+    #   `NOT_ALLOWED` – no first party Connected Apps are permitted.
+    #
     #   The type of this field is nilable +UpdateRequestFirstPartyConnectedAppsAllowedType+ (string enum).
     # allowed_first_party_connected_apps::
-    #   (no documentation yet)
+    #   An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization's `first_party_connected_apps_allowed_type` is `RESTRICTED`.
     #   The type of this field is nilable list of +String+.
     # third_party_connected_apps_allowed_type::
-    #   (no documentation yet)
+    #   The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are:
+    #
+    #   `ALL_ALLOWED` – any third party Connected App in the Project is permitted for use by Members.
+    #
+    #   `RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+    #
+    #   `NOT_ALLOWED` – no third party Connected Apps are permitted.
+    #
     #   The type of this field is nilable +UpdateRequestThirdPartyConnectedAppsAllowedType+ (string enum).
     # allowed_third_party_connected_apps::
-    #   (no documentation yet)
+    #   An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization's `third_party_connected_apps_allowed_type` is `RESTRICTED`.
     #   The type of this field is nilable list of +String+.
     #
     # == Returns:

data/lib/stytch/b2b_otp.rb

@@ -405,9 +405,6 @@ module StytchB2B
       # session_jwt::
       #   The JSON Web Token (JWT) for a given Stytch Session.
       #   The type of this field is +String+.
-      # member_session::
-      #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
-      #   The type of this field is +MemberSession+ (+object+).
       # organization::
       #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
       #   The type of this field is +Organization+ (+object+).
@@ -420,9 +417,15 @@ module StytchB2B
       # status_code::
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
+      # member_session::
+      #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
+      #   The type of this field is nilable +MemberSession+ (+object+).
       # mfa_required::
       #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
       #   The type of this field is nilable +MfaRequired+ (+object+).
+      # primary_required::
+      #   (no documentation yet)
+      #   The type of this field is nilable +PrimaryRequired+ (+object+).
       def authenticate(
         organization_id:,
         email_address:,

data/lib/stytch/b2b_passwords.rb

@@ -315,6 +315,9 @@ module StytchB2B
     # mfa_required::
     #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
     #   The type of this field is nilable +MfaRequired+ (+object+).
+    # primary_required::
+    #   Information about the primary authentication requirements of the Organization.
+    #   The type of this field is nilable +PrimaryRequired+ (+object+).
     def authenticate(
       organization_id:,
       email_address:,
@@ -389,7 +392,7 @@ module StytchB2B
       #   If you have not set a default `reset_password_redirect_url`, an error is returned.
       #   The type of this field is nilable +String+.
       # reset_password_expiration_minutes::
-      #   Sets a time limit after which the email link to reset the member's password will no longer be valid.
+      #   Sets a time limit after which the email link to reset the member's password will no longer be valid. The minimum allowed expiration is 5 minutes and the maximum is 10080 minutes (7 days). By default, the expiration is 30 minutes.
       #   The type of this field is nilable +Integer+.
       # code_challenge::
       #   A base64url encoded SHA256 hash of a one time secret used to validate that the request starts and ends on the same device.
@@ -412,7 +415,7 @@ module StytchB2B
       #   Use a custom template for reset password emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Reset Password.
       #   The type of this field is nilable +String+.
       # verify_email_template_id::
-      #   Use a custom template for verification emails sent during password reset flows. This template will be used the first time a user sets a password via a
+      #   Use a custom template for verification emails sent during password reset flows. When cross-organization passwords are enabled for your Project, this template will be used the first time a user sets a password via a
       #   password reset flow. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Email Verification.
       #   The type of this field is nilable +String+.
       #
@@ -565,6 +568,9 @@ module StytchB2B
       # mfa_required::
       #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
       #   The type of this field is nilable +MfaRequired+ (+object+).
+      # primary_required::
+      #   Information about the primary authentication requirements of the Organization.
+      #   The type of this field is nilable +PrimaryRequired+ (+object+).
       def reset(
         password_reset_token:,
         password:,
@@ -856,6 +862,9 @@ module StytchB2B
       # mfa_required::
       #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
       #   The type of this field is nilable +MfaRequired+ (+object+).
+      # primary_required::
+      #   Information about the primary authentication requirements of the Organization.
+      #   The type of this field is nilable +PrimaryRequired+ (+object+).
       def reset(
         email_address:,
         existing_password:,
@@ -982,7 +991,7 @@ module StytchB2B
         #   Use a custom template for reset password emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Reset Password.
         #   The type of this field is nilable +String+.
         # reset_password_expiration_minutes::
-        #   Sets a time limit after which the email link to reset the member's password will no longer be valid.
+        #   Sets a time limit after which the email link to reset the member's password will no longer be valid. The minimum allowed expiration is 5 minutes and the maximum is 10080 minutes (7 days). By default, the expiration is 30 minutes.
         #   The type of this field is nilable +Integer+.
         # pkce_code_challenge::
         #   (no documentation yet)
@@ -996,7 +1005,7 @@ module StytchB2B
         #
         #   The type of this field is nilable +String+.
         # verify_email_template_id::
-        #   Use a custom template for verification emails sent during password reset flows. This template will be used the first time a user sets a password via a
+        #   Use a custom template for verification emails sent during password reset flows. When cross-organization passwords are enabled for your Project, this template will be used the first time a user sets a password via a
         #   password reset flow. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Email Verification.
         #   The type of this field is nilable +String+.
         #

data/lib/stytch/b2b_sessions.rb

@@ -293,9 +293,6 @@ module StytchB2B
     # member_id::
     #   Globally unique UUID that identifies a specific Member.
     #   The type of this field is +String+.
-    # member_session::
-    #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
-    #   The type of this field is +MemberSession+ (+object+).
     # session_token::
     #   A secret token for a given Stytch Session.
     #   The type of this field is +String+.
@@ -317,6 +314,9 @@ module StytchB2B
     # status_code::
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
+    # member_session::
+    #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
+    #   The type of this field is nilable +MemberSession+ (+object+).
     # mfa_required::
     #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
     #   The type of this field is nilable +MfaRequired+ (+object+).
@@ -347,7 +347,9 @@ module StytchB2B
     # Use this endpoint to exchange a Connected Apps Access Token back into a Member Session for the underlying Member.
     # This session can be used with the Stytch SDKs and APIs.
     #
-    # The Access Token must contain the `full_access` scope and must not be more than 5 minutes old. Access Tokens may only be exchanged a single time.
+    # The Access Token must contain the `full_access` scope (only available to First Party clients) and must not be more than 5 minutes old. Access Tokens may only be exchanged a single time.
+    #
+    # The Member Session returned will be the same Member Session that was active in your application (the authorizing party) during the initial authorization flow.
     #
     # Because the Member previously completed MFA and satisfied all Organization authentication requirements at the time of the original Access Token issuance, this endpoint will never return an `intermediate_session_token` or require MFA.
     #

data/lib/stytch/b2b_sso.rb

@@ -230,6 +230,9 @@ module StytchB2B
     # mfa_required::
     #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
     #   The type of this field is nilable +MfaRequired+ (+object+).
+    # primary_required::
+    #   (no documentation yet)
+    #   The type of this field is nilable +PrimaryRequired+ (+object+).
     def authenticate(
       sso_token:,
       pkce_code_verifier: nil,

data/lib/stytch/fraud.rb

@@ -11,13 +11,14 @@ require_relative 'request_helper'
 module Stytch
   class Fraud
     include Stytch::RequestHelper
-    attr_reader :fingerprint, :rules
+    attr_reader :fingerprint, :rules, :verdict_reasons
 
     def initialize(connection)
       @connection = connection
 
       @fingerprint = Stytch::Fraud::Fingerprint.new(@connection)
       @rules = Stytch::Fraud::Rules.new(@connection)
+      @verdict_reasons = Stytch::Fraud::VerdictReasons.new(@connection)
     end
 
     class Fingerprint
@@ -252,5 +253,82 @@ module Stytch
         post_request('/v1/rules/list', request, headers)
       end
     end
+
+    class VerdictReasons
+      include Stytch::RequestHelper
+
+      def initialize(connection)
+        @connection = connection
+      end
+
+      # Use this endpoint to override the action returned for a specific verdict reason during a fingerprint lookup. For example, Stytch Device Fingerprinting returns a `CHALLENGE` verdict action by default for the verdict reason `VIRTUAL_MACHINE`. You can use this endpoint to override that reason to return an `ALLOW` verdict instead if you expect many legitimate users to be using a browser that runs in a virtual machine.
+      #
+      # == Parameters:
+      # verdict_reason::
+      #   The verdict reason that you wish to override. For a list of possible reasons to override, see [Warning Flags (Verdict Reasons)](https://stytch.com/docs/docs/fraud/guides/device-fingerprinting/reference/warning-flags-verdict-reasons). You may not override the `RULE_MATCH` reason.
+      #   The type of this field is +String+.
+      # override_action::
+      #   The action that you want to be returned for the specified verdict reason. The override action must be one of `ALLOW`, `BLOCK`, or `CHALLENGE`.
+      #   The type of this field is +OverrideRequestAction+ (string enum).
+      # override_description::
+      #   An optional description for the verdict reason override.
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # verdict_reason_action::
+      #   Information about the verdict reason override that was just set.
+      #   The type of this field is +VerdictReasonAction+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      def override(
+        verdict_reason:,
+        override_action:,
+        override_description: nil
+      )
+        headers = {}
+        request = {
+          verdict_reason: verdict_reason,
+          override_action: override_action
+        }
+        request[:override_description] = override_description unless override_description.nil?
+
+        post_request('/v1/verdict_reasons/override', request, headers)
+      end
+
+      # Get the list of verdict reasons returned by the Stytch Device Fingerprinting product along with their default actions and any overrides you may have defined. This is not an exhaustive list of verdict reasons, but it contains all verdict reasons that you may set an override on.
+      #
+      # For a full list of possible verdict reasons, see [Warning Flags (Verdict Reasons)](https://stytch.com/docs/docs/fraud/guides/device-fingerprinting/reference/warning-flags-verdict-reasons).
+      #
+      # == Parameters:
+      # overrides_only::
+      #   Whether to return only verdict reasons that have overrides set. Defaults to false.
+      #   The type of this field is nilable +Boolean+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # verdict_reason_actions::
+      #   Information about verdict reasons and any overrides that were set on them.
+      #   The type of this field is list of +VerdictReasonAction+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      def list(
+        overrides_only: nil
+      )
+        headers = {}
+        request = {}
+        request[:overrides_only] = overrides_only unless overrides_only.nil?
+
+        post_request('/v1/verdict_reasons/list', request, headers)
+      end
+    end
   end
 end

data/lib/stytch/sessions.rb

@@ -223,7 +223,9 @@ module Stytch
     # Use this endpoint to exchange a Connected Apps Access Token back into a Stytch Session for the underlying User.
     # This session can be used with the Stytch SDKs and APIs.
     #
-    # The Access Token must contain the `full_access` scope and must not be more than 5 minutes old. Access Tokens may only be exchanged a single time.
+    # The Session returned will be the same Session that was active in your application (the authorizing party) during the initial authorization flow.
+    #
+    # The Access Token must contain the `full_access` scope (only available to First Party clients) and must not be more than 5 minutes old. Access Tokens may only be exchanged a single time.
     #
     # == Parameters:
     # access_token::

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '10.19.0'
+  VERSION = '10.21.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 10.19.0
+  version: 10.21.0
 platform: ruby
 authors:
 - stytch
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-06-05 00:00:00.000000000 Z
+date: 2025-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday