stytch 10.20.0 → 10.22.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c952f51df5bedbec2f8ea1a1067d4f48f6e286ad4d3995a637fbbd9d0f8d2fd2
-  data.tar.gz: f2aefae357b0bffc0d60766e0c135bb4d196f15d7eca7a85aba8a6c4cea6b9a7
+  metadata.gz: 79f83098068aa5afdbecff54fe59173d6e1c4e0e9660204d4dbd045cbfcc1561
+  data.tar.gz: 14d9b1a5fd3dafb1e2d26b8d26cf9e06d27e1fa9c0eb7082d4c240cb87fbdf29
 SHA512:
-  metadata.gz: 0cbab2c8cec7e1f94a2573ff9e36abe59d511c75e773be046dfe9cd12fd0e17be70b6410581496a3d0a37ed40324fb1f8256628ed329ee3e62d0485efead885f
-  data.tar.gz: 633239b9adaa11ccb7dd0baabb7b5b8ff2259feca39284efee3809cf83cfef2171c317eb2917496ed54ee729174f347c6f240f24111b1b60ade90f9c08f1e1dd
+  metadata.gz: fdf4c8bfea414eeb01e5aecfdbfb4ecaadaf31d9b079021557eb2e722facd43b07bf405b4d9518f0f114f6cdf0b09871092fa6c56077a3790f4c525ca9d9f6b6
+  data.tar.gz: '0990e814940119ed3eedc3d6f3bf90ec407de943633ab635ec6064e4cfede76bc35b9342b3fdee24497d56d2bf7b81b23e851ded86dea3cc9775af31f112ef5e'

data/lib/stytch/b2b_discovery.rb

@@ -279,6 +279,32 @@ module StytchB2B
       # allowed_oauth_tenants::
       #   A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack", "hubspot", and "github".
       #   The type of this field is nilable +object+.
+      # first_party_connected_apps_allowed_type::
+      #   The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are:
+      #
+      #   `ALL_ALLOWED` – any first party Connected App in the Project is permitted for use by Members.
+      #
+      #   `RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+      #
+      #   `NOT_ALLOWED` – no first party Connected Apps are permitted.
+      #
+      #   The type of this field is nilable +CreateRequestFirstPartyConnectedAppsAllowedType+ (string enum).
+      # allowed_first_party_connected_apps::
+      #   An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization's `first_party_connected_apps_allowed_type` is `RESTRICTED`.
+      #   The type of this field is nilable list of +String+.
+      # third_party_connected_apps_allowed_type::
+      #   The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are:
+      #
+      #   `ALL_ALLOWED` – any third party Connected App in the Project is permitted for use by Members.
+      #
+      #   `RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+      #
+      #   `NOT_ALLOWED` – no third party Connected Apps are permitted.
+      #
+      #   The type of this field is nilable +CreateRequestThirdPartyConnectedAppsAllowedType+ (string enum).
+      # allowed_third_party_connected_apps::
+      #   An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization's `third_party_connected_apps_allowed_type` is `RESTRICTED`.
+      #   The type of this field is nilable list of +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -337,7 +363,11 @@ module StytchB2B
         mfa_methods: nil,
         allowed_mfa_methods: nil,
         oauth_tenant_jit_provisioning: nil,
-        allowed_oauth_tenants: nil
+        allowed_oauth_tenants: nil,
+        first_party_connected_apps_allowed_type: nil,
+        allowed_first_party_connected_apps: nil,
+        third_party_connected_apps_allowed_type: nil,
+        allowed_third_party_connected_apps: nil
       )
         headers = {}
         request = {
@@ -361,6 +391,10 @@ module StytchB2B
         request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
         request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
         request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
+        request[:first_party_connected_apps_allowed_type] = first_party_connected_apps_allowed_type unless first_party_connected_apps_allowed_type.nil?
+        request[:allowed_first_party_connected_apps] = allowed_first_party_connected_apps unless allowed_first_party_connected_apps.nil?
+        request[:third_party_connected_apps_allowed_type] = third_party_connected_apps_allowed_type unless third_party_connected_apps_allowed_type.nil?
+        request[:allowed_third_party_connected_apps] = allowed_third_party_connected_apps unless allowed_third_party_connected_apps.nil?
 
         post_request('/v1/b2b/discovery/organizations/create', request, headers)
       end

data/lib/stytch/b2b_organizations.rb

@@ -203,16 +203,30 @@ module StytchB2B
     #   A list of email domains that are claimed by the Organization.
     #   The type of this field is nilable list of +String+.
     # first_party_connected_apps_allowed_type::
-    #   (no documentation yet)
+    #   The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are:
+    #
+    #   `ALL_ALLOWED` – any first party Connected App in the Project is permitted for use by Members.
+    #
+    #   `RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+    #
+    #   `NOT_ALLOWED` – no first party Connected Apps are permitted.
+    #
     #   The type of this field is nilable +CreateRequestFirstPartyConnectedAppsAllowedType+ (string enum).
     # allowed_first_party_connected_apps::
-    #   (no documentation yet)
+    #   An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization's `first_party_connected_apps_allowed_type` is `RESTRICTED`.
     #   The type of this field is nilable list of +String+.
     # third_party_connected_apps_allowed_type::
-    #   (no documentation yet)
+    #   The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are:
+    #
+    #   `ALL_ALLOWED` – any third party Connected App in the Project is permitted for use by Members.
+    #
+    #   `RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+    #
+    #   `NOT_ALLOWED` – no third party Connected Apps are permitted.
+    #
     #   The type of this field is nilable +CreateRequestThirdPartyConnectedAppsAllowedType+ (string enum).
     # allowed_third_party_connected_apps::
-    #   (no documentation yet)
+    #   An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization's `third_party_connected_apps_allowed_type` is `RESTRICTED`.
     #   The type of this field is nilable list of +String+.
     #
     # == Returns:
@@ -456,16 +470,30 @@ module StytchB2B
     #   A list of email domains that are claimed by the Organization.
     #   The type of this field is nilable list of +String+.
     # first_party_connected_apps_allowed_type::
-    #   (no documentation yet)
+    #   The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are:
+    #
+    #   `ALL_ALLOWED` – any first party Connected App in the Project is permitted for use by Members.
+    #
+    #   `RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+    #
+    #   `NOT_ALLOWED` – no first party Connected Apps are permitted.
+    #
     #   The type of this field is nilable +UpdateRequestFirstPartyConnectedAppsAllowedType+ (string enum).
     # allowed_first_party_connected_apps::
-    #   (no documentation yet)
+    #   An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization's `first_party_connected_apps_allowed_type` is `RESTRICTED`.
     #   The type of this field is nilable list of +String+.
     # third_party_connected_apps_allowed_type::
-    #   (no documentation yet)
+    #   The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are:
+    #
+    #   `ALL_ALLOWED` – any third party Connected App in the Project is permitted for use by Members.
+    #
+    #   `RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+    #
+    #   `NOT_ALLOWED` – no third party Connected Apps are permitted.
+    #
     #   The type of this field is nilable +UpdateRequestThirdPartyConnectedAppsAllowedType+ (string enum).
     # allowed_third_party_connected_apps::
-    #   (no documentation yet)
+    #   An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization's `third_party_connected_apps_allowed_type` is `RESTRICTED`.
     #   The type of this field is nilable list of +String+.
     #
     # == Returns:
@@ -1515,7 +1543,7 @@ module StytchB2B
       #   Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](organization-object) and its `auth_methods` and `allowed_auth_methods` fields for more details.
       #   The type of this field is nilable +Boolean+.
       # mfa_phone_number::
-      #   The Member's phone number. A Member may only have one phone number.
+      #   The Member's phone number. A Member may only have one phone number. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX).
       #   The type of this field is nilable +String+.
       # mfa_enrolled::
       #   Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.

data/lib/stytch/b2b_passwords.rb

@@ -88,9 +88,13 @@ module StytchB2B
       post_request('/v1/b2b/passwords/strength_check', request, headers)
     end
 
-    # Adds an existing password to a member's email that doesn't have a password yet. We support migrating members from passwords stored with bcrypt, scrypt, argon2, MD-5, SHA-1, and PBKDF2. This endpoint has a rate limit of 100 requests per second.
+    # Adds an existing password to a Member's email that doesn't have a password yet.
     #
-    # The member's email will be marked as verified when you use this endpoint. If you are using **cross-organization passwords**, call this method separately for each `organization_id` associated with the given `email_address` to ensure the email is verified across all of their organizations.
+    # We support migrating members from passwords stored with bcrypt, scrypt, argon2, MD-5, SHA-1, and PBKDF2. This endpoint has a rate limit of 100 requests per second.
+    #
+    # The Member's email will be marked as verified when you use this endpoint.
+    #
+    # If you are using **cross-organization passwords**, i.e. allowing an end user to share the same password across all of their Organizations, call this method separately for each `organization_id` associated with the given `email_address` to ensure the password is set across all of their Organizations.
     #
     # == Parameters:
     # email_address::
@@ -147,10 +151,11 @@ module StytchB2B
     #   authentication factors with the affected SSO connection IDs will be revoked.
     #   The type of this field is nilable +Boolean+.
     # mfa_phone_number::
-    #   (no documentation yet)
+    #   The Member's phone number. A Member may only have one phone number. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX).
     #   The type of this field is nilable +String+.
     # set_phone_number_verified::
-    #   (no documentation yet)
+    #   Whether to set the user's phone number as verified. This is a dangerous field. This flag should only be set if you can attest that
+    #    the user owns the phone number in question.
     #   The type of this field is nilable +Boolean+.
     # external_id::
     #   If a new member is created, this will set an identifier that can be used in API calls wherever a member_id is expected. This is a string consisting of alphanumeric, `.`, `_`, `-`, or `|` characters with a maximum length of 128 characters. External IDs must be unique within an organization, but may be reused across different organizations in the same project. Note that if a member already exists, this field will be ignored.
@@ -392,7 +397,7 @@ module StytchB2B
       #   If you have not set a default `reset_password_redirect_url`, an error is returned.
       #   The type of this field is nilable +String+.
       # reset_password_expiration_minutes::
-      #   Sets a time limit after which the email link to reset the member's password will no longer be valid.
+      #   Sets a time limit after which the email link to reset the member's password will no longer be valid. The minimum allowed expiration is 5 minutes and the maximum is 10080 minutes (7 days). By default, the expiration is 30 minutes.
       #   The type of this field is nilable +Integer+.
       # code_challenge::
       #   A base64url encoded SHA256 hash of a one time secret used to validate that the request starts and ends on the same device.
@@ -991,7 +996,7 @@ module StytchB2B
         #   Use a custom template for reset password emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Reset Password.
         #   The type of this field is nilable +String+.
         # reset_password_expiration_minutes::
-        #   Sets a time limit after which the email link to reset the member's password will no longer be valid.
+        #   Sets a time limit after which the email link to reset the member's password will no longer be valid. The minimum allowed expiration is 5 minutes and the maximum is 10080 minutes (7 days). By default, the expiration is 30 minutes.
         #   The type of this field is nilable +Integer+.
         # pkce_code_challenge::
         #   (no documentation yet)

data/lib/stytch/fraud.rb

@@ -11,13 +11,14 @@ require_relative 'request_helper'
 module Stytch
   class Fraud
     include Stytch::RequestHelper
-    attr_reader :fingerprint, :rules
+    attr_reader :fingerprint, :rules, :verdict_reasons
 
     def initialize(connection)
       @connection = connection
 
       @fingerprint = Stytch::Fraud::Fingerprint.new(@connection)
       @rules = Stytch::Fraud::Rules.new(@connection)
+      @verdict_reasons = Stytch::Fraud::VerdictReasons.new(@connection)
     end
 
     class Fingerprint
@@ -252,5 +253,82 @@ module Stytch
         post_request('/v1/rules/list', request, headers)
       end
     end
+
+    class VerdictReasons
+      include Stytch::RequestHelper
+
+      def initialize(connection)
+        @connection = connection
+      end
+
+      # Use this endpoint to override the action returned for a specific verdict reason during a fingerprint lookup. For example, Stytch Device Fingerprinting returns a `CHALLENGE` verdict action by default for the verdict reason `VIRTUAL_MACHINE`. You can use this endpoint to override that reason to return an `ALLOW` verdict instead if you expect many legitimate users to be using a browser that runs in a virtual machine.
+      #
+      # == Parameters:
+      # verdict_reason::
+      #   The verdict reason that you wish to override. For a list of possible reasons to override, see [Warning Flags (Verdict Reasons)](https://stytch.com/docs/docs/fraud/guides/device-fingerprinting/reference/warning-flags-verdict-reasons). You may not override the `RULE_MATCH` reason.
+      #   The type of this field is +String+.
+      # override_action::
+      #   The action that you want to be returned for the specified verdict reason. The override action must be one of `ALLOW`, `BLOCK`, or `CHALLENGE`.
+      #   The type of this field is +OverrideRequestAction+ (string enum).
+      # override_description::
+      #   An optional description for the verdict reason override.
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # verdict_reason_action::
+      #   Information about the verdict reason override that was just set.
+      #   The type of this field is +VerdictReasonAction+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      def override(
+        verdict_reason:,
+        override_action:,
+        override_description: nil
+      )
+        headers = {}
+        request = {
+          verdict_reason: verdict_reason,
+          override_action: override_action
+        }
+        request[:override_description] = override_description unless override_description.nil?
+
+        post_request('/v1/verdict_reasons/override', request, headers)
+      end
+
+      # Get the list of verdict reasons returned by the Stytch Device Fingerprinting product along with their default actions and any overrides you may have defined. This is not an exhaustive list of verdict reasons, but it contains all verdict reasons that you may set an override on.
+      #
+      # For a full list of possible verdict reasons, see [Warning Flags (Verdict Reasons)](https://stytch.com/docs/docs/fraud/guides/device-fingerprinting/reference/warning-flags-verdict-reasons).
+      #
+      # == Parameters:
+      # overrides_only::
+      #   Whether to return only verdict reasons that have overrides set. Defaults to false.
+      #   The type of this field is nilable +Boolean+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # verdict_reason_actions::
+      #   Information about verdict reasons and any overrides that were set on them.
+      #   The type of this field is list of +VerdictReasonAction+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      def list(
+        overrides_only: nil
+      )
+        headers = {}
+        request = {}
+        request[:overrides_only] = overrides_only unless overrides_only.nil?
+
+        post_request('/v1/verdict_reasons/list', request, headers)
+      end
+    end
   end
 end

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '10.20.0'
+  VERSION = '10.22.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 10.20.0
+  version: 10.22.0
 platform: ruby
 authors:
 - stytch
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-06-11 00:00:00.000000000 Z
+date: 2025-06-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday