stytch 10.21.0 → 10.23.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 92655a5f974bb3fc56399b60d2ce6e3689dc00fab9ec6a13e61144960937f8b0
-  data.tar.gz: bca0fc61a0cbbc0b357bd044b2ef52f87e82ecc5c542dd7637f1d64fa5e1ffdd
+  metadata.gz: e2fb08700aeee0c0840e48859d8dc235da8d2aaf781645d76b257d72478d84ac
+  data.tar.gz: b76a0da30460f7973558c2c7b6fa134af9c67df528e6b9e90e5780f444145260
 SHA512:
-  metadata.gz: 4f770d5d5fe2d5d62780fc80ec0328801ad1cd00a45772c56d0b881b7c4c3291002bbfa84a1d21a332518483da7068a6ca21655c48ebe304aea999be46e3bd5d
-  data.tar.gz: 4cbfab64433fbc29c3b5256387f74e7de8ab05fe9427c11ab510b7415d1c164eaf1e52e1a62561de76b41122f198e8701e8a6a6c36c6043ea6f555184d4b6ffa
+  metadata.gz: 3e05a4ca1b82b877382db1ff2e98ae9d2687c82e4a0f1d084b2ea8c7e52ea5abc5da17e450378a353e9c5f300e890da5e02f1a8c4931f5506df098b89c2affc1
+  data.tar.gz: 6ad571d7bbf7d452d20e742dbf340836b0c5cb68ae1e6ddce55022c5ef19a431a71a4d32d6053f573f2487f1d0132b3876332681bed627f0e593009149b4745d

data/lib/stytch/b2b_discovery.rb

@@ -279,6 +279,32 @@ module StytchB2B
       # allowed_oauth_tenants::
       #   A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack", "hubspot", and "github".
       #   The type of this field is nilable +object+.
+      # first_party_connected_apps_allowed_type::
+      #   The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are:
+      #
+      #   `ALL_ALLOWED` – any first party Connected App in the Project is permitted for use by Members.
+      #
+      #   `RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+      #
+      #   `NOT_ALLOWED` – no first party Connected Apps are permitted.
+      #
+      #   The type of this field is nilable +CreateRequestFirstPartyConnectedAppsAllowedType+ (string enum).
+      # allowed_first_party_connected_apps::
+      #   An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization's `first_party_connected_apps_allowed_type` is `RESTRICTED`.
+      #   The type of this field is nilable list of +String+.
+      # third_party_connected_apps_allowed_type::
+      #   The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are:
+      #
+      #   `ALL_ALLOWED` – any third party Connected App in the Project is permitted for use by Members.
+      #
+      #   `RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+      #
+      #   `NOT_ALLOWED` – no third party Connected Apps are permitted.
+      #
+      #   The type of this field is nilable +CreateRequestThirdPartyConnectedAppsAllowedType+ (string enum).
+      # allowed_third_party_connected_apps::
+      #   An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization's `third_party_connected_apps_allowed_type` is `RESTRICTED`.
+      #   The type of this field is nilable list of +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -337,7 +363,11 @@ module StytchB2B
         mfa_methods: nil,
         allowed_mfa_methods: nil,
         oauth_tenant_jit_provisioning: nil,
-        allowed_oauth_tenants: nil
+        allowed_oauth_tenants: nil,
+        first_party_connected_apps_allowed_type: nil,
+        allowed_first_party_connected_apps: nil,
+        third_party_connected_apps_allowed_type: nil,
+        allowed_third_party_connected_apps: nil
       )
         headers = {}
         request = {
@@ -361,6 +391,10 @@ module StytchB2B
         request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
         request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
         request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
+        request[:first_party_connected_apps_allowed_type] = first_party_connected_apps_allowed_type unless first_party_connected_apps_allowed_type.nil?
+        request[:allowed_first_party_connected_apps] = allowed_first_party_connected_apps unless allowed_first_party_connected_apps.nil?
+        request[:third_party_connected_apps_allowed_type] = third_party_connected_apps_allowed_type unless third_party_connected_apps_allowed_type.nil?
+        request[:allowed_third_party_connected_apps] = allowed_third_party_connected_apps unless allowed_third_party_connected_apps.nil?
 
         post_request('/v1/b2b/discovery/organizations/create', request, headers)
       end

data/lib/stytch/b2b_impersonation.rb

@@ -19,7 +19,7 @@ module StytchB2B
     # Authenticate an impersonation token to impersonate a. This endpoint requires an impersonation token that is not expired or previously used.
     # A Stytch session will be created for the impersonated member with a 60 minute duration. Impersonated sessions cannot be extended.
     #
-    # Prior to this step, you can generate an impersonation token by visiting the Stytch dashboard, viewing a member, and clicking the `Impersonate Member` button.
+    # Prior to this step, you can generate an impersonation token by visiting the Stytch Dashboard, viewing a member, and clicking the `Impersonate Member` button.
     #
     # == Parameters:
     # impersonation_token::

data/lib/stytch/b2b_organizations.rb

@@ -1543,7 +1543,7 @@ module StytchB2B
       #   Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](organization-object) and its `auth_methods` and `allowed_auth_methods` fields for more details.
       #   The type of this field is nilable +Boolean+.
       # mfa_phone_number::
-      #   The Member's phone number. A Member may only have one phone number.
+      #   The Member's phone number. A Member may only have one phone number. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX).
       #   The type of this field is nilable +String+.
       # mfa_enrolled::
       #   Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.

data/lib/stytch/b2b_passwords.rb

@@ -24,10 +24,13 @@ module StytchB2B
 
     # This API allows you to check whether the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password.
     #
-    # This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
+    # This endpoint adapts to your Project's password strength configuration.
+    # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3.
+    # If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch.
+    # You may update your password strength configuration on the [Passwords Policy page](https://stytch.com/dashboard/password-strength-config) in the Stytch Dashboard.
     #
     # ## Password feedback
-    # The zxcvbn_feedback and luds_feedback objects contains relevant fields for you to relay feedback to users that failed to create a strong enough password.
+    # The `zxcvbn_feedback` and `luds_feedback` objects contains relevant fields for you to relay feedback to users that failed to create a strong enough password.
     #
     # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the feedback object will contain warning and suggestions for any password that does not meet the [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) strength requirements. You can return these strings directly to the user to help them craft a strong password.
     #
@@ -88,9 +91,13 @@ module StytchB2B
       post_request('/v1/b2b/passwords/strength_check', request, headers)
     end
 
-    # Adds an existing password to a member's email that doesn't have a password yet. We support migrating members from passwords stored with bcrypt, scrypt, argon2, MD-5, SHA-1, and PBKDF2. This endpoint has a rate limit of 100 requests per second.
+    # Adds an existing password to a Member's email that doesn't have a password yet.
     #
-    # The member's email will be marked as verified when you use this endpoint. If you are using **cross-organization passwords**, call this method separately for each `organization_id` associated with the given `email_address` to ensure the email is verified across all of their organizations.
+    # We support migrating members from passwords stored with bcrypt, scrypt, argon2, MD-5, SHA-1, and PBKDF2. This endpoint has a rate limit of 100 requests per second.
+    #
+    # The Member's email will be marked as verified when you use this endpoint.
+    #
+    # If you are using **cross-organization passwords**, i.e. allowing an end user to share the same password across all of their Organizations, call this method separately for each `organization_id` associated with the given `email_address` to ensure the password is set across all of their Organizations.
     #
     # == Parameters:
     # email_address::
@@ -147,10 +154,11 @@ module StytchB2B
     #   authentication factors with the affected SSO connection IDs will be revoked.
     #   The type of this field is nilable +Boolean+.
     # mfa_phone_number::
-    #   (no documentation yet)
+    #   The Member's phone number. A Member may only have one phone number. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX).
     #   The type of this field is nilable +String+.
     # set_phone_number_verified::
-    #   (no documentation yet)
+    #   Whether to set the user's phone number as verified. This is a dangerous field. This flag should only be set if you can attest that
+    #    the user owns the phone number in question.
     #   The type of this field is nilable +Boolean+.
     # external_id::
     #   If a new member is created, this will set an identifier that can be used in API calls wherever a member_id is expected. This is a string consisting of alphanumeric, `.`, `_`, `-`, or `|` characters with a maximum length of 128 characters. External IDs must be unique within an organization, but may be reused across different organizations in the same project. Note that if a member already exists, this field will be ignored.
@@ -377,7 +385,7 @@ module StytchB2B
       # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid
       # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are
       # considered valid if they meet the requirements that you've set with Stytch.
-      # You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
+      # You may update your password strength configuration on the [Passwords Policy page](https://stytch.com/dashboard/password-strength-config) in the Stytch Dashboard.
       #
       # == Parameters:
       # organization_id::
@@ -769,7 +777,7 @@ module StytchB2B
       # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid
       # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are
       # considered valid if they meet the requirements that you've set with Stytch.
-      # You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
+      # You may update your password strength configuration on the [Passwords Policy page](https://stytch.com/dashboard/password-strength-config) in the Stytch Dashboard.
       #
       # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
       # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
@@ -971,7 +979,7 @@ module StytchB2B
         # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid
         # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are
         # considered valid if they meet the requirements that you've set with Stytch.
-        # You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
+        # You may update your password strength configuration on the [Passwords Policy page](https://stytch.com/dashboard/password-strength-config) in the Stytch Dashboard.
         #
         # == Parameters:
         # email_address::

data/lib/stytch/b2b_rbac.rb

@@ -20,7 +20,8 @@ module StytchB2B
     #
     # When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating the need for an extra request to Stytch. The policy will be refreshed if an authorization check is requested and the RBAC policy was last updated more than 5 minutes ago.
     #
-    # Resources and Roles can be created and managed within the [Dashboard](https://stytch.com/docs/dashboard/rbac). Additionally, [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically managed through certain Stytch API endpoints.
+    # Resources and Roles can be created and managed within the [RBAC page](https://stytch.com/docs/dashboard/rbac) in the Dashboard.
+    # Additionally, [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically managed through certain Stytch API endpoints.
     #
     # Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model.
     #

data/lib/stytch/b2b_sessions.rb

@@ -417,7 +417,96 @@ module StytchB2B
       post_request('/v1/b2b/sessions/exchange_access_token', request, headers)
     end
 
-    # Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](https://stytch.com/docs/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing in your and create a Stytch Session. You will need to create the member before using this endpoint.
+    # Exchange an auth token issued by a trusted identity provider for a Stytch session. You must first register a Trusted Auth Token profile in the Stytch dashboard [here](https://stytch.com/docs/dashboard/trusted-auth-tokens).  If a session token or session JWT is provided, it will add the trusted auth token as an authentication factor to the existing session.
+    #
+    # == Parameters:
+    # organization_id::
+    #   The organization ID that the session should be authenticated in.
+    #   The type of this field is +String+.
+    # profile_id::
+    #   The ID of the trusted auth token profile to use for attestation.
+    #   The type of this field is +String+.
+    # token::
+    #   The trusted auth token to authenticate.
+    #   The type of this field is +String+.
+    # session_duration_minutes::
+    #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+    #   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+    #   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+    #
+    #   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+    #
+    #   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+    #
+    #   If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
+    #   to use the Stytch session product, you can ignore the session fields in the response.
+    #   The type of this field is nilable +Integer+.
+    # session_custom_claims::
+    #   Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
+    #   `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
+    #   delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
+    #   Total custom claims size cannot exceed four kilobytes.
+    #   The type of this field is nilable +object+.
+    # session_token::
+    #   The `session_token` for the session that you wish to add the trusted auth token authentication factor to.
+    #   The type of this field is nilable +String+.
+    # session_jwt::
+    #   The `session_jwt` for the session that you wish to add the trusted auth token authentication factor to.
+    #   The type of this field is nilable +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member.
+    #   The type of this field is +String+.
+    # member_session::
+    #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
+    #   The type of this field is +MemberSession+ (+object+).
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is +String+.
+    # member::
+    #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+    #   The type of this field is +Member+ (+object+).
+    # organization::
+    #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+    #   The type of this field is +Organization+ (+object+).
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
+    def attest(
+      organization_id:,
+      profile_id:,
+      token:,
+      session_duration_minutes: nil,
+      session_custom_claims: nil,
+      session_token: nil,
+      session_jwt: nil
+    )
+      headers = {}
+      request = {
+        organization_id: organization_id,
+        profile_id: profile_id,
+        token: token
+      }
+      request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
+      request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
+
+      post_request('/v1/b2b/sessions/attest', request, headers)
+    end
+
+    # Migrate a session from an external OIDC compliant endpoint.
+    # Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](https://stytch.com/docs/dashboard), and then perform a lookup using the `session_token`. <!-- FIXME more specific dashboard link-->
+    # If the response contains a valid email address, Stytch will attempt to match that email address with an existing in your and create a Stytch Session.
+    # You will need to create the member before using this endpoint.
     #
     # == Parameters:
     # session_token::

data/lib/stytch/impersonation.rb

@@ -19,7 +19,7 @@ module Stytch
     # Authenticate an impersonation token to impersonate a User. This endpoint requires an impersonation token that is not expired or previously used.
     # A Stytch session will be created for the impersonated user with a 60 minute duration. Impersonated sessions cannot be extended.
     #
-    # Prior to this step, you can generate an impersonation token by visiting the Stytch dashboard, viewing a user, and clicking the `Impersonate User` button.
+    # Prior to this step, you can generate an impersonation token by visiting the Stytch Dashboard, viewing a user, and clicking the `Impersonate User` button.
     #
     # == Parameters:
     # impersonation_token::

data/lib/stytch/passwords.rb

@@ -201,7 +201,7 @@ module Stytch
 
     # This API allows you to check whether or not the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password.
     #
-    # This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
+    # This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [Stytch Dashboard](https://stytch.com/dashboard/password-strength-config).
     #
     #
     # ### Password feedback
@@ -293,9 +293,9 @@ module Stytch
     #   The `untrusted_metadata` field contains an arbitrary JSON object of application-specific data. Untrusted metadata can be edited by end users directly via the SDK, and **cannot be used to store critical information.** See the [Metadata](https://stytch.com/docs/api/metadata) reference for complete field behavior details.
     #   The type of this field is nilable +object+.
     # set_email_verified::
-    #   Whether to set the user's email as verified. This is a dangerous field. Incorrect use may lead to users getting erroneously
-    #                 deduplicated into one user object. This flag should only be set if you can attest that the user owns the email address in question.
-    #                 Access to this field is restricted. To enable it, please send us a note at support@stytch.com.
+    #   Whether to set the user's email as verified. This is a dangerous field, incorrect use may lead to users getting erroneously
+    #                 deduplicated into one User object. This flag should only be set if you can attest that the user owns the email address in question.
+    #
     #   The type of this field is nilable +Boolean+.
     # name::
     #   The name of the user. Each field in the name object is optional.
@@ -304,12 +304,15 @@ module Stytch
     #   The phone number of the user. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX).
     #   The type of this field is nilable +String+.
     # set_phone_number_verified::
-    #   Whether to set the user's phone number as verified. This is a dangerous field. This flag should only be set if you can attest that
-    #    the user owns the phone number in question. Access to this field is restricted. To enable it, please send us a note at support@stytch.com.
+    #   Whether to set the user's phone number as verified. This is a dangerous field, this flag should only be set if you can attest that
+    #    the user owns the phone number in question.
     #   The type of this field is nilable +Boolean+.
     # external_id::
     #   If a new user is created, this will set an identifier that can be used in API calls wherever a user_id is expected. This is a string consisting of alphanumeric, `.`, `_`, `-`, or `|` characters with a maximum length of 128 characters.
     #   The type of this field is nilable +String+.
+    # roles::
+    #   (no documentation yet)
+    #   The type of this field is nilable list of +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -346,7 +349,8 @@ module Stytch
       name: nil,
       phone_number: nil,
       set_phone_number_verified: nil,
-      external_id: nil
+      external_id: nil,
+      roles: nil
     )
       headers = {}
       request = {
@@ -366,6 +370,7 @@ module Stytch
       request[:phone_number] = phone_number unless phone_number.nil?
       request[:set_phone_number_verified] = set_phone_number_verified unless set_phone_number_verified.nil?
       request[:external_id] = external_id unless external_id.nil?
+      request[:roles] = roles unless roles.nil?
 
       post_request('/v1/passwords/migrate', request, headers)
     end

data/lib/stytch/sessions.rb

@@ -326,6 +326,85 @@ module Stytch
       get_request(request, headers)
     end
 
+    # Exchange an auth token issued by a trusted identity provider for a Stytch session. You must first register a Trusted Auth Token profile in the Stytch dashboard [here](https://stytch.com/docs/dashboard/trusted-auth-tokens). If a session token or session JWT is provided, it will add the trusted auth token as an authentication factor to the existing session.
+    #
+    # == Parameters:
+    # profile_id::
+    #   The ID of the trusted auth token profile to use for attestation.
+    #   The type of this field is +String+.
+    # token::
+    #   The trusted auth token to authenticate.
+    #   The type of this field is +String+.
+    # session_duration_minutes::
+    #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+    #   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+    #   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+    #
+    #   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+    #
+    #   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+    #
+    #   If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created.
+    #   The type of this field is nilable +Integer+.
+    # session_custom_claims::
+    #   Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value.
+    #
+    #   Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes.
+    #   The type of this field is nilable +object+.
+    # session_token::
+    #   The `session_token` for the session that you wish to add the trusted auth token authentication factor to.
+    #   The type of this field is nilable +String+.
+    # session_jwt::
+    #   The `session_jwt` for the session that you wish to add the trusted auth token authentication factor to.
+    #   The type of this field is nilable +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # user_id::
+    #   The unique ID of the affected User.
+    #   The type of this field is +String+.
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is +String+.
+    # user::
+    #   The `user` object affected by this API call. See the [Get user endpoint](https://stytch.com/docs/api/get-user) for complete response field details.
+    #   The type of this field is +User+ (+object+).
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
+    # session::
+    #   If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response.
+    #
+    #   See [Session object](https://stytch.com/docs/api/session-object) for complete response fields.
+    #
+    #   The type of this field is nilable +Session+ (+object+).
+    def attest(
+      profile_id:,
+      token:,
+      session_duration_minutes: nil,
+      session_custom_claims: nil,
+      session_token: nil,
+      session_jwt: nil
+    )
+      headers = {}
+      request = {
+        profile_id: profile_id,
+        token: token
+      }
+      request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
+      request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
+
+      post_request('/v1/sessions/attest', request, headers)
+    end
+
     # MANUAL(Sessions::authenticate_jwt)(SERVICE_METHOD)
     # ADDIMPORT: require 'jwt'
     # ADDIMPORT: require 'json/jwt'

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '10.21.0'
+  VERSION = '10.23.0'
 end

data/lib/stytch/webauthn.rb

@@ -50,6 +50,9 @@ module Stytch
     # override_display_name::
     #   (no documentation yet)
     #   The type of this field is nilable +String+.
+    # use_base64_url_encoding::
+    #   (no documentation yet)
+    #   The type of this field is nilable +Boolean+.
     #
     # == Returns:
     # An object with the following fields:
@@ -73,7 +76,8 @@ module Stytch
       return_passkey_credential_options: nil,
       override_id: nil,
       override_name: nil,
-      override_display_name: nil
+      override_display_name: nil,
+      use_base64_url_encoding: nil
     )
       headers = {}
       request = {
@@ -86,6 +90,7 @@ module Stytch
       request[:override_id] = override_id unless override_id.nil?
       request[:override_name] = override_name unless override_name.nil?
       request[:override_display_name] = override_display_name unless override_display_name.nil?
+      request[:use_base64_url_encoding] = use_base64_url_encoding unless use_base64_url_encoding.nil?
 
       post_request('/v1/webauthn/register/start', request, headers)
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 10.21.0
+  version: 10.23.0
 platform: ruby
 authors:
 - stytch
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-06-18 00:00:00.000000000 Z
+date: 2025-07-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday