stytch 10.22.0 → 10.23.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 79f83098068aa5afdbecff54fe59173d6e1c4e0e9660204d4dbd045cbfcc1561
-  data.tar.gz: 14d9b1a5fd3dafb1e2d26b8d26cf9e06d27e1fa9c0eb7082d4c240cb87fbdf29
+  metadata.gz: e2fb08700aeee0c0840e48859d8dc235da8d2aaf781645d76b257d72478d84ac
+  data.tar.gz: b76a0da30460f7973558c2c7b6fa134af9c67df528e6b9e90e5780f444145260
 SHA512:
-  metadata.gz: fdf4c8bfea414eeb01e5aecfdbfb4ecaadaf31d9b079021557eb2e722facd43b07bf405b4d9518f0f114f6cdf0b09871092fa6c56077a3790f4c525ca9d9f6b6
-  data.tar.gz: '0990e814940119ed3eedc3d6f3bf90ec407de943633ab635ec6064e4cfede76bc35b9342b3fdee24497d56d2bf7b81b23e851ded86dea3cc9775af31f112ef5e'
+  metadata.gz: 3e05a4ca1b82b877382db1ff2e98ae9d2687c82e4a0f1d084b2ea8c7e52ea5abc5da17e450378a353e9c5f300e890da5e02f1a8c4931f5506df098b89c2affc1
+  data.tar.gz: 6ad571d7bbf7d452d20e742dbf340836b0c5cb68ae1e6ddce55022c5ef19a431a71a4d32d6053f573f2487f1d0132b3876332681bed627f0e593009149b4745d

data/lib/stytch/b2b_impersonation.rb

@@ -19,7 +19,7 @@ module StytchB2B
     # Authenticate an impersonation token to impersonate a. This endpoint requires an impersonation token that is not expired or previously used.
     # A Stytch session will be created for the impersonated member with a 60 minute duration. Impersonated sessions cannot be extended.
     #
-    # Prior to this step, you can generate an impersonation token by visiting the Stytch dashboard, viewing a member, and clicking the `Impersonate Member` button.
+    # Prior to this step, you can generate an impersonation token by visiting the Stytch Dashboard, viewing a member, and clicking the `Impersonate Member` button.
     #
     # == Parameters:
     # impersonation_token::

data/lib/stytch/b2b_passwords.rb

@@ -24,10 +24,13 @@ module StytchB2B
 
     # This API allows you to check whether the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password.
     #
-    # This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
+    # This endpoint adapts to your Project's password strength configuration.
+    # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3.
+    # If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch.
+    # You may update your password strength configuration on the [Passwords Policy page](https://stytch.com/dashboard/password-strength-config) in the Stytch Dashboard.
     #
     # ## Password feedback
-    # The zxcvbn_feedback and luds_feedback objects contains relevant fields for you to relay feedback to users that failed to create a strong enough password.
+    # The `zxcvbn_feedback` and `luds_feedback` objects contains relevant fields for you to relay feedback to users that failed to create a strong enough password.
     #
     # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the feedback object will contain warning and suggestions for any password that does not meet the [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) strength requirements. You can return these strings directly to the user to help them craft a strong password.
     #
@@ -382,7 +385,7 @@ module StytchB2B
       # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid
       # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are
       # considered valid if they meet the requirements that you've set with Stytch.
-      # You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
+      # You may update your password strength configuration on the [Passwords Policy page](https://stytch.com/dashboard/password-strength-config) in the Stytch Dashboard.
       #
       # == Parameters:
       # organization_id::
@@ -774,7 +777,7 @@ module StytchB2B
       # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid
       # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are
       # considered valid if they meet the requirements that you've set with Stytch.
-      # You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
+      # You may update your password strength configuration on the [Passwords Policy page](https://stytch.com/dashboard/password-strength-config) in the Stytch Dashboard.
       #
       # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
       # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
@@ -976,7 +979,7 @@ module StytchB2B
         # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid
         # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are
         # considered valid if they meet the requirements that you've set with Stytch.
-        # You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
+        # You may update your password strength configuration on the [Passwords Policy page](https://stytch.com/dashboard/password-strength-config) in the Stytch Dashboard.
         #
         # == Parameters:
         # email_address::

data/lib/stytch/b2b_rbac.rb

@@ -20,7 +20,8 @@ module StytchB2B
     #
     # When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating the need for an extra request to Stytch. The policy will be refreshed if an authorization check is requested and the RBAC policy was last updated more than 5 minutes ago.
     #
-    # Resources and Roles can be created and managed within the [Dashboard](https://stytch.com/docs/dashboard/rbac). Additionally, [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically managed through certain Stytch API endpoints.
+    # Resources and Roles can be created and managed within the [RBAC page](https://stytch.com/docs/dashboard/rbac) in the Dashboard.
+    # Additionally, [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically managed through certain Stytch API endpoints.
     #
     # Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model.
     #

data/lib/stytch/b2b_sessions.rb

@@ -417,7 +417,96 @@ module StytchB2B
       post_request('/v1/b2b/sessions/exchange_access_token', request, headers)
     end
 
-    # Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](https://stytch.com/docs/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing in your and create a Stytch Session. You will need to create the member before using this endpoint.
+    # Exchange an auth token issued by a trusted identity provider for a Stytch session. You must first register a Trusted Auth Token profile in the Stytch dashboard [here](https://stytch.com/docs/dashboard/trusted-auth-tokens).  If a session token or session JWT is provided, it will add the trusted auth token as an authentication factor to the existing session.
+    #
+    # == Parameters:
+    # organization_id::
+    #   The organization ID that the session should be authenticated in.
+    #   The type of this field is +String+.
+    # profile_id::
+    #   The ID of the trusted auth token profile to use for attestation.
+    #   The type of this field is +String+.
+    # token::
+    #   The trusted auth token to authenticate.
+    #   The type of this field is +String+.
+    # session_duration_minutes::
+    #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+    #   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+    #   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+    #
+    #   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+    #
+    #   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+    #
+    #   If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
+    #   to use the Stytch session product, you can ignore the session fields in the response.
+    #   The type of this field is nilable +Integer+.
+    # session_custom_claims::
+    #   Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
+    #   `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
+    #   delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
+    #   Total custom claims size cannot exceed four kilobytes.
+    #   The type of this field is nilable +object+.
+    # session_token::
+    #   The `session_token` for the session that you wish to add the trusted auth token authentication factor to.
+    #   The type of this field is nilable +String+.
+    # session_jwt::
+    #   The `session_jwt` for the session that you wish to add the trusted auth token authentication factor to.
+    #   The type of this field is nilable +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member.
+    #   The type of this field is +String+.
+    # member_session::
+    #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
+    #   The type of this field is +MemberSession+ (+object+).
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is +String+.
+    # member::
+    #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+    #   The type of this field is +Member+ (+object+).
+    # organization::
+    #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+    #   The type of this field is +Organization+ (+object+).
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
+    def attest(
+      organization_id:,
+      profile_id:,
+      token:,
+      session_duration_minutes: nil,
+      session_custom_claims: nil,
+      session_token: nil,
+      session_jwt: nil
+    )
+      headers = {}
+      request = {
+        organization_id: organization_id,
+        profile_id: profile_id,
+        token: token
+      }
+      request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
+      request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
+
+      post_request('/v1/b2b/sessions/attest', request, headers)
+    end
+
+    # Migrate a session from an external OIDC compliant endpoint.
+    # Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](https://stytch.com/docs/dashboard), and then perform a lookup using the `session_token`. <!-- FIXME more specific dashboard link-->
+    # If the response contains a valid email address, Stytch will attempt to match that email address with an existing in your and create a Stytch Session.
+    # You will need to create the member before using this endpoint.
     #
     # == Parameters:
     # session_token::

data/lib/stytch/impersonation.rb

@@ -19,7 +19,7 @@ module Stytch
     # Authenticate an impersonation token to impersonate a User. This endpoint requires an impersonation token that is not expired or previously used.
     # A Stytch session will be created for the impersonated user with a 60 minute duration. Impersonated sessions cannot be extended.
     #
-    # Prior to this step, you can generate an impersonation token by visiting the Stytch dashboard, viewing a user, and clicking the `Impersonate User` button.
+    # Prior to this step, you can generate an impersonation token by visiting the Stytch Dashboard, viewing a user, and clicking the `Impersonate User` button.
     #
     # == Parameters:
     # impersonation_token::

data/lib/stytch/passwords.rb

@@ -201,7 +201,7 @@ module Stytch
 
     # This API allows you to check whether or not the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password.
     #
-    # This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
+    # This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [Stytch Dashboard](https://stytch.com/dashboard/password-strength-config).
     #
     #
     # ### Password feedback
@@ -293,9 +293,9 @@ module Stytch
     #   The `untrusted_metadata` field contains an arbitrary JSON object of application-specific data. Untrusted metadata can be edited by end users directly via the SDK, and **cannot be used to store critical information.** See the [Metadata](https://stytch.com/docs/api/metadata) reference for complete field behavior details.
     #   The type of this field is nilable +object+.
     # set_email_verified::
-    #   Whether to set the user's email as verified. This is a dangerous field. Incorrect use may lead to users getting erroneously
-    #                 deduplicated into one user object. This flag should only be set if you can attest that the user owns the email address in question.
-    #                 Access to this field is restricted. To enable it, please send us a note at support@stytch.com.
+    #   Whether to set the user's email as verified. This is a dangerous field, incorrect use may lead to users getting erroneously
+    #                 deduplicated into one User object. This flag should only be set if you can attest that the user owns the email address in question.
+    #
     #   The type of this field is nilable +Boolean+.
     # name::
     #   The name of the user. Each field in the name object is optional.
@@ -304,12 +304,15 @@ module Stytch
     #   The phone number of the user. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX).
     #   The type of this field is nilable +String+.
     # set_phone_number_verified::
-    #   Whether to set the user's phone number as verified. This is a dangerous field. This flag should only be set if you can attest that
-    #    the user owns the phone number in question. Access to this field is restricted. To enable it, please send us a note at support@stytch.com.
+    #   Whether to set the user's phone number as verified. This is a dangerous field, this flag should only be set if you can attest that
+    #    the user owns the phone number in question.
     #   The type of this field is nilable +Boolean+.
     # external_id::
     #   If a new user is created, this will set an identifier that can be used in API calls wherever a user_id is expected. This is a string consisting of alphanumeric, `.`, `_`, `-`, or `|` characters with a maximum length of 128 characters.
     #   The type of this field is nilable +String+.
+    # roles::
+    #   (no documentation yet)
+    #   The type of this field is nilable list of +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -346,7 +349,8 @@ module Stytch
       name: nil,
       phone_number: nil,
       set_phone_number_verified: nil,
-      external_id: nil
+      external_id: nil,
+      roles: nil
     )
       headers = {}
       request = {
@@ -366,6 +370,7 @@ module Stytch
       request[:phone_number] = phone_number unless phone_number.nil?
       request[:set_phone_number_verified] = set_phone_number_verified unless set_phone_number_verified.nil?
       request[:external_id] = external_id unless external_id.nil?
+      request[:roles] = roles unless roles.nil?
 
       post_request('/v1/passwords/migrate', request, headers)
     end

data/lib/stytch/sessions.rb

@@ -326,6 +326,85 @@ module Stytch
       get_request(request, headers)
     end
 
+    # Exchange an auth token issued by a trusted identity provider for a Stytch session. You must first register a Trusted Auth Token profile in the Stytch dashboard [here](https://stytch.com/docs/dashboard/trusted-auth-tokens). If a session token or session JWT is provided, it will add the trusted auth token as an authentication factor to the existing session.
+    #
+    # == Parameters:
+    # profile_id::
+    #   The ID of the trusted auth token profile to use for attestation.
+    #   The type of this field is +String+.
+    # token::
+    #   The trusted auth token to authenticate.
+    #   The type of this field is +String+.
+    # session_duration_minutes::
+    #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+    #   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+    #   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+    #
+    #   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+    #
+    #   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+    #
+    #   If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created.
+    #   The type of this field is nilable +Integer+.
+    # session_custom_claims::
+    #   Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value.
+    #
+    #   Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes.
+    #   The type of this field is nilable +object+.
+    # session_token::
+    #   The `session_token` for the session that you wish to add the trusted auth token authentication factor to.
+    #   The type of this field is nilable +String+.
+    # session_jwt::
+    #   The `session_jwt` for the session that you wish to add the trusted auth token authentication factor to.
+    #   The type of this field is nilable +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # user_id::
+    #   The unique ID of the affected User.
+    #   The type of this field is +String+.
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is +String+.
+    # user::
+    #   The `user` object affected by this API call. See the [Get user endpoint](https://stytch.com/docs/api/get-user) for complete response field details.
+    #   The type of this field is +User+ (+object+).
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
+    # session::
+    #   If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response.
+    #
+    #   See [Session object](https://stytch.com/docs/api/session-object) for complete response fields.
+    #
+    #   The type of this field is nilable +Session+ (+object+).
+    def attest(
+      profile_id:,
+      token:,
+      session_duration_minutes: nil,
+      session_custom_claims: nil,
+      session_token: nil,
+      session_jwt: nil
+    )
+      headers = {}
+      request = {
+        profile_id: profile_id,
+        token: token
+      }
+      request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
+      request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
+
+      post_request('/v1/sessions/attest', request, headers)
+    end
+
     # MANUAL(Sessions::authenticate_jwt)(SERVICE_METHOD)
     # ADDIMPORT: require 'jwt'
     # ADDIMPORT: require 'json/jwt'

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '10.22.0'
+  VERSION = '10.23.0'
 end

data/lib/stytch/webauthn.rb

@@ -50,6 +50,9 @@ module Stytch
     # override_display_name::
     #   (no documentation yet)
     #   The type of this field is nilable +String+.
+    # use_base64_url_encoding::
+    #   (no documentation yet)
+    #   The type of this field is nilable +Boolean+.
     #
     # == Returns:
     # An object with the following fields:
@@ -73,7 +76,8 @@ module Stytch
       return_passkey_credential_options: nil,
       override_id: nil,
       override_name: nil,
-      override_display_name: nil
+      override_display_name: nil,
+      use_base64_url_encoding: nil
     )
       headers = {}
       request = {
@@ -86,6 +90,7 @@ module Stytch
       request[:override_id] = override_id unless override_id.nil?
       request[:override_name] = override_name unless override_name.nil?
       request[:override_display_name] = override_display_name unless override_display_name.nil?
+      request[:use_base64_url_encoding] = use_base64_url_encoding unless use_base64_url_encoding.nil?
 
       post_request('/v1/webauthn/register/start', request, headers)
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 10.22.0
+  version: 10.23.0
 platform: ruby
 authors:
 - stytch
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-06-24 00:00:00.000000000 Z
+date: 2025-07-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday