stytch 10.23.0 → 10.24.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e2fb08700aeee0c0840e48859d8dc235da8d2aaf781645d76b257d72478d84ac
-  data.tar.gz: b76a0da30460f7973558c2c7b6fa134af9c67df528e6b9e90e5780f444145260
+  metadata.gz: cb709fad85473f219b4bf2d15da9c8381b117ba31a3f9dd3393a338ec1583323
+  data.tar.gz: 1d59d330089fe207f936e80950a00ab0f1152d3f08c2a62db2df864fe4972408
 SHA512:
-  metadata.gz: 3e05a4ca1b82b877382db1ff2e98ae9d2687c82e4a0f1d084b2ea8c7e52ea5abc5da17e450378a353e9c5f300e890da5e02f1a8c4931f5506df098b89c2affc1
-  data.tar.gz: 6ad571d7bbf7d452d20e742dbf340836b0c5cb68ae1e6ddce55022c5ef19a431a71a4d32d6053f573f2487f1d0132b3876332681bed627f0e593009149b4745d
+  metadata.gz: 015bffaf59b053a43f58d5ab48f245bc24f7ba623ae498a6bcca502ed6023d278e03023154ddb4eb1d269386488831ccc03d30f0ed028817fe7b355e4df006ab
+  data.tar.gz: c5c4bd35f7da7a88da844c470238c6ec3c26dcc3e4ce3abfe874a9e936066b617cee4685019745b71a5ce969be35ab21a287245c1b9f93fcaa0602986980e15d

data/lib/stytch/b2b_client.rb

@@ -13,6 +13,7 @@ require_relative 'b2b_scim'
 require_relative 'b2b_sessions'
 require_relative 'b2b_sso'
 require_relative 'b2b_totps'
+require_relative 'connected_apps'
 require_relative 'fraud'
 require_relative 'm2m'
 require_relative 'project'
@@ -22,7 +23,7 @@ module StytchB2B
   class Client
     ENVIRONMENTS = %i[live test].freeze
 
-    attr_reader :discovery, :fraud, :impersonation, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :project, :rbac, :recovery_codes, :scim, :sso, :sessions, :totps
+    attr_reader :connected_app, :discovery, :fraud, :impersonation, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :project, :rbac, :recovery_codes, :scim, :sso, :sessions, :totps
 
     def initialize(project_id:, secret:, env: nil, fraud_env: nil, &block)
       @api_host = api_host(env, project_id)
@@ -36,6 +37,7 @@ module StytchB2B
       rbac = StytchB2B::RBAC.new(@connection)
       @policy_cache = StytchB2B::PolicyCache.new(rbac_client: rbac)
 
+      @connected_app = Stytch::ConnectedApp.new(@connection)
       @discovery = StytchB2B::Discovery.new(@connection)
       @fraud = Stytch::Fraud.new(@fraud_connection)
       @impersonation = StytchB2B::Impersonation.new(@connection)

data/lib/stytch/client.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require_relative 'connected_apps'
 require_relative 'crypto_wallets'
 require_relative 'fraud'
 require_relative 'impersonation'
@@ -18,7 +19,7 @@ module Stytch
   class Client
     ENVIRONMENTS = %i[live test].freeze
 
-    attr_reader :crypto_wallets, :fraud, :impersonation, :m2m, :magic_links, :oauth, :otps, :passwords, :project, :sessions, :totps, :users, :webauthn
+    attr_reader :connected_app, :crypto_wallets, :fraud, :impersonation, :m2m, :magic_links, :oauth, :otps, :passwords, :project, :sessions, :totps, :users, :webauthn
 
     def initialize(project_id:, secret:, env: nil, fraud_env: nil, &block)
       @api_host = api_host(env, project_id)
@@ -29,6 +30,7 @@ module Stytch
 
       create_connection(&block)
 
+      @connected_app = Stytch::ConnectedApp.new(@connection)
       @crypto_wallets = Stytch::CryptoWallets.new(@connection)
       @fraud = Stytch::Fraud.new(@fraud_connection)
       @impersonation = Stytch::Impersonation.new(@connection)

data/lib/stytch/connected_apps.rb

@@ -0,0 +1,372 @@
+# frozen_string_literal: true
+
+# !!!
+# WARNING: This file is autogenerated
+# Only modify code within MANUAL() sections
+# or your changes may be overwritten later!
+# !!!
+
+require_relative 'request_helper'
+
+module Stytch
+  class ConnectedApp
+    include Stytch::RequestHelper
+    attr_reader :clients
+
+    def initialize(connection)
+      @connection = connection
+
+      @clients = Stytch::ConnectedApp::Clients.new(@connection)
+    end
+
+    class Clients
+      include Stytch::RequestHelper
+      attr_reader :secrets
+
+      def initialize(connection)
+        @connection = connection
+
+        @secrets = Stytch::ConnectedApp::Clients::Secrets.new(@connection)
+      end
+
+      # Retrieve details of a specific Connected App by `client_id`.
+      #
+      # == Parameters:
+      # client_id::
+      #   The ID of the Connected App client.
+      #   The type of this field is +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # connected_app::
+      #   The Connected App affected by this operation.
+      #   The type of this field is +ConnectedApp+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      def get(
+        client_id:
+      )
+        headers = {}
+        query_params = {}
+        request = request_with_query_params("/v1/connected_apps/clients/#{client_id}", query_params)
+        get_request(request, headers)
+      end
+
+      # Updates mutable fields of a Connected App. Cannot update Client Type, Client ID, or Secrets.
+      #
+      # == Parameters:
+      # client_id::
+      #   The ID of the client.
+      #   The type of this field is +String+.
+      # client_name::
+      #   A human-readable name for the client.
+      #   The type of this field is nilable +String+.
+      # client_description::
+      #   A human-readable description for the client.
+      #   The type of this field is nilable +String+.
+      # redirect_urls::
+      #   Array of redirect URI values for use in OAuth Authorization flows.
+      #   The type of this field is nilable list of +String+.
+      # full_access_allowed::
+      #   Valid for first party clients only. If `true`, an authorization token granted to this Client can be exchanged for a full Stytch session.
+      #   The type of this field is nilable +Boolean+.
+      # access_token_expiry_minutes::
+      #   The number of minutes before the access token expires. The default is 60 minutes.
+      #   The type of this field is nilable +Integer+.
+      # access_token_custom_audience::
+      #   The custom audience for the access token.
+      #   The type of this field is nilable +String+.
+      # access_token_template_content::
+      #   The content of the access token custom claims template. The template must be a valid JSON object.
+      #   The type of this field is nilable +String+.
+      # post_logout_redirect_urls::
+      #   Array of redirect URI values for use in OIDC Logout flows.
+      #   The type of this field is nilable list of +String+.
+      # logo_url::
+      #   The logo URL of the Connected App, if any.
+      #   The type of this field is nilable +String+.
+      # bypass_consent_for_offline_access::
+      #   Valid for first party clients only. If true, the client does not need to request explicit user consent for the `offline_access` scope.
+      #   The type of this field is nilable +Boolean+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # connected_app::
+      #   The Connected App affected by this operation.
+      #   The type of this field is +ConnectedApp+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      def update(
+        client_id:,
+        client_name: nil,
+        client_description: nil,
+        redirect_urls: nil,
+        full_access_allowed: nil,
+        access_token_expiry_minutes: nil,
+        access_token_custom_audience: nil,
+        access_token_template_content: nil,
+        post_logout_redirect_urls: nil,
+        logo_url: nil,
+        bypass_consent_for_offline_access: nil
+      )
+        headers = {}
+        request = {}
+        request[:client_name] = client_name unless client_name.nil?
+        request[:client_description] = client_description unless client_description.nil?
+        request[:redirect_urls] = redirect_urls unless redirect_urls.nil?
+        request[:full_access_allowed] = full_access_allowed unless full_access_allowed.nil?
+        request[:access_token_expiry_minutes] = access_token_expiry_minutes unless access_token_expiry_minutes.nil?
+        request[:access_token_custom_audience] = access_token_custom_audience unless access_token_custom_audience.nil?
+        request[:access_token_template_content] = access_token_template_content unless access_token_template_content.nil?
+        request[:post_logout_redirect_urls] = post_logout_redirect_urls unless post_logout_redirect_urls.nil?
+        request[:logo_url] = logo_url unless logo_url.nil?
+        request[:bypass_consent_for_offline_access] = bypass_consent_for_offline_access unless bypass_consent_for_offline_access.nil?
+
+        put_request("/v1/connected_apps/clients/#{client_id}", request, headers)
+      end
+
+      # Deletes a Connected App.
+      #
+      # == Parameters:
+      # client_id::
+      #   The ID of the client.
+      #   The type of this field is +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   (no documentation yet)
+      #   The type of this field is +String+.
+      # client_id::
+      #   The ID of the client.
+      #   The type of this field is +String+.
+      # status_code::
+      #   (no documentation yet)
+      #   The type of this field is +Integer+.
+      def delete(
+        client_id:
+      )
+        headers = {}
+        delete_request("/v1/connected_apps/clients/#{client_id}", headers)
+      end
+
+      # Search for Connected Apps. Supports cursor-based pagination. Specific filters coming soon.
+      #
+      # == Parameters:
+      # cursor::
+      #   The `cursor` field allows you to paginate through your results. Each result array is limited to 1000 results. If your query returns more than 1000 results, you will need to paginate the responses using the `cursor`. If you receive a response that includes a non-null `next_cursor` in the `results_metadata` object, repeat the search call with the `next_cursor` value set to the `cursor` field to retrieve the next page of results. Continue to make search calls until the `next_cursor` in the response is null.
+      #   The type of this field is nilable +String+.
+      # limit::
+      #   The number of search results to return per page. The default limit is 100. A maximum of 1000 results can be returned by a single search request. If the total size of your result set is greater than one page size, you must paginate the response. See the `cursor` field.
+      #   The type of this field is nilable +Integer+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # connected_apps::
+      #   (no documentation yet)
+      #   The type of this field is list of +ConnectedApp+ (+object+).
+      # results_metadata::
+      #   The search `results_metadata` object contains metadata relevant to your specific query like total and `next_cursor`.
+      #   The type of this field is +ResultsMetadata+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      def search(
+        cursor: nil,
+        limit: nil
+      )
+        headers = {}
+        request = {}
+        request[:cursor] = cursor unless cursor.nil?
+        request[:limit] = limit unless limit.nil?
+
+        post_request('/v1/connected_apps/clients/search', request, headers)
+      end
+
+      # Creates a new Connected App. If the Connected App `client_type` is `first_party` or `third_party` a `client_secret` is returned.
+      #
+      # **Important:** This is the only time you will be able to view the generated `client_secret` in the API response. Stytch stores a hash of the `client_secret` and cannot recover the value if lost. Be sure to persist the `client_secret` in a secure location. If the `client_secret` is lost, you will need to trigger a secret rotation flow to receive another one.
+      #
+      # == Parameters:
+      # client_type::
+      #   The type of Connected App. Supported values are `first_party`, `first_party_public`, `third_party`, and `third_party_public`.
+      #   The type of this field is +CreateRequestClientType+ (string enum).
+      # redirect_urls::
+      #   Array of redirect URI values for use in OAuth Authorization flows.
+      #   The type of this field is list of +String+.
+      # full_access_allowed::
+      #   Valid for first party clients only. If `true`, an authorization token granted to this Client can be exchanged for a full Stytch session.
+      #   The type of this field is +Boolean+.
+      # post_logout_redirect_urls::
+      #   Array of redirect URI values for use in OIDC Logout flows.
+      #   The type of this field is list of +String+.
+      # client_name::
+      #   A human-readable name for the client.
+      #   The type of this field is nilable +String+.
+      # client_description::
+      #   A human-readable description for the client.
+      #   The type of this field is nilable +String+.
+      # access_token_expiry_minutes::
+      #   The number of minutes before the access token expires. The default is 60 minutes.
+      #   The type of this field is nilable +Integer+.
+      # access_token_custom_audience::
+      #   The custom audience for the access token.
+      #   The type of this field is nilable +String+.
+      # access_token_template_content::
+      #   The content of the access token custom claims template. The template must be a valid JSON object.
+      #   The type of this field is nilable +String+.
+      # logo_url::
+      #   The logo URL of the Connected App, if any.
+      #   The type of this field is nilable +String+.
+      # bypass_consent_for_offline_access::
+      #   Valid for first party clients only. If true, the client does not need to request explicit user consent for the `offline_access` scope.
+      #   The type of this field is nilable +Boolean+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # connected_app::
+      #   The Connected App created by this API call.
+      #   The type of this field is +ConnectedAppWithClientSecret+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      def create(
+        client_type:,
+        redirect_urls:,
+        full_access_allowed:,
+        post_logout_redirect_urls:,
+        client_name: nil,
+        client_description: nil,
+        access_token_expiry_minutes: nil,
+        access_token_custom_audience: nil,
+        access_token_template_content: nil,
+        logo_url: nil,
+        bypass_consent_for_offline_access: nil
+      )
+        headers = {}
+        request = {
+          client_type: client_type,
+          redirect_urls: redirect_urls,
+          full_access_allowed: full_access_allowed,
+          post_logout_redirect_urls: post_logout_redirect_urls
+        }
+        request[:client_name] = client_name unless client_name.nil?
+        request[:client_description] = client_description unless client_description.nil?
+        request[:access_token_expiry_minutes] = access_token_expiry_minutes unless access_token_expiry_minutes.nil?
+        request[:access_token_custom_audience] = access_token_custom_audience unless access_token_custom_audience.nil?
+        request[:access_token_template_content] = access_token_template_content unless access_token_template_content.nil?
+        request[:logo_url] = logo_url unless logo_url.nil?
+        request[:bypass_consent_for_offline_access] = bypass_consent_for_offline_access unless bypass_consent_for_offline_access.nil?
+
+        post_request('/v1/connected_apps/clients', request, headers)
+      end
+
+      class Secrets
+        include Stytch::RequestHelper
+
+        def initialize(connection)
+          @connection = connection
+        end
+
+        # Initiate the rotation of a Connected App client secret. After this endpoint is called, both the client's `client_secret` and `next_client_secret` will be valid. To complete the secret rotation flow, update all usages of `client_secret` to `next_client_secret` and call the Rotate Secret Endpoint to complete the flow.
+        # Secret rotation can be cancelled using the Cancel Secret Rotation endpoint.
+        #
+        # **Important:** This is the only time you will be able to view the generated `next_client_secret` in the API response. Stytch stores a hash of the `next_client_secret` and cannot recover the value if lost. Be sure to persist the `next_client_secret` in a secure location. If the `next_client_secret` is lost, you will need to trigger a secret rotation flow to receive another one.
+        #
+        # == Parameters:
+        # client_id::
+        #   The ID of the client.
+        #   The type of this field is +String+.
+        #
+        # == Returns:
+        # An object with the following fields:
+        # request_id::
+        #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+        #   The type of this field is +String+.
+        # connected_app::
+        #   The Connected App affected by this operation.
+        #   The type of this field is +ConnectedAppWithNextClientSecret+ (+object+).
+        # status_code::
+        #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+        #   The type of this field is +Integer+.
+        def rotate_start(
+          client_id:
+        )
+          headers = {}
+          request = {}
+
+          post_request("/v1/connected_apps/clients/#{client_id}/secrets/rotate/start", request, headers)
+        end
+
+        # Cancel the rotation of a Connected App client secret started with the Start Secret Rotation Endpoint. After this endpoint is called, the client's `next_client_secret` is discarded and only the original `client_secret` will be valid.
+        #
+        # == Parameters:
+        # client_id::
+        #   The ID of the client.
+        #   The type of this field is +String+.
+        #
+        # == Returns:
+        # An object with the following fields:
+        # request_id::
+        #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+        #   The type of this field is +String+.
+        # connected_app::
+        #   The Connected App affected by this operation.
+        #   The type of this field is +ConnectedApp+ (+object+).
+        # status_code::
+        #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+        #   The type of this field is +Integer+.
+        def rotate_cancel(
+          client_id:
+        )
+          headers = {}
+          request = {}
+
+          post_request("/v1/connected_apps/clients/#{client_id}/secrets/rotate/cancel", request, headers)
+        end
+
+        # Complete the rotation of a Connected App client secret started with the Rotate Secret Start Endpoint.
+        # After this endpoint is called, the client's `next_client_secret` becomes its `client_secret` and the previous `client_secret` will no longer be valid.
+        #
+        # == Parameters:
+        # client_id::
+        #   The ID of the client.
+        #   The type of this field is +String+.
+        #
+        # == Returns:
+        # An object with the following fields:
+        # request_id::
+        #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+        #   The type of this field is +String+.
+        # connected_app::
+        #   The Connected App affected by this operation.
+        #   The type of this field is +ConnectedApp+ (+object+).
+        # status_code::
+        #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+        #   The type of this field is +Integer+.
+        def rotate(
+          client_id:
+        )
+          headers = {}
+          request = {}
+
+          post_request("/v1/connected_apps/clients/#{client_id}/secrets/rotate", request, headers)
+        end
+      end
+    end
+  end
+end

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '10.23.0'
+  VERSION = '10.24.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 10.23.0
+  version: 10.24.0
 platform: ruby
 authors:
 - stytch
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-07-07 00:00:00.000000000 Z
+date: 2025-07-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -139,6 +139,7 @@ files:
 - lib/stytch/b2b_sso.rb
 - lib/stytch/b2b_totps.rb
 - lib/stytch/client.rb
+- lib/stytch/connected_apps.rb
 - lib/stytch/crypto_wallets.rb
 - lib/stytch/errors.rb
 - lib/stytch/fraud.rb