stytch 10.24.0 → 10.26.0

data/lib/stytch/b2b_organizations.rb

@@ -95,9 +95,9 @@ module StytchB2B
       @members = StytchB2B::Organizations::Members.new(@connection)
     end
 
-    # Creates an. An `organization_name` and a unique `organization_slug` are required.
+    # Creates an Organization. An `organization_name` and a unique `organization_slug` are required.
     #
-    # By default, `email_invites` and `sso_jit_provisioning` will be set to `ALL_ALLOWED`, and `mfa_policy` will be set to `OPTIONAL` if no Organization authentication settings are explicitly defined in the request.
+    # If no Organization authentication setting parameters are passed in, `email_invites` will default to `ALL_ALLOWED` so that the Organization has a way to add Members. Otherwise, `email_invites` will default to `NOT_ALLOWED`.
     #
     # *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.
     #
@@ -117,7 +117,7 @@ module StytchB2B
     # sso_jit_provisioning::
     #   The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are:
     #
-    #   `ALL_ALLOWED` – new Members will be automatically provisioned upon successful authentication via any of the Organization's `sso_active_connections`.
+    #   `ALL_ALLOWED` – the default setting, new Members will be automatically provisioned upon successful authentication via any of the Organization's `sso_active_connections`.
     #
     #   `RESTRICTED` – only new Members with SSO logins that comply with `sso_jit_provisioning_allowed_connections` can be provisioned upon authentication.
     #
@@ -135,7 +135,7 @@ module StytchB2B
     #
     #   `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth.
     #
-    #   `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth.
+    #   `NOT_ALLOWED` – the default setting, disables JIT provisioning via Email Magic Link and OAuth.
     #
     #   The type of this field is nilable +String+.
     # email_invites::
@@ -193,7 +193,7 @@ module StytchB2B
     #
     #   `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant.
     #
-    #   `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant.
+    #   `NOT_ALLOWED` – the default setting, disables JIT provisioning by OAuth Tenant.
     #
     #   The type of this field is nilable +String+.
     # allowed_oauth_tenants::
@@ -205,7 +205,7 @@ module StytchB2B
     # first_party_connected_apps_allowed_type::
     #   The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are:
     #
-    #   `ALL_ALLOWED` – any first party Connected App in the Project is permitted for use by Members.
+    #   `ALL_ALLOWED` – the default setting, any first party Connected App in the Project is permitted for use by Members.
     #
     #   `RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
     #
@@ -218,7 +218,7 @@ module StytchB2B
     # third_party_connected_apps_allowed_type::
     #   The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are:
     #
-    #   `ALL_ALLOWED` – any third party Connected App in the Project is permitted for use by Members.
+    #   `ALL_ALLOWED` – the default setting, any third party Connected App in the Project is permitted for use by Members.
     #
     #   `RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
     #
@@ -291,7 +291,7 @@ module StytchB2B
       post_request('/v1/b2b/organizations', request, headers)
     end
 
-    # Returns an specified by `organization_id`.
+    # Returns an Organization specified by `organization_id`.
     #
     # == Parameters:
     # organization_id::
@@ -318,7 +318,7 @@ module StytchB2B
       get_request(request, headers)
     end
 
-    # Updates an specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members.
+    # Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members.
     #
     # *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.
     #
@@ -354,7 +354,7 @@ module StytchB2B
     # sso_jit_provisioning::
     #   The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are:
     #
-    #   `ALL_ALLOWED` – new Members will be automatically provisioned upon successful authentication via any of the Organization's `sso_active_connections`.
+    #   `ALL_ALLOWED` – the default setting, new Members will be automatically provisioned upon successful authentication via any of the Organization's `sso_active_connections`.
     #
     #   `RESTRICTED` – only new Members with SSO logins that comply with `sso_jit_provisioning_allowed_connections` can be provisioned upon authentication.
     #
@@ -382,7 +382,7 @@ module StytchB2B
     #
     #   `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth.
     #
-    #   `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth.
+    #   `NOT_ALLOWED` – the default setting, disables JIT provisioning via Email Magic Link and OAuth.
     #
     #
     # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.email-jit-provisioning` action on the `stytch.organization` Resource.
@@ -456,7 +456,7 @@ module StytchB2B
     #
     #   `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant.
     #
-    #   `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant.
+    #   `NOT_ALLOWED` – the default setting, disables JIT provisioning by OAuth Tenant.
     #
     #
     # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.oauth-tenant-jit-provisioning` action on the `stytch.organization` Resource.
@@ -472,7 +472,7 @@ module StytchB2B
     # first_party_connected_apps_allowed_type::
     #   The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are:
     #
-    #   `ALL_ALLOWED` – any first party Connected App in the Project is permitted for use by Members.
+    #   `ALL_ALLOWED` – the default setting, any first party Connected App in the Project is permitted for use by Members.
     #
     #   `RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
     #
@@ -485,7 +485,7 @@ module StytchB2B
     # third_party_connected_apps_allowed_type::
     #   The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are:
     #
-    #   `ALL_ALLOWED` – any third party Connected App in the Project is permitted for use by Members.
+    #   `ALL_ALLOWED` – the default setting, any third party Connected App in the Project is permitted for use by Members.
     #
     #   `RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
     #
@@ -567,7 +567,7 @@ module StytchB2B
       put_request("/v1/b2b/organizations/#{organization_id}", request, headers)
     end
 
-    # Deletes an specified by `organization_id`. All Members of the Organization will also be deleted.
+    # Deletes an Organization specified by `organization_id`. All Members of the Organization will also be deleted.
     #
     # == Parameters:
     # organization_id::
@@ -886,6 +886,25 @@ module StytchB2B
         end
       end
 
+      class StartEmailUpdateRequestOptions
+        # Optional authorization object.
+        # Pass in an active Stytch Member session token or session JWT and the request
+        # will be run using that member's permissions.
+        attr_accessor :authorization
+
+        def initialize(
+          authorization: nil
+        )
+          @authorization = authorization
+        end
+
+        def to_headers
+          headers = {}
+          headers.merge!(@authorization.to_headers) if authorization
+          headers
+        end
+      end
+
       class GetConnectedAppsRequestOptions
         # Optional authorization object.
         # Pass in an active Stytch Member session token or session JWT and the request
@@ -934,7 +953,7 @@ module StytchB2B
         @connected_apps = StytchB2B::Organizations::Members::ConnectedApps.new(@connection)
       end
 
-      # Updates a specified by `organization_id` and `member_id`.
+      # Updates a Member specified by `organization_id` and `member_id`.
       #
       # == Parameters:
       # organization_id::
@@ -1067,7 +1086,7 @@ module StytchB2B
         put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", request, headers)
       end
 
-      # Deletes a specified by `organization_id` and `member_id`.
+      # Deletes a Member specified by `organization_id` and `member_id`.
       #
       # == Parameters:
       # organization_id::
@@ -1101,7 +1120,7 @@ module StytchB2B
         delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", headers)
       end
 
-      # Reactivates a deleted's status and its associated email status (if applicable) to active, specified by `organization_id` and `member_id`. This endpoint will only work for Members with at least one verified email where their `email_address_verified` is `true`.
+      # Reactivates a deleted Member's status and its associated email status (if applicable) to active, specified by `organization_id` and `member_id`. This endpoint will only work for Members with at least one verified email where their `email_address_verified` is `true`.
       #
       # == Parameters:
       # organization_id::
@@ -1143,7 +1162,7 @@ module StytchB2B
         put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/reactivate", request, headers)
       end
 
-      # Delete a's MFA phone number.
+      # Delete a Member's MFA phone number.
       #
       # To change a Member's phone number, you must first call this endpoint to delete the existing phone number.
       #
@@ -1290,7 +1309,9 @@ module StytchB2B
         post_request('/v1/b2b/organizations/members/search', request, headers)
       end
 
-      # Delete a's password.
+      # Delete a Member's password.
+      #
+      # This endpoint only works for Organization-scoped passwords. For cross-org password Projects, use [Require Password Reset By Email](https://stytch.com/docs/b2b/api/passwords-require-reset-by-email) instead.
       #
       # == Parameters:
       # organization_id::
@@ -1408,7 +1429,7 @@ module StytchB2B
         get_request(request, headers)
       end
 
-      # Unlinks a retired email address from a specified by their `organization_id` and `member_id`. The email address
+      # Unlinks a retired email address from a Member specified by their `organization_id` and `member_id`. The email address
       # to be retired can be identified in the request body by either its `email_id`, its `email_address`, or both. If using
       # both identifiers they must refer to the same email.
       #
@@ -1421,7 +1442,6 @@ module StytchB2B
       # A retired email address cannot be used by other Members in the same Organization. However, unlinking retired email
       # addresses allows them to be subsequently re-used by other Organization Members. Retired email addresses can be viewed
       # on the [Member object](https://stytch.com/docs/b2b/api/member-object).
-      #  %}
       #
       # == Parameters:
       # organization_id::
@@ -1476,6 +1496,88 @@ module StytchB2B
         post_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/unlink_retired_email", request, headers)
       end
 
+      # Starts a self-serve email update for a Member specified by their `organization_id` and `member_id`.
+      # To perform a self-serve update, members must be active and have an active, verified email address.
+      #
+      # The new email address must meet the following requirements:
+      #
+      # - Must not be in use by another member (retired emails count as used until they are [unlinked](https://stytch.com/docs/b2b/api/unlink-retired-member-email))
+      # - Must not be updating for another member (i.e. two members cannot attempt to update to the same email at once)
+      #
+      # The member will receive an Email Magic Link that expires in 5 minutes. If they do not verify their new email address in that timeframe, the email
+      # will be freed up for other members to use.
+      #
+      # The Magic Link will redirect to your `login_redirect_url` (or the configured default if one isn't provided), and you should invoke the [Authenticate Magic Link](https://stytch.com/docs/b2b/api/authenticate-magic-link) endpoint as normal to complete the flow.
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug here as a convenience.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.
+      #   The type of this field is +String+.
+      # email_address::
+      #   The new email address for the Member.
+      #   The type of this field is +String+.
+      # login_redirect_url::
+      #   The URL that the Member clicks from the login Email Magic Link. This URL should be an endpoint in the backend server that
+      #   verifies the request by querying Stytch's authenticate endpoint and finishes the login. If this value is not passed, the default login
+      #   redirect URL that you set in your Dashboard is used. If you have not set a default login redirect URL, an error is returned.
+      #   The type of this field is nilable +String+.
+      # locale::
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #
+      # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
+      #
+      # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
+      #
+      #   The type of this field is nilable +StartEmailUpdateRequestLocale+ (string enum).
+      # login_template_id::
+      #   Use a custom template for login emails. By default, it will use your default email template. The template must be from Stytch's
+      # built-in customizations or a custom HTML email for Magic Links - Login.
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member.
+      #   The type of this field is +String+.
+      # member::
+      #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+      #   The type of this field is +Member+ (+object+).
+      # organization::
+      #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+      #   The type of this field is +Organization+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      #
+      # == Method Options:
+      # This method supports an optional +StytchB2B::Organizations::Members::StartEmailUpdateRequestOptions+ object which will modify the headers sent in the HTTP request.
+      def start_email_update(
+        organization_id:,
+        member_id:,
+        email_address:,
+        login_redirect_url: nil,
+        locale: nil,
+        login_template_id: nil,
+        method_options: nil
+      )
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
+        request = {
+          email_address: email_address
+        }
+        request[:login_redirect_url] = login_redirect_url unless login_redirect_url.nil?
+        request[:locale] = locale unless locale.nil?
+        request[:login_template_id] = login_template_id unless login_template_id.nil?
+
+        post_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/start_email_update", request, headers)
+      end
+
       # Member Get Connected Apps retrieves a list of Connected Apps with which the Member has successfully completed an
       # authorization flow.
       # If the Member revokes a Connected App's access (e.g. via the Revoke Connected App endpoint) then the Connected App will
@@ -1516,7 +1618,7 @@ module StytchB2B
         get_request(request, headers)
       end
 
-      # Creates a. An `organization_id` and `email_address` are required.
+      # Creates a Member. An `organization_id` and `email_address` are required.
       #
       # == Parameters:
       # organization_id::

data/lib/stytch/b2b_otp.rb

@@ -27,7 +27,7 @@ module StytchB2B
         @connection = connection
       end
 
-      # Send a One-Time Passcode (OTP) to a's phone number.
+      # Send a One-Time Passcode (OTP) to a Member's phone number.
       #
       # If the Member already has a phone number, the `mfa_phone_number` field is not needed; the endpoint will send an OTP to the number associated with the Member.
       # If the Member does not have a phone number, the endpoint will send an OTP to the `mfa_phone_number` provided and link the `mfa_phone_number` with the Member.
@@ -38,14 +38,16 @@ module StytchB2B
       #
       # If a Member has a phone number and is enrolled in MFA, then after a successful primary authentication event (e.g. [email magic link](https://stytch.com/docs/b2b/api/authenticate-magic-link) or [SSO](https://stytch.com/docs/b2b/api/sso-authenticate) login is complete), an SMS OTP will automatically be sent to their phone number. In that case, this endpoint should only be used for subsequent authentication events, such as prompting a Member for an OTP again after a period of inactivity.
       #
-      # Passing an intermediate session token, session token, or session JWT is not required, but if passed must match the Member ID passed.
+      # If the Member already has an active MFA factor, then passing an intermediate session token, session token, or session JWT with the existing MFA factor on it is required to prevent bypassing MFA.
+      #
+      # Otherwise, passing an intermediate session token, session token, or session JWT is not required, but if passed must match the `member_id` passed.
       #
       # ### Cost to send SMS OTP
       # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview).
       #
       # Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries).
       #
-      # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
+      # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please add those countries to your Project's allowlist via the [Dashboard](https://stytch.com/dashboard/country-code-allowlists) or [Programmatic Workspace Actions](https://stytch.com/docs/workspace-management/pwa/set-allowed-country-codes), and [add credit card details](https://stytch.com/dashboard/settings/billing) to your account.
       #
       # == Parameters:
       # organization_id::
@@ -128,7 +130,7 @@ module StytchB2B
       # such as [email magic link authenticate](https://stytch.com/docs/b2b/api/authenticate-magic-link),
       # or upon successful calls to discovery authenticate methods, such as [email magic link discovery authenticate](https://stytch.com/docs/b2b/api/authenticate-discovery-magic-link).
       #
-      # If the's MFA policy is `REQUIRED_FOR_ALL`, a successful OTP authentication will change the's `mfa_enrolled` status to `true` if it is not already `true`.
+      # If the Organization's MFA policy is `REQUIRED_FOR_ALL`, a successful OTP authentication will change the Member's `mfa_enrolled` status to `true` if it is not already `true`.
       # If the Organization's MFA policy is `OPTIONAL`, the Member's MFA enrollment can be toggled by passing in a value for the `set_mfa_enrollment` field.
       # The Member's MFA enrollment can also be toggled through the [Update Member](https://stytch.com/docs/b2b/api/update-member) endpoint.
       #
@@ -324,11 +326,11 @@ module StytchB2B
         post_request('/v1/b2b/otps/email/login_or_signup', request, headers)
       end
 
-      # Authenticate a with a one-time passcode (OTP). This endpoint requires an OTP that is not expired or previously used.
+      # Authenticate a Member with a one-time passcode (OTP). This endpoint requires an OTP that is not expired or previously used.
       # OTPs have a default expiry of 10 minutes. If the Member’s status is `pending` or `invited`, they will be updated to `active`.
       # Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration.
       #
-      # If the Member is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+      # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
       # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
       # or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA step and acquire a full member session.
       # The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one.

data/lib/stytch/b2b_passwords.rb

@@ -231,7 +231,7 @@ module StytchB2B
     #
     # If you have breach detection during authentication enabled in your [password strength policy](https://stytch.com/docs/b2b/guides/passwords/strength-policies) and the member's credentials have appeared in the HaveIBeenPwned dataset, this endpoint will return a `member_reset_password` error even if the member enters a correct password. We force a password reset in this case to ensure that the member is the legitimate owner of the email address and not a malicious actor abusing the compromised credentials.
     #
-    # If the is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+    # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
     # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
     # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
     #
@@ -272,7 +272,7 @@ module StytchB2B
     #   Total custom claims size cannot exceed four kilobytes.
     #   The type of this field is nilable +object+.
     # locale::
-    #   If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+    #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
     #
     # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
     #
@@ -471,7 +471,7 @@ module StytchB2B
         post_request('/v1/b2b/passwords/email/reset/start', request, headers)
       end
 
-      # Reset the's password and authenticate them. This endpoint checks that the password reset token is valid, hasn’t expired, or already been used.
+      # Reset the Member's password and authenticate them. This endpoint checks that the password reset token is valid, hasn’t expired, or already been used.
       #
       # The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated.
       #
@@ -522,7 +522,7 @@ module StytchB2B
       #   Total custom claims size cannot exceed four kilobytes.
       #   The type of this field is nilable +object+.
       # locale::
-      #   If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+      #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
       #
       # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
@@ -608,6 +608,8 @@ module StytchB2B
 
       # Require a password be reset by the associated email address. This endpoint is only functional for cross-org password use cases.
       #
+      # If there are is only one active Member using the associated email address in the Project, the password will be deleted.
+      #
       # == Parameters:
       # email_address::
       #   The email address of the Member to start the email reset process for.
@@ -621,6 +623,9 @@ module StytchB2B
       #
       # == Returns:
       # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
       # status_code::
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
@@ -661,7 +666,7 @@ module StytchB2B
         @connection = connection
       end
 
-      # Reset the's password using their existing session. The endpoint will error if the session does not contain an authentication factor that has been issued within the last 5 minutes. Either `session_token` or `session_jwt` should be provided.
+      # Reset the Member's password using their existing session. The endpoint will error if the session does not contain an authentication factor that has been issued within the last 5 minutes. Either `session_token` or `session_jwt` should be provided.
       #
       # Note that a successful password reset via an existing session will revoke all active sessions for the `member_id`, except for the one used during the reset flow.
       #
@@ -771,7 +776,7 @@ module StytchB2B
         @connection = connection
       end
 
-      # Reset the’s password using their existing password.
+      # Reset the member’s password using their existing password.
       #
       # This endpoint adapts to your Project's password strength configuration.
       # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid
@@ -825,7 +830,7 @@ module StytchB2B
       #   Total custom claims size cannot exceed four kilobytes.
       #   The type of this field is nilable +object+.
       # locale::
-      #   If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+      #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
       #
       # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #

data/lib/stytch/b2b_rbac.rb

@@ -20,7 +20,7 @@ module StytchB2B
     #
     # When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating the need for an extra request to Stytch. The policy will be refreshed if an authorization check is requested and the RBAC policy was last updated more than 5 minutes ago.
     #
-    # Resources and Roles can be created and managed within the [RBAC page](https://stytch.com/docs/dashboard/rbac) in the Dashboard.
+    # Resources and Roles can be created and managed within the [RBAC page](https://stytch.com/dashboard/rbac) in the Dashboard.
     # Additionally, [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically managed through certain Stytch API endpoints.
     #
     # Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model.
@@ -36,7 +36,7 @@ module StytchB2B
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
     # policy::
-    #   The RBAC Policy document that contains all defined Roles and Resources – which are managed in the [Dashboard](https://stytch.com/docs/dashboard/rbac). Read more about these entities and how they work in our [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview).
+    #   The RBAC Policy document that contains all defined Roles and Resources – which are managed in the [Dashboard](https://stytch.com/dashboard/rbac). Read more about these entities and how they work in our [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview).
     #   The type of this field is nilable +Policy+ (+object+).
     def policy
       headers = {}

data/lib/stytch/b2b_recovery_codes.rb

@@ -16,7 +16,7 @@ module StytchB2B
       @connection = connection
     end
 
-    # Allows a to complete an MFA flow by consuming a recovery code. This consumes the recovery code and returns a session token that can be used to authenticate the Member.
+    # Allows a Member to complete an MFA flow by consuming a recovery code. This consumes the recovery code and returns a session token that can be used to authenticate the Member.
     #
     # == Parameters:
     # organization_id::
@@ -110,7 +110,7 @@ module StytchB2B
       post_request('/v1/b2b/recovery_codes/recover', request, headers)
     end
 
-    # Returns a's full set of active recovery codes.
+    # Returns a Member's full set of active recovery codes.
     #
     # == Parameters:
     # organization_id::
@@ -150,7 +150,7 @@ module StytchB2B
       get_request(request, headers)
     end
 
-    # Rotate a's recovery codes. This invalidates all existing recovery codes and generates a new set of recovery codes.
+    # Rotate a Member's recovery codes. This invalidates all existing recovery codes and generates a new set of recovery codes.
     #
     # == Parameters:
     # organization_id::

data/lib/stytch/b2b_sessions.rb

@@ -91,7 +91,7 @@ module StytchB2B
     #
     # You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid. See our [How to use Stytch Session JWTs](https://stytch.com/docs/b2b/guides/sessions/resources/using-jwts) guide for more information.
     #
-    # If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified. A is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
+    # If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
     # In addition, the `organization_id` passed in the authorization check must match the Member's Organization.
     #
     # If the Member is not authorized to perform the specified action on the specified Resource, or if the
@@ -164,7 +164,7 @@ module StytchB2B
     #   The type of this field is +Integer+.
     # verdict::
     #   If an `authorization_check` is provided in the request and the check succeeds, this field will return
-    #   the complete list of Roles that gave the Member permission to perform the specified action on the specified Resource.
+    #   information about why the Member was granted permission.
     #   The type of this field is nilable +AuthorizationVerdict+ (+object+).
     def authenticate(
       session_token: nil,
@@ -229,9 +229,9 @@ module StytchB2B
       post_request('/v1/b2b/sessions/revoke', request, headers)
     end
 
-    # Use this endpoint to exchange a's existing session for another session in a different. This can be used to accept an invite, but not to create a new member via domain matching.
+    # Use this endpoint to exchange a Member's existing session for another session in a different Organization. This can be used to accept an invite, but not to create a new member via domain matching.
     #
-    # To create a new member via email domain, use the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) flow instead.
+    # To create a new member via email domain JIT Provisioning, use the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) flow instead.
     #
     # If the user **has** already satisfied the authentication requirements of the Organization they are trying to switch into, this API will return `member_authenticated: true` and a `session_token` and `session_jwt`.
     #
@@ -275,7 +275,7 @@ module StytchB2B
     #   Total custom claims size cannot exceed four kilobytes.
     #   The type of this field is nilable +object+.
     # locale::
-    #   If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+    #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
     #
     # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
     #
@@ -417,7 +417,7 @@ module StytchB2B
       post_request('/v1/b2b/sessions/exchange_access_token', request, headers)
     end
 
-    # Exchange an auth token issued by a trusted identity provider for a Stytch session. You must first register a Trusted Auth Token profile in the Stytch dashboard [here](https://stytch.com/docs/dashboard/trusted-auth-tokens).  If a session token or session JWT is provided, it will add the trusted auth token as an authentication factor to the existing session.
+    # Exchange an auth token issued by a trusted identity provider for a Stytch session. You must first register a Trusted Auth Token profile in the Stytch dashboard [here](https://stytch.com/dashboard/trusted-auth-tokens).  If a session token or session JWT is provided, it will add the trusted auth token as an authentication factor to the existing session.
     #
     # == Parameters:
     # organization_id::
@@ -504,8 +504,8 @@ module StytchB2B
     end
 
     # Migrate a session from an external OIDC compliant endpoint.
-    # Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](https://stytch.com/docs/dashboard), and then perform a lookup using the `session_token`. <!-- FIXME more specific dashboard link-->
-    # If the response contains a valid email address, Stytch will attempt to match that email address with an existing in your and create a Stytch Session.
+    # Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](https://stytch.com/dashboard/migrations), and then perform a lookup using the `session_token`.
+    # If the response contains a valid email address, Stytch will attempt to match that email address with an existing Member in your Organization and create a Stytch Session.
     # You will need to create the member before using this endpoint.
     #
     # == Parameters:

data/lib/stytch/b2b_sso.rb

@@ -137,7 +137,7 @@ module StytchB2B
     # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration.
     # To link this authentication event to an existing Stytch session, include either the `session_token` or `session_jwt` param.
     #
-    # If the is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+    # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
     # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
     # or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA step and acquire a full member session.
     # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
@@ -176,7 +176,7 @@ module StytchB2B
     #   Total custom claims size cannot exceed four kilobytes.
     #   The type of this field is nilable +object+.
     # locale::
-    #   If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+    #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
     #
     # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
     #

data/lib/stytch/b2b_totps.rb

@@ -16,9 +16,11 @@ module StytchB2B
       @connection = connection
     end
 
-    # Create a new TOTP instance for a. The Member can use the authenticator application of their choice to scan the QR code or enter the secret.
+    # Create a new TOTP instance for a Member. The Member can use the authenticator application of their choice to scan the QR code or enter the secret.
     #
-    # Passing an intermediate session token, session token, or session JWT is not required, but if passed must match the Member ID passed.
+    # If the Member already has an active MFA factor, then passing an intermediate session token, session token, or session JWT with the existing MFA factor on it is required to prevent bypassing MFA.
+    #
+    # Otherwise, passing an intermediate session token, session token, or session JWT is not required, but if passed must match the `member_id` passed.
     #
     # == Parameters:
     # organization_id::
@@ -196,7 +198,7 @@ module StytchB2B
       post_request('/v1/b2b/totp/authenticate', request, headers)
     end
 
-    # Migrate an existing TOTP instance for a. Recovery codes are not required and will be minted for the Member if not provided.
+    # Migrate an existing TOTP instance for a Member. Recovery codes are not required and will be minted for the Member if not provided.
     #
     # == Parameters:
     # organization_id::