stytch 10.27.0 → 10.29.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 49aa54d3b047309a521fa267920e138f8eb27e8c299f5228c4c8bc565f821ce6
-  data.tar.gz: 716a18a6bcdc9ce4288287678e204d47ae90a89a7f432e43234afa2744419e04
+  metadata.gz: 9837d4362966d389505ea7b235379cb635e2dc5eda22537dac31e8ec0f6e1bcd
+  data.tar.gz: 72ba0b2c7af66364d677ed6ae70ed3278a0375e40e6a4f00dbbe912d31407cdf
 SHA512:
-  metadata.gz: 07cfbe4bbf895019aefd6be0d2fef3376caa5cb84fadd5c1af9c26d7d2e2ffd5399e5d9d3e2704cce5af85dc3eff494ad2ff648b1783434c933223c9408eafff
-  data.tar.gz: 55b223a9d0deabcc07810029395f1bd117c7df2b55db9b3e814e0dc8ce68e48737b2855b65888bb0f4039b14b90849acba473f3ab3961da61272e85198542c74
+  metadata.gz: 3e359e41dc088a10f7174b2f72df1c3f552a82e92df50b5dd5c7b7e6cb7f6e053e3fc6a3b42f518ca66bd663d930957ece13c53b3a3ff4ddbaef788edad5ce5b
+  data.tar.gz: ea6fb4ed455954c907ed1d8d34cdb09057de8485037b3474b16ecdab6edfc50241737805a879a22d15c6ecbe9d63ad69532483e88605b1b58d378d0d8f201ad2

data/lib/stytch/b2b_client.rb

@@ -30,7 +30,7 @@ module StytchB2B
   class Client
     ENVIRONMENTS = %i[live test].freeze
 
-    attr_reader :connected_app, :discovery, :fraud, :impersonation, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :project, :rbac, :recovery_codes, :scim, :sso, :sessions, :totps, :idp
+    attr_reader :connected_app, :discovery, :fraud, :idp, :impersonation, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :project, :rbac, :recovery_codes, :scim, :sso, :sessions, :totps
 
     def initialize(project_id:, secret:, env: nil, fraud_env: nil, &block)
       @api_host = api_host(env, project_id)
@@ -43,11 +43,11 @@ module StytchB2B
 
       rbac = StytchB2B::RBAC.new(@connection)
       @policy_cache = Stytch::PolicyCache.new(rbac_client: rbac)
-      @idp = StytchB2B::IDP.new(@connection, @project_id, @policy_cache)
 
       @connected_app = Stytch::ConnectedApp.new(@connection)
       @discovery = StytchB2B::Discovery.new(@connection)
       @fraud = Stytch::Fraud.new(@fraud_connection)
+      @idp = StytchB2B::IDP.new(@connection, @project_id, @policy_cache)
       @impersonation = StytchB2B::Impersonation.new(@connection)
       @m2m = Stytch::M2M.new(@connection, @project_id, @is_b2b_client)
       @magic_links = StytchB2B::MagicLinks.new(@connection)

data/lib/stytch/b2b_discovery.rb

@@ -78,6 +78,9 @@ module StytchB2B
       # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
       #
       #   The type of this field is nilable +ExchangeRequestLocale+ (string enum).
+      # telemetry_id::
+      #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the Member. Your workspace must be enabled for Device Fingerprinting to use this feature.
+      #   The type of this field is nilable +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -117,12 +120,16 @@ module StytchB2B
       # primary_required::
       #   Information about the primary authentication requirements of the Organization.
       #   The type of this field is nilable +PrimaryRequired+ (+object+).
+      # member_device::
+      #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `member_device` response field will contain information about the member's device attributes.
+      #   The type of this field is nilable +DeviceInfo+ (+object+).
       def exchange(
         intermediate_session_token:,
         organization_id:,
         session_duration_minutes: nil,
         session_custom_claims: nil,
-        locale: nil
+        locale: nil,
+        telemetry_id: nil
       )
         headers = {}
         request = {
@@ -132,6 +139,7 @@ module StytchB2B
         request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
         request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
         request[:locale] = locale unless locale.nil?
+        request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
         post_request('/v1/b2b/discovery/intermediate_sessions/exchange', request, headers)
       end
@@ -305,6 +313,9 @@ module StytchB2B
       # allowed_third_party_connected_apps::
       #   An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization's `third_party_connected_apps_allowed_type` is `RESTRICTED`.
       #   The type of this field is nilable list of +String+.
+      # telemetry_id::
+      #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the Member. Your workspace must be enabled for Device Fingerprinting to use this feature.
+      #   The type of this field is nilable +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -344,6 +355,9 @@ module StytchB2B
       # primary_required::
       #   Information about the primary authentication requirements of the Organization.
       #   The type of this field is nilable +PrimaryRequired+ (+object+).
+      # member_device::
+      #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `member_device` response field will contain information about the member's device attributes.
+      #   The type of this field is nilable +DeviceInfo+ (+object+).
       def create(
         intermediate_session_token:,
         session_duration_minutes: nil,
@@ -367,7 +381,8 @@ module StytchB2B
         first_party_connected_apps_allowed_type: nil,
         allowed_first_party_connected_apps: nil,
         third_party_connected_apps_allowed_type: nil,
-        allowed_third_party_connected_apps: nil
+        allowed_third_party_connected_apps: nil,
+        telemetry_id: nil
       )
         headers = {}
         request = {
@@ -395,6 +410,7 @@ module StytchB2B
         request[:allowed_first_party_connected_apps] = allowed_first_party_connected_apps unless allowed_first_party_connected_apps.nil?
         request[:third_party_connected_apps_allowed_type] = third_party_connected_apps_allowed_type unless third_party_connected_apps_allowed_type.nil?
         request[:allowed_third_party_connected_apps] = allowed_third_party_connected_apps unless allowed_third_party_connected_apps.nil?
+        request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
         post_request('/v1/b2b/discovery/organizations/create', request, headers)
       end

data/lib/stytch/b2b_idp.rb

@@ -1,37 +1,46 @@
 # frozen_string_literal: true
 
+# !!!
+# WARNING: This file is autogenerated
+# Only modify code within MANUAL() sections
+# or your changes may be overwritten later!
+# !!!
+
 require 'jwt'
 require 'json/jwt'
 require_relative 'errors'
 require_relative 'request_helper'
-require_relative 'rbac_local'
 
 module StytchB2B
   class IDP
     include Stytch::RequestHelper
+    attr_reader :oauth
 
     def initialize(connection, project_id, policy_cache)
       @connection = connection
-      @project_id = project_id
+
+      @oauth = StytchB2B::IDP::OAuth.new(@connection)
       @policy_cache = policy_cache
-      @non_custom_claim_keys = [
-        'aud',
-        'exp',
-        'iat',
-        'iss',
-        'jti',
-        'nbf',
-        'sub',
-        'active',
-        'client_id',
-        'request_id',
-        'scope',
-        'status_code',
-        'token_type',
-        'https://stytch.com/organization'
-      ]
+      @project_id = project_id
+      @cache_last_update = 0
+      @jwks_loader = lambda do |options|
+        @cached_keys = nil if options[:invalidate] && @cache_last_update < Time.now.to_i - 300
+        @cached_keys ||= begin
+          @cache_last_update = Time.now.to_i
+          keys = []
+          get_jwks(project_id: @project_id)['keys'].each do |r|
+            keys << r
+          end
+          { keys: keys }
+        end
+      end
     end
 
+    # MANUAL(IDP::introspect_token_network)(SERVICE_METHOD)
+    # ADDIMPORT: require 'jwt'
+    # ADDIMPORT: require 'json/jwt'
+    # ADDIMPORT: require_relative 'errors'
+
     # Introspects a token JWT from an authorization code response.
     # Access tokens are JWTs signed with the project's JWKs. Refresh tokens are opaque tokens.
     # Access tokens contain a standard set of claims as well as any custom claims generated from templates.
@@ -105,7 +114,7 @@ module StytchB2B
 
       return nil unless jwt_response['active']
 
-      custom_claims = jwt_response.reject { |k, _| @non_custom_claim_keys.include?(k) }
+      custom_claims = jwt_response.reject { |k, _| non_custom_claim_keys.include?(k) }
       organization_claim = jwt_response['https://stytch.com/organization']
       organization_id = organization_claim['organization_id']
       scope = jwt_response['scope']
@@ -183,17 +192,6 @@ module StytchB2B
       scope_claim = 'scope'
       organization_claim = 'https://stytch.com/organization'
 
-      # Create a JWKS loader similar to other classes in the codebase
-      @cache_last_update = 0
-      jwks_loader = lambda do |options|
-        @cached_keys = nil if options[:invalidate] && @cache_last_update < Time.now.to_i - 300
-        if @cached_keys.nil?
-          @cached_keys = get_jwks(project_id: @project_id)
-          @cache_last_update = Time.now.to_i
-        end
-        @cached_keys
-      end
-
       begin
         decoded_jwt = JWT.decode(
           access_token,
@@ -201,14 +199,14 @@ module StytchB2B
           true,
           {
             algorithms: ['RS256'],
-            jwks: jwks_loader,
+            jwks: @jwks_loader,
             iss: ["stytch.com/#{@project_id}", @connection.url_prefix],
             aud: @project_id
           }
         )[0]
 
         generic_claims = decoded_jwt
-        custom_claims = generic_claims.reject { |k, _| @non_custom_claim_keys.include?(k) }
+        custom_claims = generic_claims.reject { |k, _| non_custom_claim_keys.include?(k) }
         organization_claim_data = generic_claims[organization_claim]
         organization_id = organization_claim_data['organization_id']
         scope = generic_claims[scope_claim]
@@ -246,6 +244,27 @@ module StytchB2B
       end
     end
 
+    private
+
+    def non_custom_claim_keys
+      [
+        'aud',
+        'exp',
+        'iat',
+        'iss',
+        'jti',
+        'nbf',
+        'sub',
+        'active',
+        'client_id',
+        'request_id',
+        'scope',
+        'status_code',
+        'token_type',
+        'https://stytch.com/organization'
+      ]
+    end
+
     # Gets the JWKS for the project.
     #
     # == Parameters:
@@ -262,5 +281,226 @@ module StytchB2B
       request = request_with_query_params("/v1/b2b/sessions/jwks/#{project_id}", query_params)
       get_request(request, headers)
     end
+
+    # ENDMANUAL(IDP::introspect_token_network)
+
+    class OAuth
+      include Stytch::RequestHelper
+
+      def initialize(connection)
+        @connection = connection
+      end
+
+      # Initiates a request for authorization of a Connected App to access a Member's account.
+      #
+      # Call this endpoint using the query parameters from an OAuth Authorization request.
+      # This endpoint validates various fields (`scope`, `client_id`, `redirect_uri`, `prompt`, etc...) are correct and returns
+      # relevant information for rendering an OAuth Consent Screen.
+      #
+      # This endpoint returns:
+      # - A public representation of the Connected App requesting authorization
+      # - Whether _explicit_ consent must be granted before proceeding with the authorization
+      # - A list of scopes the Member has the ability to grant the Connected App
+      #
+      # Use this response to prompt the Member for consent (if necessary) before calling the [Submit OAuth Authorization](https://stytch.com/docs/b2b/api/connected-apps-oauth-authorize) endpoint.
+      #
+      # Exactly one of the following must be provided to identify the Member granting authorization:
+      # - `organization_id` + `member_id`
+      # - `session_token`
+      # - `session_jwt`
+      #
+      # If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the Member's session for tracking purposes.
+      # One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/b2b/api/connected-app-access-token-exchange) flow.
+      #
+      # == Parameters:
+      # client_id::
+      #   The ID of the Connected App client.
+      #   The type of this field is +String+.
+      # redirect_uri::
+      #   The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow.  This field is required when using the `authorization_code` grant.
+      #   The type of this field is +String+.
+      # response_type::
+      #   The OAuth 2.0 response type. For authorization code flows this value is `code`.
+      #   The type of this field is +String+.
+      # scopes::
+      #   An array of scopes requested by the client.
+      #   The type of this field is list of +String+.
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.
+      #   The type of this field is nilable +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.
+      #   The type of this field is nilable +String+.
+      # session_token::
+      #   A secret token for a given Stytch Session.
+      #   The type of this field is nilable +String+.
+      # session_jwt::
+      #   The JSON Web Token (JWT) for a given Stytch Session.
+      #   The type of this field is nilable +String+.
+      # prompt::
+      #   Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only `consent` is supported today.
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member.
+      #   The type of this field is +String+.
+      # member::
+      #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+      #   The type of this field is +Member+ (+object+).
+      # organization::
+      #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+      #   The type of this field is +Organization+ (+object+).
+      # client::
+      #   (no documentation yet)
+      #   The type of this field is +ConnectedAppPublic+ (+object+).
+      # consent_required::
+      #   Whether the user must provide explicit consent for the authorization request.
+      #   The type of this field is +Boolean+.
+      # scope_results::
+      #   Details about each requested scope.
+      #   The type of this field is list of +ScopeResult+ (+object+).
+      # status_code::
+      #   (no documentation yet)
+      #   The type of this field is +Integer+.
+      def authorize_start(
+        client_id:,
+        redirect_uri:,
+        response_type:,
+        scopes:,
+        organization_id: nil,
+        member_id: nil,
+        session_token: nil,
+        session_jwt: nil,
+        prompt: nil
+      )
+        headers = {}
+        request = {
+          client_id: client_id,
+          redirect_uri: redirect_uri,
+          response_type: response_type,
+          scopes: scopes
+        }
+        request[:organization_id] = organization_id unless organization_id.nil?
+        request[:member_id] = member_id unless member_id.nil?
+        request[:session_token] = session_token unless session_token.nil?
+        request[:session_jwt] = session_jwt unless session_jwt.nil?
+        request[:prompt] = prompt unless prompt.nil?
+
+        post_request('/v1/b2b/idp/oauth/authorize/start', request, headers)
+      end
+
+      # Completes a request for authorization of a Connected App to access a Member's account.
+      #
+      # Call this endpoint using the query parameters from an OAuth Authorization request, after previously validating those parameters using the
+      # [Preflight Check](https://stytch.com/docs/b2b/api/connected-apps-oauth-authorize-start) API.
+      # Note that this endpoint takes in a few additional parameters the preflight check does not- `state`, `nonce`, and `code_challenge`.
+      #
+      # If the authorization was successful, the `redirect_uri` will contain a valid `authorization_code` embedded as a query parameter.
+      # If the authorization was unsuccessful, the `redirect_uri` will contain an OAuth2.1 `error_code`.
+      # In both cases, redirect the Member to the location for the response to be consumed by the Connected App.
+      #
+      # Exactly one of the following must be provided to identify the Member granting authorization:
+      # - `organization_id` + `member_id`
+      # - `session_token`
+      # - `session_jwt`
+      #
+      # If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the Member's session for tracking purposes.
+      # One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/b2b/api/connected-app-access-token-exchange) flow.
+      #
+      # == Parameters:
+      # consent_granted::
+      #   Indicates whether the user granted the requested scopes.
+      #   The type of this field is +Boolean+.
+      # scopes::
+      #   An array of scopes requested by the client.
+      #   The type of this field is list of +String+.
+      # client_id::
+      #   The ID of the Connected App client.
+      #   The type of this field is +String+.
+      # redirect_uri::
+      #   The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow.  This field is required when using the `authorization_code` grant.
+      #   The type of this field is +String+.
+      # response_type::
+      #   The OAuth 2.0 response type. For authorization code flows this value is `code`.
+      #   The type of this field is +String+.
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.
+      #   The type of this field is nilable +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.
+      #   The type of this field is nilable +String+.
+      # session_token::
+      #   A secret token for a given Stytch Session.
+      #   The type of this field is nilable +String+.
+      # session_jwt::
+      #   The JSON Web Token (JWT) for a given Stytch Session.
+      #   The type of this field is nilable +String+.
+      # prompt::
+      #   Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only `consent` is supported today.
+      #   The type of this field is nilable +String+.
+      # state::
+      #   An opaque value used to maintain state between the request and callback.
+      #   The type of this field is nilable +String+.
+      # nonce::
+      #   A string used to associate a client session with an ID token to mitigate replay attacks.
+      #   The type of this field is nilable +String+.
+      # code_challenge::
+      #   A base64url encoded challenge derived from the code verifier for PKCE flows.
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # redirect_uri::
+      #   The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow.  This field is required when using the `authorization_code` grant.
+      #   The type of this field is +String+.
+      # status_code::
+      #   (no documentation yet)
+      #   The type of this field is +Integer+.
+      # authorization_code::
+      #   A one-time use code that can be exchanged for tokens.
+      #   The type of this field is nilable +String+.
+      def authorize(
+        consent_granted:,
+        scopes:,
+        client_id:,
+        redirect_uri:,
+        response_type:,
+        organization_id: nil,
+        member_id: nil,
+        session_token: nil,
+        session_jwt: nil,
+        prompt: nil,
+        state: nil,
+        nonce: nil,
+        code_challenge: nil
+      )
+        headers = {}
+        request = {
+          consent_granted: consent_granted,
+          scopes: scopes,
+          client_id: client_id,
+          redirect_uri: redirect_uri,
+          response_type: response_type
+        }
+        request[:organization_id] = organization_id unless organization_id.nil?
+        request[:member_id] = member_id unless member_id.nil?
+        request[:session_token] = session_token unless session_token.nil?
+        request[:session_jwt] = session_jwt unless session_jwt.nil?
+        request[:prompt] = prompt unless prompt.nil?
+        request[:state] = state unless state.nil?
+        request[:nonce] = nonce unless nonce.nil?
+        request[:code_challenge] = code_challenge unless code_challenge.nil?
+
+        post_request('/v1/b2b/idp/oauth/authorize', request, headers)
+      end
+    end
   end
 end

data/lib/stytch/b2b_magic_links.rb

@@ -79,6 +79,9 @@ module StytchB2B
     # intermediate_session_token::
     #   Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned.
     #   The type of this field is nilable +String+.
+    # telemetry_id::
+    #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the Member. Your workspace must be enabled for Device Fingerprinting to use this feature.
+    #   The type of this field is nilable +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -127,6 +130,9 @@ module StytchB2B
     # primary_required::
     #   (no documentation yet)
     #   The type of this field is nilable +PrimaryRequired+ (+object+).
+    # member_device::
+    #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `member_device` response field will contain information about the member's device attributes.
+    #   The type of this field is nilable +DeviceInfo+ (+object+).
     def authenticate(
       magic_links_token:,
       pkce_code_verifier: nil,
@@ -135,7 +141,8 @@ module StytchB2B
       session_duration_minutes: nil,
       session_custom_claims: nil,
       locale: nil,
-      intermediate_session_token: nil
+      intermediate_session_token: nil,
+      telemetry_id: nil
     )
       headers = {}
       request = {
@@ -148,6 +155,7 @@ module StytchB2B
       request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
       request[:locale] = locale unless locale.nil?
       request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
+      request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
       post_request('/v1/b2b/magic_links/authenticate', request, headers)
     end

data/lib/stytch/b2b_oauth.rb

@@ -77,6 +77,9 @@ module StytchB2B
     # intermediate_session_token::
     #   Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned.
     #   The type of this field is nilable +String+.
+    # telemetry_id::
+    #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the Member. Your workspace must be enabled for Device Fingerprinting to use this feature.
+    #   The type of this field is nilable +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -133,6 +136,9 @@ module StytchB2B
     # primary_required::
     #   Information about the primary authentication requirements of the Organization.
     #   The type of this field is nilable +PrimaryRequired+ (+object+).
+    # member_device::
+    #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `member_device` response field will contain information about the member's device attributes.
+    #   The type of this field is nilable +DeviceInfo+ (+object+).
     def authenticate(
       oauth_token:,
       session_token: nil,
@@ -141,7 +147,8 @@ module StytchB2B
       session_custom_claims: nil,
       pkce_code_verifier: nil,
       locale: nil,
-      intermediate_session_token: nil
+      intermediate_session_token: nil,
+      telemetry_id: nil
     )
       headers = {}
       request = {
@@ -154,6 +161,7 @@ module StytchB2B
       request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil?
       request[:locale] = locale unless locale.nil?
       request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
+      request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
       post_request('/v1/b2b/oauth/authenticate', request, headers)
     end

data/lib/stytch/b2b_organizations.rb

@@ -607,7 +607,10 @@ module StytchB2B
       delete_request("/v1/b2b/organizations/#{organization_id}", headers)
     end
 
-    # Search for Organizations. If you send a request with no body params, no filtering will be applied and the endpoint will return all Organizations. All fuzzy search filters require a minimum of three characters.
+    #
+    # **Warning**: This endpoint is not recommended for use in login flows. Scaling issues may occur, as search performance may vary from ~150 milliseconds to 9 seconds depending on query complexity and rate limits are set to 100 requests/second.
+    #
+    # Search across your Organizations. Returns an array of Organization objects.
     #
     # == Parameters:
     # cursor::
@@ -1027,7 +1030,7 @@ module StytchB2B
       # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.default-mfa-method` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.default-mfa-method` action on the `stytch.self` Resource.
       #   The type of this field is nilable +String+.
       # email_address::
-      #   Updates the Member's `email_address`, if provided.
+      #   Updates the Member's `email_address`, if provided. This will clear any existing passwords and require re-verification of the new email address.
       #         If a Member's email address is changed, other Members in the same Organization cannot use the old email address, although the Member may update back to their old email address.
       #         A Member's email address can only be useable again by other Members if the Member is deleted.
       #
@@ -1262,9 +1265,12 @@ module StytchB2B
         delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/totp", headers)
       end
 
+      #
+      # **Warning**: This endpoint is not recommended for use in login flows. Scaling issues may occur, as search performance may vary from ~150 milliseconds to 9 seconds depending on query complexity and rate limits are set to 100 requests/second.
+      #
       # Search for Members within specified Organizations. An array with at least one `organization_id` is required. Submitting an empty `query` returns all non-deleted Members within the specified Organizations.
       #
-      # *All fuzzy search filters require a minimum of three characters.
+      # All fuzzy search filters require a minimum of three characters.
       #
       # == Parameters:
       # organization_ids::

data/lib/stytch/b2b_otp.rb

@@ -184,6 +184,9 @@ module StytchB2B
       # set_default_mfa::
       #   (no documentation yet)
       #   The type of this field is nilable +Boolean+.
+      # telemetry_id::
+      #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the Member. Your workspace must be enabled for Device Fingerprinting to use this feature.
+      #   The type of this field is nilable +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -211,6 +214,9 @@ module StytchB2B
       # member_session::
       #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
       #   The type of this field is nilable +MemberSession+ (+object+).
+      # member_device::
+      #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `member_device` response field will contain information about the member's device attributes.
+      #   The type of this field is nilable +DeviceInfo+ (+object+).
       def authenticate(
         organization_id:,
         member_id:,
@@ -221,7 +227,8 @@ module StytchB2B
         session_duration_minutes: nil,
         session_custom_claims: nil,
         set_mfa_enrollment: nil,
-        set_default_mfa: nil
+        set_default_mfa: nil,
+        telemetry_id: nil
       )
         headers = {}
         request = {
@@ -236,6 +243,7 @@ module StytchB2B
         request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
         request[:set_mfa_enrollment] = set_mfa_enrollment unless set_mfa_enrollment.nil?
         request[:set_default_mfa] = set_default_mfa unless set_default_mfa.nil?
+        request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
         post_request('/v1/b2b/otps/sms/authenticate', request, headers)
       end
@@ -383,6 +391,9 @@ module StytchB2B
       # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
       #
       #   The type of this field is nilable +AuthenticateRequestLocale+ (string enum).
+      # telemetry_id::
+      #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the Member. Your workspace must be enabled for Device Fingerprinting to use this feature.
+      #   The type of this field is nilable +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -428,6 +439,9 @@ module StytchB2B
       # primary_required::
       #   (no documentation yet)
       #   The type of this field is nilable +PrimaryRequired+ (+object+).
+      # member_device::
+      #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `member_device` response field will contain information about the member's device attributes.
+      #   The type of this field is nilable +DeviceInfo+ (+object+).
       def authenticate(
         organization_id:,
         email_address:,
@@ -437,7 +451,8 @@ module StytchB2B
         intermediate_session_token: nil,
         session_duration_minutes: nil,
         session_custom_claims: nil,
-        locale: nil
+        locale: nil,
+        telemetry_id: nil
       )
         headers = {}
         request = {
@@ -451,6 +466,7 @@ module StytchB2B
         request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
         request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
         request[:locale] = locale unless locale.nil?
+        request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
         post_request('/v1/b2b/otps/email/authenticate', request, headers)
       end