stytch 10.27.0 → 10.29.0

data/lib/stytch/idp.rb

@@ -1,36 +1,46 @@
 # frozen_string_literal: true
 
+# !!!
+# WARNING: This file is autogenerated
+# Only modify code within MANUAL() sections
+# or your changes may be overwritten later!
+# !!!
+
 require 'jwt'
 require 'json/jwt'
 require_relative 'errors'
 require_relative 'request_helper'
-require_relative 'rbac_local'
 
 module Stytch
   class IDP
     include Stytch::RequestHelper
+    attr_reader :oauth
 
     def initialize(connection, project_id, policy_cache)
       @connection = connection
-      @project_id = project_id
+
+      @oauth = Stytch::IDP::OAuth.new(@connection)
       @policy_cache = policy_cache
-      @non_custom_claim_keys = %w[
-        aud
-        exp
-        iat
-        iss
-        jti
-        nbf
-        sub
-        active
-        client_id
-        request_id
-        scope
-        status_code
-        token_type
-      ]
+      @project_id = project_id
+      @cache_last_update = 0
+      @jwks_loader = lambda do |options|
+        @cached_keys = nil if options[:invalidate] && @cache_last_update < Time.now.to_i - 300
+        @cached_keys ||= begin
+          @cache_last_update = Time.now.to_i
+          keys = []
+          get_jwks(project_id: @project_id)['keys'].each do |r|
+            keys << r
+          end
+          { keys: keys }
+        end
+      end
     end
 
+    # MANUAL(IDP::introspect_token_network)(SERVICE_METHOD)
+    # ADDIMPORT: require 'jwt'
+    # ADDIMPORT: require 'json/jwt'
+    # ADDIMPORT: require_relative 'errors'
+
     # Introspects a token JWT from an authorization code response.
     # Access tokens are JWTs signed with the project's JWKs. Refresh tokens are opaque tokens.
     # Access tokens contain a standard set of claims as well as any custom claims generated from templates.
@@ -102,7 +112,7 @@ module Stytch
       jwt_response = res
       return nil unless jwt_response['active']
 
-      custom_claims = res.reject { |k, _| @non_custom_claim_keys.include?(k) }
+      custom_claims = res.reject { |k, _| non_custom_claim_keys.include?(k) }
       scope = jwt_response['scope']
 
       if authorization_check
@@ -171,18 +181,6 @@ module Stytch
       authorization_check: nil
     )
       scope_claim = 'scope'
-
-      # Create a JWKS loader similar to other classes in the codebase
-      @cache_last_update = 0
-      jwks_loader = lambda do |options|
-        @cached_keys = nil if options[:invalidate] && @cache_last_update < Time.now.to_i - 300
-        if @cached_keys.nil?
-          @cached_keys = get_jwks(project_id: @project_id)
-          @cache_last_update = Time.now.to_i
-        end
-        @cached_keys
-      end
-
       begin
         decoded_jwt = JWT.decode(
           access_token,
@@ -190,14 +188,14 @@ module Stytch
           true,
           {
             algorithms: ['RS256'],
-            jwks: jwks_loader,
+            jwks: @jwks_loader,
             iss: ["stytch.com/#{@project_id}", @connection.url_prefix],
             aud: @project_id
           }
         )[0]
 
         generic_claims = decoded_jwt
-        custom_claims = generic_claims.reject { |k, _| @non_custom_claim_keys.include?(k) }
+        custom_claims = generic_claims.reject { |k, _| non_custom_claim_keys.include?(k) }
         scope = generic_claims[scope_claim]
 
         if authorization_check
@@ -231,6 +229,26 @@ module Stytch
       end
     end
 
+    private
+
+    def non_custom_claim_keys
+      %w[
+        aud
+        exp
+        iat
+        iss
+        jti
+        nbf
+        sub
+        active
+        client_id
+        request_id
+        scope
+        status_code
+        token_type
+      ]
+    end
+
     # Gets the JWKS for the project.
     #
     # == Parameters:
@@ -247,5 +265,213 @@ module Stytch
       request = request_with_query_params("/v1/sessions/jwks/#{project_id}", query_params)
       get_request(request, headers)
     end
+
+    # ENDMANUAL(IDP::introspect_token_network)
+
+    class OAuth
+      include Stytch::RequestHelper
+
+      def initialize(connection)
+        @connection = connection
+      end
+
+      # Initiates a request for authorization of a Connected App to access a User's account.
+      #
+      # Call this endpoint using the query parameters from an OAuth Authorization request.
+      # This endpoint validates various fields (`scope`, `client_id`, `redirect_uri`, `prompt`, etc...) are correct and returns
+      # relevant information for rendering an OAuth Consent Screen.
+      #
+      # This endpoint returns:
+      # - A public representation of the Connected App requesting authorization
+      # - Whether _explicit_ user consent must be granted before proceeding with the authorization
+      # - A list of scopes the user has the ability to grant the Connected App
+      #
+      # Use this response to prompt the user for consent (if necessary) before calling the [Submit OAuth Authorization](https://stytch.com/docs/api/connected-apps-oauth-authorize) endpoint.
+      #
+      # Exactly one of the following must be provided to identify the user granting authorization:
+      # - `user_id`
+      # - `session_token`
+      # - `session_jwt`
+      #
+      # If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the user's session for tracking purposes.
+      # One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/api/connected-app-access-token-exchange) flow.
+      #
+      # == Parameters:
+      # client_id::
+      #   The ID of the Connected App client.
+      #   The type of this field is +String+.
+      # redirect_uri::
+      #   The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow.  This field is required when using the `authorization_code` grant.
+      #   The type of this field is +String+.
+      # response_type::
+      #   The OAuth 2.0 response type. For authorization code flows this value is `code`.
+      #   The type of this field is +String+.
+      # scopes::
+      #   An array of scopes requested by the client.
+      #   The type of this field is list of +String+.
+      # user_id::
+      #   The unique ID of a specific User. You may use an `external_id` here if one is set for the user.
+      #   The type of this field is nilable +String+.
+      # session_token::
+      #   The `session_token` associated with a User's existing Session.
+      #   The type of this field is nilable +String+.
+      # session_jwt::
+      #   The `session_jwt` associated with a User's existing Session.
+      #   The type of this field is nilable +String+.
+      # prompt::
+      #   Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only `consent` is supported today.
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # user_id::
+      #   The unique ID of the affected User.
+      #   The type of this field is +String+.
+      # user::
+      #   The `user` object affected by this API call. See the [Get user endpoint](https://stytch.com/docs/api/get-user) for complete response field details.
+      #   The type of this field is +User+ (+object+).
+      # client::
+      #   (no documentation yet)
+      #   The type of this field is +ConnectedAppPublic+ (+object+).
+      # consent_required::
+      #   Whether the user must provide explicit consent for the authorization request.
+      #   The type of this field is +Boolean+.
+      # scope_results::
+      #   Details about each requested scope.
+      #   The type of this field is list of +ScopeResult+ (+object+).
+      # status_code::
+      #   (no documentation yet)
+      #   The type of this field is +Integer+.
+      def authorize_start(
+        client_id:,
+        redirect_uri:,
+        response_type:,
+        scopes:,
+        user_id: nil,
+        session_token: nil,
+        session_jwt: nil,
+        prompt: nil
+      )
+        headers = {}
+        request = {
+          client_id: client_id,
+          redirect_uri: redirect_uri,
+          response_type: response_type,
+          scopes: scopes
+        }
+        request[:user_id] = user_id unless user_id.nil?
+        request[:session_token] = session_token unless session_token.nil?
+        request[:session_jwt] = session_jwt unless session_jwt.nil?
+        request[:prompt] = prompt unless prompt.nil?
+
+        post_request('/v1/idp/oauth/authorize/start', request, headers)
+      end
+
+      # Completes a request for authorization of a Connected App to access a User's account.
+      #
+      # Call this endpoint using the query parameters from an OAuth Authorization request, after previously validating those parameters using the
+      # [Preflight Check](https://stytch.com/docs/api/connected-apps-oauth-authorize-start) API.
+      # Note that this endpoint takes in a few additional parameters the preflight check does not- `state`, `nonce`, and `code_challenge`.
+      #
+      # If the authorization was successful, the `redirect_uri` will contain a valid `authorization_code` embedded as a query parameter.
+      # If the authorization was unsuccessful, the `redirect_uri` will contain an OAuth2.1 `error_code`.
+      # In both cases, redirect the user to the location for the response to be consumed by the Connected App.
+      #
+      # Exactly one of the following must be provided to identify the user granting authorization:
+      # - `user_id`
+      # - `session_token`
+      # - `session_jwt`
+      #
+      # If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the user's session for tracking purposes.
+      # One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/api/connected-app-access-token-exchange) flow.
+      #
+      # == Parameters:
+      # consent_granted::
+      #   Indicates whether the user granted the requested scopes.
+      #   The type of this field is +Boolean+.
+      # scopes::
+      #   An array of scopes requested by the client.
+      #   The type of this field is list of +String+.
+      # client_id::
+      #   The ID of the Connected App client.
+      #   The type of this field is +String+.
+      # redirect_uri::
+      #   The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow.  This field is required when using the `authorization_code` grant.
+      #   The type of this field is +String+.
+      # response_type::
+      #   The OAuth 2.0 response type. For authorization code flows this value is `code`.
+      #   The type of this field is +String+.
+      # user_id::
+      #   The unique ID of a specific User. You may use an `external_id` here if one is set for the user.
+      #   The type of this field is nilable +String+.
+      # session_token::
+      #   The `session_token` associated with a User's existing Session.
+      #   The type of this field is nilable +String+.
+      # session_jwt::
+      #   The `session_jwt` associated with a User's existing Session.
+      #   The type of this field is nilable +String+.
+      # prompt::
+      #   Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only `consent` is supported today.
+      #   The type of this field is nilable +String+.
+      # state::
+      #   An opaque value used to maintain state between the request and callback.
+      #   The type of this field is nilable +String+.
+      # nonce::
+      #   A string used to associate a client session with an ID token to mitigate replay attacks.
+      #   The type of this field is nilable +String+.
+      # code_challenge::
+      #   A base64url encoded challenge derived from the code verifier for PKCE flows.
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # redirect_uri::
+      #   The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow.  This field is required when using the `authorization_code` grant.
+      #   The type of this field is +String+.
+      # status_code::
+      #   (no documentation yet)
+      #   The type of this field is +Integer+.
+      # authorization_code::
+      #   A one-time use code that can be exchanged for tokens.
+      #   The type of this field is nilable +String+.
+      def authorize(
+        consent_granted:,
+        scopes:,
+        client_id:,
+        redirect_uri:,
+        response_type:,
+        user_id: nil,
+        session_token: nil,
+        session_jwt: nil,
+        prompt: nil,
+        state: nil,
+        nonce: nil,
+        code_challenge: nil
+      )
+        headers = {}
+        request = {
+          consent_granted: consent_granted,
+          scopes: scopes,
+          client_id: client_id,
+          redirect_uri: redirect_uri,
+          response_type: response_type
+        }
+        request[:user_id] = user_id unless user_id.nil?
+        request[:session_token] = session_token unless session_token.nil?
+        request[:session_jwt] = session_jwt unless session_jwt.nil?
+        request[:prompt] = prompt unless prompt.nil?
+        request[:state] = state unless state.nil?
+        request[:nonce] = nonce unless nonce.nil?
+        request[:code_challenge] = code_challenge unless code_challenge.nil?
+
+        post_request('/v1/idp/oauth/authorize', request, headers)
+      end
+    end
   end
 end

data/lib/stytch/magic_links.rb

@@ -60,6 +60,9 @@ module Stytch
     # code_verifier::
     #   A base64url encoded one time secret used to validate that the request starts and ends on the same device.
     #   The type of this field is nilable +String+.
+    # telemetry_id::
+    #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the User. Your workspace must be enabled for Device Fingerprinting to use this feature.
+    #   The type of this field is nilable +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -93,6 +96,9 @@ module Stytch
     #   See [Session object](https://stytch.com/docs/api/session-object) for complete response fields.
     #
     #   The type of this field is nilable +Session+ (+object+).
+    # user_device::
+    #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `user_device` response field will contain information about the user's device attributes.
+    #   The type of this field is nilable +DeviceInfo+ (+object+).
     def authenticate(
       token:,
       attributes: nil,
@@ -101,7 +107,8 @@ module Stytch
       session_duration_minutes: nil,
       session_jwt: nil,
       session_custom_claims: nil,
-      code_verifier: nil
+      code_verifier: nil,
+      telemetry_id: nil
     )
       headers = {}
       request = {
@@ -114,6 +121,7 @@ module Stytch
       request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
       request[:code_verifier] = code_verifier unless code_verifier.nil?
+      request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
       post_request('/v1/magic_links/authenticate', request, headers)
     end

data/lib/stytch/oauth.rb

@@ -101,6 +101,9 @@ module Stytch
     # code_verifier::
     #   A base64url encoded one time secret used to validate that the request starts and ends on the same device.
     #   The type of this field is nilable +String+.
+    # telemetry_id::
+    #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the User. Your workspace must be enabled for Device Fingerprinting to use this feature.
+    #   The type of this field is nilable +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -145,13 +148,17 @@ module Stytch
     #   See [Session object](https://stytch.com/docs/api/session-object) for complete response fields.
     #
     #   The type of this field is nilable +Session+ (+object+).
+    # user_device::
+    #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `user_device` response field will contain information about the user's device attributes.
+    #   The type of this field is nilable +DeviceInfo+ (+object+).
     def authenticate(
       token:,
       session_token: nil,
       session_duration_minutes: nil,
       session_jwt: nil,
       session_custom_claims: nil,
-      code_verifier: nil
+      code_verifier: nil,
+      telemetry_id: nil
     )
       headers = {}
       request = {
@@ -162,6 +169,7 @@ module Stytch
       request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
       request[:code_verifier] = code_verifier unless code_verifier.nil?
+      request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
       post_request('/v1/oauth/authenticate', request, headers)
     end

data/lib/stytch/otps.rb

@@ -58,6 +58,9 @@ module Stytch
     #
     #   Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes.
     #   The type of this field is nilable +object+.
+    # telemetry_id::
+    #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the User. Your workspace must be enabled for Device Fingerprinting to use this feature.
+    #   The type of this field is nilable +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -91,6 +94,9 @@ module Stytch
     #   See [Session object](https://stytch.com/docs/api/session-object) for complete response fields.
     #
     #   The type of this field is nilable +Session+ (+object+).
+    # user_device::
+    #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `user_device` response field will contain information about the user's device attributes.
+    #   The type of this field is nilable +DeviceInfo+ (+object+).
     def authenticate(
       method_id:,
       code:,
@@ -99,7 +105,8 @@ module Stytch
       session_token: nil,
       session_duration_minutes: nil,
       session_jwt: nil,
-      session_custom_claims: nil
+      session_custom_claims: nil,
+      telemetry_id: nil
     )
       headers = {}
       request = {
@@ -112,6 +119,7 @@ module Stytch
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+      request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
       post_request('/v1/otps/authenticate', request, headers)
     end

data/lib/stytch/passwords.rb

@@ -61,6 +61,9 @@ module Stytch
     # name::
     #   The name of the user. Each field in the name object is optional.
     #   The type of this field is nilable +Name+ (+object+).
+    # telemetry_id::
+    #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the User. Your workspace must be enabled for Device Fingerprinting to use this feature.
+    #   The type of this field is nilable +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -91,6 +94,9 @@ module Stytch
     #   See [Session object](https://stytch.com/docs/api/session-object) for complete response fields.
     #
     #   The type of this field is nilable +Session+ (+object+).
+    # user_device::
+    #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `user_device` response field will contain information about the user's device attributes.
+    #   The type of this field is nilable +DeviceInfo+ (+object+).
     def create(
       email:,
       password:,
@@ -98,7 +104,8 @@ module Stytch
       session_custom_claims: nil,
       trusted_metadata: nil,
       untrusted_metadata: nil,
-      name: nil
+      name: nil,
+      telemetry_id: nil
     )
       headers = {}
       request = {
@@ -110,6 +117,7 @@ module Stytch
       request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
       request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil?
       request[:name] = name unless name.nil?
+      request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
       post_request('/v1/passwords', request, headers)
     end
@@ -151,6 +159,9 @@ module Stytch
     #
     #   Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes.
     #   The type of this field is nilable +object+.
+    # telemetry_id::
+    #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the User. Your workspace must be enabled for Device Fingerprinting to use this feature.
+    #   The type of this field is nilable +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -178,13 +189,17 @@ module Stytch
     #   See [Session object](https://stytch.com/docs/api/session-object) for complete response fields.
     #
     #   The type of this field is nilable +Session+ (+object+).
+    # user_device::
+    #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `user_device` response field will contain information about the user's device attributes.
+    #   The type of this field is nilable +DeviceInfo+ (+object+).
     def authenticate(
       email:,
       password:,
       session_token: nil,
       session_duration_minutes: nil,
       session_jwt: nil,
-      session_custom_claims: nil
+      session_custom_claims: nil,
+      telemetry_id: nil
     )
       headers = {}
       request = {
@@ -195,6 +210,7 @@ module Stytch
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+      request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
       post_request('/v1/passwords/authenticate', request, headers)
     end
@@ -311,7 +327,8 @@ module Stytch
     #   If a new user is created, this will set an identifier that can be used in API calls wherever a user_id is expected. This is a string consisting of alphanumeric, `.`, `_`, `-`, or `|` characters with a maximum length of 128 characters.
     #   The type of this field is nilable +String+.
     # roles::
-    #   (no documentation yet)
+    #   Roles to explicitly assign to this User.
+    #    See the [RBAC guide](https://stytch.com/docs/guides/rbac/role-assignment) for more information about role assignment.
     #   The type of this field is nilable list of +String+.
     #
     # == Returns:
@@ -510,6 +527,9 @@ module Stytch
       # options::
       #   Specify optional security settings.
       #   The type of this field is nilable +Options+ (+object+).
+      # telemetry_id::
+      #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the User. Your workspace must be enabled for Device Fingerprinting to use this feature.
+      #   The type of this field is nilable +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -537,6 +557,9 @@ module Stytch
       #   See [Session object](https://stytch.com/docs/api/session-object) for complete response fields.
       #
       #   The type of this field is nilable +Session+ (+object+).
+      # user_device::
+      #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `user_device` response field will contain information about the user's device attributes.
+      #   The type of this field is nilable +DeviceInfo+ (+object+).
       def reset(
         token:,
         password:,
@@ -546,7 +569,8 @@ module Stytch
         code_verifier: nil,
         session_custom_claims: nil,
         attributes: nil,
-        options: nil
+        options: nil,
+        telemetry_id: nil
       )
         headers = {}
         request = {
@@ -560,6 +584,7 @@ module Stytch
         request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
         request[:attributes] = attributes unless attributes.nil?
         request[:options] = options unless options.nil?
+        request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
         post_request('/v1/passwords/email/reset', request, headers)
       end
@@ -608,6 +633,9 @@ module Stytch
       #
       #   Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes.
       #   The type of this field is nilable +object+.
+      # telemetry_id::
+      #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the User. Your workspace must be enabled for Device Fingerprinting to use this feature.
+      #   The type of this field is nilable +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -635,6 +663,9 @@ module Stytch
       #   See [Session object](https://stytch.com/docs/api/session-object) for complete response fields.
       #
       #   The type of this field is nilable +Session+ (+object+).
+      # user_device::
+      #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `user_device` response field will contain information about the user's device attributes.
+      #   The type of this field is nilable +DeviceInfo+ (+object+).
       def reset(
         email:,
         existing_password:,
@@ -642,7 +673,8 @@ module Stytch
         session_token: nil,
         session_duration_minutes: nil,
         session_jwt: nil,
-        session_custom_claims: nil
+        session_custom_claims: nil,
+        telemetry_id: nil
       )
         headers = {}
         request = {
@@ -654,6 +686,7 @@ module Stytch
         request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
         request[:session_jwt] = session_jwt unless session_jwt.nil?
         request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+        request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
         post_request('/v1/passwords/existing_password/reset', request, headers)
       end
@@ -696,6 +729,9 @@ module Stytch
       #
       #   Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes.
       #   The type of this field is nilable +object+.
+      # telemetry_id::
+      #   If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the User. Your workspace must be enabled for Device Fingerprinting to use this feature.
+      #   The type of this field is nilable +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -723,12 +759,16 @@ module Stytch
       #   See [Session object](https://stytch.com/docs/api/session-object) for complete response fields.
       #
       #   The type of this field is nilable +Session+ (+object+).
+      # user_device::
+      #   If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `user_device` response field will contain information about the user's device attributes.
+      #   The type of this field is nilable +DeviceInfo+ (+object+).
       def reset(
         password:,
         session_token: nil,
         session_jwt: nil,
         session_duration_minutes: nil,
-        session_custom_claims: nil
+        session_custom_claims: nil,
+        telemetry_id: nil
       )
         headers = {}
         request = {
@@ -738,6 +778,7 @@ module Stytch
         request[:session_jwt] = session_jwt unless session_jwt.nil?
         request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
         request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+        request[:telemetry_id] = telemetry_id unless telemetry_id.nil?
 
         post_request('/v1/passwords/session/reset', request, headers)
       end