stytch 10.39.0 → 10.41.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a5b6536b2413740806ccad0a1bd83714be80a37e47a332f97eaf4bbf8896bc1f
-  data.tar.gz: 7432afc39e2207fb1020d90c710d536d69088033a9a892e3e1bf9a5385310a2b
+  metadata.gz: 772200fdaff7982e55a0c81c0800899f68d4d5883cc70c69fdddd9eb0a980239
+  data.tar.gz: 56d73d13e822be0a613f1cf9449e1ba68bb8e86c4b91068e8b947cf7cf560379
 SHA512:
-  metadata.gz: 425223ac3af73717f5d779b005091e159f976f5bc4b7d66d5f840efde714163e9898357536b3e7a00bedeb20e1c579ca04df9ee7e1969e90d7f8f3400763f34a
-  data.tar.gz: 7bd7d8d1e07fe67a19be06d536ec66ee6fb2a2110989e5db2d0ee5cc86a75a154cbadfa9ec8d71701f5c97df37b241ba7707033f6988aeaf5898c0d985739f22
+  metadata.gz: e6887efb099ca71afc2c00a9a40a9be303dffadb7f9abd0144873de5b4270ca79bc35fb8f98e44e64019a59e1dc8a2800b6269a12beabd905b471fc6d7c012b4
+  data.tar.gz: 3ff2c30dec6127429eb20b2751b807a534930471d08960ffee21acb5b2c8356db664ee125c9cc8e84bb22b34fc15d9bc551f8943d355c4814f340bbf0948ef67

data/lib/stytch/b2b_idp.rb

@@ -441,6 +441,9 @@ module StytchB2B
       # code_challenge::
       #   A base64url encoded challenge derived from the code verifier for PKCE flows.
       #   The type of this field is nilable +String+.
+      # resources::
+      #   (no documentation yet)
+      #   The type of this field is nilable list of +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -469,7 +472,8 @@ module StytchB2B
         prompt: nil,
         state: nil,
         nonce: nil,
-        code_challenge: nil
+        code_challenge: nil,
+        resources: nil
       )
         headers = {}
         request = {
@@ -487,6 +491,7 @@ module StytchB2B
         request[:state] = state unless state.nil?
         request[:nonce] = nonce unless nonce.nil?
         request[:code_challenge] = code_challenge unless code_challenge.nil?
+        request[:resources] = resources unless resources.nil?
 
         post_request('/v1/b2b/idp/oauth/authorize', request, headers)
       end

data/lib/stytch/b2b_organizations.rb

@@ -86,6 +86,25 @@ module StytchB2B
       end
     end
 
+    class DeleteExternalIdRequestOptions
+      # Optional authorization object.
+      # Pass in an active Stytch Member session token or session JWT and the request
+      # will be run using that member's permissions.
+      attr_accessor :authorization
+
+      def initialize(
+        authorization: nil
+      )
+        @authorization = authorization
+      end
+
+      def to_headers
+        headers = {}
+        headers.merge!(@authorization.to_headers) if authorization
+        headers
+      end
+    end
+
     include Stytch::RequestHelper
     attr_reader :members
 
@@ -608,7 +627,7 @@ module StytchB2B
     end
 
     #
-    # **Warning**: This endpoint is not recommended for use in login flows. Scaling issues may occur, as search performance may vary from ~150 milliseconds to 9 seconds depending on query complexity and rate limits are set to 100 requests/second.
+    # **Warning**: This endpoint is not recommended for use in login flows. Scaling issues may occur, as search performance may vary from ~150 milliseconds to 9 seconds depending on query complexity and rate limits are set to 100 requests/minute.
     #
     # Search across your Organizations. Returns an array of Organization objects.
     #
@@ -746,6 +765,15 @@ module StytchB2B
       get_request(request, headers)
     end
 
+    def delete_external_id(
+      organization_id:,
+      method_options: nil
+    )
+      headers = {}
+      headers = headers.merge(method_options.to_headers) unless method_options.nil?
+      delete_request("/v1/b2b/organizations/#{organization_id}/external_id", headers)
+    end
+
     class Members
       class UpdateRequestOptions
         # Optional authorization object.
@@ -937,6 +965,25 @@ module StytchB2B
         end
       end
 
+      class DeleteExternalIdRequestOptions
+        # Optional authorization object.
+        # Pass in an active Stytch Member session token or session JWT and the request
+        # will be run using that member's permissions.
+        attr_accessor :authorization
+
+        def initialize(
+          authorization: nil
+        )
+          @authorization = authorization
+        end
+
+        def to_headers
+          headers = {}
+          headers.merge!(@authorization.to_headers) if authorization
+          headers
+        end
+      end
+
       class CreateRequestOptions
         # Optional authorization object.
         # Pass in an active Stytch Member session token or session JWT and the request
@@ -1268,7 +1315,7 @@ module StytchB2B
       end
 
       #
-      # **Warning**: This endpoint is not recommended for use in login flows. Scaling issues may occur, as search performance may vary from ~150 milliseconds to 9 seconds depending on query complexity and rate limits are set to 100 requests/second.
+      # **Warning**: This endpoint is not recommended for use in login flows. Scaling issues may occur, as search performance may vary from ~150 milliseconds to 9 seconds depending on query complexity and rate limits are set to 100 requests/minute.
       #
       # Search for Members within specified Organizations. An array with at least one `organization_id` is required. Submitting an empty `query` returns all non-deleted Members within the specified Organizations.
       #
@@ -1643,6 +1690,16 @@ module StytchB2B
         get_request(request, headers)
       end
 
+      def delete_external_id(
+        organization_id:,
+        member_id:,
+        method_options: nil
+      )
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
+        delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/external_id", headers)
+      end
+
       # Creates a Member. An `organization_id` and `email_address` are required.
       #
       # == Parameters:

data/lib/stytch/b2b_passwords.rb

@@ -96,7 +96,7 @@ module StytchB2B
     #
     # Adds an existing password to a Member's email that doesn't have a password yet.
     #
-    # We support migrating members from passwords stored with bcrypt, scrypt, argon2, MD-5, SHA-1, and PBKDF2. This endpoint has a rate limit of 100 requests per second.
+    # We support migrating members from passwords stored with bcrypt, scrypt, argon2, MD-5, SHA-1, SHA-512, and PBKDF2. This endpoint has a rate limit of 100 requests per second.
     #
     # The Member's email will be marked as verified when you use this endpoint.
     #
@@ -110,7 +110,7 @@ module StytchB2B
     #   The password hash. For a Scrypt or PBKDF2 hash, the hash needs to be a base64 encoded string.
     #   The type of this field is +String+.
     # hash_type::
-    #   The password hash used. Currently `bcrypt`, `scrypt`, `argon_2i`, `argon_2id`, `md_5`, `sha_1`, and `pbkdf_2` are supported.
+    #   The password hash used. Currently `bcrypt`, `scrypt`, `argon_2i`, `argon_2id`, `md_5`, `sha_1`, `sha_512`, and `pbkdf_2` are supported.
     #   The type of this field is +MigrateRequestHashType+ (string enum).
     # organization_id::
     #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.
@@ -124,6 +124,9 @@ module StytchB2B
     # sha_1_config::
     #   Optional parameters for SHA-1 hash types.
     #   The type of this field is nilable +SHA1Config+ (+object+).
+    # sha_512_config::
+    #   Optional parameters for SHA-512 hash types.
+    #   The type of this field is nilable +SHA512Config+ (+object+).
     # scrypt_config::
     #   Required parameters if the scrypt is not provided in a **PHC encoded form**.
     #   The type of this field is nilable +ScryptConfig+ (+object+).
@@ -195,6 +198,7 @@ module StytchB2B
       md_5_config: nil,
       argon_2_config: nil,
       sha_1_config: nil,
+      sha_512_config: nil,
       scrypt_config: nil,
       pbkdf_2_config: nil,
       name: nil,
@@ -216,6 +220,7 @@ module StytchB2B
       request[:md_5_config] = md_5_config unless md_5_config.nil?
       request[:argon_2_config] = argon_2_config unless argon_2_config.nil?
       request[:sha_1_config] = sha_1_config unless sha_1_config.nil?
+      request[:sha_512_config] = sha_512_config unless sha_512_config.nil?
       request[:scrypt_config] = scrypt_config unless scrypt_config.nil?
       request[:pbkdf_2_config] = pbkdf_2_config unless pbkdf_2_config.nil?
       request[:name] = name unless name.nil?

data/lib/stytch/b2b_rbac.rb

@@ -11,9 +11,12 @@ require_relative 'request_helper'
 module StytchB2B
   class RBAC
     include Stytch::RequestHelper
+    attr_reader :organizations
 
     def initialize(connection)
       @connection = connection
+
+      @organizations = StytchB2B::RBAC::Organizations.new(@connection)
     end
 
     # Get the active RBAC Policy for your current Stytch Project. An RBAC Policy is the canonical document that stores all defined Resources and Roles within your RBAC permissioning model.
@@ -44,5 +47,97 @@ module StytchB2B
       request = request_with_query_params('/v1/b2b/rbac/policy', query_params)
       get_request(request, headers)
     end
+
+    class Organizations
+      include Stytch::RequestHelper
+
+      def initialize(connection)
+        @connection = connection
+      end
+
+      # Get the active RBAC Policy for a specific Organization within your Stytch Project. An Organization RBAC Policy contains the roles that have been defined specifically for that organization, allowing for organization-specific permissioning models.
+      #
+      # This endpoint returns the organization-scoped roles that supplement the project-level RBAC policy. Organization policies allow you to define custom roles that are specific to individual organizations within your project.
+      #
+      # When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating the need for an extra request to Stytch. The policy will be refreshed if an authorization check is requested and the RBAC policy was last updated more than 5 minutes ago.
+      #
+      # Organization-specific roles can be created and managed through this API endpoint, providing fine-grained control over permissions at the organization level.
+      #
+      # Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model and organization-scoped policies.
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.
+      #   The type of this field is +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # org_policy::
+      #   The organization-specific RBAC Policy that contains roles defined for this organization. Organization policies supplement the project-level RBAC policy with additional roles that are specific to the organization.
+      #   The type of this field is +OrgPolicy+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      def get_org_policy(
+        organization_id:
+      )
+        headers = {}
+        query_params = {}
+        request = request_with_query_params("/v1/b2b/rbac/organizations/#{organization_id}", query_params)
+        get_request(request, headers)
+      end
+
+      # Set the RBAC Policy for a specific Organization within your Stytch Project. An Organization RBAC Policy allows you to define roles that are specific to that organization, providing fine-grained control over permissions at the organization level.
+      #
+      # This endpoint allows you to create, update, or replace the organization-scoped roles for a given organization. Organization policies supplement the project-level RBAC policy with additional roles that are only applicable within the context of that specific organization.
+      #
+      # The organization policy consists of roles, where each role defines:
+      # - A unique `role_id` to identify the role
+      # - A human-readable `description` of the role's purpose
+      # - A set of `permissions` that specify which actions can be performed on which resources
+      #
+      # When you set an organization policy, it will replace any existing organization-specific roles for that organization. The project-level RBAC policy remains unchanged.
+      #
+      # Organization-specific roles are useful for scenarios where different organizations within your project require different permission structures, such as:
+      # - Multi-tenant applications with varying access levels per tenant
+      # - Organizations with custom approval workflows
+      # - Different organizational hierarchies requiring unique role definitions
+      #
+      # Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model and organization-scoped policies.
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.
+      #   The type of this field is +String+.
+      # org_policy::
+      #   The organization-specific RBAC Policy that contains roles defined for this organization. Organization policies supplement the project-level RBAC policy with additional roles that are specific to the organization.
+      #   The type of this field is +OrgPolicy+ (+object+).
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # org_policy::
+      #   The organization-specific RBAC Policy that contains roles defined for this organization. Organization policies supplement the project-level RBAC policy with additional roles that are specific to the organization.
+      #   The type of this field is +OrgPolicy+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      def set_org_policy(
+        organization_id:,
+        org_policy:
+      )
+        headers = {}
+        request = {
+          org_policy: org_policy
+        }
+
+        put_request("/v1/b2b/rbac/organizations/#{organization_id}", request, headers)
+      end
+    end
   end
 end

data/lib/stytch/idp.rb

@@ -414,6 +414,9 @@ module Stytch
       # code_challenge::
       #   A base64url encoded challenge derived from the code verifier for PKCE flows.
       #   The type of this field is nilable +String+.
+      # resources::
+      #   (no documentation yet)
+      #   The type of this field is nilable list of +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -441,7 +444,8 @@ module Stytch
         prompt: nil,
         state: nil,
         nonce: nil,
-        code_challenge: nil
+        code_challenge: nil,
+        resources: nil
       )
         headers = {}
         request = {
@@ -458,6 +462,7 @@ module Stytch
         request[:state] = state unless state.nil?
         request[:nonce] = nonce unless nonce.nil?
         request[:code_challenge] = code_challenge unless code_challenge.nil?
+        request[:resources] = resources unless resources.nil?
 
         post_request('/v1/idp/oauth/authorize', request, headers)
       end

data/lib/stytch/otps.rb

@@ -17,7 +17,7 @@ module Stytch
       @connection = connection
 
       @sms = Stytch::OTPs::Sms.new(@connection)
-      @whatsapp = Stytch::OTPs::Whatsapp.new(@connection)
+      @whatsapp = Stytch::OTPs::WhatsApp.new(@connection)
       @email = Stytch::OTPs::Email.new(@connection)
     end
 
@@ -291,7 +291,7 @@ module Stytch
       end
     end
 
-    class Whatsapp
+    class WhatsApp
       include Stytch::RequestHelper
 
       def initialize(connection)

data/lib/stytch/passwords.rb

@@ -275,7 +275,7 @@ module Stytch
       post_request('/v1/passwords/strength_check', request, headers)
     end
 
-    # Adds an existing password to a User's email that doesn't have a password yet. We support migrating users from passwords stored with `bcrypt`, `scrypt`, `argon2`, `MD-5`, `SHA-1`, or `PBKDF2`. This endpoint has a rate limit of 100 requests per second.
+    # Adds an existing password to a User's email that doesn't have a password yet. We support migrating users from passwords stored with `bcrypt`, `scrypt`, `argon2`, `MD-5`, `SHA-1`, `SHA-512`, or `PBKDF2`. This endpoint has a rate limit of 100 requests per second.
     #
     # == Parameters:
     # email::
@@ -285,7 +285,7 @@ module Stytch
     #   The password hash. For a Scrypt or PBKDF2 hash, the hash needs to be a base64 encoded string.
     #   The type of this field is +String+.
     # hash_type::
-    #   The password hash used. Currently `bcrypt`, `scrypt`, `argon_2i`, `argon_2id`, `md_5`, `sha_1`, and `pbkdf_2` are supported.
+    #   The password hash used. Currently `bcrypt`, `scrypt`, `argon_2i`, `argon_2id`, `md_5`, `sha_1`, `sha_512`, and `pbkdf_2` are supported.
     #   The type of this field is +MigrateRequestHashType+ (string enum).
     # md_5_config::
     #   Optional parameters for MD-5 hash types.
@@ -296,6 +296,9 @@ module Stytch
     # sha_1_config::
     #   Optional parameters for SHA-1 hash types.
     #   The type of this field is nilable +SHA1Config+ (+object+).
+    # sha_512_config::
+    #   Optional parameters for SHA-512 hash types.
+    #   The type of this field is nilable +SHA512Config+ (+object+).
     # scrypt_config::
     #   Required parameters if the scrypt is not provided in a [PHC encoded form](https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md#phc-string-format).
     #   The type of this field is nilable +ScryptConfig+ (+object+).
@@ -358,6 +361,7 @@ module Stytch
       md_5_config: nil,
       argon_2_config: nil,
       sha_1_config: nil,
+      sha_512_config: nil,
       scrypt_config: nil,
       pbkdf_2_config: nil,
       trusted_metadata: nil,
@@ -378,6 +382,7 @@ module Stytch
       request[:md_5_config] = md_5_config unless md_5_config.nil?
       request[:argon_2_config] = argon_2_config unless argon_2_config.nil?
       request[:sha_1_config] = sha_1_config unless sha_1_config.nil?
+      request[:sha_512_config] = sha_512_config unless sha_512_config.nil?
       request[:scrypt_config] = scrypt_config unless scrypt_config.nil?
       request[:pbkdf_2_config] = pbkdf_2_config unless pbkdf_2_config.nil?
       request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?

data/lib/stytch/users.rb

@@ -184,7 +184,7 @@ module Stytch
     end
 
     #
-    # **Warning**: This endpoint is not recommended for use in login flows. Scaling issues may occur, as search performance may vary from ~150 milliseconds to 9 seconds depending on query complexity and rate limits are set to 150 requests/second.
+    # **Warning**: This endpoint is not recommended for use in login flows. Scaling issues may occur, as search performance may vary from ~150 milliseconds to 9 seconds depending on query complexity and rate limits are set to 150 requests/minute.
     #
     # Search for Users within your Stytch Project.
     #
@@ -602,6 +602,13 @@ module Stytch
       delete_request("/v1/users/oauth/#{oauth_user_registration_id}", headers)
     end
 
+    def delete_external_id(
+      user_id:
+    )
+      headers = {}
+      delete_request("/v1/users/#{user_id}/external_id", headers)
+    end
+
     # User Get Connected Apps retrieves a list of Connected Apps with which the User has successfully completed an
     # authorization flow.
     # If the User revokes a Connected App's access (e.g. via the Revoke Connected App endpoint) then the Connected App will

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '10.39.0'
+  VERSION = '10.41.0'
 end

data/lib/stytch/webauthn.rb

@@ -206,6 +206,9 @@ module Stytch
     #   If true, the `public_key_credential_creation_options` returned will be optimized for Passkeys with `userVerification` set to `"preferred"`.
     #
     #   The type of this field is nilable +Boolean+.
+    # use_base64_url_encoding::
+    #   (no documentation yet)
+    #   The type of this field is nilable +Boolean+.
     #
     # == Returns:
     # An object with the following fields:
@@ -224,7 +227,8 @@ module Stytch
     def authenticate_start(
       domain:,
       user_id: nil,
-      return_passkey_credential_options: nil
+      return_passkey_credential_options: nil,
+      use_base64_url_encoding: nil
     )
       headers = {}
       request = {
@@ -232,6 +236,7 @@ module Stytch
       }
       request[:user_id] = user_id unless user_id.nil?
       request[:return_passkey_credential_options] = return_passkey_credential_options unless return_passkey_credential_options.nil?
+      request[:use_base64_url_encoding] = use_base64_url_encoding unless use_base64_url_encoding.nil?
 
       post_request('/v1/webauthn/authenticate/start', request, headers)
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 10.39.0
+  version: 10.41.0
 platform: ruby
 authors:
 - stytch
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-10-07 00:00:00.000000000 Z
+date: 2026-01-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday