stytch 10.42.0 → 11.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a9ec5299338703e2955b430042eb3abf11dca6474be1478e91faca5ecc5b7196
-  data.tar.gz: eaa3ad45194052e3a5a1734b5192d670ec04302b7b5194ec8a2128553ca4e8b0
+  metadata.gz: 60e3225a64429c13d844966e708830ad2db104f364760f6473d13b751e7aae4a
+  data.tar.gz: 2d87ef251169b3dc01e32c3456d4f258dae467787deefb1c2ddfba3402174bcd
 SHA512:
-  metadata.gz: f48a0d7fcc636ca833de1895bc5f0594a9d8559196a0b4a7b0992b67465e75578aacace17be36a908fa6fd417d84a29a07f00cdafa13472ee43301b03321437d
-  data.tar.gz: da2f334d10213ff40aedaa934215e2b2c2cae6d2e9931db4c01f3ac8fa54a1ce10e40560d12eaacaa2ca162b632bc58fc494ef846c03e8207d95136094b843e2
+  metadata.gz: 02dffb3e593f46ac245c225d8828bf9bb305119212b3c0e9473c6ca347da7ddb0bdfaa3412e3e10d3f4d17db89ef5050982037724206675bbcade7614d5e9867
+  data.tar.gz: 8fcac4b0ec8b6cbabe22edbd25ce4a44b2b850bae45750e38e6b40fbe73c74cf2b9c134e3df1a2061411723b04060d9bbac59aa7d03004b5fa35481416bf1a17

data/.rubocop.yml

@@ -19,4 +19,6 @@ Style/StringConcatenation: { Enabled: false }
 
 RSpec/DescribedClass: { Enabled: false }
 RSpec/ExampleLength: { Enabled: false }
+RSpec/InstanceVariable: { Enabled: false }
 RSpec/MultipleExpectations: { Enabled: false }
+RSpec/MultipleMemoizedHelpers: { Enabled: false }

data/lib/stytch/b2b_discovery.rb

@@ -71,7 +71,7 @@ module StytchB2B
       # locale::
       #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
       #
-      # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      # Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -337,6 +337,9 @@ module StytchB2B
       # member::
       #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
       #   The type of this field is +Member+ (+object+).
+      # organization::
+      #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+      #   The type of this field is +Organization+ (+object+).
       # member_authenticated::
       #   Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
       #   The type of this field is +Boolean+.
@@ -349,9 +352,6 @@ module StytchB2B
       # member_session::
       #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
       #   The type of this field is nilable +MemberSession+ (+object+).
-      # organization::
-      #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
-      #   The type of this field is nilable +Organization+ (+object+).
       # mfa_required::
       #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
       #   The type of this field is nilable +MfaRequired+ (+object+).

data/lib/stytch/b2b_magic_links.rb

@@ -69,7 +69,7 @@ module StytchB2B
     # locale::
     #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
     #
-    # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+    # Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
     #
     # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
     #
@@ -214,15 +214,14 @@ module StytchB2B
       #   A base64url encoded SHA256 hash of a one time secret used to validate that the request starts and ends on the same device.
       #   The type of this field is nilable +String+.
       # login_template_id::
-      #   Use a custom template for login emails. By default, it will use your default email template. The template must be from Stytch's
-      # built-in customizations or a custom HTML email for Magic Links - Login.
+      #   Use a custom template for login emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic Links - Login”.
       #   The type of this field is nilable +String+.
       # signup_template_id::
       #   Use a custom template for signup emails. By default, it will use your default email template. The template must be from Stytch's
-      # built-in customizations or a custom HTML email for Magic Links - Signup.
+      # built-in customizations or a custom HTML email for “Magic Links - Signup”.
       #   The type of this field is nilable +String+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -320,11 +319,10 @@ module StytchB2B
       #   for complete field behavior details.
       #   The type of this field is nilable +object+.
       # invite_template_id::
-      #   Use a custom template for invite emails. By default, it will use your default email template. The template must be a template
-      #   using our built-in customizations or a custom HTML email for Magic Links - Invite.
+      #   Use a custom template for invite emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic Links - Invite”.
       #   The type of this field is nilable +String+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -414,11 +412,10 @@ module StytchB2B
         #   A base64url encoded SHA256 hash of a one time secret used to validate that the request starts and ends on the same device.
         #   The type of this field is nilable +String+.
         # login_template_id::
-        #   Use a custom template for discovery emails. By default, it will use your default email template. The template must be from Stytch's
-        # built-in customizations or a custom HTML email for Magic Links - Login.
+        #   Use a custom template for discovery emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic Links - Login”.
         #   The type of this field is nilable +String+.
         # locale::
-        #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+        #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
         #
         # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
         #

data/lib/stytch/b2b_oauth.rb

@@ -67,7 +67,7 @@ module StytchB2B
     # locale::
     #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
     #
-    # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+    # Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
     #
     # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
     #

data/lib/stytch/b2b_organizations.rb

@@ -1592,7 +1592,7 @@ module StytchB2B
       #   redirect URL that you set in your Dashboard is used. If you have not set a default login redirect URL, an error is returned.
       #   The type of this field is nilable +String+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -1600,8 +1600,7 @@ module StytchB2B
       #
       #   The type of this field is nilable +StartEmailUpdateRequestLocale+ (string enum).
       # login_template_id::
-      #   Use a custom template for login emails. By default, it will use your default email template. The template must be from Stytch's
-      # built-in customizations or a custom HTML email for Magic Links - Login.
+      #   Use a custom template for login emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic Links - Login”.
       #   The type of this field is nilable +String+.
       # delivery_method::
       #   The method that should be used to verify a member's new email address. The options are `EMAIL_MAGIC_LINK` or `EMAIL_OTP`. This field is optional, if no value is provided, `EMAIL_MAGIC_LINK` will be used.

data/lib/stytch/b2b_otp.rb

@@ -60,7 +60,7 @@ module StytchB2B
       #   The phone number to send the OTP to. If the Member already has a phone number, this argument is not needed.
       #   The type of this field is nilable +String+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -271,13 +271,13 @@ module StytchB2B
       #   The email address of the Member.
       #   The type of this field is +String+.
       # login_template_id::
-      #   Use a custom template for login emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for OTP - Login.
+      #   Use a custom template for login emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “OTP - Login”.
       #   The type of this field is nilable +String+.
       # signup_template_id::
-      #   Use a custom template for signup emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for OTP - Signup.
+      #   Use a custom template for signup emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “OTP - Signup”.
       #   The type of this field is nilable +String+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -384,7 +384,7 @@ module StytchB2B
       #   Total custom claims size cannot exceed four kilobytes.
       #   The type of this field is nilable +object+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -485,10 +485,10 @@ module StytchB2B
         #   The email address to start the discovery flow for.
         #   The type of this field is +String+.
         # login_template_id::
-        #   Use a custom template for login emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for OTP - Login.
+        #   Use a custom template for login emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “OTP - Login”.
         #   The type of this field is nilable +String+.
         # locale::
-        #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+        #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
         #
         # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
         #

data/lib/stytch/b2b_passwords.rb

@@ -52,7 +52,8 @@ module StytchB2B
     # valid_password::
     #   Returns `true` if the password passes our password validation. We offer two validation options,
     #   [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) is the default option which offers a high level of sophistication.
-    #   We also offer [LUDS](https://stytch.com/docs/b2b/guides/passwords/strength-policy). If an email address is included in the call we also
+    #   We also offer [LUDS](https://stytch.com/docs/b2b/guides/passwords/strength-policy) which is less sophisticated
+    #   but easier to understand. If an email address is included in the call we also
     #   require that the password hasn't been compromised using built-in breach detection powered by [HaveIBeenPwned](https://haveibeenpwned.com/)
     #   The type of this field is +Boolean+.
     # score::
@@ -66,7 +67,7 @@ module StytchB2B
     #   The type of this field is +String+.
     # breach_detection_on_create::
     #   Will return `true` if breach detection will be evaluated. By default this option is enabled.
-    #   This option can be disabled by contacting [support@stytch.com](mailto:support@stytch.com?subject=Password%20strength%20configuration).
+    #   This option can be disabled in the [dashboard](https://stytch.com/dashboard/password-strength-config#breach-detection).
     #   If this value is false then `breached_password` will always be `false` as well.
     #   The type of this field is +Boolean+.
     # status_code::
@@ -282,7 +283,7 @@ module StytchB2B
     # locale::
     #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
     #
-    # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+    # Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
     #
     # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
     #
@@ -411,9 +412,9 @@ module StytchB2B
       #   The email address of the Member to start the email reset process for.
       #   The type of this field is +String+.
       # reset_password_redirect_url::
-      #   The URL that the Member clicks from the reset password link. This URL should be an endpoint in the backend server that verifies the request by querying
-      #   Stytch's authenticate endpoint and finishes the reset password flow. If this value is not passed, the default `reset_password_redirect_url` that you set in your Dashboard is used.
-      #   If you have not set a default `reset_password_redirect_url`, an error is returned.
+      #   The URL that the Member is redirected to from the reset password magic link. This URL should display your application's reset password page.
+      #   Before rendering the reset page, extract the `token` from the query parameters. On the reset page, collect the new password and complete the flow by calling the corresponding Password Reset by Email endpoint.
+      #   If this parameter is not specified, the default Reset Password redirect URL configured in the Dashboard will be used. If you have not set a default Reset Password redirect URL, an error is returned.
       #   The type of this field is nilable +String+.
       # reset_password_expiration_minutes::
       #   Sets a time limit after which the email link to reset the member's password will no longer be valid. The minimum allowed expiration is 5 minutes and the maximum is 10080 minutes (7 days). By default, the expiration is 30 minutes.
@@ -427,7 +428,7 @@ module StytchB2B
       #       After Members are redirected to the login redirect URL, your application should retrieve the `token` value from the URL parameters and call the [Magic Link Authenticate endpoint](https://stytch.com/docs/api/authenticate-magic-link) to log the Member in without requiring a password reset. If this value is not provided, your project's default login redirect URL will be used. If you have not set a default login redirect URL, an error will be returned.
       #   The type of this field is nilable +String+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -435,11 +436,11 @@ module StytchB2B
       #
       #   The type of this field is nilable +ResetStartRequestLocale+ (string enum).
       # reset_password_template_id::
-      #   Use a custom template for reset password emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Reset Password.
+      #   Use a custom template for reset password emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Passwords - Reset Password”.
       #   The type of this field is nilable +String+.
       # verify_email_template_id::
       #   Use a custom template for verification emails sent during password reset flows. When cross-organization passwords are enabled for your Project, this template will be used the first time a user sets a password via a
-      #   password reset flow. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Email Verification.
+      #   password reset flow. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Passwords - Email Verification”.
       #   The type of this field is nilable +String+.
       #
       # == Returns:
@@ -539,7 +540,7 @@ module StytchB2B
       # locale::
       #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
       #
-      # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      # Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -725,7 +726,7 @@ module StytchB2B
       #   Total custom claims size cannot exceed four kilobytes.
       #   The type of this field is nilable +object+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -863,7 +864,7 @@ module StytchB2B
       # locale::
       #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
       #
-      # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      # Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -1030,9 +1031,9 @@ module StytchB2B
         #   The email address of the Member to start the email reset process for.
         #   The type of this field is +String+.
         # reset_password_redirect_url::
-        #   The URL that the Member clicks from the reset password link. This URL should be an endpoint in the backend server that verifies the request by querying
-        #   Stytch's authenticate endpoint and finishes the reset password flow. If this value is not passed, the default `reset_password_redirect_url` that you set in your Dashboard is used.
-        #   If you have not set a default `reset_password_redirect_url`, an error is returned.
+        #   The URL that the Member is redirected to from the reset password magic link. This URL should display your application's reset password page.
+        #   Before rendering the reset page, extract the `token` from the query parameters. On the reset page, collect the new password and complete the flow by calling the corresponding Password Reset by Email endpoint.
+        #   If this parameter is not specified, the default Reset Password redirect URL configured in the Dashboard will be used. If you have not set a default Reset Password redirect URL, an error is returned.
         #   The type of this field is nilable +String+.
         # discovery_redirect_url::
         #   The URL that the end user clicks from the discovery Magic Link. This URL should be an endpoint in the backend server that
@@ -1040,7 +1041,7 @@ module StytchB2B
         #   discovery redirect URL that you set in your Dashboard is used. If you have not set a default discovery redirect URL, an error is returned.
         #   The type of this field is nilable +String+.
         # reset_password_template_id::
-        #   Use a custom template for reset password emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Reset Password.
+        #   Use a custom template for reset password emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Passwords - Reset Password”.
         #   The type of this field is nilable +String+.
         # reset_password_expiration_minutes::
         #   Sets a time limit after which the email link to reset the member's password will no longer be valid. The minimum allowed expiration is 5 minutes and the maximum is 10080 minutes (7 days). By default, the expiration is 30 minutes.
@@ -1049,7 +1050,7 @@ module StytchB2B
         #   (no documentation yet)
         #   The type of this field is nilable +String+.
         # locale::
-        #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+        #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
         #
         # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
         #
@@ -1058,7 +1059,7 @@ module StytchB2B
         #   The type of this field is nilable +String+.
         # verify_email_template_id::
         #   Use a custom template for verification emails sent during password reset flows. When cross-organization passwords are enabled for your Project, this template will be used the first time a user sets a password via a
-        #   password reset flow. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Email Verification.
+        #   password reset flow. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Passwords - Email Verification”.
         #   The type of this field is nilable +String+.
         #
         # == Returns:

data/lib/stytch/b2b_rbac.rb

@@ -55,6 +55,9 @@ module StytchB2B
         @connection = connection
       end
 
+      #
+      # The organization RBAC policy feature is currently in private beta and must be enabled for your Workspace. Please contact Stytch support at support@stytch.com to request access.
+      #
       # Get the active RBAC Policy for a specific Organization within your Stytch Project. An Organization RBAC Policy contains the roles that have been defined specifically for that organization, allowing for organization-specific permissioning models.
       #
       # This endpoint returns the organization-scoped roles that supplement the project-level RBAC policy. Organization policies allow you to define custom roles that are specific to individual organizations within your project.
@@ -90,6 +93,9 @@ module StytchB2B
         get_request(request, headers)
       end
 
+      #
+      # The organization RBAC policy feature is currently in private beta and must be enabled for your Workspace. Please contact Stytch support at support@stytch.com to request access.
+      #
       # Set the RBAC Policy for a specific Organization within your Stytch Project. An Organization RBAC Policy allows you to define roles that are specific to that organization, providing fine-grained control over permissions at the organization level.
       #
       # This endpoint allows you to create, update, or replace the organization-scoped roles for a given organization. Organization policies supplement the project-level RBAC policy with additional roles that are only applicable within the context of that specific organization.

data/lib/stytch/b2b_scim.rb

@@ -206,7 +206,7 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # connection::
-      #   The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
+      #   The [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object).
       #   The type of this field is nilable +SCIMConnection+ (+object+).
       #
       # == Method Options:
@@ -282,7 +282,7 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # connection::
-      #   The `SCIM Connection` object affected by this API call. See the [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object) for complete response field details.
+      #   The [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object).
       #   The type of this field is nilable +SCIMConnectionWithNextToken+ (+object+).
       #
       # == Method Options:
@@ -318,7 +318,7 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # connection::
-      #   The `SCIM Connection` object affected by this API call. See the [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object) for complete response field details.
+      #   The [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object).
       #   The type of this field is nilable +SCIMConnection+ (+object+).
       #
       # == Method Options:
@@ -354,7 +354,7 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # connection::
-      #   The `SCIM Connection` object affected by this API call. See the [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object) for complete response field details.
+      #   The [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object).
       #   The type of this field is nilable +SCIMConnection+ (+object+).
       #
       # == Method Options:
@@ -440,7 +440,7 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # connection::
-      #   The `SCIM Connection` object affected by this API call. See the [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object) for complete response field details.
+      #   The [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object).
       #   The type of this field is nilable +SCIMConnectionWithToken+ (+object+).
       #
       # == Method Options:
@@ -476,7 +476,7 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # connection::
-      #   A [SCIM Connection](https://stytch.com/docs/b2b/api/scim-connection-object) connection belonging to the organization (currently limited to one).
+      #   The [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object).
       #   The type of this field is nilable +SCIMConnection+ (+object+).
       #
       # == Method Options:

data/lib/stytch/b2b_sessions.rb

@@ -266,7 +266,7 @@ module StytchB2B
     # locale::
     #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
     #
-    # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+    # Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
     #
     # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
     #
@@ -346,8 +346,6 @@ module StytchB2B
     #
     # The Access Token must contain the `full_access` scope (only available to First Party clients) and must not be more than 5 minutes old. Access Tokens may only be exchanged a single time.
     #
-    # The Member Session returned will be the same Member Session that was active in your application (the authorizing party) during the initial authorization flow.
-    #
     # Because the Member previously completed MFA and satisfied all Organization authentication requirements at the time of the original Access Token issuance, this endpoint will never return an `intermediate_session_token` or require MFA.
     #
     # == Parameters:

data/lib/stytch/b2b_sso.rb

@@ -178,7 +178,7 @@ module StytchB2B
     # locale::
     #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
     #
-    # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+    # Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
     #
     # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
     #
@@ -335,7 +335,7 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # connection::
-      #   The `OIDC Connection` object affected by this API call. See the [OIDC Connection Object](https://stytch.com/docs/b2b/api/oidc-connection-object) for complete response field details.
+      #   The [OIDC Connection Object](https://stytch.com/docs/b2b/api/oidc-connection-object).
       #   The type of this field is nilable +OIDCConnection+ (+object+).
       #
       # == Method Options:
@@ -426,7 +426,7 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # connection::
-      #   The `OIDC Connection` object affected by this API call. See the [OIDC Connection Object](https://stytch.com/docs/b2b/api/oidc-connection-object) for complete response field details.
+      #   The [OIDC Connection Object](https://stytch.com/docs/b2b/api/oidc-connection-object).
       #   The type of this field is nilable +OIDCConnection+ (+object+).
       # warning::
       #   If it is not possible to resolve the well-known metadata document from the OIDC issuer, this field will explain what went wrong if the request is successful otherwise. In other words, even if the overall request succeeds, there could be relevant warnings related to the connection update.
@@ -595,7 +595,7 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # connection::
-      #   The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
+      #   The [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object)
       #   The type of this field is nilable +SAMLConnection+ (+object+).
       #
       # == Method Options:
@@ -691,7 +691,7 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # connection::
-      #   The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
+      #   The [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object)
       #   The type of this field is nilable +SAMLConnection+ (+object+).
       #
       # == Method Options:
@@ -766,7 +766,7 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # connection::
-      #   The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
+      #   The [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object)
       #   The type of this field is nilable +SAMLConnection+ (+object+).
       #
       # == Method Options:
@@ -941,7 +941,7 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # connection::
-      #   The `External Connection` object affected by this API call. See the [External Connection Object](https://stytch.com/docs/b2b/api/external-connection-object) for complete response field details.
+      #   The [External Connection Object](https://stytch.com/docs/b2b/api/external-connection-object).
       #   The type of this field is nilable +Connection+ (+object+).
       #
       # == Method Options:
@@ -1001,7 +1001,7 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # connection::
-      #   The `External Connection` object affected by this API call. See the [External Connection Object](https://stytch.com/docs/b2b/api/external-connection-object) for complete response field details.
+      #   The [External Connection Object](https://stytch.com/docs/b2b/api/external-connection-object).
       #   The type of this field is nilable +Connection+ (+object+).
       #
       # == Method Options:

data/lib/stytch/m2m.rb

@@ -289,9 +289,9 @@ module Stytch
         post_request('/v1/m2m/clients/search', request, headers)
       end
 
-      # Updates an existing M2M Client. You can use this endpoint to activate or deactivate a M2M Client by changing its `status`. A deactivated M2M Client will not be allowed to perform future token exchange flows until it is reactivated.
+      # Updates an existing M2M Client. You can use this endpoint to activate or deactivate an M2M Client by changing its `status`. A deactivated M2M Client will not be allowed to perform future token exchange flows until it is reactivated.
       #
-      # **Important:** Deactivating a M2M Client will not invalidate any existing JWTs issued to the client, only prevent it from receiving new ones.
+      # **Important:** Deactivating an M2M Client will not invalidate any existing JWTs issued to the client, only prevent it from receiving new ones.
       # To protect more-sensitive routes, pass a lower `max_token_age` value when[authenticating the token](https://stytch.com/docs/b2b/api/authenticate-m2m-token)[authenticating the token](https://stytch.com/docs/api/authenticate-m2m-token).
       #
       # == Parameters:
@@ -346,7 +346,7 @@ module Stytch
 
       # Deletes the M2M Client.
       #
-      # **Important:** Deleting a M2M Client will not invalidate any existing JWTs issued to the client, only prevent it from receiving new ones.
+      # **Important:** Deleting an M2M Client will not invalidate any existing JWTs issued to the client, only prevent it from receiving new ones.
       # To protect more-sensitive routes, pass a lower `max_token_age` value when[authenticating the token](https://stytch.com/docs/b2b/api/authenticate-m2m-token)[authenticating the token](https://stytch.com/docs/api/authenticate-m2m-token).
       #
       # == Parameters:

data/lib/stytch/magic_links.rb

@@ -126,12 +126,22 @@ module Stytch
       post_request('/v1/magic_links/authenticate', request, headers)
     end
 
-    # Create an Embeddable Magic Link token for a User. Access to this endpoint is restricted. To enable it, please send us a note at support@stytch.com.
+    # Create an Embeddable Magic Link token for a User.
     #
-    # ### Next steps
-    # Send the returned `token` value to the end user in a link which directs to your application. When the end user follows your link, collect the token, and call [Authenticate Magic Link](https://stytch.com/docs/api/authenticate-magic-link) to complete authentication.
+    # ### Important usage notes
     #
-    # **Note:** Authenticating an Embeddable Magic Link token will **not** result in any of the Stytch User's factors (email address or phone number) being marked as verified, as Stytch cannot confirm where the user received the token.
+    # Carefully review the following notes before using Embeddable Magic Links:
+    #
+    # * Embeddable Magic Link tokens are **sensitive values**. You should handle and store them securely.
+    # * Authenticating an Embeddable Magic Link token will not mark any of a user's delivery factors (email address or phone number) as verified, since we cannot confirm how the token was sent to the user.
+    # * Embeddable Magic Links are only available in our Consumer API, and not our B2B API.
+    #
+    # When sending Embeddable Magic Links via email:
+    #
+    # * Deliverability is paramount. Carefully test your email copy to ensure it reaches your users' inboxes. Small changes can result in your emails being sent to spam.
+    # * In some cases, email security bots may follow links within incoming emails before your users open them. This consumes the Embeddable Magic Link token, preventing the user from logging in when they later click the link. Our Email Magic Links product automatically prevents this (details [here](https://stytch.com/docs/consumer-auth/authentication/magic-links/redirect-routing)). However, when sending your own emails containing Embeddable Magic Links, you'll be responsible for detecting and stopping bot traffic using tools like CAPTCHA or [Device Fingerprinting](https://stytch.com/docs/fraud-risk/device-fingerprinting/overview).
+    #
+    # We also recommend checking out our [Trusted Auth Tokens](https://stytch.com/docs/consumer-auth/authentication/trusted-auth-tokens/overview) product, which is available in both our Consumer and B2B APIs and can be a better fit for some use cases.
     #
     # == Parameters:
     # user_id::
@@ -193,7 +203,7 @@ module Stytch
       #   The email address of the User to send the Magic Link to.
       #   The type of this field is +String+.
       # login_template_id::
-      #   Use a custom template for login emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Login.
+      #   Use a custom template for login emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Login”.
       #   The type of this field is nilable +String+.
       # attributes::
       #   Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.
@@ -223,7 +233,7 @@ module Stytch
       #   The `session_jwt` of the user to associate the email with.
       #   The type of this field is nilable +String+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -231,7 +241,7 @@ module Stytch
       #
       #   The type of this field is nilable +SendRequestLocale+ (string enum).
       # signup_template_id::
-      #   Use a custom template for sign-up emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Sign-up.
+      #   Use a custom template for sign-up emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Sign-up”.
       #   The type of this field is nilable +String+.
       #
       # == Returns:
@@ -305,10 +315,10 @@ module Stytch
       #   Set the expiration for the sign-up email magic link, in minutes. By default, it expires in 1 week. The minimum expiration is 5 minutes and the maximum is 7 days (10080 mins).
       #   The type of this field is nilable +Integer+.
       # login_template_id::
-      #   Use a custom template for login emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Login.
+      #   Use a custom template for login emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Login”.
       #   The type of this field is nilable +String+.
       # signup_template_id::
-      #   Use a custom template for sign-up emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Sign-up.
+      #   Use a custom template for sign-up emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Sign-up”.
       #   The type of this field is nilable +String+.
       # attributes::
       #   Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.
@@ -324,7 +334,7 @@ module Stytch
       #   A base64url encoded SHA256 hash of a one time secret used to validate that the request starts and ends on the same device.
       #   The type of this field is nilable +String+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -390,7 +400,7 @@ module Stytch
       #   The email address of the User to send the invite Magic Link to.
       #   The type of this field is +String+.
       # invite_template_id::
-      #   Use a custom template for invite emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Invite.
+      #   Use a custom template for invite emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Invite”.
       #   The type of this field is nilable +String+.
       # attributes::
       #   Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.
@@ -405,7 +415,7 @@ module Stytch
       #   Set the expiration for the email magic link, in minutes. By default, it expires in 1 hour. The minimum expiration is 5 minutes and the maximum is 7 days (10080 mins).
       #   The type of this field is nilable +Integer+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #

data/lib/stytch/otps.rb

@@ -161,7 +161,7 @@ module Stytch
       #   Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.
       #   The type of this field is nilable +Attributes+ (+object+).
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -246,7 +246,7 @@ module Stytch
       #         an account for them.
       #   The type of this field is nilable +Boolean+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -324,7 +324,7 @@ module Stytch
       #   Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.
       #   The type of this field is nilable +Attributes+ (+object+).
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -405,7 +405,7 @@ module Stytch
       #         an account for them.
       #   The type of this field is nilable +Boolean+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -476,7 +476,7 @@ module Stytch
       #   Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.
       #   The type of this field is nilable +Attributes+ (+object+).
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -493,10 +493,10 @@ module Stytch
       #   The `session_jwt` associated with a User's existing Session.
       #   The type of this field is nilable +String+.
       # login_template_id::
-      #   Use a custom template for login emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for OTP - Login.
+      #   Use a custom template for login emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “OTP - Login”.
       #   The type of this field is nilable +String+.
       # signup_template_id::
-      #   Use a custom template for sign-up emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for OTP - Sign-up.
+      #   Use a custom template for sign-up emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “OTP - Sign-up”.
       #   The type of this field is nilable +String+.
       #
       # == Returns:
@@ -564,7 +564,7 @@ module Stytch
       #         an account for them.
       #   The type of this field is nilable +Boolean+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -572,10 +572,10 @@ module Stytch
       #
       #   The type of this field is nilable +LoginOrCreateRequestLocale+ (string enum).
       # login_template_id::
-      #   Use a custom template for login emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Login.
+      #   Use a custom template for login emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Login”.
       #   The type of this field is nilable +String+.
       # signup_template_id::
-      #   Use a custom template for sign-up emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Sign-up.
+      #   Use a custom template for sign-up emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Sign-up”.
       #   The type of this field is nilable +String+.
       #
       # == Returns:

data/lib/stytch/passwords.rb

@@ -242,7 +242,7 @@ module Stytch
     #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
     #   The type of this field is +String+.
     # valid_password::
-    #   Returns `true` if the password passes our password validation. We offer two validation options, [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) is the default option which offers a high level of sophistication. We also offer [LUDS](https://stytch.com/docs/guides/passwords/strength-policy). If an email address is included in the call we also require that the password hasn't been compromised using built-in breach detection powered by [HaveIBeenPwned](https://haveibeenpwned.com/).
+    #   Returns `true` if the password passes our password validation. We offer two validation options, [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) is the default option which offers a high level of sophistication. We also offer [LUDS](https://stytch.com/docs/guides/passwords/strength-policy) which is less sophisticated but easier to understand. If an email address is included in the call we also require that the password hasn't been compromised using built-in breach detection powered by [HaveIBeenPwned](https://haveibeenpwned.com/).
     #   The type of this field is +Boolean+.
     # score::
     #   The score of the password determined by [zxcvbn](https://github.com/dropbox/zxcvbn). Values will be between 1 and 4, a 3 or greater is required to pass validation.
@@ -254,7 +254,7 @@ module Stytch
     #   The strength policy type enforced, either `zxcvbn` or `luds`.
     #   The type of this field is +String+.
     # breach_detection_on_create::
-    #   Will return `true` if breach detection will be evaluated. By default this option is enabled. This option can be disabled by contacting [support@stytch.com](mailto:support@stytch.com?subject=Password%20strength%20configuration). If this value is `false` then `breached_password` will always be `false` as well.
+    #   Will return `true` if breach detection will be evaluated. By default this option is enabled. This option can be disabled in the [dashboard](https://stytch.com/dashboard/password-strength-config#breach-detection). If this value is `false` then `breached_password` will always be `false` as well.
     #   The type of this field is +Boolean+.
     # status_code::
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
@@ -411,11 +411,9 @@ module Stytch
       #   The email of the User that requested the password reset.
       #   The type of this field is +String+.
       # reset_password_redirect_url::
-      #   The url that the user clicks from the password reset email to finish the reset password flow.
-      #   This should be a url that your app receives and parses before showing your app's reset password page.
-      #   After the user submits a new password to your app, it should send an API request to complete the password reset process.
-      #   If this value is not passed, the default reset password redirect URL that you set in your Dashboard is used.
-      #   If you have not set a default reset password redirect URL, an error is returned.
+      #   The URL that the User is redirected to from the reset password magic link. This URL should display your application's reset password page.
+      #   Before rendering the reset page, extract the `token` from the query parameters. On the reset page, collect the new password and complete the flow by calling the corresponding Password Reset by Email endpoint.
+      #   If this parameter is not specified, the default Reset Password redirect URL configured in the Dashboard will be used. If you have not set a default Reset Password redirect URL, an error is returned.
       #   The type of this field is nilable +String+.
       # reset_password_expiration_minutes::
       #   Set the expiration for the password reset, in minutes. By default, it expires in 30 minutes.
@@ -433,7 +431,7 @@ module Stytch
       #       After Users are redirected to the login redirect URL, your application should retrieve the `token` value from the URL parameters and call the [Magic Link Authenticate endpoint](https://stytch.com/docs/api/authenticate-magic-link) to log the User in without requiring a password reset. If this value is not provided, your project's default login redirect URL will be used. If you have not set a default login redirect URL, an error will be returned.
       #   The type of this field is nilable +String+.
       # locale::
-      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
       # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
       #
@@ -442,7 +440,7 @@ module Stytch
       #   The type of this field is nilable +ResetStartRequestLocale+ (string enum).
       # reset_password_template_id::
       #   Use a custom template for password reset emails. By default, it will use your default email template.
-      #   The template must be a template using our built-in customizations or a custom HTML email for Passwords - Password reset.
+      #   Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Passwords - Password reset”.
       #   The type of this field is nilable +String+.
       #
       # == Returns:

data/lib/stytch/rbac_local.rb

@@ -9,6 +9,10 @@ module Stytch
       @rbac_client = rbac_client
       @policy_last_update = 0
       @cached_policy = nil
+      @cached_org_policies = {}
+      # TTL, in seconds, before a cached policy is considered stale
+      # and should be refreshed. Amounts to 5 minutes.
+      @cache_ttl = 300
     end
 
     def reload_policy
@@ -16,11 +20,27 @@ module Stytch
       @policy_last_update = Time.now.to_i
     end
 
+    def reload_org_policy(organization_id:)
+      @cached_org_policies[organization_id] = CachedOrgPolicy.new(
+        org_policy: @rbac_client.organizations.get_org_policy(organization_id: organization_id)
+      )
+    end
+
     def get_policy(invalidate: false)
-      reload_policy if invalidate || @cached_policy.nil? || @policy_last_update < Time.now.to_i - 300
+      reload_policy if invalidate || @cached_policy.nil? || @policy_last_update < Time.now.to_i - @cache_ttl
       @cached_policy
     end
 
+    def get_org_policy(organization_id:, invalidate: false)
+      is_missing = @cached_org_policies[organization_id].nil?
+      is_stale = !is_missing && @cached_org_policies[organization_id].last_update < Time.now.to_i - @cache_ttl
+      reload_org_policy(organization_id: organization_id) if invalidate || is_missing || is_stale
+
+      return { 'roles' => [] } if @cached_org_policies[organization_id].nil?
+
+      @cached_org_policies[organization_id].org_policy
+    end
+
     # Performs an authorization check against the project's policy and a set of roles. If the
     # check succeeds, this method will return. If the check fails, a PermissionError
     # will be raised. It's also possible for a TenancyError to be raised if the
@@ -34,19 +54,18 @@ module Stytch
       raise Stytch::TenancyError.new(subject_org_id, authorization_check['organization_id']) if subject_org_id != authorization_check['organization_id']
 
       policy = get_policy
+      org_policy = get_org_policy(organization_id: subject_org_id)
+      all_roles = policy['roles'].concat(org_policy['roles'])
 
-      for role in policy['roles']
+      return if all_roles.any? do |role|
         next unless subject_roles.include?(role['role_id'])
 
-        for permission in role['permissions']
+        role['permissions'].any? do |permission|
           actions = permission['actions']
           resource = permission['resource_id']
           has_matching_action = actions.include?('*') || actions.include?(authorization_check['action'])
           has_matching_resource = resource == authorization_check['resource_id']
-          if has_matching_action && has_matching_resource
-            # All good
-            return
-          end
+          has_matching_action && has_matching_resource
         end
       end
 
@@ -64,17 +83,15 @@ module Stytch
       policy = get_policy
 
       # For consumer authorization, we check roles without tenancy validation
-      for role in policy['roles']
+      return if policy['roles'].any? do |role|
         next unless subject_roles.include?(role['role_id'])
 
-        for permission in role['permissions']
+        role['permissions'].any? do |permission|
           actions = permission['actions']
           resource = permission['resource_id']
           has_matching_action = actions.include?('*') || actions.include?(authorization_check['action'])
           has_matching_resource = resource == authorization_check['resource_id']
-          if has_matching_action && has_matching_resource
-            return # Permission granted
-          end
+          has_matching_action && has_matching_resource
         end
       end
 
@@ -98,19 +115,17 @@ module Stytch
       resource_id = authorization_check['resource_id']
 
       # Check if any of the token scopes grant permission for this action/resource
-      for scope_obj in policy['scopes']
+      return if policy['scopes'].any? do |scope_obj|
         scope_name = scope_obj['scope']
         next unless token_scopes.include?(scope_name)
 
         # Check if this scope grants permission for the requested action/resource
-        for permission in scope_obj['permissions']
+        scope_obj['permissions'].any? do |permission|
           actions = permission['actions']
           resource = permission['resource_id']
           has_matching_action = actions.include?('*') || actions.include?(action)
           has_matching_resource = resource == resource_id
-          if has_matching_action && has_matching_resource
-            return # Permission granted
-          end
+          has_matching_action && has_matching_resource
         end
       end
 
@@ -118,4 +133,13 @@ module Stytch
       raise Stytch::PermissionError, authorization_check
     end
   end
+
+  class CachedOrgPolicy
+    def initialize(org_policy:)
+      @org_policy = org_policy['org_policy']
+      @last_update = Time.now.to_i
+    end
+
+    attr_reader :org_policy, :last_update
+  end
 end

data/lib/stytch/sessions.rb

@@ -234,8 +234,6 @@ module Stytch
     # Use this endpoint to exchange a Connected Apps Access Token back into a Stytch Session for the underlying User.
     # This session can be used with the Stytch SDKs and APIs.
     #
-    # The Session returned will be the same Session that was active in your application (the authorizing party) during the initial authorization flow.
-    #
     # The Access Token must contain the `full_access` scope (only available to First Party clients) and must not be more than 5 minutes old. Access Tokens may only be exchanged a single time.
     #
     # == Parameters:

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '10.42.0'
+  VERSION = '11.0.0'
 end

data/lib/stytch/webauthn.rb

@@ -20,9 +20,11 @@ module Stytch
     #
     # To optimize for Passkeys, set the `return_passkey_credential_options` field to `true`.
     #
-    # After calling this endpoint, the browser will need to call [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) with the data from [public_key_credential_creation_options](https://w3c.github.io/webauthn/#dictionary-makecredentialoptions) passed to the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request via the public key argument. We recommend using the `create()` wrapper provided by the webauthn-json library.
+    # After calling this endpoint, the browser will need to call [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) with the data from [public_key_credential_creation_options](https://w3c.github.io/webauthn/#dictionary-makecredentialoptions) passed to the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request via the public key argument.
     #
-    # If you are not using the [webauthn-json](https://github.com/github/webauthn-json) library, the `public_key_credential_creation_options` will need to be converted to a suitable public key by unmarshalling the JSON, base64 decoding the user ID field, and converting user ID and the challenge fields into an array buffer.
+    # When using built-in browser methods like `navigator.credentials.create()`, set the `use_base64_url_encoding` option to `true`.
+    #
+    # See our [WebAuthn setup guide](https://stytch.com/docs/guides/webauthn/api) for additional usage instructions and example code.
     #
     # == Parameters:
     # user_id::
@@ -51,7 +53,7 @@ module Stytch
     #   (no documentation yet)
     #   The type of this field is nilable +String+.
     # use_base64_url_encoding::
-    #   (no documentation yet)
+    #   If true, values in the `public_key_credential_creation_options` will be base64 URL encoded. Set this option to true when using built-in browser methods like `navigator.credentials.create` and `navigator.credentials.get`.
     #   The type of this field is nilable +Boolean+.
     #
     # == Returns:
@@ -97,7 +99,7 @@ module Stytch
 
     # Complete the creation of a WebAuthn registration by passing the response from the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request to this endpoint as the `public_key_credential` parameter.
     #
-    # If the [webauthn-json](https://github.com/github/webauthn-json) library's `create()` method was used, the response can be passed directly to the [register endpoint](https://stytch.com/docs/api/webauthn-register). If not, some fields (the client data and the attestation object) from the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) response will need to be converted from array buffers to strings and marshalled into JSON.
+    # See our [WebAuthn setup guide](https://stytch.com/docs/guides/webauthn/api) for additional usage instructions and example code.
     #
     # == Parameters:
     # user_id::
@@ -191,9 +193,11 @@ module Stytch
     #
     # To optimize for Passkeys, set the `return_passkey_credential_options` field to `true`.
     #
-    # After calling this endpoint, the browser will need to call [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) with the data from `public_key_credential_request_options` passed to the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request via the public key argument. We recommend using the `get()` wrapper provided by the webauthn-json library.
+    # After calling this endpoint, the browser will need to call [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) with the data from `public_key_credential_request_options` passed to the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request via the public key argument.
     #
-    # If you are not using the [webauthn-json](https://github.com/github/webauthn-json) library, `the public_key_credential_request_options` will need to be converted to a suitable public key by unmarshalling the JSON and converting some the fields to array buffers.
+    # When using built-in browser methods like `navigator.credentials.get()`, set the `use_base64_url_encoding` option to `true`.
+    #
+    # See our [WebAuthn setup guide](https://stytch.com/docs/guides/webauthn/api) for additional usage instructions and example code.
     #
     # == Parameters:
     # domain::
@@ -207,7 +211,7 @@ module Stytch
     #
     #   The type of this field is nilable +Boolean+.
     # use_base64_url_encoding::
-    #   (no documentation yet)
+    #   If true, values in the `public_key_credential_creation_options` will be base64 URL encoded. Set this option to true when using built-in browser methods like `navigator.credentials.create` and `navigator.credentials.get`.
     #   The type of this field is nilable +Boolean+.
     #
     # == Returns:
@@ -243,7 +247,7 @@ module Stytch
 
     # Complete the authentication of a Passkey or WebAuthn registration by passing the response from the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request to the authenticate endpoint.
     #
-    # If the [webauthn-json](https://github.com/github/webauthn-json) library's `get()` method was used, the response can be passed directly to the [authenticate endpoint](https://stytch.com/docs/api/webauthn-authenticate). If not some fields from the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) response will need to be converted from array buffers to strings and marshalled into JSON.
+    # See our [WebAuthn setup guide](https://stytch.com/docs/guides/webauthn/api) for additional usage instructions and example code.
     #
     # == Parameters:
     # public_key_credential::

data/stytch.gemspec

@@ -29,6 +29,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'json-jwt', '>= 1.13.0'
   spec.add_dependency 'jwt', '>= 2.3.0'
 
+  spec.add_development_dependency 'prism', '~> 1.8.0'
   spec.add_development_dependency 'rspec', '~> 3.11.0'
   spec.add_development_dependency 'rubocop', '1.64.1'
   spec.add_development_dependency 'rubocop-rspec', '2.24.0'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 10.42.0
+  version: 11.0.0
 platform: ruby
 authors:
 - stytch
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2026-01-21 00:00:00.000000000 Z
+date: 2026-04-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -58,6 +58,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: prism
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement