stytch 10.42.0 → 11.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -178,7 +178,7 @@ module StytchB2B
178
178
  # locale::
179
179
  # If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
180
180
  #
181
- # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
181
+ # Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
182
182
  #
183
183
  # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
184
184
  #
@@ -239,6 +239,9 @@ module StytchB2B
239
239
  # member_device::
240
240
  # If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `member_device` response field will contain information about the member's device attributes.
241
241
  # The type of this field is nilable +DeviceInfo+ (+object+).
242
+ # intermediate_session_token_expires_at::
243
+ # (no documentation yet)
244
+ # The type of this field is nilable +String+.
242
245
  def authenticate(
243
246
  sso_token:,
244
247
  pkce_code_verifier: nil,
@@ -335,7 +338,7 @@ module StytchB2B
335
338
  # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
336
339
  # The type of this field is +Integer+.
337
340
  # connection::
338
- # The `OIDC Connection` object affected by this API call. See the [OIDC Connection Object](https://stytch.com/docs/b2b/api/oidc-connection-object) for complete response field details.
341
+ # The [OIDC Connection Object](https://stytch.com/docs/b2b/api/oidc-connection-object).
339
342
  # The type of this field is nilable +OIDCConnection+ (+object+).
340
343
  #
341
344
  # == Method Options:
@@ -426,7 +429,7 @@ module StytchB2B
426
429
  # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
427
430
  # The type of this field is +Integer+.
428
431
  # connection::
429
- # The `OIDC Connection` object affected by this API call. See the [OIDC Connection Object](https://stytch.com/docs/b2b/api/oidc-connection-object) for complete response field details.
432
+ # The [OIDC Connection Object](https://stytch.com/docs/b2b/api/oidc-connection-object).
430
433
  # The type of this field is nilable +OIDCConnection+ (+object+).
431
434
  # warning::
432
435
  # If it is not possible to resolve the well-known metadata document from the OIDC issuer, this field will explain what went wrong if the request is successful otherwise. In other words, even if the overall request succeeds, there could be relevant warnings related to the connection update.
@@ -595,7 +598,7 @@ module StytchB2B
595
598
  # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
596
599
  # The type of this field is +Integer+.
597
600
  # connection::
598
- # The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
601
+ # The [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object)
599
602
  # The type of this field is nilable +SAMLConnection+ (+object+).
600
603
  #
601
604
  # == Method Options:
@@ -691,7 +694,7 @@ module StytchB2B
691
694
  # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
692
695
  # The type of this field is +Integer+.
693
696
  # connection::
694
- # The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
697
+ # The [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object)
695
698
  # The type of this field is nilable +SAMLConnection+ (+object+).
696
699
  #
697
700
  # == Method Options:
@@ -766,7 +769,7 @@ module StytchB2B
766
769
  # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
767
770
  # The type of this field is +Integer+.
768
771
  # connection::
769
- # The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
772
+ # The [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object)
770
773
  # The type of this field is nilable +SAMLConnection+ (+object+).
771
774
  #
772
775
  # == Method Options:
@@ -941,7 +944,7 @@ module StytchB2B
941
944
  # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
942
945
  # The type of this field is +Integer+.
943
946
  # connection::
944
- # The `External Connection` object affected by this API call. See the [External Connection Object](https://stytch.com/docs/b2b/api/external-connection-object) for complete response field details.
947
+ # The [External Connection Object](https://stytch.com/docs/b2b/api/external-connection-object).
945
948
  # The type of this field is nilable +Connection+ (+object+).
946
949
  #
947
950
  # == Method Options:
@@ -1001,7 +1004,7 @@ module StytchB2B
1001
1004
  # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
1002
1005
  # The type of this field is +Integer+.
1003
1006
  # connection::
1004
- # The `External Connection` object affected by this API call. See the [External Connection Object](https://stytch.com/docs/b2b/api/external-connection-object) for complete response field details.
1007
+ # The [External Connection Object](https://stytch.com/docs/b2b/api/external-connection-object).
1005
1008
  # The type of this field is nilable +Connection+ (+object+).
1006
1009
  #
1007
1010
  # == Method Options:
@@ -92,6 +92,9 @@ module Stytch
92
92
  # bypass_consent_for_offline_access::
93
93
  # Valid for first party clients only. If true, the client does not need to request explicit user consent for the `offline_access` scope.
94
94
  # The type of this field is nilable +Boolean+.
95
+ # id_token_template_content::
96
+ # (no documentation yet)
97
+ # The type of this field is nilable +String+.
95
98
  #
96
99
  # == Returns:
97
100
  # An object with the following fields:
@@ -115,7 +118,8 @@ module Stytch
115
118
  access_token_template_content: nil,
116
119
  post_logout_redirect_urls: nil,
117
120
  logo_url: nil,
118
- bypass_consent_for_offline_access: nil
121
+ bypass_consent_for_offline_access: nil,
122
+ id_token_template_content: nil
119
123
  )
120
124
  headers = {}
121
125
  request = {}
@@ -129,6 +133,7 @@ module Stytch
129
133
  request[:post_logout_redirect_urls] = post_logout_redirect_urls unless post_logout_redirect_urls.nil?
130
134
  request[:logo_url] = logo_url unless logo_url.nil?
131
135
  request[:bypass_consent_for_offline_access] = bypass_consent_for_offline_access unless bypass_consent_for_offline_access.nil?
136
+ request[:id_token_template_content] = id_token_template_content unless id_token_template_content.nil?
132
137
 
133
138
  put_request("/v1/connected_apps/clients/#{client_id}", request, headers)
134
139
  end
@@ -232,6 +237,9 @@ module Stytch
232
237
  # bypass_consent_for_offline_access::
233
238
  # Valid for first party clients only. If true, the client does not need to request explicit user consent for the `offline_access` scope.
234
239
  # The type of this field is nilable +Boolean+.
240
+ # id_token_template_content::
241
+ # (no documentation yet)
242
+ # The type of this field is nilable +String+.
235
243
  #
236
244
  # == Returns:
237
245
  # An object with the following fields:
@@ -255,7 +263,8 @@ module Stytch
255
263
  access_token_template_content: nil,
256
264
  post_logout_redirect_urls: nil,
257
265
  logo_url: nil,
258
- bypass_consent_for_offline_access: nil
266
+ bypass_consent_for_offline_access: nil,
267
+ id_token_template_content: nil
259
268
  )
260
269
  headers = {}
261
270
  request = {
@@ -271,6 +280,7 @@ module Stytch
271
280
  request[:post_logout_redirect_urls] = post_logout_redirect_urls unless post_logout_redirect_urls.nil?
272
281
  request[:logo_url] = logo_url unless logo_url.nil?
273
282
  request[:bypass_consent_for_offline_access] = bypass_consent_for_offline_access unless bypass_consent_for_offline_access.nil?
283
+ request[:id_token_template_content] = id_token_template_content unless id_token_template_content.nil?
274
284
 
275
285
  post_request('/v1/connected_apps/clients', request, headers)
276
286
  end
data/lib/stytch/m2m.rb CHANGED
@@ -289,9 +289,9 @@ module Stytch
289
289
  post_request('/v1/m2m/clients/search', request, headers)
290
290
  end
291
291
 
292
- # Updates an existing M2M Client. You can use this endpoint to activate or deactivate a M2M Client by changing its `status`. A deactivated M2M Client will not be allowed to perform future token exchange flows until it is reactivated.
292
+ # Updates an existing M2M Client. You can use this endpoint to activate or deactivate an M2M Client by changing its `status`. A deactivated M2M Client will not be allowed to perform future token exchange flows until it is reactivated.
293
293
  #
294
- # **Important:** Deactivating a M2M Client will not invalidate any existing JWTs issued to the client, only prevent it from receiving new ones.
294
+ # **Important:** Deactivating an M2M Client will not invalidate any existing JWTs issued to the client, only prevent it from receiving new ones.
295
295
  # To protect more-sensitive routes, pass a lower `max_token_age` value when[authenticating the token](https://stytch.com/docs/b2b/api/authenticate-m2m-token)[authenticating the token](https://stytch.com/docs/api/authenticate-m2m-token).
296
296
  #
297
297
  # == Parameters:
@@ -346,7 +346,7 @@ module Stytch
346
346
 
347
347
  # Deletes the M2M Client.
348
348
  #
349
- # **Important:** Deleting a M2M Client will not invalidate any existing JWTs issued to the client, only prevent it from receiving new ones.
349
+ # **Important:** Deleting an M2M Client will not invalidate any existing JWTs issued to the client, only prevent it from receiving new ones.
350
350
  # To protect more-sensitive routes, pass a lower `max_token_age` value when[authenticating the token](https://stytch.com/docs/b2b/api/authenticate-m2m-token)[authenticating the token](https://stytch.com/docs/api/authenticate-m2m-token).
351
351
  #
352
352
  # == Parameters:
@@ -126,12 +126,22 @@ module Stytch
126
126
  post_request('/v1/magic_links/authenticate', request, headers)
127
127
  end
128
128
 
129
- # Create an Embeddable Magic Link token for a User. Access to this endpoint is restricted. To enable it, please send us a note at support@stytch.com.
129
+ # Create an Embeddable Magic Link token for a User.
130
130
  #
131
- # ### Next steps
132
- # Send the returned `token` value to the end user in a link which directs to your application. When the end user follows your link, collect the token, and call [Authenticate Magic Link](https://stytch.com/docs/api/authenticate-magic-link) to complete authentication.
131
+ # ### Important usage notes
133
132
  #
134
- # **Note:** Authenticating an Embeddable Magic Link token will **not** result in any of the Stytch User's factors (email address or phone number) being marked as verified, as Stytch cannot confirm where the user received the token.
133
+ # Carefully review the following notes before using Embeddable Magic Links:
134
+ #
135
+ # * Embeddable Magic Link tokens are **sensitive values**. You should handle and store them securely.
136
+ # * Authenticating an Embeddable Magic Link token will not mark any of a user's delivery factors (email address or phone number) as verified, since we cannot confirm how the token was sent to the user.
137
+ # * Embeddable Magic Links are only available in our Consumer API, and not our B2B API.
138
+ #
139
+ # When sending Embeddable Magic Links via email:
140
+ #
141
+ # * Deliverability is paramount. Carefully test your email copy to ensure it reaches your users' inboxes. Small changes can result in your emails being sent to spam.
142
+ # * In some cases, email security bots may follow links within incoming emails before your users open them. This consumes the Embeddable Magic Link token, preventing the user from logging in when they later click the link. Our Email Magic Links product automatically prevents this (details [here](https://stytch.com/docs/consumer-auth/authentication/magic-links/redirect-routing)). However, when sending your own emails containing Embeddable Magic Links, you'll be responsible for detecting and stopping bot traffic using tools like CAPTCHA or [Device Fingerprinting](https://stytch.com/docs/fraud-risk/device-fingerprinting/overview).
143
+ #
144
+ # We also recommend checking out our [Trusted Auth Tokens](https://stytch.com/docs/consumer-auth/authentication/trusted-auth-tokens/overview) product, which is available in both our Consumer and B2B APIs and can be a better fit for some use cases.
135
145
  #
136
146
  # == Parameters:
137
147
  # user_id::
@@ -193,7 +203,7 @@ module Stytch
193
203
  # The email address of the User to send the Magic Link to.
194
204
  # The type of this field is +String+.
195
205
  # login_template_id::
196
- # Use a custom template for login emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Login.
206
+ # Use a custom template for login emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Login”.
197
207
  # The type of this field is nilable +String+.
198
208
  # attributes::
199
209
  # Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.
@@ -223,7 +233,7 @@ module Stytch
223
233
  # The `session_jwt` of the user to associate the email with.
224
234
  # The type of this field is nilable +String+.
225
235
  # locale::
226
- # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
236
+ # Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
227
237
  #
228
238
  # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
229
239
  #
@@ -231,7 +241,7 @@ module Stytch
231
241
  #
232
242
  # The type of this field is nilable +SendRequestLocale+ (string enum).
233
243
  # signup_template_id::
234
- # Use a custom template for sign-up emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Sign-up.
244
+ # Use a custom template for sign-up emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Sign-up”.
235
245
  # The type of this field is nilable +String+.
236
246
  #
237
247
  # == Returns:
@@ -305,10 +315,10 @@ module Stytch
305
315
  # Set the expiration for the sign-up email magic link, in minutes. By default, it expires in 1 week. The minimum expiration is 5 minutes and the maximum is 7 days (10080 mins).
306
316
  # The type of this field is nilable +Integer+.
307
317
  # login_template_id::
308
- # Use a custom template for login emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Login.
318
+ # Use a custom template for login emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Login”.
309
319
  # The type of this field is nilable +String+.
310
320
  # signup_template_id::
311
- # Use a custom template for sign-up emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Sign-up.
321
+ # Use a custom template for sign-up emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Sign-up”.
312
322
  # The type of this field is nilable +String+.
313
323
  # attributes::
314
324
  # Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.
@@ -324,7 +334,7 @@ module Stytch
324
334
  # A base64url encoded SHA256 hash of a one time secret used to validate that the request starts and ends on the same device.
325
335
  # The type of this field is nilable +String+.
326
336
  # locale::
327
- # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
337
+ # Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
328
338
  #
329
339
  # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
330
340
  #
@@ -390,7 +400,7 @@ module Stytch
390
400
  # The email address of the User to send the invite Magic Link to.
391
401
  # The type of this field is +String+.
392
402
  # invite_template_id::
393
- # Use a custom template for invite emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Invite.
403
+ # Use a custom template for invite emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Invite”.
394
404
  # The type of this field is nilable +String+.
395
405
  # attributes::
396
406
  # Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.
@@ -405,7 +415,7 @@ module Stytch
405
415
  # Set the expiration for the email magic link, in minutes. By default, it expires in 1 hour. The minimum expiration is 5 minutes and the maximum is 7 days (10080 mins).
406
416
  # The type of this field is nilable +Integer+.
407
417
  # locale::
408
- # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
418
+ # Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
409
419
  #
410
420
  # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
411
421
  #
data/lib/stytch/otps.rb CHANGED
@@ -161,7 +161,7 @@ module Stytch
161
161
  # Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.
162
162
  # The type of this field is nilable +Attributes+ (+object+).
163
163
  # locale::
164
- # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
164
+ # Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
165
165
  #
166
166
  # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
167
167
  #
@@ -246,7 +246,7 @@ module Stytch
246
246
  # an account for them.
247
247
  # The type of this field is nilable +Boolean+.
248
248
  # locale::
249
- # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
249
+ # Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
250
250
  #
251
251
  # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
252
252
  #
@@ -324,7 +324,7 @@ module Stytch
324
324
  # Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.
325
325
  # The type of this field is nilable +Attributes+ (+object+).
326
326
  # locale::
327
- # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
327
+ # Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
328
328
  #
329
329
  # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
330
330
  #
@@ -405,7 +405,7 @@ module Stytch
405
405
  # an account for them.
406
406
  # The type of this field is nilable +Boolean+.
407
407
  # locale::
408
- # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
408
+ # Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
409
409
  #
410
410
  # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
411
411
  #
@@ -476,7 +476,7 @@ module Stytch
476
476
  # Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.
477
477
  # The type of this field is nilable +Attributes+ (+object+).
478
478
  # locale::
479
- # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
479
+ # Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
480
480
  #
481
481
  # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
482
482
  #
@@ -493,10 +493,10 @@ module Stytch
493
493
  # The `session_jwt` associated with a User's existing Session.
494
494
  # The type of this field is nilable +String+.
495
495
  # login_template_id::
496
- # Use a custom template for login emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for OTP - Login.
496
+ # Use a custom template for login emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “OTP - Login”.
497
497
  # The type of this field is nilable +String+.
498
498
  # signup_template_id::
499
- # Use a custom template for sign-up emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for OTP - Sign-up.
499
+ # Use a custom template for sign-up emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “OTP - Sign-up”.
500
500
  # The type of this field is nilable +String+.
501
501
  #
502
502
  # == Returns:
@@ -564,7 +564,7 @@ module Stytch
564
564
  # an account for them.
565
565
  # The type of this field is nilable +Boolean+.
566
566
  # locale::
567
- # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
567
+ # Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
568
568
  #
569
569
  # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
570
570
  #
@@ -572,10 +572,10 @@ module Stytch
572
572
  #
573
573
  # The type of this field is nilable +LoginOrCreateRequestLocale+ (string enum).
574
574
  # login_template_id::
575
- # Use a custom template for login emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Login.
575
+ # Use a custom template for login emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Login”.
576
576
  # The type of this field is nilable +String+.
577
577
  # signup_template_id::
578
- # Use a custom template for sign-up emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Sign-up.
578
+ # Use a custom template for sign-up emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Magic links - Sign-up”.
579
579
  # The type of this field is nilable +String+.
580
580
  #
581
581
  # == Returns:
@@ -242,7 +242,7 @@ module Stytch
242
242
  # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
243
243
  # The type of this field is +String+.
244
244
  # valid_password::
245
- # Returns `true` if the password passes our password validation. We offer two validation options, [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) is the default option which offers a high level of sophistication. We also offer [LUDS](https://stytch.com/docs/guides/passwords/strength-policy). If an email address is included in the call we also require that the password hasn't been compromised using built-in breach detection powered by [HaveIBeenPwned](https://haveibeenpwned.com/).
245
+ # Returns `true` if the password passes our password validation. We offer two validation options, [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) is the default option which offers a high level of sophistication. We also offer [LUDS](https://stytch.com/docs/guides/passwords/strength-policy) which is less sophisticated but easier to understand. If an email address is included in the call we also require that the password hasn't been compromised using built-in breach detection powered by [HaveIBeenPwned](https://haveibeenpwned.com/).
246
246
  # The type of this field is +Boolean+.
247
247
  # score::
248
248
  # The score of the password determined by [zxcvbn](https://github.com/dropbox/zxcvbn). Values will be between 1 and 4, a 3 or greater is required to pass validation.
@@ -254,7 +254,7 @@ module Stytch
254
254
  # The strength policy type enforced, either `zxcvbn` or `luds`.
255
255
  # The type of this field is +String+.
256
256
  # breach_detection_on_create::
257
- # Will return `true` if breach detection will be evaluated. By default this option is enabled. This option can be disabled by contacting [support@stytch.com](mailto:support@stytch.com?subject=Password%20strength%20configuration). If this value is `false` then `breached_password` will always be `false` as well.
257
+ # Will return `true` if breach detection will be evaluated. By default this option is enabled. This option can be disabled in the [dashboard](https://stytch.com/dashboard/password-strength-config#breach-detection). If this value is `false` then `breached_password` will always be `false` as well.
258
258
  # The type of this field is +Boolean+.
259
259
  # status_code::
260
260
  # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
@@ -411,11 +411,9 @@ module Stytch
411
411
  # The email of the User that requested the password reset.
412
412
  # The type of this field is +String+.
413
413
  # reset_password_redirect_url::
414
- # The url that the user clicks from the password reset email to finish the reset password flow.
415
- # This should be a url that your app receives and parses before showing your app's reset password page.
416
- # After the user submits a new password to your app, it should send an API request to complete the password reset process.
417
- # If this value is not passed, the default reset password redirect URL that you set in your Dashboard is used.
418
- # If you have not set a default reset password redirect URL, an error is returned.
414
+ # The URL that the User is redirected to from the reset password magic link. This URL should display your application's reset password page.
415
+ # Before rendering the reset page, extract the `token` from the query parameters. On the reset page, collect the new password and complete the flow by calling the corresponding Password Reset by Email endpoint.
416
+ # If this parameter is not specified, the default Reset Password redirect URL configured in the Dashboard will be used. If you have not set a default Reset Password redirect URL, an error is returned.
419
417
  # The type of this field is nilable +String+.
420
418
  # reset_password_expiration_minutes::
421
419
  # Set the expiration for the password reset, in minutes. By default, it expires in 30 minutes.
@@ -433,7 +431,7 @@ module Stytch
433
431
  # After Users are redirected to the login redirect URL, your application should retrieve the `token` value from the URL parameters and call the [Magic Link Authenticate endpoint](https://stytch.com/docs/api/authenticate-magic-link) to log the User in without requiring a password reset. If this value is not provided, your project's default login redirect URL will be used. If you have not set a default login redirect URL, an error will be returned.
434
432
  # The type of this field is nilable +String+.
435
433
  # locale::
436
- # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
434
+ # Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
437
435
  #
438
436
  # Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
439
437
  #
@@ -442,7 +440,7 @@ module Stytch
442
440
  # The type of this field is nilable +ResetStartRequestLocale+ (string enum).
443
441
  # reset_password_template_id::
444
442
  # Use a custom template for password reset emails. By default, it will use your default email template.
445
- # The template must be a template using our built-in customizations or a custom HTML email for Passwords - Password reset.
443
+ # Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Passwords - Password reset”.
446
444
  # The type of this field is nilable +String+.
447
445
  #
448
446
  # == Returns:
@@ -9,6 +9,10 @@ module Stytch
9
9
  @rbac_client = rbac_client
10
10
  @policy_last_update = 0
11
11
  @cached_policy = nil
12
+ @cached_org_policies = {}
13
+ # TTL, in seconds, before a cached policy is considered stale
14
+ # and should be refreshed. Amounts to 5 minutes.
15
+ @cache_ttl = 300
12
16
  end
13
17
 
14
18
  def reload_policy
@@ -16,11 +20,27 @@ module Stytch
16
20
  @policy_last_update = Time.now.to_i
17
21
  end
18
22
 
23
+ def reload_org_policy(organization_id:)
24
+ @cached_org_policies[organization_id] = CachedOrgPolicy.new(
25
+ org_policy: @rbac_client.organizations.get_org_policy(organization_id: organization_id)
26
+ )
27
+ end
28
+
19
29
  def get_policy(invalidate: false)
20
- reload_policy if invalidate || @cached_policy.nil? || @policy_last_update < Time.now.to_i - 300
30
+ reload_policy if invalidate || @cached_policy.nil? || @policy_last_update < Time.now.to_i - @cache_ttl
21
31
  @cached_policy
22
32
  end
23
33
 
34
+ def get_org_policy(organization_id:, invalidate: false)
35
+ is_missing = @cached_org_policies[organization_id].nil?
36
+ is_stale = !is_missing && @cached_org_policies[organization_id].last_update < Time.now.to_i - @cache_ttl
37
+ reload_org_policy(organization_id: organization_id) if invalidate || is_missing || is_stale
38
+
39
+ return { 'roles' => [] } if @cached_org_policies[organization_id].nil?
40
+
41
+ @cached_org_policies[organization_id].org_policy
42
+ end
43
+
24
44
  # Performs an authorization check against the project's policy and a set of roles. If the
25
45
  # check succeeds, this method will return. If the check fails, a PermissionError
26
46
  # will be raised. It's also possible for a TenancyError to be raised if the
@@ -34,19 +54,18 @@ module Stytch
34
54
  raise Stytch::TenancyError.new(subject_org_id, authorization_check['organization_id']) if subject_org_id != authorization_check['organization_id']
35
55
 
36
56
  policy = get_policy
57
+ org_policy = get_org_policy(organization_id: subject_org_id)
58
+ all_roles = policy['roles'].concat(org_policy['roles'])
37
59
 
38
- for role in policy['roles']
60
+ return if all_roles.any? do |role|
39
61
  next unless subject_roles.include?(role['role_id'])
40
62
 
41
- for permission in role['permissions']
63
+ role['permissions'].any? do |permission|
42
64
  actions = permission['actions']
43
65
  resource = permission['resource_id']
44
66
  has_matching_action = actions.include?('*') || actions.include?(authorization_check['action'])
45
67
  has_matching_resource = resource == authorization_check['resource_id']
46
- if has_matching_action && has_matching_resource
47
- # All good
48
- return
49
- end
68
+ has_matching_action && has_matching_resource
50
69
  end
51
70
  end
52
71
 
@@ -64,17 +83,15 @@ module Stytch
64
83
  policy = get_policy
65
84
 
66
85
  # For consumer authorization, we check roles without tenancy validation
67
- for role in policy['roles']
86
+ return if policy['roles'].any? do |role|
68
87
  next unless subject_roles.include?(role['role_id'])
69
88
 
70
- for permission in role['permissions']
89
+ role['permissions'].any? do |permission|
71
90
  actions = permission['actions']
72
91
  resource = permission['resource_id']
73
92
  has_matching_action = actions.include?('*') || actions.include?(authorization_check['action'])
74
93
  has_matching_resource = resource == authorization_check['resource_id']
75
- if has_matching_action && has_matching_resource
76
- return # Permission granted
77
- end
94
+ has_matching_action && has_matching_resource
78
95
  end
79
96
  end
80
97
 
@@ -98,19 +115,17 @@ module Stytch
98
115
  resource_id = authorization_check['resource_id']
99
116
 
100
117
  # Check if any of the token scopes grant permission for this action/resource
101
- for scope_obj in policy['scopes']
118
+ return if policy['scopes'].any? do |scope_obj|
102
119
  scope_name = scope_obj['scope']
103
120
  next unless token_scopes.include?(scope_name)
104
121
 
105
122
  # Check if this scope grants permission for the requested action/resource
106
- for permission in scope_obj['permissions']
123
+ scope_obj['permissions'].any? do |permission|
107
124
  actions = permission['actions']
108
125
  resource = permission['resource_id']
109
126
  has_matching_action = actions.include?('*') || actions.include?(action)
110
127
  has_matching_resource = resource == resource_id
111
- if has_matching_action && has_matching_resource
112
- return # Permission granted
113
- end
128
+ has_matching_action && has_matching_resource
114
129
  end
115
130
  end
116
131
 
@@ -118,4 +133,13 @@ module Stytch
118
133
  raise Stytch::PermissionError, authorization_check
119
134
  end
120
135
  end
136
+
137
+ class CachedOrgPolicy
138
+ def initialize(org_policy:)
139
+ @org_policy = org_policy['org_policy']
140
+ @last_update = Time.now.to_i
141
+ end
142
+
143
+ attr_reader :org_policy, :last_update
144
+ end
121
145
  end
@@ -234,8 +234,6 @@ module Stytch
234
234
  # Use this endpoint to exchange a Connected Apps Access Token back into a Stytch Session for the underlying User.
235
235
  # This session can be used with the Stytch SDKs and APIs.
236
236
  #
237
- # The Session returned will be the same Session that was active in your application (the authorizing party) during the initial authorization flow.
238
- #
239
237
  # The Access Token must contain the `full_access` scope (only available to First Party clients) and must not be more than 5 minutes old. Access Tokens may only be exchanged a single time.
240
238
  #
241
239
  # == Parameters:
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Stytch
4
- VERSION = '10.42.0'
4
+ VERSION = '11.1.0'
5
5
  end
@@ -20,9 +20,11 @@ module Stytch
20
20
  #
21
21
  # To optimize for Passkeys, set the `return_passkey_credential_options` field to `true`.
22
22
  #
23
- # After calling this endpoint, the browser will need to call [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) with the data from [public_key_credential_creation_options](https://w3c.github.io/webauthn/#dictionary-makecredentialoptions) passed to the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request via the public key argument. We recommend using the `create()` wrapper provided by the webauthn-json library.
23
+ # After calling this endpoint, the browser will need to call [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) with the data from [public_key_credential_creation_options](https://w3c.github.io/webauthn/#dictionary-makecredentialoptions) passed to the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request via the public key argument.
24
24
  #
25
- # If you are not using the [webauthn-json](https://github.com/github/webauthn-json) library, the `public_key_credential_creation_options` will need to be converted to a suitable public key by unmarshalling the JSON, base64 decoding the user ID field, and converting user ID and the challenge fields into an array buffer.
25
+ # When using built-in browser methods like `navigator.credentials.create()`, set the `use_base64_url_encoding` option to `true`.
26
+ #
27
+ # See our [WebAuthn setup guide](https://stytch.com/docs/guides/webauthn/api) for additional usage instructions and example code.
26
28
  #
27
29
  # == Parameters:
28
30
  # user_id::
@@ -51,7 +53,7 @@ module Stytch
51
53
  # (no documentation yet)
52
54
  # The type of this field is nilable +String+.
53
55
  # use_base64_url_encoding::
54
- # (no documentation yet)
56
+ # If true, values in the `public_key_credential_creation_options` will be base64 URL encoded. Set this option to true when using built-in browser methods like `navigator.credentials.create` and `navigator.credentials.get`.
55
57
  # The type of this field is nilable +Boolean+.
56
58
  #
57
59
  # == Returns:
@@ -97,7 +99,7 @@ module Stytch
97
99
 
98
100
  # Complete the creation of a WebAuthn registration by passing the response from the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request to this endpoint as the `public_key_credential` parameter.
99
101
  #
100
- # If the [webauthn-json](https://github.com/github/webauthn-json) library's `create()` method was used, the response can be passed directly to the [register endpoint](https://stytch.com/docs/api/webauthn-register). If not, some fields (the client data and the attestation object) from the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) response will need to be converted from array buffers to strings and marshalled into JSON.
102
+ # See our [WebAuthn setup guide](https://stytch.com/docs/guides/webauthn/api) for additional usage instructions and example code.
101
103
  #
102
104
  # == Parameters:
103
105
  # user_id::
@@ -191,9 +193,11 @@ module Stytch
191
193
  #
192
194
  # To optimize for Passkeys, set the `return_passkey_credential_options` field to `true`.
193
195
  #
194
- # After calling this endpoint, the browser will need to call [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) with the data from `public_key_credential_request_options` passed to the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request via the public key argument. We recommend using the `get()` wrapper provided by the webauthn-json library.
196
+ # After calling this endpoint, the browser will need to call [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) with the data from `public_key_credential_request_options` passed to the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request via the public key argument.
195
197
  #
196
- # If you are not using the [webauthn-json](https://github.com/github/webauthn-json) library, `the public_key_credential_request_options` will need to be converted to a suitable public key by unmarshalling the JSON and converting some the fields to array buffers.
198
+ # When using built-in browser methods like `navigator.credentials.get()`, set the `use_base64_url_encoding` option to `true`.
199
+ #
200
+ # See our [WebAuthn setup guide](https://stytch.com/docs/guides/webauthn/api) for additional usage instructions and example code.
197
201
  #
198
202
  # == Parameters:
199
203
  # domain::
@@ -207,7 +211,7 @@ module Stytch
207
211
  #
208
212
  # The type of this field is nilable +Boolean+.
209
213
  # use_base64_url_encoding::
210
- # (no documentation yet)
214
+ # If true, values in the `public_key_credential_creation_options` will be base64 URL encoded. Set this option to true when using built-in browser methods like `navigator.credentials.create` and `navigator.credentials.get`.
211
215
  # The type of this field is nilable +Boolean+.
212
216
  #
213
217
  # == Returns:
@@ -243,7 +247,7 @@ module Stytch
243
247
 
244
248
  # Complete the authentication of a Passkey or WebAuthn registration by passing the response from the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request to the authenticate endpoint.
245
249
  #
246
- # If the [webauthn-json](https://github.com/github/webauthn-json) library's `get()` method was used, the response can be passed directly to the [authenticate endpoint](https://stytch.com/docs/api/webauthn-authenticate). If not some fields from the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) response will need to be converted from array buffers to strings and marshalled into JSON.
250
+ # See our [WebAuthn setup guide](https://stytch.com/docs/guides/webauthn/api) for additional usage instructions and example code.
247
251
  #
248
252
  # == Parameters:
249
253
  # public_key_credential::
data/stytch.gemspec CHANGED
@@ -29,6 +29,7 @@ Gem::Specification.new do |spec|
29
29
  spec.add_dependency 'json-jwt', '>= 1.13.0'
30
30
  spec.add_dependency 'jwt', '>= 2.3.0'
31
31
 
32
+ spec.add_development_dependency 'prism', '~> 1.8.0'
32
33
  spec.add_development_dependency 'rspec', '~> 3.11.0'
33
34
  spec.add_development_dependency 'rubocop', '1.64.1'
34
35
  spec.add_development_dependency 'rubocop-rspec', '2.24.0'