stytch 2.10.0 → 2.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c2b973d686af6ce37a2f1d51825d075f0b361ad75eb06ee0d74df0ba343543bc
-  data.tar.gz: 4649dc2a86ddcb0013bfe8f1cee480fa8f0533fa52eabe4531fad4bc8acf0432
+  metadata.gz: b507432445cb9a02301a537e29ffd6286dca4a9daa1629a6344bee6c073751e1
+  data.tar.gz: 48e01f84c824c94a987baf00221a142e45c5b5f976a25801cc04846f14658a7d
 SHA512:
-  metadata.gz: 1e34d2f40645f2393c8573ce667c36fdff565c4918133b4bedc800b70c5e406822b33f85a5a95981bda8ceeaf4196ae3816ce863c20ac04b2f847b00be6b10c5
-  data.tar.gz: 97ad61637feec32db2b4e20927385c248b566c2c32ccc47e32be27a33d93363e04449e314357b30ed42fdaf645beab9e7464377d7b7b45be9df36ff37b03272c
+  metadata.gz: '093757bb72ff4b992e94e875df54c7b781a8c3d1bbf54c5f3be79f3d8df00b0ec7a70cc25a0477977122c6f498533cc47881e0ad2b51fa1fb352a89e23f35387'
+  data.tar.gz: a53dcc14f57a8a141f048232c004b886c3b2ad291c70fd0ebd595b883e2301f0e96a52146a5255a359ecb8cb1204dd92c50b2e54c1412cf2185b533e50d97a1c

data/README.md

@@ -34,6 +34,7 @@ This client library supports all of Stytch's live products:
   - [x] [Session Management](https://stytch.com/docs/api/sessions-overview)
   - [x] [WebAuthn (Beta)](https://stytch.com/docs/api/webauthn-overview)
   - [x] [Time-based one-time passcodes (TOTPs) (Beta)](https://stytch.com/docs/api/totps-overview)
+  - [x] [Crypto wallets (Beta)](https://stytch.com/docs/api/crypto-wallet-overview)
 
 ### Example usage
 Create an API client:
@@ -48,16 +49,14 @@ client = Stytch::Client.new(
 Send a magic link by email:
 ```ruby
 client.magic_links.email.login_or_create(
-    email: "sandbox@stytch.com",
-    login_magic_link_url: "https://example.com/login",
-    signup_magic_link_url: "https://example.com/signup",
+    email: "sandbox@stytch.com"
 )
 ```
 
 Authenticate the token from the magic link:
 ```ruby
 client.magic_links.authenticate(
-    token: "DOYoip3rvIMMW5lgItikFK-Ak1CfMsgjuiCyI7uuU94=",
+    token: "SeiGwdj5lKkrEVgcEY3QNJXt6srxS3IK2Nwkar6mXD4="
 )
 ```
 

data/lib/stytch/client.rb

@@ -7,12 +7,13 @@ require_relative 'otps'
 require_relative 'sessions'
 require_relative 'totps'
 require_relative 'webauthn'
+require_relative 'crypto_wallets'
 
 module Stytch
   class Client
     ENVIRONMENTS = %i[live test].freeze
 
-    attr_reader :users, :magic_links, :oauth, :otps, :sessions, :totps, :webauthn
+    attr_reader :users, :magic_links, :oauth, :otps, :sessions, :totps, :webauthn, :crypto_wallets
 
     def initialize(env:, project_id:, secret:, &block)
       @api_host   = api_host(env)
@@ -25,9 +26,10 @@ module Stytch
       @magic_links = Stytch::MagicLinks.new(@connection)
       @oauth = Stytch::OAuth.new(@connection)
       @otps = Stytch::OTPs.new(@connection)
-      @sessions = Stytch::Sessions.new(@connection)
+      @sessions = Stytch::Sessions.new(@connection, @project_id)
       @totps = Stytch::TOTPs.new(@connection)
       @webauthn = Stytch::WebAuthn.new(@connection)
+      @crypto_wallets = Stytch::CryptoWallets.new(@connection)
     end
 
     private
@@ -37,7 +39,7 @@ module Stytch
       when :live
         'https://api.stytch.com'
       when :test
-        'https://test.nikhil.dev.stytch.com'
+        'https://test.stytch.com'
       else
         raise ArgumentError, "Invalid value for env (#{@env}): should be live or test"
       end

data/lib/stytch/crypto_wallets.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require_relative 'request_helper'
+
+module Stytch
+  class CryptoWallets
+    include Stytch::RequestHelper
+
+    PATH = '/v1/crypto_wallets'
+
+    def initialize(connection)
+      @connection = connection
+    end
+
+    def authenticate_start(
+      crypto_wallet_address:,
+      crypto_wallet_type:,
+      user_id: nil
+    )
+      request = {
+        crypto_wallet_address: crypto_wallet_address,
+        crypto_wallet_type: crypto_wallet_type
+      }
+
+      request[:user_id] = user_id unless user_id.nil?
+
+      post_request("#{PATH}/authenticate/start", request)
+    end
+
+    def authenticate(
+      crypto_wallet_address:,
+      crypto_wallet_type:,
+      signature:,
+      session_token: nil,
+      session_jwt: nil,
+      session_duration_minutes: nil
+    )
+      request = {
+        crypto_wallet_address: crypto_wallet_address,
+        crypto_wallet_type: crypto_wallet_type,
+        signature: signature
+      }
+
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
+      request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
+
+      post_request("#{PATH}/authenticate", request)
+    end
+  end
+end

data/lib/stytch/errors.rb

@@ -0,0 +1,25 @@
+module Stytch
+    class JWTInvalidIssuerError < StandardError
+        def initialize(msg="JWT issuer did not match")
+            super
+        end
+    end
+
+    class JWTInvalidAudienceError < StandardError
+        def initialize(msg="JWT audience did not match")
+            super
+        end
+    end
+
+    class JWTExpiredSignatureError < StandardError
+        def initialize(msg="JWT signature has expired")
+            super
+        end
+    end
+
+    class JWTIncorrectAlgorithmError < StandardError
+        def initialize(msg="JWT algorithm is incorrect")
+            super
+        end
+    end
+end

data/lib/stytch/magic_links.rb

@@ -36,6 +36,7 @@ module Stytch
       attributes: {},
       options: {},
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -45,6 +46,7 @@ module Stytch
       request[:attributes] = attributes if attributes != {}
       request[:options] = options if options != {}
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/oauth.rb

@@ -16,6 +16,7 @@ module Stytch
       token:,
       session_management_type: nil,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -23,6 +24,7 @@ module Stytch
       }
       request[:session_management_type] = session_management_type unless session_management_type.nil?
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/otps.rb

@@ -24,6 +24,7 @@ module Stytch
       attributes: {},
       options: {},
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -34,6 +35,7 @@ module Stytch
       request[:attributes] = attributes if attributes != {}
       request[:options] = options if options != {}
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/sessions.rb

@@ -1,5 +1,9 @@
 # frozen_string_literal: true
 
+require 'jwt'
+require 'json/jwt'
+
+require_relative 'errors'
 require_relative 'request_helper'
 
 module Stytch
@@ -8,8 +12,12 @@ module Stytch
 
     PATH = '/v1/sessions'
 
-    def initialize(connection)
+    def initialize(connection, project_id)
       @connection = connection
+      @project_id = project_id
+      @jwks_loader = ->(options) do
+        options[:invalidate] ? jwks(project_id: @project_id) : {}
+      end
     end
 
     def get(user_id:)
@@ -23,13 +31,14 @@ module Stytch
     end
 
     def authenticate(
-      session_token:,
+      session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
-      request = {
-        session_token: session_token
-      }
+      request = {}
 
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/authenticate", request)
@@ -46,5 +55,73 @@ module Stytch
 
       post_request("#{PATH}/revoke", request)
     end
+
+    def jwks(project_id:)
+      request_path = "#{PATH}/jwks/" + project_id
+      get_request(request_path)
+    end
+
+    # Parse a JWT and verify the signature. If max_token_age_seconds is unset, call the API directly
+    # If max_token_age_seconds is set and the JWT was issued (based on the "iat" claim) less than
+    # max_token_age_seconds seconds ago, then just verify locally and don't call the API
+    # To force remote validation for all tokens, set max_token_age_seconds to 0 or call authenticate()
+    def authenticate_jwt(
+      session_jwt,
+      max_token_age_seconds: nil,
+      session_duration_minutes: nil
+    )
+      if max_token_age_seconds == 0
+        return authenticate(
+          session_jwt: session_jwt,
+          session_duration_minutes: session_duration_minutes,
+        )
+      end
+
+      decoded_jwt = authenticate_jwt_local(session_jwt)
+      iat_time = Time.at(decoded_jwt["iat"]).to_datetime
+      if iat_time + max_token_age_seconds >= Time.now
+        session = marshal_jwt_into_session(decoded_jwt)
+        return {"session" => session}
+      else
+        return authenticate(
+          session_jwt: session_jwt,
+          session_duration_minutes: session_duration_minutes,
+        )
+      end
+    end
+
+    # Parse a JWT and verify the signature locally (without calling /authenticate in the API)
+    # Uses the cached value to get the JWK but if it is unavailable, it calls the get_jwks()
+    # function to get the JWK
+    # This method never authenticates a JWT directly with the API
+    def authenticate_jwt_local(session_jwt)
+      issuer = "stytch.com/" + @project_id
+      begin
+        decoded_token = JWT.decode session_jwt, nil, true, 
+        { jwks: @jwks_loader, iss: issuer, verify_iss: true, aud: @project_id, verify_aud: true, algorithms: ["RS256"]}
+        return decoded_token[0]
+      rescue JWT::InvalidIssuerError
+        raise JWTInvalidIssuerError
+      rescue JWT::InvalidAudError
+        raise JWTInvalidAudienceError
+      rescue JWT::ExpiredSignature
+        raise JWTExpiredSignatureError
+      rescue JWT::IncorrectAlgorithm
+        raise JWTIncorrectAlgorithmError
+      end
+    end
+
+    def marshal_jwt_into_session(jwt)
+      stytch_claim = "https://stytch.com/session"
+      return {
+        "session_id" => jwt["jti"],
+        "user_id" => jwt["sub"],
+        "started_at" => jwt[stytch_claim]["started_at"],
+        "last_accessed_at" => jwt[stytch_claim]["last_accessed_at"],
+        "expires_at" => Time.at(jwt["exp"]).to_datetime.iso8601,
+        "attributes" => jwt[stytch_claim]["attributes"],
+        "authentication_factors" => jwt[stytch_claim]["authentication_factors"],
+      }
+    end
   end
 end

data/lib/stytch/totps.rb

@@ -29,6 +29,7 @@ module Stytch
       user_id:,
       totp_code:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -37,6 +38,7 @@ module Stytch
       }
 
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/authenticate", request)
@@ -56,6 +58,7 @@ module Stytch
       user_id:,
       recovery_code:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -64,6 +67,7 @@ module Stytch
       }
 
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/recover", request)

data/lib/stytch/users.rb

@@ -54,11 +54,13 @@ module Stytch
       name: {},
       emails: [],
       phone_numbers: [],
+      crypto_wallets: [],
       attributes: {}
     )
       request = {
         emails: format_emails(emails),
-        phone_numbers: format_phone_numbers(phone_numbers)
+        phone_numbers: format_phone_numbers(phone_numbers),
+        crypto_wallets: crypto_wallets
       }
 
       request[:name] = name if name != {}
@@ -95,6 +97,12 @@ module Stytch
       delete_request("#{PATH}/totps/#{totp_id}")
     end
 
+    def delete_crypto_wallet(
+      crypto_wallet_id:
+    )
+      delete_request("#{PATH}/crypto_wallets/#{crypto_wallet_id}")
+    end
+
     private
 
     def format_emails(emails)

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '2.10.0'
+  VERSION = '2.12.0'
 end

data/lib/stytch/webauthn.rb

@@ -56,6 +56,7 @@ module Stytch
     def authenticate(
       public_key_credential:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -63,6 +64,7 @@ module Stytch
       }
 
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/authenticate", request)

data/lib/stytch.rb

@@ -8,16 +8,3 @@ require_relative 'stytch/middleware'
 require_relative 'stytch/version'
 
 module Stytch end
-
-client = Stytch::Client.new(
-    env: :test,
-    project_id: "project-test-2a934f44-a014-425d-aa1d-76f2d0344db7",
-    secret: "secret-test-z5kbR31dkcTnocolLJT77gkyX9KJQeU9umg="
-)
-
-resp = client.totps.authenticate(
-    user_id: "user-test-fa9e1ba8-6786-4a7c-923f-a76a2b82e6a5",
-    totp_code: "021363",
-    session_token: "HLr0NGPZkyn7xA9Vc9XFjOIDjUafuTumOT6au3-PqM83",
-)
-puts resp

data/stytch.gemspec

@@ -27,4 +27,6 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'faraday', '>= 0.17.0', '< 2.0'
   spec.add_dependency 'faraday_middleware', '>= 0.14.0', '< 2.0'
+  spec.add_dependency 'jwt', '>= 2.3.0'
+  spec.add_dependency 'json-jwt', '>=1.13.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 2.10.0
+  version: 2.12.0
 platform: ruby
 authors:
 - stytch
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-01-20 00:00:00.000000000 Z
+date: 2022-04-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -50,6 +50,34 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: json-jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.13.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.13.0
 description: 
 email:
 - support@stytch.com
@@ -71,6 +99,8 @@ files:
 - bin/setup
 - lib/stytch.rb
 - lib/stytch/client.rb
+- lib/stytch/crypto_wallets.rb
+- lib/stytch/errors.rb
 - lib/stytch/magic_links.rb
 - lib/stytch/middleware.rb
 - lib/stytch/oauth.rb