stytch 2.10.1 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a7e1189f6fb15a13e7eca082c284fd13e96297000dcd4cad735620289a34ac2f
-  data.tar.gz: 922aed7238ccb9f2042afad0c506ca0ceeff30d1cc2905947fec5d3513051eb6
+  metadata.gz: 2a361942c6f469a3bd03cb666b2740717d4f163ae5668536d292e4c72670b2a3
+  data.tar.gz: 865893e5e873829cee7fc43cb9aa9a006fa87487ccf04cc2c41009e657f407e0
 SHA512:
-  metadata.gz: f5786234e98901186751ad3c142365144e1587d83aa827c1f13c4bbbec7f2093a165af5e26aacab9a27069d280885f897c03ea245e8c4dfae03dd60716eaa832
-  data.tar.gz: 32a2c56b4cb0327ed95e0991bbb5dd2db32eb3a3eee4f8c21aba81b540a08a04a14d38931b52b476dfcb4353c7679346c15aafdf8d056532370f02e674bae491
+  metadata.gz: 7ab5a3c953f0c7eea8297685e97e408271f00389b563de2ac8583fec5b5c2a95971b00920a42c87232f584afad6fcfdfab6ef09b541a5d35d5df809771d9e925
+  data.tar.gz: 274ee8bf41f5cdc48d5d35c5f97e368d4766cb5670c3294afc8f8f5364e9835540d07eb7f02d804414602f8cbca777c6dae42110a4db657fd655289bb649a766

data/README.md

@@ -34,6 +34,7 @@ This client library supports all of Stytch's live products:
   - [x] [Session Management](https://stytch.com/docs/api/sessions-overview)
   - [x] [WebAuthn (Beta)](https://stytch.com/docs/api/webauthn-overview)
   - [x] [Time-based one-time passcodes (TOTPs) (Beta)](https://stytch.com/docs/api/totps-overview)
+  - [x] [Crypto wallets (Beta)](https://stytch.com/docs/api/crypto-wallet-overview)
 
 ### Example usage
 Create an API client:
@@ -48,16 +49,14 @@ client = Stytch::Client.new(
 Send a magic link by email:
 ```ruby
 client.magic_links.email.login_or_create(
-    email: "sandbox@stytch.com",
-    login_magic_link_url: "https://example.com/login",
-    signup_magic_link_url: "https://example.com/signup",
+    email: "sandbox@stytch.com"
 )
 ```
 
 Authenticate the token from the magic link:
 ```ruby
 client.magic_links.authenticate(
-    token: "SeiGwdj5lKkrEVgcEY3QNJXt6srxS3IK2Nwkar6mXD4=",
+    token: "SeiGwdj5lKkrEVgcEY3QNJXt6srxS3IK2Nwkar6mXD4="
 )
 ```
 

data/lib/stytch/client.rb

@@ -7,12 +7,13 @@ require_relative 'otps'
 require_relative 'sessions'
 require_relative 'totps'
 require_relative 'webauthn'
+require_relative 'crypto_wallets'
 
 module Stytch
   class Client
     ENVIRONMENTS = %i[live test].freeze
 
-    attr_reader :users, :magic_links, :oauth, :otps, :sessions, :totps, :webauthn
+    attr_reader :users, :magic_links, :oauth, :otps, :sessions, :totps, :webauthn, :crypto_wallets
 
     def initialize(env:, project_id:, secret:, &block)
       @api_host   = api_host(env)
@@ -25,9 +26,10 @@ module Stytch
       @magic_links = Stytch::MagicLinks.new(@connection)
       @oauth = Stytch::OAuth.new(@connection)
       @otps = Stytch::OTPs.new(@connection)
-      @sessions = Stytch::Sessions.new(@connection)
+      @sessions = Stytch::Sessions.new(@connection, @project_id)
       @totps = Stytch::TOTPs.new(@connection)
       @webauthn = Stytch::WebAuthn.new(@connection)
+      @crypto_wallets = Stytch::CryptoWallets.new(@connection)
     end
 
     private

data/lib/stytch/crypto_wallets.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require_relative 'request_helper'
+
+module Stytch
+  class CryptoWallets
+    include Stytch::RequestHelper
+
+    PATH = '/v1/crypto_wallets'
+
+    def initialize(connection)
+      @connection = connection
+    end
+
+    def authenticate_start(
+      crypto_wallet_address:,
+      crypto_wallet_type:,
+      user_id: nil
+    )
+      request = {
+        crypto_wallet_address: crypto_wallet_address,
+        crypto_wallet_type: crypto_wallet_type
+      }
+
+      request[:user_id] = user_id unless user_id.nil?
+
+      post_request("#{PATH}/authenticate/start", request)
+    end
+
+    def authenticate(
+      crypto_wallet_address:,
+      crypto_wallet_type:,
+      signature:,
+      session_token: nil,
+      session_jwt: nil,
+      session_duration_minutes: nil
+    )
+      request = {
+        crypto_wallet_address: crypto_wallet_address,
+        crypto_wallet_type: crypto_wallet_type,
+        signature: signature
+      }
+
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
+      request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
+
+      post_request("#{PATH}/authenticate", request)
+    end
+  end
+end

data/lib/stytch/errors.rb

@@ -0,0 +1,25 @@
+module Stytch
+    class JWTInvalidIssuerError < StandardError
+        def initialize(msg="JWT issuer did not match")
+            super
+        end
+    end
+
+    class JWTInvalidAudienceError < StandardError
+        def initialize(msg="JWT audience did not match")
+            super
+        end
+    end
+
+    class JWTExpiredSignatureError < StandardError
+        def initialize(msg="JWT signature has expired")
+            super
+        end
+    end
+
+    class JWTIncorrectAlgorithmError < StandardError
+        def initialize(msg="JWT algorithm is incorrect")
+            super
+        end
+    end
+end

data/lib/stytch/magic_links.rb

@@ -36,6 +36,7 @@ module Stytch
       attributes: {},
       options: {},
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -45,6 +46,7 @@ module Stytch
       request[:attributes] = attributes if attributes != {}
       request[:options] = options if options != {}
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/oauth.rb

@@ -14,15 +14,15 @@ module Stytch
 
     def authenticate(
       token:,
-      session_management_type: nil,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
         token: token
       }
-      request[:session_management_type] = session_management_type unless session_management_type.nil?
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/otps.rb

@@ -24,6 +24,7 @@ module Stytch
       attributes: {},
       options: {},
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -34,6 +35,7 @@ module Stytch
       request[:attributes] = attributes if attributes != {}
       request[:options] = options if options != {}
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/sessions.rb

@@ -1,5 +1,9 @@
 # frozen_string_literal: true
 
+require 'jwt'
+require 'json/jwt'
+
+require_relative 'errors'
 require_relative 'request_helper'
 
 module Stytch
@@ -8,8 +12,12 @@ module Stytch
 
     PATH = '/v1/sessions'
 
-    def initialize(connection)
+    def initialize(connection, project_id)
       @connection = connection
+      @project_id = project_id
+      @jwks_loader = ->(options) do
+        options[:invalidate] ? jwks(project_id: @project_id) : {}
+      end
     end
 
     def get(user_id:)
@@ -23,13 +31,14 @@ module Stytch
     end
 
     def authenticate(
-      session_token:,
+      session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
-      request = {
-        session_token: session_token
-      }
+      request = {}
 
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/authenticate", request)
@@ -46,5 +55,73 @@ module Stytch
 
       post_request("#{PATH}/revoke", request)
     end
+
+    def jwks(project_id:)
+      request_path = "#{PATH}/jwks/" + project_id
+      get_request(request_path)
+    end
+
+    # Parse a JWT and verify the signature. If max_token_age_seconds is unset, call the API directly
+    # If max_token_age_seconds is set and the JWT was issued (based on the "iat" claim) less than
+    # max_token_age_seconds seconds ago, then just verify locally and don't call the API
+    # To force remote validation for all tokens, set max_token_age_seconds to 0 or call authenticate()
+    def authenticate_jwt(
+      session_jwt,
+      max_token_age_seconds: nil,
+      session_duration_minutes: nil
+    )
+      if max_token_age_seconds == 0
+        return authenticate(
+          session_jwt: session_jwt,
+          session_duration_minutes: session_duration_minutes,
+        )
+      end
+
+      decoded_jwt = authenticate_jwt_local(session_jwt)
+      iat_time = Time.at(decoded_jwt["iat"]).to_datetime
+      if iat_time + max_token_age_seconds >= Time.now
+        session = marshal_jwt_into_session(decoded_jwt)
+        return {"session" => session}
+      else
+        return authenticate(
+          session_jwt: session_jwt,
+          session_duration_minutes: session_duration_minutes,
+        )
+      end
+    end
+
+    # Parse a JWT and verify the signature locally (without calling /authenticate in the API)
+    # Uses the cached value to get the JWK but if it is unavailable, it calls the get_jwks()
+    # function to get the JWK
+    # This method never authenticates a JWT directly with the API
+    def authenticate_jwt_local(session_jwt)
+      issuer = "stytch.com/" + @project_id
+      begin
+        decoded_token = JWT.decode session_jwt, nil, true, 
+        { jwks: @jwks_loader, iss: issuer, verify_iss: true, aud: @project_id, verify_aud: true, algorithms: ["RS256"]}
+        return decoded_token[0]
+      rescue JWT::InvalidIssuerError
+        raise JWTInvalidIssuerError
+      rescue JWT::InvalidAudError
+        raise JWTInvalidAudienceError
+      rescue JWT::ExpiredSignature
+        raise JWTExpiredSignatureError
+      rescue JWT::IncorrectAlgorithm
+        raise JWTIncorrectAlgorithmError
+      end
+    end
+
+    def marshal_jwt_into_session(jwt)
+      stytch_claim = "https://stytch.com/session"
+      return {
+        "session_id" => jwt["jti"],
+        "user_id" => jwt["sub"],
+        "started_at" => jwt[stytch_claim]["started_at"],
+        "last_accessed_at" => jwt[stytch_claim]["last_accessed_at"],
+        "expires_at" => Time.at(jwt["exp"]).to_datetime.iso8601,
+        "attributes" => jwt[stytch_claim]["attributes"],
+        "authentication_factors" => jwt[stytch_claim]["authentication_factors"],
+      }
+    end
   end
 end

data/lib/stytch/totps.rb

@@ -29,6 +29,7 @@ module Stytch
       user_id:,
       totp_code:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -37,6 +38,7 @@ module Stytch
       }
 
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/authenticate", request)
@@ -56,6 +58,7 @@ module Stytch
       user_id:,
       recovery_code:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -64,6 +67,7 @@ module Stytch
       }
 
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/recover", request)

data/lib/stytch/users.rb

@@ -54,11 +54,13 @@ module Stytch
       name: {},
       emails: [],
       phone_numbers: [],
+      crypto_wallets: [],
       attributes: {}
     )
       request = {
         emails: format_emails(emails),
-        phone_numbers: format_phone_numbers(phone_numbers)
+        phone_numbers: format_phone_numbers(phone_numbers),
+        crypto_wallets: crypto_wallets
       }
 
       request[:name] = name if name != {}
@@ -95,6 +97,12 @@ module Stytch
       delete_request("#{PATH}/totps/#{totp_id}")
     end
 
+    def delete_crypto_wallet(
+      crypto_wallet_id:
+    )
+      delete_request("#{PATH}/crypto_wallets/#{crypto_wallet_id}")
+    end
+
     private
 
     def format_emails(emails)

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '2.10.1'
+  VERSION = '3.0.0'
 end

data/lib/stytch/webauthn.rb

@@ -56,6 +56,7 @@ module Stytch
     def authenticate(
       public_key_credential:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -63,6 +64,7 @@ module Stytch
       }
 
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
 
       post_request("#{PATH}/authenticate", request)

data/stytch.gemspec

@@ -27,4 +27,6 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'faraday', '>= 0.17.0', '< 2.0'
   spec.add_dependency 'faraday_middleware', '>= 0.14.0', '< 2.0'
+  spec.add_dependency 'jwt', '>= 2.3.0'
+  spec.add_dependency 'json-jwt', '>=1.13.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 2.10.1
+  version: 3.0.0
 platform: ruby
 authors:
 - stytch
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-02-17 00:00:00.000000000 Z
+date: 2022-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -50,6 +50,34 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: json-jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.13.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.13.0
 description: 
 email:
 - support@stytch.com
@@ -71,6 +99,8 @@ files:
 - bin/setup
 - lib/stytch.rb
 - lib/stytch/client.rb
+- lib/stytch/crypto_wallets.rb
+- lib/stytch/errors.rb
 - lib/stytch/magic_links.rb
 - lib/stytch/middleware.rb
 - lib/stytch/oauth.rb
@@ -103,7 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.3.1
 signing_key: 
 specification_version: 4
 summary: Stytch Ruby Gem