stytch 5.0.2 → 6.0.0

data/lib/stytch/b2b_sessions.rb

@@ -1,5 +1,11 @@
 # frozen_string_literal: true
 
+# !!!
+# WARNING: This file is autogenerated
+# Only modify code within MANUAL() sections
+# or your changes may be overwritten later!
+# !!!
+
 require_relative 'request_helper'
 
 module StytchB2B
@@ -10,6 +16,27 @@ module StytchB2B
       @connection = connection
     end
 
+    # Retrieves all active Sessions for a Member.
+    #
+    # == Parameters:
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # member_sessions::
+    #   An array of [Session objects](https://stytch.com/docs/b2b/api/session-object).
+    #   The type of this field is list of +MemberSession+ (+object+).
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
     def get(
       organization_id:,
       member_id:
@@ -22,6 +49,59 @@ module StytchB2B
       get_request(request)
     end
 
+    # Authenticates a Session and updates its lifetime by the specified `session_duration_minutes`. If the `session_duration_minutes` is not specified, a Session will not be extended. This endpoint requires either a `session_jwt` or `session_token` be included in the request. It will return an error if both are present.
+    #
+    # You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid.
+    #
+    # == Parameters:
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is nilable +String+.
+    # session_duration_minutes::
+    #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+    #   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+    #   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+    #
+    #   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+    #
+    #   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+    #
+    #   If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
+    #   to use the Stytch session product, you can ignore the session fields in the response.
+    #   The type of this field is nilable +Integer+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is nilable +String+.
+    # session_custom_claims::
+    #   Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
+    #   `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
+    #   delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
+    #   Total custom claims size cannot exceed four kilobytes.
+    #   The type of this field is nilable +object+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # member_session::
+    #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
+    #   The type of this field is +MemberSession+ (+object+).
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is +String+.
+    # member::
+    #   The [Member object](https://stytch.com/docs/b2b/api/member-object).
+    #   The type of this field is +Member+ (+object+).
+    # organization::
+    #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+    #   The type of this field is +Organization+ (+object+).
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
     def authenticate(
       session_token: nil,
       session_duration_minutes: nil,
@@ -37,6 +117,30 @@ module StytchB2B
       post_request('/v1/b2b/sessions/authenticate', request)
     end
 
+    # Revoke a Session and immediately invalidate all its tokens. To revoke a specific Session, pass either the `member_session_id`, `session_token`, or `session_jwt`. To revoke all Sessions for a Member, pass the `member_id`.
+    #
+    # == Parameters:
+    # member_session_id::
+    #   Globally unique UUID that identifies a specific Session in the Stytch API. The `member_session_id` is critical to perform operations on an Session, so be sure to preserve this value.
+    #   The type of this field is nilable +String+.
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is nilable +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is nilable +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+    #   The type of this field is nilable +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
     def revoke(
       member_session_id: nil,
       session_token: nil,
@@ -52,6 +156,65 @@ module StytchB2B
       post_request('/v1/b2b/sessions/revoke', request)
     end
 
+    # Use this endpoint to exchange a Member's existing session for another session in a different Organization. This can be used to accept an invite, but not to create a new member via domain matching.
+    #
+    # To create a new member via domain matching, use the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) flow instead.
+    #
+    # == Parameters:
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    # session_token::
+    #   The `session_token` belonging to the member that you wish to associate the email with.
+    #   The type of this field is nilable +String+.
+    # session_jwt::
+    #   The `session_jwt` belonging to the member that you wish to associate the email with.
+    #   The type of this field is nilable +String+.
+    # session_duration_minutes::
+    #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+    #   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+    #   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+    #
+    #   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+    #
+    #   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+    #
+    #   If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
+    #   to use the Stytch session product, you can ignore the session fields in the response.
+    #   The type of this field is nilable +Integer+.
+    # session_custom_claims::
+    #   Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
+    #   `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
+    #   delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
+    #   Total custom claims size cannot exceed four kilobytes.
+    #   The type of this field is nilable +object+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member.
+    #   The type of this field is +String+.
+    # member_session::
+    #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
+    #   The type of this field is +MemberSession+ (+object+).
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is +String+.
+    # member::
+    #   The [Member object](https://stytch.com/docs/b2b/api/member-object).
+    #   The type of this field is +Member+ (+object+).
+    # organization::
+    #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+    #   The type of this field is +Organization+ (+object+).
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
     def exchange(
       organization_id:,
       session_token: nil,
@@ -70,12 +233,28 @@ module StytchB2B
       post_request('/v1/b2b/sessions/exchange', request)
     end
 
-    def jwks(
+    # Get the JSON Web Key Set (JWKS) for a project.
+    #
+    # == Parameters:
+    # project_id::
+    #   The `project_id` to get the JWKS for.
+    #   The type of this field is +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # keys::
+    #   The JWK
+    #   The type of this field is list of +JWK+ (+object+).
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
+    def get_jwks(
       project_id:
     )
-      query_params = {
-        project_id: project_id
-      }
+      query_params = {}
       request = request_with_query_params("/v1/b2b/sessions/jwks/#{project_id}", query_params)
       get_request(request)
     end

data/lib/stytch/b2b_sso.rb

@@ -1,5 +1,11 @@
 # frozen_string_literal: true
 
+# !!!
+# WARNING: This file is autogenerated
+# Only modify code within MANUAL() sections
+# or your changes may be overwritten later!
+# !!!
+
 require_relative 'request_helper'
 
 module StytchB2B
@@ -14,6 +20,27 @@ module StytchB2B
       @saml = StytchB2B::SSO::SAML.new(@connection)
     end
 
+    # Get all SSO Connections owned by the organization.
+    #
+    # == Parameters:
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # saml_connections::
+    #   The list of [SAML Connections](https://stytch.com/docs/b2b/api/saml-connection-object) owned by this organization.
+    #   The type of this field is list of +SAMLConnection+ (+object+).
+    # oidc_connections::
+    #   The list of [OIDC Connections](https://stytch.com/docs/b2b/api/oidc-connection-object) owned by this organization.
+    #   The type of this field is list of +OIDCConnection+ (+object+).
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
     def get_connections(
       organization_id:
     )
@@ -22,6 +49,27 @@ module StytchB2B
       get_request(request)
     end
 
+    # Delete an existing SSO connection.
+    #
+    # == Parameters:
+    # organization_id::
+    #   The organization ID that the SSO connection belongs to.
+    #   The type of this field is +String+.
+    # connection_id::
+    #   The ID of the SSO connection. Both SAML and OIDC connection IDs can be provided.
+    #   The type of this field is +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # connection_id::
+    #   The `connection_id` that was deleted as part of the delete request.
+    #   The type of this field is +String+.
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
     def delete_connection(
       organization_id:,
       connection_id:
@@ -29,6 +77,77 @@ module StytchB2B
       delete_request("/v1/b2b/sso/#{organization_id}/connections/#{connection_id}")
     end
 
+    # Authenticate a user given a token.
+    # This endpoint verifies that the user completed the SSO Authentication flow by verifying that the token is valid and hasn't expired.
+    # Provide the `session_duration_minutes` parameter to set the lifetime of the session.
+    # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration.
+    # To link this authentication event to an existing Stytch session, include either the `session_token` or `session_jwt` param.
+    #
+    # == Parameters:
+    # sso_token::
+    #   The token to authenticate.
+    #   The type of this field is +String+.
+    # pkce_code_verifier::
+    #   A base64url encoded one time secret used to validate that the request starts and ends on the same device.
+    #   The type of this field is nilable +String+.
+    # session_token::
+    #   The `session_token` belonging to the member that you wish to associate the email with.
+    #   The type of this field is nilable +String+.
+    # session_jwt::
+    #   The `session_jwt` belonging to the member that you wish to associate the email with.
+    #   The type of this field is nilable +String+.
+    # session_duration_minutes::
+    #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+    #   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+    #   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+    #
+    #   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+    #
+    #   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+    #
+    #   If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
+    #   to use the Stytch session product, you can ignore the session fields in the response.
+    #   The type of this field is nilable +Integer+.
+    # session_custom_claims::
+    #   Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
+    #   `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
+    #   delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
+    #   Total custom claims size cannot exceed four kilobytes.
+    #   The type of this field is nilable +object+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member.
+    #   The type of this field is +String+.
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    # member::
+    #   The [Member object](https://stytch.com/docs/b2b/api/member-object).
+    #   The type of this field is +Member+ (+object+).
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is +String+.
+    # reset_session::
+    #   Indicates if all Sessions linked to the Member need to be reset. You should check this field if you aren't using
+    #     Stytch's Session product. If you are using Stytch's Session product, we revoke the Member’s other Sessions for you.
+    #   The type of this field is +Boolean+.
+    # organization::
+    #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+    #   The type of this field is +Organization+ (+object+).
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
+    # member_session::
+    #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
+    #   The type of this field is nilable +MemberSession+ (+object+).
     def authenticate(
       sso_token:,
       pkce_code_verifier: nil,
@@ -56,18 +175,102 @@ module StytchB2B
         @connection = connection
       end
 
+      # Create a new OIDC Connection.
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # display_name::
+      #   A human-readable display name for the connection.
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      # connection::
+      #   The `OIDC Connection` object affected by this API call. See the [OIDC Connection Object](https://stytch.com/docs/b2b/api/oidc-connection-object) for complete response field details.
+      #   The type of this field is nilable +OIDCConnection+ (+object+).
       def create_connection(
         organization_id:,
         display_name: nil
       )
-        request = {
-          organization_id: organization_id
-        }
+        request = {}
         request[:display_name] = display_name unless display_name.nil?
 
         post_request("/v1/b2b/sso/oidc/#{organization_id}", request)
       end
 
+      # Updates an existing OIDC connection.
+      #
+      # When the value of `issuer` changes, Stytch will attempt to retrieve the [OpenID Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata) document found at `$/.well-known/openid-configuration`.
+      # If the metadata document can be retrieved successfully, Stytch will use it to infer the values of `authorization_url`, `token_url`, `jwks_url`, and `userinfo_url`.
+      # The `client_id` and `client_secret` values cannot be inferred from the metadata document, and *must* be passed in explicitly.
+      #
+      # If the metadata document cannot be retrieved, Stytch will still update the connection using values from the request body.
+      #
+      # If the metadata document can be retrieved, and values are passed in the request body, the explicit values passed in from the request body will take precedence over the values inferred from the metadata document.
+      #
+      # Note that a newly created connection will not become active until all of the following fields are provided:
+      # * `issuer`
+      # * `client_id`
+      # * `client_secret`
+      # * `authorization_url`
+      # * `token_url`
+      # * `userinfo_url`
+      # * `jwks_url`
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # connection_id::
+      #   Globally unique UUID that identifies a specific SSO `connection_id` for a Member.
+      #   The type of this field is +String+.
+      # display_name::
+      #   A human-readable display name for the connection.
+      #   The type of this field is nilable +String+.
+      # client_id::
+      #   The OAuth2.0 client ID used to authenticate login attempts. This will be provided by the IdP.
+      #   The type of this field is nilable +String+.
+      # client_secret::
+      #   The secret belonging to the OAuth2.0 client used to authenticate login attempts. This will be provided by the IdP.
+      #   The type of this field is nilable +String+.
+      # issuer::
+      #   A case-sensitive `https://` URL that uniquely identifies the IdP. This will be provided by the IdP.
+      #   The type of this field is nilable +String+.
+      # authorization_url::
+      #   The location of the URL that starts an OAuth login at the IdP. This will be provided by the IdP.
+      #   The type of this field is nilable +String+.
+      # token_url::
+      #   The location of the URL that issues OAuth2.0 access tokens and OIDC ID tokens. This will be provided by the IdP.
+      #   The type of this field is nilable +String+.
+      # userinfo_url::
+      #   The location of the IDP's [UserInfo Endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). This will be provided by the IdP.
+      #   The type of this field is nilable +String+.
+      # jwks_url::
+      #   The location of the IdP's JSON Web Key Set, used to verify credentials issued by the IdP. This will be provided by the IdP.
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      # connection::
+      #   The `OIDC Connection` object affected by this API call. See the [OIDC Connection Object](https://stytch.com/docs/b2b/api/oidc-connection-object) for complete response field details.
+      #   The type of this field is nilable +OIDCConnection+ (+object+).
+      # warning::
+      #   If it is not possible to resolve the well-known metadata document from the OIDC issuer, this field will explain what went wrong if the request is successful otherwise. In other words, even if the overall request succeeds, there could be relevant warnings related to the connection update.
+      #   The type of this field is nilable +String+.
       def update_connection(
         organization_id:,
         connection_id:,
@@ -80,10 +283,7 @@ module StytchB2B
         userinfo_url: nil,
         jwks_url: nil
       )
-        request = {
-          organization_id: organization_id,
-          connection_id: connection_id
-        }
+        request = {}
         request[:display_name] = display_name unless display_name.nil?
         request[:client_id] = client_id unless client_id.nil?
         request[:client_secret] = client_secret unless client_secret.nil?
@@ -104,18 +304,79 @@ module StytchB2B
         @connection = connection
       end
 
+      # Create a new SAML Connection.
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # display_name::
+      #   A human-readable display name for the connection.
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      # connection::
+      #   The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
+      #   The type of this field is nilable +SAMLConnection+ (+object+).
       def create_connection(
         organization_id:,
         display_name: nil
       )
-        request = {
-          organization_id: organization_id
-        }
+        request = {}
         request[:display_name] = display_name unless display_name.nil?
 
         post_request("/v1/b2b/sso/saml/#{organization_id}", request)
       end
 
+      # Updates an existing SAML connection.
+      #
+      # Note that a newly created connection will not become active until all of the following are provided:
+      # * `idp_sso_url`
+      # * `attribute_mapping`
+      # * `idp_entity_id`
+      # * `x509_certificate`
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # connection_id::
+      #   Globally unique UUID that identifies a specific SSO `connection_id` for a Member.
+      #   The type of this field is +String+.
+      # idp_entity_id::
+      #   A globally unique name for the IdP. This will be provided by the IdP.
+      #   The type of this field is nilable +String+.
+      # display_name::
+      #   A human-readable display name for the connection.
+      #   The type of this field is nilable +String+.
+      # attribute_mapping::
+      #   An object that represents the attributes used to identify a Member. This object will map the IdP-defined User attributes to Stytch-specific values. Required attributes: `email` and one of `full_name` or `first_name` and `last_name`.
+      #   The type of this field is nilable +object+.
+      # x509_certificate::
+      #   A certificate that Stytch will use to verify the sign-in assertion sent by the IdP, in [PEM](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail) format. See our [X509 guide](https://stytch.com/docs/b2b/api/saml-certificates) for more info.
+      #   The type of this field is nilable +String+.
+      # idp_sso_url::
+      #   The URL for which assertions for login requests will be sent. This will be provided by the IdP.
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      # connection::
+      #   The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
+      #   The type of this field is nilable +SAMLConnection+ (+object+).
       def update_connection(
         organization_id:,
         connection_id:,
@@ -125,10 +386,7 @@ module StytchB2B
         x509_certificate: nil,
         idp_sso_url: nil
       )
-        request = {
-          organization_id: organization_id,
-          connection_id: connection_id
-        }
+        request = {}
         request[:idp_entity_id] = idp_entity_id unless idp_entity_id.nil?
         request[:display_name] = display_name unless display_name.nil?
         request[:attribute_mapping] = attribute_mapping unless attribute_mapping.nil?
@@ -138,6 +396,32 @@ module StytchB2B
         put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}", request)
       end
 
+      # Delete a SAML verification certificate.
+      #
+      # You may need to do this when rotating certificates from your IdP, since Stytch allows a maximum of 5 certificates per connection. There must always be at least one certificate per active connection.
+      #
+      # == Parameters:
+      # organization_id::
+      #   The organization ID that the SAML connection belongs to.
+      #   The type of this field is +String+.
+      # connection_id::
+      #   The ID of the SAML connection.
+      #   The type of this field is +String+.
+      # certificate_id::
+      #   The ID of the certificate to be deleted.
+      #   The type of this field is +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # certificate_id::
+      #   The ID of the certificate that was deleted.
+      #   The type of this field is +String+.
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
       def delete_verification_certificate(
         organization_id:,
         connection_id:,

data/lib/stytch/client.rb

@@ -1,20 +1,20 @@
 # frozen_string_literal: true
 
-require_relative 'users'
+require_relative 'crypto_wallets'
 require_relative 'magic_links'
 require_relative 'oauth'
 require_relative 'otps'
+require_relative 'passwords'
 require_relative 'sessions'
 require_relative 'totps'
+require_relative 'users'
 require_relative 'webauthn'
-require_relative 'crypto_wallets'
-require_relative 'passwords'
 
 module Stytch
   class Client
     ENVIRONMENTS = %i[live test].freeze
 
-    attr_reader :users, :magic_links, :oauth, :otps, :sessions, :totps, :webauthn, :crypto_wallets, :passwords
+    attr_reader :crypto_wallets, :magic_links, :oauth, :otps, :passwords, :sessions, :totps, :users, :webauthn
 
     def initialize(project_id:, secret:, env: nil, &block)
       @api_host   = api_host(env, project_id)
@@ -23,15 +23,15 @@ module Stytch
 
       create_connection(&block)
 
-      @users = Stytch::Users.new(@connection)
+      @crypto_wallets = Stytch::CryptoWallets.new(@connection)
       @magic_links = Stytch::MagicLinks.new(@connection)
       @oauth = Stytch::OAuth.new(@connection)
       @otps = Stytch::OTPs.new(@connection)
-      @sessions = Stytch::Sessions.new(@connection, @project_id)
+      @passwords = Stytch::Passwords.new(@connection)
+      @sessions = Stytch::Sessions.new(@connection, project_id)
       @totps = Stytch::TOTPs.new(@connection)
+      @users = Stytch::Users.new(@connection)
       @webauthn = Stytch::WebAuthn.new(@connection)
-      @crypto_wallets = Stytch::CryptoWallets.new(@connection)
-      @passwords = Stytch::Passwords.new(@connection)
     end
 
     private
@@ -42,7 +42,7 @@ module Stytch
         'https://api.stytch.com'
       when :test
         'https://test.stytch.com'
-      when /\Ahttps?:\/\//
+      when %r{\Ahttps?://}
         # If this is a string that looks like a URL, assume it's an internal development URL.
         env
       else