stytch 6.0.0 → 6.2.0

data/lib/stytch/b2b_organizations.rb

@@ -21,7 +21,7 @@ module StytchB2B
 
     # Creates an Organization. An `organization_name` and a unique `organization_slug` are required.
     #
-    # By default, `email_invites` and `sso_jit_provisioning` will be set to `ALL_ALLOWED` if no Organization authentication settings are explicitly defined in the request.
+    # By default, `email_invites` and `sso_jit_provisioning` will be set to `ALL_ALLOWED`, and `mfa_policy` will be set to `OPTIONAL` if no Organization authentication settings are explicitly defined in the request.
     #
     # *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.
     #
@@ -86,6 +86,14 @@ module StytchB2B
     #   The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
     #
     #   The type of this field is nilable list of +String+.
+    # mfa_policy::
+    #   (Coming Soon) The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
+    #
+    #   `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in.
+    #
+    #   `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true.
+    #
+    #   The type of this field is nilable +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -108,7 +116,8 @@ module StytchB2B
       email_jit_provisioning: nil,
       email_invites: nil,
       auth_methods: nil,
-      allowed_auth_methods: nil
+      allowed_auth_methods: nil,
+      mfa_policy: nil
     )
       request = {
         organization_name: organization_name
@@ -122,6 +131,7 @@ module StytchB2B
       request[:email_invites] = email_invites unless email_invites.nil?
       request[:auth_methods] = auth_methods unless auth_methods.nil?
       request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
+      request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
 
       post_request('/v1/b2b/organizations', request)
     end
@@ -227,6 +237,14 @@ module StytchB2B
     #   The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
     #
     #   The type of this field is nilable list of +String+.
+    # mfa_policy::
+    #   (Coming Soon) The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
+    #
+    #   `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in.
+    #
+    #   `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true.
+    #
+    #   The type of this field is nilable +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -252,7 +270,8 @@ module StytchB2B
       email_jit_provisioning: nil,
       email_invites: nil,
       auth_methods: nil,
-      allowed_auth_methods: nil
+      allowed_auth_methods: nil,
+      mfa_policy: nil
     )
       request = {}
       request[:organization_name] = organization_name unless organization_name.nil?
@@ -270,6 +289,7 @@ module StytchB2B
       request[:email_invites] = email_invites unless email_invites.nil?
       request[:auth_methods] = auth_methods unless auth_methods.nil?
       request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
+      request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
 
       put_request("/v1/b2b/organizations/#{organization_id}", request)
     end
@@ -368,6 +388,12 @@ module StytchB2B
       # is_breakglass::
       #   Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](organization-object) and its `auth_methods` and `allowed_auth_methods` fields for more details.
       #   The type of this field is nilable +Boolean+.
+      # mfa_phone_number::
+      #   (no documentation yet)
+      #   The type of this field is nilable +String+.
+      # mfa_enrolled::
+      #   (Coming Soon) Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.
+      #   The type of this field is nilable +Boolean+.
       #
       # == Returns:
       # An object with the following fields:
@@ -392,13 +418,17 @@ module StytchB2B
         name: nil,
         trusted_metadata: nil,
         untrusted_metadata: nil,
-        is_breakglass: nil
+        is_breakglass: nil,
+        mfa_phone_number: nil,
+        mfa_enrolled: nil
       )
         request = {}
         request[:name] = name unless name.nil?
         request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
         request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil?
         request[:is_breakglass] = is_breakglass unless is_breakglass.nil?
+        request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil?
+        request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil?
 
         put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", request)
       end
@@ -431,6 +461,13 @@ module StytchB2B
         delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}")
       end
 
+      def delete_mfa_phone_number(
+        organization_id:,
+        member_id:
+      )
+        delete_request("/v1/b2b/organizations/#{organization_id}/members/mfa_phone_numbers/#{member_id}")
+      end
+
       # Search for Members within specified Organizations. An array with at least one `organization_id` is required. Submitting an empty `query` returns all Members within the specified Organizations.
       #
       # *All fuzzy search filters require a minimum of three characters.
@@ -446,7 +483,7 @@ module StytchB2B
       #   The number of search results to return per page. The default limit is 100. A maximum of 1000 results can be returned by a single search request. If the total size of your result set is greater than one page size, you must paginate the response. See the `cursor` field.
       #   The type of this field is nilable +Integer+.
       # query::
-      #   The optional query object contains the operator, i.e. `AND` or `OR`, and the operands that will filter your results. Only an operator is required. If you include no operands, no filtering will be applied. If you include no query object, it will return all Organizations with no filtering applied.
+      #   The optional query object contains the operator, i.e. `AND` or `OR`, and the operands that will filter your results. Only an operator is required. If you include no operands, no filtering will be applied. If you include no query object, it will return all Members with no filtering applied.
       #   The type of this field is nilable +SearchQuery+ (+object+).
       #
       # == Returns:
@@ -542,6 +579,12 @@ module StytchB2B
       # is_breakglass::
       #   Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](organization-object) and its `auth_methods` and `allowed_auth_methods` fields for more details.
       #   The type of this field is nilable +Boolean+.
+      # mfa_phone_number::
+      #   (no documentation yet)
+      #   The type of this field is nilable +String+.
+      # mfa_enrolled::
+      #   (Coming Soon) Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.
+      #   The type of this field is nilable +Boolean+.
       #
       # == Returns:
       # An object with the following fields:
@@ -567,7 +610,9 @@ module StytchB2B
         trusted_metadata: nil,
         untrusted_metadata: nil,
         create_member_as_pending: nil,
-        is_breakglass: nil
+        is_breakglass: nil,
+        mfa_phone_number: nil,
+        mfa_enrolled: nil
       )
         request = {
           email_address: email_address
@@ -577,6 +622,8 @@ module StytchB2B
         request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil?
         request[:create_member_as_pending] = create_member_as_pending unless create_member_as_pending.nil?
         request[:is_breakglass] = is_breakglass unless is_breakglass.nil?
+        request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil?
+        request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil?
 
         post_request("/v1/b2b/organizations/#{organization_id}/members", request)
       end

data/lib/stytch/b2b_otp.rb

@@ -0,0 +1,200 @@
+# frozen_string_literal: true
+
+# !!!
+# WARNING: This file is autogenerated
+# Only modify code within MANUAL() sections
+# or your changes may be overwritten later!
+# !!!
+
+require_relative 'request_helper'
+
+module StytchB2B
+  class OTPs
+    include Stytch::RequestHelper
+    attr_reader :sms
+
+    def initialize(connection)
+      @connection = connection
+
+      @sms = StytchB2B::OTPs::Sms.new(@connection)
+    end
+
+    class Sms
+      include Stytch::RequestHelper
+
+      def initialize(connection)
+        @connection = connection
+      end
+
+      # Send a one-time passcode (OTP) to a Member's phone number. If the Member already has a phone number, this will send an OTP to the number associated with their `member_id`. If not, then this will send an OTP to the `phone_number` provided and link the `phone_number` with the Member.
+      # An error will be thrown if the Member already has a phone number and the provided `phone_number` does not match the existing one.
+      #
+      # Note that sending another OTP code before the first has expired will invalidate the first code.
+      #
+      # If a Member has a phone number and is enrolled in MFA, then after a successful primary authentication event (e.g. [email magic link](https://stytch.com/docs/b2b/api/authenticate-magic-link) or [SSO](https://stytch.com/docs/b2b/api/sso-authenticate) login is complete), an SMS OTP will automatically be sent to their phone number. In that case, this endpoint should only be used for subsequent authentication events, such as prompting a Member for an OTP again after a period of inactivity.
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # mfa_phone_number::
+      #   (no documentation yet)
+      #   The type of this field is nilable +String+.
+      # locale::
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #
+      # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
+      #
+      # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
+      #
+      #   The type of this field is nilable +SendRequestLocale+ (string enum).
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member.
+      #   The type of this field is +String+.
+      # member::
+      #   The [Member object](https://stytch.com/docs/b2b/api/member-object).
+      #   The type of this field is +Member+ (+object+).
+      # organization::
+      #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+      #   The type of this field is +Organization+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      def send(
+        organization_id:,
+        member_id:,
+        mfa_phone_number: nil,
+        locale: nil
+      )
+        request = {
+          organization_id: organization_id,
+          member_id: member_id
+        }
+        request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil?
+        request[:locale] = locale unless locale.nil?
+
+        post_request('/v1/b2b/otps/sms/send', request)
+      end
+
+      # Authenticates a Member's OTP code. This endpoint verifies that the code is valid and hasn't expired or been previously used. A given Member may only have a single active OTP code at any given time. If a Member requests another OTP code before the first one has expired, the first one will be invalidated.
+      #
+      # Exactly one of `intermediate_session_token`, `session_token`, or `session_jwt` must be provided in the request.
+      # If an intermediate session token is provided, this operation will consume it.
+      #
+      # If the Organization's MFA policy is `REQUIRED_FOR_ALL`, a successful OTP authentication will change the Member's `mfa_enrolled` status to `true` if it is not already `true`.
+      # If the Organization's MFA policy is `OPTIONAL`, the Member's MFA enrollment can be toggled by passing in a value for the `set_mfa_enrollment` field.
+      #
+      # Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a duration of 60 minutes.
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # code::
+      #   The code to authenticate.
+      #   The type of this field is +String+.
+      # intermediate_session_token::
+      #   The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
+      #     The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
+      #     the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
+      #     or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
+      #   The type of this field is nilable +String+.
+      # session_token::
+      #   A secret token for a given Stytch Session.
+      #   The type of this field is nilable +String+.
+      # session_jwt::
+      #   The JSON Web Token (JWT) for a given Stytch Session.
+      #   The type of this field is nilable +String+.
+      # session_duration_minutes::
+      #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+      #   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+      #   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+      #
+      #   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+      #
+      #   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+      #
+      #   If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
+      #   to use the Stytch session product, you can ignore the session fields in the response.
+      #   The type of this field is nilable +Integer+.
+      # session_custom_claims::
+      #   Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
+      #   `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
+      #   delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
+      #   Total custom claims size cannot exceed four kilobytes.
+      #   The type of this field is nilable +object+.
+      # set_mfa_enrollment::
+      #   Optionally sets the Member’s MFA enrollment status upon a successful authentication. If the Organization’s MFA policy is `REQUIRED_FOR_ALL`, this field will be ignored. If this field is not passed in, the Member’s `mfa_enrolled` boolean will not be affected. The options are:
+      #
+      #   `enroll` – sets the Member's `mfa_enrolled` boolean to `true`. The Member will be required to complete an MFA step upon subsequent logins to the Organization.
+      #
+      #   `unenroll` –  sets the Member's `mfa_enrolled` boolean to `false`. The Member will no longer be required to complete MFA steps when logging in to the Organization.
+      #
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member.
+      #   The type of this field is +String+.
+      # member::
+      #   The [Member object](https://stytch.com/docs/b2b/api/member-object).
+      #   The type of this field is +Member+ (+object+).
+      # organization::
+      #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+      #   The type of this field is +Organization+ (+object+).
+      # session_token::
+      #   A secret token for a given Stytch Session.
+      #   The type of this field is +String+.
+      # session_jwt::
+      #   The JSON Web Token (JWT) for a given Stytch Session.
+      #   The type of this field is +String+.
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      # member_session::
+      #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
+      #   The type of this field is nilable +MemberSession+ (+object+).
+      def authenticate(
+        organization_id:,
+        member_id:,
+        code:,
+        intermediate_session_token: nil,
+        session_token: nil,
+        session_jwt: nil,
+        session_duration_minutes: nil,
+        session_custom_claims: nil,
+        set_mfa_enrollment: nil
+      )
+        request = {
+          organization_id: organization_id,
+          member_id: member_id,
+          code: code
+        }
+        request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
+        request[:session_token] = session_token unless session_token.nil?
+        request[:session_jwt] = session_jwt unless session_jwt.nil?
+        request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
+        request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+        request[:set_mfa_enrollment] = set_mfa_enrollment unless set_mfa_enrollment.nil?
+
+        post_request('/v1/b2b/otps/sms/authenticate', request)
+      end
+    end
+  end
+end

data/lib/stytch/b2b_passwords.rb

@@ -23,14 +23,14 @@ module StytchB2B
 
     # This API allows you to check whether the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password.
     #
-    # This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/passwords#strength-requirements), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/passwords#strength-requirements), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
+    # This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
     #
     # ## Password feedback
     # The zxcvbn_feedback and luds_feedback objects contains relevant fields for you to relay feedback to users that failed to create a strong enough password.
     #
-    # If you're using [zxcvbn](https://stytch.com/docs/passwords#strength-requirements), the feedback object will contain warning and suggestions for any password that does not meet the [zxcvbn](https://stytch.com/docs/passwords#strength-requirements) strength requirements. You can return these strings directly to the user to help them craft a strong password.
+    # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the feedback object will contain warning and suggestions for any password that does not meet the [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) strength requirements. You can return these strings directly to the user to help them craft a strong password.
     #
-    # If you're using [LUDS](https://stytch.com/docs/passwords#strength-requirements), the feedback object will contain a collection of fields that the user failed or passed. You'll want to prompt the user to create a password that meets all requirements that they failed.
+    # If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), the feedback object will contain a collection of fields that the user failed or passed. You'll want to prompt the user to create a password that meets all requirements that they failed.
     #
     # == Parameters:
     # password::
@@ -97,7 +97,7 @@ module StytchB2B
     #   The type of this field is +String+.
     # hash_type::
     #   The password hash used. Currently `bcrypt`, `scrypt`, `argon2i`, `argon2id`, `md_5`, `sha_1`, and `pbkdf_2` are supported.
-    #   The type of this field is +MigrateRequestHashType+ (+object+).
+    #   The type of this field is +MigrateRequestHashType+ (string enum).
     # organization_id::
     #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
     #   The type of this field is +String+.
@@ -187,6 +187,12 @@ module StytchB2B
     #     * We force a password reset in this instance in order to safely deduplicate the account by email address, without introducing the risk of a pre-hijack account takeover attack.
     #     * Imagine a bad actor creates many accounts using passwords and the known email addresses of their victims. If a victim comes to the site and logs in for the first time with an email-based passwordless authentication method then both the victim and the bad actor have credentials to access to the same account. To prevent this, any further email/password login attempts first require a password reset which can only be accomplished by someone with access to the underlying email address.
     #
+    # (Coming Soon) If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+    # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
+    # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
+    #
+    # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.
+    #
     # == Parameters:
     # organization_id::
     #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
@@ -221,6 +227,16 @@ module StytchB2B
     #   delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
     #   Total custom claims size cannot exceed four kilobytes.
     #   The type of this field is nilable +object+.
+    # locale::
+    #   (Coming Soon) If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+    #
+    # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+    #
+    # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
+    #
+    # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
+    #
+    #   The type of this field is nilable +AuthenticateRequestLocale+ (string enum).
     #
     # == Returns:
     # An object with the following fields:
@@ -245,12 +261,23 @@ module StytchB2B
     # organization::
     #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
     #   The type of this field is +Organization+ (+object+).
+    # intermediate_session_token::
+    #   The returned Intermediate Session Token contains a password factor associated with the Member.
+    #       The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization.
+    #       Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
+    #   The type of this field is +String+.
+    # member_authenticated::
+    #   Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
+    #   The type of this field is +Boolean+.
     # status_code::
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
     # member_session::
     #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
     #   The type of this field is nilable +MemberSession+ (+object+).
+    # mfa_required::
+    #   (Coming Soon) Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
+    #   The type of this field is nilable +MfaRequired+ (+object+).
     def authenticate(
       organization_id:,
       email_address:,
@@ -258,7 +285,8 @@ module StytchB2B
       session_token: nil,
       session_duration_minutes: nil,
       session_jwt: nil,
-      session_custom_claims: nil
+      session_custom_claims: nil,
+      locale: nil
     )
       request = {
         organization_id: organization_id,
@@ -269,6 +297,7 @@ module StytchB2B
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+      request[:locale] = locale unless locale.nil?
 
       post_request('/v1/b2b/passwords/authenticate', request)
     end
@@ -283,8 +312,8 @@ module StytchB2B
       # Initiates a password reset for the email address provided. This will trigger an email to be sent to the address, containing a magic link that will allow them to set a new password and authenticate.
       #
       # This endpoint adapts to your Project's password strength configuration.
-      # If you're using [zxcvbn](https://stytch.com/docs/passwords#strength-requirements), the default, your passwords are considered valid
-      # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/passwords#strength-requirements), your passwords are
+      # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid
+      # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are
       # considered valid if they meet the requirements that you've set with Stytch.
       # You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
       #
@@ -319,7 +348,7 @@ module StytchB2B
       #
       # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
       #
-      #   The type of this field is nilable +ResetStartRequestLocale+ (+object+).
+      #   The type of this field is nilable +ResetStartRequestLocale+ (string enum).
       # reset_password_template_id::
       #   Use a custom template for reset password emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic Links - Reset Password.
       #   The type of this field is nilable +String+.
@@ -369,6 +398,12 @@ module StytchB2B
       #
       # The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated.
       #
+      # (Coming Soon) If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+      # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
+      # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
+      #
+      # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.
+      #
       # == Parameters:
       # password_reset_token::
       #   The password reset token to authenticate.
@@ -407,6 +442,16 @@ module StytchB2B
       #   delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
       #   Total custom claims size cannot exceed four kilobytes.
       #   The type of this field is nilable +object+.
+      # locale::
+      #   (Coming Soon) If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+      #
+      # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #
+      # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
+      #
+      # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
+      #
+      #   The type of this field is nilable +ResetRequestLocale+ (string enum).
       #
       # == Returns:
       # An object with the following fields:
@@ -434,12 +479,23 @@ module StytchB2B
       # organization::
       #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
       #   The type of this field is +Organization+ (+object+).
+      # intermediate_session_token::
+      #   The returned Intermediate Session Token contains a password factor associated with the Member.
+      #       The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization.
+      #       Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
+      #   The type of this field is +String+.
+      # member_authenticated::
+      #   Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
+      #   The type of this field is +Boolean+.
       # status_code::
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # member_session::
       #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
       #   The type of this field is nilable +MemberSession+ (+object+).
+      # mfa_required::
+      #   (Coming Soon) Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
+      #   The type of this field is nilable +MfaRequired+ (+object+).
       def reset(
         password_reset_token:,
         password:,
@@ -447,7 +503,8 @@ module StytchB2B
         session_duration_minutes: nil,
         session_jwt: nil,
         code_verifier: nil,
-        session_custom_claims: nil
+        session_custom_claims: nil,
+        locale: nil
       )
         request = {
           password_reset_token: password_reset_token,
@@ -458,6 +515,7 @@ module StytchB2B
         request[:session_jwt] = session_jwt unless session_jwt.nil?
         request[:code_verifier] = code_verifier unless code_verifier.nil?
         request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+        request[:locale] = locale unless locale.nil?
 
         post_request('/v1/b2b/passwords/email/reset', request)
       end
@@ -533,11 +591,17 @@ module StytchB2B
       # Reset the member’s password using their existing password.
       #
       # This endpoint adapts to your Project's password strength configuration.
-      # If you're using [zxcvbn](https://stytch.com/docs/passwords#strength-requirements), the default, your passwords are considered valid
-      # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/passwords#strength-requirements), your passwords are
+      # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid
+      # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are
       # considered valid if they meet the requirements that you've set with Stytch.
       # You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
       #
+      # (Coming Soon) If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+      # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
+      # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
+      #
+      # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.
+      #
       # == Parameters:
       # email_address::
       #   The email address of the Member.
@@ -575,6 +639,16 @@ module StytchB2B
       #   delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
       #   Total custom claims size cannot exceed four kilobytes.
       #   The type of this field is nilable +object+.
+      # locale::
+      #   (Coming Soon) If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+      #
+      # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #
+      # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
+      #
+      # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
+      #
+      #   The type of this field is nilable +ResetRequestLocale+ (string enum).
       #
       # == Returns:
       # An object with the following fields:
@@ -596,12 +670,23 @@ module StytchB2B
       # organization::
       #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
       #   The type of this field is +Organization+ (+object+).
+      # intermediate_session_token::
+      #   The returned Intermediate Session Token contains a password factor associated with the Member.
+      #       The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization.
+      #       Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
+      #   The type of this field is +String+.
+      # member_authenticated::
+      #   Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
+      #   The type of this field is +Boolean+.
       # status_code::
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # member_session::
       #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
       #   The type of this field is nilable +MemberSession+ (+object+).
+      # mfa_required::
+      #   (Coming Soon) Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
+      #   The type of this field is nilable +MfaRequired+ (+object+).
       def reset(
         email_address:,
         existing_password:,
@@ -610,7 +695,8 @@ module StytchB2B
         session_token: nil,
         session_duration_minutes: nil,
         session_jwt: nil,
-        session_custom_claims: nil
+        session_custom_claims: nil,
+        locale: nil
       )
         request = {
           email_address: email_address,
@@ -622,6 +708,7 @@ module StytchB2B
         request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
         request[:session_jwt] = session_jwt unless session_jwt.nil?
         request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+        request[:locale] = locale unless locale.nil?
 
         post_request('/v1/b2b/passwords/existing_password/reset', request)
       end