stytch 6.1.0 → 6.2.0

data/lib/stytch/b2b_otp.rb

@@ -26,22 +26,150 @@ module StytchB2B
         @connection = connection
       end
 
+      # Send a one-time passcode (OTP) to a Member's phone number. If the Member already has a phone number, this will send an OTP to the number associated with their `member_id`. If not, then this will send an OTP to the `phone_number` provided and link the `phone_number` with the Member.
+      # An error will be thrown if the Member already has a phone number and the provided `phone_number` does not match the existing one.
+      #
+      # Note that sending another OTP code before the first has expired will invalidate the first code.
+      #
+      # If a Member has a phone number and is enrolled in MFA, then after a successful primary authentication event (e.g. [email magic link](https://stytch.com/docs/b2b/api/authenticate-magic-link) or [SSO](https://stytch.com/docs/b2b/api/sso-authenticate) login is complete), an SMS OTP will automatically be sent to their phone number. In that case, this endpoint should only be used for subsequent authentication events, such as prompting a Member for an OTP again after a period of inactivity.
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # mfa_phone_number::
+      #   (no documentation yet)
+      #   The type of this field is nilable +String+.
+      # locale::
+      #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #
+      # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
+      #
+      # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
+      #
+      #   The type of this field is nilable +SendRequestLocale+ (string enum).
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member.
+      #   The type of this field is +String+.
+      # member::
+      #   The [Member object](https://stytch.com/docs/b2b/api/member-object).
+      #   The type of this field is +Member+ (+object+).
+      # organization::
+      #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+      #   The type of this field is +Organization+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
       def send(
         organization_id:,
         member_id:,
-        phone_number: nil,
+        mfa_phone_number: nil,
         locale: nil
       )
         request = {
           organization_id: organization_id,
           member_id: member_id
         }
-        request[:phone_number] = phone_number unless phone_number.nil?
+        request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil?
         request[:locale] = locale unless locale.nil?
 
         post_request('/v1/b2b/otps/sms/send', request)
       end
 
+      # Authenticates a Member's OTP code. This endpoint verifies that the code is valid and hasn't expired or been previously used. A given Member may only have a single active OTP code at any given time. If a Member requests another OTP code before the first one has expired, the first one will be invalidated.
+      #
+      # Exactly one of `intermediate_session_token`, `session_token`, or `session_jwt` must be provided in the request.
+      # If an intermediate session token is provided, this operation will consume it.
+      #
+      # If the Organization's MFA policy is `REQUIRED_FOR_ALL`, a successful OTP authentication will change the Member's `mfa_enrolled` status to `true` if it is not already `true`.
+      # If the Organization's MFA policy is `OPTIONAL`, the Member's MFA enrollment can be toggled by passing in a value for the `set_mfa_enrollment` field.
+      #
+      # Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a duration of 60 minutes.
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # code::
+      #   The code to authenticate.
+      #   The type of this field is +String+.
+      # intermediate_session_token::
+      #   The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
+      #     The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
+      #     the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
+      #     or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
+      #   The type of this field is nilable +String+.
+      # session_token::
+      #   A secret token for a given Stytch Session.
+      #   The type of this field is nilable +String+.
+      # session_jwt::
+      #   The JSON Web Token (JWT) for a given Stytch Session.
+      #   The type of this field is nilable +String+.
+      # session_duration_minutes::
+      #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+      #   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+      #   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+      #
+      #   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+      #
+      #   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+      #
+      #   If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
+      #   to use the Stytch session product, you can ignore the session fields in the response.
+      #   The type of this field is nilable +Integer+.
+      # session_custom_claims::
+      #   Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
+      #   `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
+      #   delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
+      #   Total custom claims size cannot exceed four kilobytes.
+      #   The type of this field is nilable +object+.
+      # set_mfa_enrollment::
+      #   Optionally sets the Member’s MFA enrollment status upon a successful authentication. If the Organization’s MFA policy is `REQUIRED_FOR_ALL`, this field will be ignored. If this field is not passed in, the Member’s `mfa_enrolled` boolean will not be affected. The options are:
+      #
+      #   `enroll` – sets the Member's `mfa_enrolled` boolean to `true`. The Member will be required to complete an MFA step upon subsequent logins to the Organization.
+      #
+      #   `unenroll` –  sets the Member's `mfa_enrolled` boolean to `false`. The Member will no longer be required to complete MFA steps when logging in to the Organization.
+      #
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member.
+      #   The type of this field is +String+.
+      # member::
+      #   The [Member object](https://stytch.com/docs/b2b/api/member-object).
+      #   The type of this field is +Member+ (+object+).
+      # organization::
+      #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+      #   The type of this field is +Organization+ (+object+).
+      # session_token::
+      #   A secret token for a given Stytch Session.
+      #   The type of this field is +String+.
+      # session_jwt::
+      #   The JSON Web Token (JWT) for a given Stytch Session.
+      #   The type of this field is +String+.
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      # member_session::
+      #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
+      #   The type of this field is nilable +MemberSession+ (+object+).
       def authenticate(
         organization_id:,
         member_id:,

data/lib/stytch/b2b_passwords.rb

@@ -23,14 +23,14 @@ module StytchB2B
 
     # This API allows you to check whether the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password.
     #
-    # This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/passwords#strength-requirements), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/passwords#strength-requirements), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
+    # This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
     #
     # ## Password feedback
     # The zxcvbn_feedback and luds_feedback objects contains relevant fields for you to relay feedback to users that failed to create a strong enough password.
     #
-    # If you're using [zxcvbn](https://stytch.com/docs/passwords#strength-requirements), the feedback object will contain warning and suggestions for any password that does not meet the [zxcvbn](https://stytch.com/docs/passwords#strength-requirements) strength requirements. You can return these strings directly to the user to help them craft a strong password.
+    # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the feedback object will contain warning and suggestions for any password that does not meet the [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) strength requirements. You can return these strings directly to the user to help them craft a strong password.
     #
-    # If you're using [LUDS](https://stytch.com/docs/passwords#strength-requirements), the feedback object will contain a collection of fields that the user failed or passed. You'll want to prompt the user to create a password that meets all requirements that they failed.
+    # If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), the feedback object will contain a collection of fields that the user failed or passed. You'll want to prompt the user to create a password that meets all requirements that they failed.
     #
     # == Parameters:
     # password::
@@ -187,6 +187,12 @@ module StytchB2B
     #     * We force a password reset in this instance in order to safely deduplicate the account by email address, without introducing the risk of a pre-hijack account takeover attack.
     #     * Imagine a bad actor creates many accounts using passwords and the known email addresses of their victims. If a victim comes to the site and logs in for the first time with an email-based passwordless authentication method then both the victim and the bad actor have credentials to access to the same account. To prevent this, any further email/password login attempts first require a password reset which can only be accomplished by someone with access to the underlying email address.
     #
+    # (Coming Soon) If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+    # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
+    # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
+    #
+    # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.
+    #
     # == Parameters:
     # organization_id::
     #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
@@ -222,7 +228,14 @@ module StytchB2B
     #   Total custom claims size cannot exceed four kilobytes.
     #   The type of this field is nilable +object+.
     # locale::
-    #   (no documentation yet)
+    #   (Coming Soon) If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+    #
+    # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+    #
+    # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
+    #
+    # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
+    #
     #   The type of this field is nilable +AuthenticateRequestLocale+ (string enum).
     #
     # == Returns:
@@ -248,12 +261,23 @@ module StytchB2B
     # organization::
     #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
     #   The type of this field is +Organization+ (+object+).
+    # intermediate_session_token::
+    #   The returned Intermediate Session Token contains a password factor associated with the Member.
+    #       The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization.
+    #       Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
+    #   The type of this field is +String+.
+    # member_authenticated::
+    #   Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
+    #   The type of this field is +Boolean+.
     # status_code::
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
     # member_session::
     #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
     #   The type of this field is nilable +MemberSession+ (+object+).
+    # mfa_required::
+    #   (Coming Soon) Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
+    #   The type of this field is nilable +MfaRequired+ (+object+).
     def authenticate(
       organization_id:,
       email_address:,
@@ -288,8 +312,8 @@ module StytchB2B
       # Initiates a password reset for the email address provided. This will trigger an email to be sent to the address, containing a magic link that will allow them to set a new password and authenticate.
       #
       # This endpoint adapts to your Project's password strength configuration.
-      # If you're using [zxcvbn](https://stytch.com/docs/passwords#strength-requirements), the default, your passwords are considered valid
-      # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/passwords#strength-requirements), your passwords are
+      # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid
+      # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are
       # considered valid if they meet the requirements that you've set with Stytch.
       # You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
       #
@@ -374,6 +398,12 @@ module StytchB2B
       #
       # The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated.
       #
+      # (Coming Soon) If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+      # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
+      # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
+      #
+      # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.
+      #
       # == Parameters:
       # password_reset_token::
       #   The password reset token to authenticate.
@@ -413,7 +443,14 @@ module StytchB2B
       #   Total custom claims size cannot exceed four kilobytes.
       #   The type of this field is nilable +object+.
       # locale::
-      #   (no documentation yet)
+      #   (Coming Soon) If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+      #
+      # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #
+      # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
+      #
+      # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
+      #
       #   The type of this field is nilable +ResetRequestLocale+ (string enum).
       #
       # == Returns:
@@ -442,12 +479,23 @@ module StytchB2B
       # organization::
       #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
       #   The type of this field is +Organization+ (+object+).
+      # intermediate_session_token::
+      #   The returned Intermediate Session Token contains a password factor associated with the Member.
+      #       The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization.
+      #       Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
+      #   The type of this field is +String+.
+      # member_authenticated::
+      #   Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
+      #   The type of this field is +Boolean+.
       # status_code::
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # member_session::
       #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
       #   The type of this field is nilable +MemberSession+ (+object+).
+      # mfa_required::
+      #   (Coming Soon) Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
+      #   The type of this field is nilable +MfaRequired+ (+object+).
       def reset(
         password_reset_token:,
         password:,
@@ -543,11 +591,17 @@ module StytchB2B
       # Reset the member’s password using their existing password.
       #
       # This endpoint adapts to your Project's password strength configuration.
-      # If you're using [zxcvbn](https://stytch.com/docs/passwords#strength-requirements), the default, your passwords are considered valid
-      # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/passwords#strength-requirements), your passwords are
+      # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid
+      # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are
       # considered valid if they meet the requirements that you've set with Stytch.
       # You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
       #
+      # (Coming Soon) If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+      # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
+      # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
+      #
+      # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.
+      #
       # == Parameters:
       # email_address::
       #   The email address of the Member.
@@ -586,7 +640,14 @@ module StytchB2B
       #   Total custom claims size cannot exceed four kilobytes.
       #   The type of this field is nilable +object+.
       # locale::
-      #   (no documentation yet)
+      #   (Coming Soon) If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+      #
+      # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+      #
+      # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
+      #
+      # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
+      #
       #   The type of this field is nilable +ResetRequestLocale+ (string enum).
       #
       # == Returns:
@@ -609,12 +670,23 @@ module StytchB2B
       # organization::
       #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
       #   The type of this field is +Organization+ (+object+).
+      # intermediate_session_token::
+      #   The returned Intermediate Session Token contains a password factor associated with the Member.
+      #       The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization.
+      #       Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
+      #   The type of this field is +String+.
+      # member_authenticated::
+      #   Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
+      #   The type of this field is +Boolean+.
       # status_code::
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       # member_session::
       #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
       #   The type of this field is nilable +MemberSession+ (+object+).
+      # mfa_required::
+      #   (Coming Soon) Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
+      #   The type of this field is nilable +MfaRequired+ (+object+).
       def reset(
         email_address:,
         existing_password:,

data/lib/stytch/b2b_sessions.rb

@@ -108,8 +108,7 @@ module StytchB2B
       session_jwt: nil,
       session_custom_claims: nil
     )
-      request = {
-      }
+      request = {}
       request[:session_token] = session_token unless session_token.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       request[:session_jwt] = session_jwt unless session_jwt.nil?
@@ -148,8 +147,7 @@ module StytchB2B
       session_jwt: nil,
       member_id: nil
     )
-      request = {
-      }
+      request = {}
       request[:member_session_id] = member_session_id unless member_session_id.nil?
       request[:session_token] = session_token unless session_token.nil?
       request[:session_jwt] = session_jwt unless session_jwt.nil?
@@ -162,6 +160,14 @@ module StytchB2B
     #
     # To create a new member via domain matching, use the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) flow instead.
     #
+    # Only Email Magic Link, OAuth, and SMS OTP factors can be transferred between sessions. Other authentication factors, such as password factors, will not be transferred to the new session.
+    # SMS OTP factors can be used to fulfill MFA requirements for the target Organization if both the original and target Member have the same phone number and the phone number is verified for both Members.
+    #
+    # (Coming Soon) If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+    # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
+    # The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one.
+    # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
+    #
     # == Parameters:
     # organization_id::
     #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
@@ -191,7 +197,14 @@ module StytchB2B
     #   Total custom claims size cannot exceed four kilobytes.
     #   The type of this field is nilable +object+.
     # locale::
-    #   (no documentation yet)
+    #   (Coming Soon) If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+    #
+    # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+    #
+    # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
+    #
+    # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
+    #
     #   The type of this field is nilable +ExchangeRequestLocale+ (string enum).
     #
     # == Returns:
@@ -217,9 +230,21 @@ module StytchB2B
     # organization::
     #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
     #   The type of this field is +Organization+ (+object+).
+    # member_authenticated::
+    #   Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
+    #   The type of this field is +Boolean+.
+    # intermediate_session_token::
+    #   The returned Intermediate Session Token contains any Email Magic Link or OAuth factors from the original member session that are valid for the target Organization.
+    #       The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the target Organization.
+    #       It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a different existing Organization,
+    #       or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization.
+    #   The type of this field is +String+.
     # status_code::
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
+    # mfa_required::
+    #   (Coming Soon) Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
+    #   The type of this field is nilable +MfaRequired+ (+object+).
     def exchange(
       organization_id:,
       session_token: nil,
@@ -261,8 +286,7 @@ module StytchB2B
     def get_jwks(
       project_id:
     )
-      query_params = {
-      }
+      query_params = {}
       request = request_with_query_params("/v1/b2b/sessions/jwks/#{project_id}", query_params)
       get_request(request)
     end

data/lib/stytch/b2b_sso.rb

@@ -44,8 +44,7 @@ module StytchB2B
     def get_connections(
       organization_id:
     )
-      query_params = {
-      }
+      query_params = {}
       request = request_with_query_params("/v1/b2b/sso/#{organization_id}", query_params)
       get_request(request)
     end
@@ -84,6 +83,12 @@ module StytchB2B
     # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration.
     # To link this authentication event to an existing Stytch session, include either the `session_token` or `session_jwt` param.
     #
+    # (Coming Soon) If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+    # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
+    # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
+    #
+    # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.
+    #
     # == Parameters:
     # sso_token::
     #   The token to authenticate.
@@ -116,7 +121,14 @@ module StytchB2B
     #   Total custom claims size cannot exceed four kilobytes.
     #   The type of this field is nilable +object+.
     # locale::
-    #   (no documentation yet)
+    #   (Coming Soon) If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+    #
+    # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+    #
+    # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
+    #
+    # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
+    #
     #   The type of this field is nilable +AuthenticateRequestLocale+ (string enum).
     #
     # == Returns:
@@ -146,12 +158,23 @@ module StytchB2B
     # organization::
     #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
     #   The type of this field is +Organization+ (+object+).
+    # intermediate_session_token::
+    #   The returned Intermediate Session Token contains an SSO factor associated with the Member.
+    #       The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization.
+    #       SSO factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
+    #   The type of this field is +String+.
+    # member_authenticated::
+    #   Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
+    #   The type of this field is +Boolean+.
     # status_code::
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
     # member_session::
     #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
     #   The type of this field is nilable +MemberSession+ (+object+).
+    # mfa_required::
+    #   (Coming Soon) Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
+    #   The type of this field is nilable +MfaRequired+ (+object+).
     def authenticate(
       sso_token:,
       pkce_code_verifier: nil,
@@ -206,8 +229,7 @@ module StytchB2B
         organization_id:,
         display_name: nil
       )
-        request = {
-        }
+        request = {}
         request[:display_name] = display_name unless display_name.nil?
 
         post_request("/v1/b2b/sso/oidc/#{organization_id}", request)
@@ -290,8 +312,7 @@ module StytchB2B
         userinfo_url: nil,
         jwks_url: nil
       )
-        request = {
-        }
+        request = {}
         request[:display_name] = display_name unless display_name.nil?
         request[:client_id] = client_id unless client_id.nil?
         request[:client_secret] = client_secret unless client_secret.nil?
@@ -337,8 +358,7 @@ module StytchB2B
         organization_id:,
         display_name: nil
       )
-        request = {
-        }
+        request = {}
         request[:display_name] = display_name unless display_name.nil?
 
         post_request("/v1/b2b/sso/saml/#{organization_id}", request)
@@ -395,8 +415,7 @@ module StytchB2B
         x509_certificate: nil,
         idp_sso_url: nil
       )
-        request = {
-        }
+        request = {}
         request[:idp_entity_id] = idp_entity_id unless idp_entity_id.nil?
         request[:display_name] = display_name unless display_name.nil?
         request[:attribute_mapping] = attribute_mapping unless attribute_mapping.nil?

data/lib/stytch/client.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'crypto_wallets'
+require_relative 'm2m'
 require_relative 'magic_links'
 require_relative 'oauth'
 require_relative 'otps'
@@ -14,7 +15,7 @@ module Stytch
   class Client
     ENVIRONMENTS = %i[live test].freeze
 
-    attr_reader :crypto_wallets, :magic_links, :oauth, :otps, :passwords, :sessions, :totps, :users, :webauthn
+    attr_reader :crypto_wallets, :m2m, :magic_links, :oauth, :otps, :passwords, :sessions, :totps, :users, :webauthn
 
     def initialize(project_id:, secret:, env: nil, &block)
       @api_host   = api_host(env, project_id)
@@ -24,6 +25,7 @@ module Stytch
       create_connection(&block)
 
       @crypto_wallets = Stytch::CryptoWallets.new(@connection)
+      @m2m = Stytch::M2M.new(@connection, project_id)
       @magic_links = Stytch::MagicLinks.new(@connection)
       @oauth = Stytch::OAuth.new(@connection)
       @otps = Stytch::OTPs.new(@connection)