stytch 6.4.0 → 7.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 94327b3a992f3e596ec4c0a5a6bad97d2c78041e15f12a470949819aa5c0994d
-  data.tar.gz: a02935d82c7129002058f425f15d73886b5f373b9f942e35cfb410fd62c7148d
+  metadata.gz: 7146e140429bd2244d6cb3fc47a94e545487c92f8a4e7b18216d23c59f47ad25
+  data.tar.gz: 548974370b5bcd86c1c54959f5447829742c2547491ab646cf108d769030f745
 SHA512:
-  metadata.gz: c366e0741c92ecf5ce5413beb57917a01f733ecc231540aebfab19c8a51ee75e7ee9deded5d23453b0580fc3556c90f7e2d1b707dfd79fa6aa6fa6b43cf5e152
-  data.tar.gz: 9e2540999fa38c50436ea9409859cff663378d7b4a4d21a9ec15bdc8e36b326ed3ae2d681751739adbcecb57b3bd3a1c578394ba6d9dd2b92a1e9b5863f1a84b
+  metadata.gz: 8de8b7d887ea706d38a81e15288fe87532c0f37df8021f2e36f547438547625a39aeedaea5d6757d7217da68732a71ad70f654f3e906a11b034d74411e3e5f9c
+  data.tar.gz: ff1ee0fee78c564b78cadddce1b4fddb3f8e06356e649db35e411db81ac6f7fad00b3177017950a8f0ef1dceff330ae1c91bb0b91838c5e477fc075bbf4183d0

data/.github/workflows/ruby.yml

@@ -26,3 +26,16 @@ jobs:
           bundler-cache: true
 
       - run: bundle exec rspec
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          # Match the minimum supported Ruby version in the gemspec.
+          ruby-version: '2.7'
+          bundler-cache: true
+
+      - run: bundle exec rubocop

data/.gitignore

@@ -8,6 +8,8 @@
 /tmp/
 *.gem
 Gemfile.lock
+.idea/
+.envrc
 
 # rspec failure tracking
 .rspec_status

data/.rubocop.yml

@@ -0,0 +1,21 @@
+require:
+ - rubocop-rspec
+
+AllCops:
+  NewCops: disable
+  # The target Ruby version must match the one in stytch.gemspec.
+  TargetRubyVersion: 2.7
+
+Layout/LineLength: { Enabled: false }
+
+Metrics: { Enabled: false }
+
+Style/Documentation: { Enabled: false }
+Style/For: { Enabled: false }
+Style/FrozenStringLiteralComment: { Enabled: false }
+Style/NumericPredicate: { Enabled: false }
+Style/StringConcatenation: { Enabled: false }
+
+RSpec/DescribedClass: { Enabled: false }
+RSpec/ExampleLength: { Enabled: false }
+RSpec/MultipleExpectations: { Enabled: false }

data/DEVELOPMENT.md

@@ -5,7 +5,9 @@ Thanks for contributing to Stytch's Ruby library! If you run into trouble, find
 ## Setup
 
 1. Clone this repo.
-2. To test your changes locally, update your GEMFILE with `gem 'stytch', path: '../stytch'` where `../stytch` is the path to your cloned copy of stytch-ruby.
+2. Install development dependencies using [Bundler]: `bundle install`
+
+To test your changes locally in another project, update your `GEMFILE` with `gem 'stytch', path: '../stytch'` where `../stytch` is the path to your cloned copy of stytch-ruby.
 
 ## Issues and Pull Requests
 
@@ -15,4 +17,5 @@ If you have non-trivial changes you'd like us to incorporate, please open an iss
 
 When you're ready for someone to look at your issue or PR, assign `@stytchauth/client-libraries` (GitHub should do this automatically). If we don't acknowledge it within one business day, please escalate it by tagging `@stytchauth/engineering` in a comment or letting us know in [Slack].
 
-[Slack]: https://join.slack.com/t/stytch/shared_invite/zt-nil4wo92-jApJ9Cl32cJbEd9esKkvyg
+[Bundler]: https://bundler.io/
+[Slack]: https://join.slack.com/t/stytch/shared_invite/zt-nil4wo92-jApJ9Cl32cJbEd9esKkvyg

data/README.md

@@ -2,7 +2,7 @@
 
 The Stytch Ruby gem makes it easy to use the Stytch user infrastructure API in Ruby applications.
 
-It pairs well with the Stytch [Web SDK](https://www.npmjs.com/package/@stytch/stytch-js) or your own custom authentication flow.
+It pairs well with the Stytch [Web SDK](https://www.npmjs.com/package/@stytch/vanilla-js) or your own custom authentication flow.
 
 ## Install
 

data/lib/stytch/b2b_client.rb

@@ -6,15 +6,19 @@ require_relative 'b2b_oauth'
 require_relative 'b2b_organizations'
 require_relative 'b2b_otp'
 require_relative 'b2b_passwords'
+require_relative 'b2b_rbac'
+require_relative 'b2b_recovery_codes'
 require_relative 'b2b_sessions'
 require_relative 'b2b_sso'
+require_relative 'b2b_totps'
 require_relative 'm2m'
+require_relative 'rbac_local'
 
 module StytchB2B
   class Client
     ENVIRONMENTS = %i[live test].freeze
 
-    attr_reader :discovery, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :sso, :sessions
+    attr_reader :discovery, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :rbac, :recovery_codes, :sso, :sessions, :totps
 
     def initialize(project_id:, secret:, env: nil, &block)
       @api_host   = api_host(env, project_id)
@@ -23,15 +27,21 @@ module StytchB2B
 
       create_connection(&block)
 
+      rbac = StytchB2B::RBAC.new(@connection)
+      @policy_cache = StytchB2B::PolicyCache.new(rbac_client: rbac)
+
       @discovery = StytchB2B::Discovery.new(@connection)
-      @m2m = Stytch::M2M.new(@connection, project_id)
+      @m2m = Stytch::M2M.new(@connection, @project_id)
       @magic_links = StytchB2B::MagicLinks.new(@connection)
       @oauth = StytchB2B::OAuth.new(@connection)
       @otps = StytchB2B::OTPs.new(@connection)
       @organizations = StytchB2B::Organizations.new(@connection)
       @passwords = StytchB2B::Passwords.new(@connection)
+      @rbac = StytchB2B::RBAC.new(@connection)
+      @recovery_codes = StytchB2B::RecoveryCodes.new(@connection)
       @sso = StytchB2B::SSO.new(@connection)
-      @sessions = StytchB2B::Sessions.new(@connection)
+      @sessions = StytchB2B::Sessions.new(@connection, @project_id, @policy_cache)
+      @totps = StytchB2B::TOTPs.new(@connection)
     end
 
     private

data/lib/stytch/b2b_discovery.rb

@@ -122,6 +122,7 @@ module StytchB2B
         session_custom_claims: nil,
         locale: nil
       )
+        headers = {}
         request = {
           intermediate_session_token: intermediate_session_token,
           organization_id: organization_id
@@ -130,7 +131,7 @@ module StytchB2B
         request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
         request[:locale] = locale unless locale.nil?
 
-        post_request('/v1/b2b/discovery/intermediate_sessions/exchange', request)
+        post_request('/v1/b2b/discovery/intermediate_sessions/exchange', request, headers)
       end
     end
 
@@ -141,12 +142,15 @@ module StytchB2B
         @connection = connection
       end
 
-      # If an end user does not want to join any already-existing organization, or has no possible organizations to join, this endpoint can be used to create a new
+      # If an end user does not want to join any already-existing Organization, or has no possible Organizations to join, this endpoint can be used to create a new
       # [Organization](https://stytch.com/docs/b2b/api/organization-object) and [Member](https://stytch.com/docs/b2b/api/member-object).
       #
       # This operation consumes the Intermediate Session.
       #
-      # This endpoint can also be used to start an initial session for the newly created member and organization.
+      # This endpoint will also create an initial Member Session for the newly created Member.
+      #
+      # The Member created by this endpoint will automatically be granted the `stytch_admin` Role. See the
+      # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for more details on this Role.
       #
       # If the new Organization is created with a `mfa_policy` of `REQUIRED_FOR_ALL`, the newly created Member will need to complete an MFA step to log in to the Organization.
       # The `intermediate_session_token` will not be consumed and instead will be returned in the response.
@@ -208,11 +212,11 @@ module StytchB2B
       #     Common domains such as `gmail.com` are not allowed. See the [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list.
       #   The type of this field is nilable list of +String+.
       # email_jit_provisioning::
-      #   The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link. The accepted values are:
+      #   The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are:
       #
-      #   `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link.
+      #   `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth.
       #
-      #   `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link.
+      #   `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth.
       #
       #   The type of this field is nilable +String+.
       # email_invites::
@@ -234,7 +238,6 @@ module StytchB2B
       #
       #   The type of this field is nilable +String+.
       # allowed_auth_methods::
-      #
       #   An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
       #   The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
       #
@@ -242,11 +245,30 @@ module StytchB2B
       # mfa_policy::
       #   The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
       #
-      #   `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in.
+      #   `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid.
       #
       #   `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true.
       #
       #   The type of this field is nilable +String+.
+      # rbac_email_implicit_role_assignments::
+      #   Implicit role assignments based off of email domains.
+      #   For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
+      #   associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
+      #   for more information about role assignment.
+      #   The type of this field is nilable list of +EmailImplicitRoleAssignment+ (+object+).
+      # mfa_methods::
+      #   The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are:
+      #
+      #   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
+      #
+      #   `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
+      #
+      #   The type of this field is nilable +String+.
+      # allowed_mfa_methods::
+      #   An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
+      #   The list's accepted values are: `sms_otp` and `totp`.
+      #
+      #   The type of this field is nilable list of +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -300,8 +322,12 @@ module StytchB2B
         email_invites: nil,
         auth_methods: nil,
         allowed_auth_methods: nil,
-        mfa_policy: nil
+        mfa_policy: nil,
+        rbac_email_implicit_role_assignments: nil,
+        mfa_methods: nil,
+        allowed_mfa_methods: nil
       )
+        headers = {}
         request = {
           intermediate_session_token: intermediate_session_token,
           organization_name: organization_name,
@@ -318,8 +344,11 @@ module StytchB2B
         request[:auth_methods] = auth_methods unless auth_methods.nil?
         request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
         request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
+        request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
+        request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
+        request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
 
-        post_request('/v1/b2b/discovery/organizations/create', request)
+        post_request('/v1/b2b/discovery/organizations/create', request, headers)
       end
 
       # List all possible organization relationships connected to a [Member Session](https://stytch.com/docs/b2b/api/session-object) or Intermediate Session.
@@ -383,12 +412,13 @@ module StytchB2B
         session_token: nil,
         session_jwt: nil
       )
+        headers = {}
         request = {}
         request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
         request[:session_token] = session_token unless session_token.nil?
         request[:session_jwt] = session_jwt unless session_jwt.nil?
 
-        post_request('/v1/b2b/discovery/organizations', request)
+        post_request('/v1/b2b/discovery/organizations', request, headers)
       end
     end
   end

data/lib/stytch/b2b_magic_links.rb

@@ -133,6 +133,7 @@ module StytchB2B
       session_custom_claims: nil,
       locale: nil
     )
+      headers = {}
       request = {
         magic_links_token: magic_links_token
       }
@@ -143,7 +144,7 @@ module StytchB2B
       request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
       request[:locale] = locale unless locale.nil?
 
-      post_request('/v1/b2b/magic_links/authenticate', request)
+      post_request('/v1/b2b/magic_links/authenticate', request, headers)
     end
 
     class Email
@@ -225,6 +226,7 @@ module StytchB2B
         signup_template_id: nil,
         locale: nil
       )
+        headers = {}
         request = {
           organization_id: organization_id,
           email_address: email_address
@@ -236,10 +238,10 @@ module StytchB2B
         request[:signup_template_id] = signup_template_id unless signup_template_id.nil?
         request[:locale] = locale unless locale.nil?
 
-        post_request('/v1/b2b/magic_links/email/login_or_signup', request)
+        post_request('/v1/b2b/magic_links/email/login_or_signup', request, headers)
       end
 
-      # Send an invite email to a new Member to join an Organization. The Member will be created with an `invited` status until they successfully authenticate. Sending invites to `pending` Members will update their status to `invited`. Sending invites to already `active` Members will return an error.
+      # Send an invite email to a new Member to join an Organization. The Member will be created with an `invited` status until they successfully authenticate. Sending invites to `pending` Members will update their status to `invited`. Sending invites to already `active` Members will return an error. /%}
       #
       # == Parameters:
       # organization_id::
@@ -279,6 +281,10 @@ module StytchB2B
       # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
       #
       #   The type of this field is nilable +InviteRequestLocale+ (string enum).
+      # roles::
+      #   Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
+      #    for more information about role assignment.
+      #   The type of this field is nilable list of +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -297,6 +303,9 @@ module StytchB2B
       # status_code::
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
+      #
+      # == Method Options:
+      # This method supports an optional +InviteRequestOptions+ object which will modify the headers sent in the HTTP request.
       def invite(
         organization_id:,
         email_address:,
@@ -306,8 +315,12 @@ module StytchB2B
         trusted_metadata: nil,
         untrusted_metadata: nil,
         invite_template_id: nil,
-        locale: nil
+        locale: nil,
+        roles: nil,
+        method_options: nil
       )
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
         request = {
           organization_id: organization_id,
           email_address: email_address
@@ -319,8 +332,9 @@ module StytchB2B
         request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil?
         request[:invite_template_id] = invite_template_id unless invite_template_id.nil?
         request[:locale] = locale unless locale.nil?
+        request[:roles] = roles unless roles.nil?
 
-        post_request('/v1/b2b/magic_links/email/invite', request)
+        post_request('/v1/b2b/magic_links/email/invite', request, headers)
       end
 
       class Discovery
@@ -372,6 +386,7 @@ module StytchB2B
           login_template_id: nil,
           locale: nil
         )
+          headers = {}
           request = {
             email_address: email_address
           }
@@ -380,7 +395,7 @@ module StytchB2B
           request[:login_template_id] = login_template_id unless login_template_id.nil?
           request[:locale] = locale unless locale.nil?
 
-          post_request('/v1/b2b/magic_links/email/discovery/send', request)
+          post_request('/v1/b2b/magic_links/email/discovery/send', request, headers)
         end
       end
     end
@@ -437,12 +452,13 @@ module StytchB2B
         discovery_magic_links_token:,
         pkce_code_verifier: nil
       )
+        headers = {}
         request = {
           discovery_magic_links_token: discovery_magic_links_token
         }
         request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil?
 
-        post_request('/v1/b2b/magic_links/discovery/authenticate', request)
+        post_request('/v1/b2b/magic_links/discovery/authenticate', request, headers)
       end
     end
   end

data/lib/stytch/b2b_oauth.rb

@@ -28,6 +28,8 @@ module StytchB2B
     #
     # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.
     #
+    # We’re actively accepting requests for new OAuth providers! Please [email us](mailto:support@stytch.com) or [post in our community](https://stytch.com/docs/b2b/resources) if you are looking for an OAuth provider that is not currently supported.
+    #
     # == Parameters:
     # oauth_token::
     #   The token to authenticate.
@@ -134,6 +136,7 @@ module StytchB2B
       pkce_code_verifier: nil,
       locale: nil
     )
+      headers = {}
       request = {
         oauth_token: oauth_token
       }
@@ -144,7 +147,7 @@ module StytchB2B
       request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil?
       request[:locale] = locale unless locale.nil?
 
-      post_request('/v1/b2b/oauth/authenticate', request)
+      post_request('/v1/b2b/oauth/authenticate', request, headers)
     end
 
     class Discovery
@@ -204,6 +207,12 @@ module StytchB2B
       #
       #       c) The Organization has at least one other Member with a verified email address with the same domain as the end user (to prevent phishing attacks).
       #   The type of this field is list of +DiscoveredOrganization+ (+object+).
+      # provider_type::
+      #   (no documentation yet)
+      #   The type of this field is +String+.
+      # provider_tenant_id::
+      #   (no documentation yet)
+      #   The type of this field is +String+.
       # status_code::
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
@@ -215,6 +224,7 @@ module StytchB2B
         session_custom_claims: nil,
         pkce_code_verifier: nil
       )
+        headers = {}
         request = {
           discovery_oauth_token: discovery_oauth_token
         }
@@ -224,7 +234,7 @@ module StytchB2B
         request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
         request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil?
 
-        post_request('/v1/b2b/oauth/discovery/authenticate', request)
+        post_request('/v1/b2b/oauth/discovery/authenticate', request, headers)
       end
     end
   end