stytch 6.4.0 → 7.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +13 -0
- data/.gitignore +2 -0
- data/.rubocop.yml +21 -0
- data/DEVELOPMENT.md +5 -2
- data/README.md +1 -1
- data/lib/stytch/b2b_client.rb +13 -3
- data/lib/stytch/b2b_discovery.rb +41 -11
- data/lib/stytch/b2b_magic_links.rb +23 -7
- data/lib/stytch/b2b_oauth.rb +12 -2
- data/lib/stytch/b2b_organizations.rb +348 -47
- data/lib/stytch/b2b_otp.rb +35 -4
- data/lib/stytch/b2b_passwords.rb +92 -19
- data/lib/stytch/b2b_rbac.rb +47 -0
- data/lib/stytch/b2b_recovery_codes.rb +199 -0
- data/lib/stytch/b2b_sessions.rb +187 -7
- data/lib/stytch/b2b_sso.rb +172 -19
- data/lib/stytch/b2b_totps.rb +261 -0
- data/lib/stytch/client.rb +2 -2
- data/lib/stytch/crypto_wallets.rb +4 -2
- data/lib/stytch/errors.rb +14 -0
- data/lib/stytch/m2m.rb +16 -9
- data/lib/stytch/magic_links.rb +20 -12
- data/lib/stytch/method_options.rb +22 -0
- data/lib/stytch/oauth.rb +10 -4
- data/lib/stytch/otps.rb +26 -16
- data/lib/stytch/passwords.rb +62 -14
- data/lib/stytch/rbac_local.rb +58 -0
- data/lib/stytch/request_helper.rb +12 -8
- data/lib/stytch/sessions.rb +51 -28
- data/lib/stytch/totps.rb +9 -5
- data/lib/stytch/users.rb +30 -16
- data/lib/stytch/version.rb +1 -1
- data/lib/stytch/webauthn.rb +126 -24
- data/stytch.gemspec +2 -0
- metadata +36 -2
@@ -9,6 +9,44 @@
|
|
9
9
|
require_relative 'request_helper'
|
10
10
|
|
11
11
|
module StytchB2B
|
12
|
+
class UpdateRequestOptions
|
13
|
+
# Optional authorization object.
|
14
|
+
# Pass in an active Stytch Member session token or session JWT and the request
|
15
|
+
# will be run using that member's permissions.
|
16
|
+
attr_accessor :authorization
|
17
|
+
|
18
|
+
def initialize(
|
19
|
+
authorization: nil
|
20
|
+
)
|
21
|
+
@authorization = authorization
|
22
|
+
end
|
23
|
+
|
24
|
+
def to_headers
|
25
|
+
headers = {}
|
26
|
+
headers.merge!(@authorization.to_headers) if authorization
|
27
|
+
headers
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
class DeleteRequestOptions
|
32
|
+
# Optional authorization object.
|
33
|
+
# Pass in an active Stytch Member session token or session JWT and the request
|
34
|
+
# will be run using that member's permissions.
|
35
|
+
attr_accessor :authorization
|
36
|
+
|
37
|
+
def initialize(
|
38
|
+
authorization: nil
|
39
|
+
)
|
40
|
+
@authorization = authorization
|
41
|
+
end
|
42
|
+
|
43
|
+
def to_headers
|
44
|
+
headers = {}
|
45
|
+
headers.merge!(@authorization.to_headers) if authorization
|
46
|
+
headers
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
12
50
|
class Organizations
|
13
51
|
include Stytch::RequestHelper
|
14
52
|
attr_reader :members
|
@@ -27,10 +65,10 @@ module StytchB2B
|
|
27
65
|
#
|
28
66
|
# == Parameters:
|
29
67
|
# organization_name::
|
30
|
-
# The name of the Organization.
|
68
|
+
# The name of the Organization. Must be between 1 and 128 characters in length.
|
31
69
|
# The type of this field is +String+.
|
32
70
|
# organization_slug::
|
33
|
-
# The unique URL slug of the Organization.
|
71
|
+
# The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
|
34
72
|
# The type of this field is nilable +String+.
|
35
73
|
# organization_logo_url::
|
36
74
|
# The image URL of the Organization logo.
|
@@ -55,11 +93,11 @@ module StytchB2B
|
|
55
93
|
# Common domains such as `gmail.com` are not allowed. See the [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list.
|
56
94
|
# The type of this field is nilable list of +String+.
|
57
95
|
# email_jit_provisioning::
|
58
|
-
# The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link. The accepted values are:
|
96
|
+
# The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are:
|
59
97
|
#
|
60
|
-
# `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link.
|
98
|
+
# `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth.
|
61
99
|
#
|
62
|
-
# `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link.
|
100
|
+
# `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth.
|
63
101
|
#
|
64
102
|
# The type of this field is nilable +String+.
|
65
103
|
# email_invites::
|
@@ -81,7 +119,6 @@ module StytchB2B
|
|
81
119
|
#
|
82
120
|
# The type of this field is nilable +String+.
|
83
121
|
# allowed_auth_methods::
|
84
|
-
#
|
85
122
|
# An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
|
86
123
|
# The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
|
87
124
|
#
|
@@ -89,11 +126,30 @@ module StytchB2B
|
|
89
126
|
# mfa_policy::
|
90
127
|
# The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
|
91
128
|
#
|
92
|
-
# `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in.
|
129
|
+
# `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid.
|
93
130
|
#
|
94
131
|
# `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true.
|
95
132
|
#
|
96
133
|
# The type of this field is nilable +String+.
|
134
|
+
# rbac_email_implicit_role_assignments::
|
135
|
+
# Implicit role assignments based off of email domains.
|
136
|
+
# For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
|
137
|
+
# associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
|
138
|
+
# for more information about role assignment.
|
139
|
+
# The type of this field is nilable list of +EmailImplicitRoleAssignment+ (+object+).
|
140
|
+
# mfa_methods::
|
141
|
+
# The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are:
|
142
|
+
#
|
143
|
+
# `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
|
144
|
+
#
|
145
|
+
# `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
|
146
|
+
#
|
147
|
+
# The type of this field is nilable +String+.
|
148
|
+
# allowed_mfa_methods::
|
149
|
+
# An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
|
150
|
+
# The list's accepted values are: `sms_otp` and `totp`.
|
151
|
+
#
|
152
|
+
# The type of this field is nilable list of +String+.
|
97
153
|
#
|
98
154
|
# == Returns:
|
99
155
|
# An object with the following fields:
|
@@ -117,8 +173,12 @@ module StytchB2B
|
|
117
173
|
email_invites: nil,
|
118
174
|
auth_methods: nil,
|
119
175
|
allowed_auth_methods: nil,
|
120
|
-
mfa_policy: nil
|
176
|
+
mfa_policy: nil,
|
177
|
+
rbac_email_implicit_role_assignments: nil,
|
178
|
+
mfa_methods: nil,
|
179
|
+
allowed_mfa_methods: nil
|
121
180
|
)
|
181
|
+
headers = {}
|
122
182
|
request = {
|
123
183
|
organization_name: organization_name
|
124
184
|
}
|
@@ -132,8 +192,11 @@ module StytchB2B
|
|
132
192
|
request[:auth_methods] = auth_methods unless auth_methods.nil?
|
133
193
|
request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
|
134
194
|
request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
|
195
|
+
request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
|
196
|
+
request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
|
197
|
+
request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
|
135
198
|
|
136
|
-
post_request('/v1/b2b/organizations', request)
|
199
|
+
post_request('/v1/b2b/organizations', request, headers)
|
137
200
|
end
|
138
201
|
|
139
202
|
# Returns an Organization specified by `organization_id`.
|
@@ -157,33 +220,56 @@ module StytchB2B
|
|
157
220
|
def get(
|
158
221
|
organization_id:
|
159
222
|
)
|
223
|
+
headers = {}
|
160
224
|
query_params = {}
|
161
225
|
request = request_with_query_params("/v1/b2b/organizations/#{organization_id}", query_params)
|
162
|
-
get_request(request)
|
226
|
+
get_request(request, headers)
|
163
227
|
end
|
164
228
|
|
165
|
-
# Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members.
|
229
|
+
# Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members.
|
166
230
|
#
|
167
231
|
# *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.
|
168
232
|
#
|
233
|
+
# Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
|
234
|
+
# a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
|
235
|
+
# Member Session has the necessary permissions. The specific permissions needed depend on which of the optional fields
|
236
|
+
# are passed in the request. For example, if the `organization_name` argument is provided, the Member Session must have
|
237
|
+
# permission to perform the `update.info.name` action on the `stytch.organization` Resource.
|
238
|
+
#
|
239
|
+
# If the Member Session does not contain a Role that satisfies the requested permissions, or if the Member's Organization
|
240
|
+
# does not match the `organization_id` passed in the request, a 403 error will be thrown. Otherwise, the request will
|
241
|
+
# proceed as normal.
|
242
|
+
#
|
243
|
+
# To learn more about our RBAC implementation, see our [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/overview).
|
244
|
+
#
|
169
245
|
# == Parameters:
|
170
246
|
# organization_id::
|
171
247
|
# Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
|
172
248
|
# The type of this field is +String+.
|
173
249
|
# organization_name::
|
174
|
-
# The name of the Organization.
|
250
|
+
# The name of the Organization. Must be between 1 and 128 characters in length.
|
251
|
+
#
|
252
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.name` action on the `stytch.organization` Resource.
|
175
253
|
# The type of this field is nilable +String+.
|
176
254
|
# organization_slug::
|
177
|
-
# The unique URL slug of the Organization.
|
255
|
+
# The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
|
256
|
+
#
|
257
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.slug` action on the `stytch.organization` Resource.
|
178
258
|
# The type of this field is nilable +String+.
|
179
259
|
# organization_logo_url::
|
180
260
|
# The image URL of the Organization logo.
|
261
|
+
#
|
262
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.logo-url` action on the `stytch.organization` Resource.
|
181
263
|
# The type of this field is nilable +String+.
|
182
264
|
# trusted_metadata::
|
183
265
|
# An arbitrary JSON object for storing application-specific data or identity-provider-specific data.
|
266
|
+
# If a session header is passed into the request, this field may **not** be passed into the request. You cannot
|
267
|
+
# update trusted metadata when acting as a Member.
|
184
268
|
# The type of this field is nilable +object+.
|
185
269
|
# sso_default_connection_id::
|
186
270
|
# The default connection used for SSO when there are multiple active connections.
|
271
|
+
#
|
272
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.default-sso-connection` action on the `stytch.organization` Resource.
|
187
273
|
# The type of this field is nilable +String+.
|
188
274
|
# sso_jit_provisioning::
|
189
275
|
# The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are:
|
@@ -194,24 +280,32 @@ module StytchB2B
|
|
194
280
|
#
|
195
281
|
# `NOT_ALLOWED` – disable JIT provisioning via SSO.
|
196
282
|
#
|
283
|
+
#
|
284
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.sso-jit-provisioning` action on the `stytch.organization` Resource.
|
197
285
|
# The type of this field is nilable +String+.
|
198
286
|
# sso_jit_provisioning_allowed_connections::
|
199
287
|
# An array of `connection_id`s that reference [SAML Connection objects](https://stytch.com/docs/b2b/api/saml-connection-object).
|
200
288
|
# Only these connections will be allowed to JIT provision Members via SSO when `sso_jit_provisioning` is set to `RESTRICTED`.
|
289
|
+
#
|
290
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.sso-jit-provisioning` action on the `stytch.organization` Resource.
|
201
291
|
# The type of this field is nilable list of +String+.
|
202
292
|
# email_allowed_domains::
|
203
293
|
# An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`.
|
204
294
|
#
|
205
295
|
#
|
206
296
|
# Common domains such as `gmail.com` are not allowed. See the [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list.
|
297
|
+
#
|
298
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-domains` action on the `stytch.organization` Resource.
|
207
299
|
# The type of this field is nilable list of +String+.
|
208
300
|
# email_jit_provisioning::
|
209
|
-
# The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link. The accepted values are:
|
301
|
+
# The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are:
|
302
|
+
#
|
303
|
+
# `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth.
|
210
304
|
#
|
211
|
-
# `
|
305
|
+
# `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth.
|
212
306
|
#
|
213
|
-
# `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link.
|
214
307
|
#
|
308
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.email-jit-provisioning` action on the `stytch.organization` Resource.
|
215
309
|
# The type of this field is nilable +String+.
|
216
310
|
# email_invites::
|
217
311
|
# The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are:
|
@@ -222,6 +316,8 @@ module StytchB2B
|
|
222
316
|
#
|
223
317
|
# `NOT_ALLOWED` – disable email invites.
|
224
318
|
#
|
319
|
+
#
|
320
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.email-invites` action on the `stytch.organization` Resource.
|
225
321
|
# The type of this field is nilable +String+.
|
226
322
|
# auth_methods::
|
227
323
|
# The setting that controls which authentication methods can be used by Members of an Organization. The accepted values are:
|
@@ -230,21 +326,51 @@ module StytchB2B
|
|
230
326
|
#
|
231
327
|
# `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
|
232
328
|
#
|
329
|
+
#
|
330
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
|
233
331
|
# The type of this field is nilable +String+.
|
234
332
|
# allowed_auth_methods::
|
235
|
-
#
|
236
333
|
# An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
|
237
334
|
# The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
|
238
335
|
#
|
336
|
+
#
|
337
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
|
239
338
|
# The type of this field is nilable list of +String+.
|
240
339
|
# mfa_policy::
|
241
340
|
# The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
|
242
341
|
#
|
243
|
-
# `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in.
|
342
|
+
# `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid.
|
244
343
|
#
|
245
344
|
# `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true.
|
246
345
|
#
|
346
|
+
#
|
347
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.mfa-policy` action on the `stytch.organization` Resource.
|
348
|
+
# The type of this field is nilable +String+.
|
349
|
+
# rbac_email_implicit_role_assignments::
|
350
|
+
# Implicit role assignments based off of email domains.
|
351
|
+
# For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
|
352
|
+
# associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
|
353
|
+
# for more information about role assignment.
|
354
|
+
#
|
355
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.implicit-roles` action on the `stytch.organization` Resource.
|
356
|
+
# The type of this field is nilable list of +String+.
|
357
|
+
# mfa_methods::
|
358
|
+
# The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are:
|
359
|
+
#
|
360
|
+
# `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
|
361
|
+
#
|
362
|
+
# `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
|
363
|
+
#
|
364
|
+
#
|
365
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.
|
247
366
|
# The type of this field is nilable +String+.
|
367
|
+
# allowed_mfa_methods::
|
368
|
+
# An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
|
369
|
+
# The list's accepted values are: `sms_otp` and `totp`.
|
370
|
+
#
|
371
|
+
#
|
372
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.
|
373
|
+
# The type of this field is nilable list of +String+.
|
248
374
|
#
|
249
375
|
# == Returns:
|
250
376
|
# An object with the following fields:
|
@@ -257,6 +383,9 @@ module StytchB2B
|
|
257
383
|
# status_code::
|
258
384
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
259
385
|
# The type of this field is +Integer+.
|
386
|
+
#
|
387
|
+
# == Method Options:
|
388
|
+
# This method supports an optional +UpdateRequestOptions+ object which will modify the headers sent in the HTTP request.
|
260
389
|
def update(
|
261
390
|
organization_id:,
|
262
391
|
organization_name: nil,
|
@@ -271,8 +400,14 @@ module StytchB2B
|
|
271
400
|
email_invites: nil,
|
272
401
|
auth_methods: nil,
|
273
402
|
allowed_auth_methods: nil,
|
274
|
-
mfa_policy: nil
|
403
|
+
mfa_policy: nil,
|
404
|
+
rbac_email_implicit_role_assignments: nil,
|
405
|
+
mfa_methods: nil,
|
406
|
+
allowed_mfa_methods: nil,
|
407
|
+
method_options: nil
|
275
408
|
)
|
409
|
+
headers = {}
|
410
|
+
headers = headers.merge(method_options.to_headers) unless method_options.nil?
|
276
411
|
request = {}
|
277
412
|
request[:organization_name] = organization_name unless organization_name.nil?
|
278
413
|
request[:organization_slug] = organization_slug unless organization_slug.nil?
|
@@ -280,21 +415,21 @@ module StytchB2B
|
|
280
415
|
request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
|
281
416
|
request[:sso_default_connection_id] = sso_default_connection_id unless sso_default_connection_id.nil?
|
282
417
|
request[:sso_jit_provisioning] = sso_jit_provisioning unless sso_jit_provisioning.nil?
|
283
|
-
unless sso_jit_provisioning_allowed_connections.nil?
|
284
|
-
request[:sso_jit_provisioning_allowed_connections] =
|
285
|
-
sso_jit_provisioning_allowed_connections
|
286
|
-
end
|
418
|
+
request[:sso_jit_provisioning_allowed_connections] = sso_jit_provisioning_allowed_connections unless sso_jit_provisioning_allowed_connections.nil?
|
287
419
|
request[:email_allowed_domains] = email_allowed_domains unless email_allowed_domains.nil?
|
288
420
|
request[:email_jit_provisioning] = email_jit_provisioning unless email_jit_provisioning.nil?
|
289
421
|
request[:email_invites] = email_invites unless email_invites.nil?
|
290
422
|
request[:auth_methods] = auth_methods unless auth_methods.nil?
|
291
423
|
request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
|
292
424
|
request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
|
425
|
+
request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
|
426
|
+
request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
|
427
|
+
request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
|
293
428
|
|
294
|
-
put_request("/v1/b2b/organizations/#{organization_id}", request)
|
429
|
+
put_request("/v1/b2b/organizations/#{organization_id}", request, headers)
|
295
430
|
end
|
296
431
|
|
297
|
-
# Deletes an Organization specified by `organization_id`. All Members of the Organization will also be deleted.
|
432
|
+
# Deletes an Organization specified by `organization_id`. All Members of the Organization will also be deleted. /%}
|
298
433
|
#
|
299
434
|
# == Parameters:
|
300
435
|
# organization_id::
|
@@ -312,10 +447,16 @@ module StytchB2B
|
|
312
447
|
# status_code::
|
313
448
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
314
449
|
# The type of this field is +Integer+.
|
450
|
+
#
|
451
|
+
# == Method Options:
|
452
|
+
# This method supports an optional +DeleteRequestOptions+ object which will modify the headers sent in the HTTP request.
|
315
453
|
def delete(
|
316
|
-
organization_id
|
454
|
+
organization_id:,
|
455
|
+
method_options: nil
|
317
456
|
)
|
318
|
-
|
457
|
+
headers = {}
|
458
|
+
headers = headers.merge(method_options.to_headers) unless method_options.nil?
|
459
|
+
delete_request("/v1/b2b/organizations/#{organization_id}", headers)
|
319
460
|
end
|
320
461
|
|
321
462
|
# Search for Organizations. If you send a request with no body params, no filtering will be applied and the endpoint will return all Organizations. All fuzzy search filters require a minimum of three characters.
|
@@ -350,12 +491,13 @@ module StytchB2B
|
|
350
491
|
limit: nil,
|
351
492
|
query: nil
|
352
493
|
)
|
494
|
+
headers = {}
|
353
495
|
request = {}
|
354
496
|
request[:cursor] = cursor unless cursor.nil?
|
355
497
|
request[:limit] = limit unless limit.nil?
|
356
498
|
request[:query] = query unless query.nil?
|
357
499
|
|
358
|
-
post_request('/v1/b2b/organizations/search', request)
|
500
|
+
post_request('/v1/b2b/organizations/search', request, headers)
|
359
501
|
end
|
360
502
|
|
361
503
|
class Members
|
@@ -367,6 +509,18 @@ module StytchB2B
|
|
367
509
|
|
368
510
|
# Updates a Member specified by `organization_id` and `member_id`.
|
369
511
|
#
|
512
|
+
# Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
|
513
|
+
# a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
|
514
|
+
# Member Session has the necessary permissions. The specific permissions needed depend on which of the optional fields
|
515
|
+
# are passed in the request. For example, if the `organization_name` argument is provided, the Member Session must have
|
516
|
+
# permission to perform the `update.info.name` action on the `stytch.organization` Resource.
|
517
|
+
#
|
518
|
+
# If the Member Session does not contain a Role that satisfies the requested permissions, or if the Member's Organization
|
519
|
+
# does not match the `organization_id` passed in the request, a 403 error will be thrown. Otherwise, the request will
|
520
|
+
# proceed as normal.
|
521
|
+
#
|
522
|
+
# To learn more about our RBAC implementation, see our [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/overview).
|
523
|
+
#
|
370
524
|
# == Parameters:
|
371
525
|
# organization_id::
|
372
526
|
# Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
|
@@ -376,24 +530,60 @@ module StytchB2B
|
|
376
530
|
# The type of this field is +String+.
|
377
531
|
# name::
|
378
532
|
# The name of the Member.
|
533
|
+
#
|
534
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.name` action on the `stytch.member` Resource.
|
535
|
+
# Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.name` action on the `stytch.self` Resource.
|
379
536
|
# The type of this field is nilable +String+.
|
380
537
|
# trusted_metadata::
|
381
538
|
# An arbitrary JSON object for storing application-specific data or identity-provider-specific data.
|
539
|
+
# If a session header is passed into the request, this field may **not** be passed into the request. You cannot
|
540
|
+
# update trusted metadata when acting as a Member.
|
382
541
|
# The type of this field is nilable +object+.
|
383
542
|
# untrusted_metadata::
|
384
543
|
# An arbitrary JSON object of application-specific data. These fields can be edited directly by the
|
385
544
|
# frontend SDK, and should not be used to store critical information. See the [Metadata resource](https://stytch.com/docs/b2b/api/metadata)
|
386
545
|
# for complete field behavior details.
|
546
|
+
#
|
547
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.untrusted-metadata` action on the `stytch.member` Resource.
|
548
|
+
# Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.untrusted-metadata` action on the `stytch.self` Resource.
|
387
549
|
# The type of this field is nilable +object+.
|
388
550
|
# is_breakglass::
|
389
551
|
# Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](organization-object) and its `auth_methods` and `allowed_auth_methods` fields for more details.
|
552
|
+
#
|
553
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.is-breakglass` action on the `stytch.member` Resource.
|
390
554
|
# The type of this field is nilable +Boolean+.
|
391
555
|
# mfa_phone_number::
|
392
556
|
# Sets the Member's phone number. Throws an error if the Member already has a phone number. To change the Member's phone number, use the [Delete member phone number endpoint](https://stytch.com/docs/b2b/api/delete-member-mfa-phone-number) to delete the Member's existing phone number first.
|
557
|
+
#
|
558
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.mfa-phone` action on the `stytch.member` Resource.
|
559
|
+
# Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.mfa-phone` action on the `stytch.self` Resource.
|
393
560
|
# The type of this field is nilable +String+.
|
394
561
|
# mfa_enrolled::
|
395
562
|
# Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.
|
563
|
+
#
|
564
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.mfa-enrolled` action on the `stytch.member` Resource.
|
565
|
+
# Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.mfa-enrolled` action on the `stytch.self` Resource.
|
396
566
|
# The type of this field is nilable +Boolean+.
|
567
|
+
# roles::
|
568
|
+
# Roles to explicitly assign to this Member.
|
569
|
+
# Will completely replace any existing explicitly assigned roles. See the
|
570
|
+
# [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
|
571
|
+
#
|
572
|
+
# If a Role is removed from a Member, and the Member is also implicitly assigned this Role from an SSO connection
|
573
|
+
# or an SSO group, we will by default revoke any existing sessions for the Member that contain any SSO
|
574
|
+
# authentication factors with the affected connection ID. You can preserve these sessions by passing in the
|
575
|
+
# `preserve_existing_sessions` parameter with a value of `true`.
|
576
|
+
#
|
577
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.roles` action on the `stytch.member` Resource.
|
578
|
+
# The type of this field is nilable list of +String+.
|
579
|
+
# preserve_existing_sessions::
|
580
|
+
# Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
|
581
|
+
# by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO
|
582
|
+
# authentication factors with the affected SSO connection IDs will be revoked.
|
583
|
+
# The type of this field is nilable +Boolean+.
|
584
|
+
# default_mfa_method::
|
585
|
+
# The Member's default MFA method. This value is used to determine which secondary MFA method to use in the case of multiple methods registered for a Member. The current possible values are `sms_otp` and `totp`.
|
586
|
+
# The type of this field is nilable +String+.
|
397
587
|
#
|
398
588
|
# == Returns:
|
399
589
|
# An object with the following fields:
|
@@ -412,6 +602,9 @@ module StytchB2B
|
|
412
602
|
# status_code::
|
413
603
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
414
604
|
# The type of this field is +Integer+.
|
605
|
+
#
|
606
|
+
# == Method Options:
|
607
|
+
# This method supports an optional +UpdateRequestOptions+ object which will modify the headers sent in the HTTP request.
|
415
608
|
def update(
|
416
609
|
organization_id:,
|
417
610
|
member_id:,
|
@@ -420,8 +613,14 @@ module StytchB2B
|
|
420
613
|
untrusted_metadata: nil,
|
421
614
|
is_breakglass: nil,
|
422
615
|
mfa_phone_number: nil,
|
423
|
-
mfa_enrolled: nil
|
616
|
+
mfa_enrolled: nil,
|
617
|
+
roles: nil,
|
618
|
+
preserve_existing_sessions: nil,
|
619
|
+
default_mfa_method: nil,
|
620
|
+
method_options: nil
|
424
621
|
)
|
622
|
+
headers = {}
|
623
|
+
headers = headers.merge(method_options.to_headers) unless method_options.nil?
|
425
624
|
request = {}
|
426
625
|
request[:name] = name unless name.nil?
|
427
626
|
request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
|
@@ -429,11 +628,14 @@ module StytchB2B
|
|
429
628
|
request[:is_breakglass] = is_breakglass unless is_breakglass.nil?
|
430
629
|
request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil?
|
431
630
|
request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil?
|
631
|
+
request[:roles] = roles unless roles.nil?
|
632
|
+
request[:preserve_existing_sessions] = preserve_existing_sessions unless preserve_existing_sessions.nil?
|
633
|
+
request[:default_mfa_method] = default_mfa_method unless default_mfa_method.nil?
|
432
634
|
|
433
|
-
put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", request)
|
635
|
+
put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", request, headers)
|
434
636
|
end
|
435
637
|
|
436
|
-
# Deletes a Member specified by `organization_id` and `member_id`.
|
638
|
+
# Deletes a Member specified by `organization_id` and `member_id`. /%}
|
437
639
|
#
|
438
640
|
# == Parameters:
|
439
641
|
# organization_id::
|
@@ -454,14 +656,20 @@ module StytchB2B
|
|
454
656
|
# status_code::
|
455
657
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
456
658
|
# The type of this field is +Integer+.
|
659
|
+
#
|
660
|
+
# == Method Options:
|
661
|
+
# This method supports an optional +DeleteRequestOptions+ object which will modify the headers sent in the HTTP request.
|
457
662
|
def delete(
|
458
663
|
organization_id:,
|
459
|
-
member_id
|
664
|
+
member_id:,
|
665
|
+
method_options: nil
|
460
666
|
)
|
461
|
-
|
667
|
+
headers = {}
|
668
|
+
headers = headers.merge(method_options.to_headers) unless method_options.nil?
|
669
|
+
delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", headers)
|
462
670
|
end
|
463
671
|
|
464
|
-
# Reactivates a deleted Member's status and its associated email status (if applicable) to active, specified by `organization_id` and `member_id`.
|
672
|
+
# Reactivates a deleted Member's status and its associated email status (if applicable) to active, specified by `organization_id` and `member_id`. /%}
|
465
673
|
#
|
466
674
|
# == Parameters:
|
467
675
|
# organization_id::
|
@@ -488,13 +696,19 @@ module StytchB2B
|
|
488
696
|
# status_code::
|
489
697
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
490
698
|
# The type of this field is +Integer+.
|
699
|
+
#
|
700
|
+
# == Method Options:
|
701
|
+
# This method supports an optional +ReactivateRequestOptions+ object which will modify the headers sent in the HTTP request.
|
491
702
|
def reactivate(
|
492
703
|
organization_id:,
|
493
|
-
member_id
|
704
|
+
member_id:,
|
705
|
+
method_options: nil
|
494
706
|
)
|
707
|
+
headers = {}
|
708
|
+
headers = headers.merge(method_options.to_headers) unless method_options.nil?
|
495
709
|
request = {}
|
496
710
|
|
497
|
-
put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/reactivate", request)
|
711
|
+
put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/reactivate", request, headers)
|
498
712
|
end
|
499
713
|
|
500
714
|
# Delete a Member's MFA phone number.
|
@@ -504,6 +718,7 @@ module StytchB2B
|
|
504
718
|
# Existing Member Sessions that include a phone number authentication factor will not be revoked if the phone number is deleted, and MFA will not be enforced until the Member logs in again.
|
505
719
|
# If you wish to enforce MFA immediately after a phone number is deleted, you can do so by prompting the Member to enter a new phone number
|
506
720
|
# and calling the [OTP SMS send](https://stytch.com/docs/b2b/api/otp-sms-send) endpoint, then calling the [OTP SMS Authenticate](https://stytch.com/docs/b2b/api/authenticate-otp-sms) endpoint.
|
721
|
+
# /%}
|
507
722
|
#
|
508
723
|
# == Parameters:
|
509
724
|
# organization_id::
|
@@ -530,17 +745,45 @@ module StytchB2B
|
|
530
745
|
# status_code::
|
531
746
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
532
747
|
# The type of this field is +Integer+.
|
748
|
+
#
|
749
|
+
# == Method Options:
|
750
|
+
# This method supports an optional +DeleteMFAPhoneNumberRequestOptions+ object which will modify the headers sent in the HTTP request.
|
533
751
|
def delete_mfa_phone_number(
|
534
752
|
organization_id:,
|
535
|
-
member_id
|
753
|
+
member_id:,
|
754
|
+
method_options: nil
|
755
|
+
)
|
756
|
+
headers = {}
|
757
|
+
headers = headers.merge(method_options.to_headers) unless method_options.nil?
|
758
|
+
delete_request("/v1/b2b/organizations/#{organization_id}/members/mfa_phone_numbers/#{member_id}", headers)
|
759
|
+
end
|
760
|
+
|
761
|
+
def delete_totp(
|
762
|
+
organization_id:,
|
763
|
+
member_id:,
|
764
|
+
method_options: nil
|
536
765
|
)
|
537
|
-
|
766
|
+
headers = {}
|
767
|
+
headers = headers.merge(method_options.to_headers) unless method_options.nil?
|
768
|
+
delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/totp", headers)
|
538
769
|
end
|
539
770
|
|
540
771
|
# Search for Members within specified Organizations. An array with at least one `organization_id` is required. Submitting an empty `query` returns all non-deleted Members within the specified Organizations.
|
541
772
|
#
|
542
773
|
# *All fuzzy search filters require a minimum of three characters.
|
543
774
|
#
|
775
|
+
# Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
|
776
|
+
# a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
|
777
|
+
# Member Session has permission to perform the `search` action on the `stytch.member` Resource. In addition, enforcing
|
778
|
+
# RBAC on this endpoint means that you may only search for Members within the calling Member's Organization, so the
|
779
|
+
# `organization_ids` argument may only contain the `organization_id` of the Member Session passed in the header.
|
780
|
+
#
|
781
|
+
# If the Member Session does not contain a Role that satisfies the requested permission, or if the `organization_ids`
|
782
|
+
# argument contains an `organization_id` that the Member Session does not belong to, a 403 error will be thrown.
|
783
|
+
# Otherwise, the request will proceed as normal.
|
784
|
+
#
|
785
|
+
# To learn more about our RBAC implementation, see our [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/overview).
|
786
|
+
#
|
544
787
|
# == Parameters:
|
545
788
|
# organization_ids::
|
546
789
|
# An array of organization_ids. At least one value is required.
|
@@ -572,12 +815,18 @@ module StytchB2B
|
|
572
815
|
# status_code::
|
573
816
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
574
817
|
# The type of this field is +Integer+.
|
818
|
+
#
|
819
|
+
# == Method Options:
|
820
|
+
# This method supports an optional +SearchRequestOptions+ object which will modify the headers sent in the HTTP request.
|
575
821
|
def search(
|
576
822
|
organization_ids:,
|
577
823
|
cursor: nil,
|
578
824
|
limit: nil,
|
579
|
-
query: nil
|
825
|
+
query: nil,
|
826
|
+
method_options: nil
|
580
827
|
)
|
828
|
+
headers = {}
|
829
|
+
headers = headers.merge(method_options.to_headers) unless method_options.nil?
|
581
830
|
request = {
|
582
831
|
organization_ids: organization_ids
|
583
832
|
}
|
@@ -585,10 +834,10 @@ module StytchB2B
|
|
585
834
|
request[:limit] = limit unless limit.nil?
|
586
835
|
request[:query] = query unless query.nil?
|
587
836
|
|
588
|
-
post_request('/v1/b2b/organizations/members/search', request)
|
837
|
+
post_request('/v1/b2b/organizations/members/search', request, headers)
|
589
838
|
end
|
590
839
|
|
591
|
-
# Delete a Member's password.
|
840
|
+
# Delete a Member's password. /%}
|
592
841
|
#
|
593
842
|
# == Parameters:
|
594
843
|
# organization_id::
|
@@ -615,14 +864,53 @@ module StytchB2B
|
|
615
864
|
# status_code::
|
616
865
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
617
866
|
# The type of this field is +Integer+.
|
867
|
+
#
|
868
|
+
# == Method Options:
|
869
|
+
# This method supports an optional +DeletePasswordRequestOptions+ object which will modify the headers sent in the HTTP request.
|
618
870
|
def delete_password(
|
619
871
|
organization_id:,
|
620
|
-
member_password_id
|
872
|
+
member_password_id:,
|
873
|
+
method_options: nil
|
621
874
|
)
|
622
|
-
|
875
|
+
headers = {}
|
876
|
+
headers = headers.merge(method_options.to_headers) unless method_options.nil?
|
877
|
+
delete_request("/v1/b2b/organizations/#{organization_id}/members/passwords/#{member_password_id}", headers)
|
623
878
|
end
|
624
879
|
|
625
|
-
#
|
880
|
+
# Get a Member by `member_id`. This endpoint does not require an `organization_id`, enabling you to get members across organizations. This is a dangerous operation. Incorrect use may open you up to indirect object reference (IDOR) attacks. We recommend using the [Get Member](https://stytch.com/docs/b2b/api/get-member) API instead.
|
881
|
+
#
|
882
|
+
# == Parameters:
|
883
|
+
# member_id::
|
884
|
+
# Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
|
885
|
+
# The type of this field is +String+.
|
886
|
+
#
|
887
|
+
# == Returns:
|
888
|
+
# An object with the following fields:
|
889
|
+
# request_id::
|
890
|
+
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
891
|
+
# The type of this field is +String+.
|
892
|
+
# member_id::
|
893
|
+
# Globally unique UUID that identifies a specific Member.
|
894
|
+
# The type of this field is +String+.
|
895
|
+
# member::
|
896
|
+
# The [Member object](https://stytch.com/docs/b2b/api/member-object)
|
897
|
+
# The type of this field is +Member+ (+object+).
|
898
|
+
# organization::
|
899
|
+
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
900
|
+
# The type of this field is +Organization+ (+object+).
|
901
|
+
# status_code::
|
902
|
+
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
903
|
+
# The type of this field is +Integer+.
|
904
|
+
def dangerously_get(
|
905
|
+
member_id:
|
906
|
+
)
|
907
|
+
headers = {}
|
908
|
+
query_params = {}
|
909
|
+
request = request_with_query_params("/v1/b2b/organizations/members/dangerously_get/#{member_id}", query_params)
|
910
|
+
get_request(request, headers)
|
911
|
+
end
|
912
|
+
|
913
|
+
# Creates a Member. An `organization_id` and `email_address` are required. /%}
|
626
914
|
#
|
627
915
|
# == Parameters:
|
628
916
|
# organization_id::
|
@@ -654,6 +942,10 @@ module StytchB2B
|
|
654
942
|
# mfa_enrolled::
|
655
943
|
# Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.
|
656
944
|
# The type of this field is nilable +Boolean+.
|
945
|
+
# roles::
|
946
|
+
# Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
|
947
|
+
# for more information about role assignment.
|
948
|
+
# The type of this field is nilable list of +String+.
|
657
949
|
#
|
658
950
|
# == Returns:
|
659
951
|
# An object with the following fields:
|
@@ -672,6 +964,9 @@ module StytchB2B
|
|
672
964
|
# status_code::
|
673
965
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
674
966
|
# The type of this field is +Integer+.
|
967
|
+
#
|
968
|
+
# == Method Options:
|
969
|
+
# This method supports an optional +CreateRequestOptions+ object which will modify the headers sent in the HTTP request.
|
675
970
|
def create(
|
676
971
|
organization_id:,
|
677
972
|
email_address:,
|
@@ -681,8 +976,12 @@ module StytchB2B
|
|
681
976
|
create_member_as_pending: nil,
|
682
977
|
is_breakglass: nil,
|
683
978
|
mfa_phone_number: nil,
|
684
|
-
mfa_enrolled: nil
|
979
|
+
mfa_enrolled: nil,
|
980
|
+
roles: nil,
|
981
|
+
method_options: nil
|
685
982
|
)
|
983
|
+
headers = {}
|
984
|
+
headers = headers.merge(method_options.to_headers) unless method_options.nil?
|
686
985
|
request = {
|
687
986
|
email_address: email_address
|
688
987
|
}
|
@@ -693,8 +992,9 @@ module StytchB2B
|
|
693
992
|
request[:is_breakglass] = is_breakglass unless is_breakglass.nil?
|
694
993
|
request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil?
|
695
994
|
request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil?
|
995
|
+
request[:roles] = roles unless roles.nil?
|
696
996
|
|
697
|
-
post_request("/v1/b2b/organizations/#{organization_id}/members", request)
|
997
|
+
post_request("/v1/b2b/organizations/#{organization_id}/members", request, headers)
|
698
998
|
end
|
699
999
|
|
700
1000
|
# Get a Member by `member_id` or `email_address`.
|
@@ -732,12 +1032,13 @@ module StytchB2B
|
|
732
1032
|
member_id: nil,
|
733
1033
|
email_address: nil
|
734
1034
|
)
|
1035
|
+
headers = {}
|
735
1036
|
query_params = {
|
736
1037
|
member_id: member_id,
|
737
1038
|
email_address: email_address
|
738
1039
|
}
|
739
1040
|
request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/member", query_params)
|
740
|
-
get_request(request)
|
1041
|
+
get_request(request, headers)
|
741
1042
|
end
|
742
1043
|
end
|
743
1044
|
end
|