stytch 6.4.0 → 7.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +13 -0
- data/.gitignore +2 -0
- data/.rubocop.yml +21 -0
- data/DEVELOPMENT.md +5 -2
- data/README.md +1 -1
- data/lib/stytch/b2b_client.rb +13 -3
- data/lib/stytch/b2b_discovery.rb +41 -11
- data/lib/stytch/b2b_magic_links.rb +23 -7
- data/lib/stytch/b2b_oauth.rb +12 -2
- data/lib/stytch/b2b_organizations.rb +348 -47
- data/lib/stytch/b2b_otp.rb +35 -4
- data/lib/stytch/b2b_passwords.rb +92 -19
- data/lib/stytch/b2b_rbac.rb +47 -0
- data/lib/stytch/b2b_recovery_codes.rb +199 -0
- data/lib/stytch/b2b_sessions.rb +187 -7
- data/lib/stytch/b2b_sso.rb +172 -19
- data/lib/stytch/b2b_totps.rb +261 -0
- data/lib/stytch/client.rb +2 -2
- data/lib/stytch/crypto_wallets.rb +4 -2
- data/lib/stytch/errors.rb +14 -0
- data/lib/stytch/m2m.rb +16 -9
- data/lib/stytch/magic_links.rb +20 -12
- data/lib/stytch/method_options.rb +22 -0
- data/lib/stytch/oauth.rb +10 -4
- data/lib/stytch/otps.rb +26 -16
- data/lib/stytch/passwords.rb +62 -14
- data/lib/stytch/rbac_local.rb +58 -0
- data/lib/stytch/request_helper.rb +12 -8
- data/lib/stytch/sessions.rb +51 -28
- data/lib/stytch/totps.rb +9 -5
- data/lib/stytch/users.rb +30 -16
- data/lib/stytch/version.rb +1 -1
- data/lib/stytch/webauthn.rb +126 -24
- data/stytch.gemspec +2 -0
- metadata +36 -2
data/lib/stytch/b2b_otp.rb
CHANGED
@@ -37,9 +37,15 @@ module StytchB2B
|
|
37
37
|
#
|
38
38
|
# If a Member has a phone number and is enrolled in MFA, then after a successful primary authentication event (e.g. [email magic link](https://stytch.com/docs/b2b/api/authenticate-magic-link) or [SSO](https://stytch.com/docs/b2b/api/sso-authenticate) login is complete), an SMS OTP will automatically be sent to their phone number. In that case, this endpoint should only be used for subsequent authentication events, such as prompting a Member for an OTP again after a period of inactivity.
|
39
39
|
#
|
40
|
+
# Passing an intermediate session token, session token, or session JWT is not required, but if passed must match the Member ID passed.
|
41
|
+
#
|
40
42
|
# ### Cost to send SMS OTP
|
41
43
|
# Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview).
|
42
44
|
#
|
45
|
+
# Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries).
|
46
|
+
#
|
47
|
+
# __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
|
48
|
+
#
|
43
49
|
# == Parameters:
|
44
50
|
# organization_id::
|
45
51
|
# Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
|
@@ -58,6 +64,18 @@ module StytchB2B
|
|
58
64
|
# Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
|
59
65
|
#
|
60
66
|
# The type of this field is nilable +SendRequestLocale+ (string enum).
|
67
|
+
# intermediate_session_token::
|
68
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
69
|
+
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
|
70
|
+
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
71
|
+
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
72
|
+
# The type of this field is nilable +String+.
|
73
|
+
# session_token::
|
74
|
+
# A secret token for a given Stytch Session.
|
75
|
+
# The type of this field is nilable +String+.
|
76
|
+
# session_jwt::
|
77
|
+
# The JSON Web Token (JWT) for a given Stytch Session.
|
78
|
+
# The type of this field is nilable +String+.
|
61
79
|
#
|
62
80
|
# == Returns:
|
63
81
|
# An object with the following fields:
|
@@ -80,16 +98,23 @@ module StytchB2B
|
|
80
98
|
organization_id:,
|
81
99
|
member_id:,
|
82
100
|
mfa_phone_number: nil,
|
83
|
-
locale: nil
|
101
|
+
locale: nil,
|
102
|
+
intermediate_session_token: nil,
|
103
|
+
session_token: nil,
|
104
|
+
session_jwt: nil
|
84
105
|
)
|
106
|
+
headers = {}
|
85
107
|
request = {
|
86
108
|
organization_id: organization_id,
|
87
109
|
member_id: member_id
|
88
110
|
}
|
89
111
|
request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil?
|
90
112
|
request[:locale] = locale unless locale.nil?
|
113
|
+
request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
|
114
|
+
request[:session_token] = session_token unless session_token.nil?
|
115
|
+
request[:session_jwt] = session_jwt unless session_jwt.nil?
|
91
116
|
|
92
|
-
post_request('/v1/b2b/otps/sms/send', request)
|
117
|
+
post_request('/v1/b2b/otps/sms/send', request, headers)
|
93
118
|
end
|
94
119
|
|
95
120
|
# SMS OTPs may not be used as a primary authentication mechanism. They can be used to complete an MFA requirement, or they can be used as a step-up factor to be added to an existing session.
|
@@ -157,6 +182,9 @@ module StytchB2B
|
|
157
182
|
# `unenroll` – sets the Member's `mfa_enrolled` boolean to `false`. The Member will no longer be required to complete MFA steps when logging in to the Organization.
|
158
183
|
#
|
159
184
|
# The type of this field is nilable +String+.
|
185
|
+
# set_default_mfa::
|
186
|
+
# (no documentation yet)
|
187
|
+
# The type of this field is nilable +Boolean+.
|
160
188
|
#
|
161
189
|
# == Returns:
|
162
190
|
# An object with the following fields:
|
@@ -193,8 +221,10 @@ module StytchB2B
|
|
193
221
|
session_jwt: nil,
|
194
222
|
session_duration_minutes: nil,
|
195
223
|
session_custom_claims: nil,
|
196
|
-
set_mfa_enrollment: nil
|
224
|
+
set_mfa_enrollment: nil,
|
225
|
+
set_default_mfa: nil
|
197
226
|
)
|
227
|
+
headers = {}
|
198
228
|
request = {
|
199
229
|
organization_id: organization_id,
|
200
230
|
member_id: member_id,
|
@@ -206,8 +236,9 @@ module StytchB2B
|
|
206
236
|
request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
|
207
237
|
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
208
238
|
request[:set_mfa_enrollment] = set_mfa_enrollment unless set_mfa_enrollment.nil?
|
239
|
+
request[:set_default_mfa] = set_default_mfa unless set_default_mfa.nil?
|
209
240
|
|
210
|
-
post_request('/v1/b2b/otps/sms/authenticate', request)
|
241
|
+
post_request('/v1/b2b/otps/sms/authenticate', request, headers)
|
211
242
|
end
|
212
243
|
end
|
213
244
|
end
|
data/lib/stytch/b2b_passwords.rb
CHANGED
@@ -78,12 +78,13 @@ module StytchB2B
|
|
78
78
|
password:,
|
79
79
|
email_address: nil
|
80
80
|
)
|
81
|
+
headers = {}
|
81
82
|
request = {
|
82
83
|
password: password
|
83
84
|
}
|
84
85
|
request[:email_address] = email_address unless email_address.nil?
|
85
86
|
|
86
|
-
post_request('/v1/b2b/passwords/strength_check', request)
|
87
|
+
post_request('/v1/b2b/passwords/strength_check', request, headers)
|
87
88
|
end
|
88
89
|
|
89
90
|
# Adds an existing password to a member's email that doesn't have a password yet. We support migrating members from passwords stored with bcrypt, scrypt, argon2, MD-5, SHA-1, and PBKDF2. This endpoint has a rate limit of 100 requests per second.
|
@@ -127,6 +128,21 @@ module StytchB2B
|
|
127
128
|
# frontend SDK, and should not be used to store critical information. See the [Metadata resource](https://stytch.com/docs/b2b/api/metadata)
|
128
129
|
# for complete field behavior details.
|
129
130
|
# The type of this field is nilable +object+.
|
131
|
+
# roles::
|
132
|
+
# Roles to explicitly assign to this Member.
|
133
|
+
# Will completely replace any existing explicitly assigned roles. See the
|
134
|
+
# [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
|
135
|
+
#
|
136
|
+
# If a Role is removed from a Member, and the Member is also implicitly assigned this Role from an SSO connection
|
137
|
+
# or an SSO group, we will by default revoke any existing sessions for the Member that contain any SSO
|
138
|
+
# authentication factors with the affected connection ID. You can preserve these sessions by passing in the
|
139
|
+
# `preserve_existing_sessions` parameter with a value of `true`.
|
140
|
+
# The type of this field is nilable list of +String+.
|
141
|
+
# preserve_existing_sessions::
|
142
|
+
# Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
|
143
|
+
# by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO
|
144
|
+
# authentication factors with the affected SSO connection IDs will be revoked.
|
145
|
+
# The type of this field is nilable +Boolean+.
|
130
146
|
#
|
131
147
|
# == Returns:
|
132
148
|
# An object with the following fields:
|
@@ -160,8 +176,11 @@ module StytchB2B
|
|
160
176
|
pbkdf_2_config: nil,
|
161
177
|
name: nil,
|
162
178
|
trusted_metadata: nil,
|
163
|
-
untrusted_metadata: nil
|
179
|
+
untrusted_metadata: nil,
|
180
|
+
roles: nil,
|
181
|
+
preserve_existing_sessions: nil
|
164
182
|
)
|
183
|
+
headers = {}
|
165
184
|
request = {
|
166
185
|
email_address: email_address,
|
167
186
|
hash: hash,
|
@@ -176,16 +195,15 @@ module StytchB2B
|
|
176
195
|
request[:name] = name unless name.nil?
|
177
196
|
request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
|
178
197
|
request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil?
|
198
|
+
request[:roles] = roles unless roles.nil?
|
199
|
+
request[:preserve_existing_sessions] = preserve_existing_sessions unless preserve_existing_sessions.nil?
|
179
200
|
|
180
|
-
post_request('/v1/b2b/passwords/migrate', request)
|
201
|
+
post_request('/v1/b2b/passwords/migrate', request, headers)
|
181
202
|
end
|
182
203
|
|
183
|
-
# Authenticate a member with their email address and password. This endpoint verifies that the member has a password currently set, and that the entered password is correct.
|
184
|
-
#
|
185
|
-
#
|
186
|
-
# * A member that has previously authenticated with email/password uses a passwordless authentication method tied to the same email address (e.g. Magic Links) for the first time. Any subsequent email/password authentication attempt will result in this error.
|
187
|
-
# * We force a password reset in this instance in order to safely deduplicate the account by email address, without introducing the risk of a pre-hijack account takeover attack.
|
188
|
-
# * Imagine a bad actor creates many accounts using passwords and the known email addresses of their victims. If a victim comes to the site and logs in for the first time with an email-based passwordless authentication method then both the victim and the bad actor have credentials to access to the same account. To prevent this, any further email/password login attempts first require a password reset which can only be accomplished by someone with access to the underlying email address.
|
204
|
+
# Authenticate a member with their email address and password. This endpoint verifies that the member has a password currently set, and that the entered password is correct.
|
205
|
+
#
|
206
|
+
# If you have breach detection during authentication enabled in your [password strength policy](https://stytch.com/docs/b2b/guides/passwords/strength-policies) and the member's credentials have appeared in the HaveIBeenPwned dataset, this endpoint will return a `member_reset_password` error even if the member enters a correct password. We force a password reset in this case to ensure that the member is the legitimate owner of the email address and not a malicious actor abusing the compromised credentials.
|
189
207
|
#
|
190
208
|
# If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
|
191
209
|
# The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
|
@@ -288,6 +306,7 @@ module StytchB2B
|
|
288
306
|
session_custom_claims: nil,
|
289
307
|
locale: nil
|
290
308
|
)
|
309
|
+
headers = {}
|
291
310
|
request = {
|
292
311
|
organization_id: organization_id,
|
293
312
|
email_address: email_address,
|
@@ -299,7 +318,7 @@ module StytchB2B
|
|
299
318
|
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
300
319
|
request[:locale] = locale unless locale.nil?
|
301
320
|
|
302
|
-
post_request('/v1/b2b/passwords/authenticate', request)
|
321
|
+
post_request('/v1/b2b/passwords/authenticate', request, headers)
|
303
322
|
end
|
304
323
|
|
305
324
|
class Email
|
@@ -364,6 +383,9 @@ module StytchB2B
|
|
364
383
|
# member_email_id::
|
365
384
|
# Globally unique UUID that identifies a member's email
|
366
385
|
# The type of this field is +String+.
|
386
|
+
# member::
|
387
|
+
# The [Member object](https://stytch.com/docs/b2b/api/member-object)
|
388
|
+
# The type of this field is +Member+ (+object+).
|
367
389
|
# status_code::
|
368
390
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
369
391
|
# The type of this field is +Integer+.
|
@@ -377,21 +399,19 @@ module StytchB2B
|
|
377
399
|
locale: nil,
|
378
400
|
reset_password_template_id: nil
|
379
401
|
)
|
402
|
+
headers = {}
|
380
403
|
request = {
|
381
404
|
organization_id: organization_id,
|
382
405
|
email_address: email_address
|
383
406
|
}
|
384
407
|
request[:reset_password_redirect_url] = reset_password_redirect_url unless reset_password_redirect_url.nil?
|
385
|
-
unless reset_password_expiration_minutes.nil?
|
386
|
-
request[:reset_password_expiration_minutes] =
|
387
|
-
reset_password_expiration_minutes
|
388
|
-
end
|
408
|
+
request[:reset_password_expiration_minutes] = reset_password_expiration_minutes unless reset_password_expiration_minutes.nil?
|
389
409
|
request[:code_challenge] = code_challenge unless code_challenge.nil?
|
390
410
|
request[:login_redirect_url] = login_redirect_url unless login_redirect_url.nil?
|
391
411
|
request[:locale] = locale unless locale.nil?
|
392
412
|
request[:reset_password_template_id] = reset_password_template_id unless reset_password_template_id.nil?
|
393
413
|
|
394
|
-
post_request('/v1/b2b/passwords/email/reset/start', request)
|
414
|
+
post_request('/v1/b2b/passwords/email/reset/start', request, headers)
|
395
415
|
end
|
396
416
|
|
397
417
|
# Reset the member's password and authenticate them. This endpoint checks that the password reset token is valid, hasn’t expired, or already been used.
|
@@ -506,6 +526,7 @@ module StytchB2B
|
|
506
526
|
session_custom_claims: nil,
|
507
527
|
locale: nil
|
508
528
|
)
|
529
|
+
headers = {}
|
509
530
|
request = {
|
510
531
|
password_reset_token: password_reset_token,
|
511
532
|
password: password
|
@@ -517,7 +538,7 @@ module StytchB2B
|
|
517
538
|
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
518
539
|
request[:locale] = locale unless locale.nil?
|
519
540
|
|
520
|
-
post_request('/v1/b2b/passwords/email/reset', request)
|
541
|
+
post_request('/v1/b2b/passwords/email/reset', request, headers)
|
521
542
|
end
|
522
543
|
end
|
523
544
|
|
@@ -543,6 +564,32 @@ module StytchB2B
|
|
543
564
|
# session_jwt::
|
544
565
|
# The JSON Web Token (JWT) for a given Stytch Session.
|
545
566
|
# The type of this field is nilable +String+.
|
567
|
+
# session_duration_minutes::
|
568
|
+
# Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
|
569
|
+
# returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
|
570
|
+
# five minutes regardless of the underlying session duration, and will need to be refreshed over time.
|
571
|
+
#
|
572
|
+
# This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
|
573
|
+
#
|
574
|
+
# If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
|
575
|
+
#
|
576
|
+
# If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
|
577
|
+
# to use the Stytch session product, you can ignore the session fields in the response.
|
578
|
+
# The type of this field is nilable +Integer+.
|
579
|
+
# session_custom_claims::
|
580
|
+
# Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
|
581
|
+
# `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
|
582
|
+
# delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
|
583
|
+
# Total custom claims size cannot exceed four kilobytes.
|
584
|
+
# The type of this field is nilable +object+.
|
585
|
+
# locale::
|
586
|
+
# Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
|
587
|
+
#
|
588
|
+
# Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
|
589
|
+
#
|
590
|
+
# Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
|
591
|
+
#
|
592
|
+
# The type of this field is nilable +ResetRequestLocale+ (string enum).
|
546
593
|
#
|
547
594
|
# == Returns:
|
548
595
|
# An object with the following fields:
|
@@ -558,26 +605,51 @@ module StytchB2B
|
|
558
605
|
# organization::
|
559
606
|
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
560
607
|
# The type of this field is +Organization+ (+object+).
|
608
|
+
# session_token::
|
609
|
+
# A secret token for a given Stytch Session.
|
610
|
+
# The type of this field is +String+.
|
611
|
+
# session_jwt::
|
612
|
+
# The JSON Web Token (JWT) for a given Stytch Session.
|
613
|
+
# The type of this field is +String+.
|
614
|
+
# intermediate_session_token::
|
615
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
616
|
+
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
|
617
|
+
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
618
|
+
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
619
|
+
# The type of this field is +String+.
|
620
|
+
# member_authenticated::
|
621
|
+
# Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
|
622
|
+
# The type of this field is +Boolean+.
|
561
623
|
# status_code::
|
562
624
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
563
625
|
# The type of this field is +Integer+.
|
564
626
|
# member_session::
|
565
627
|
# The [Session object](https://stytch.com/docs/b2b/api/session-object).
|
566
628
|
# The type of this field is nilable +MemberSession+ (+object+).
|
629
|
+
# mfa_required::
|
630
|
+
# Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
|
631
|
+
# The type of this field is nilable +MfaRequired+ (+object+).
|
567
632
|
def reset(
|
568
633
|
organization_id:,
|
569
634
|
password:,
|
570
635
|
session_token: nil,
|
571
|
-
session_jwt: nil
|
636
|
+
session_jwt: nil,
|
637
|
+
session_duration_minutes: nil,
|
638
|
+
session_custom_claims: nil,
|
639
|
+
locale: nil
|
572
640
|
)
|
641
|
+
headers = {}
|
573
642
|
request = {
|
574
643
|
organization_id: organization_id,
|
575
644
|
password: password
|
576
645
|
}
|
577
646
|
request[:session_token] = session_token unless session_token.nil?
|
578
647
|
request[:session_jwt] = session_jwt unless session_jwt.nil?
|
648
|
+
request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
|
649
|
+
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
650
|
+
request[:locale] = locale unless locale.nil?
|
579
651
|
|
580
|
-
post_request('/v1/b2b/passwords/session/reset', request)
|
652
|
+
post_request('/v1/b2b/passwords/session/reset', request, headers)
|
581
653
|
end
|
582
654
|
end
|
583
655
|
|
@@ -698,6 +770,7 @@ module StytchB2B
|
|
698
770
|
session_custom_claims: nil,
|
699
771
|
locale: nil
|
700
772
|
)
|
773
|
+
headers = {}
|
701
774
|
request = {
|
702
775
|
email_address: email_address,
|
703
776
|
existing_password: existing_password,
|
@@ -710,7 +783,7 @@ module StytchB2B
|
|
710
783
|
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
711
784
|
request[:locale] = locale unless locale.nil?
|
712
785
|
|
713
|
-
post_request('/v1/b2b/passwords/existing_password/reset', request)
|
786
|
+
post_request('/v1/b2b/passwords/existing_password/reset', request, headers)
|
714
787
|
end
|
715
788
|
end
|
716
789
|
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# !!!
|
4
|
+
# WARNING: This file is autogenerated
|
5
|
+
# Only modify code within MANUAL() sections
|
6
|
+
# or your changes may be overwritten later!
|
7
|
+
# !!!
|
8
|
+
|
9
|
+
require_relative 'request_helper'
|
10
|
+
|
11
|
+
module StytchB2B
|
12
|
+
class RBAC
|
13
|
+
include Stytch::RequestHelper
|
14
|
+
|
15
|
+
def initialize(connection)
|
16
|
+
@connection = connection
|
17
|
+
end
|
18
|
+
|
19
|
+
# Get the active RBAC Policy for your current Stytch Project. An RBAC Policy is the canonical document that stores all defined Resources and Roles within your RBAC permissioning model.
|
20
|
+
#
|
21
|
+
# When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating the need for an extra request to Stytch. The policy will be refreshed if an authorization check is requested and the RBAC policy was last updated more than 5 minutes ago.
|
22
|
+
#
|
23
|
+
# Resources and Roles can be created and managed within the [Dashboard](/dashboard/rbac). Additionally, [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically managed through certain Stytch API endpoints.
|
24
|
+
#
|
25
|
+
# Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model.
|
26
|
+
#
|
27
|
+
# == Parameters:
|
28
|
+
#
|
29
|
+
# == Returns:
|
30
|
+
# An object with the following fields:
|
31
|
+
# request_id::
|
32
|
+
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
33
|
+
# The type of this field is +String+.
|
34
|
+
# status_code::
|
35
|
+
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
36
|
+
# The type of this field is +Integer+.
|
37
|
+
# policy::
|
38
|
+
# The RBAC Policy document that contains all defined Roles and Resources – which are managed in the [Dashboard](/dashboard/rbac). Read more about these entities and how they work in our [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview).
|
39
|
+
# The type of this field is nilable +Policy+ (+object+).
|
40
|
+
def policy
|
41
|
+
headers = {}
|
42
|
+
query_params = {}
|
43
|
+
request = request_with_query_params('/v1/b2b/rbac/policy', query_params)
|
44
|
+
get_request(request, headers)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,199 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# !!!
|
4
|
+
# WARNING: This file is autogenerated
|
5
|
+
# Only modify code within MANUAL() sections
|
6
|
+
# or your changes may be overwritten later!
|
7
|
+
# !!!
|
8
|
+
|
9
|
+
require_relative 'request_helper'
|
10
|
+
|
11
|
+
module StytchB2B
|
12
|
+
class RecoveryCodes
|
13
|
+
include Stytch::RequestHelper
|
14
|
+
|
15
|
+
def initialize(connection)
|
16
|
+
@connection = connection
|
17
|
+
end
|
18
|
+
|
19
|
+
# Allows a Member to complete an MFA flow by consuming a recovery code. This consumes the recovery code and returns a session token that can be used to authenticate the Member.
|
20
|
+
#
|
21
|
+
# == Parameters:
|
22
|
+
# organization_id::
|
23
|
+
# Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
|
24
|
+
# The type of this field is +String+.
|
25
|
+
# member_id::
|
26
|
+
# Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
|
27
|
+
# The type of this field is +String+.
|
28
|
+
# recovery_code::
|
29
|
+
# The recovery code generated by a secondary MFA method. This code is used to authenticate in place of the secondary MFA method if that method as a backup.
|
30
|
+
# The type of this field is +String+.
|
31
|
+
# intermediate_session_token::
|
32
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
33
|
+
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
|
34
|
+
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
35
|
+
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
36
|
+
# The type of this field is nilable +String+.
|
37
|
+
# session_token::
|
38
|
+
# A secret token for a given Stytch Session.
|
39
|
+
# The type of this field is nilable +String+.
|
40
|
+
# session_jwt::
|
41
|
+
# The JSON Web Token (JWT) for a given Stytch Session.
|
42
|
+
# The type of this field is nilable +String+.
|
43
|
+
# session_duration_minutes::
|
44
|
+
# Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
|
45
|
+
# returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
|
46
|
+
# five minutes regardless of the underlying session duration, and will need to be refreshed over time.
|
47
|
+
#
|
48
|
+
# This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
|
49
|
+
#
|
50
|
+
# If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
|
51
|
+
#
|
52
|
+
# If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
|
53
|
+
# to use the Stytch session product, you can ignore the session fields in the response.
|
54
|
+
# The type of this field is nilable +Integer+.
|
55
|
+
# session_custom_claims::
|
56
|
+
# Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
|
57
|
+
# `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
|
58
|
+
# delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
|
59
|
+
# Total custom claims size cannot exceed four kilobytes.
|
60
|
+
# The type of this field is nilable +object+.
|
61
|
+
#
|
62
|
+
# == Returns:
|
63
|
+
# An object with the following fields:
|
64
|
+
# request_id::
|
65
|
+
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
66
|
+
# The type of this field is +String+.
|
67
|
+
# member_id::
|
68
|
+
# Globally unique UUID that identifies a specific Member.
|
69
|
+
# The type of this field is +String+.
|
70
|
+
# member::
|
71
|
+
# The [Member object](https://stytch.com/docs/b2b/api/member-object)
|
72
|
+
# The type of this field is +Member+ (+object+).
|
73
|
+
# organization::
|
74
|
+
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
75
|
+
# The type of this field is +Organization+ (+object+).
|
76
|
+
# session_token::
|
77
|
+
# A secret token for a given Stytch Session.
|
78
|
+
# The type of this field is +String+.
|
79
|
+
# session_jwt::
|
80
|
+
# The JSON Web Token (JWT) for a given Stytch Session.
|
81
|
+
# The type of this field is +String+.
|
82
|
+
# recovery_codes_remaining::
|
83
|
+
# The number of recovery codes remaining for a Member.
|
84
|
+
# The type of this field is +Integer+.
|
85
|
+
# status_code::
|
86
|
+
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
87
|
+
# The type of this field is +Integer+.
|
88
|
+
# member_session::
|
89
|
+
# The [Session object](https://stytch.com/docs/b2b/api/session-object).
|
90
|
+
# The type of this field is nilable +MemberSession+ (+object+).
|
91
|
+
def recover(
|
92
|
+
organization_id:,
|
93
|
+
member_id:,
|
94
|
+
recovery_code:,
|
95
|
+
intermediate_session_token: nil,
|
96
|
+
session_token: nil,
|
97
|
+
session_jwt: nil,
|
98
|
+
session_duration_minutes: nil,
|
99
|
+
session_custom_claims: nil
|
100
|
+
)
|
101
|
+
headers = {}
|
102
|
+
request = {
|
103
|
+
organization_id: organization_id,
|
104
|
+
member_id: member_id,
|
105
|
+
recovery_code: recovery_code
|
106
|
+
}
|
107
|
+
request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
|
108
|
+
request[:session_token] = session_token unless session_token.nil?
|
109
|
+
request[:session_jwt] = session_jwt unless session_jwt.nil?
|
110
|
+
request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
|
111
|
+
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
112
|
+
|
113
|
+
post_request('/v1/b2b/recovery_codes/recover', request, headers)
|
114
|
+
end
|
115
|
+
|
116
|
+
# Returns a Member's full set of active recovery codes.
|
117
|
+
#
|
118
|
+
# == Parameters:
|
119
|
+
# organization_id::
|
120
|
+
# Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
|
121
|
+
# The type of this field is +String+.
|
122
|
+
# member_id::
|
123
|
+
# Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
|
124
|
+
# The type of this field is +String+.
|
125
|
+
#
|
126
|
+
# == Returns:
|
127
|
+
# An object with the following fields:
|
128
|
+
# request_id::
|
129
|
+
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
130
|
+
# The type of this field is +String+.
|
131
|
+
# member_id::
|
132
|
+
# Globally unique UUID that identifies a specific Member.
|
133
|
+
# The type of this field is +String+.
|
134
|
+
# member::
|
135
|
+
# The [Member object](https://stytch.com/docs/b2b/api/member-object)
|
136
|
+
# The type of this field is +Member+ (+object+).
|
137
|
+
# organization::
|
138
|
+
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
139
|
+
# The type of this field is +Organization+ (+object+).
|
140
|
+
# recovery_codes::
|
141
|
+
# An array of recovery codes that can be used to recover a Member's account.
|
142
|
+
# The type of this field is list of +String+.
|
143
|
+
# status_code::
|
144
|
+
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
145
|
+
# The type of this field is +Integer+.
|
146
|
+
def get(
|
147
|
+
organization_id:,
|
148
|
+
member_id:
|
149
|
+
)
|
150
|
+
headers = {}
|
151
|
+
query_params = {}
|
152
|
+
request = request_with_query_params("/v1/b2b/recovery_codes/#{organization_id}/#{member_id}", query_params)
|
153
|
+
get_request(request, headers)
|
154
|
+
end
|
155
|
+
|
156
|
+
# Rotate a Member's recovery codes. This invalidates all existing recovery codes and generates a new set of recovery codes.
|
157
|
+
#
|
158
|
+
# == Parameters:
|
159
|
+
# organization_id::
|
160
|
+
# Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
|
161
|
+
# The type of this field is +String+.
|
162
|
+
# member_id::
|
163
|
+
# Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
|
164
|
+
# The type of this field is +String+.
|
165
|
+
#
|
166
|
+
# == Returns:
|
167
|
+
# An object with the following fields:
|
168
|
+
# request_id::
|
169
|
+
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
170
|
+
# The type of this field is +String+.
|
171
|
+
# member_id::
|
172
|
+
# Globally unique UUID that identifies a specific Member.
|
173
|
+
# The type of this field is +String+.
|
174
|
+
# member::
|
175
|
+
# The [Member object](https://stytch.com/docs/b2b/api/member-object)
|
176
|
+
# The type of this field is +Member+ (+object+).
|
177
|
+
# organization::
|
178
|
+
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
179
|
+
# The type of this field is +Organization+ (+object+).
|
180
|
+
# recovery_codes::
|
181
|
+
# An array of recovery codes that can be used to recover a Member's account.
|
182
|
+
# The type of this field is list of +String+.
|
183
|
+
# status_code::
|
184
|
+
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
185
|
+
# The type of this field is +Integer+.
|
186
|
+
def rotate(
|
187
|
+
organization_id:,
|
188
|
+
member_id:
|
189
|
+
)
|
190
|
+
headers = {}
|
191
|
+
request = {
|
192
|
+
organization_id: organization_id,
|
193
|
+
member_id: member_id
|
194
|
+
}
|
195
|
+
|
196
|
+
post_request('/v1/b2b/recovery_codes/rotate', request, headers)
|
197
|
+
end
|
198
|
+
end
|
199
|
+
end
|