stytch 6.4.0 → 7.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +13 -0
- data/.gitignore +2 -0
- data/.rubocop.yml +21 -0
- data/DEVELOPMENT.md +5 -2
- data/README.md +1 -1
- data/lib/stytch/b2b_client.rb +13 -3
- data/lib/stytch/b2b_discovery.rb +41 -11
- data/lib/stytch/b2b_magic_links.rb +23 -7
- data/lib/stytch/b2b_oauth.rb +12 -2
- data/lib/stytch/b2b_organizations.rb +348 -47
- data/lib/stytch/b2b_otp.rb +35 -4
- data/lib/stytch/b2b_passwords.rb +92 -19
- data/lib/stytch/b2b_rbac.rb +47 -0
- data/lib/stytch/b2b_recovery_codes.rb +199 -0
- data/lib/stytch/b2b_sessions.rb +187 -7
- data/lib/stytch/b2b_sso.rb +172 -19
- data/lib/stytch/b2b_totps.rb +261 -0
- data/lib/stytch/client.rb +2 -2
- data/lib/stytch/crypto_wallets.rb +4 -2
- data/lib/stytch/errors.rb +14 -0
- data/lib/stytch/m2m.rb +16 -9
- data/lib/stytch/magic_links.rb +20 -12
- data/lib/stytch/method_options.rb +22 -0
- data/lib/stytch/oauth.rb +10 -4
- data/lib/stytch/otps.rb +26 -16
- data/lib/stytch/passwords.rb +62 -14
- data/lib/stytch/rbac_local.rb +58 -0
- data/lib/stytch/request_helper.rb +12 -8
- data/lib/stytch/sessions.rb +51 -28
- data/lib/stytch/totps.rb +9 -5
- data/lib/stytch/users.rb +30 -16
- data/lib/stytch/version.rb +1 -1
- data/lib/stytch/webauthn.rb +126 -24
- data/stytch.gemspec +2 -0
- metadata +36 -2
data/lib/stytch/totps.rb
CHANGED
@@ -23,7 +23,7 @@ module Stytch
|
|
23
23
|
# The `user_id` of an active user the TOTP registration should be tied to.
|
24
24
|
# The type of this field is +String+.
|
25
25
|
# expiration_minutes::
|
26
|
-
# The expiration for the TOTP instance. If the newly created TOTP is not authenticated within this time frame the TOTP will be unusable. Defaults to
|
26
|
+
# The expiration for the TOTP instance. If the newly created TOTP is not authenticated within this time frame the TOTP will be unusable. Defaults to 1440 (1 day) with a minimum of 5 and a maximum of 1440.
|
27
27
|
# The type of this field is nilable +Integer+.
|
28
28
|
#
|
29
29
|
# == Returns:
|
@@ -56,12 +56,13 @@ module Stytch
|
|
56
56
|
user_id:,
|
57
57
|
expiration_minutes: nil
|
58
58
|
)
|
59
|
+
headers = {}
|
59
60
|
request = {
|
60
61
|
user_id: user_id
|
61
62
|
}
|
62
63
|
request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil?
|
63
64
|
|
64
|
-
post_request('/v1/totps', request)
|
65
|
+
post_request('/v1/totps', request, headers)
|
65
66
|
end
|
66
67
|
|
67
68
|
# Authenticate a TOTP code entered by a user.
|
@@ -133,6 +134,7 @@ module Stytch
|
|
133
134
|
session_jwt: nil,
|
134
135
|
session_custom_claims: nil
|
135
136
|
)
|
137
|
+
headers = {}
|
136
138
|
request = {
|
137
139
|
user_id: user_id,
|
138
140
|
totp_code: totp_code
|
@@ -142,7 +144,7 @@ module Stytch
|
|
142
144
|
request[:session_jwt] = session_jwt unless session_jwt.nil?
|
143
145
|
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
144
146
|
|
145
|
-
post_request('/v1/totps/authenticate', request)
|
147
|
+
post_request('/v1/totps/authenticate', request, headers)
|
146
148
|
end
|
147
149
|
|
148
150
|
# Retrieve the recovery codes for a TOTP instance tied to a User.
|
@@ -169,11 +171,12 @@ module Stytch
|
|
169
171
|
def recovery_codes(
|
170
172
|
user_id:
|
171
173
|
)
|
174
|
+
headers = {}
|
172
175
|
request = {
|
173
176
|
user_id: user_id
|
174
177
|
}
|
175
178
|
|
176
|
-
post_request('/v1/totps/recovery_codes', request)
|
179
|
+
post_request('/v1/totps/recovery_codes', request, headers)
|
177
180
|
end
|
178
181
|
|
179
182
|
# Authenticate a recovery code for a TOTP instance.
|
@@ -245,6 +248,7 @@ module Stytch
|
|
245
248
|
session_jwt: nil,
|
246
249
|
session_custom_claims: nil
|
247
250
|
)
|
251
|
+
headers = {}
|
248
252
|
request = {
|
249
253
|
user_id: user_id,
|
250
254
|
recovery_code: recovery_code
|
@@ -254,7 +258,7 @@ module Stytch
|
|
254
258
|
request[:session_jwt] = session_jwt unless session_jwt.nil?
|
255
259
|
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
256
260
|
|
257
|
-
post_request('/v1/totps/recover', request)
|
261
|
+
post_request('/v1/totps/recover', request, headers)
|
258
262
|
end
|
259
263
|
end
|
260
264
|
end
|
data/lib/stytch/users.rb
CHANGED
@@ -77,6 +77,7 @@ module Stytch
|
|
77
77
|
trusted_metadata: nil,
|
78
78
|
untrusted_metadata: nil
|
79
79
|
)
|
80
|
+
headers = {}
|
80
81
|
request = {}
|
81
82
|
request[:email] = email unless email.nil?
|
82
83
|
request[:name] = name unless name.nil?
|
@@ -86,7 +87,7 @@ module Stytch
|
|
86
87
|
request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
|
87
88
|
request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil?
|
88
89
|
|
89
|
-
post_request('/v1/users', request)
|
90
|
+
post_request('/v1/users', request, headers)
|
90
91
|
end
|
91
92
|
|
92
93
|
# Get information about a specific User.
|
@@ -114,7 +115,7 @@ module Stytch
|
|
114
115
|
# An array of phone number objects linked to the User.
|
115
116
|
# The type of this field is list of +PhoneNumber+ (+object+).
|
116
117
|
# webauthn_registrations::
|
117
|
-
# An array that contains a list of all WebAuthn registrations for a given User in the Stytch API.
|
118
|
+
# An array that contains a list of all Passkey or WebAuthn registrations for a given User in the Stytch API.
|
118
119
|
# The type of this field is list of +WebAuthnRegistration+ (+object+).
|
119
120
|
# providers::
|
120
121
|
# An array of OAuth `provider` objects linked to the User.
|
@@ -149,9 +150,10 @@ module Stytch
|
|
149
150
|
def get(
|
150
151
|
user_id:
|
151
152
|
)
|
153
|
+
headers = {}
|
152
154
|
query_params = {}
|
153
155
|
request = request_with_query_params("/v1/users/#{user_id}", query_params)
|
154
|
-
get_request(request)
|
156
|
+
get_request(request, headers)
|
155
157
|
end
|
156
158
|
|
157
159
|
# Search for Users within your Stytch Project. Submit an empty `query` in the request to return all Users.
|
@@ -186,17 +188,18 @@ module Stytch
|
|
186
188
|
limit: nil,
|
187
189
|
query: nil
|
188
190
|
)
|
191
|
+
headers = {}
|
189
192
|
request = {}
|
190
193
|
request[:cursor] = cursor unless cursor.nil?
|
191
194
|
request[:limit] = limit unless limit.nil?
|
192
195
|
request[:query] = query unless query.nil?
|
193
196
|
|
194
|
-
post_request('/v1/users/search', request)
|
197
|
+
post_request('/v1/users/search', request, headers)
|
195
198
|
end
|
196
199
|
|
197
200
|
# Update a User's attributes.
|
198
201
|
#
|
199
|
-
# **Note:** In order to add a new email address or phone number to an existing User object, pass the new email address or phone number into the respective `/send` endpoint for the authentication method of your choice. If you specify the existing User's `user_id` while calling the `/send` endpoint, the new email address or phone number will be added to the existing User object
|
202
|
+
# **Note:** In order to add a new email address or phone number to an existing User object, pass the new email address or phone number into the respective `/send` endpoint for the authentication method of your choice. If you specify the existing User's `user_id` while calling the `/send` endpoint, the new, unverified email address or phone number will be added to the existing User object. If the user successfully authenticates within 5 minutes of the `/send` request, the new email address or phone number will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that phone number will create a new User. We require this process to guard against an account takeover vulnerability.
|
200
203
|
#
|
201
204
|
# == Parameters:
|
202
205
|
# user_id::
|
@@ -245,13 +248,14 @@ module Stytch
|
|
245
248
|
trusted_metadata: nil,
|
246
249
|
untrusted_metadata: nil
|
247
250
|
)
|
251
|
+
headers = {}
|
248
252
|
request = {}
|
249
253
|
request[:name] = name unless name.nil?
|
250
254
|
request[:attributes] = attributes unless attributes.nil?
|
251
255
|
request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
|
252
256
|
request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil?
|
253
257
|
|
254
|
-
put_request("/v1/users/#{user_id}", request)
|
258
|
+
put_request("/v1/users/#{user_id}", request, headers)
|
255
259
|
end
|
256
260
|
|
257
261
|
# Exchange a user's email address or phone number for another.
|
@@ -292,11 +296,12 @@ module Stytch
|
|
292
296
|
email_address: nil,
|
293
297
|
phone_number: nil
|
294
298
|
)
|
299
|
+
headers = {}
|
295
300
|
request = {}
|
296
301
|
request[:email_address] = email_address unless email_address.nil?
|
297
302
|
request[:phone_number] = phone_number unless phone_number.nil?
|
298
303
|
|
299
|
-
put_request("/v1/users/#{user_id}/exchange_primary_factor", request)
|
304
|
+
put_request("/v1/users/#{user_id}/exchange_primary_factor", request, headers)
|
300
305
|
end
|
301
306
|
|
302
307
|
# Delete a User from Stytch.
|
@@ -320,7 +325,8 @@ module Stytch
|
|
320
325
|
def delete(
|
321
326
|
user_id:
|
322
327
|
)
|
323
|
-
|
328
|
+
headers = {}
|
329
|
+
delete_request("/v1/users/#{user_id}", headers)
|
324
330
|
end
|
325
331
|
|
326
332
|
# Delete an email from a User.
|
@@ -347,7 +353,8 @@ module Stytch
|
|
347
353
|
def delete_email(
|
348
354
|
email_id:
|
349
355
|
)
|
350
|
-
|
356
|
+
headers = {}
|
357
|
+
delete_request("/v1/users/emails/#{email_id}", headers)
|
351
358
|
end
|
352
359
|
|
353
360
|
# Delete a phone number from a User.
|
@@ -374,7 +381,8 @@ module Stytch
|
|
374
381
|
def delete_phone_number(
|
375
382
|
phone_id:
|
376
383
|
)
|
377
|
-
|
384
|
+
headers = {}
|
385
|
+
delete_request("/v1/users/phone_numbers/#{phone_id}", headers)
|
378
386
|
end
|
379
387
|
|
380
388
|
# Delete a WebAuthn registration from a User.
|
@@ -401,7 +409,8 @@ module Stytch
|
|
401
409
|
def delete_webauthn_registration(
|
402
410
|
webauthn_registration_id:
|
403
411
|
)
|
404
|
-
|
412
|
+
headers = {}
|
413
|
+
delete_request("/v1/users/webauthn_registrations/#{webauthn_registration_id}", headers)
|
405
414
|
end
|
406
415
|
|
407
416
|
# Delete a biometric registration from a User.
|
@@ -428,7 +437,8 @@ module Stytch
|
|
428
437
|
def delete_biometric_registration(
|
429
438
|
biometric_registration_id:
|
430
439
|
)
|
431
|
-
|
440
|
+
headers = {}
|
441
|
+
delete_request("/v1/users/biometric_registrations/#{biometric_registration_id}", headers)
|
432
442
|
end
|
433
443
|
|
434
444
|
# Delete a TOTP from a User.
|
@@ -455,7 +465,8 @@ module Stytch
|
|
455
465
|
def delete_totp(
|
456
466
|
totp_id:
|
457
467
|
)
|
458
|
-
|
468
|
+
headers = {}
|
469
|
+
delete_request("/v1/users/totps/#{totp_id}", headers)
|
459
470
|
end
|
460
471
|
|
461
472
|
# Delete a crypto wallet from a User.
|
@@ -482,7 +493,8 @@ module Stytch
|
|
482
493
|
def delete_crypto_wallet(
|
483
494
|
crypto_wallet_id:
|
484
495
|
)
|
485
|
-
|
496
|
+
headers = {}
|
497
|
+
delete_request("/v1/users/crypto_wallets/#{crypto_wallet_id}", headers)
|
486
498
|
end
|
487
499
|
|
488
500
|
# Delete a password from a User.
|
@@ -509,7 +521,8 @@ module Stytch
|
|
509
521
|
def delete_password(
|
510
522
|
password_id:
|
511
523
|
)
|
512
|
-
|
524
|
+
headers = {}
|
525
|
+
delete_request("/v1/users/passwords/#{password_id}", headers)
|
513
526
|
end
|
514
527
|
|
515
528
|
# Delete an OAuth registration from a User.
|
@@ -536,7 +549,8 @@ module Stytch
|
|
536
549
|
def delete_oauth_registration(
|
537
550
|
oauth_user_registration_id:
|
538
551
|
)
|
539
|
-
|
552
|
+
headers = {}
|
553
|
+
delete_request("/v1/users/oauth/#{oauth_user_registration_id}", headers)
|
540
554
|
end
|
541
555
|
end
|
542
556
|
end
|
data/lib/stytch/version.rb
CHANGED
data/lib/stytch/webauthn.rb
CHANGED
@@ -16,23 +16,31 @@ module Stytch
|
|
16
16
|
@connection = connection
|
17
17
|
end
|
18
18
|
|
19
|
-
# Initiate the process of creating a new WebAuthn registration.
|
19
|
+
# Initiate the process of creating a new Passkey or WebAuthn registration.
|
20
|
+
#
|
21
|
+
# To optimize for Passkeys, set the `return_passkey_credential_options` field to `true`.
|
22
|
+
#
|
23
|
+
# After calling this endpoint, the browser will need to call [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) with the data from [public_key_credential_creation_options](https://w3c.github.io/webauthn/#dictionary-makecredentialoptions) passed to the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request via the public key argument. We recommend using the `create()` wrapper provided by the webauthn-json library.
|
20
24
|
#
|
21
25
|
# If you are not using the [webauthn-json](https://github.com/github/webauthn-json) library, the `public_key_credential_creation_options` will need to be converted to a suitable public key by unmarshalling the JSON, base64 decoding the user ID field, and converting user ID and the challenge fields into an array buffer.
|
22
26
|
#
|
23
27
|
# == Parameters:
|
24
28
|
# user_id::
|
25
|
-
# The `user_id` of an active user the WebAuthn registration should be tied to.
|
29
|
+
# The `user_id` of an active user the Passkey or WebAuthn registration should be tied to.
|
26
30
|
# The type of this field is +String+.
|
27
31
|
# domain::
|
28
|
-
# The domain for WebAuthn. Defaults to `window.location.hostname`.
|
32
|
+
# The domain for Passkeys or WebAuthn. Defaults to `window.location.hostname`.
|
29
33
|
# The type of this field is +String+.
|
30
34
|
# user_agent::
|
31
35
|
# The user agent of the User.
|
32
36
|
# The type of this field is nilable +String+.
|
33
37
|
# authenticator_type::
|
34
|
-
# The requested authenticator type of the WebAuthn device. The two valid
|
38
|
+
# The requested authenticator type of the Passkey or WebAuthn device. The two valid values are platform and cross-platform. If no value passed, we assume both values are allowed.
|
35
39
|
# The type of this field is nilable +String+.
|
40
|
+
# return_passkey_credential_options::
|
41
|
+
# If true, the `public_key_credential_creation_options` returned will be optimized for Passkeys with `residentKey` set to `"required"` and `userVerification` set to `"preferred"`.
|
42
|
+
#
|
43
|
+
# The type of this field is nilable +Boolean+.
|
36
44
|
#
|
37
45
|
# == Returns:
|
38
46
|
# An object with the following fields:
|
@@ -43,7 +51,7 @@ module Stytch
|
|
43
51
|
# The unique ID of the affected User.
|
44
52
|
# The type of this field is +String+.
|
45
53
|
# public_key_credential_creation_options::
|
46
|
-
# Options used for WebAuthn registration.
|
54
|
+
# Options used for Passkey or WebAuthn registration.
|
47
55
|
# The type of this field is +String+.
|
48
56
|
# status_code::
|
49
57
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
@@ -52,16 +60,19 @@ module Stytch
|
|
52
60
|
user_id:,
|
53
61
|
domain:,
|
54
62
|
user_agent: nil,
|
55
|
-
authenticator_type: nil
|
63
|
+
authenticator_type: nil,
|
64
|
+
return_passkey_credential_options: nil
|
56
65
|
)
|
66
|
+
headers = {}
|
57
67
|
request = {
|
58
68
|
user_id: user_id,
|
59
69
|
domain: domain
|
60
70
|
}
|
61
71
|
request[:user_agent] = user_agent unless user_agent.nil?
|
62
72
|
request[:authenticator_type] = authenticator_type unless authenticator_type.nil?
|
73
|
+
request[:return_passkey_credential_options] = return_passkey_credential_options unless return_passkey_credential_options.nil?
|
63
74
|
|
64
|
-
post_request('/v1/webauthn/register/start', request)
|
75
|
+
post_request('/v1/webauthn/register/start', request, headers)
|
65
76
|
end
|
66
77
|
|
67
78
|
# Complete the creation of a WebAuthn registration by passing the response from the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request to this endpoint as the `public_key_credential` parameter.
|
@@ -70,11 +81,33 @@ module Stytch
|
|
70
81
|
#
|
71
82
|
# == Parameters:
|
72
83
|
# user_id::
|
73
|
-
# The `user_id` of an active user the WebAuthn registration should be tied to.
|
84
|
+
# The `user_id` of an active user the Passkey or WebAuthn registration should be tied to.
|
74
85
|
# The type of this field is +String+.
|
75
86
|
# public_key_credential::
|
76
87
|
# The response of the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential).
|
77
88
|
# The type of this field is +String+.
|
89
|
+
# session_token::
|
90
|
+
# The `session_token` associated with a User's existing Session.
|
91
|
+
# The type of this field is nilable +String+.
|
92
|
+
# session_duration_minutes::
|
93
|
+
# Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
|
94
|
+
# returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
|
95
|
+
# five minutes regardless of the underlying session duration, and will need to be refreshed over time.
|
96
|
+
#
|
97
|
+
# This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
|
98
|
+
#
|
99
|
+
# If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
|
100
|
+
#
|
101
|
+
# If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created.
|
102
|
+
# The type of this field is nilable +Integer+.
|
103
|
+
# session_jwt::
|
104
|
+
# The `session_jwt` associated with a User's existing Session.
|
105
|
+
# The type of this field is nilable +String+.
|
106
|
+
# session_custom_claims::
|
107
|
+
# Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value.
|
108
|
+
#
|
109
|
+
# Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes.
|
110
|
+
# The type of this field is nilable +object+.
|
78
111
|
#
|
79
112
|
# == Returns:
|
80
113
|
# An object with the following fields:
|
@@ -85,34 +118,66 @@ module Stytch
|
|
85
118
|
# The unique ID of the affected User.
|
86
119
|
# The type of this field is +String+.
|
87
120
|
# webauthn_registration_id::
|
88
|
-
# The unique ID for the WebAuthn registration.
|
121
|
+
# The unique ID for the Passkey or WebAuthn registration.
|
89
122
|
# The type of this field is +String+.
|
123
|
+
# session_token::
|
124
|
+
# A secret token for a given Stytch Session.
|
125
|
+
# The type of this field is +String+.
|
126
|
+
# session_jwt::
|
127
|
+
# The JSON Web Token (JWT) for a given Stytch Session.
|
128
|
+
# The type of this field is +String+.
|
129
|
+
# user::
|
130
|
+
# (no documentation yet)
|
131
|
+
# The type of this field is +User+ (+object+).
|
90
132
|
# status_code::
|
91
133
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
92
134
|
# The type of this field is +Integer+.
|
135
|
+
# session::
|
136
|
+
# If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response.
|
137
|
+
#
|
138
|
+
# See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields.
|
139
|
+
#
|
140
|
+
# The type of this field is nilable +Session+ (+object+).
|
93
141
|
def register(
|
94
142
|
user_id:,
|
95
|
-
public_key_credential
|
143
|
+
public_key_credential:,
|
144
|
+
session_token: nil,
|
145
|
+
session_duration_minutes: nil,
|
146
|
+
session_jwt: nil,
|
147
|
+
session_custom_claims: nil
|
96
148
|
)
|
149
|
+
headers = {}
|
97
150
|
request = {
|
98
151
|
user_id: user_id,
|
99
152
|
public_key_credential: public_key_credential
|
100
153
|
}
|
154
|
+
request[:session_token] = session_token unless session_token.nil?
|
155
|
+
request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
|
156
|
+
request[:session_jwt] = session_jwt unless session_jwt.nil?
|
157
|
+
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
101
158
|
|
102
|
-
post_request('/v1/webauthn/register', request)
|
159
|
+
post_request('/v1/webauthn/register', request, headers)
|
103
160
|
end
|
104
161
|
|
105
|
-
# Initiate the authentication of a WebAuthn registration.
|
162
|
+
# Initiate the authentication of a Passkey or WebAuthn registration.
|
163
|
+
#
|
164
|
+
# To optimize for Passkeys, set the `return_passkey_credential_options` field to `true`.
|
165
|
+
#
|
166
|
+
# After calling this endpoint, the browser will need to call [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) with the data from `public_key_credential_request_options` passed to the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request via the public key argument. We recommend using the `get()` wrapper provided by the webauthn-json library.
|
106
167
|
#
|
107
168
|
# If you are not using the [webauthn-json](https://github.com/github/webauthn-json) library, `the public_key_credential_request_options` will need to be converted to a suitable public key by unmarshalling the JSON and converting some the fields to array buffers.
|
108
169
|
#
|
109
170
|
# == Parameters:
|
110
|
-
# user_id::
|
111
|
-
# The `user_id` of an active user the WebAuthn registration should be tied to.
|
112
|
-
# The type of this field is +String+.
|
113
171
|
# domain::
|
114
|
-
# The domain for WebAuthn. Defaults to `window.location.hostname`.
|
172
|
+
# The domain for Passkeys or WebAuthn. Defaults to `window.location.hostname`.
|
115
173
|
# The type of this field is +String+.
|
174
|
+
# user_id::
|
175
|
+
# The `user_id` of an active user the Passkey or WebAuthn registration should be tied to.
|
176
|
+
# The type of this field is nilable +String+.
|
177
|
+
# return_passkey_credential_options::
|
178
|
+
# If true, the `public_key_credential_creation_options` returned will be optimized for Passkeys with `userVerification` set to `"preferred"`.
|
179
|
+
#
|
180
|
+
# The type of this field is nilable +Boolean+.
|
116
181
|
#
|
117
182
|
# == Returns:
|
118
183
|
# An object with the following fields:
|
@@ -123,24 +188,27 @@ module Stytch
|
|
123
188
|
# The unique ID of the affected User.
|
124
189
|
# The type of this field is +String+.
|
125
190
|
# public_key_credential_request_options::
|
126
|
-
# Options used for WebAuthn authentication.
|
191
|
+
# Options used for Passkey or WebAuthn authentication.
|
127
192
|
# The type of this field is +String+.
|
128
193
|
# status_code::
|
129
194
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
130
195
|
# The type of this field is +Integer+.
|
131
196
|
def authenticate_start(
|
132
|
-
|
133
|
-
|
197
|
+
domain:,
|
198
|
+
user_id: nil,
|
199
|
+
return_passkey_credential_options: nil
|
134
200
|
)
|
201
|
+
headers = {}
|
135
202
|
request = {
|
136
|
-
user_id: user_id,
|
137
203
|
domain: domain
|
138
204
|
}
|
205
|
+
request[:user_id] = user_id unless user_id.nil?
|
206
|
+
request[:return_passkey_credential_options] = return_passkey_credential_options unless return_passkey_credential_options.nil?
|
139
207
|
|
140
|
-
post_request('/v1/webauthn/authenticate/start', request)
|
208
|
+
post_request('/v1/webauthn/authenticate/start', request, headers)
|
141
209
|
end
|
142
210
|
|
143
|
-
# Complete the authentication of a WebAuthn registration by passing the response from the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request to the authenticate endpoint.
|
211
|
+
# Complete the authentication of a Passkey or WebAuthn registration by passing the response from the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request to the authenticate endpoint.
|
144
212
|
#
|
145
213
|
# If the [webauthn-json](https://github.com/github/webauthn-json) library's `get()` method was used, the response can be passed directly to the [authenticate endpoint](https://stytch.com/docs/api/webauthn-authenticate). If not some fields from the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) response will need to be converted from array buffers to strings and marshalled into JSON.
|
146
214
|
#
|
@@ -180,7 +248,7 @@ module Stytch
|
|
180
248
|
# The unique ID of the affected User.
|
181
249
|
# The type of this field is +String+.
|
182
250
|
# webauthn_registration_id::
|
183
|
-
# The unique ID for the WebAuthn registration.
|
251
|
+
# The unique ID for the Passkey or WebAuthn registration.
|
184
252
|
# The type of this field is +String+.
|
185
253
|
# session_token::
|
186
254
|
# A secret token for a given Stytch Session.
|
@@ -207,6 +275,7 @@ module Stytch
|
|
207
275
|
session_jwt: nil,
|
208
276
|
session_custom_claims: nil
|
209
277
|
)
|
278
|
+
headers = {}
|
210
279
|
request = {
|
211
280
|
public_key_credential: public_key_credential
|
212
281
|
}
|
@@ -215,7 +284,40 @@ module Stytch
|
|
215
284
|
request[:session_jwt] = session_jwt unless session_jwt.nil?
|
216
285
|
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
217
286
|
|
218
|
-
post_request('/v1/webauthn/authenticate', request)
|
287
|
+
post_request('/v1/webauthn/authenticate', request, headers)
|
288
|
+
end
|
289
|
+
|
290
|
+
# Updates a Passkey or WebAuthn registration.
|
291
|
+
#
|
292
|
+
# == Parameters:
|
293
|
+
# webauthn_registration_id::
|
294
|
+
# Globally unique UUID that identifies a Passkey or WebAuthn registration in the Stytch API. The `webautn_registration_id` is used when you need to operate on a specific User's WebAuthn registartion.
|
295
|
+
# The type of this field is +String+.
|
296
|
+
# name::
|
297
|
+
# The `name` of the WebAuthn registration or Passkey.
|
298
|
+
# The type of this field is +String+.
|
299
|
+
#
|
300
|
+
# == Returns:
|
301
|
+
# An object with the following fields:
|
302
|
+
# request_id::
|
303
|
+
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
304
|
+
# The type of this field is +String+.
|
305
|
+
# status_code::
|
306
|
+
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
307
|
+
# The type of this field is +Integer+.
|
308
|
+
# webauthn_registration::
|
309
|
+
# A Passkey or WebAuthn registration.
|
310
|
+
# The type of this field is nilable +WebAuthnRegistration+ (+object+).
|
311
|
+
def update(
|
312
|
+
webauthn_registration_id:,
|
313
|
+
name:
|
314
|
+
)
|
315
|
+
headers = {}
|
316
|
+
request = {
|
317
|
+
name: name
|
318
|
+
}
|
319
|
+
|
320
|
+
put_request("/v1/webauthn/#{webauthn_registration_id}", request, headers)
|
219
321
|
end
|
220
322
|
end
|
221
323
|
end
|
data/stytch.gemspec
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: stytch
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 7.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- stytch
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-02-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|
@@ -72,6 +72,34 @@ dependencies:
|
|
72
72
|
- - "~>"
|
73
73
|
- !ruby/object:Gem::Version
|
74
74
|
version: 3.11.0
|
75
|
+
- !ruby/object:Gem::Dependency
|
76
|
+
name: rubocop
|
77
|
+
requirement: !ruby/object:Gem::Requirement
|
78
|
+
requirements:
|
79
|
+
- - '='
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: 1.56.3
|
82
|
+
type: :development
|
83
|
+
prerelease: false
|
84
|
+
version_requirements: !ruby/object:Gem::Requirement
|
85
|
+
requirements:
|
86
|
+
- - '='
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
version: 1.56.3
|
89
|
+
- !ruby/object:Gem::Dependency
|
90
|
+
name: rubocop-rspec
|
91
|
+
requirement: !ruby/object:Gem::Requirement
|
92
|
+
requirements:
|
93
|
+
- - '='
|
94
|
+
- !ruby/object:Gem::Version
|
95
|
+
version: 2.24.0
|
96
|
+
type: :development
|
97
|
+
prerelease: false
|
98
|
+
version_requirements: !ruby/object:Gem::Requirement
|
99
|
+
requirements:
|
100
|
+
- - '='
|
101
|
+
- !ruby/object:Gem::Version
|
102
|
+
version: 2.24.0
|
75
103
|
description:
|
76
104
|
email:
|
77
105
|
- support@stytch.com
|
@@ -84,6 +112,7 @@ files:
|
|
84
112
|
- ".github/workflows/ruby.yml"
|
85
113
|
- ".gitignore"
|
86
114
|
- ".rspec"
|
115
|
+
- ".rubocop.yml"
|
87
116
|
- ".travis.yml"
|
88
117
|
- CODEOWNERS
|
89
118
|
- CODE_OF_CONDUCT.md
|
@@ -102,17 +131,22 @@ files:
|
|
102
131
|
- lib/stytch/b2b_organizations.rb
|
103
132
|
- lib/stytch/b2b_otp.rb
|
104
133
|
- lib/stytch/b2b_passwords.rb
|
134
|
+
- lib/stytch/b2b_rbac.rb
|
135
|
+
- lib/stytch/b2b_recovery_codes.rb
|
105
136
|
- lib/stytch/b2b_sessions.rb
|
106
137
|
- lib/stytch/b2b_sso.rb
|
138
|
+
- lib/stytch/b2b_totps.rb
|
107
139
|
- lib/stytch/client.rb
|
108
140
|
- lib/stytch/crypto_wallets.rb
|
109
141
|
- lib/stytch/errors.rb
|
110
142
|
- lib/stytch/m2m.rb
|
111
143
|
- lib/stytch/magic_links.rb
|
144
|
+
- lib/stytch/method_options.rb
|
112
145
|
- lib/stytch/middleware.rb
|
113
146
|
- lib/stytch/oauth.rb
|
114
147
|
- lib/stytch/otps.rb
|
115
148
|
- lib/stytch/passwords.rb
|
149
|
+
- lib/stytch/rbac_local.rb
|
116
150
|
- lib/stytch/request_helper.rb
|
117
151
|
- lib/stytch/sessions.rb
|
118
152
|
- lib/stytch/totps.rb
|