stytch 6.4.0 → 9.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 94327b3a992f3e596ec4c0a5a6bad97d2c78041e15f12a470949819aa5c0994d
-  data.tar.gz: a02935d82c7129002058f425f15d73886b5f373b9f942e35cfb410fd62c7148d
+  metadata.gz: e075ae0bbd1a3f639927bcd53fc125ce81856a38ca08af4fda63a5a67c59a8d2
+  data.tar.gz: f820f820eff94a0d24e504bc1cb2a31d449124609b37edb60d1f6678acfe19e8
 SHA512:
-  metadata.gz: c366e0741c92ecf5ce5413beb57917a01f733ecc231540aebfab19c8a51ee75e7ee9deded5d23453b0580fc3556c90f7e2d1b707dfd79fa6aa6fa6b43cf5e152
-  data.tar.gz: 9e2540999fa38c50436ea9409859cff663378d7b4a4d21a9ec15bdc8e36b326ed3ae2d681751739adbcecb57b3bd3a1c578394ba6d9dd2b92a1e9b5863f1a84b
+  metadata.gz: 392f3723a7fd0e3950a4179da49c49dc2c01d469b6b2c4107c6d6d20b9beabcee3b5741c16f260ad04dc440c42122bd3098e5eb91844133c9cf08a4e30f58443
+  data.tar.gz: bb1e40d2bbc571b03215aa94dc40164816fd5559f412c14cb4b9b6b73ef1046a3339005d456ccb294b712d353c17eb53cf08b0fb0bfa030dd061fd11afc92712

data/.github/workflows/ruby.yml

@@ -26,3 +26,16 @@ jobs:
           bundler-cache: true
 
       - run: bundle exec rspec
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          # Match the minimum supported Ruby version in the gemspec.
+          ruby-version: '2.7'
+          bundler-cache: true
+
+      - run: bundle exec rubocop

data/.gitignore

@@ -8,6 +8,8 @@
 /tmp/
 *.gem
 Gemfile.lock
+.idea/
+.envrc
 
 # rspec failure tracking
 .rspec_status

data/.rubocop.yml

@@ -0,0 +1,22 @@
+require:
+  - rubocop-rspec
+
+AllCops:
+  NewCops: disable
+  # The target Ruby version must match the one in stytch.gemspec.
+  TargetRubyVersion: 2.7
+
+Layout/LineLength: { Enabled: false }
+LeadingCommentSpace: { Enabled: false }
+
+Metrics: { Enabled: false }
+
+Style/Documentation: { Enabled: false }
+Style/For: { Enabled: false }
+Style/FrozenStringLiteralComment: { Enabled: false }
+Style/NumericPredicate: { Enabled: false }
+Style/StringConcatenation: { Enabled: false }
+
+RSpec/DescribedClass: { Enabled: false }
+RSpec/ExampleLength: { Enabled: false }
+RSpec/MultipleExpectations: { Enabled: false }

data/DEVELOPMENT.md

@@ -5,7 +5,9 @@ Thanks for contributing to Stytch's Ruby library! If you run into trouble, find
 ## Setup
 
 1. Clone this repo.
-2. To test your changes locally, update your GEMFILE with `gem 'stytch', path: '../stytch'` where `../stytch` is the path to your cloned copy of stytch-ruby.
+2. Install development dependencies using [Bundler]: `bundle install`
+
+To test your changes locally in another project, update your `GEMFILE` with `gem 'stytch', path: '../stytch'` where `../stytch` is the path to your cloned copy of stytch-ruby.
 
 ## Issues and Pull Requests
 
@@ -15,4 +17,5 @@ If you have non-trivial changes you'd like us to incorporate, please open an iss
 
 When you're ready for someone to look at your issue or PR, assign `@stytchauth/client-libraries` (GitHub should do this automatically). If we don't acknowledge it within one business day, please escalate it by tagging `@stytchauth/engineering` in a comment or letting us know in [Slack].
 
-[Slack]: https://join.slack.com/t/stytch/shared_invite/zt-nil4wo92-jApJ9Cl32cJbEd9esKkvyg
+[Bundler]: https://bundler.io/
+[Slack]: https://stytch.com/docs/resources/support/overview

data/README.md

@@ -2,7 +2,7 @@
 
 The Stytch Ruby gem makes it easy to use the Stytch user infrastructure API in Ruby applications.
 
-It pairs well with the Stytch [Web SDK](https://www.npmjs.com/package/@stytch/stytch-js) or your own custom authentication flow.
+It pairs well with the Stytch [Web SDK](https://www.npmjs.com/package/@stytch/vanilla-js) or your own custom authentication flow.
 
 ## Install
 
@@ -25,6 +25,9 @@ Or install it yourself as:
 You can find your API credentials in the [Stytch Dashboard](https://stytch.com/dashboard/api-keys).
 
 This client library supports all Stytch's live products:
+
+### B2C
+
   - [x] [Email Magic Links](https://stytch.com/docs/api/send-by-email)
   - [x] [Embeddable Magic Links](https://stytch.com/docs/guides/magic-links/embeddable-magic-links/api)
   - [x] [OAuth logins](https://stytch.com/docs/guides/oauth/idp-overview)
@@ -37,7 +40,18 @@ This client library supports all Stytch's live products:
   - [x] [Crypto wallets](https://stytch.com/docs/guides/web3/api)
   - [x] [Passwords](https://stytch.com/docs/guides/passwords/api)
 
-### Example usage
+### B2B
+
+- [x] [Organizations](https://stytch.com/docs/b2b/api/organization-object)
+- [x] [Members](https://stytch.com/docs/b2b/api/member-object)
+- [x] [Email Magic Links](https://stytch.com/docs/b2b/api/send-login-signup-email)
+- [x] [OAuth logins](https://stytch.com/docs/b2b/api/oauth-google-start)
+- [x] [Session Management](https://stytch.com/docs/b2b/api/session-object)
+- [x] [Single-Sign On](https://stytch.com/docs/b2b/api/sso-authenticate-start)
+- [x] [Discovery](https://stytch.com/docs/b2b/api/discovered-organization-object)
+- [x] [Passwords](https://stytch.com/docs/b2b/api/passwords-authenticate)
+
+### Example B2C usage
 Create an API client:
 ```ruby
 client = Stytch::Client.new(
@@ -61,6 +75,41 @@ client.magic_links.authenticate(
 )
 ```
 
+### Example B2B usage
+
+Create an API client:
+```ruby
+require 'stytch'
+
+client = StytchB2B::Client.new(
+  project_id: "project-test-uuid",
+  secret: "secret-test-uuid"
+)
+```
+
+Create an organization
+
+```ruby
+resp = client.organizations.create(
+  organization_name: 'Example Org Inc.',
+  organization_slug: 'example-org'
+)
+
+puts resp
+```
+
+Log the first user into the organization
+
+```ruby
+resp = client.magic_links.email.login_or_signup(
+  organization_id: 'organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931',
+  email_address: 'sandbox@stytch.com'
+)
+
+puts resp
+```
+
+
 ## Handling Errors
 
 When possible the response will contain an `error_type` and an `error_message` that can be used to distinguish errors.
@@ -77,7 +126,7 @@ Follow one of the [integration guides](https://stytch.com/docs/guides) or start
 
 If you've found a bug, [open an issue](https://github.com/stytchauth/stytch-ruby/issues/new)!
 
-If you have questions or want help troubleshooting, join us in [Slack](https://join.slack.com/t/stytch/shared_invite/zt-nil4wo92-jApJ9Cl32cJbEd9esKkvyg) or email support@stytch.com.
+If you have questions or want help troubleshooting, join us in [Slack](https://stytch.com/docs/resources/support/overview) or email support@stytch.com.
 
 If you've found a security vulnerability, please follow our [responsible disclosure instructions](https://stytch.com/docs/resources/security-and-trust/security#:~:text=Responsible%20disclosure%20program).
 

data/lib/stytch/b2b_client.rb

@@ -6,32 +6,47 @@ require_relative 'b2b_oauth'
 require_relative 'b2b_organizations'
 require_relative 'b2b_otp'
 require_relative 'b2b_passwords'
+require_relative 'b2b_rbac'
+require_relative 'b2b_recovery_codes'
+require_relative 'b2b_scim'
 require_relative 'b2b_sessions'
 require_relative 'b2b_sso'
+require_relative 'b2b_totps'
 require_relative 'm2m'
+require_relative 'project'
+require_relative 'rbac_local'
 
 module StytchB2B
   class Client
     ENVIRONMENTS = %i[live test].freeze
 
-    attr_reader :discovery, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :sso, :sessions
+    attr_reader :discovery, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :project, :rbac, :recovery_codes, :scim, :sso, :sessions, :totps
 
     def initialize(project_id:, secret:, env: nil, &block)
       @api_host   = api_host(env, project_id)
       @project_id = project_id
       @secret     = secret
+      @is_b2b_client = true
 
       create_connection(&block)
 
+      rbac = StytchB2B::RBAC.new(@connection)
+      @policy_cache = StytchB2B::PolicyCache.new(rbac_client: rbac)
+
       @discovery = StytchB2B::Discovery.new(@connection)
-      @m2m = Stytch::M2M.new(@connection, project_id)
+      @m2m = Stytch::M2M.new(@connection, @project_id, @is_b2b_client)
       @magic_links = StytchB2B::MagicLinks.new(@connection)
       @oauth = StytchB2B::OAuth.new(@connection)
       @otps = StytchB2B::OTPs.new(@connection)
       @organizations = StytchB2B::Organizations.new(@connection)
       @passwords = StytchB2B::Passwords.new(@connection)
+      @project = Stytch::Project.new(@connection)
+      @rbac = StytchB2B::RBAC.new(@connection)
+      @recovery_codes = StytchB2B::RecoveryCodes.new(@connection)
+      @scim = StytchB2B::SCIM.new(@connection)
       @sso = StytchB2B::SSO.new(@connection)
-      @sessions = StytchB2B::Sessions.new(@connection)
+      @sessions = StytchB2B::Sessions.new(@connection, @project_id, @policy_cache)
+      @totps = StytchB2B::TOTPs.new(@connection)
     end
 
     private

data/lib/stytch/b2b_discovery.rb

@@ -32,18 +32,19 @@ module StytchB2B
       #
       # This endpoint can be used to accept invites and create new members via domain matching.
       #
-      # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`.
+      # If the is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`.
       # The `intermediate_session_token` will not be consumed and instead will be returned in the response.
       # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session.
       # The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one.
       # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
       #
+      # If the Member is logging in via an OAuth provider that does not fully verify the email, the returned value of `member_authenticated` will be `false`.
+      # The `intermediate_session_token` will not be consumed and instead will be returned in the response.
+      # The `primary_required` field details the authentication flow the Member must perform in order to [complete a step-up authentication](https://stytch.com/docs/b2b/guides/oauth/auth-flows) into the organization. The `intermediate_session_token` must be passed into that authentication flow.
+      #
       # == Parameters:
       # intermediate_session_token::
-      #   The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
-      #     The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
-      #     the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
-      #     or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
+      #   The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
       #   The type of this field is +String+.
       # organization_id::
       #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
@@ -67,7 +68,7 @@ module StytchB2B
       #   Total custom claims size cannot exceed four kilobytes.
       #   The type of this field is nilable +object+.
       # locale::
-      #   If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
+      #   If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.
       #
       # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
       #
@@ -101,10 +102,7 @@ module StytchB2B
       #   Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
       #   The type of this field is +Boolean+.
       # intermediate_session_token::
-      #   The returned Intermediate Session Token is identical to the one that was originally passed in to the request.
-      #       The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization.
-      #       It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a different existing Organization,
-      #       or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization.
+      #   The returned Intermediate Session Token is identical to the one that was originally passed in to the request. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
       #   The type of this field is +String+.
       # status_code::
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
@@ -115,6 +113,9 @@ module StytchB2B
       # mfa_required::
       #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
       #   The type of this field is nilable +MfaRequired+ (+object+).
+      # primary_required::
+      #   Information about the primary authentication requirements of the Organization.
+      #   The type of this field is nilable +PrimaryRequired+ (+object+).
       def exchange(
         intermediate_session_token:,
         organization_id:,
@@ -122,6 +123,7 @@ module StytchB2B
         session_custom_claims: nil,
         locale: nil
       )
+        headers = {}
         request = {
           intermediate_session_token: intermediate_session_token,
           organization_id: organization_id
@@ -130,7 +132,7 @@ module StytchB2B
         request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
         request[:locale] = locale unless locale.nil?
 
-        post_request('/v1/b2b/discovery/intermediate_sessions/exchange', request)
+        post_request('/v1/b2b/discovery/intermediate_sessions/exchange', request, headers)
       end
     end
 
@@ -141,12 +143,15 @@ module StytchB2B
         @connection = connection
       end
 
-      # If an end user does not want to join any already-existing organization, or has no possible organizations to join, this endpoint can be used to create a new
+      # If an end user does not want to join any already-existing, or has no possible Organizations to join, this endpoint can be used to create a new
       # [Organization](https://stytch.com/docs/b2b/api/organization-object) and [Member](https://stytch.com/docs/b2b/api/member-object).
       #
       # This operation consumes the Intermediate Session.
       #
-      # This endpoint can also be used to start an initial session for the newly created member and organization.
+      # This endpoint will also create an initial Member Session for the newly created Member.
+      #
+      # The created by this endpoint will automatically be granted the `stytch_admin` Role. See the
+      # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for more details on this Role.
       #
       # If the new Organization is created with a `mfa_policy` of `REQUIRED_FOR_ALL`, the newly created Member will need to complete an MFA step to log in to the Organization.
       # The `intermediate_session_token` will not be consumed and instead will be returned in the response.
@@ -156,10 +161,7 @@ module StytchB2B
       #
       # == Parameters:
       # intermediate_session_token::
-      #   The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
-      #     The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
-      #     the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
-      #     or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
+      #   The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
       #   The type of this field is +String+.
       # organization_name::
       #   The name of the Organization. If the name is not specified, a default name will be created based on the email used to initiate the discovery flow. If the email domain is a common email provider such as gmail.com, or if the email is a .edu email, the organization name will be generated based on the name portion of the email. Otherwise, the organization name will be generated based on the email domain.
@@ -208,11 +210,11 @@ module StytchB2B
       #     Common domains such as `gmail.com` are not allowed. See the [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list.
       #   The type of this field is nilable list of +String+.
       # email_jit_provisioning::
-      #   The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link. The accepted values are:
+      #   The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are:
       #
-      #   `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link.
+      #   `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth.
       #
-      #   `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link.
+      #   `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth.
       #
       #   The type of this field is nilable +String+.
       # email_invites::
@@ -234,7 +236,6 @@ module StytchB2B
       #
       #   The type of this field is nilable +String+.
       # allowed_auth_methods::
-      #
       #   An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
       #   The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
       #
@@ -242,11 +243,41 @@ module StytchB2B
       # mfa_policy::
       #   The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
       #
-      #   `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in.
+      #   `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid.
       #
       #   `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true.
       #
       #   The type of this field is nilable +String+.
+      # rbac_email_implicit_role_assignments::
+      #   Implicit role assignments based off of email domains.
+      #   For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
+      #   associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
+      #   for more information about role assignment.
+      #   The type of this field is nilable list of +EmailImplicitRoleAssignment+ (+object+).
+      # mfa_methods::
+      #   The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are:
+      #
+      #   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
+      #
+      #   `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
+      #
+      #   The type of this field is nilable +String+.
+      # allowed_mfa_methods::
+      #   An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
+      #   The list's accepted values are: `sms_otp` and `totp`.
+      #
+      #   The type of this field is nilable list of +String+.
+      # oauth_tenant_jit_provisioning::
+      #   The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are:
+      #
+      #   `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant.
+      #
+      #   `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant.
+      #
+      #   The type of this field is nilable +String+.
+      # allowed_oauth_tenants::
+      #   A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot".
+      #   The type of this field is nilable +object+.
       #
       # == Returns:
       # An object with the following fields:
@@ -269,10 +300,7 @@ module StytchB2B
       #   Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
       #   The type of this field is +Boolean+.
       # intermediate_session_token::
-      #   The returned Intermediate Session Token is identical to the one that was originally passed in to the request.
-      #       The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization.
-      #       It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a different existing Organization,
-      #       or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization.
+      #   The returned Intermediate Session Token is identical to the one that was originally passed in to the request. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
       #   The type of this field is +String+.
       # status_code::
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
@@ -286,6 +314,9 @@ module StytchB2B
       # mfa_required::
       #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
       #   The type of this field is nilable +MfaRequired+ (+object+).
+      # primary_required::
+      #   Information about the primary authentication requirements of the Organization.
+      #   The type of this field is nilable +PrimaryRequired+ (+object+).
       def create(
         intermediate_session_token:,
         organization_name:,
@@ -300,8 +331,14 @@ module StytchB2B
         email_invites: nil,
         auth_methods: nil,
         allowed_auth_methods: nil,
-        mfa_policy: nil
+        mfa_policy: nil,
+        rbac_email_implicit_role_assignments: nil,
+        mfa_methods: nil,
+        allowed_mfa_methods: nil,
+        oauth_tenant_jit_provisioning: nil,
+        allowed_oauth_tenants: nil
       )
+        headers = {}
         request = {
           intermediate_session_token: intermediate_session_token,
           organization_name: organization_name,
@@ -318,8 +355,13 @@ module StytchB2B
         request[:auth_methods] = auth_methods unless auth_methods.nil?
         request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
         request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
+        request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
+        request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
+        request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
+        request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
+        request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
 
-        post_request('/v1/b2b/discovery/organizations/create', request)
+        post_request('/v1/b2b/discovery/organizations/create', request, headers)
       end
 
       # List all possible organization relationships connected to a [Member Session](https://stytch.com/docs/b2b/api/session-object) or Intermediate Session.
@@ -338,10 +380,7 @@ module StytchB2B
       #
       # == Parameters:
       # intermediate_session_token::
-      #   The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
-      #     The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
-      #     the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
-      #     or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
+      #   The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
       #   The type of this field is nilable +String+.
       # session_token::
       #   A secret token for a given Stytch Session.
@@ -383,12 +422,13 @@ module StytchB2B
         session_token: nil,
         session_jwt: nil
       )
+        headers = {}
         request = {}
         request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
         request[:session_token] = session_token unless session_token.nil?
         request[:session_jwt] = session_jwt unless session_jwt.nil?
 
-        post_request('/v1/b2b/discovery/organizations', request)
+        post_request('/v1/b2b/discovery/organizations', request, headers)
       end
     end
   end