stytch 6.5.1 → 6.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b550936fb7076aad0eb10a1551f50440e8855c5042e6d1173a68d5eaf8df7b7d
-  data.tar.gz: afa5981979e47b49868ce2be6f701d3d94102365f2565e8f1c42889d548b8af5
+  metadata.gz: 54d73b52aa606a1039a55239a77a2ce3af67804599db720510823f91133d4bb0
+  data.tar.gz: c4c5e784f08c425acd2f2f5ec18e79f8278981bea4ea447172ae74b7f4ef18f2
 SHA512:
-  metadata.gz: 48fb733f974b3f66b0f11d62aa0215ddf162f8d3f715d63c750e3820c261fffb33a1a04668370b66b28f2fb5d7311bd0608d3b6cc421d48629b93bb287dba814
-  data.tar.gz: 6f05e0e6dad871dd162c45007c2e9cf8a303b721d8a81aa1f74dfbe785f317cf14cabdeedfce2abe2d42523773e260998a372644c4fa8da7f1e362b3f186815c
+  metadata.gz: 954e87e5310e35e16352b553d02a4a7d7a8c431a3fc68937c06236072a6f2287a66020339714998069184e5b2a9d0bd7e96c8236848fd06c5a7f66b3f468c9e7
+  data.tar.gz: 9902bd4bcc6154aff8a00e7fbc1ae9e2c8e3d4a4ce676b93f2fce49a033ffafdd4290bb3e60013e6a44d693bf900c802a4946f5c4c48d9a4b249de75be1b8c7f

data/lib/stytch/b2b_organizations.rb

@@ -27,10 +27,10 @@ module StytchB2B
     #
     # == Parameters:
     # organization_name::
-    #   The name of the Organization.
+    #   The name of the Organization. Must be between 1 and 128 characters in length.
     #   The type of this field is +String+.
     # organization_slug::
-    #   The unique URL slug of the Organization. A minimum of two characters is required. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`.
+    #   The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
     #   The type of this field is nilable +String+.
     # organization_logo_url::
     #   The image URL of the Organization logo.
@@ -162,7 +162,7 @@ module StytchB2B
       get_request(request)
     end
 
-    # Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members. test
+    # Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members.
     #
     # *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.
     #
@@ -171,10 +171,10 @@ module StytchB2B
     #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
     #   The type of this field is +String+.
     # organization_name::
-    #   The name of the Organization.
+    #   The name of the Organization. Must be between 1 and 128 characters in length.
     #   The type of this field is nilable +String+.
     # organization_slug::
-    #   The unique URL slug of the Organization. A minimum of two characters is required. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`.
+    #   The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
     #   The type of this field is nilable +String+.
     # organization_logo_url::
     #   The image URL of the Organization logo.
@@ -619,6 +619,38 @@ module StytchB2B
         delete_request("/v1/b2b/organizations/#{organization_id}/members/passwords/#{member_password_id}")
       end
 
+      # Get a Member by `member_id`. This endpoint does not require an `organization_id`, so you can use it to get members across organizations. This is a dangerous operation. Incorrect use may open you up to indirect object reference (IDOR) attacks. We recommend using the [Get Member](https://stytch.com/docs/b2b/api/get-member) API instead.
+      #
+      # == Parameters:
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member.
+      #   The type of this field is +String+.
+      # member::
+      #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+      #   The type of this field is +Member+ (+object+).
+      # organization::
+      #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+      #   The type of this field is +Organization+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      def dangerously_get(
+        member_id:
+      )
+        query_params = {}
+        request = request_with_query_params("/v1/b2b/organizations/members/dangerously_get/#{member_id}", query_params)
+        get_request(request)
+      end
+
       # Creates a Member. An `organization_id` and `email_address` are required.
       #
       # == Parameters:

data/lib/stytch/b2b_otp.rb

@@ -40,6 +40,8 @@ module StytchB2B
       # ### Cost to send SMS OTP
       # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview).
       #
+      # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
+      #
       # == Parameters:
       # organization_id::
       #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.

data/lib/stytch/b2b_sessions.rb

@@ -284,6 +284,14 @@ module StytchB2B
 
     # Get the JSON Web Key Set (JWKS) for a project.
     #
+    # JWKS are rotated every ~6 months. Upon rotation, new JWTs will be signed using the new key set, and both key sets will be returned by this endpoint for a period of 1 month.
+    #
+    # JWTs have a set lifetime of 5 minutes, so there will be a 5 minute period where some JWTs will be signed by the old JWKS, and some JWTs will be signed by the new JWKS. The correct JWKS to use for validation is determined by matching the `kid` value of the JWT and JWKS.
+    #
+    # If you're using one of our [backend SDKs](https://stytch.com/docs/b2b/sdks), the JWKS roll will be handled for you.
+    #
+    # If you're using your own JWT validation library, many have built-in support for JWKS rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWKS to use for validation by inspecting the `kid` value.
+    #
     # == Parameters:
     # project_id::
     #   The `project_id` to get the JWKS for.

data/lib/stytch/b2b_sso.rb

@@ -394,6 +394,9 @@ module StytchB2B
       # idp_sso_url::
       #   The URL for which assertions for login requests will be sent. This will be provided by the IdP.
       #   The type of this field is nilable +String+.
+      # alternative_audience_uri::
+      #   An alternative URL to use for the Audience Restriction. This value can be used when you wish to migrate an existing SAML integration to Stytch with zero downtime.
+      #   The type of this field is nilable +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -413,7 +416,8 @@ module StytchB2B
         display_name: nil,
         attribute_mapping: nil,
         x509_certificate: nil,
-        idp_sso_url: nil
+        idp_sso_url: nil,
+        alternative_audience_uri: nil
       )
         request = {}
         request[:idp_entity_id] = idp_entity_id unless idp_entity_id.nil?
@@ -421,10 +425,53 @@ module StytchB2B
         request[:attribute_mapping] = attribute_mapping unless attribute_mapping.nil?
         request[:x509_certificate] = x509_certificate unless x509_certificate.nil?
         request[:idp_sso_url] = idp_sso_url unless idp_sso_url.nil?
+        request[:alternative_audience_uri] = alternative_audience_uri unless alternative_audience_uri.nil?
 
         put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}", request)
       end
 
+      # Used to update an existing SAML connection using an IDP metadata URL.
+      #
+      # A newly created connection will not become active until all the following are provided:
+      # * `idp_sso_url`
+      # * `idp_entity_id`
+      # * `x509_certificate`
+      # * `attribute_mapping` (must be supplied using [Update SAML Connection](update-saml-connection))
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # connection_id::
+      #   Globally unique UUID that identifies a specific SSO `connection_id` for a Member.
+      #   The type of this field is +String+.
+      # metadata_url::
+      #   A URL that points to the IdP metadata. This will be provided by the IdP.
+      #   The type of this field is +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      # connection::
+      #   The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
+      #   The type of this field is nilable +SAMLConnection+ (+object+).
+      def update_by_url(
+        organization_id:,
+        connection_id:,
+        metadata_url:
+      )
+        request = {
+          metadata_url: metadata_url
+        }
+
+        put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}/url", request)
+      end
+
       # Delete a SAML verification certificate.
       #
       # You may need to do this when rotating certificates from your IdP, since Stytch allows a maximum of 5 certificates per connection. There must always be at least one certificate per active connection.

data/lib/stytch/otps.rb

@@ -129,6 +129,8 @@ module Stytch
       # ### Cost to send SMS OTP
       # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview).
       #
+      # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
+      #
       # ### Add a phone number to an existing user
       #
       # This endpoint also allows you to add a new phone number to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in your Send one-time passcode by SMS request will add the new, unverified phone number to the existing Stytch User. If the user successfully authenticates within 5 minutes, the new phone number will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that phone number will create a new User.
@@ -205,6 +207,9 @@ module Stytch
       #
       # ### Cost to send SMS OTP
       # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview).
+      #
+      # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
+      #
       # ### Next steps
       #
       # Collect the OTP which was delivered to the User. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`.

data/lib/stytch/sessions.rb

@@ -151,7 +151,15 @@ module Stytch
       post_request('/v1/sessions/revoke', request)
     end
 
-    # Get the JSON Web Key Set (JWKS) for a Stytch Project.
+    # Get the JSON Web Key Set (JWKS) for a project.
+    #
+    # JWKS are rotated every ~6 months. Upon rotation, new JWTs will be signed using the new key set, and both key sets will be returned by this endpoint for a period of 1 month.
+    #
+    # JWTs have a set lifetime of 5 minutes, so there will be a 5 minute period where some JWTs will be signed by the old JWKS, and some JWTs will be signed by the new JWKS. The correct JWKS to use for validation is determined by matching the `kid` value of the JWT and JWKS.
+    #
+    # If you're using one of our [backend SDKs](https://stytch.com/docs/sdks), the JWKS roll will be handled for you.
+    #
+    # If you're using your own JWT validation library, many have built-in support for JWKS rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWKS to use for validation by inspecting the `kid` value.
     #
     # == Parameters:
     # project_id::

data/lib/stytch/totps.rb

@@ -23,7 +23,7 @@ module Stytch
     #   The `user_id` of an active user the TOTP registration should be tied to.
     #   The type of this field is +String+.
     # expiration_minutes::
-    #   The expiration for the TOTP instance. If the newly created TOTP is not authenticated within this time frame the TOTP will be unusable. Defaults to 60 (1 hour) with a minimum of 5 and a maximum of 1440.
+    #   The expiration for the TOTP instance. If the newly created TOTP is not authenticated within this time frame the TOTP will be unusable. Defaults to 1440 (1 day) with a minimum of 5 and a maximum of 1440.
     #   The type of this field is nilable +Integer+.
     #
     # == Returns:

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '6.5.1'
+  VERSION = '6.6.0'
 end

data/lib/stytch/webauthn.rb

@@ -31,8 +31,11 @@ module Stytch
     #   The user agent of the User.
     #   The type of this field is nilable +String+.
     # authenticator_type::
-    #   The requested authenticator type of the WebAuthn device. The two valid value are platform and cross-platform. If no value passed, we assume both values are allowed.
+    #   The requested authenticator type of the WebAuthn device. The two valid values are platform and cross-platform. If no value passed, we assume both values are allowed.
     #   The type of this field is nilable +String+.
+    # return_passkey_credential_options::
+    #   If true, the `public_key_credential_creation_options` returned will be optimized for Passkeys. This includes making `residentKey` required, `userVerification` preferred, and ignoring the `authenticator_type` passed.
+    #   The type of this field is nilable +Boolean+.
     #
     # == Returns:
     # An object with the following fields:
@@ -52,7 +55,8 @@ module Stytch
       user_id:,
       domain:,
       user_agent: nil,
-      authenticator_type: nil
+      authenticator_type: nil,
+      return_passkey_credential_options: nil
     )
       request = {
         user_id: user_id,
@@ -60,6 +64,7 @@ module Stytch
       }
       request[:user_agent] = user_agent unless user_agent.nil?
       request[:authenticator_type] = authenticator_type unless authenticator_type.nil?
+      request[:return_passkey_credential_options] = return_passkey_credential_options unless return_passkey_credential_options.nil?
 
       post_request('/v1/webauthn/register/start', request)
     end
@@ -75,6 +80,28 @@ module Stytch
     # public_key_credential::
     #   The response of the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential).
     #   The type of this field is +String+.
+    # session_token::
+    #   The `session_token` associated with a User's existing Session.
+    #   The type of this field is nilable +String+.
+    # session_duration_minutes::
+    #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+    #   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+    #   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+    #
+    #   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+    #
+    #   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+    #
+    #   If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created.
+    #   The type of this field is nilable +Integer+.
+    # session_jwt::
+    #   The `session_jwt` associated with a User's existing Session.
+    #   The type of this field is nilable +String+.
+    # session_custom_claims::
+    #   Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value.
+    #
+    #   Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes.
+    #   The type of this field is nilable +object+.
     #
     # == Returns:
     # An object with the following fields:
@@ -87,17 +114,40 @@ module Stytch
     # webauthn_registration_id::
     #   The unique ID for the WebAuthn registration.
     #   The type of this field is +String+.
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is +String+.
+    # user::
+    #   (no documentation yet)
+    #   The type of this field is +User+ (+object+).
     # status_code::
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
+    # session::
+    #   If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response.
+    #
+    #   See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields.
+    #
+    #   The type of this field is nilable +Session+ (+object+).
     def register(
       user_id:,
-      public_key_credential:
+      public_key_credential:,
+      session_token: nil,
+      session_duration_minutes: nil,
+      session_jwt: nil,
+      session_custom_claims: nil
     )
       request = {
         user_id: user_id,
         public_key_credential: public_key_credential
       }
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
+      request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
 
       post_request('/v1/webauthn/register', request)
     end
@@ -107,12 +157,15 @@ module Stytch
     # If you are not using the [webauthn-json](https://github.com/github/webauthn-json) library, `the public_key_credential_request_options` will need to be converted to a suitable public key by unmarshalling the JSON and converting some the fields to array buffers.
     #
     # == Parameters:
-    # user_id::
-    #   The `user_id` of an active user the WebAuthn registration should be tied to.
-    #   The type of this field is +String+.
     # domain::
     #   The domain for WebAuthn. Defaults to `window.location.hostname`.
     #   The type of this field is +String+.
+    # user_id::
+    #   The `user_id` of an active user the WebAuthn registration should be tied to.
+    #   The type of this field is nilable +String+.
+    # return_passkey_credential_options::
+    #   If true, the `public_key_credential_creation_options` returned will be optimized for Passkeys. This includes making `userVerification` preferred.
+    #   The type of this field is nilable +Boolean+.
     #
     # == Returns:
     # An object with the following fields:
@@ -129,13 +182,15 @@ module Stytch
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
     def authenticate_start(
-      user_id:,
-      domain:
+      domain:,
+      user_id: nil,
+      return_passkey_credential_options: nil
     )
       request = {
-        user_id: user_id,
         domain: domain
       }
+      request[:user_id] = user_id unless user_id.nil?
+      request[:return_passkey_credential_options] = return_passkey_credential_options unless return_passkey_credential_options.nil?
 
       post_request('/v1/webauthn/authenticate/start', request)
     end
@@ -217,5 +272,37 @@ module Stytch
 
       post_request('/v1/webauthn/authenticate', request)
     end
+
+    # Updates a WebAuthn registration.
+    #
+    # == Parameters:
+    # webauthn_registration_id::
+    #   Globally unique UUID that identifies a WebAuthn registration in the Stytch API. The `webautn_registration_id` is used when you need to operate on a specific User's WebAuthn registartion.
+    #   The type of this field is +String+.
+    # name::
+    #   The `name` of the WebAuthn registration.
+    #   The type of this field is +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
+    # webauthn_registration::
+    #   A WebAuthn registration.
+    #   The type of this field is nilable +WebAuthnRegistration+ (+object+).
+    def update(
+      webauthn_registration_id:,
+      name:
+    )
+      request = {
+        name: name
+      }
+
+      put_request("/v1/webauthn/#{webauthn_registration_id}", request)
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 6.5.1
+  version: 6.6.0
 platform: ruby
 authors:
 - stytch
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-10-10 00:00:00.000000000 Z
+date: 2023-11-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday