stytch 6.6.0 → 7.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 54d73b52aa606a1039a55239a77a2ce3af67804599db720510823f91133d4bb0
4
- data.tar.gz: c4c5e784f08c425acd2f2f5ec18e79f8278981bea4ea447172ae74b7f4ef18f2
3
+ metadata.gz: b5b6f3a220db5b04687a900ac17b0e8f538fb5880a71c390c9ffcef876fd5425
4
+ data.tar.gz: ed5964bfc4b355a239cc8b5214ea6a2e7dd89a980fa923fd62cf9665176bf241
5
5
  SHA512:
6
- metadata.gz: 954e87e5310e35e16352b553d02a4a7d7a8c431a3fc68937c06236072a6f2287a66020339714998069184e5b2a9d0bd7e96c8236848fd06c5a7f66b3f468c9e7
7
- data.tar.gz: 9902bd4bcc6154aff8a00e7fbc1ae9e2c8e3d4a4ce676b93f2fce49a033ffafdd4290bb3e60013e6a44d693bf900c802a4946f5c4c48d9a4b249de75be1b8c7f
6
+ metadata.gz: ea9dca6572aaed91548265c03bf051237965cc57d7b82d4d0e3df4f4d1a5e9b1232501c983076057d2c38c168c0210f8051b8874e66155734d62772619c7b343
7
+ data.tar.gz: 201db2bb213b9c97614c3392beca947df83ed24c57a229e7dadc635a293d4fd6ebc9c424f5d6156a794e53fa9185d23f7447f9f9c11a9896e5567d0653edc758
data/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  The Stytch Ruby gem makes it easy to use the Stytch user infrastructure API in Ruby applications.
4
4
 
5
- It pairs well with the Stytch [Web SDK](https://www.npmjs.com/package/@stytch/stytch-js) or your own custom authentication flow.
5
+ It pairs well with the Stytch [Web SDK](https://www.npmjs.com/package/@stytch/vanilla-js) or your own custom authentication flow.
6
6
 
7
7
  ## Install
8
8
 
@@ -6,15 +6,17 @@ require_relative 'b2b_oauth'
6
6
  require_relative 'b2b_organizations'
7
7
  require_relative 'b2b_otp'
8
8
  require_relative 'b2b_passwords'
9
+ require_relative 'b2b_rbac'
9
10
  require_relative 'b2b_sessions'
10
11
  require_relative 'b2b_sso'
11
12
  require_relative 'm2m'
13
+ require_relative 'rbac_local'
12
14
 
13
15
  module StytchB2B
14
16
  class Client
15
17
  ENVIRONMENTS = %i[live test].freeze
16
18
 
17
- attr_reader :discovery, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :sso, :sessions
19
+ attr_reader :discovery, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :rbac, :sso, :sessions
18
20
 
19
21
  def initialize(project_id:, secret:, env: nil, &block)
20
22
  @api_host = api_host(env, project_id)
@@ -23,15 +25,19 @@ module StytchB2B
23
25
 
24
26
  create_connection(&block)
25
27
 
28
+ rbac = StytchB2B::RBAC.new(@connection)
29
+ @policy_cache = StytchB2B::PolicyCache.new(rbac_client: rbac)
30
+
26
31
  @discovery = StytchB2B::Discovery.new(@connection)
27
- @m2m = Stytch::M2M.new(@connection, project_id)
32
+ @m2m = Stytch::M2M.new(@connection, @project_id)
28
33
  @magic_links = StytchB2B::MagicLinks.new(@connection)
29
34
  @oauth = StytchB2B::OAuth.new(@connection)
30
35
  @otps = StytchB2B::OTPs.new(@connection)
31
36
  @organizations = StytchB2B::Organizations.new(@connection)
32
37
  @passwords = StytchB2B::Passwords.new(@connection)
38
+ @rbac = StytchB2B::RBAC.new(@connection)
33
39
  @sso = StytchB2B::SSO.new(@connection)
34
- @sessions = StytchB2B::Sessions.new(@connection, project_id)
40
+ @sessions = StytchB2B::Sessions.new(@connection, @project_id, @policy_cache)
35
41
  end
36
42
 
37
43
  private
@@ -122,6 +122,7 @@ module StytchB2B
122
122
  session_custom_claims: nil,
123
123
  locale: nil
124
124
  )
125
+ headers = {}
125
126
  request = {
126
127
  intermediate_session_token: intermediate_session_token,
127
128
  organization_id: organization_id
@@ -130,7 +131,7 @@ module StytchB2B
130
131
  request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
131
132
  request[:locale] = locale unless locale.nil?
132
133
 
133
- post_request('/v1/b2b/discovery/intermediate_sessions/exchange', request)
134
+ post_request('/v1/b2b/discovery/intermediate_sessions/exchange', request, headers)
134
135
  end
135
136
  end
136
137
 
@@ -141,12 +142,15 @@ module StytchB2B
141
142
  @connection = connection
142
143
  end
143
144
 
144
- # If an end user does not want to join any already-existing organization, or has no possible organizations to join, this endpoint can be used to create a new
145
+ # If an end user does not want to join any already-existing Organization, or has no possible Organizations to join, this endpoint can be used to create a new
145
146
  # [Organization](https://stytch.com/docs/b2b/api/organization-object) and [Member](https://stytch.com/docs/b2b/api/member-object).
146
147
  #
147
148
  # This operation consumes the Intermediate Session.
148
149
  #
149
- # This endpoint can also be used to start an initial session for the newly created member and organization.
150
+ # This endpoint will also create an initial Member Session for the newly created Member.
151
+ #
152
+ # The Member created by this endpoint will automatically be granted the `stytch_admin` Role. See the
153
+ # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for more details on this Role.
150
154
  #
151
155
  # If the new Organization is created with a `mfa_policy` of `REQUIRED_FOR_ALL`, the newly created Member will need to complete an MFA step to log in to the Organization.
152
156
  # The `intermediate_session_token` will not be consumed and instead will be returned in the response.
@@ -208,11 +212,11 @@ module StytchB2B
208
212
  # Common domains such as `gmail.com` are not allowed. See the [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list.
209
213
  # The type of this field is nilable list of +String+.
210
214
  # email_jit_provisioning::
211
- # The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link. The accepted values are:
215
+ # The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are:
212
216
  #
213
- # `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link.
217
+ # `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth.
214
218
  #
215
- # `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link.
219
+ # `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth.
216
220
  #
217
221
  # The type of this field is nilable +String+.
218
222
  # email_invites::
@@ -234,7 +238,6 @@ module StytchB2B
234
238
  #
235
239
  # The type of this field is nilable +String+.
236
240
  # allowed_auth_methods::
237
- #
238
241
  # An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
239
242
  # The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
240
243
  #
@@ -242,11 +245,17 @@ module StytchB2B
242
245
  # mfa_policy::
243
246
  # The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
244
247
  #
245
- # `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in.
248
+ # `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid.
246
249
  #
247
250
  # `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true.
248
251
  #
249
252
  # The type of this field is nilable +String+.
253
+ # rbac_email_implicit_role_assignments::
254
+ # (Coming Soon) Implicit role assignments based off of email domains.
255
+ # For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
256
+ # associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
257
+ # for more information about role assignment.
258
+ # The type of this field is nilable list of +EmailImplicitRoleAssignment+ (+object+).
250
259
  #
251
260
  # == Returns:
252
261
  # An object with the following fields:
@@ -300,8 +309,10 @@ module StytchB2B
300
309
  email_invites: nil,
301
310
  auth_methods: nil,
302
311
  allowed_auth_methods: nil,
303
- mfa_policy: nil
312
+ mfa_policy: nil,
313
+ rbac_email_implicit_role_assignments: nil
304
314
  )
315
+ headers = {}
305
316
  request = {
306
317
  intermediate_session_token: intermediate_session_token,
307
318
  organization_name: organization_name,
@@ -318,8 +329,9 @@ module StytchB2B
318
329
  request[:auth_methods] = auth_methods unless auth_methods.nil?
319
330
  request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
320
331
  request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
332
+ request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
321
333
 
322
- post_request('/v1/b2b/discovery/organizations/create', request)
334
+ post_request('/v1/b2b/discovery/organizations/create', request, headers)
323
335
  end
324
336
 
325
337
  # List all possible organization relationships connected to a [Member Session](https://stytch.com/docs/b2b/api/session-object) or Intermediate Session.
@@ -383,12 +395,13 @@ module StytchB2B
383
395
  session_token: nil,
384
396
  session_jwt: nil
385
397
  )
398
+ headers = {}
386
399
  request = {}
387
400
  request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
388
401
  request[:session_token] = session_token unless session_token.nil?
389
402
  request[:session_jwt] = session_jwt unless session_jwt.nil?
390
403
 
391
- post_request('/v1/b2b/discovery/organizations', request)
404
+ post_request('/v1/b2b/discovery/organizations', request, headers)
392
405
  end
393
406
  end
394
407
  end
@@ -133,6 +133,7 @@ module StytchB2B
133
133
  session_custom_claims: nil,
134
134
  locale: nil
135
135
  )
136
+ headers = {}
136
137
  request = {
137
138
  magic_links_token: magic_links_token
138
139
  }
@@ -143,7 +144,7 @@ module StytchB2B
143
144
  request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
144
145
  request[:locale] = locale unless locale.nil?
145
146
 
146
- post_request('/v1/b2b/magic_links/authenticate', request)
147
+ post_request('/v1/b2b/magic_links/authenticate', request, headers)
147
148
  end
148
149
 
149
150
  class Email
@@ -225,6 +226,7 @@ module StytchB2B
225
226
  signup_template_id: nil,
226
227
  locale: nil
227
228
  )
229
+ headers = {}
228
230
  request = {
229
231
  organization_id: organization_id,
230
232
  email_address: email_address
@@ -236,10 +238,10 @@ module StytchB2B
236
238
  request[:signup_template_id] = signup_template_id unless signup_template_id.nil?
237
239
  request[:locale] = locale unless locale.nil?
238
240
 
239
- post_request('/v1/b2b/magic_links/email/login_or_signup', request)
241
+ post_request('/v1/b2b/magic_links/email/login_or_signup', request, headers)
240
242
  end
241
243
 
242
- # Send an invite email to a new Member to join an Organization. The Member will be created with an `invited` status until they successfully authenticate. Sending invites to `pending` Members will update their status to `invited`. Sending invites to already `active` Members will return an error.
244
+ # Send an invite email to a new Member to join an Organization. The Member will be created with an `invited` status until they successfully authenticate. Sending invites to `pending` Members will update their status to `invited`. Sending invites to already `active` Members will return an error. /%}
243
245
  #
244
246
  # == Parameters:
245
247
  # organization_id::
@@ -279,6 +281,10 @@ module StytchB2B
279
281
  # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
280
282
  #
281
283
  # The type of this field is nilable +InviteRequestLocale+ (string enum).
284
+ # roles::
285
+ # (Coming Soon) Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
286
+ # for more information about role assignment.
287
+ # The type of this field is nilable list of +String+.
282
288
  #
283
289
  # == Returns:
284
290
  # An object with the following fields:
@@ -297,6 +303,9 @@ module StytchB2B
297
303
  # status_code::
298
304
  # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
299
305
  # The type of this field is +Integer+.
306
+ #
307
+ # == Method Options:
308
+ # This method supports an optional +InviteRequestOptions+ object which will modify the headers sent in the HTTP request.
300
309
  def invite(
301
310
  organization_id:,
302
311
  email_address:,
@@ -306,8 +315,12 @@ module StytchB2B
306
315
  trusted_metadata: nil,
307
316
  untrusted_metadata: nil,
308
317
  invite_template_id: nil,
309
- locale: nil
318
+ locale: nil,
319
+ roles: nil,
320
+ method_options: nil
310
321
  )
322
+ headers = {}
323
+ headers = headers.merge(method_options.to_headers) unless method_options.nil?
311
324
  request = {
312
325
  organization_id: organization_id,
313
326
  email_address: email_address
@@ -319,8 +332,9 @@ module StytchB2B
319
332
  request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil?
320
333
  request[:invite_template_id] = invite_template_id unless invite_template_id.nil?
321
334
  request[:locale] = locale unless locale.nil?
335
+ request[:roles] = roles unless roles.nil?
322
336
 
323
- post_request('/v1/b2b/magic_links/email/invite', request)
337
+ post_request('/v1/b2b/magic_links/email/invite', request, headers)
324
338
  end
325
339
 
326
340
  class Discovery
@@ -372,6 +386,7 @@ module StytchB2B
372
386
  login_template_id: nil,
373
387
  locale: nil
374
388
  )
389
+ headers = {}
375
390
  request = {
376
391
  email_address: email_address
377
392
  }
@@ -380,7 +395,7 @@ module StytchB2B
380
395
  request[:login_template_id] = login_template_id unless login_template_id.nil?
381
396
  request[:locale] = locale unless locale.nil?
382
397
 
383
- post_request('/v1/b2b/magic_links/email/discovery/send', request)
398
+ post_request('/v1/b2b/magic_links/email/discovery/send', request, headers)
384
399
  end
385
400
  end
386
401
  end
@@ -437,12 +452,13 @@ module StytchB2B
437
452
  discovery_magic_links_token:,
438
453
  pkce_code_verifier: nil
439
454
  )
455
+ headers = {}
440
456
  request = {
441
457
  discovery_magic_links_token: discovery_magic_links_token
442
458
  }
443
459
  request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil?
444
460
 
445
- post_request('/v1/b2b/magic_links/discovery/authenticate', request)
461
+ post_request('/v1/b2b/magic_links/discovery/authenticate', request, headers)
446
462
  end
447
463
  end
448
464
  end
@@ -28,6 +28,8 @@ module StytchB2B
28
28
  #
29
29
  # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.
30
30
  #
31
+ # We’re actively accepting requests for new OAuth providers! Please [email us](mailto:support@stytch.com) or [post in our community](https://stytch.com/docs/b2b/resources) if you are looking for an OAuth provider that is not currently supported.
32
+ #
31
33
  # == Parameters:
32
34
  # oauth_token::
33
35
  # The token to authenticate.
@@ -134,6 +136,7 @@ module StytchB2B
134
136
  pkce_code_verifier: nil,
135
137
  locale: nil
136
138
  )
139
+ headers = {}
137
140
  request = {
138
141
  oauth_token: oauth_token
139
142
  }
@@ -144,7 +147,7 @@ module StytchB2B
144
147
  request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil?
145
148
  request[:locale] = locale unless locale.nil?
146
149
 
147
- post_request('/v1/b2b/oauth/authenticate', request)
150
+ post_request('/v1/b2b/oauth/authenticate', request, headers)
148
151
  end
149
152
 
150
153
  class Discovery
@@ -204,6 +207,12 @@ module StytchB2B
204
207
  #
205
208
  # c) The Organization has at least one other Member with a verified email address with the same domain as the end user (to prevent phishing attacks).
206
209
  # The type of this field is list of +DiscoveredOrganization+ (+object+).
210
+ # provider_type::
211
+ # (no documentation yet)
212
+ # The type of this field is +String+.
213
+ # provider_tenant_id::
214
+ # (no documentation yet)
215
+ # The type of this field is +String+.
207
216
  # status_code::
208
217
  # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
209
218
  # The type of this field is +Integer+.
@@ -215,6 +224,7 @@ module StytchB2B
215
224
  session_custom_claims: nil,
216
225
  pkce_code_verifier: nil
217
226
  )
227
+ headers = {}
218
228
  request = {
219
229
  discovery_oauth_token: discovery_oauth_token
220
230
  }
@@ -224,7 +234,7 @@ module StytchB2B
224
234
  request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
225
235
  request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil?
226
236
 
227
- post_request('/v1/b2b/oauth/discovery/authenticate', request)
237
+ post_request('/v1/b2b/oauth/discovery/authenticate', request, headers)
228
238
  end
229
239
  end
230
240
  end