stytch 6.6.0 → 7.0.1

data/lib/stytch/b2b_sso.rb

@@ -9,6 +9,44 @@
 require_relative 'request_helper'
 
 module StytchB2B
+  class GetConnectionsRequestOptions
+    # Optional authorization object.
+    # Pass in an active Stytch Member session token or session JWT and the request
+    # will be run using that member's permissions.
+    attr_accessor :authorization
+
+    def initialize(
+      authorization: nil
+    )
+      @authorization = authorization
+    end
+
+    def to_headers
+      headers = {}
+      headers.merge!(@authorization.to_headers) if authorization
+      headers
+    end
+  end
+
+  class DeleteConnectionRequestOptions
+    # Optional authorization object.
+    # Pass in an active Stytch Member session token or session JWT and the request
+    # will be run using that member's permissions.
+    attr_accessor :authorization
+
+    def initialize(
+      authorization: nil
+    )
+      @authorization = authorization
+    end
+
+    def to_headers
+      headers = {}
+      headers.merge!(@authorization.to_headers) if authorization
+      headers
+    end
+  end
+
   class SSO
     include Stytch::RequestHelper
     attr_reader :oidc, :saml
@@ -20,7 +58,7 @@ module StytchB2B
       @saml = StytchB2B::SSO::SAML.new(@connection)
     end
 
-    # Get all SSO Connections owned by the organization.
+    # Get all SSO Connections owned by the organization. /%}
     #
     # == Parameters:
     # organization_id::
@@ -41,15 +79,21 @@ module StytchB2B
     # status_code::
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
+    #
+    # == Method Options:
+    # This method supports an optional +GetConnectionsRequestOptions+ object which will modify the headers sent in the HTTP request.
     def get_connections(
-      organization_id:
+      organization_id:,
+      method_options: nil
     )
+      headers = {}
+      headers = headers.merge(method_options.to_headers) unless method_options.nil?
       query_params = {}
       request = request_with_query_params("/v1/b2b/sso/#{organization_id}", query_params)
-      get_request(request)
+      get_request(request, headers)
     end
 
-    # Delete an existing SSO connection.
+    # Delete an existing SSO connection. /%}
     #
     # == Parameters:
     # organization_id::
@@ -70,11 +114,17 @@ module StytchB2B
     # status_code::
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
+    #
+    # == Method Options:
+    # This method supports an optional +DeleteConnectionRequestOptions+ object which will modify the headers sent in the HTTP request.
     def delete_connection(
       organization_id:,
-      connection_id:
+      connection_id:,
+      method_options: nil
     )
-      delete_request("/v1/b2b/sso/#{organization_id}/connections/#{connection_id}")
+      headers = {}
+      headers = headers.merge(method_options.to_headers) unless method_options.nil?
+      delete_request("/v1/b2b/sso/#{organization_id}/connections/#{connection_id}", headers)
     end
 
     # Authenticate a user given a token.
@@ -184,6 +234,7 @@ module StytchB2B
       session_custom_claims: nil,
       locale: nil
     )
+      headers = {}
       request = {
         sso_token: sso_token
       }
@@ -194,7 +245,7 @@ module StytchB2B
       request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
       request[:locale] = locale unless locale.nil?
 
-      post_request('/v1/b2b/sso/authenticate', request)
+      post_request('/v1/b2b/sso/authenticate', request, headers)
     end
 
     class OIDC
@@ -204,7 +255,7 @@ module StytchB2B
         @connection = connection
       end
 
-      # Create a new OIDC Connection.
+      # Create a new OIDC Connection. /%}
       #
       # == Parameters:
       # organization_id::
@@ -225,14 +276,20 @@ module StytchB2B
       # connection::
       #   The `OIDC Connection` object affected by this API call. See the [OIDC Connection Object](https://stytch.com/docs/b2b/api/oidc-connection-object) for complete response field details.
       #   The type of this field is nilable +OIDCConnection+ (+object+).
+      #
+      # == Method Options:
+      # This method supports an optional +CreateConnectionRequestOptions+ object which will modify the headers sent in the HTTP request.
       def create_connection(
         organization_id:,
-        display_name: nil
+        display_name: nil,
+        method_options: nil
       )
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
         request = {}
         request[:display_name] = display_name unless display_name.nil?
 
-        post_request("/v1/b2b/sso/oidc/#{organization_id}", request)
+        post_request("/v1/b2b/sso/oidc/#{organization_id}", request, headers)
       end
 
       # Updates an existing OIDC connection.
@@ -253,6 +310,7 @@ module StytchB2B
       # * `token_url`
       # * `userinfo_url`
       # * `jwks_url`
+      #  /%}
       #
       # == Parameters:
       # organization_id::
@@ -300,6 +358,9 @@ module StytchB2B
       # warning::
       #   If it is not possible to resolve the well-known metadata document from the OIDC issuer, this field will explain what went wrong if the request is successful otherwise. In other words, even if the overall request succeeds, there could be relevant warnings related to the connection update.
       #   The type of this field is nilable +String+.
+      #
+      # == Method Options:
+      # This method supports an optional +UpdateConnectionRequestOptions+ object which will modify the headers sent in the HTTP request.
       def update_connection(
         organization_id:,
         connection_id:,
@@ -310,8 +371,11 @@ module StytchB2B
         authorization_url: nil,
         token_url: nil,
         userinfo_url: nil,
-        jwks_url: nil
+        jwks_url: nil,
+        method_options: nil
       )
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
         request = {}
         request[:display_name] = display_name unless display_name.nil?
         request[:client_id] = client_id unless client_id.nil?
@@ -322,7 +386,7 @@ module StytchB2B
         request[:userinfo_url] = userinfo_url unless userinfo_url.nil?
         request[:jwks_url] = jwks_url unless jwks_url.nil?
 
-        put_request("/v1/b2b/sso/oidc/#{organization_id}/connections/#{connection_id}", request)
+        put_request("/v1/b2b/sso/oidc/#{organization_id}/connections/#{connection_id}", request, headers)
       end
     end
 
@@ -333,7 +397,7 @@ module StytchB2B
         @connection = connection
       end
 
-      # Create a new SAML Connection.
+      # Create a new SAML Connection. /%}
       #
       # == Parameters:
       # organization_id::
@@ -354,14 +418,20 @@ module StytchB2B
       # connection::
       #   The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
       #   The type of this field is nilable +SAMLConnection+ (+object+).
+      #
+      # == Method Options:
+      # This method supports an optional +CreateConnectionRequestOptions+ object which will modify the headers sent in the HTTP request.
       def create_connection(
         organization_id:,
-        display_name: nil
+        display_name: nil,
+        method_options: nil
       )
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
         request = {}
         request[:display_name] = display_name unless display_name.nil?
 
-        post_request("/v1/b2b/sso/saml/#{organization_id}", request)
+        post_request("/v1/b2b/sso/saml/#{organization_id}", request, headers)
       end
 
       # Updates an existing SAML connection.
@@ -371,6 +441,7 @@ module StytchB2B
       # * `attribute_mapping`
       # * `idp_entity_id`
       # * `x509_certificate`
+      #  /%}
       #
       # == Parameters:
       # organization_id::
@@ -394,6 +465,17 @@ module StytchB2B
       # idp_sso_url::
       #   The URL for which assertions for login requests will be sent. This will be provided by the IdP.
       #   The type of this field is nilable +String+.
+      # saml_connection_implicit_role_assignments::
+      #   (Coming Soon) All Members who log in with this SAML connection will implicitly receive the specified Roles. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
+      #   The type of this field is nilable list of +String+.
+      # saml_group_implicit_role_assignments::
+      #   (Coming Soon) Defines the names of the SAML groups
+      #  that grant specific role assignments. For each group-Role pair, if a Member logs in with this SAML connection and
+      #  belongs to the specified SAML group, they will be granted the associated Role. See the
+      #  [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
+      #          Before adding any group implicit role assignments, you must add a "groups" key to your SAML connection's
+      #          `attribute_mapping`. Make sure that your IdP is configured to correctly send the group information.
+      #   The type of this field is nilable list of +String+.
       # alternative_audience_uri::
       #   An alternative URL to use for the Audience Restriction. This value can be used when you wish to migrate an existing SAML integration to Stytch with zero downtime.
       #   The type of this field is nilable +String+.
@@ -409,6 +491,9 @@ module StytchB2B
       # connection::
       #   The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
       #   The type of this field is nilable +SAMLConnection+ (+object+).
+      #
+      # == Method Options:
+      # This method supports an optional +UpdateConnectionRequestOptions+ object which will modify the headers sent in the HTTP request.
       def update_connection(
         organization_id:,
         connection_id:,
@@ -417,17 +502,24 @@ module StytchB2B
         attribute_mapping: nil,
         x509_certificate: nil,
         idp_sso_url: nil,
-        alternative_audience_uri: nil
+        saml_connection_implicit_role_assignments: nil,
+        saml_group_implicit_role_assignments: nil,
+        alternative_audience_uri: nil,
+        method_options: nil
       )
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
         request = {}
         request[:idp_entity_id] = idp_entity_id unless idp_entity_id.nil?
         request[:display_name] = display_name unless display_name.nil?
         request[:attribute_mapping] = attribute_mapping unless attribute_mapping.nil?
         request[:x509_certificate] = x509_certificate unless x509_certificate.nil?
         request[:idp_sso_url] = idp_sso_url unless idp_sso_url.nil?
+        request[:saml_connection_implicit_role_assignments] = saml_connection_implicit_role_assignments unless saml_connection_implicit_role_assignments.nil?
+        request[:saml_group_implicit_role_assignments] = saml_group_implicit_role_assignments unless saml_group_implicit_role_assignments.nil?
         request[:alternative_audience_uri] = alternative_audience_uri unless alternative_audience_uri.nil?
 
-        put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}", request)
+        put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}", request, headers)
       end
 
       # Used to update an existing SAML connection using an IDP metadata URL.
@@ -437,6 +529,7 @@ module StytchB2B
       # * `idp_entity_id`
       # * `x509_certificate`
       # * `attribute_mapping` (must be supplied using [Update SAML Connection](update-saml-connection))
+      #  /%}
       #
       # == Parameters:
       # organization_id::
@@ -460,21 +553,28 @@ module StytchB2B
       # connection::
       #   The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
       #   The type of this field is nilable +SAMLConnection+ (+object+).
+      #
+      # == Method Options:
+      # This method supports an optional +UpdateByURLRequestOptions+ object which will modify the headers sent in the HTTP request.
       def update_by_url(
         organization_id:,
         connection_id:,
-        metadata_url:
+        metadata_url:,
+        method_options: nil
       )
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
         request = {
           metadata_url: metadata_url
         }
 
-        put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}/url", request)
+        put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}/url", request, headers)
       end
 
       # Delete a SAML verification certificate.
       #
       # You may need to do this when rotating certificates from your IdP, since Stytch allows a maximum of 5 certificates per connection. There must always be at least one certificate per active connection.
+      #  /%}
       #
       # == Parameters:
       # organization_id::
@@ -498,12 +598,18 @@ module StytchB2B
       # status_code::
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
+      #
+      # == Method Options:
+      # This method supports an optional +DeleteVerificationCertificateRequestOptions+ object which will modify the headers sent in the HTTP request.
       def delete_verification_certificate(
         organization_id:,
         connection_id:,
-        certificate_id:
+        certificate_id:,
+        method_options: nil
       )
-        delete_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}/verification_certificates/#{certificate_id}")
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
+        delete_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}/verification_certificates/#{certificate_id}", headers)
       end
     end
   end

data/lib/stytch/client.rb

@@ -25,12 +25,12 @@ module Stytch
       create_connection(&block)
 
       @crypto_wallets = Stytch::CryptoWallets.new(@connection)
-      @m2m = Stytch::M2M.new(@connection, project_id)
+      @m2m = Stytch::M2M.new(@connection, @project_id)
       @magic_links = Stytch::MagicLinks.new(@connection)
       @oauth = Stytch::OAuth.new(@connection)
       @otps = Stytch::OTPs.new(@connection)
       @passwords = Stytch::Passwords.new(@connection)
-      @sessions = Stytch::Sessions.new(@connection, project_id)
+      @sessions = Stytch::Sessions.new(@connection, @project_id)
       @totps = Stytch::TOTPs.new(@connection)
       @users = Stytch::Users.new(@connection)
       @webauthn = Stytch::WebAuthn.new(@connection)

data/lib/stytch/crypto_wallets.rb

@@ -59,6 +59,7 @@ module Stytch
       session_token: nil,
       session_jwt: nil
     )
+      headers = {}
       request = {
         crypto_wallet_type: crypto_wallet_type,
         crypto_wallet_address: crypto_wallet_address
@@ -67,7 +68,7 @@ module Stytch
       request[:session_token] = session_token unless session_token.nil?
       request[:session_jwt] = session_jwt unless session_jwt.nil?
 
-      post_request('/v1/crypto_wallets/authenticate/start', request)
+      post_request('/v1/crypto_wallets/authenticate/start', request, headers)
     end
 
     # Complete the authentication of a crypto wallet by passing the signature.
@@ -140,6 +141,7 @@ module Stytch
       session_jwt: nil,
       session_custom_claims: nil
     )
+      headers = {}
       request = {
         crypto_wallet_type: crypto_wallet_type,
         crypto_wallet_address: crypto_wallet_address,
@@ -150,7 +152,7 @@ module Stytch
       request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
 
-      post_request('/v1/crypto_wallets/authenticate', request)
+      post_request('/v1/crypto_wallets/authenticate', request, headers)
     end
   end
 end

data/lib/stytch/errors.rb

@@ -35,4 +35,18 @@ module Stytch
       super(msg)
     end
   end
+
+  class TenancyError < StandardError
+    def initialize(subject_org_id, request_org_id)
+      msg = "Subject organization_id #{subject_org_id} does not match authZ request organization_id #{request_org_id}"
+      super(msg)
+    end
+  end
+
+  class PermissionError < StandardError
+    def initialize(request)
+      msg = "Permission denied for request #{request}"
+      super(msg)
+    end
+  end
 end

data/lib/stytch/m2m.rb

@@ -17,7 +17,6 @@ module Stytch
       @connection = connection
 
       @clients = Stytch::M2M::Clients.new(@connection)
-
       @project_id = project_id
       @cache_last_update = 0
       @jwks_loader = lambda do |options|
@@ -191,9 +190,10 @@ module Stytch
       def get(
         client_id:
       )
+        headers = {}
         query_params = {}
         request = request_with_query_params("/v1/m2m/clients/#{client_id}", query_params)
-        get_request(request)
+        get_request(request, headers)
       end
 
       # Search for M2M Clients within your Stytch Project. Submit an empty `query` in the request to return all M2M Clients.
@@ -233,12 +233,13 @@ module Stytch
         limit: nil,
         query: nil
       )
+        headers = {}
         request = {}
         request[:cursor] = cursor unless cursor.nil?
         request[:limit] = limit unless limit.nil?
         request[:query] = query unless query.nil?
 
-        post_request('/v1/m2m/clients/search', request)
+        post_request('/v1/m2m/clients/search', request, headers)
       end
 
       # Updates an existing M2M Client. You can use this endpoint to activate or deactivate a M2M Client by changing its `status`. A deactivated M2M Client will not be allowed to perform future token exchange flows until it is reactivated.
@@ -285,6 +286,7 @@ module Stytch
         scopes: nil,
         trusted_metadata: nil
       )
+        headers = {}
         request = {}
         request[:client_name] = client_name unless client_name.nil?
         request[:client_description] = client_description unless client_description.nil?
@@ -292,7 +294,7 @@ module Stytch
         request[:scopes] = scopes unless scopes.nil?
         request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
 
-        put_request("/v1/m2m/clients/#{client_id}", request)
+        put_request("/v1/m2m/clients/#{client_id}", request, headers)
       end
 
       # Deletes the M2M Client.
@@ -319,7 +321,8 @@ module Stytch
       def delete(
         client_id:
       )
-        delete_request("/v1/m2m/clients/#{client_id}")
+        headers = {}
+        delete_request("/v1/m2m/clients/#{client_id}", headers)
       end
 
       # Creates a new M2M Client. On initial client creation, you may pass in a custom `client_id` or `client_secret` to import an existing M2M client. If you do not pass in a custom `client_id` or `client_secret`, one will be generated automatically. The `client_id` must be unique among all clients in your project.
@@ -365,6 +368,7 @@ module Stytch
         client_description: nil,
         trusted_metadata: nil
       )
+        headers = {}
         request = {
           scopes: scopes
         }
@@ -374,7 +378,7 @@ module Stytch
         request[:client_description] = client_description unless client_description.nil?
         request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
 
-        post_request('/v1/m2m/clients', request)
+        post_request('/v1/m2m/clients', request, headers)
       end
 
       class Secrets
@@ -408,9 +412,10 @@ module Stytch
         def rotate_start(
           client_id:
         )
+          headers = {}
           request = {}
 
-          post_request("/v1/m2m/clients/#{client_id}/secrets/rotate/start", request)
+          post_request("/v1/m2m/clients/#{client_id}/secrets/rotate/start", request, headers)
         end
 
         # Cancel the rotation of an M2M client secret started with the [Start Secret Rotation Endpoint](https://stytch.com/docs/b2b/api/m2m-rotate-secret-start) [Start Secret Rotation Endpoint](https://stytch.com/docs/api/m2m-rotate-secret-start).
@@ -435,9 +440,10 @@ module Stytch
         def rotate_cancel(
           client_id:
         )
+          headers = {}
           request = {}
 
-          post_request("/v1/m2m/clients/#{client_id}/secrets/rotate/cancel", request)
+          post_request("/v1/m2m/clients/#{client_id}/secrets/rotate/cancel", request, headers)
         end
 
         # Complete the rotation of an M2M client secret started with the [Start Secret Rotation Endpoint](https://stytch.com/docs/b2b/api/m2m-rotate-secret-start) [Start Secret Rotation Endpoint](https://stytch.com/docs/api/m2m-rotate-secret-start).
@@ -462,9 +468,10 @@ module Stytch
         def rotate(
           client_id:
         )
+          headers = {}
           request = {}
 
-          post_request("/v1/m2m/clients/#{client_id}/secrets/rotate", request)
+          post_request("/v1/m2m/clients/#{client_id}/secrets/rotate", request, headers)
         end
       end
     end

data/lib/stytch/magic_links.rb

@@ -103,6 +103,7 @@ module Stytch
       session_custom_claims: nil,
       code_verifier: nil
     )
+      headers = {}
       request = {
         token: token
       }
@@ -114,7 +115,7 @@ module Stytch
       request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
       request[:code_verifier] = code_verifier unless code_verifier.nil?
 
-      post_request('/v1/magic_links/authenticate', request)
+      post_request('/v1/magic_links/authenticate', request, headers)
     end
 
     # Create an embeddable Magic Link token for a User. Access to this endpoint is restricted. To enable it, please send us a note at support@stytch.com.
@@ -152,13 +153,14 @@ module Stytch
       expiration_minutes: nil,
       attributes: nil
     )
+      headers = {}
       request = {
         user_id: user_id
       }
       request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil?
       request[:attributes] = attributes unless attributes.nil?
 
-      post_request('/v1/magic_links', request)
+      post_request('/v1/magic_links', request, headers)
     end
 
     class Email
@@ -251,6 +253,7 @@ module Stytch
         locale: nil,
         signup_template_id: nil
       )
+        headers = {}
         request = {
           email: email
         }
@@ -267,7 +270,7 @@ module Stytch
         request[:locale] = locale unless locale.nil?
         request[:signup_template_id] = signup_template_id unless signup_template_id.nil?
 
-        post_request('/v1/magic_links/email/send', request)
+        post_request('/v1/magic_links/email/send', request, headers)
       end
 
       # Send either a login or signup Magic Link to the User based on if the email is associated with a User already. A new or pending User will receive a signup Magic Link. An active User will receive a login Magic Link. For more information on how to control the status your Users are created in see the `create_user_as_pending` flag.
@@ -349,6 +352,7 @@ module Stytch
         code_challenge: nil,
         locale: nil
       )
+        headers = {}
         request = {
           email: email
         }
@@ -363,7 +367,7 @@ module Stytch
         request[:code_challenge] = code_challenge unless code_challenge.nil?
         request[:locale] = locale unless locale.nil?
 
-        post_request('/v1/magic_links/email/login_or_create', request)
+        post_request('/v1/magic_links/email/login_or_create', request, headers)
       end
 
       # Create a User and send an invite Magic Link to the provided `email`. The User will be created with a `pending` status until they click the Magic Link in the invite email.
@@ -422,6 +426,7 @@ module Stytch
         invite_expiration_minutes: nil,
         locale: nil
       )
+        headers = {}
         request = {
           email: email
         }
@@ -432,7 +437,7 @@ module Stytch
         request[:invite_expiration_minutes] = invite_expiration_minutes unless invite_expiration_minutes.nil?
         request[:locale] = locale unless locale.nil?
 
-        post_request('/v1/magic_links/email/invite', request)
+        post_request('/v1/magic_links/email/invite', request, headers)
       end
 
       # Revoke a pending invite based on the `email` provided.
@@ -453,11 +458,12 @@ module Stytch
       def revoke_invite(
         email:
       )
+        headers = {}
         request = {
           email: email
         }
 
-        post_request('/v1/magic_links/email/revoke_invite', request)
+        post_request('/v1/magic_links/email/revoke_invite', request, headers)
       end
     end
   end

data/lib/stytch/method_options.rb

@@ -0,0 +1,22 @@
+module Stytch
+  module MethodOptions
+    class Authorization
+      # A secret token for a given Stytch Session.
+      attr_accessor :session_token
+      # The JSON Web Token (JWT) for a given Stytch Session.
+      attr_accessor :session_jwt
+
+      def initialize(session_token: nil, session_jwt: nil)
+        @session_token = session_token
+        @session_jwt = session_jwt
+      end
+
+      def to_headers
+        headers = {}
+        headers['X-Stytch-Member-Session'] = session_token if session_token
+        headers['X-Stytch-Member-SessionJWT'] = session_jwt if session_jwt
+        headers
+      end
+    end
+  end
+end

data/lib/stytch/oauth.rb

@@ -53,6 +53,7 @@ module Stytch
       session_token: nil,
       session_jwt: nil
     )
+      headers = {}
       request = {
         provider: provider
       }
@@ -60,7 +61,7 @@ module Stytch
       request[:session_token] = session_token unless session_token.nil?
       request[:session_jwt] = session_jwt unless session_jwt.nil?
 
-      post_request('/v1/oauth/attach', request)
+      post_request('/v1/oauth/attach', request, headers)
     end
 
     # Authenticate a User given a `token`. This endpoint verifies that the user completed the OAuth flow by verifying that the token is valid and hasn't expired. To initiate a Stytch session for the user while authenticating their OAuth token, include `session_duration_minutes`; a session with the identity provider, e.g. Google or Facebook, will always be initiated upon successful authentication.
@@ -150,6 +151,7 @@ module Stytch
       session_custom_claims: nil,
       code_verifier: nil
     )
+      headers = {}
       request = {
         token: token
       }
@@ -159,7 +161,7 @@ module Stytch
       request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
       request[:code_verifier] = code_verifier unless code_verifier.nil?
 
-      post_request('/v1/oauth/authenticate', request)
+      post_request('/v1/oauth/authenticate', request, headers)
     end
   end
 end