stytch 7.0.0 → 7.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 71b6a2f2ae456fe72ab960116272b1d51430fe267a8d1f4d917ef97ccf6bcdc4
-  data.tar.gz: 03e9769f00c629efc6fbc062ad3bf6176d90d394d7b381110c7bcf10338497f9
+  metadata.gz: 11c676836879020ec0d87cbe9d7017ccfc777f27d4e73db695cd991a416589b6
+  data.tar.gz: e58761d69d0cb5f4c1a9f72d09bd1017a9dab222da4924570ebba7c26a4e1bb4
 SHA512:
-  metadata.gz: ee454ad14f2c2d64938bc9bb3d7cb05232b58bd935ad2095640f7a5ae04fbb6f4b562e516b81baa3dd864389e20de1a83f9c8cee2299f0ee6e395422d7111453
-  data.tar.gz: d92587695642d6e4890fb66d8ae0934c01b5aa07bb32d2db1506aadb2fbd570984a0d4ce06d5efb9d6b5382238293d872f399e4390ff60aae3a0605e75934a03
+  metadata.gz: e0d885c1e262b76649e01ffcbe64a6a31a78e183ff35d0128da9983e51dcc70e7bc7b7c9608983f8a516ac93a47cc9c51424c72aa73d7e1fc81218f83c31cfda
+  data.tar.gz: a88377ca19b824229fa2d0c3e2958c92f14e3926371f852ea39e12bbe3e10b5d3a70f859971196c48d425a0129ce5f0b79b527e96f1af09fc7f8c8edb124191f

data/lib/stytch/b2b_organizations.rb

@@ -490,11 +490,6 @@ module StytchB2B
       # member_id::
       #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
       #   The type of this field is +String+.
-      # preserve_existing_sessions::
-      #   (Coming Soon) Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
-      #   by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO
-      #   authentication factors with the affected SSO connection IDs will be revoked.
-      #   The type of this field is +Boolean+.
       # name::
       #   The name of the Member.
       #
@@ -541,8 +536,13 @@ module StytchB2B
       #    authentication factors with the affected connection ID. You can preserve these sessions by passing in the
       #    `preserve_existing_sessions` parameter with a value of `true`.
       #
-      # If this field is provided, the logged-in Member must have permission to perform the `update.settings.roles` action on the `stytch.member` Resource.
+      # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.roles` action on the `stytch.member` Resource.
       #   The type of this field is nilable list of +String+.
+      # preserve_existing_sessions::
+      #   (Coming Soon) Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
+      #   by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO
+      #   authentication factors with the affected SSO connection IDs will be revoked.
+      #   The type of this field is nilable +Boolean+.
       #
       # == Returns:
       # An object with the following fields:
@@ -567,7 +567,6 @@ module StytchB2B
       def update(
         organization_id:,
         member_id:,
-        preserve_existing_sessions:,
         name: nil,
         trusted_metadata: nil,
         untrusted_metadata: nil,
@@ -575,13 +574,12 @@ module StytchB2B
         mfa_phone_number: nil,
         mfa_enrolled: nil,
         roles: nil,
+        preserve_existing_sessions: nil,
         method_options: nil
       )
         headers = {}
         headers = headers.merge(method_options.to_headers) unless method_options.nil?
-        request = {
-          preserve_existing_sessions: preserve_existing_sessions
-        }
+        request = {}
         request[:name] = name unless name.nil?
         request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
         request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil?
@@ -589,6 +587,7 @@ module StytchB2B
         request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil?
         request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil?
         request[:roles] = roles unless roles.nil?
+        request[:preserve_existing_sessions] = preserve_existing_sessions unless preserve_existing_sessions.nil?
 
         put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", request, headers)
       end

data/lib/stytch/b2b_passwords.rb

@@ -102,11 +102,6 @@ module StytchB2B
     # organization_id::
     #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
     #   The type of this field is +String+.
-    # preserve_existing_sessions::
-    #   (Coming Soon) Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
-    #   by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO
-    #   authentication factors with the affected SSO connection IDs will be revoked.
-    #   The type of this field is +Boolean+.
     # md_5_config::
     #   Optional parameters for MD-5 hash types.
     #   The type of this field is nilable +MD5Config+ (+object+).
@@ -143,6 +138,11 @@ module StytchB2B
     #    authentication factors with the affected connection ID. You can preserve these sessions by passing in the
     #    `preserve_existing_sessions` parameter with a value of `true`.
     #   The type of this field is nilable list of +String+.
+    # preserve_existing_sessions::
+    #   (Coming Soon) Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
+    #   by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO
+    #   authentication factors with the affected SSO connection IDs will be revoked.
+    #   The type of this field is nilable +Boolean+.
     #
     # == Returns:
     # An object with the following fields:
@@ -169,7 +169,6 @@ module StytchB2B
       hash:,
       hash_type:,
       organization_id:,
-      preserve_existing_sessions:,
       md_5_config: nil,
       argon_2_config: nil,
       sha_1_config: nil,
@@ -178,15 +177,15 @@ module StytchB2B
       name: nil,
       trusted_metadata: nil,
       untrusted_metadata: nil,
-      roles: nil
+      roles: nil,
+      preserve_existing_sessions: nil
     )
       headers = {}
       request = {
         email_address: email_address,
         hash: hash,
         hash_type: hash_type,
-        organization_id: organization_id,
-        preserve_existing_sessions: preserve_existing_sessions
+        organization_id: organization_id
       }
       request[:md_5_config] = md_5_config unless md_5_config.nil?
       request[:argon_2_config] = argon_2_config unless argon_2_config.nil?
@@ -197,6 +196,7 @@ module StytchB2B
       request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
       request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil?
       request[:roles] = roles unless roles.nil?
+      request[:preserve_existing_sessions] = preserve_existing_sessions unless preserve_existing_sessions.nil?
 
       post_request('/v1/b2b/passwords/migrate', request, headers)
     end

data/lib/stytch/b2b_sessions.rb

@@ -380,7 +380,7 @@ module StytchB2B
         )
       end
 
-      decoded_jwt = authenticate_jwt_local(session_jwt: session_jwt, authorization_check: authorization_check)
+      decoded_jwt = authenticate_jwt_local(session_jwt, max_token_age_seconds: max_token_age_seconds, authorization_check: authorization_check)
       return decoded_jwt unless decoded_jwt.nil?
 
       authenticate(

data/lib/stytch/sessions.rb

@@ -215,7 +215,7 @@ module Stytch
         )
       end
 
-      session = authenticate_jwt_local(session_jwt)
+      session = authenticate_jwt_local(session_jwt, max_token_age_seconds: max_token_age_seconds)
       if !session.nil?
         { 'session' => session }
       else
@@ -237,6 +237,7 @@ module Stytch
     # Parse a JWT and verify the signature locally (without calling /authenticate in the API)
     # Uses the cached value to get the JWK but if it is unavailable, it calls the get_jwks()
     # function to get the JWK
+    # This method never authenticates a JWT directly with the API
     # If max_token_age_seconds is not supplied 300 seconds will be used as the default.
     def authenticate_jwt_local(session_jwt, max_token_age_seconds: nil)
       max_token_age_seconds = 300 if max_token_age_seconds.nil?
@@ -245,6 +246,7 @@ module Stytch
       begin
         decoded_token = JWT.decode session_jwt, nil, true,
                                    { jwks: @jwks_loader, iss: issuer, verify_iss: true, aud: @project_id, verify_aud: true, algorithms: ['RS256'] }
+
         session = decoded_token[0]
         iat_time = Time.at(session['iat']).to_datetime
         return nil unless iat_time + max_token_age_seconds >= Time.now
@@ -272,15 +274,17 @@ module Stytch
       reserved_claims = ['aud', 'exp', 'iat', 'iss', 'jti', 'nbf', 'sub', stytch_claim]
       custom_claims = jwt.reject { |key, _| reserved_claims.include?(key) }
       {
-        'session_id' => jwt[stytch_claim]['id'],
-        'user_id' => jwt['sub'],
-        'started_at' => jwt[stytch_claim]['started_at'],
-        'last_accessed_at' => jwt[stytch_claim]['last_accessed_at'],
-        # For JWTs that include it, prefer the inner expires_at claim.
-        'expires_at' => expires_at,
-        'attributes' => jwt[stytch_claim]['attributes'],
-        'authentication_factors' => jwt[stytch_claim]['authentication_factors'],
-        'custom_claims' => custom_claims
+        'session' => {
+          'session_id' => jwt[stytch_claim]['id'],
+          'user_id' => jwt['sub'],
+          'started_at' => jwt[stytch_claim]['started_at'],
+          'last_accessed_at' => jwt[stytch_claim]['last_accessed_at'],
+          # For JWTs that include it, prefer the inner expires_at claim.
+          'expires_at' => expires_at,
+          'attributes' => jwt[stytch_claim]['attributes'],
+          'authentication_factors' => jwt[stytch_claim]['authentication_factors'],
+          'custom_claims' => custom_claims
+        }
       }
     end
     # ENDMANUAL(Sessions::authenticate_jwt)

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '7.0.0'
+  VERSION = '7.0.2'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 7.0.0
+  version: 7.0.2
 platform: ruby
 authors:
 - stytch
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-12-13 00:00:00.000000000 Z
+date: 2023-12-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday