stytch 7.0.2 → 7.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 11c676836879020ec0d87cbe9d7017ccfc777f27d4e73db695cd991a416589b6
4
- data.tar.gz: e58761d69d0cb5f4c1a9f72d09bd1017a9dab222da4924570ebba7c26a4e1bb4
3
+ metadata.gz: a3ad4eaf85fcf66b3969d3568488126f9d0d5f77282e454a130aa875753e2046
4
+ data.tar.gz: 594aab0fe432b0f5620ec9c62e99d0e5b1f982dfe53d747ed4af36fc90f5fa58
5
5
  SHA512:
6
- metadata.gz: e0d885c1e262b76649e01ffcbe64a6a31a78e183ff35d0128da9983e51dcc70e7bc7b7c9608983f8a516ac93a47cc9c51424c72aa73d7e1fc81218f83c31cfda
7
- data.tar.gz: a88377ca19b824229fa2d0c3e2958c92f14e3926371f852ea39e12bbe3e10b5d3a70f859971196c48d425a0129ce5f0b79b527e96f1af09fc7f8c8edb124191f
6
+ metadata.gz: 34a877bef679e4b601b8debe1e74d60e84034491d398ced07f67d15282ddbe3e86ee740855890d2e3789cbdf1ed72f088933e94e33d4eb11ff89126ab2f40251
7
+ data.tar.gz: 3c328b93134b4438a2db4db7030d26eed6b5174ad08465ca1c07d1f5f9d282526ae015d95747a707495fefb8d2304de7de270f7a27fd3854316391c706cb63c7
data/.gitignore CHANGED
@@ -8,6 +8,8 @@
8
8
  /tmp/
9
9
  *.gem
10
10
  Gemfile.lock
11
+ .idea/
12
+ .envrc
11
13
 
12
14
  # rspec failure tracking
13
15
  .rspec_status
@@ -7,8 +7,10 @@ require_relative 'b2b_organizations'
7
7
  require_relative 'b2b_otp'
8
8
  require_relative 'b2b_passwords'
9
9
  require_relative 'b2b_rbac'
10
+ require_relative 'b2b_recovery_codes'
10
11
  require_relative 'b2b_sessions'
11
12
  require_relative 'b2b_sso'
13
+ require_relative 'b2b_totps'
12
14
  require_relative 'm2m'
13
15
  require_relative 'rbac_local'
14
16
 
@@ -16,7 +18,7 @@ module StytchB2B
16
18
  class Client
17
19
  ENVIRONMENTS = %i[live test].freeze
18
20
 
19
- attr_reader :discovery, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :rbac, :sso, :sessions
21
+ attr_reader :discovery, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :rbac, :recovery_codes, :sso, :sessions, :totps
20
22
 
21
23
  def initialize(project_id:, secret:, env: nil, &block)
22
24
  @api_host = api_host(env, project_id)
@@ -36,8 +38,10 @@ module StytchB2B
36
38
  @organizations = StytchB2B::Organizations.new(@connection)
37
39
  @passwords = StytchB2B::Passwords.new(@connection)
38
40
  @rbac = StytchB2B::RBAC.new(@connection)
41
+ @recovery_codes = StytchB2B::RecoveryCodes.new(@connection)
39
42
  @sso = StytchB2B::SSO.new(@connection)
40
43
  @sessions = StytchB2B::Sessions.new(@connection, @project_id, @policy_cache)
44
+ @totps = StytchB2B::TOTPs.new(@connection)
41
45
  end
42
46
 
43
47
  private
@@ -251,11 +251,24 @@ module StytchB2B
251
251
  #
252
252
  # The type of this field is nilable +String+.
253
253
  # rbac_email_implicit_role_assignments::
254
- # (Coming Soon) Implicit role assignments based off of email domains.
254
+ # Implicit role assignments based off of email domains.
255
255
  # For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
256
256
  # associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
257
257
  # for more information about role assignment.
258
258
  # The type of this field is nilable list of +EmailImplicitRoleAssignment+ (+object+).
259
+ # mfa_methods::
260
+ # The setting that controls which mfa methods can be used by Members of an Organization. The accepted values are:
261
+ #
262
+ # `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
263
+ #
264
+ # `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
265
+ #
266
+ # The type of this field is nilable +String+.
267
+ # allowed_mfa_methods::
268
+ # An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
269
+ # The list's accepted values are: `sms_otp` and `totp`.
270
+ #
271
+ # The type of this field is nilable list of +String+.
259
272
  #
260
273
  # == Returns:
261
274
  # An object with the following fields:
@@ -310,7 +323,9 @@ module StytchB2B
310
323
  auth_methods: nil,
311
324
  allowed_auth_methods: nil,
312
325
  mfa_policy: nil,
313
- rbac_email_implicit_role_assignments: nil
326
+ rbac_email_implicit_role_assignments: nil,
327
+ mfa_methods: nil,
328
+ allowed_mfa_methods: nil
314
329
  )
315
330
  headers = {}
316
331
  request = {
@@ -330,6 +345,8 @@ module StytchB2B
330
345
  request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
331
346
  request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
332
347
  request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
348
+ request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
349
+ request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
333
350
 
334
351
  post_request('/v1/b2b/discovery/organizations/create', request, headers)
335
352
  end
@@ -282,7 +282,7 @@ module StytchB2B
282
282
  #
283
283
  # The type of this field is nilable +InviteRequestLocale+ (string enum).
284
284
  # roles::
285
- # (Coming Soon) Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
285
+ # Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
286
286
  # for more information about role assignment.
287
287
  # The type of this field is nilable list of +String+.
288
288
  #
@@ -132,11 +132,24 @@ module StytchB2B
132
132
  #
133
133
  # The type of this field is nilable +String+.
134
134
  # rbac_email_implicit_role_assignments::
135
- # (Coming Soon) Implicit role assignments based off of email domains.
135
+ # Implicit role assignments based off of email domains.
136
136
  # For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
137
137
  # associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
138
138
  # for more information about role assignment.
139
139
  # The type of this field is nilable list of +EmailImplicitRoleAssignment+ (+object+).
140
+ # mfa_methods::
141
+ # The setting that controls which mfa methods can be used by Members of an Organization. The accepted values are:
142
+ #
143
+ # `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
144
+ #
145
+ # `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
146
+ #
147
+ # The type of this field is nilable +String+.
148
+ # allowed_mfa_methods::
149
+ # An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
150
+ # The list's accepted values are: `sms_otp` and `totp`.
151
+ #
152
+ # The type of this field is nilable list of +String+.
140
153
  #
141
154
  # == Returns:
142
155
  # An object with the following fields:
@@ -161,7 +174,9 @@ module StytchB2B
161
174
  auth_methods: nil,
162
175
  allowed_auth_methods: nil,
163
176
  mfa_policy: nil,
164
- rbac_email_implicit_role_assignments: nil
177
+ rbac_email_implicit_role_assignments: nil,
178
+ mfa_methods: nil,
179
+ allowed_mfa_methods: nil
165
180
  )
166
181
  headers = {}
167
182
  request = {
@@ -178,6 +193,8 @@ module StytchB2B
178
193
  request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
179
194
  request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
180
195
  request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
196
+ request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
197
+ request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
181
198
 
182
199
  post_request('/v1/b2b/organizations', request, headers)
183
200
  end
@@ -213,7 +230,7 @@ module StytchB2B
213
230
  #
214
231
  # *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.
215
232
  #
216
- # (Coming Soon) Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
233
+ # Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
217
234
  # a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
218
235
  # Member Session has the necessary permissions. The specific permissions needed depend on which of the optional fields
219
236
  # are passed in the request. For example, if the `organization_name` argument is provided, the Member Session must have
@@ -330,13 +347,30 @@ module StytchB2B
330
347
  # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.mfa-policy` action on the `stytch.organization` Resource.
331
348
  # The type of this field is nilable +String+.
332
349
  # rbac_email_implicit_role_assignments::
333
- # (Coming Soon) Implicit role assignments based off of email domains.
350
+ # Implicit role assignments based off of email domains.
334
351
  # For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
335
352
  # associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
336
353
  # for more information about role assignment.
337
354
  #
338
355
  # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.implicit-roles` action on the `stytch.organization` Resource.
339
356
  # The type of this field is nilable list of +String+.
357
+ # mfa_methods::
358
+ # The setting that controls which mfa methods can be used by Members of an Organization. The accepted values are:
359
+ #
360
+ # `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
361
+ #
362
+ # `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
363
+ #
364
+ #
365
+ # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
366
+ # The type of this field is nilable +String+.
367
+ # allowed_mfa_methods::
368
+ # An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
369
+ # The list's accepted values are: `sms_otp` and `totp`.
370
+ #
371
+ #
372
+ # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.
373
+ # The type of this field is nilable list of +String+.
340
374
  #
341
375
  # == Returns:
342
376
  # An object with the following fields:
@@ -368,6 +402,8 @@ module StytchB2B
368
402
  allowed_auth_methods: nil,
369
403
  mfa_policy: nil,
370
404
  rbac_email_implicit_role_assignments: nil,
405
+ mfa_methods: nil,
406
+ allowed_mfa_methods: nil,
371
407
  method_options: nil
372
408
  )
373
409
  headers = {}
@@ -387,6 +423,8 @@ module StytchB2B
387
423
  request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
388
424
  request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
389
425
  request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
426
+ request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
427
+ request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
390
428
 
391
429
  put_request("/v1/b2b/organizations/#{organization_id}", request, headers)
392
430
  end
@@ -471,7 +509,7 @@ module StytchB2B
471
509
 
472
510
  # Updates a Member specified by `organization_id` and `member_id`.
473
511
  #
474
- # (Coming Soon) Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
512
+ # Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
475
513
  # a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
476
514
  # Member Session has the necessary permissions. The specific permissions needed depend on which of the optional fields
477
515
  # are passed in the request. For example, if the `organization_name` argument is provided, the Member Session must have
@@ -527,7 +565,7 @@ module StytchB2B
527
565
  # Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.mfa-enrolled` action on the `stytch.self` Resource.
528
566
  # The type of this field is nilable +Boolean+.
529
567
  # roles::
530
- # (Coming Soon) Roles to explicitly assign to this Member.
568
+ # Roles to explicitly assign to this Member.
531
569
  # Will completely replace any existing explicitly assigned roles. See the
532
570
  # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
533
571
  #
@@ -539,10 +577,13 @@ module StytchB2B
539
577
  # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.roles` action on the `stytch.member` Resource.
540
578
  # The type of this field is nilable list of +String+.
541
579
  # preserve_existing_sessions::
542
- # (Coming Soon) Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
580
+ # Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
543
581
  # by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO
544
582
  # authentication factors with the affected SSO connection IDs will be revoked.
545
583
  # The type of this field is nilable +Boolean+.
584
+ # default_mfa_method::
585
+ # The Member's default MFA method. This value is used to determine which secondary MFA method to use in the case of multiple methods registered for a Member. The current possible values are `sms_otp` and `totp`.
586
+ # The type of this field is nilable +String+.
546
587
  #
547
588
  # == Returns:
548
589
  # An object with the following fields:
@@ -575,6 +616,7 @@ module StytchB2B
575
616
  mfa_enrolled: nil,
576
617
  roles: nil,
577
618
  preserve_existing_sessions: nil,
619
+ default_mfa_method: nil,
578
620
  method_options: nil
579
621
  )
580
622
  headers = {}
@@ -588,6 +630,7 @@ module StytchB2B
588
630
  request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil?
589
631
  request[:roles] = roles unless roles.nil?
590
632
  request[:preserve_existing_sessions] = preserve_existing_sessions unless preserve_existing_sessions.nil?
633
+ request[:default_mfa_method] = default_mfa_method unless default_mfa_method.nil?
591
634
 
592
635
  put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", request, headers)
593
636
  end
@@ -715,11 +758,21 @@ module StytchB2B
715
758
  delete_request("/v1/b2b/organizations/#{organization_id}/members/mfa_phone_numbers/#{member_id}", headers)
716
759
  end
717
760
 
761
+ def delete_totp(
762
+ organization_id:,
763
+ member_id:,
764
+ method_options: nil
765
+ )
766
+ headers = {}
767
+ headers = headers.merge(method_options.to_headers) unless method_options.nil?
768
+ delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/totp", headers)
769
+ end
770
+
718
771
  # Search for Members within specified Organizations. An array with at least one `organization_id` is required. Submitting an empty `query` returns all non-deleted Members within the specified Organizations.
719
772
  #
720
773
  # *All fuzzy search filters require a minimum of three characters.
721
774
  #
722
- # (Coming Soon) Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
775
+ # Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
723
776
  # a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
724
777
  # Member Session has permission to perform the `search` action on the `stytch.member` Resource. In addition, enforcing
725
778
  # RBAC on this endpoint means that you may only search for Members within the calling Member's Organization, so the
@@ -890,7 +943,7 @@ module StytchB2B
890
943
  # Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.
891
944
  # The type of this field is nilable +Boolean+.
892
945
  # roles::
893
- # (Coming Soon) Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
946
+ # Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
894
947
  # for more information about role assignment.
895
948
  # The type of this field is nilable list of +String+.
896
949
  #
@@ -37,9 +37,13 @@ module StytchB2B
37
37
  #
38
38
  # If a Member has a phone number and is enrolled in MFA, then after a successful primary authentication event (e.g. [email magic link](https://stytch.com/docs/b2b/api/authenticate-magic-link) or [SSO](https://stytch.com/docs/b2b/api/sso-authenticate) login is complete), an SMS OTP will automatically be sent to their phone number. In that case, this endpoint should only be used for subsequent authentication events, such as prompting a Member for an OTP again after a period of inactivity.
39
39
  #
40
+ # Passing an intermediate session token, session token, or session JWT is not required, but if passed must match the Member ID passed.
41
+ #
40
42
  # ### Cost to send SMS OTP
41
43
  # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview).
42
44
  #
45
+ # Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries).
46
+ #
43
47
  # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
44
48
  #
45
49
  # == Parameters:
@@ -60,6 +64,18 @@ module StytchB2B
60
64
  # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
61
65
  #
62
66
  # The type of this field is nilable +SendRequestLocale+ (string enum).
67
+ # intermediate_session_token::
68
+ # The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
69
+ # The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
70
+ # the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
71
+ # or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
72
+ # The type of this field is nilable +String+.
73
+ # session_token::
74
+ # A secret token for a given Stytch Session.
75
+ # The type of this field is nilable +String+.
76
+ # session_jwt::
77
+ # The JSON Web Token (JWT) for a given Stytch Session.
78
+ # The type of this field is nilable +String+.
63
79
  #
64
80
  # == Returns:
65
81
  # An object with the following fields:
@@ -82,7 +98,10 @@ module StytchB2B
82
98
  organization_id:,
83
99
  member_id:,
84
100
  mfa_phone_number: nil,
85
- locale: nil
101
+ locale: nil,
102
+ intermediate_session_token: nil,
103
+ session_token: nil,
104
+ session_jwt: nil
86
105
  )
87
106
  headers = {}
88
107
  request = {
@@ -91,6 +110,9 @@ module StytchB2B
91
110
  }
92
111
  request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil?
93
112
  request[:locale] = locale unless locale.nil?
113
+ request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
114
+ request[:session_token] = session_token unless session_token.nil?
115
+ request[:session_jwt] = session_jwt unless session_jwt.nil?
94
116
 
95
117
  post_request('/v1/b2b/otps/sms/send', request, headers)
96
118
  end
@@ -160,6 +182,9 @@ module StytchB2B
160
182
  # `unenroll` – sets the Member's `mfa_enrolled` boolean to `false`. The Member will no longer be required to complete MFA steps when logging in to the Organization.
161
183
  #
162
184
  # The type of this field is nilable +String+.
185
+ # set_default_mfa::
186
+ # (no documentation yet)
187
+ # The type of this field is nilable +Boolean+.
163
188
  #
164
189
  # == Returns:
165
190
  # An object with the following fields:
@@ -196,7 +221,8 @@ module StytchB2B
196
221
  session_jwt: nil,
197
222
  session_duration_minutes: nil,
198
223
  session_custom_claims: nil,
199
- set_mfa_enrollment: nil
224
+ set_mfa_enrollment: nil,
225
+ set_default_mfa: nil
200
226
  )
201
227
  headers = {}
202
228
  request = {
@@ -210,6 +236,7 @@ module StytchB2B
210
236
  request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
211
237
  request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
212
238
  request[:set_mfa_enrollment] = set_mfa_enrollment unless set_mfa_enrollment.nil?
239
+ request[:set_default_mfa] = set_default_mfa unless set_default_mfa.nil?
213
240
 
214
241
  post_request('/v1/b2b/otps/sms/authenticate', request, headers)
215
242
  end
@@ -129,7 +129,7 @@ module StytchB2B
129
129
  # for complete field behavior details.
130
130
  # The type of this field is nilable +object+.
131
131
  # roles::
132
- # (Coming Soon) Roles to explicitly assign to this Member.
132
+ # Roles to explicitly assign to this Member.
133
133
  # Will completely replace any existing explicitly assigned roles. See the
134
134
  # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
135
135
  #
@@ -139,7 +139,7 @@ module StytchB2B
139
139
  # `preserve_existing_sessions` parameter with a value of `true`.
140
140
  # The type of this field is nilable list of +String+.
141
141
  # preserve_existing_sessions::
142
- # (Coming Soon) Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
142
+ # Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
143
143
  # by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO
144
144
  # authentication factors with the affected SSO connection IDs will be revoked.
145
145
  # The type of this field is nilable +Boolean+.
@@ -383,6 +383,9 @@ module StytchB2B
383
383
  # member_email_id::
384
384
  # Globally unique UUID that identifies a member's email
385
385
  # The type of this field is +String+.
386
+ # member::
387
+ # The [Member object](https://stytch.com/docs/b2b/api/member-object)
388
+ # The type of this field is +Member+ (+object+).
386
389
  # status_code::
387
390
  # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
388
391
  # The type of this field is +Integer+.
@@ -23,7 +23,7 @@ module StytchB2B
23
23
  # Resources and Roles can be created and managed within the [Dashboard](/dashboard). Additionally, [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically managed through certain Stytch API endpoints.
24
24
  #
25
25
  #
26
- # Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model or [contact us](https://share.hsforms.com/1qkU__-1CT1--lnqRDxphXgd4bkb) to request early access.
26
+ # Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model.
27
27
  #
28
28
  # == Parameters:
29
29
  #
@@ -0,0 +1,199 @@
1
+ # frozen_string_literal: true
2
+
3
+ # !!!
4
+ # WARNING: This file is autogenerated
5
+ # Only modify code within MANUAL() sections
6
+ # or your changes may be overwritten later!
7
+ # !!!
8
+
9
+ require_relative 'request_helper'
10
+
11
+ module StytchB2B
12
+ class RecoveryCodes
13
+ include Stytch::RequestHelper
14
+
15
+ def initialize(connection)
16
+ @connection = connection
17
+ end
18
+
19
+ # Allows a Member to complete an MFA flow by consuming a recovery code. This consumes the recovery code and returns a session token that can be used to authenticate the Member.
20
+ #
21
+ # == Parameters:
22
+ # organization_id::
23
+ # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
24
+ # The type of this field is +String+.
25
+ # member_id::
26
+ # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
27
+ # The type of this field is +String+.
28
+ # recovery_code::
29
+ # The recovery code generated by a secondary MFA method. This code is used to authenticate in place of the secondary MFA method if that method as a backup.
30
+ # The type of this field is +String+.
31
+ # intermediate_session_token::
32
+ # The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
33
+ # The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
34
+ # the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
35
+ # or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
36
+ # The type of this field is nilable +String+.
37
+ # session_token::
38
+ # A secret token for a given Stytch Session.
39
+ # The type of this field is nilable +String+.
40
+ # session_jwt::
41
+ # The JSON Web Token (JWT) for a given Stytch Session.
42
+ # The type of this field is nilable +String+.
43
+ # session_duration_minutes::
44
+ # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
45
+ # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
46
+ # five minutes regardless of the underlying session duration, and will need to be refreshed over time.
47
+ #
48
+ # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
49
+ #
50
+ # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
51
+ #
52
+ # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
53
+ # to use the Stytch session product, you can ignore the session fields in the response.
54
+ # The type of this field is nilable +Integer+.
55
+ # session_custom_claims::
56
+ # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
57
+ # `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
58
+ # delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
59
+ # Total custom claims size cannot exceed four kilobytes.
60
+ # The type of this field is nilable +object+.
61
+ #
62
+ # == Returns:
63
+ # An object with the following fields:
64
+ # request_id::
65
+ # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
66
+ # The type of this field is +String+.
67
+ # member_id::
68
+ # Globally unique UUID that identifies a specific Member.
69
+ # The type of this field is +String+.
70
+ # member::
71
+ # The [Member object](https://stytch.com/docs/b2b/api/member-object)
72
+ # The type of this field is +Member+ (+object+).
73
+ # organization::
74
+ # The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
75
+ # The type of this field is +Organization+ (+object+).
76
+ # session_token::
77
+ # A secret token for a given Stytch Session.
78
+ # The type of this field is +String+.
79
+ # session_jwt::
80
+ # The JSON Web Token (JWT) for a given Stytch Session.
81
+ # The type of this field is +String+.
82
+ # recovery_codes_remaining::
83
+ # The number of recovery codes remaining for a Member.
84
+ # The type of this field is +Integer+.
85
+ # status_code::
86
+ # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
87
+ # The type of this field is +Integer+.
88
+ # member_session::
89
+ # The [Session object](https://stytch.com/docs/b2b/api/session-object).
90
+ # The type of this field is nilable +MemberSession+ (+object+).
91
+ def recover(
92
+ organization_id:,
93
+ member_id:,
94
+ recovery_code:,
95
+ intermediate_session_token: nil,
96
+ session_token: nil,
97
+ session_jwt: nil,
98
+ session_duration_minutes: nil,
99
+ session_custom_claims: nil
100
+ )
101
+ headers = {}
102
+ request = {
103
+ organization_id: organization_id,
104
+ member_id: member_id,
105
+ recovery_code: recovery_code
106
+ }
107
+ request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
108
+ request[:session_token] = session_token unless session_token.nil?
109
+ request[:session_jwt] = session_jwt unless session_jwt.nil?
110
+ request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
111
+ request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
112
+
113
+ post_request('/v1/b2b/recovery_codes/recover', request, headers)
114
+ end
115
+
116
+ # Returns a Member's full set of active recovery codes.
117
+ #
118
+ # == Parameters:
119
+ # organization_id::
120
+ # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
121
+ # The type of this field is +String+.
122
+ # member_id::
123
+ # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
124
+ # The type of this field is +String+.
125
+ #
126
+ # == Returns:
127
+ # An object with the following fields:
128
+ # request_id::
129
+ # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
130
+ # The type of this field is +String+.
131
+ # member_id::
132
+ # Globally unique UUID that identifies a specific Member.
133
+ # The type of this field is +String+.
134
+ # member::
135
+ # The [Member object](https://stytch.com/docs/b2b/api/member-object)
136
+ # The type of this field is +Member+ (+object+).
137
+ # organization::
138
+ # The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
139
+ # The type of this field is +Organization+ (+object+).
140
+ # recovery_codes::
141
+ # An array of recovery codes that can be used to recover a Member's account.
142
+ # The type of this field is list of +String+.
143
+ # status_code::
144
+ # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
145
+ # The type of this field is +Integer+.
146
+ def get(
147
+ organization_id:,
148
+ member_id:
149
+ )
150
+ headers = {}
151
+ query_params = {}
152
+ request = request_with_query_params("/v1/b2b/recovery_codes/#{organization_id}/#{member_id}", query_params)
153
+ get_request(request, headers)
154
+ end
155
+
156
+ # Rotate a Member's recovery codes. This invalidates all existing recovery codes and generates a new set of recovery codes.
157
+ #
158
+ # == Parameters:
159
+ # organization_id::
160
+ # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
161
+ # The type of this field is +String+.
162
+ # member_id::
163
+ # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
164
+ # The type of this field is +String+.
165
+ #
166
+ # == Returns:
167
+ # An object with the following fields:
168
+ # request_id::
169
+ # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
170
+ # The type of this field is +String+.
171
+ # member_id::
172
+ # Globally unique UUID that identifies a specific Member.
173
+ # The type of this field is +String+.
174
+ # member::
175
+ # The [Member object](https://stytch.com/docs/b2b/api/member-object)
176
+ # The type of this field is +Member+ (+object+).
177
+ # organization::
178
+ # The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
179
+ # The type of this field is +Organization+ (+object+).
180
+ # recovery_codes::
181
+ # An array of recovery codes that can be used to recover a Member's account.
182
+ # The type of this field is list of +String+.
183
+ # status_code::
184
+ # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
185
+ # The type of this field is +Integer+.
186
+ def rotate(
187
+ organization_id:,
188
+ member_id:
189
+ )
190
+ headers = {}
191
+ request = {
192
+ organization_id: organization_id,
193
+ member_id: member_id
194
+ }
195
+
196
+ post_request('/v1/b2b/recovery_codes/rotate', request, headers)
197
+ end
198
+ end
199
+ end
@@ -72,7 +72,7 @@ module StytchB2B
72
72
  #
73
73
  # You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid.
74
74
  #
75
- # If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://github.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
75
+ # If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
76
76
  # In addition, the `organization_id` passed in the authorization check must match the Member's Organization.
77
77
  #
78
78
  # If the Member is not authorized to perform the specified action on the specified Resource, or if the
@@ -105,10 +105,10 @@ module StytchB2B
105
105
  # Total custom claims size cannot exceed four kilobytes.
106
106
  # The type of this field is nilable +object+.
107
107
  # authorization_check::
108
- # (Coming Soon) If an `authorization_check` object is passed in, this endpoint will also check if the Member is
108
+ # If an `authorization_check` object is passed in, this endpoint will also check if the Member is
109
109
  # authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if
110
110
  # their Member Session contains a Role, assigned
111
- # [explicitly or implicitly](https://github.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
111
+ # [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
112
112
  # In addition, the `organization_id` passed in the authorization check must match the Member's Organization.
113
113
  #
114
114
  # The Roles on the Member Session may differ from the Roles you see on the Member object - Roles that are implicitly
@@ -144,7 +144,7 @@ module StytchB2B
144
144
  # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
145
145
  # The type of this field is +Integer+.
146
146
  # verdict::
147
- # (Coming Soon) If an `authorization_check` is provided in the request and the check succeeds, this field will return
147
+ # If an `authorization_check` is provided in the request and the check succeeds, this field will return
148
148
  # the complete list of Roles that gave the Member permission to perform the specified action on the specified Resource.
149
149
  # The type of this field is nilable +AuthorizationVerdict+ (+object+).
150
150
  def authenticate(
@@ -466,10 +466,10 @@ module StytchB2B
466
466
  # The URL for which assertions for login requests will be sent. This will be provided by the IdP.
467
467
  # The type of this field is nilable +String+.
468
468
  # saml_connection_implicit_role_assignments::
469
- # (Coming Soon) All Members who log in with this SAML connection will implicitly receive the specified Roles. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
469
+ # All Members who log in with this SAML connection will implicitly receive the specified Roles. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
470
470
  # The type of this field is nilable list of +String+.
471
471
  # saml_group_implicit_role_assignments::
472
- # (Coming Soon) Defines the names of the SAML groups
472
+ # Defines the names of the SAML groups
473
473
  # that grant specific role assignments. For each group-Role pair, if a Member logs in with this SAML connection and
474
474
  # belongs to the specified SAML group, they will be granted the associated Role. See the
475
475
  # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
@@ -0,0 +1,261 @@
1
+ # frozen_string_literal: true
2
+
3
+ # !!!
4
+ # WARNING: This file is autogenerated
5
+ # Only modify code within MANUAL() sections
6
+ # or your changes may be overwritten later!
7
+ # !!!
8
+
9
+ require_relative 'request_helper'
10
+
11
+ module StytchB2B
12
+ class TOTPs
13
+ include Stytch::RequestHelper
14
+
15
+ def initialize(connection)
16
+ @connection = connection
17
+ end
18
+
19
+ # Create a new TOTP instance for a Member. The Member can use the authenticator application of their choice to scan the QR code or enter the secret.
20
+ #
21
+ # Passing an intermediate session token, session token, or session JWT is not required, but if passed must match the Member ID passed.
22
+ #
23
+ # == Parameters:
24
+ # organization_id::
25
+ # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
26
+ # The type of this field is +String+.
27
+ # member_id::
28
+ # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
29
+ # The type of this field is +String+.
30
+ # expiration_minutes::
31
+ # The expiration for the TOTP registration. If the newly created TOTP registration is not authenticated within this time frame the member will have to restart the registration flow. Defaults to 60 (1 hour) with a minimum of 5 and a maximum of 1440.
32
+ # The type of this field is nilable +Integer+.
33
+ # intermediate_session_token::
34
+ # The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
35
+ # The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
36
+ # the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
37
+ # or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
38
+ # The type of this field is nilable +String+.
39
+ # session_token::
40
+ # A secret token for a given Stytch Session.
41
+ # The type of this field is nilable +String+.
42
+ # session_jwt::
43
+ # The JSON Web Token (JWT) for a given Stytch Session.
44
+ # The type of this field is nilable +String+.
45
+ #
46
+ # == Returns:
47
+ # An object with the following fields:
48
+ # request_id::
49
+ # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
50
+ # The type of this field is +String+.
51
+ # member_id::
52
+ # Globally unique UUID that identifies a specific Member.
53
+ # The type of this field is +String+.
54
+ # totp_registration_id::
55
+ # The unique ID for a TOTP instance.
56
+ # The type of this field is +String+.
57
+ # secret::
58
+ # The TOTP secret key shared between the authenticator app and the server used to generate TOTP codes.
59
+ # The type of this field is +String+.
60
+ # qr_code::
61
+ # The QR code image encoded in base64.
62
+ # The type of this field is +String+.
63
+ # recovery_codes::
64
+ # An array of recovery codes that can be used to recover a Member's account.
65
+ # The type of this field is list of +String+.
66
+ # member::
67
+ # The [Member object](https://stytch.com/docs/b2b/api/member-object)
68
+ # The type of this field is +Member+ (+object+).
69
+ # organization::
70
+ # The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
71
+ # The type of this field is +Organization+ (+object+).
72
+ # status_code::
73
+ # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
74
+ # The type of this field is +Integer+.
75
+ def create(
76
+ organization_id:,
77
+ member_id:,
78
+ expiration_minutes: nil,
79
+ intermediate_session_token: nil,
80
+ session_token: nil,
81
+ session_jwt: nil
82
+ )
83
+ headers = {}
84
+ request = {
85
+ organization_id: organization_id,
86
+ member_id: member_id
87
+ }
88
+ request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil?
89
+ request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
90
+ request[:session_token] = session_token unless session_token.nil?
91
+ request[:session_jwt] = session_jwt unless session_jwt.nil?
92
+
93
+ post_request('/v1/b2b/totp', request, headers)
94
+ end
95
+
96
+ # Authenticate a Member provided TOTP.
97
+ #
98
+ # == Parameters:
99
+ # organization_id::
100
+ # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
101
+ # The type of this field is +String+.
102
+ # member_id::
103
+ # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
104
+ # The type of this field is +String+.
105
+ # code::
106
+ # The code to authenticate.
107
+ # The type of this field is +String+.
108
+ # intermediate_session_token::
109
+ # The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
110
+ # The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
111
+ # the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
112
+ # or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
113
+ # The type of this field is nilable +String+.
114
+ # session_token::
115
+ # A secret token for a given Stytch Session.
116
+ # The type of this field is nilable +String+.
117
+ # session_jwt::
118
+ # The JSON Web Token (JWT) for a given Stytch Session.
119
+ # The type of this field is nilable +String+.
120
+ # session_duration_minutes::
121
+ # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
122
+ # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
123
+ # five minutes regardless of the underlying session duration, and will need to be refreshed over time.
124
+ #
125
+ # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
126
+ #
127
+ # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
128
+ #
129
+ # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
130
+ # to use the Stytch session product, you can ignore the session fields in the response.
131
+ # The type of this field is nilable +Integer+.
132
+ # session_custom_claims::
133
+ # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
134
+ # `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
135
+ # delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
136
+ # Total custom claims size cannot exceed four kilobytes.
137
+ # The type of this field is nilable +object+.
138
+ # set_mfa_enrollment::
139
+ # Optionally sets the Member’s MFA enrollment status upon a successful authentication. If the Organization’s MFA policy is `REQUIRED_FOR_ALL`, this field will be ignored. If this field is not passed in, the Member’s `mfa_enrolled` boolean will not be affected. The options are:
140
+ #
141
+ # `enroll` – sets the Member's `mfa_enrolled` boolean to `true`. The Member will be required to complete an MFA step upon subsequent logins to the Organization.
142
+ #
143
+ # `unenroll` – sets the Member's `mfa_enrolled` boolean to `false`. The Member will no longer be required to complete MFA steps when logging in to the Organization.
144
+ #
145
+ # The type of this field is nilable +String+.
146
+ # set_default_mfa::
147
+ # If passed will set the authenticated method to the default MFA method. Completing an MFA authentication flow for the first time for a Member will implicitly set the method to the default MFA method. This option can be used to update the default MFA method if multiple are being used.
148
+ # The type of this field is nilable +Boolean+.
149
+ #
150
+ # == Returns:
151
+ # An object with the following fields:
152
+ # request_id::
153
+ # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
154
+ # The type of this field is +String+.
155
+ # member_id::
156
+ # Globally unique UUID that identifies a specific Member.
157
+ # The type of this field is +String+.
158
+ # member::
159
+ # The [Member object](https://stytch.com/docs/b2b/api/member-object)
160
+ # The type of this field is +Member+ (+object+).
161
+ # organization::
162
+ # The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
163
+ # The type of this field is +Organization+ (+object+).
164
+ # session_token::
165
+ # A secret token for a given Stytch Session.
166
+ # The type of this field is +String+.
167
+ # session_jwt::
168
+ # The JSON Web Token (JWT) for a given Stytch Session.
169
+ # The type of this field is +String+.
170
+ # status_code::
171
+ # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
172
+ # The type of this field is +Integer+.
173
+ # member_session::
174
+ # The [Session object](https://stytch.com/docs/b2b/api/session-object).
175
+ # The type of this field is nilable +MemberSession+ (+object+).
176
+ def authenticate(
177
+ organization_id:,
178
+ member_id:,
179
+ code:,
180
+ intermediate_session_token: nil,
181
+ session_token: nil,
182
+ session_jwt: nil,
183
+ session_duration_minutes: nil,
184
+ session_custom_claims: nil,
185
+ set_mfa_enrollment: nil,
186
+ set_default_mfa: nil
187
+ )
188
+ headers = {}
189
+ request = {
190
+ organization_id: organization_id,
191
+ member_id: member_id,
192
+ code: code
193
+ }
194
+ request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
195
+ request[:session_token] = session_token unless session_token.nil?
196
+ request[:session_jwt] = session_jwt unless session_jwt.nil?
197
+ request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
198
+ request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
199
+ request[:set_mfa_enrollment] = set_mfa_enrollment unless set_mfa_enrollment.nil?
200
+ request[:set_default_mfa] = set_default_mfa unless set_default_mfa.nil?
201
+
202
+ post_request('/v1/b2b/totp/authenticate', request, headers)
203
+ end
204
+
205
+ # Migrate an existing TOTP instance for a Member. Recovery codes are not required and will be minted for the Member if not provided.
206
+ #
207
+ # == Parameters:
208
+ # organization_id::
209
+ # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
210
+ # The type of this field is +String+.
211
+ # member_id::
212
+ # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
213
+ # The type of this field is +String+.
214
+ # secret::
215
+ # The TOTP secret key shared between the authenticator app and the server used to generate TOTP codes.
216
+ # The type of this field is +String+.
217
+ # recovery_codes::
218
+ # An existing set of recovery codes to be imported into Stytch to be used to authenticate in place of the secondary MFA method.
219
+ # The type of this field is list of +String+.
220
+ #
221
+ # == Returns:
222
+ # An object with the following fields:
223
+ # request_id::
224
+ # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
225
+ # The type of this field is +String+.
226
+ # member_id::
227
+ # Globally unique UUID that identifies a specific Member.
228
+ # The type of this field is +String+.
229
+ # member::
230
+ # The [Member object](https://stytch.com/docs/b2b/api/member-object)
231
+ # The type of this field is +Member+ (+object+).
232
+ # organization::
233
+ # The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
234
+ # The type of this field is +Organization+ (+object+).
235
+ # totp_registration_id::
236
+ # The unique ID for a TOTP instance.
237
+ # The type of this field is +String+.
238
+ # recovery_codes::
239
+ # An array of recovery codes that can be used to recover a Member's account.
240
+ # The type of this field is list of +String+.
241
+ # status_code::
242
+ # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
243
+ # The type of this field is +Integer+.
244
+ def migrate(
245
+ organization_id:,
246
+ member_id:,
247
+ secret:,
248
+ recovery_codes:
249
+ )
250
+ headers = {}
251
+ request = {
252
+ organization_id: organization_id,
253
+ member_id: member_id,
254
+ secret: secret,
255
+ recovery_codes: recovery_codes
256
+ }
257
+
258
+ post_request('/v1/b2b/totp/migrate', request, headers)
259
+ end
260
+ end
261
+ end
data/lib/stytch/oauth.rb CHANGED
@@ -123,7 +123,7 @@ module Stytch
123
123
  # provider_values::
124
124
  # The `provider_values` object lists relevant identifiers, values, and scopes for a given OAuth provider. For example this object will include a provider's `access_token` that you can use to access the provider's API for a given user.
125
125
  #
126
- # Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only returned by OIDC complaint identity providers.
126
+ # Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only returned by OIDC compliant identity providers.
127
127
  # The type of this field is +ProviderValues+ (+object+).
128
128
  # user::
129
129
  # The `user` object affected by this API call. See the [Get user endpoint](https://stytch.com/docs/api/get-user) for complete response field details.
data/lib/stytch/otps.rb CHANGED
@@ -132,6 +132,8 @@ module Stytch
132
132
  #
133
133
  # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
134
134
  #
135
+ # Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries).
136
+ #
135
137
  # ### Add a phone number to an existing user
136
138
  #
137
139
  # This endpoint also allows you to add a new phone number to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in your Send one-time passcode by SMS request will add the new, unverified phone number to the existing Stytch User. If the user successfully authenticates within 5 minutes, the new phone number will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that phone number will create a new User.
@@ -212,6 +214,8 @@ module Stytch
212
214
  #
213
215
  # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
214
216
  #
217
+ # Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries).
218
+ #
215
219
  # ### Next steps
216
220
  #
217
221
  # Collect the OTP which was delivered to the User. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`.
@@ -216,15 +216,13 @@ module Stytch
216
216
  end
217
217
 
218
218
  session = authenticate_jwt_local(session_jwt, max_token_age_seconds: max_token_age_seconds)
219
- if !session.nil?
220
- { 'session' => session }
221
- else
222
- authenticate(
223
- session_jwt: session_jwt,
224
- session_duration_minutes: session_duration_minutes,
225
- session_custom_claims: session_custom_claims
226
- )
227
- end
219
+ return session unless session.nil?
220
+
221
+ authenticate(
222
+ session_jwt: session_jwt,
223
+ session_duration_minutes: session_duration_minutes,
224
+ session_custom_claims: session_custom_claims
225
+ )
228
226
  rescue StandardError
229
227
  # JWT could not be verified locally. Check with the Stytch API.
230
228
  authenticate(
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Stytch
4
- VERSION = '7.0.2'
4
+ VERSION = '7.1.0'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stytch
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.2
4
+ version: 7.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - stytch
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-12-15 00:00:00.000000000 Z
11
+ date: 2024-01-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -132,8 +132,10 @@ files:
132
132
  - lib/stytch/b2b_otp.rb
133
133
  - lib/stytch/b2b_passwords.rb
134
134
  - lib/stytch/b2b_rbac.rb
135
+ - lib/stytch/b2b_recovery_codes.rb
135
136
  - lib/stytch/b2b_sessions.rb
136
137
  - lib/stytch/b2b_sso.rb
138
+ - lib/stytch/b2b_totps.rb
137
139
  - lib/stytch/client.rb
138
140
  - lib/stytch/crypto_wallets.rb
139
141
  - lib/stytch/errors.rb