stytch 7.0.2 → 7.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +2 -0
- data/lib/stytch/b2b_client.rb +5 -1
- data/lib/stytch/b2b_discovery.rb +19 -2
- data/lib/stytch/b2b_magic_links.rb +1 -1
- data/lib/stytch/b2b_organizations.rb +62 -9
- data/lib/stytch/b2b_otp.rb +29 -2
- data/lib/stytch/b2b_passwords.rb +5 -2
- data/lib/stytch/b2b_rbac.rb +1 -1
- data/lib/stytch/b2b_recovery_codes.rb +199 -0
- data/lib/stytch/b2b_sessions.rb +4 -4
- data/lib/stytch/b2b_sso.rb +2 -2
- data/lib/stytch/b2b_totps.rb +261 -0
- data/lib/stytch/oauth.rb +1 -1
- data/lib/stytch/otps.rb +4 -0
- data/lib/stytch/sessions.rb +7 -9
- data/lib/stytch/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a3ad4eaf85fcf66b3969d3568488126f9d0d5f77282e454a130aa875753e2046
|
4
|
+
data.tar.gz: 594aab0fe432b0f5620ec9c62e99d0e5b1f982dfe53d747ed4af36fc90f5fa58
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 34a877bef679e4b601b8debe1e74d60e84034491d398ced07f67d15282ddbe3e86ee740855890d2e3789cbdf1ed72f088933e94e33d4eb11ff89126ab2f40251
|
7
|
+
data.tar.gz: 3c328b93134b4438a2db4db7030d26eed6b5174ad08465ca1c07d1f5f9d282526ae015d95747a707495fefb8d2304de7de270f7a27fd3854316391c706cb63c7
|
data/.gitignore
CHANGED
data/lib/stytch/b2b_client.rb
CHANGED
@@ -7,8 +7,10 @@ require_relative 'b2b_organizations'
|
|
7
7
|
require_relative 'b2b_otp'
|
8
8
|
require_relative 'b2b_passwords'
|
9
9
|
require_relative 'b2b_rbac'
|
10
|
+
require_relative 'b2b_recovery_codes'
|
10
11
|
require_relative 'b2b_sessions'
|
11
12
|
require_relative 'b2b_sso'
|
13
|
+
require_relative 'b2b_totps'
|
12
14
|
require_relative 'm2m'
|
13
15
|
require_relative 'rbac_local'
|
14
16
|
|
@@ -16,7 +18,7 @@ module StytchB2B
|
|
16
18
|
class Client
|
17
19
|
ENVIRONMENTS = %i[live test].freeze
|
18
20
|
|
19
|
-
attr_reader :discovery, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :rbac, :sso, :sessions
|
21
|
+
attr_reader :discovery, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :rbac, :recovery_codes, :sso, :sessions, :totps
|
20
22
|
|
21
23
|
def initialize(project_id:, secret:, env: nil, &block)
|
22
24
|
@api_host = api_host(env, project_id)
|
@@ -36,8 +38,10 @@ module StytchB2B
|
|
36
38
|
@organizations = StytchB2B::Organizations.new(@connection)
|
37
39
|
@passwords = StytchB2B::Passwords.new(@connection)
|
38
40
|
@rbac = StytchB2B::RBAC.new(@connection)
|
41
|
+
@recovery_codes = StytchB2B::RecoveryCodes.new(@connection)
|
39
42
|
@sso = StytchB2B::SSO.new(@connection)
|
40
43
|
@sessions = StytchB2B::Sessions.new(@connection, @project_id, @policy_cache)
|
44
|
+
@totps = StytchB2B::TOTPs.new(@connection)
|
41
45
|
end
|
42
46
|
|
43
47
|
private
|
data/lib/stytch/b2b_discovery.rb
CHANGED
@@ -251,11 +251,24 @@ module StytchB2B
|
|
251
251
|
#
|
252
252
|
# The type of this field is nilable +String+.
|
253
253
|
# rbac_email_implicit_role_assignments::
|
254
|
-
#
|
254
|
+
# Implicit role assignments based off of email domains.
|
255
255
|
# For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
|
256
256
|
# associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
|
257
257
|
# for more information about role assignment.
|
258
258
|
# The type of this field is nilable list of +EmailImplicitRoleAssignment+ (+object+).
|
259
|
+
# mfa_methods::
|
260
|
+
# The setting that controls which mfa methods can be used by Members of an Organization. The accepted values are:
|
261
|
+
#
|
262
|
+
# `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
|
263
|
+
#
|
264
|
+
# `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
|
265
|
+
#
|
266
|
+
# The type of this field is nilable +String+.
|
267
|
+
# allowed_mfa_methods::
|
268
|
+
# An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
|
269
|
+
# The list's accepted values are: `sms_otp` and `totp`.
|
270
|
+
#
|
271
|
+
# The type of this field is nilable list of +String+.
|
259
272
|
#
|
260
273
|
# == Returns:
|
261
274
|
# An object with the following fields:
|
@@ -310,7 +323,9 @@ module StytchB2B
|
|
310
323
|
auth_methods: nil,
|
311
324
|
allowed_auth_methods: nil,
|
312
325
|
mfa_policy: nil,
|
313
|
-
rbac_email_implicit_role_assignments: nil
|
326
|
+
rbac_email_implicit_role_assignments: nil,
|
327
|
+
mfa_methods: nil,
|
328
|
+
allowed_mfa_methods: nil
|
314
329
|
)
|
315
330
|
headers = {}
|
316
331
|
request = {
|
@@ -330,6 +345,8 @@ module StytchB2B
|
|
330
345
|
request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
|
331
346
|
request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
|
332
347
|
request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
|
348
|
+
request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
|
349
|
+
request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
|
333
350
|
|
334
351
|
post_request('/v1/b2b/discovery/organizations/create', request, headers)
|
335
352
|
end
|
@@ -282,7 +282,7 @@ module StytchB2B
|
|
282
282
|
#
|
283
283
|
# The type of this field is nilable +InviteRequestLocale+ (string enum).
|
284
284
|
# roles::
|
285
|
-
#
|
285
|
+
# Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
|
286
286
|
# for more information about role assignment.
|
287
287
|
# The type of this field is nilable list of +String+.
|
288
288
|
#
|
@@ -132,11 +132,24 @@ module StytchB2B
|
|
132
132
|
#
|
133
133
|
# The type of this field is nilable +String+.
|
134
134
|
# rbac_email_implicit_role_assignments::
|
135
|
-
#
|
135
|
+
# Implicit role assignments based off of email domains.
|
136
136
|
# For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
|
137
137
|
# associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
|
138
138
|
# for more information about role assignment.
|
139
139
|
# The type of this field is nilable list of +EmailImplicitRoleAssignment+ (+object+).
|
140
|
+
# mfa_methods::
|
141
|
+
# The setting that controls which mfa methods can be used by Members of an Organization. The accepted values are:
|
142
|
+
#
|
143
|
+
# `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
|
144
|
+
#
|
145
|
+
# `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
|
146
|
+
#
|
147
|
+
# The type of this field is nilable +String+.
|
148
|
+
# allowed_mfa_methods::
|
149
|
+
# An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
|
150
|
+
# The list's accepted values are: `sms_otp` and `totp`.
|
151
|
+
#
|
152
|
+
# The type of this field is nilable list of +String+.
|
140
153
|
#
|
141
154
|
# == Returns:
|
142
155
|
# An object with the following fields:
|
@@ -161,7 +174,9 @@ module StytchB2B
|
|
161
174
|
auth_methods: nil,
|
162
175
|
allowed_auth_methods: nil,
|
163
176
|
mfa_policy: nil,
|
164
|
-
rbac_email_implicit_role_assignments: nil
|
177
|
+
rbac_email_implicit_role_assignments: nil,
|
178
|
+
mfa_methods: nil,
|
179
|
+
allowed_mfa_methods: nil
|
165
180
|
)
|
166
181
|
headers = {}
|
167
182
|
request = {
|
@@ -178,6 +193,8 @@ module StytchB2B
|
|
178
193
|
request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
|
179
194
|
request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
|
180
195
|
request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
|
196
|
+
request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
|
197
|
+
request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
|
181
198
|
|
182
199
|
post_request('/v1/b2b/organizations', request, headers)
|
183
200
|
end
|
@@ -213,7 +230,7 @@ module StytchB2B
|
|
213
230
|
#
|
214
231
|
# *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.
|
215
232
|
#
|
216
|
-
#
|
233
|
+
# Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
|
217
234
|
# a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
|
218
235
|
# Member Session has the necessary permissions. The specific permissions needed depend on which of the optional fields
|
219
236
|
# are passed in the request. For example, if the `organization_name` argument is provided, the Member Session must have
|
@@ -330,13 +347,30 @@ module StytchB2B
|
|
330
347
|
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.mfa-policy` action on the `stytch.organization` Resource.
|
331
348
|
# The type of this field is nilable +String+.
|
332
349
|
# rbac_email_implicit_role_assignments::
|
333
|
-
#
|
350
|
+
# Implicit role assignments based off of email domains.
|
334
351
|
# For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
|
335
352
|
# associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
|
336
353
|
# for more information about role assignment.
|
337
354
|
#
|
338
355
|
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.implicit-roles` action on the `stytch.organization` Resource.
|
339
356
|
# The type of this field is nilable list of +String+.
|
357
|
+
# mfa_methods::
|
358
|
+
# The setting that controls which mfa methods can be used by Members of an Organization. The accepted values are:
|
359
|
+
#
|
360
|
+
# `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
|
361
|
+
#
|
362
|
+
# `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
|
363
|
+
#
|
364
|
+
#
|
365
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
|
366
|
+
# The type of this field is nilable +String+.
|
367
|
+
# allowed_mfa_methods::
|
368
|
+
# An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
|
369
|
+
# The list's accepted values are: `sms_otp` and `totp`.
|
370
|
+
#
|
371
|
+
#
|
372
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.
|
373
|
+
# The type of this field is nilable list of +String+.
|
340
374
|
#
|
341
375
|
# == Returns:
|
342
376
|
# An object with the following fields:
|
@@ -368,6 +402,8 @@ module StytchB2B
|
|
368
402
|
allowed_auth_methods: nil,
|
369
403
|
mfa_policy: nil,
|
370
404
|
rbac_email_implicit_role_assignments: nil,
|
405
|
+
mfa_methods: nil,
|
406
|
+
allowed_mfa_methods: nil,
|
371
407
|
method_options: nil
|
372
408
|
)
|
373
409
|
headers = {}
|
@@ -387,6 +423,8 @@ module StytchB2B
|
|
387
423
|
request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
|
388
424
|
request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
|
389
425
|
request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
|
426
|
+
request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
|
427
|
+
request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
|
390
428
|
|
391
429
|
put_request("/v1/b2b/organizations/#{organization_id}", request, headers)
|
392
430
|
end
|
@@ -471,7 +509,7 @@ module StytchB2B
|
|
471
509
|
|
472
510
|
# Updates a Member specified by `organization_id` and `member_id`.
|
473
511
|
#
|
474
|
-
#
|
512
|
+
# Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
|
475
513
|
# a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
|
476
514
|
# Member Session has the necessary permissions. The specific permissions needed depend on which of the optional fields
|
477
515
|
# are passed in the request. For example, if the `organization_name` argument is provided, the Member Session must have
|
@@ -527,7 +565,7 @@ module StytchB2B
|
|
527
565
|
# Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.mfa-enrolled` action on the `stytch.self` Resource.
|
528
566
|
# The type of this field is nilable +Boolean+.
|
529
567
|
# roles::
|
530
|
-
#
|
568
|
+
# Roles to explicitly assign to this Member.
|
531
569
|
# Will completely replace any existing explicitly assigned roles. See the
|
532
570
|
# [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
|
533
571
|
#
|
@@ -539,10 +577,13 @@ module StytchB2B
|
|
539
577
|
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.roles` action on the `stytch.member` Resource.
|
540
578
|
# The type of this field is nilable list of +String+.
|
541
579
|
# preserve_existing_sessions::
|
542
|
-
#
|
580
|
+
# Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
|
543
581
|
# by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO
|
544
582
|
# authentication factors with the affected SSO connection IDs will be revoked.
|
545
583
|
# The type of this field is nilable +Boolean+.
|
584
|
+
# default_mfa_method::
|
585
|
+
# The Member's default MFA method. This value is used to determine which secondary MFA method to use in the case of multiple methods registered for a Member. The current possible values are `sms_otp` and `totp`.
|
586
|
+
# The type of this field is nilable +String+.
|
546
587
|
#
|
547
588
|
# == Returns:
|
548
589
|
# An object with the following fields:
|
@@ -575,6 +616,7 @@ module StytchB2B
|
|
575
616
|
mfa_enrolled: nil,
|
576
617
|
roles: nil,
|
577
618
|
preserve_existing_sessions: nil,
|
619
|
+
default_mfa_method: nil,
|
578
620
|
method_options: nil
|
579
621
|
)
|
580
622
|
headers = {}
|
@@ -588,6 +630,7 @@ module StytchB2B
|
|
588
630
|
request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil?
|
589
631
|
request[:roles] = roles unless roles.nil?
|
590
632
|
request[:preserve_existing_sessions] = preserve_existing_sessions unless preserve_existing_sessions.nil?
|
633
|
+
request[:default_mfa_method] = default_mfa_method unless default_mfa_method.nil?
|
591
634
|
|
592
635
|
put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", request, headers)
|
593
636
|
end
|
@@ -715,11 +758,21 @@ module StytchB2B
|
|
715
758
|
delete_request("/v1/b2b/organizations/#{organization_id}/members/mfa_phone_numbers/#{member_id}", headers)
|
716
759
|
end
|
717
760
|
|
761
|
+
def delete_totp(
|
762
|
+
organization_id:,
|
763
|
+
member_id:,
|
764
|
+
method_options: nil
|
765
|
+
)
|
766
|
+
headers = {}
|
767
|
+
headers = headers.merge(method_options.to_headers) unless method_options.nil?
|
768
|
+
delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/totp", headers)
|
769
|
+
end
|
770
|
+
|
718
771
|
# Search for Members within specified Organizations. An array with at least one `organization_id` is required. Submitting an empty `query` returns all non-deleted Members within the specified Organizations.
|
719
772
|
#
|
720
773
|
# *All fuzzy search filters require a minimum of three characters.
|
721
774
|
#
|
722
|
-
#
|
775
|
+
# Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
|
723
776
|
# a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
|
724
777
|
# Member Session has permission to perform the `search` action on the `stytch.member` Resource. In addition, enforcing
|
725
778
|
# RBAC on this endpoint means that you may only search for Members within the calling Member's Organization, so the
|
@@ -890,7 +943,7 @@ module StytchB2B
|
|
890
943
|
# Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.
|
891
944
|
# The type of this field is nilable +Boolean+.
|
892
945
|
# roles::
|
893
|
-
#
|
946
|
+
# Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
|
894
947
|
# for more information about role assignment.
|
895
948
|
# The type of this field is nilable list of +String+.
|
896
949
|
#
|
data/lib/stytch/b2b_otp.rb
CHANGED
@@ -37,9 +37,13 @@ module StytchB2B
|
|
37
37
|
#
|
38
38
|
# If a Member has a phone number and is enrolled in MFA, then after a successful primary authentication event (e.g. [email magic link](https://stytch.com/docs/b2b/api/authenticate-magic-link) or [SSO](https://stytch.com/docs/b2b/api/sso-authenticate) login is complete), an SMS OTP will automatically be sent to their phone number. In that case, this endpoint should only be used for subsequent authentication events, such as prompting a Member for an OTP again after a period of inactivity.
|
39
39
|
#
|
40
|
+
# Passing an intermediate session token, session token, or session JWT is not required, but if passed must match the Member ID passed.
|
41
|
+
#
|
40
42
|
# ### Cost to send SMS OTP
|
41
43
|
# Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview).
|
42
44
|
#
|
45
|
+
# Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries).
|
46
|
+
#
|
43
47
|
# __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
|
44
48
|
#
|
45
49
|
# == Parameters:
|
@@ -60,6 +64,18 @@ module StytchB2B
|
|
60
64
|
# Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
|
61
65
|
#
|
62
66
|
# The type of this field is nilable +SendRequestLocale+ (string enum).
|
67
|
+
# intermediate_session_token::
|
68
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
69
|
+
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
|
70
|
+
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
71
|
+
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
72
|
+
# The type of this field is nilable +String+.
|
73
|
+
# session_token::
|
74
|
+
# A secret token for a given Stytch Session.
|
75
|
+
# The type of this field is nilable +String+.
|
76
|
+
# session_jwt::
|
77
|
+
# The JSON Web Token (JWT) for a given Stytch Session.
|
78
|
+
# The type of this field is nilable +String+.
|
63
79
|
#
|
64
80
|
# == Returns:
|
65
81
|
# An object with the following fields:
|
@@ -82,7 +98,10 @@ module StytchB2B
|
|
82
98
|
organization_id:,
|
83
99
|
member_id:,
|
84
100
|
mfa_phone_number: nil,
|
85
|
-
locale: nil
|
101
|
+
locale: nil,
|
102
|
+
intermediate_session_token: nil,
|
103
|
+
session_token: nil,
|
104
|
+
session_jwt: nil
|
86
105
|
)
|
87
106
|
headers = {}
|
88
107
|
request = {
|
@@ -91,6 +110,9 @@ module StytchB2B
|
|
91
110
|
}
|
92
111
|
request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil?
|
93
112
|
request[:locale] = locale unless locale.nil?
|
113
|
+
request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
|
114
|
+
request[:session_token] = session_token unless session_token.nil?
|
115
|
+
request[:session_jwt] = session_jwt unless session_jwt.nil?
|
94
116
|
|
95
117
|
post_request('/v1/b2b/otps/sms/send', request, headers)
|
96
118
|
end
|
@@ -160,6 +182,9 @@ module StytchB2B
|
|
160
182
|
# `unenroll` – sets the Member's `mfa_enrolled` boolean to `false`. The Member will no longer be required to complete MFA steps when logging in to the Organization.
|
161
183
|
#
|
162
184
|
# The type of this field is nilable +String+.
|
185
|
+
# set_default_mfa::
|
186
|
+
# (no documentation yet)
|
187
|
+
# The type of this field is nilable +Boolean+.
|
163
188
|
#
|
164
189
|
# == Returns:
|
165
190
|
# An object with the following fields:
|
@@ -196,7 +221,8 @@ module StytchB2B
|
|
196
221
|
session_jwt: nil,
|
197
222
|
session_duration_minutes: nil,
|
198
223
|
session_custom_claims: nil,
|
199
|
-
set_mfa_enrollment: nil
|
224
|
+
set_mfa_enrollment: nil,
|
225
|
+
set_default_mfa: nil
|
200
226
|
)
|
201
227
|
headers = {}
|
202
228
|
request = {
|
@@ -210,6 +236,7 @@ module StytchB2B
|
|
210
236
|
request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
|
211
237
|
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
212
238
|
request[:set_mfa_enrollment] = set_mfa_enrollment unless set_mfa_enrollment.nil?
|
239
|
+
request[:set_default_mfa] = set_default_mfa unless set_default_mfa.nil?
|
213
240
|
|
214
241
|
post_request('/v1/b2b/otps/sms/authenticate', request, headers)
|
215
242
|
end
|
data/lib/stytch/b2b_passwords.rb
CHANGED
@@ -129,7 +129,7 @@ module StytchB2B
|
|
129
129
|
# for complete field behavior details.
|
130
130
|
# The type of this field is nilable +object+.
|
131
131
|
# roles::
|
132
|
-
#
|
132
|
+
# Roles to explicitly assign to this Member.
|
133
133
|
# Will completely replace any existing explicitly assigned roles. See the
|
134
134
|
# [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
|
135
135
|
#
|
@@ -139,7 +139,7 @@ module StytchB2B
|
|
139
139
|
# `preserve_existing_sessions` parameter with a value of `true`.
|
140
140
|
# The type of this field is nilable list of +String+.
|
141
141
|
# preserve_existing_sessions::
|
142
|
-
#
|
142
|
+
# Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
|
143
143
|
# by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO
|
144
144
|
# authentication factors with the affected SSO connection IDs will be revoked.
|
145
145
|
# The type of this field is nilable +Boolean+.
|
@@ -383,6 +383,9 @@ module StytchB2B
|
|
383
383
|
# member_email_id::
|
384
384
|
# Globally unique UUID that identifies a member's email
|
385
385
|
# The type of this field is +String+.
|
386
|
+
# member::
|
387
|
+
# The [Member object](https://stytch.com/docs/b2b/api/member-object)
|
388
|
+
# The type of this field is +Member+ (+object+).
|
386
389
|
# status_code::
|
387
390
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
388
391
|
# The type of this field is +Integer+.
|
data/lib/stytch/b2b_rbac.rb
CHANGED
@@ -23,7 +23,7 @@ module StytchB2B
|
|
23
23
|
# Resources and Roles can be created and managed within the [Dashboard](/dashboard). Additionally, [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically managed through certain Stytch API endpoints.
|
24
24
|
#
|
25
25
|
#
|
26
|
-
# Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model
|
26
|
+
# Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model.
|
27
27
|
#
|
28
28
|
# == Parameters:
|
29
29
|
#
|
@@ -0,0 +1,199 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# !!!
|
4
|
+
# WARNING: This file is autogenerated
|
5
|
+
# Only modify code within MANUAL() sections
|
6
|
+
# or your changes may be overwritten later!
|
7
|
+
# !!!
|
8
|
+
|
9
|
+
require_relative 'request_helper'
|
10
|
+
|
11
|
+
module StytchB2B
|
12
|
+
class RecoveryCodes
|
13
|
+
include Stytch::RequestHelper
|
14
|
+
|
15
|
+
def initialize(connection)
|
16
|
+
@connection = connection
|
17
|
+
end
|
18
|
+
|
19
|
+
# Allows a Member to complete an MFA flow by consuming a recovery code. This consumes the recovery code and returns a session token that can be used to authenticate the Member.
|
20
|
+
#
|
21
|
+
# == Parameters:
|
22
|
+
# organization_id::
|
23
|
+
# Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
|
24
|
+
# The type of this field is +String+.
|
25
|
+
# member_id::
|
26
|
+
# Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
|
27
|
+
# The type of this field is +String+.
|
28
|
+
# recovery_code::
|
29
|
+
# The recovery code generated by a secondary MFA method. This code is used to authenticate in place of the secondary MFA method if that method as a backup.
|
30
|
+
# The type of this field is +String+.
|
31
|
+
# intermediate_session_token::
|
32
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
33
|
+
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
|
34
|
+
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
35
|
+
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
36
|
+
# The type of this field is nilable +String+.
|
37
|
+
# session_token::
|
38
|
+
# A secret token for a given Stytch Session.
|
39
|
+
# The type of this field is nilable +String+.
|
40
|
+
# session_jwt::
|
41
|
+
# The JSON Web Token (JWT) for a given Stytch Session.
|
42
|
+
# The type of this field is nilable +String+.
|
43
|
+
# session_duration_minutes::
|
44
|
+
# Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
|
45
|
+
# returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
|
46
|
+
# five minutes regardless of the underlying session duration, and will need to be refreshed over time.
|
47
|
+
#
|
48
|
+
# This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
|
49
|
+
#
|
50
|
+
# If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
|
51
|
+
#
|
52
|
+
# If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
|
53
|
+
# to use the Stytch session product, you can ignore the session fields in the response.
|
54
|
+
# The type of this field is nilable +Integer+.
|
55
|
+
# session_custom_claims::
|
56
|
+
# Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
|
57
|
+
# `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
|
58
|
+
# delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
|
59
|
+
# Total custom claims size cannot exceed four kilobytes.
|
60
|
+
# The type of this field is nilable +object+.
|
61
|
+
#
|
62
|
+
# == Returns:
|
63
|
+
# An object with the following fields:
|
64
|
+
# request_id::
|
65
|
+
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
66
|
+
# The type of this field is +String+.
|
67
|
+
# member_id::
|
68
|
+
# Globally unique UUID that identifies a specific Member.
|
69
|
+
# The type of this field is +String+.
|
70
|
+
# member::
|
71
|
+
# The [Member object](https://stytch.com/docs/b2b/api/member-object)
|
72
|
+
# The type of this field is +Member+ (+object+).
|
73
|
+
# organization::
|
74
|
+
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
75
|
+
# The type of this field is +Organization+ (+object+).
|
76
|
+
# session_token::
|
77
|
+
# A secret token for a given Stytch Session.
|
78
|
+
# The type of this field is +String+.
|
79
|
+
# session_jwt::
|
80
|
+
# The JSON Web Token (JWT) for a given Stytch Session.
|
81
|
+
# The type of this field is +String+.
|
82
|
+
# recovery_codes_remaining::
|
83
|
+
# The number of recovery codes remaining for a Member.
|
84
|
+
# The type of this field is +Integer+.
|
85
|
+
# status_code::
|
86
|
+
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
87
|
+
# The type of this field is +Integer+.
|
88
|
+
# member_session::
|
89
|
+
# The [Session object](https://stytch.com/docs/b2b/api/session-object).
|
90
|
+
# The type of this field is nilable +MemberSession+ (+object+).
|
91
|
+
def recover(
|
92
|
+
organization_id:,
|
93
|
+
member_id:,
|
94
|
+
recovery_code:,
|
95
|
+
intermediate_session_token: nil,
|
96
|
+
session_token: nil,
|
97
|
+
session_jwt: nil,
|
98
|
+
session_duration_minutes: nil,
|
99
|
+
session_custom_claims: nil
|
100
|
+
)
|
101
|
+
headers = {}
|
102
|
+
request = {
|
103
|
+
organization_id: organization_id,
|
104
|
+
member_id: member_id,
|
105
|
+
recovery_code: recovery_code
|
106
|
+
}
|
107
|
+
request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
|
108
|
+
request[:session_token] = session_token unless session_token.nil?
|
109
|
+
request[:session_jwt] = session_jwt unless session_jwt.nil?
|
110
|
+
request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
|
111
|
+
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
112
|
+
|
113
|
+
post_request('/v1/b2b/recovery_codes/recover', request, headers)
|
114
|
+
end
|
115
|
+
|
116
|
+
# Returns a Member's full set of active recovery codes.
|
117
|
+
#
|
118
|
+
# == Parameters:
|
119
|
+
# organization_id::
|
120
|
+
# Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
|
121
|
+
# The type of this field is +String+.
|
122
|
+
# member_id::
|
123
|
+
# Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
|
124
|
+
# The type of this field is +String+.
|
125
|
+
#
|
126
|
+
# == Returns:
|
127
|
+
# An object with the following fields:
|
128
|
+
# request_id::
|
129
|
+
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
130
|
+
# The type of this field is +String+.
|
131
|
+
# member_id::
|
132
|
+
# Globally unique UUID that identifies a specific Member.
|
133
|
+
# The type of this field is +String+.
|
134
|
+
# member::
|
135
|
+
# The [Member object](https://stytch.com/docs/b2b/api/member-object)
|
136
|
+
# The type of this field is +Member+ (+object+).
|
137
|
+
# organization::
|
138
|
+
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
139
|
+
# The type of this field is +Organization+ (+object+).
|
140
|
+
# recovery_codes::
|
141
|
+
# An array of recovery codes that can be used to recover a Member's account.
|
142
|
+
# The type of this field is list of +String+.
|
143
|
+
# status_code::
|
144
|
+
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
145
|
+
# The type of this field is +Integer+.
|
146
|
+
def get(
|
147
|
+
organization_id:,
|
148
|
+
member_id:
|
149
|
+
)
|
150
|
+
headers = {}
|
151
|
+
query_params = {}
|
152
|
+
request = request_with_query_params("/v1/b2b/recovery_codes/#{organization_id}/#{member_id}", query_params)
|
153
|
+
get_request(request, headers)
|
154
|
+
end
|
155
|
+
|
156
|
+
# Rotate a Member's recovery codes. This invalidates all existing recovery codes and generates a new set of recovery codes.
|
157
|
+
#
|
158
|
+
# == Parameters:
|
159
|
+
# organization_id::
|
160
|
+
# Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
|
161
|
+
# The type of this field is +String+.
|
162
|
+
# member_id::
|
163
|
+
# Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
|
164
|
+
# The type of this field is +String+.
|
165
|
+
#
|
166
|
+
# == Returns:
|
167
|
+
# An object with the following fields:
|
168
|
+
# request_id::
|
169
|
+
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
170
|
+
# The type of this field is +String+.
|
171
|
+
# member_id::
|
172
|
+
# Globally unique UUID that identifies a specific Member.
|
173
|
+
# The type of this field is +String+.
|
174
|
+
# member::
|
175
|
+
# The [Member object](https://stytch.com/docs/b2b/api/member-object)
|
176
|
+
# The type of this field is +Member+ (+object+).
|
177
|
+
# organization::
|
178
|
+
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
179
|
+
# The type of this field is +Organization+ (+object+).
|
180
|
+
# recovery_codes::
|
181
|
+
# An array of recovery codes that can be used to recover a Member's account.
|
182
|
+
# The type of this field is list of +String+.
|
183
|
+
# status_code::
|
184
|
+
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
185
|
+
# The type of this field is +Integer+.
|
186
|
+
def rotate(
|
187
|
+
organization_id:,
|
188
|
+
member_id:
|
189
|
+
)
|
190
|
+
headers = {}
|
191
|
+
request = {
|
192
|
+
organization_id: organization_id,
|
193
|
+
member_id: member_id
|
194
|
+
}
|
195
|
+
|
196
|
+
post_request('/v1/b2b/recovery_codes/rotate', request, headers)
|
197
|
+
end
|
198
|
+
end
|
199
|
+
end
|
data/lib/stytch/b2b_sessions.rb
CHANGED
@@ -72,7 +72,7 @@ module StytchB2B
|
|
72
72
|
#
|
73
73
|
# You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid.
|
74
74
|
#
|
75
|
-
# If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://
|
75
|
+
# If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
|
76
76
|
# In addition, the `organization_id` passed in the authorization check must match the Member's Organization.
|
77
77
|
#
|
78
78
|
# If the Member is not authorized to perform the specified action on the specified Resource, or if the
|
@@ -105,10 +105,10 @@ module StytchB2B
|
|
105
105
|
# Total custom claims size cannot exceed four kilobytes.
|
106
106
|
# The type of this field is nilable +object+.
|
107
107
|
# authorization_check::
|
108
|
-
#
|
108
|
+
# If an `authorization_check` object is passed in, this endpoint will also check if the Member is
|
109
109
|
# authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if
|
110
110
|
# their Member Session contains a Role, assigned
|
111
|
-
# [explicitly or implicitly](https://
|
111
|
+
# [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
|
112
112
|
# In addition, the `organization_id` passed in the authorization check must match the Member's Organization.
|
113
113
|
#
|
114
114
|
# The Roles on the Member Session may differ from the Roles you see on the Member object - Roles that are implicitly
|
@@ -144,7 +144,7 @@ module StytchB2B
|
|
144
144
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
145
145
|
# The type of this field is +Integer+.
|
146
146
|
# verdict::
|
147
|
-
#
|
147
|
+
# If an `authorization_check` is provided in the request and the check succeeds, this field will return
|
148
148
|
# the complete list of Roles that gave the Member permission to perform the specified action on the specified Resource.
|
149
149
|
# The type of this field is nilable +AuthorizationVerdict+ (+object+).
|
150
150
|
def authenticate(
|
data/lib/stytch/b2b_sso.rb
CHANGED
@@ -466,10 +466,10 @@ module StytchB2B
|
|
466
466
|
# The URL for which assertions for login requests will be sent. This will be provided by the IdP.
|
467
467
|
# The type of this field is nilable +String+.
|
468
468
|
# saml_connection_implicit_role_assignments::
|
469
|
-
#
|
469
|
+
# All Members who log in with this SAML connection will implicitly receive the specified Roles. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
|
470
470
|
# The type of this field is nilable list of +String+.
|
471
471
|
# saml_group_implicit_role_assignments::
|
472
|
-
#
|
472
|
+
# Defines the names of the SAML groups
|
473
473
|
# that grant specific role assignments. For each group-Role pair, if a Member logs in with this SAML connection and
|
474
474
|
# belongs to the specified SAML group, they will be granted the associated Role. See the
|
475
475
|
# [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
|
@@ -0,0 +1,261 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# !!!
|
4
|
+
# WARNING: This file is autogenerated
|
5
|
+
# Only modify code within MANUAL() sections
|
6
|
+
# or your changes may be overwritten later!
|
7
|
+
# !!!
|
8
|
+
|
9
|
+
require_relative 'request_helper'
|
10
|
+
|
11
|
+
module StytchB2B
|
12
|
+
class TOTPs
|
13
|
+
include Stytch::RequestHelper
|
14
|
+
|
15
|
+
def initialize(connection)
|
16
|
+
@connection = connection
|
17
|
+
end
|
18
|
+
|
19
|
+
# Create a new TOTP instance for a Member. The Member can use the authenticator application of their choice to scan the QR code or enter the secret.
|
20
|
+
#
|
21
|
+
# Passing an intermediate session token, session token, or session JWT is not required, but if passed must match the Member ID passed.
|
22
|
+
#
|
23
|
+
# == Parameters:
|
24
|
+
# organization_id::
|
25
|
+
# Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
|
26
|
+
# The type of this field is +String+.
|
27
|
+
# member_id::
|
28
|
+
# Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
|
29
|
+
# The type of this field is +String+.
|
30
|
+
# expiration_minutes::
|
31
|
+
# The expiration for the TOTP registration. If the newly created TOTP registration is not authenticated within this time frame the member will have to restart the registration flow. Defaults to 60 (1 hour) with a minimum of 5 and a maximum of 1440.
|
32
|
+
# The type of this field is nilable +Integer+.
|
33
|
+
# intermediate_session_token::
|
34
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
35
|
+
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
|
36
|
+
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
37
|
+
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
38
|
+
# The type of this field is nilable +String+.
|
39
|
+
# session_token::
|
40
|
+
# A secret token for a given Stytch Session.
|
41
|
+
# The type of this field is nilable +String+.
|
42
|
+
# session_jwt::
|
43
|
+
# The JSON Web Token (JWT) for a given Stytch Session.
|
44
|
+
# The type of this field is nilable +String+.
|
45
|
+
#
|
46
|
+
# == Returns:
|
47
|
+
# An object with the following fields:
|
48
|
+
# request_id::
|
49
|
+
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
50
|
+
# The type of this field is +String+.
|
51
|
+
# member_id::
|
52
|
+
# Globally unique UUID that identifies a specific Member.
|
53
|
+
# The type of this field is +String+.
|
54
|
+
# totp_registration_id::
|
55
|
+
# The unique ID for a TOTP instance.
|
56
|
+
# The type of this field is +String+.
|
57
|
+
# secret::
|
58
|
+
# The TOTP secret key shared between the authenticator app and the server used to generate TOTP codes.
|
59
|
+
# The type of this field is +String+.
|
60
|
+
# qr_code::
|
61
|
+
# The QR code image encoded in base64.
|
62
|
+
# The type of this field is +String+.
|
63
|
+
# recovery_codes::
|
64
|
+
# An array of recovery codes that can be used to recover a Member's account.
|
65
|
+
# The type of this field is list of +String+.
|
66
|
+
# member::
|
67
|
+
# The [Member object](https://stytch.com/docs/b2b/api/member-object)
|
68
|
+
# The type of this field is +Member+ (+object+).
|
69
|
+
# organization::
|
70
|
+
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
71
|
+
# The type of this field is +Organization+ (+object+).
|
72
|
+
# status_code::
|
73
|
+
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
74
|
+
# The type of this field is +Integer+.
|
75
|
+
def create(
|
76
|
+
organization_id:,
|
77
|
+
member_id:,
|
78
|
+
expiration_minutes: nil,
|
79
|
+
intermediate_session_token: nil,
|
80
|
+
session_token: nil,
|
81
|
+
session_jwt: nil
|
82
|
+
)
|
83
|
+
headers = {}
|
84
|
+
request = {
|
85
|
+
organization_id: organization_id,
|
86
|
+
member_id: member_id
|
87
|
+
}
|
88
|
+
request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil?
|
89
|
+
request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
|
90
|
+
request[:session_token] = session_token unless session_token.nil?
|
91
|
+
request[:session_jwt] = session_jwt unless session_jwt.nil?
|
92
|
+
|
93
|
+
post_request('/v1/b2b/totp', request, headers)
|
94
|
+
end
|
95
|
+
|
96
|
+
# Authenticate a Member provided TOTP.
|
97
|
+
#
|
98
|
+
# == Parameters:
|
99
|
+
# organization_id::
|
100
|
+
# Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
|
101
|
+
# The type of this field is +String+.
|
102
|
+
# member_id::
|
103
|
+
# Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
|
104
|
+
# The type of this field is +String+.
|
105
|
+
# code::
|
106
|
+
# The code to authenticate.
|
107
|
+
# The type of this field is +String+.
|
108
|
+
# intermediate_session_token::
|
109
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
110
|
+
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
|
111
|
+
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
112
|
+
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
113
|
+
# The type of this field is nilable +String+.
|
114
|
+
# session_token::
|
115
|
+
# A secret token for a given Stytch Session.
|
116
|
+
# The type of this field is nilable +String+.
|
117
|
+
# session_jwt::
|
118
|
+
# The JSON Web Token (JWT) for a given Stytch Session.
|
119
|
+
# The type of this field is nilable +String+.
|
120
|
+
# session_duration_minutes::
|
121
|
+
# Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
|
122
|
+
# returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
|
123
|
+
# five minutes regardless of the underlying session duration, and will need to be refreshed over time.
|
124
|
+
#
|
125
|
+
# This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
|
126
|
+
#
|
127
|
+
# If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
|
128
|
+
#
|
129
|
+
# If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
|
130
|
+
# to use the Stytch session product, you can ignore the session fields in the response.
|
131
|
+
# The type of this field is nilable +Integer+.
|
132
|
+
# session_custom_claims::
|
133
|
+
# Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
|
134
|
+
# `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
|
135
|
+
# delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
|
136
|
+
# Total custom claims size cannot exceed four kilobytes.
|
137
|
+
# The type of this field is nilable +object+.
|
138
|
+
# set_mfa_enrollment::
|
139
|
+
# Optionally sets the Member’s MFA enrollment status upon a successful authentication. If the Organization’s MFA policy is `REQUIRED_FOR_ALL`, this field will be ignored. If this field is not passed in, the Member’s `mfa_enrolled` boolean will not be affected. The options are:
|
140
|
+
#
|
141
|
+
# `enroll` – sets the Member's `mfa_enrolled` boolean to `true`. The Member will be required to complete an MFA step upon subsequent logins to the Organization.
|
142
|
+
#
|
143
|
+
# `unenroll` – sets the Member's `mfa_enrolled` boolean to `false`. The Member will no longer be required to complete MFA steps when logging in to the Organization.
|
144
|
+
#
|
145
|
+
# The type of this field is nilable +String+.
|
146
|
+
# set_default_mfa::
|
147
|
+
# If passed will set the authenticated method to the default MFA method. Completing an MFA authentication flow for the first time for a Member will implicitly set the method to the default MFA method. This option can be used to update the default MFA method if multiple are being used.
|
148
|
+
# The type of this field is nilable +Boolean+.
|
149
|
+
#
|
150
|
+
# == Returns:
|
151
|
+
# An object with the following fields:
|
152
|
+
# request_id::
|
153
|
+
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
154
|
+
# The type of this field is +String+.
|
155
|
+
# member_id::
|
156
|
+
# Globally unique UUID that identifies a specific Member.
|
157
|
+
# The type of this field is +String+.
|
158
|
+
# member::
|
159
|
+
# The [Member object](https://stytch.com/docs/b2b/api/member-object)
|
160
|
+
# The type of this field is +Member+ (+object+).
|
161
|
+
# organization::
|
162
|
+
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
163
|
+
# The type of this field is +Organization+ (+object+).
|
164
|
+
# session_token::
|
165
|
+
# A secret token for a given Stytch Session.
|
166
|
+
# The type of this field is +String+.
|
167
|
+
# session_jwt::
|
168
|
+
# The JSON Web Token (JWT) for a given Stytch Session.
|
169
|
+
# The type of this field is +String+.
|
170
|
+
# status_code::
|
171
|
+
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
172
|
+
# The type of this field is +Integer+.
|
173
|
+
# member_session::
|
174
|
+
# The [Session object](https://stytch.com/docs/b2b/api/session-object).
|
175
|
+
# The type of this field is nilable +MemberSession+ (+object+).
|
176
|
+
def authenticate(
|
177
|
+
organization_id:,
|
178
|
+
member_id:,
|
179
|
+
code:,
|
180
|
+
intermediate_session_token: nil,
|
181
|
+
session_token: nil,
|
182
|
+
session_jwt: nil,
|
183
|
+
session_duration_minutes: nil,
|
184
|
+
session_custom_claims: nil,
|
185
|
+
set_mfa_enrollment: nil,
|
186
|
+
set_default_mfa: nil
|
187
|
+
)
|
188
|
+
headers = {}
|
189
|
+
request = {
|
190
|
+
organization_id: organization_id,
|
191
|
+
member_id: member_id,
|
192
|
+
code: code
|
193
|
+
}
|
194
|
+
request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
|
195
|
+
request[:session_token] = session_token unless session_token.nil?
|
196
|
+
request[:session_jwt] = session_jwt unless session_jwt.nil?
|
197
|
+
request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
|
198
|
+
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
199
|
+
request[:set_mfa_enrollment] = set_mfa_enrollment unless set_mfa_enrollment.nil?
|
200
|
+
request[:set_default_mfa] = set_default_mfa unless set_default_mfa.nil?
|
201
|
+
|
202
|
+
post_request('/v1/b2b/totp/authenticate', request, headers)
|
203
|
+
end
|
204
|
+
|
205
|
+
# Migrate an existing TOTP instance for a Member. Recovery codes are not required and will be minted for the Member if not provided.
|
206
|
+
#
|
207
|
+
# == Parameters:
|
208
|
+
# organization_id::
|
209
|
+
# Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
|
210
|
+
# The type of this field is +String+.
|
211
|
+
# member_id::
|
212
|
+
# Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
|
213
|
+
# The type of this field is +String+.
|
214
|
+
# secret::
|
215
|
+
# The TOTP secret key shared between the authenticator app and the server used to generate TOTP codes.
|
216
|
+
# The type of this field is +String+.
|
217
|
+
# recovery_codes::
|
218
|
+
# An existing set of recovery codes to be imported into Stytch to be used to authenticate in place of the secondary MFA method.
|
219
|
+
# The type of this field is list of +String+.
|
220
|
+
#
|
221
|
+
# == Returns:
|
222
|
+
# An object with the following fields:
|
223
|
+
# request_id::
|
224
|
+
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
225
|
+
# The type of this field is +String+.
|
226
|
+
# member_id::
|
227
|
+
# Globally unique UUID that identifies a specific Member.
|
228
|
+
# The type of this field is +String+.
|
229
|
+
# member::
|
230
|
+
# The [Member object](https://stytch.com/docs/b2b/api/member-object)
|
231
|
+
# The type of this field is +Member+ (+object+).
|
232
|
+
# organization::
|
233
|
+
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
234
|
+
# The type of this field is +Organization+ (+object+).
|
235
|
+
# totp_registration_id::
|
236
|
+
# The unique ID for a TOTP instance.
|
237
|
+
# The type of this field is +String+.
|
238
|
+
# recovery_codes::
|
239
|
+
# An array of recovery codes that can be used to recover a Member's account.
|
240
|
+
# The type of this field is list of +String+.
|
241
|
+
# status_code::
|
242
|
+
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
243
|
+
# The type of this field is +Integer+.
|
244
|
+
def migrate(
|
245
|
+
organization_id:,
|
246
|
+
member_id:,
|
247
|
+
secret:,
|
248
|
+
recovery_codes:
|
249
|
+
)
|
250
|
+
headers = {}
|
251
|
+
request = {
|
252
|
+
organization_id: organization_id,
|
253
|
+
member_id: member_id,
|
254
|
+
secret: secret,
|
255
|
+
recovery_codes: recovery_codes
|
256
|
+
}
|
257
|
+
|
258
|
+
post_request('/v1/b2b/totp/migrate', request, headers)
|
259
|
+
end
|
260
|
+
end
|
261
|
+
end
|
data/lib/stytch/oauth.rb
CHANGED
@@ -123,7 +123,7 @@ module Stytch
|
|
123
123
|
# provider_values::
|
124
124
|
# The `provider_values` object lists relevant identifiers, values, and scopes for a given OAuth provider. For example this object will include a provider's `access_token` that you can use to access the provider's API for a given user.
|
125
125
|
#
|
126
|
-
# Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only returned by OIDC
|
126
|
+
# Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only returned by OIDC compliant identity providers.
|
127
127
|
# The type of this field is +ProviderValues+ (+object+).
|
128
128
|
# user::
|
129
129
|
# The `user` object affected by this API call. See the [Get user endpoint](https://stytch.com/docs/api/get-user) for complete response field details.
|
data/lib/stytch/otps.rb
CHANGED
@@ -132,6 +132,8 @@ module Stytch
|
|
132
132
|
#
|
133
133
|
# __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
|
134
134
|
#
|
135
|
+
# Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries).
|
136
|
+
#
|
135
137
|
# ### Add a phone number to an existing user
|
136
138
|
#
|
137
139
|
# This endpoint also allows you to add a new phone number to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in your Send one-time passcode by SMS request will add the new, unverified phone number to the existing Stytch User. If the user successfully authenticates within 5 minutes, the new phone number will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that phone number will create a new User.
|
@@ -212,6 +214,8 @@ module Stytch
|
|
212
214
|
#
|
213
215
|
# __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
|
214
216
|
#
|
217
|
+
# Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries).
|
218
|
+
#
|
215
219
|
# ### Next steps
|
216
220
|
#
|
217
221
|
# Collect the OTP which was delivered to the User. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`.
|
data/lib/stytch/sessions.rb
CHANGED
@@ -216,15 +216,13 @@ module Stytch
|
|
216
216
|
end
|
217
217
|
|
218
218
|
session = authenticate_jwt_local(session_jwt, max_token_age_seconds: max_token_age_seconds)
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
)
|
227
|
-
end
|
219
|
+
return session unless session.nil?
|
220
|
+
|
221
|
+
authenticate(
|
222
|
+
session_jwt: session_jwt,
|
223
|
+
session_duration_minutes: session_duration_minutes,
|
224
|
+
session_custom_claims: session_custom_claims
|
225
|
+
)
|
228
226
|
rescue StandardError
|
229
227
|
# JWT could not be verified locally. Check with the Stytch API.
|
230
228
|
authenticate(
|
data/lib/stytch/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: stytch
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.0
|
4
|
+
version: 7.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- stytch
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-01-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|
@@ -132,8 +132,10 @@ files:
|
|
132
132
|
- lib/stytch/b2b_otp.rb
|
133
133
|
- lib/stytch/b2b_passwords.rb
|
134
134
|
- lib/stytch/b2b_rbac.rb
|
135
|
+
- lib/stytch/b2b_recovery_codes.rb
|
135
136
|
- lib/stytch/b2b_sessions.rb
|
136
137
|
- lib/stytch/b2b_sso.rb
|
138
|
+
- lib/stytch/b2b_totps.rb
|
137
139
|
- lib/stytch/client.rb
|
138
140
|
- lib/stytch/crypto_wallets.rb
|
139
141
|
- lib/stytch/errors.rb
|