stytch 7.0.3 → 7.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7db7ce0ca6bc7abc37055eb392add1196bf5b6a0d226bbd465c0a7d7fe77ce11
-  data.tar.gz: f7a8dc3fd353b3727e0ae8ac9567c6e3655f16a10c30589a2305560c15090a25
+  metadata.gz: 7146e140429bd2244d6cb3fc47a94e545487c92f8a4e7b18216d23c59f47ad25
+  data.tar.gz: 548974370b5bcd86c1c54959f5447829742c2547491ab646cf108d769030f745
 SHA512:
-  metadata.gz: c382982dece8ce8f68b22a06dd2522b0f86618f304642189b85f08b89c3a8870126abe1a3995377c61412b52609a6580e844a4345ef70bfa7265f763d501c168
-  data.tar.gz: 04755c76aef2e3a0d20dff671cbe34504ec7e0bc4a887bf77c7b975d3616700fea61594410389580cb0bc8056d68cbeef813e9234afafdd518f089e98dfec9c6
+  metadata.gz: 8de8b7d887ea706d38a81e15288fe87532c0f37df8021f2e36f547438547625a39aeedaea5d6757d7217da68732a71ad70f654f3e906a11b034d74411e3e5f9c
+  data.tar.gz: ff1ee0fee78c564b78cadddce1b4fddb3f8e06356e649db35e411db81ac6f7fad00b3177017950a8f0ef1dceff330ae1c91bb0b91838c5e477fc075bbf4183d0

data/.gitignore

@@ -8,6 +8,8 @@
 /tmp/
 *.gem
 Gemfile.lock
+.idea/
+.envrc
 
 # rspec failure tracking
 .rspec_status

data/lib/stytch/b2b_client.rb

@@ -7,8 +7,10 @@ require_relative 'b2b_organizations'
 require_relative 'b2b_otp'
 require_relative 'b2b_passwords'
 require_relative 'b2b_rbac'
+require_relative 'b2b_recovery_codes'
 require_relative 'b2b_sessions'
 require_relative 'b2b_sso'
+require_relative 'b2b_totps'
 require_relative 'm2m'
 require_relative 'rbac_local'
 
@@ -16,7 +18,7 @@ module StytchB2B
   class Client
     ENVIRONMENTS = %i[live test].freeze
 
-    attr_reader :discovery, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :rbac, :sso, :sessions
+    attr_reader :discovery, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :rbac, :recovery_codes, :sso, :sessions, :totps
 
     def initialize(project_id:, secret:, env: nil, &block)
       @api_host   = api_host(env, project_id)
@@ -36,8 +38,10 @@ module StytchB2B
       @organizations = StytchB2B::Organizations.new(@connection)
       @passwords = StytchB2B::Passwords.new(@connection)
       @rbac = StytchB2B::RBAC.new(@connection)
+      @recovery_codes = StytchB2B::RecoveryCodes.new(@connection)
       @sso = StytchB2B::SSO.new(@connection)
       @sessions = StytchB2B::Sessions.new(@connection, @project_id, @policy_cache)
+      @totps = StytchB2B::TOTPs.new(@connection)
     end
 
     private

data/lib/stytch/b2b_discovery.rb

@@ -251,11 +251,24 @@ module StytchB2B
       #
       #   The type of this field is nilable +String+.
       # rbac_email_implicit_role_assignments::
-      #   (Coming Soon) Implicit role assignments based off of email domains.
+      #   Implicit role assignments based off of email domains.
       #   For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
       #   associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
       #   for more information about role assignment.
       #   The type of this field is nilable list of +EmailImplicitRoleAssignment+ (+object+).
+      # mfa_methods::
+      #   The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are:
+      #
+      #   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
+      #
+      #   `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
+      #
+      #   The type of this field is nilable +String+.
+      # allowed_mfa_methods::
+      #   An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
+      #   The list's accepted values are: `sms_otp` and `totp`.
+      #
+      #   The type of this field is nilable list of +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -310,7 +323,9 @@ module StytchB2B
         auth_methods: nil,
         allowed_auth_methods: nil,
         mfa_policy: nil,
-        rbac_email_implicit_role_assignments: nil
+        rbac_email_implicit_role_assignments: nil,
+        mfa_methods: nil,
+        allowed_mfa_methods: nil
       )
         headers = {}
         request = {
@@ -330,6 +345,8 @@ module StytchB2B
         request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
         request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
         request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
+        request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
+        request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
 
         post_request('/v1/b2b/discovery/organizations/create', request, headers)
       end

data/lib/stytch/b2b_magic_links.rb

@@ -282,7 +282,7 @@ module StytchB2B
       #
       #   The type of this field is nilable +InviteRequestLocale+ (string enum).
       # roles::
-      #   (Coming Soon) Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
+      #   Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
       #    for more information about role assignment.
       #   The type of this field is nilable list of +String+.
       #

data/lib/stytch/b2b_organizations.rb

@@ -132,11 +132,24 @@ module StytchB2B
     #
     #   The type of this field is nilable +String+.
     # rbac_email_implicit_role_assignments::
-    #   (Coming Soon) Implicit role assignments based off of email domains.
+    #   Implicit role assignments based off of email domains.
     #   For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
     #   associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
     #   for more information about role assignment.
     #   The type of this field is nilable list of +EmailImplicitRoleAssignment+ (+object+).
+    # mfa_methods::
+    #   The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are:
+    #
+    #   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
+    #
+    #   `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
+    #
+    #   The type of this field is nilable +String+.
+    # allowed_mfa_methods::
+    #   An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
+    #   The list's accepted values are: `sms_otp` and `totp`.
+    #
+    #   The type of this field is nilable list of +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -161,7 +174,9 @@ module StytchB2B
       auth_methods: nil,
       allowed_auth_methods: nil,
       mfa_policy: nil,
-      rbac_email_implicit_role_assignments: nil
+      rbac_email_implicit_role_assignments: nil,
+      mfa_methods: nil,
+      allowed_mfa_methods: nil
     )
       headers = {}
       request = {
@@ -178,6 +193,8 @@ module StytchB2B
       request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
       request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
       request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
+      request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
+      request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
 
       post_request('/v1/b2b/organizations', request, headers)
     end
@@ -213,7 +230,7 @@ module StytchB2B
     #
     # *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.
     #
-    # (Coming Soon) Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
+    # Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
     # a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
     # Member Session has the necessary permissions. The specific permissions needed depend on which of the optional fields
     # are passed in the request. For example, if the `organization_name` argument is provided, the Member Session must have
@@ -330,13 +347,30 @@ module StytchB2B
     # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.mfa-policy` action on the `stytch.organization` Resource.
     #   The type of this field is nilable +String+.
     # rbac_email_implicit_role_assignments::
-    #   (Coming Soon) Implicit role assignments based off of email domains.
+    #   Implicit role assignments based off of email domains.
     #   For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
     #   associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
     #   for more information about role assignment.
     #
     # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.implicit-roles` action on the `stytch.organization` Resource.
     #   The type of this field is nilable list of +String+.
+    # mfa_methods::
+    #   The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are:
+    #
+    #   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
+    #
+    #   `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
+    #
+    #
+    # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.
+    #   The type of this field is nilable +String+.
+    # allowed_mfa_methods::
+    #   An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
+    #   The list's accepted values are: `sms_otp` and `totp`.
+    #
+    #
+    # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.
+    #   The type of this field is nilable list of +String+.
     #
     # == Returns:
     # An object with the following fields:
@@ -368,6 +402,8 @@ module StytchB2B
       allowed_auth_methods: nil,
       mfa_policy: nil,
       rbac_email_implicit_role_assignments: nil,
+      mfa_methods: nil,
+      allowed_mfa_methods: nil,
       method_options: nil
     )
       headers = {}
@@ -387,6 +423,8 @@ module StytchB2B
       request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
       request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
       request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
+      request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
+      request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
 
       put_request("/v1/b2b/organizations/#{organization_id}", request, headers)
     end
@@ -471,7 +509,7 @@ module StytchB2B
 
       # Updates a Member specified by `organization_id` and `member_id`.
       #
-      # (Coming Soon) Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
+      # Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
       # a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
       # Member Session has the necessary permissions. The specific permissions needed depend on which of the optional fields
       # are passed in the request. For example, if the `organization_name` argument is provided, the Member Session must have
@@ -512,7 +550,7 @@ module StytchB2B
       # is_breakglass::
       #   Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](organization-object) and its `auth_methods` and `allowed_auth_methods` fields for more details.
       #
-      # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.is-breakglass` action on the `stytch.member` Resource.
+      # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.is-breakglass` action on the `stytch.member` Resource.
       #   The type of this field is nilable +Boolean+.
       # mfa_phone_number::
       #   Sets the Member's phone number. Throws an error if the Member already has a phone number. To change the Member's phone number, use the [Delete member phone number endpoint](https://stytch.com/docs/b2b/api/delete-member-mfa-phone-number) to delete the Member's existing phone number first.
@@ -527,7 +565,7 @@ module StytchB2B
       #   Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.mfa-enrolled` action on the `stytch.self` Resource.
       #   The type of this field is nilable +Boolean+.
       # roles::
-      #   (Coming Soon) Roles to explicitly assign to this Member.
+      #   Roles to explicitly assign to this Member.
       #  Will completely replace any existing explicitly assigned roles. See the
       #  [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
       #
@@ -539,10 +577,13 @@ module StytchB2B
       # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.roles` action on the `stytch.member` Resource.
       #   The type of this field is nilable list of +String+.
       # preserve_existing_sessions::
-      #   (Coming Soon) Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
+      #   Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
       #   by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO
       #   authentication factors with the affected SSO connection IDs will be revoked.
       #   The type of this field is nilable +Boolean+.
+      # default_mfa_method::
+      #   The Member's default MFA method. This value is used to determine which secondary MFA method to use in the case of multiple methods registered for a Member. The current possible values are `sms_otp` and `totp`.
+      #   The type of this field is nilable +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -575,6 +616,7 @@ module StytchB2B
         mfa_enrolled: nil,
         roles: nil,
         preserve_existing_sessions: nil,
+        default_mfa_method: nil,
         method_options: nil
       )
         headers = {}
@@ -588,6 +630,7 @@ module StytchB2B
         request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil?
         request[:roles] = roles unless roles.nil?
         request[:preserve_existing_sessions] = preserve_existing_sessions unless preserve_existing_sessions.nil?
+        request[:default_mfa_method] = default_mfa_method unless default_mfa_method.nil?
 
         put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", request, headers)
       end
@@ -715,11 +758,21 @@ module StytchB2B
         delete_request("/v1/b2b/organizations/#{organization_id}/members/mfa_phone_numbers/#{member_id}", headers)
       end
 
+      def delete_totp(
+        organization_id:,
+        member_id:,
+        method_options: nil
+      )
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
+        delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/totp", headers)
+      end
+
       # Search for Members within specified Organizations. An array with at least one `organization_id` is required. Submitting an empty `query` returns all non-deleted Members within the specified Organizations.
       #
       # *All fuzzy search filters require a minimum of three characters.
       #
-      # (Coming Soon) Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
+      # Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
       # a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
       # Member Session has permission to perform the `search` action on the `stytch.member` Resource. In addition, enforcing
       # RBAC on this endpoint means that you may only search for Members within the calling Member's Organization, so the
@@ -890,7 +943,7 @@ module StytchB2B
       #   Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.
       #   The type of this field is nilable +Boolean+.
       # roles::
-      #   (Coming Soon) Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
+      #   Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
       #    for more information about role assignment.
       #   The type of this field is nilable list of +String+.
       #

data/lib/stytch/b2b_otp.rb

@@ -37,9 +37,13 @@ module StytchB2B
       #
       # If a Member has a phone number and is enrolled in MFA, then after a successful primary authentication event (e.g. [email magic link](https://stytch.com/docs/b2b/api/authenticate-magic-link) or [SSO](https://stytch.com/docs/b2b/api/sso-authenticate) login is complete), an SMS OTP will automatically be sent to their phone number. In that case, this endpoint should only be used for subsequent authentication events, such as prompting a Member for an OTP again after a period of inactivity.
       #
+      # Passing an intermediate session token, session token, or session JWT is not required, but if passed must match the Member ID passed.
+      #
       # ### Cost to send SMS OTP
       # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview).
       #
+      # Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries).
+      #
       # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
       #
       # == Parameters:
@@ -60,6 +64,18 @@ module StytchB2B
       # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
       #
       #   The type of this field is nilable +SendRequestLocale+ (string enum).
+      # intermediate_session_token::
+      #   The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
+      #     The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
+      #     the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
+      #     or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
+      #   The type of this field is nilable +String+.
+      # session_token::
+      #   A secret token for a given Stytch Session.
+      #   The type of this field is nilable +String+.
+      # session_jwt::
+      #   The JSON Web Token (JWT) for a given Stytch Session.
+      #   The type of this field is nilable +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -82,7 +98,10 @@ module StytchB2B
         organization_id:,
         member_id:,
         mfa_phone_number: nil,
-        locale: nil
+        locale: nil,
+        intermediate_session_token: nil,
+        session_token: nil,
+        session_jwt: nil
       )
         headers = {}
         request = {
@@ -91,6 +110,9 @@ module StytchB2B
         }
         request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil?
         request[:locale] = locale unless locale.nil?
+        request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
+        request[:session_token] = session_token unless session_token.nil?
+        request[:session_jwt] = session_jwt unless session_jwt.nil?
 
         post_request('/v1/b2b/otps/sms/send', request, headers)
       end
@@ -160,6 +182,9 @@ module StytchB2B
       #   `unenroll` –  sets the Member's `mfa_enrolled` boolean to `false`. The Member will no longer be required to complete MFA steps when logging in to the Organization.
       #
       #   The type of this field is nilable +String+.
+      # set_default_mfa::
+      #   (no documentation yet)
+      #   The type of this field is nilable +Boolean+.
       #
       # == Returns:
       # An object with the following fields:
@@ -196,7 +221,8 @@ module StytchB2B
         session_jwt: nil,
         session_duration_minutes: nil,
         session_custom_claims: nil,
-        set_mfa_enrollment: nil
+        set_mfa_enrollment: nil,
+        set_default_mfa: nil
       )
         headers = {}
         request = {
@@ -210,6 +236,7 @@ module StytchB2B
         request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
         request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
         request[:set_mfa_enrollment] = set_mfa_enrollment unless set_mfa_enrollment.nil?
+        request[:set_default_mfa] = set_default_mfa unless set_default_mfa.nil?
 
         post_request('/v1/b2b/otps/sms/authenticate', request, headers)
       end

data/lib/stytch/b2b_passwords.rb

@@ -129,7 +129,7 @@ module StytchB2B
     #   for complete field behavior details.
     #   The type of this field is nilable +object+.
     # roles::
-    #   (Coming Soon) Roles to explicitly assign to this Member.
+    #   Roles to explicitly assign to this Member.
     #  Will completely replace any existing explicitly assigned roles. See the
     #  [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
     #
@@ -139,7 +139,7 @@ module StytchB2B
     #    `preserve_existing_sessions` parameter with a value of `true`.
     #   The type of this field is nilable list of +String+.
     # preserve_existing_sessions::
-    #   (Coming Soon) Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
+    #   Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
     #   by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO
     #   authentication factors with the affected SSO connection IDs will be revoked.
     #   The type of this field is nilable +Boolean+.
@@ -383,6 +383,9 @@ module StytchB2B
       # member_email_id::
       #   Globally unique UUID that identifies a member's email
       #   The type of this field is +String+.
+      # member::
+      #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+      #   The type of this field is +Member+ (+object+).
       # status_code::
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.

data/lib/stytch/b2b_rbac.rb

@@ -18,12 +18,11 @@ module StytchB2B
 
     # Get the active RBAC Policy for your current Stytch Project. An RBAC Policy is the canonical document that stores all defined Resources and Roles within your RBAC permissioning model.
     #
-    # When using the backend SDKs, the RBAC Policy will automatically be loaded and refreshed in the background to allow for local evaluations, eliminating the need for an extra request to Stytch.
+    # When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating the need for an extra request to Stytch. The policy will be refreshed if an authorization check is requested and the RBAC policy was last updated more than 5 minutes ago.
     #
-    # Resources and Roles can be created and managed within the [Dashboard](/dashboard). Additionally, [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically managed through certain Stytch API endpoints.
+    # Resources and Roles can be created and managed within the [Dashboard](/dashboard/rbac). Additionally, [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically managed through certain Stytch API endpoints.
     #
-    #
-    # Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model or [contact us](https://share.hsforms.com/1qkU__-1CT1--lnqRDxphXgd4bkb) to request early access.
+    # Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model.
     #
     # == Parameters:
     #
@@ -36,7 +35,7 @@ module StytchB2B
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
     # policy::
-    #   The RBAC Policy document that contains all defined Roles and Resources – which are managed in the [Dashboard](/dashboard). Read more about these entities and how they work in our [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview).
+    #   The RBAC Policy document that contains all defined Roles and Resources – which are managed in the [Dashboard](/dashboard/rbac). Read more about these entities and how they work in our [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview).
     #   The type of this field is nilable +Policy+ (+object+).
     def policy
       headers = {}

data/lib/stytch/b2b_recovery_codes.rb

@@ -0,0 +1,199 @@
+# frozen_string_literal: true
+
+# !!!
+# WARNING: This file is autogenerated
+# Only modify code within MANUAL() sections
+# or your changes may be overwritten later!
+# !!!
+
+require_relative 'request_helper'
+
+module StytchB2B
+  class RecoveryCodes
+    include Stytch::RequestHelper
+
+    def initialize(connection)
+      @connection = connection
+    end
+
+    # Allows a Member to complete an MFA flow by consuming a recovery code. This consumes the recovery code and returns a session token that can be used to authenticate the Member.
+    #
+    # == Parameters:
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    # recovery_code::
+    #   The recovery code generated by a secondary MFA method. This code is used to authenticate in place of the secondary MFA method if that method as a backup.
+    #   The type of this field is +String+.
+    # intermediate_session_token::
+    #   The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
+    #     The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
+    #     the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
+    #     or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
+    #   The type of this field is nilable +String+.
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is nilable +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is nilable +String+.
+    # session_duration_minutes::
+    #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+    #   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+    #   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+    #
+    #   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+    #
+    #   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+    #
+    #   If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
+    #   to use the Stytch session product, you can ignore the session fields in the response.
+    #   The type of this field is nilable +Integer+.
+    # session_custom_claims::
+    #   Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
+    #   `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
+    #   delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
+    #   Total custom claims size cannot exceed four kilobytes.
+    #   The type of this field is nilable +object+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member.
+    #   The type of this field is +String+.
+    # member::
+    #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+    #   The type of this field is +Member+ (+object+).
+    # organization::
+    #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+    #   The type of this field is +Organization+ (+object+).
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is +String+.
+    # recovery_codes_remaining::
+    #   The number of recovery codes remaining for a Member.
+    #   The type of this field is +Integer+.
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
+    # member_session::
+    #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
+    #   The type of this field is nilable +MemberSession+ (+object+).
+    def recover(
+      organization_id:,
+      member_id:,
+      recovery_code:,
+      intermediate_session_token: nil,
+      session_token: nil,
+      session_jwt: nil,
+      session_duration_minutes: nil,
+      session_custom_claims: nil
+    )
+      headers = {}
+      request = {
+        organization_id: organization_id,
+        member_id: member_id,
+        recovery_code: recovery_code
+      }
+      request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
+      request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
+      request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+
+      post_request('/v1/b2b/recovery_codes/recover', request, headers)
+    end
+
+    # Returns a Member's full set of active recovery codes.
+    #
+    # == Parameters:
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member.
+    #   The type of this field is +String+.
+    # member::
+    #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+    #   The type of this field is +Member+ (+object+).
+    # organization::
+    #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+    #   The type of this field is +Organization+ (+object+).
+    # recovery_codes::
+    #   An array of recovery codes that can be used to recover a Member's account.
+    #   The type of this field is list of +String+.
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
+    def get(
+      organization_id:,
+      member_id:
+    )
+      headers = {}
+      query_params = {}
+      request = request_with_query_params("/v1/b2b/recovery_codes/#{organization_id}/#{member_id}", query_params)
+      get_request(request, headers)
+    end
+
+    # Rotate a Member's recovery codes. This invalidates all existing recovery codes and generates a new set of recovery codes.
+    #
+    # == Parameters:
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member.
+    #   The type of this field is +String+.
+    # member::
+    #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+    #   The type of this field is +Member+ (+object+).
+    # organization::
+    #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+    #   The type of this field is +Organization+ (+object+).
+    # recovery_codes::
+    #   An array of recovery codes that can be used to recover a Member's account.
+    #   The type of this field is list of +String+.
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
+    def rotate(
+      organization_id:,
+      member_id:
+    )
+      headers = {}
+      request = {
+        organization_id: organization_id,
+        member_id: member_id
+      }
+
+      post_request('/v1/b2b/recovery_codes/rotate', request, headers)
+    end
+  end
+end

data/lib/stytch/b2b_sessions.rb

@@ -72,7 +72,7 @@ module StytchB2B
     #
     # You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid.
     #
-    # If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://github.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
+    # If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
     # In addition, the `organization_id` passed in the authorization check must match the Member's Organization.
     #
     # If the Member is not authorized to perform the specified action on the specified Resource, or if the
@@ -105,10 +105,10 @@ module StytchB2B
     #   Total custom claims size cannot exceed four kilobytes.
     #   The type of this field is nilable +object+.
     # authorization_check::
-    #   (Coming Soon) If an `authorization_check` object is passed in, this endpoint will also check if the Member is
+    #   If an `authorization_check` object is passed in, this endpoint will also check if the Member is
     #   authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if
     #   their Member Session contains a Role, assigned
-    #   [explicitly or implicitly](https://github.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
+    #   [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
     #   In addition, the `organization_id` passed in the authorization check must match the Member's Organization.
     #
     #   The Roles on the Member Session may differ from the Roles you see on the Member object - Roles that are implicitly
@@ -144,7 +144,7 @@ module StytchB2B
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
     # verdict::
-    #   (Coming Soon) If an `authorization_check` is provided in the request and the check succeeds, this field will return
+    #   If an `authorization_check` is provided in the request and the check succeeds, this field will return
     #   the complete list of Roles that gave the Member permission to perform the specified action on the specified Resource.
     #   The type of this field is nilable +AuthorizationVerdict+ (+object+).
     def authenticate(

data/lib/stytch/b2b_sso.rb

@@ -466,10 +466,10 @@ module StytchB2B
       #   The URL for which assertions for login requests will be sent. This will be provided by the IdP.
       #   The type of this field is nilable +String+.
       # saml_connection_implicit_role_assignments::
-      #   (Coming Soon) All Members who log in with this SAML connection will implicitly receive the specified Roles. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
+      #   All Members who log in with this SAML connection will implicitly receive the specified Roles. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
       #   The type of this field is nilable list of +String+.
       # saml_group_implicit_role_assignments::
-      #   (Coming Soon) Defines the names of the SAML groups
+      #   Defines the names of the SAML groups
       #  that grant specific role assignments. For each group-Role pair, if a Member logs in with this SAML connection and
       #  belongs to the specified SAML group, they will be granted the associated Role. See the
       #  [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.

data/lib/stytch/b2b_totps.rb

@@ -0,0 +1,261 @@
+# frozen_string_literal: true
+
+# !!!
+# WARNING: This file is autogenerated
+# Only modify code within MANUAL() sections
+# or your changes may be overwritten later!
+# !!!
+
+require_relative 'request_helper'
+
+module StytchB2B
+  class TOTPs
+    include Stytch::RequestHelper
+
+    def initialize(connection)
+      @connection = connection
+    end
+
+    # Create a new TOTP instance for a Member. The Member can use the authenticator application of their choice to scan the QR code or enter the secret.
+    #
+    # Passing an intermediate session token, session token, or session JWT is not required, but if passed must match the Member ID passed.
+    #
+    # == Parameters:
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    # expiration_minutes::
+    #   The expiration for the TOTP registration. If the newly created TOTP registration is not authenticated within this time frame the member will have to restart the registration flow. Defaults to 60 (1 hour) with a minimum of 5 and a maximum of 1440.
+    #   The type of this field is nilable +Integer+.
+    # intermediate_session_token::
+    #   The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
+    #     The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
+    #     the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
+    #     or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
+    #   The type of this field is nilable +String+.
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is nilable +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is nilable +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member.
+    #   The type of this field is +String+.
+    # totp_registration_id::
+    #   The unique ID for a TOTP instance.
+    #   The type of this field is +String+.
+    # secret::
+    #   The TOTP secret key shared between the authenticator app and the server used to generate TOTP codes.
+    #   The type of this field is +String+.
+    # qr_code::
+    #   The QR code image encoded in base64.
+    #   The type of this field is +String+.
+    # recovery_codes::
+    #   An array of recovery codes that can be used to recover a Member's account.
+    #   The type of this field is list of +String+.
+    # member::
+    #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+    #   The type of this field is +Member+ (+object+).
+    # organization::
+    #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+    #   The type of this field is +Organization+ (+object+).
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
+    def create(
+      organization_id:,
+      member_id:,
+      expiration_minutes: nil,
+      intermediate_session_token: nil,
+      session_token: nil,
+      session_jwt: nil
+    )
+      headers = {}
+      request = {
+        organization_id: organization_id,
+        member_id: member_id
+      }
+      request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil?
+      request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
+
+      post_request('/v1/b2b/totp', request, headers)
+    end
+
+    # Authenticate a Member provided TOTP.
+    #
+    # == Parameters:
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    # code::
+    #   The code to authenticate.
+    #   The type of this field is +String+.
+    # intermediate_session_token::
+    #   The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
+    #     The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow;
+    #     the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
+    #     or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
+    #   The type of this field is nilable +String+.
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is nilable +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is nilable +String+.
+    # session_duration_minutes::
+    #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+    #   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+    #   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+    #
+    #   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+    #
+    #   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+    #
+    #   If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
+    #   to use the Stytch session product, you can ignore the session fields in the response.
+    #   The type of this field is nilable +Integer+.
+    # session_custom_claims::
+    #   Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
+    #   `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
+    #   delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
+    #   Total custom claims size cannot exceed four kilobytes.
+    #   The type of this field is nilable +object+.
+    # set_mfa_enrollment::
+    #   Optionally sets the Member’s MFA enrollment status upon a successful authentication. If the Organization’s MFA policy is `REQUIRED_FOR_ALL`, this field will be ignored. If this field is not passed in, the Member’s `mfa_enrolled` boolean will not be affected. The options are:
+    #
+    #   `enroll` – sets the Member's `mfa_enrolled` boolean to `true`. The Member will be required to complete an MFA step upon subsequent logins to the Organization.
+    #
+    #   `unenroll` –  sets the Member's `mfa_enrolled` boolean to `false`. The Member will no longer be required to complete MFA steps when logging in to the Organization.
+    #
+    #   The type of this field is nilable +String+.
+    # set_default_mfa::
+    #   If passed will set the authenticated method to the default MFA method. Completing an MFA authentication flow for the first time for a Member will implicitly set the method to the default MFA method. This option can be used to update the default MFA method if multiple are being used.
+    #   The type of this field is nilable +Boolean+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member.
+    #   The type of this field is +String+.
+    # member::
+    #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+    #   The type of this field is +Member+ (+object+).
+    # organization::
+    #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+    #   The type of this field is +Organization+ (+object+).
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is +String+.
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
+    # member_session::
+    #   The [Session object](https://stytch.com/docs/b2b/api/session-object).
+    #   The type of this field is nilable +MemberSession+ (+object+).
+    def authenticate(
+      organization_id:,
+      member_id:,
+      code:,
+      intermediate_session_token: nil,
+      session_token: nil,
+      session_jwt: nil,
+      session_duration_minutes: nil,
+      session_custom_claims: nil,
+      set_mfa_enrollment: nil,
+      set_default_mfa: nil
+    )
+      headers = {}
+      request = {
+        organization_id: organization_id,
+        member_id: member_id,
+        code: code
+      }
+      request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
+      request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
+      request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+      request[:set_mfa_enrollment] = set_mfa_enrollment unless set_mfa_enrollment.nil?
+      request[:set_default_mfa] = set_default_mfa unless set_default_mfa.nil?
+
+      post_request('/v1/b2b/totp/authenticate', request, headers)
+    end
+
+    # Migrate an existing TOTP instance for a Member. Recovery codes are not required and will be minted for the Member if not provided.
+    #
+    # == Parameters:
+    # organization_id::
+    #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+    #   The type of this field is +String+.
+    # secret::
+    #   The TOTP secret key shared between the authenticator app and the server used to generate TOTP codes.
+    #   The type of this field is +String+.
+    # recovery_codes::
+    #   An existing set of recovery codes to be imported into Stytch to be used to authenticate in place of the secondary MFA method.
+    #   The type of this field is list of +String+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # member_id::
+    #   Globally unique UUID that identifies a specific Member.
+    #   The type of this field is +String+.
+    # member::
+    #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+    #   The type of this field is +Member+ (+object+).
+    # organization::
+    #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+    #   The type of this field is +Organization+ (+object+).
+    # totp_registration_id::
+    #   The unique ID for a TOTP instance.
+    #   The type of this field is +String+.
+    # recovery_codes::
+    #   An array of recovery codes that can be used to recover a Member's account.
+    #   The type of this field is list of +String+.
+    # status_code::
+    #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+    #   The type of this field is +Integer+.
+    def migrate(
+      organization_id:,
+      member_id:,
+      secret:,
+      recovery_codes:
+    )
+      headers = {}
+      request = {
+        organization_id: organization_id,
+        member_id: member_id,
+        secret: secret,
+        recovery_codes: recovery_codes
+      }
+
+      post_request('/v1/b2b/totp/migrate', request, headers)
+    end
+  end
+end

data/lib/stytch/oauth.rb

@@ -123,7 +123,7 @@ module Stytch
     # provider_values::
     #   The `provider_values` object lists relevant identifiers, values, and scopes for a given OAuth provider. For example this object will include a provider's `access_token` that you can use to access the provider's API for a given user.
     #
-    #   Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only returned by OIDC complaint identity providers.
+    #   Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only returned by OIDC compliant identity providers.
     #   The type of this field is +ProviderValues+ (+object+).
     # user::
     #   The `user` object affected by this API call. See the [Get user endpoint](https://stytch.com/docs/api/get-user) for complete response field details.

data/lib/stytch/otps.rb

@@ -132,6 +132,8 @@ module Stytch
       #
       # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
       #
+      # Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries).
+      #
       # ### Add a phone number to an existing user
       #
       # This endpoint also allows you to add a new phone number to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in your Send one-time passcode by SMS request will add the new, unverified phone number to the existing Stytch User. If the user successfully authenticates within 5 minutes, the new phone number will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that phone number will create a new User.
@@ -212,6 +214,8 @@ module Stytch
       #
       # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS).
       #
+      # Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries).
+      #
       # ### Next steps
       #
       # Collect the OTP which was delivered to the User. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`.

data/lib/stytch/passwords.rb

@@ -292,6 +292,11 @@ module Stytch
     # untrusted_metadata::
     #   The `untrusted_metadata` field contains an arbitrary JSON object of application-specific data. Untrusted metadata can be edited by end users directly via the SDK, and **cannot be used to store critical information.** See the [Metadata](https://stytch.com/docs/api/metadata) reference for complete field behavior details.
     #   The type of this field is nilable +object+.
+    # set_email_verified::
+    #   Whether to set the user's email as verified. This is a dangerous field. Incorrect use may lead to users getting erroneously
+    #                 deduplicated into one user object. This flag should only be set if you can attest that the user owns the email address in question.
+    #                 Access to this field is restricted. To enable it, please send us a note at support@stytch.com.
+    #   The type of this field is nilable +Boolean+.
     # name::
     #   The name of the user. Each field in the name object is optional.
     #   The type of this field is nilable +Name+ (+object+).
@@ -327,6 +332,7 @@ module Stytch
       pbkdf_2_config: nil,
       trusted_metadata: nil,
       untrusted_metadata: nil,
+      set_email_verified: nil,
       name: nil
     )
       headers = {}
@@ -342,6 +348,7 @@ module Stytch
       request[:pbkdf_2_config] = pbkdf_2_config unless pbkdf_2_config.nil?
       request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
       request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil?
+      request[:set_email_verified] = set_email_verified unless set_email_verified.nil?
       request[:name] = name unless name.nil?
 
       post_request('/v1/passwords/migrate', request, headers)

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '7.0.3'
+  VERSION = '7.2.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 7.0.3
+  version: 7.2.0
 platform: ruby
 authors:
 - stytch
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-12-15 00:00:00.000000000 Z
+date: 2024-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -132,8 +132,10 @@ files:
 - lib/stytch/b2b_otp.rb
 - lib/stytch/b2b_passwords.rb
 - lib/stytch/b2b_rbac.rb
+- lib/stytch/b2b_recovery_codes.rb
 - lib/stytch/b2b_sessions.rb
 - lib/stytch/b2b_sso.rb
+- lib/stytch/b2b_totps.rb
 - lib/stytch/client.rb
 - lib/stytch/crypto_wallets.rb
 - lib/stytch/errors.rb