stytch 7.4.0 → 7.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/DEVELOPMENT.md +1 -1
- data/README.md +1 -1
- data/lib/stytch/b2b_discovery.rb +11 -25
- data/lib/stytch/b2b_magic_links.rb +8 -11
- data/lib/stytch/b2b_oauth.rb +11 -11
- data/lib/stytch/b2b_organizations.rb +32 -15
- data/lib/stytch/b2b_otp.rb +2 -10
- data/lib/stytch/b2b_passwords.rb +16 -19
- data/lib/stytch/b2b_recovery_codes.rb +1 -5
- data/lib/stytch/b2b_sessions.rb +5 -5
- data/lib/stytch/b2b_sso.rb +9 -7
- data/lib/stytch/b2b_totps.rb +2 -10
- data/lib/stytch/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 207a8b80bd8b8f62b7edd7bc0398c696fbc7b28190b1d1a2157e404aede47f0e
|
4
|
+
data.tar.gz: 4e98aa6bab1bbd75e81c940aadad15816864c4f9ce61a8aa2c5910e12566aef8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c58c3b1bc072456fb852fd99f629cfb37bf128101720edcbf708dd8dd3141002df363d9bed4aea86f27d1a3afa08622911c749d7c4c0351681b0a56cb772f58b
|
7
|
+
data.tar.gz: 3114865806a41f85c50c5c162f31e5c248411797dba89e81a4c169fa317af2b0c9868c718fe0a6a292d2bfaad484f17245bbecacd1d7a22a30ed079f8110e3db
|
data/DEVELOPMENT.md
CHANGED
@@ -18,4 +18,4 @@ If you have non-trivial changes you'd like us to incorporate, please open an iss
|
|
18
18
|
When you're ready for someone to look at your issue or PR, assign `@stytchauth/client-libraries` (GitHub should do this automatically). If we don't acknowledge it within one business day, please escalate it by tagging `@stytchauth/engineering` in a comment or letting us know in [Slack].
|
19
19
|
|
20
20
|
[Bundler]: https://bundler.io/
|
21
|
-
[Slack]: https://
|
21
|
+
[Slack]: https://stytch.slack.com/join/shared_invite/zt-2f0fi1ruu-ub~HGouWRmPARM1MTwPESA
|
data/README.md
CHANGED
@@ -77,7 +77,7 @@ Follow one of the [integration guides](https://stytch.com/docs/guides) or start
|
|
77
77
|
|
78
78
|
If you've found a bug, [open an issue](https://github.com/stytchauth/stytch-ruby/issues/new)!
|
79
79
|
|
80
|
-
If you have questions or want help troubleshooting, join us in [Slack](https://
|
80
|
+
If you have questions or want help troubleshooting, join us in [Slack](https://stytch.slack.com/join/shared_invite/zt-2f0fi1ruu-ub~HGouWRmPARM1MTwPESA) or email support@stytch.com.
|
81
81
|
|
82
82
|
If you've found a security vulnerability, please follow our [responsible disclosure instructions](https://stytch.com/docs/resources/security-and-trust/security#:~:text=Responsible%20disclosure%20program).
|
83
83
|
|
data/lib/stytch/b2b_discovery.rb
CHANGED
@@ -40,11 +40,7 @@ module StytchB2B
|
|
40
40
|
#
|
41
41
|
# == Parameters:
|
42
42
|
# intermediate_session_token::
|
43
|
-
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
44
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
45
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow;
|
46
|
-
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
47
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
43
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
48
44
|
# The type of this field is +String+.
|
49
45
|
# organization_id::
|
50
46
|
# Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
|
@@ -102,11 +98,7 @@ module StytchB2B
|
|
102
98
|
# Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
|
103
99
|
# The type of this field is +Boolean+.
|
104
100
|
# intermediate_session_token::
|
105
|
-
# The returned Intermediate Session Token is identical to the one that was originally passed in to the request.
|
106
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
107
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization.
|
108
|
-
# It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a different existing Organization,
|
109
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization.
|
101
|
+
# The returned Intermediate Session Token is identical to the one that was originally passed in to the request. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
110
102
|
# The type of this field is +String+.
|
111
103
|
# status_code::
|
112
104
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
@@ -117,6 +109,9 @@ module StytchB2B
|
|
117
109
|
# mfa_required::
|
118
110
|
# Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
|
119
111
|
# The type of this field is nilable +MfaRequired+ (+object+).
|
112
|
+
# primary_required::
|
113
|
+
# (no documentation yet)
|
114
|
+
# The type of this field is nilable +PrimaryRequired+ (+object+).
|
120
115
|
def exchange(
|
121
116
|
intermediate_session_token:,
|
122
117
|
organization_id:,
|
@@ -162,11 +157,7 @@ module StytchB2B
|
|
162
157
|
#
|
163
158
|
# == Parameters:
|
164
159
|
# intermediate_session_token::
|
165
|
-
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
166
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
167
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow;
|
168
|
-
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
169
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
160
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
170
161
|
# The type of this field is +String+.
|
171
162
|
# organization_name::
|
172
163
|
# The name of the Organization. If the name is not specified, a default name will be created based on the email used to initiate the discovery flow. If the email domain is a common email provider such as gmail.com, or if the email is a .edu email, the organization name will be generated based on the name portion of the email. Otherwise, the organization name will be generated based on the email domain.
|
@@ -294,11 +285,7 @@ module StytchB2B
|
|
294
285
|
# Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
|
295
286
|
# The type of this field is +Boolean+.
|
296
287
|
# intermediate_session_token::
|
297
|
-
# The returned Intermediate Session Token is identical to the one that was originally passed in to the request.
|
298
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
299
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization.
|
300
|
-
# It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a different existing Organization,
|
301
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization.
|
288
|
+
# The returned Intermediate Session Token is identical to the one that was originally passed in to the request. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
302
289
|
# The type of this field is +String+.
|
303
290
|
# status_code::
|
304
291
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
@@ -312,6 +299,9 @@ module StytchB2B
|
|
312
299
|
# mfa_required::
|
313
300
|
# Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
|
314
301
|
# The type of this field is nilable +MfaRequired+ (+object+).
|
302
|
+
# primary_required::
|
303
|
+
# (no documentation yet)
|
304
|
+
# The type of this field is nilable +PrimaryRequired+ (+object+).
|
315
305
|
def create(
|
316
306
|
intermediate_session_token:,
|
317
307
|
organization_name:,
|
@@ -371,11 +361,7 @@ module StytchB2B
|
|
371
361
|
#
|
372
362
|
# == Parameters:
|
373
363
|
# intermediate_session_token::
|
374
|
-
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
375
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
376
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow;
|
377
|
-
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
378
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
364
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
379
365
|
# The type of this field is nilable +String+.
|
380
366
|
# session_token::
|
381
367
|
# A secret token for a given Stytch Session.
|
@@ -76,6 +76,9 @@ module StytchB2B
|
|
76
76
|
# Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
|
77
77
|
#
|
78
78
|
# The type of this field is nilable +AuthenticateRequestLocale+ (string enum).
|
79
|
+
# intermediate_session_token::
|
80
|
+
# Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned.
|
81
|
+
# The type of this field is nilable +String+.
|
79
82
|
#
|
80
83
|
# == Returns:
|
81
84
|
# An object with the following fields:
|
@@ -111,11 +114,7 @@ module StytchB2B
|
|
111
114
|
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
112
115
|
# The type of this field is +Organization+ (+object+).
|
113
116
|
# intermediate_session_token::
|
114
|
-
# The returned Intermediate Session Token contains an Email Magic Link factor associated with the Member's email address.
|
115
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
116
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization.
|
117
|
-
# It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a different existing Organization that allows login with Email Magic Links,
|
118
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization.
|
117
|
+
# The returned Intermediate Session Token contains an Email Magic Link factor associated with the Member's email address. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
119
118
|
# The type of this field is +String+.
|
120
119
|
# member_authenticated::
|
121
120
|
# Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
|
@@ -133,7 +132,8 @@ module StytchB2B
|
|
133
132
|
session_jwt: nil,
|
134
133
|
session_duration_minutes: nil,
|
135
134
|
session_custom_claims: nil,
|
136
|
-
locale: nil
|
135
|
+
locale: nil,
|
136
|
+
intermediate_session_token: nil
|
137
137
|
)
|
138
138
|
headers = {}
|
139
139
|
request = {
|
@@ -145,6 +145,7 @@ module StytchB2B
|
|
145
145
|
request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
|
146
146
|
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
147
147
|
request[:locale] = locale unless locale.nil?
|
148
|
+
request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
|
148
149
|
|
149
150
|
post_request('/v1/b2b/magic_links/authenticate', request, headers)
|
150
151
|
end
|
@@ -425,11 +426,7 @@ module StytchB2B
|
|
425
426
|
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
426
427
|
# The type of this field is +String+.
|
427
428
|
# intermediate_session_token::
|
428
|
-
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
429
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
430
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow;
|
431
|
-
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
432
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
429
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
433
430
|
# The type of this field is +String+.
|
434
431
|
# email_address::
|
435
432
|
# The email address.
|
data/lib/stytch/b2b_oauth.rb
CHANGED
@@ -71,6 +71,9 @@ module StytchB2B
|
|
71
71
|
# Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
|
72
72
|
#
|
73
73
|
# The type of this field is nilable +AuthenticateRequestLocale+ (string enum).
|
74
|
+
# intermediate_session_token::
|
75
|
+
# Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned.
|
76
|
+
# The type of this field is nilable +String+.
|
74
77
|
#
|
75
78
|
# == Returns:
|
76
79
|
# An object with the following fields:
|
@@ -108,11 +111,7 @@ module StytchB2B
|
|
108
111
|
# Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
|
109
112
|
# The type of this field is +Boolean+.
|
110
113
|
# intermediate_session_token::
|
111
|
-
# The returned Intermediate Session Token contains an OAuth factor associated with the Member's email address.
|
112
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
113
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization.
|
114
|
-
# It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a different existing Organization that allows login with OAuth,
|
115
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization.
|
114
|
+
# The returned Intermediate Session Token contains an OAuth factor associated with the Member's email address. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
116
115
|
# The type of this field is +String+.
|
117
116
|
# status_code::
|
118
117
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
@@ -128,6 +127,9 @@ module StytchB2B
|
|
128
127
|
# mfa_required::
|
129
128
|
# Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
|
130
129
|
# The type of this field is nilable +MfaRequired+ (+object+).
|
130
|
+
# primary_required::
|
131
|
+
# (no documentation yet)
|
132
|
+
# The type of this field is nilable +PrimaryRequired+ (+object+).
|
131
133
|
def authenticate(
|
132
134
|
oauth_token:,
|
133
135
|
session_token: nil,
|
@@ -135,7 +137,8 @@ module StytchB2B
|
|
135
137
|
session_jwt: nil,
|
136
138
|
session_custom_claims: nil,
|
137
139
|
pkce_code_verifier: nil,
|
138
|
-
locale: nil
|
140
|
+
locale: nil,
|
141
|
+
intermediate_session_token: nil
|
139
142
|
)
|
140
143
|
headers = {}
|
141
144
|
request = {
|
@@ -147,6 +150,7 @@ module StytchB2B
|
|
147
150
|
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
148
151
|
request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil?
|
149
152
|
request[:locale] = locale unless locale.nil?
|
153
|
+
request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
|
150
154
|
|
151
155
|
post_request('/v1/b2b/oauth/authenticate', request, headers)
|
152
156
|
end
|
@@ -186,11 +190,7 @@ module StytchB2B
|
|
186
190
|
# Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
|
187
191
|
# The type of this field is +String+.
|
188
192
|
# intermediate_session_token::
|
189
|
-
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
190
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
191
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow;
|
192
|
-
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
193
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
193
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
194
194
|
# The type of this field is +String+.
|
195
195
|
# email_address::
|
196
196
|
# The email address.
|
@@ -353,7 +353,7 @@ module StytchB2B
|
|
353
353
|
# for more information about role assignment.
|
354
354
|
#
|
355
355
|
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.implicit-roles` action on the `stytch.organization` Resource.
|
356
|
-
# The type of this field is nilable list of +
|
356
|
+
# The type of this field is nilable list of +EmailImplicitRoleAssignment+.
|
357
357
|
# mfa_methods::
|
358
358
|
# The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are:
|
359
359
|
#
|
@@ -534,8 +534,7 @@ module StytchB2B
|
|
534
534
|
# name::
|
535
535
|
# The name of the Member.
|
536
536
|
#
|
537
|
-
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.name` action on the `stytch.member` Resource.
|
538
|
-
# Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.name` action on the `stytch.self` Resource.
|
537
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.name` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.name` action on the `stytch.self` Resource.
|
539
538
|
# The type of this field is nilable +String+.
|
540
539
|
# trusted_metadata::
|
541
540
|
# An arbitrary JSON object for storing application-specific data or identity-provider-specific data.
|
@@ -547,8 +546,7 @@ module StytchB2B
|
|
547
546
|
# frontend SDK, and should not be used to store critical information. See the [Metadata resource](https://stytch.com/docs/b2b/api/metadata)
|
548
547
|
# for complete field behavior details.
|
549
548
|
#
|
550
|
-
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.untrusted-metadata` action on the `stytch.member` Resource.
|
551
|
-
# Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.untrusted-metadata` action on the `stytch.self` Resource.
|
549
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.untrusted-metadata` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.untrusted-metadata` action on the `stytch.self` Resource.
|
552
550
|
# The type of this field is nilable +object+.
|
553
551
|
# is_breakglass::
|
554
552
|
# Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](organization-object) and its `auth_methods` and `allowed_auth_methods` fields for more details.
|
@@ -558,14 +556,12 @@ module StytchB2B
|
|
558
556
|
# mfa_phone_number::
|
559
557
|
# Sets the Member's phone number. Throws an error if the Member already has a phone number. To change the Member's phone number, use the [Delete member phone number endpoint](https://stytch.com/docs/b2b/api/delete-member-mfa-phone-number) to delete the Member's existing phone number first.
|
560
558
|
#
|
561
|
-
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.mfa-phone` action on the `stytch.member` Resource.
|
562
|
-
# Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.mfa-phone` action on the `stytch.self` Resource.
|
559
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.mfa-phone` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.mfa-phone` action on the `stytch.self` Resource.
|
563
560
|
# The type of this field is nilable +String+.
|
564
561
|
# mfa_enrolled::
|
565
562
|
# Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.
|
566
563
|
#
|
567
|
-
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.mfa-enrolled` action on the `stytch.member` Resource.
|
568
|
-
# Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.mfa-enrolled` action on the `stytch.self` Resource.
|
564
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.mfa-enrolled` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.mfa-enrolled` action on the `stytch.self` Resource.
|
569
565
|
# The type of this field is nilable +Boolean+.
|
570
566
|
# roles::
|
571
567
|
# Roles to explicitly assign to this Member.
|
@@ -587,11 +583,14 @@ module StytchB2B
|
|
587
583
|
# default_mfa_method::
|
588
584
|
# Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.
|
589
585
|
#
|
590
|
-
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.default-mfa-method` action on the `stytch.member` Resource.
|
591
|
-
# Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.default-mfa-method` action on the `stytch.self` Resource.
|
586
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.default-mfa-method` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.default-mfa-method` action on the `stytch.self` Resource.
|
592
587
|
# The type of this field is nilable +String+.
|
593
588
|
# email_address::
|
594
589
|
# Updates the Member's `email_address`, if provided.
|
590
|
+
# If a Member's email address is changed, other Members in the same Organization cannot use the old email address, although the Member may update back to their old email address.
|
591
|
+
# A Member's email address can only be useable again by other Members if the Member is deleted.
|
592
|
+
#
|
593
|
+
# If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.email` action on the `stytch.member` Resource. Members cannot update their own email address.
|
595
594
|
# The type of this field is nilable +String+.
|
596
595
|
#
|
597
596
|
# == Returns:
|
@@ -1074,6 +1073,9 @@ module StytchB2B
|
|
1074
1073
|
# member_id::
|
1075
1074
|
# Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
|
1076
1075
|
# The type of this field is +String+.
|
1076
|
+
# include_refresh_token::
|
1077
|
+
# Whether to return the refresh token Stytch has stored for the OAuth Provider. Defaults to false. **Important:** If your application exchanges the refresh token, Stytch may not be able to automatically refresh access tokens in the future.
|
1078
|
+
# The type of this field is nilable +Boolean+.
|
1077
1079
|
#
|
1078
1080
|
# == Returns:
|
1079
1081
|
# An object with the following fields:
|
@@ -1101,12 +1103,18 @@ module StytchB2B
|
|
1101
1103
|
# status_code::
|
1102
1104
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
1103
1105
|
# The type of this field is +Integer+.
|
1106
|
+
# refresh_token::
|
1107
|
+
# The `refresh_token` that you may use to obtain a new `access_token` for the User within the provider's API.
|
1108
|
+
# The type of this field is nilable +String+.
|
1104
1109
|
def google(
|
1105
1110
|
organization_id:,
|
1106
|
-
member_id
|
1111
|
+
member_id:,
|
1112
|
+
include_refresh_token: nil
|
1107
1113
|
)
|
1108
1114
|
headers = {}
|
1109
|
-
query_params = {
|
1115
|
+
query_params = {
|
1116
|
+
include_refresh_token: include_refresh_token
|
1117
|
+
}
|
1110
1118
|
request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/oauth_providers/google", query_params)
|
1111
1119
|
get_request(request, headers)
|
1112
1120
|
end
|
@@ -1122,6 +1130,9 @@ module StytchB2B
|
|
1122
1130
|
# member_id::
|
1123
1131
|
# Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
|
1124
1132
|
# The type of this field is +String+.
|
1133
|
+
# include_refresh_token::
|
1134
|
+
# Whether to return the refresh token Stytch has stored for the OAuth Provider. Defaults to false. **Important:** If your application exchanges the refresh token, Stytch may not be able to automatically refresh access tokens in the future.
|
1135
|
+
# The type of this field is nilable +Boolean+.
|
1125
1136
|
#
|
1126
1137
|
# == Returns:
|
1127
1138
|
# An object with the following fields:
|
@@ -1149,12 +1160,18 @@ module StytchB2B
|
|
1149
1160
|
# status_code::
|
1150
1161
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
1151
1162
|
# The type of this field is +Integer+.
|
1163
|
+
# refresh_token::
|
1164
|
+
# The `refresh_token` that you may use to obtain a new `access_token` for the User within the provider's API.
|
1165
|
+
# The type of this field is nilable +String+.
|
1152
1166
|
def microsoft(
|
1153
1167
|
organization_id:,
|
1154
|
-
member_id
|
1168
|
+
member_id:,
|
1169
|
+
include_refresh_token: nil
|
1155
1170
|
)
|
1156
1171
|
headers = {}
|
1157
|
-
query_params = {
|
1172
|
+
query_params = {
|
1173
|
+
include_refresh_token: include_refresh_token
|
1174
|
+
}
|
1158
1175
|
request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/oauth_providers/microsoft", query_params)
|
1159
1176
|
get_request(request, headers)
|
1160
1177
|
end
|
data/lib/stytch/b2b_otp.rb
CHANGED
@@ -65,11 +65,7 @@ module StytchB2B
|
|
65
65
|
#
|
66
66
|
# The type of this field is nilable +SendRequestLocale+ (string enum).
|
67
67
|
# intermediate_session_token::
|
68
|
-
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
69
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
70
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow;
|
71
|
-
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
72
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
68
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
73
69
|
# The type of this field is nilable +String+.
|
74
70
|
# session_token::
|
75
71
|
# A secret token for a given Stytch Session.
|
@@ -146,11 +142,7 @@ module StytchB2B
|
|
146
142
|
# The code to authenticate.
|
147
143
|
# The type of this field is +String+.
|
148
144
|
# intermediate_session_token::
|
149
|
-
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
150
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
151
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow;
|
152
|
-
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
153
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
145
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
154
146
|
# The type of this field is nilable +String+.
|
155
147
|
# session_token::
|
156
148
|
# A secret token for a given Stytch Session.
|
data/lib/stytch/b2b_passwords.rb
CHANGED
@@ -255,6 +255,9 @@ module StytchB2B
|
|
255
255
|
# Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
|
256
256
|
#
|
257
257
|
# The type of this field is nilable +AuthenticateRequestLocale+ (string enum).
|
258
|
+
# intermediate_session_token::
|
259
|
+
# Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned.
|
260
|
+
# The type of this field is nilable +String+.
|
258
261
|
#
|
259
262
|
# == Returns:
|
260
263
|
# An object with the following fields:
|
@@ -280,10 +283,7 @@ module StytchB2B
|
|
280
283
|
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
281
284
|
# The type of this field is +Organization+ (+object+).
|
282
285
|
# intermediate_session_token::
|
283
|
-
# The returned Intermediate Session Token contains a password factor associated with the Member.
|
284
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
285
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization.
|
286
|
-
# Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
|
286
|
+
# The returned Intermediate Session Token contains a password factor associated with the Member. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
|
287
287
|
# The type of this field is +String+.
|
288
288
|
# member_authenticated::
|
289
289
|
# Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
|
@@ -305,7 +305,8 @@ module StytchB2B
|
|
305
305
|
session_duration_minutes: nil,
|
306
306
|
session_jwt: nil,
|
307
307
|
session_custom_claims: nil,
|
308
|
-
locale: nil
|
308
|
+
locale: nil,
|
309
|
+
intermediate_session_token: nil
|
309
310
|
)
|
310
311
|
headers = {}
|
311
312
|
request = {
|
@@ -318,6 +319,7 @@ module StytchB2B
|
|
318
319
|
request[:session_jwt] = session_jwt unless session_jwt.nil?
|
319
320
|
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
320
321
|
request[:locale] = locale unless locale.nil?
|
322
|
+
request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
|
321
323
|
|
322
324
|
post_request('/v1/b2b/passwords/authenticate', request, headers)
|
323
325
|
end
|
@@ -473,6 +475,9 @@ module StytchB2B
|
|
473
475
|
# Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
|
474
476
|
#
|
475
477
|
# The type of this field is nilable +ResetRequestLocale+ (string enum).
|
478
|
+
# intermediate_session_token::
|
479
|
+
# Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned.
|
480
|
+
# The type of this field is nilable +String+.
|
476
481
|
#
|
477
482
|
# == Returns:
|
478
483
|
# An object with the following fields:
|
@@ -501,10 +506,7 @@ module StytchB2B
|
|
501
506
|
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
502
507
|
# The type of this field is +Organization+ (+object+).
|
503
508
|
# intermediate_session_token::
|
504
|
-
# The returned Intermediate Session Token contains a password factor associated with the Member.
|
505
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
506
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization.
|
507
|
-
# Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
|
509
|
+
# The returned Intermediate Session Token contains a password factor associated with the Member. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
|
508
510
|
# The type of this field is +String+.
|
509
511
|
# member_authenticated::
|
510
512
|
# Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
|
@@ -526,7 +528,8 @@ module StytchB2B
|
|
526
528
|
session_jwt: nil,
|
527
529
|
code_verifier: nil,
|
528
530
|
session_custom_claims: nil,
|
529
|
-
locale: nil
|
531
|
+
locale: nil,
|
532
|
+
intermediate_session_token: nil
|
530
533
|
)
|
531
534
|
headers = {}
|
532
535
|
request = {
|
@@ -539,6 +542,7 @@ module StytchB2B
|
|
539
542
|
request[:code_verifier] = code_verifier unless code_verifier.nil?
|
540
543
|
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
541
544
|
request[:locale] = locale unless locale.nil?
|
545
|
+
request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
|
542
546
|
|
543
547
|
post_request('/v1/b2b/passwords/email/reset', request, headers)
|
544
548
|
end
|
@@ -614,11 +618,7 @@ module StytchB2B
|
|
614
618
|
# The JSON Web Token (JWT) for a given Stytch Session.
|
615
619
|
# The type of this field is +String+.
|
616
620
|
# intermediate_session_token::
|
617
|
-
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
618
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
619
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow;
|
620
|
-
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
621
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
621
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
622
622
|
# The type of this field is +String+.
|
623
623
|
# member_authenticated::
|
624
624
|
# Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
|
@@ -746,10 +746,7 @@ module StytchB2B
|
|
746
746
|
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
747
747
|
# The type of this field is +Organization+ (+object+).
|
748
748
|
# intermediate_session_token::
|
749
|
-
# The returned Intermediate Session Token contains a password factor associated with the Member.
|
750
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
751
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization.
|
752
|
-
# Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
|
749
|
+
# The returned Intermediate Session Token contains a password factor associated with the Member. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
|
753
750
|
# The type of this field is +String+.
|
754
751
|
# member_authenticated::
|
755
752
|
# Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
|
@@ -29,11 +29,7 @@ module StytchB2B
|
|
29
29
|
# The recovery code generated by a secondary MFA method. This code is used to authenticate in place of the secondary MFA method if that method as a backup.
|
30
30
|
# The type of this field is +String+.
|
31
31
|
# intermediate_session_token::
|
32
|
-
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
33
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
34
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow;
|
35
|
-
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
36
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
32
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
37
33
|
# The type of this field is nilable +String+.
|
38
34
|
# session_token::
|
39
35
|
# A secret token for a given Stytch Session.
|
data/lib/stytch/b2b_sessions.rb
CHANGED
@@ -210,6 +210,7 @@ module StytchB2B
|
|
210
210
|
# To create a new member via domain matching, use the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) flow instead.
|
211
211
|
#
|
212
212
|
# Only Email Magic Link, OAuth, and SMS OTP factors can be transferred between sessions. Other authentication factors, such as password factors, will not be transferred to the new session.
|
213
|
+
# Any OAuth Tokens owned by the Member will not be transferred to the new Organization.
|
213
214
|
# SMS OTP factors can be used to fulfill MFA requirements for the target Organization if both the original and target Member have the same phone number and the phone number is verified for both Members.
|
214
215
|
#
|
215
216
|
# If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
|
@@ -283,11 +284,7 @@ module StytchB2B
|
|
283
284
|
# Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
|
284
285
|
# The type of this field is +Boolean+.
|
285
286
|
# intermediate_session_token::
|
286
|
-
# The returned Intermediate Session Token contains any Email Magic Link or OAuth factors from the original member session that are valid for the target Organization.
|
287
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
288
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the target Organization.
|
289
|
-
# It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a different existing Organization,
|
290
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization.
|
287
|
+
# The returned Intermediate Session Token contains any Email Magic Link or OAuth factors from the original member session that are valid for the target Organization. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
291
288
|
# The type of this field is +String+.
|
292
289
|
# status_code::
|
293
290
|
# The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
|
@@ -295,6 +292,9 @@ module StytchB2B
|
|
295
292
|
# mfa_required::
|
296
293
|
# Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
|
297
294
|
# The type of this field is nilable +MfaRequired+ (+object+).
|
295
|
+
# primary_required::
|
296
|
+
# (no documentation yet)
|
297
|
+
# The type of this field is nilable +PrimaryRequired+ (+object+).
|
298
298
|
def exchange(
|
299
299
|
organization_id:,
|
300
300
|
session_token: nil,
|
data/lib/stytch/b2b_sso.rb
CHANGED
@@ -181,6 +181,9 @@ module StytchB2B
|
|
181
181
|
# Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
|
182
182
|
#
|
183
183
|
# The type of this field is nilable +AuthenticateRequestLocale+ (string enum).
|
184
|
+
# intermediate_session_token::
|
185
|
+
# Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned.
|
186
|
+
# The type of this field is nilable +String+.
|
184
187
|
#
|
185
188
|
# == Returns:
|
186
189
|
# An object with the following fields:
|
@@ -210,10 +213,7 @@ module StytchB2B
|
|
210
213
|
# The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
|
211
214
|
# The type of this field is +Organization+ (+object+).
|
212
215
|
# intermediate_session_token::
|
213
|
-
# The returned Intermediate Session Token contains an SSO factor associated with the Member.
|
214
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
215
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization.
|
216
|
-
# SSO factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
|
216
|
+
# The returned Intermediate Session Token contains an SSO factor associated with the Member. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. SSO factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
|
217
217
|
# The type of this field is +String+.
|
218
218
|
# member_authenticated::
|
219
219
|
# Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.
|
@@ -234,7 +234,8 @@ module StytchB2B
|
|
234
234
|
session_jwt: nil,
|
235
235
|
session_duration_minutes: nil,
|
236
236
|
session_custom_claims: nil,
|
237
|
-
locale: nil
|
237
|
+
locale: nil,
|
238
|
+
intermediate_session_token: nil
|
238
239
|
)
|
239
240
|
headers = {}
|
240
241
|
request = {
|
@@ -246,6 +247,7 @@ module StytchB2B
|
|
246
247
|
request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
|
247
248
|
request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
|
248
249
|
request[:locale] = locale unless locale.nil?
|
250
|
+
request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil?
|
249
251
|
|
250
252
|
post_request('/v1/b2b/sso/authenticate', request, headers)
|
251
253
|
end
|
@@ -469,7 +471,7 @@ module StytchB2B
|
|
469
471
|
# The type of this field is nilable +String+.
|
470
472
|
# saml_connection_implicit_role_assignments::
|
471
473
|
# All Members who log in with this SAML connection will implicitly receive the specified Roles. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
|
472
|
-
# The type of this field is nilable list of +
|
474
|
+
# The type of this field is nilable list of +SAMLConnectionImplicitRoleAssignment+.
|
473
475
|
# saml_group_implicit_role_assignments::
|
474
476
|
# Defines the names of the SAML groups
|
475
477
|
# that grant specific role assignments. For each group-Role pair, if a Member logs in with this SAML connection and
|
@@ -477,7 +479,7 @@ module StytchB2B
|
|
477
479
|
# [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
|
478
480
|
# Before adding any group implicit role assignments, you must add a "groups" key to your SAML connection's
|
479
481
|
# `attribute_mapping`. Make sure that your IdP is configured to correctly send the group information.
|
480
|
-
# The type of this field is nilable list of +
|
482
|
+
# The type of this field is nilable list of +SAMLGroupImplicitRoleAssignment+.
|
481
483
|
# alternative_audience_uri::
|
482
484
|
# An alternative URL to use for the Audience Restriction. This value can be used when you wish to migrate an existing SAML integration to Stytch with zero downtime.
|
483
485
|
# The type of this field is nilable +String+.
|
data/lib/stytch/b2b_totps.rb
CHANGED
@@ -31,11 +31,7 @@ module StytchB2B
|
|
31
31
|
# The expiration for the TOTP registration. If the newly created TOTP registration is not authenticated within this time frame the member will have to restart the registration flow. Defaults to 60 (1 hour) with a minimum of 5 and a maximum of 1440.
|
32
32
|
# The type of this field is nilable +Integer+.
|
33
33
|
# intermediate_session_token::
|
34
|
-
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
35
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
36
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow;
|
37
|
-
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
38
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
34
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
39
35
|
# The type of this field is nilable +String+.
|
40
36
|
# session_token::
|
41
37
|
# A secret token for a given Stytch Session.
|
@@ -107,11 +103,7 @@ module StytchB2B
|
|
107
103
|
# The code to authenticate.
|
108
104
|
# The type of this field is +String+.
|
109
105
|
# intermediate_session_token::
|
110
|
-
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session.
|
111
|
-
# The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),
|
112
|
-
# or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow;
|
113
|
-
# the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token;
|
114
|
-
# or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
106
|
+
# The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
|
115
107
|
# The type of this field is nilable +String+.
|
116
108
|
# session_token::
|
117
109
|
# A secret token for a given Stytch Session.
|
data/lib/stytch/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: stytch
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.
|
4
|
+
version: 7.5.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- stytch
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-03-
|
11
|
+
date: 2024-03-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|