stytch 9.3.0 → 9.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d26559911b9b0677b360db5707cc19a0faead0a0420bd7ec7612766184dde63b
-  data.tar.gz: 37ed33c882f14ef4cb40e925f9dc62362a7674621a7ed032a5afca2a753cd503
+  metadata.gz: df153778bac5f00a6388121f7a71b60099fd5c2c6c3c1fbd547454ca569afda3
+  data.tar.gz: 225ed1bc1c7887a2fd4859d0df99c1de2b598e563c0f44888fbdf25e73e37e3e
 SHA512:
-  metadata.gz: c751854693f03128c410031c7647982a0702d8971ebb2df47a5c542b25df668faa4309587dbd00d5c415166dc5aebb5db26fbf7b350eff6f4129be9bd3fc38cd
-  data.tar.gz: 82ac37c5f69e67fe207a06fa61809844b0a9084e0ec73d4820f3f4e8896e74ab0010750663aa910e564dc2cb7135faa1dbd8d492ba94e3b8fad069bcfbab4931
+  metadata.gz: 50bb2c8ea28cbb275435f5c6f56e67d8cdec4edea9b3b6d9b23c3a2d57611d8fbccfddda9b33af2e8787988930d8e357ba0edef81f40023b6ac47610802a9523
+  data.tar.gz: 734cc8a61f6ee0fc5bd1b455aef026550ea1fac9fe2a7e11bf70fecf3a669013e083ee0413428fa8c4f1b6016edfe2cfe0dab4e73fc60aeded366e9f54923a85

data/lib/stytch/b2b_discovery.rb

@@ -263,6 +263,17 @@ module StytchB2B
       #   The list's accepted values are: `sms_otp` and `totp`.
       #
       #   The type of this field is nilable list of +String+.
+      # oauth_tenant_jit_provisioning::
+      #   The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are:
+      #
+      #   `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant.
+      #
+      #   `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant.
+      #
+      #   The type of this field is nilable +String+.
+      # allowed_oauth_tenants::
+      #   A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot".
+      #   The type of this field is nilable +object+.
       #
       # == Returns:
       # An object with the following fields:
@@ -319,7 +330,9 @@ module StytchB2B
         mfa_policy: nil,
         rbac_email_implicit_role_assignments: nil,
         mfa_methods: nil,
-        allowed_mfa_methods: nil
+        allowed_mfa_methods: nil,
+        oauth_tenant_jit_provisioning: nil,
+        allowed_oauth_tenants: nil
       )
         headers = {}
         request = {
@@ -341,6 +354,8 @@ module StytchB2B
         request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
         request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
         request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
+        request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
+        request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
 
         post_request('/v1/b2b/discovery/organizations/create', request, headers)
       end

data/lib/stytch/b2b_organizations.rb

@@ -150,6 +150,17 @@ module StytchB2B
     #   The list's accepted values are: `sms_otp` and `totp`.
     #
     #   The type of this field is nilable list of +String+.
+    # oauth_tenant_jit_provisioning::
+    #   The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are:
+    #
+    #   `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant.
+    #
+    #   `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant.
+    #
+    #   The type of this field is nilable +String+.
+    # allowed_oauth_tenants::
+    #   A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot".
+    #   The type of this field is nilable +object+.
     #
     # == Returns:
     # An object with the following fields:
@@ -176,7 +187,9 @@ module StytchB2B
       mfa_policy: nil,
       rbac_email_implicit_role_assignments: nil,
       mfa_methods: nil,
-      allowed_mfa_methods: nil
+      allowed_mfa_methods: nil,
+      oauth_tenant_jit_provisioning: nil,
+      allowed_oauth_tenants: nil
     )
       headers = {}
       request = {
@@ -195,6 +208,8 @@ module StytchB2B
       request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
       request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
       request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
+      request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
+      request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
 
       post_request('/v1/b2b/organizations', request, headers)
     end
@@ -359,6 +374,21 @@ module StytchB2B
     #
     # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.
     #   The type of this field is nilable list of +String+.
+    # oauth_tenant_jit_provisioning::
+    #   The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are:
+    #
+    #   `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant.
+    #
+    #   `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant.
+    #
+    #
+    # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.oauth-tenant-jit-provisioning` action on the `stytch.organization` Resource.
+    #   The type of this field is nilable +String+.
+    # allowed_oauth_tenants::
+    #   A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot".
+    #
+    # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-oauth-tenants` action on the `stytch.organization` Resource.
+    #   The type of this field is nilable +object+.
     #
     # == Returns:
     # An object with the following fields:
@@ -392,6 +422,8 @@ module StytchB2B
       rbac_email_implicit_role_assignments: nil,
       mfa_methods: nil,
       allowed_mfa_methods: nil,
+      oauth_tenant_jit_provisioning: nil,
+      allowed_oauth_tenants: nil,
       method_options: nil
     )
       headers = {}
@@ -413,6 +445,8 @@ module StytchB2B
       request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
       request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
       request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
+      request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
+      request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
 
       put_request("/v1/b2b/organizations/#{organization_id}", request, headers)
     end
@@ -1108,7 +1142,7 @@ module StytchB2B
       #   Member's primary email address and the old primary email address is retired.
       #
       # A retired email address cannot be used by other Members in the same Organization. However, unlinking retired email
-      # addresses allows then to be subsequently re-used by other Organization Members. Retired email addresses can be viewed
+      # addresses allows them to be subsequently re-used by other Organization Members. Retired email addresses can be viewed
       # on the [Member object](https://stytch.com/docs/b2b/api/member-object).
       #  %}
       #

data/lib/stytch/b2b_scim.rb

@@ -194,7 +194,7 @@ module StytchB2B
       #   (no documentation yet)
       #   The type of this field is nilable +UpdateRequestIdentityProvider+ (string enum).
       # scim_group_implicit_role_assignments::
-      #   (no documentation yet)
+      #   An array of SCIM group implicit role assignments. Each object in the array must contain a `group_id` and a `role_id`.
       #   The type of this field is nilable list of +SCIMGroupImplicitRoleAssignments+.
       #
       # == Returns:
@@ -460,7 +460,7 @@ module StytchB2B
         post_request("/v1/b2b/scim/#{organization_id}/connection", request, headers)
       end
 
-      # Get SCIM Connections.
+      # Get SCIM Connection.
       #
       # == Parameters:
       # organization_id::

data/lib/stytch/crypto_wallets.rb

@@ -16,7 +16,12 @@ module Stytch
       @connection = connection
     end
 
-    # Initiate the authentication of a crypto wallet. After calling this endpoint, the user will need to sign a message containing only the returned `challenge` field.
+    # Initiate the authentication of a crypto wallet. After calling this endpoint, the user will need to sign a message containing the returned `challenge` field.
+    #
+    # For Ethereum crypto wallets, you can optionally use the Sign In With Ethereum (SIWE) protocol for the message by passing in the `siwe_params`. The only required fields are `domain` and `uri`.
+    # If the crypto wallet detects that the domain in the message does not match the website's domain, it will display a warning to the user.
+    #
+    # If not using the SIWE protocol, the message will simply consist of the project name and a random string.
     #
     # == Parameters:
     # crypto_wallet_type::
@@ -34,6 +39,9 @@ module Stytch
     # session_jwt::
     #   The `session_jwt` associated with a User's existing Session.
     #   The type of this field is nilable +String+.
+    # siwe_params::
+    #   The parameters for a Sign In With Ethereum (SIWE) message. May only be passed if the `crypto_wallet_type` is `ethereum`.
+    #   The type of this field is nilable +SIWEParams+ (+object+).
     #
     # == Returns:
     # An object with the following fields:
@@ -57,7 +65,8 @@ module Stytch
       crypto_wallet_address:,
       user_id: nil,
       session_token: nil,
-      session_jwt: nil
+      session_jwt: nil,
+      siwe_params: nil
     )
       headers = {}
       request = {
@@ -67,6 +76,7 @@ module Stytch
       request[:user_id] = user_id unless user_id.nil?
       request[:session_token] = session_token unless session_token.nil?
       request[:session_jwt] = session_jwt unless session_jwt.nil?
+      request[:siwe_params] = siwe_params unless siwe_params.nil?
 
       post_request('/v1/crypto_wallets/authenticate/start', request, headers)
     end
@@ -132,6 +142,9 @@ module Stytch
     #   See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields.
     #
     #   The type of this field is nilable +Session+ (+object+).
+    # siwe_params::
+    #   The parameters of the Sign In With Ethereum (SIWE) message that was signed.
+    #   The type of this field is nilable +SIWEParamsResponse+ (+object+).
     def authenticate(
       crypto_wallet_type:,
       crypto_wallet_address:,

data/lib/stytch/sessions.rb

@@ -156,6 +156,70 @@ module Stytch
       post_request('/v1/sessions/revoke', request, headers)
     end
 
+    # Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing User and create a Stytch Session. You will need to create the user before using this endpoint.
+    #
+    # == Parameters:
+    # session_token::
+    #   The `session_token` associated with a User's existing Session.
+    #   The type of this field is +String+.
+    # session_duration_minutes::
+    #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+    #   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+    #   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+    #
+    #   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+    #
+    #   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+    #
+    #   If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created.
+    #   The type of this field is nilable +Integer+.
+    # session_custom_claims::
+    #   Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value.
+    #
+    #   Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes.
+    #   The type of this field is nilable +object+.
+    #
+    # == Returns:
+    # An object with the following fields:
+    # request_id::
+    #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+    #   The type of this field is +String+.
+    # user_id::
+    #   The unique ID of the affected User.
+    #   The type of this field is +String+.
+    # session_token::
+    #   A secret token for a given Stytch Session.
+    #   The type of this field is +String+.
+    # session_jwt::
+    #   The JSON Web Token (JWT) for a given Stytch Session.
+    #   The type of this field is +String+.
+    # user::
+    #   The `user` object affected by this API call. See the [Get user endpoint](https://stytch.com/docs/api/get-user) for complete response field details.
+    #   The type of this field is +User+ (+object+).
+    # status_code::
+    #   (no documentation yet)
+    #   The type of this field is +Integer+.
+    # session::
+    #   If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response.
+    #
+    #   See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields.
+    #
+    #   The type of this field is nilable +Session+ (+object+).
+    def migrate(
+      session_token:,
+      session_duration_minutes: nil,
+      session_custom_claims: nil
+    )
+      headers = {}
+      request = {
+        session_token: session_token
+      }
+      request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
+      request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil?
+
+      post_request('/v1/sessions/migrate', request, headers)
+    end
+
     # Get the JSON Web Key Set (JWKS) for a project.
     #
     # JWKS are rotated every ~6 months. Upon rotation, new JWTs will be signed using the new key set, and both key sets will be returned by this endpoint for a period of 1 month.

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '9.3.0'
+  VERSION = '9.5.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 9.3.0
+  version: 9.5.0
 platform: ruby
 authors:
 - stytch
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-07-26 00:00:00.000000000 Z
+date: 2024-08-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday