stytch 9.6.0 → 9.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fa60ebc5e53fd75729943da5cc43d5162c19fb16a4884ad9843494cc1a761c32
-  data.tar.gz: '021092539c3458fba96ac1601fb45ef5a7296787e1efd6d9b94f539d5a2704f0'
+  metadata.gz: e075ae0bbd1a3f639927bcd53fc125ce81856a38ca08af4fda63a5a67c59a8d2
+  data.tar.gz: f820f820eff94a0d24e504bc1cb2a31d449124609b37edb60d1f6678acfe19e8
 SHA512:
-  metadata.gz: 43ed753c739adc360a17d4f45bd2659dd0e0dc07b5758ed37d1270309d8be255864de0a704bafd547357d9615159b04c44e0bd9a6fd2e0fb7b397c755161110b
-  data.tar.gz: 1b3367f713445effab13b21baae336bff32b207a7438f68ecfcdac518edab729151b86e72728efc0869e30b3a0dec81c9243215449767311c333eb5270c48c53
+  metadata.gz: 392f3723a7fd0e3950a4179da49c49dc2c01d469b6b2c4107c6d6d20b9beabcee3b5741c16f260ad04dc440c42122bd3098e5eb91844133c9cf08a4e30f58443
+  data.tar.gz: bb1e40d2bbc571b03215aa94dc40164816fd5559f412c14cb4b9b6b73ef1046a3339005d456ccb294b712d353c17eb53cf08b0fb0bfa030dd061fd11afc92712

data/lib/stytch/b2b_organizations.rb

@@ -1104,6 +1104,9 @@ module StytchB2B
       # member_id::
       #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
       #   The type of this field is +String+.
+      # include_deleted::
+      #   Whether to include deleted Members in the response. Defaults to false.
+      #   The type of this field is nilable +Boolean+.
       #
       # == Returns:
       # An object with the following fields:
@@ -1123,14 +1126,30 @@ module StytchB2B
       #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
       #   The type of this field is +Integer+.
       def dangerously_get(
-        member_id:
+        member_id:,
+        include_deleted: nil
       )
         headers = {}
-        query_params = {}
+        query_params = {
+          include_deleted: include_deleted
+        }
         request = request_with_query_params("/v1/b2b/organizations/members/dangerously_get/#{member_id}", query_params)
         get_request(request, headers)
       end
 
+      def oidc_providers(
+        organization_id:,
+        member_id:,
+        include_refresh_token: nil
+      )
+        headers = {}
+        query_params = {
+          include_refresh_token: include_refresh_token
+        }
+        request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/oidc_providers", query_params)
+        get_request(request, headers)
+      end
+
       # Unlinks a retired email address from a specified by their `organization_id` and `member_id`. The email address
       # to be retired can be identified in the request body by either its `email_id`, its `email_address`, or both. If using
       # both identifiers they must refer to the same email.

data/lib/stytch/b2b_sso.rb

@@ -49,13 +49,14 @@ module StytchB2B
     end
 
     include Stytch::RequestHelper
-    attr_reader :oidc, :saml
+    attr_reader :oidc, :saml, :external
 
     def initialize(connection)
       @connection = connection
 
       @oidc = StytchB2B::SSO::OIDC.new(@connection)
       @saml = StytchB2B::SSO::SAML.new(@connection)
+      @external = StytchB2B::SSO::External.new(@connection)
     end
 
     # Get all SSO Connections owned by the organization.
@@ -77,7 +78,7 @@ module StytchB2B
     #   The list of [OIDC Connections](https://stytch.com/docs/b2b/api/oidc-connection-object) owned by this organization.
     #   The type of this field is list of +OIDCConnection+ (+object+).
     # external_connections::
-    #   (no documentation yet)
+    #   The list of [External Connections](https://stytch.com/docs/b2b/api/external-connection-object) owned by this organization.
     #   The type of this field is list of +Connection+ (+object+).
     # status_code::
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
@@ -103,7 +104,7 @@ module StytchB2B
     #   The organization ID that the SSO connection belongs to.
     #   The type of this field is +String+.
     # connection_id::
-    #   The ID of the SSO connection. Both SAML and OIDC connection IDs can be provided.
+    #   The ID of the SSO connection. SAML, OIDC, and External connection IDs can be provided.
     #   The type of this field is +String+.
     #
     # == Returns:
@@ -395,6 +396,12 @@ module StytchB2B
       # identity_provider::
       #   The identity provider of this connection. For OIDC, the accepted values are `generic`, `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, and `google-workspace`.
       #   The type of this field is nilable +UpdateConnectionRequestIdentityProvider+ (string enum).
+      # custom_scopes::
+      #   Include a space-separated list of custom scopes that you'd like to include. Note that this list must be URL encoded, e.g. the spaces must be expressed as %20.
+      #   The type of this field is nilable +String+.
+      # attribute_mapping::
+      #   An object that represents the attributes used to identify a Member. This object will map the IdP-defined User attributes to Stytch-specific values, which will appear on the member's Trusted Metadata.
+      #   The type of this field is nilable +object+.
       #
       # == Returns:
       # An object with the following fields:
@@ -425,6 +432,8 @@ module StytchB2B
         userinfo_url: nil,
         jwks_url: nil,
         identity_provider: nil,
+        custom_scopes: nil,
+        attribute_mapping: nil,
         method_options: nil
       )
         headers = {}
@@ -439,6 +448,8 @@ module StytchB2B
         request[:userinfo_url] = userinfo_url unless userinfo_url.nil?
         request[:jwks_url] = jwks_url unless jwks_url.nil?
         request[:identity_provider] = identity_provider unless identity_provider.nil?
+        request[:custom_scopes] = custom_scopes unless custom_scopes.nil?
+        request[:attribute_mapping] = attribute_mapping unless attribute_mapping.nil?
 
         put_request("/v1/b2b/sso/oidc/#{organization_id}/connections/#{connection_id}", request, headers)
       end
@@ -611,7 +622,7 @@ module StytchB2B
       #          `attribute_mapping`. Make sure that your IdP is configured to correctly send the group information.
       #   The type of this field is nilable list of +SAMLGroupImplicitRoleAssignment+.
       # alternative_audience_uri::
-      #   An alternative URL to use for the Audience Restriction. This value can be used when you wish to migrate an existing SAML integration to Stytch with zero downtime.
+      #   An alternative URL to use for the Audience Restriction. This value can be used when you wish to migrate an existing SAML integration to Stytch with zero downtime. Read our [SSO migration guide](https://stytch.com/docs/b2b/guides/migrations/additional-migration-considerations) for more info.
       #   The type of this field is nilable +String+.
       # identity_provider::
       #   The identity provider of this connection. For OIDC, the accepted values are `generic`, `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, and `google-workspace`.
@@ -749,5 +760,166 @@ module StytchB2B
         delete_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}/verification_certificates/#{certificate_id}", headers)
       end
     end
+
+    class External
+      class CreateConnectionRequestOptions
+        # Optional authorization object.
+        # Pass in an active Stytch Member session token or session JWT and the request
+        # will be run using that member's permissions.
+        attr_accessor :authorization
+
+        def initialize(
+          authorization: nil
+        )
+          @authorization = authorization
+        end
+
+        def to_headers
+          headers = {}
+          headers.merge!(@authorization.to_headers) if authorization
+          headers
+        end
+      end
+
+      class UpdateConnectionRequestOptions
+        # Optional authorization object.
+        # Pass in an active Stytch Member session token or session JWT and the request
+        # will be run using that member's permissions.
+        attr_accessor :authorization
+
+        def initialize(
+          authorization: nil
+        )
+          @authorization = authorization
+        end
+
+        def to_headers
+          headers = {}
+          headers.merge!(@authorization.to_headers) if authorization
+          headers
+        end
+      end
+
+      include Stytch::RequestHelper
+
+      def initialize(connection)
+        @connection = connection
+      end
+
+      # Create a new External SSO Connection.
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # external_organization_id::
+      #   Globally unique UUID that identifies a different Organization within your Project.
+      #   The type of this field is +String+.
+      # external_connection_id::
+      #   Globally unique UUID that identifies a specific SSO connection configured for a different Organization in your Project.
+      #   The type of this field is +String+.
+      # display_name::
+      #   A human-readable display name for the connection.
+      #   The type of this field is nilable +String+.
+      # connection_implicit_role_assignments::
+      #   (no documentation yet)
+      #   The type of this field is nilable list of +SAMLConnectionImplicitRoleAssignment+.
+      # group_implicit_role_assignments::
+      #   (no documentation yet)
+      #   The type of this field is nilable list of +SAMLGroupImplicitRoleAssignment+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      # connection::
+      #   The `External Connection` object affected by this API call. See the [External Connection Object](https://stytch.com/docs/b2b/api/external-connection-object) for complete response field details.
+      #   The type of this field is nilable +Connection+ (+object+).
+      #
+      # == Method Options:
+      # This method supports an optional +StytchB2B::SSO::External::CreateConnectionRequestOptions+ object which will modify the headers sent in the HTTP request.
+      def create_connection(
+        organization_id:,
+        external_organization_id:,
+        external_connection_id:,
+        display_name: nil,
+        connection_implicit_role_assignments: nil,
+        group_implicit_role_assignments: nil,
+        method_options: nil
+      )
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
+        request = {
+          external_organization_id: external_organization_id,
+          external_connection_id: external_connection_id
+        }
+        request[:display_name] = display_name unless display_name.nil?
+        request[:connection_implicit_role_assignments] = connection_implicit_role_assignments unless connection_implicit_role_assignments.nil?
+        request[:group_implicit_role_assignments] = group_implicit_role_assignments unless group_implicit_role_assignments.nil?
+
+        post_request("/v1/b2b/sso/external/#{organization_id}", request, headers)
+      end
+
+      # Updates an existing External SSO connection.
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # connection_id::
+      #   Globally unique UUID that identifies a specific External SSO Connection.
+      #   The type of this field is +String+.
+      # display_name::
+      #   A human-readable display name for the connection.
+      #   The type of this field is nilable +String+.
+      # external_connection_implicit_role_assignments::
+      #   All Members who log in with this External connection will implicitly receive the specified Roles. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.Implicit role assignments are not supported for External connections if the underlying SSO connection is an OIDC connection.
+      #   The type of this field is nilable list of +ConnectionImplicitRoleAssignment+.
+      # external_group_implicit_role_assignments::
+      #   Defines the names of the groups
+      #  that grant specific role assignments. For each group-Role pair, if a Member logs in with this external connection and
+      #  belongs to the specified group, they will be granted the associated Role. See the
+      #  [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
+      #          Before adding any group implicit role assignments to an external connection, you must add a "groups" key to the underlying SAML connection's
+      #          `attribute_mapping`. Make sure that the SAML connection IdP is configured to correctly send the group information. Implicit role assignments are not supported
+      #          for External connections if the underlying SSO connection is an OIDC connection.
+      #   The type of this field is nilable list of +GroupImplicitRoleAssignment+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      # connection::
+      #   The `External Connection` object affected by this API call. See the [External Connection Object](https://stytch.com/docs/b2b/api/external-connection-object) for complete response field details.
+      #   The type of this field is nilable +Connection+ (+object+).
+      #
+      # == Method Options:
+      # This method supports an optional +StytchB2B::SSO::External::UpdateConnectionRequestOptions+ object which will modify the headers sent in the HTTP request.
+      def update_connection(
+        organization_id:,
+        connection_id:,
+        display_name: nil,
+        external_connection_implicit_role_assignments: nil,
+        external_group_implicit_role_assignments: nil,
+        method_options: nil
+      )
+        headers = {}
+        headers = headers.merge(method_options.to_headers) unless method_options.nil?
+        request = {}
+        request[:display_name] = display_name unless display_name.nil?
+        request[:external_connection_implicit_role_assignments] = external_connection_implicit_role_assignments unless external_connection_implicit_role_assignments.nil?
+        request[:external_group_implicit_role_assignments] = external_group_implicit_role_assignments unless external_group_implicit_role_assignments.nil?
+
+        put_request("/v1/b2b/sso/external/#{organization_id}/connections/#{connection_id}", request, headers)
+      end
+    end
   end
 end

data/lib/stytch/sessions.rb

@@ -160,7 +160,7 @@ module Stytch
     #
     # == Parameters:
     # session_token::
-    #   The `session_token` associated with a User's existing Session.
+    #   The authorization token Stytch will pass in to the external userinfo endpoint.
     #   The type of this field is +String+.
     # session_duration_minutes::
     #   Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '9.6.0'
+  VERSION = '9.8.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 9.6.0
+  version: 9.8.0
 platform: ruby
 authors:
 - stytch
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-09-26 00:00:00.000000000 Z
+date: 2024-10-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -100,7 +100,7 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.24.0
-description: 
+description:
 email:
 - support@stytch.com
 executables: []
@@ -162,7 +162,7 @@ licenses:
 metadata:
   homepage_uri: https://stytch.com
   source_code_uri: https://github.com/stytchauth/stytch-ruby
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -178,7 +178,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.2.3
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Stytch Ruby Gem
 test_files: []