stytch 9.12.0 → 10.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7a7313c3d6a55f38477e50fd472aacfe0807de7125b96dcb677824274658f254
-  data.tar.gz: 5ba3af52897fcdff9fca9cf34c2f241ed00a4a52df529c908b167b5c7cf28e43
+  metadata.gz: ce6f59d89c33b808bfe32aad54d9d6875c6f20a75ad7d3a5540c7a39d0e4c8d5
+  data.tar.gz: 5dc596aa605508971900fb720bdbb945ca5767b2778038e78941c340ef516222
 SHA512:
-  metadata.gz: 8519184ebd5bb875421a65dad85a84b0e10996e12eabbb4aa2ebdc8e2a1da27e932dc76e90232b428ef8ae1ddf9b20b550fde3c131842cb4e0b993c47ba5bac4
-  data.tar.gz: 0c33b69b60daa0997cb75ed0fca9455b733e135e732d30772f13a550ac48b5b15dd0b83a70de8685d5025ed395def6374de8412b97aa1cf981bc600acd4f6af7
+  metadata.gz: b897c6d6f047534dfb93bb22feecfb6823fe3cfbf70a2e6b55d24b90e77c9f5868f45f143f1df3f1a013afd66d4e3f1e1d60212aab432b7a21838632abead94d
+  data.tar.gz: 11b5803a85782493d2f66e10744cec74a48679931d79600a9ed1b1ae59873caebc1a0634582c7a74daaae630ef9d0adfb16e5d04b1e99bbf24ba38d39508f36f

data/lib/stytch/b2b_client.rb

@@ -12,6 +12,7 @@ require_relative 'b2b_scim'
 require_relative 'b2b_sessions'
 require_relative 'b2b_sso'
 require_relative 'b2b_totps'
+require_relative 'fraud'
 require_relative 'm2m'
 require_relative 'project'
 require_relative 'rbac_local'
@@ -20,12 +21,13 @@ module StytchB2B
   class Client
     ENVIRONMENTS = %i[live test].freeze
 
-    attr_reader :discovery, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :project, :rbac, :recovery_codes, :scim, :sso, :sessions, :totps
+    attr_reader :discovery, :fraud, :m2m, :magic_links, :oauth, :otps, :organizations, :passwords, :project, :rbac, :recovery_codes, :scim, :sso, :sessions, :totps
 
-    def initialize(project_id:, secret:, env: nil, &block)
-      @api_host   = api_host(env, project_id)
+    def initialize(project_id:, secret:, env: nil, fraud_env: nil, &block)
+      @api_host = api_host(env, project_id)
+      @fraud_api_host = fraud_api_host(fraud_env)
       @project_id = project_id
-      @secret     = secret
+      @secret = secret
       @is_b2b_client = true
 
       create_connection(&block)
@@ -34,6 +36,7 @@ module StytchB2B
       @policy_cache = StytchB2B::PolicyCache.new(rbac_client: rbac)
 
       @discovery = StytchB2B::Discovery.new(@connection)
+      @fraud = Stytch::Fraud.new(@fraud_connection)
       @m2m = Stytch::M2M.new(@connection, @project_id, @is_b2b_client)
       @magic_links = StytchB2B::MagicLinks.new(@connection)
       @oauth = StytchB2B::OAuth.new(@connection)
@@ -69,11 +72,25 @@ module StytchB2B
       end
     end
 
+    def fraud_api_host(fraud_env)
+      case fraud_env
+      when %r{\Ahttps?://}
+        # If this is a string that looks like a URL, assume it's an internal development URL.
+        fraud_env
+      else
+        'https://telemetry.stytch.com'
+      end
+    end
+
     def create_connection
       @connection = Faraday.new(url: @api_host) do |builder|
         block_given? ? yield(builder) : build_default_connection(builder)
       end
+      @fraud_connection = Faraday.new(url: @fraud_api_host) do |builder|
+        block_given? ? yield(builder) : build_default_connection(builder)
+      end
       @connection.set_basic_auth(@project_id, @secret)
+      @fraud_connection.set_basic_auth(@project_id, @secret)
     end
 
     def build_default_connection(builder)

data/lib/stytch/b2b_rbac.rb

@@ -20,7 +20,7 @@ module StytchB2B
     #
     # When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating the need for an extra request to Stytch. The policy will be refreshed if an authorization check is requested and the RBAC policy was last updated more than 5 minutes ago.
     #
-    # Resources and Roles can be created and managed within the [Dashboard](/dashboard/rbac). Additionally, [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically managed through certain Stytch API endpoints.
+    # Resources and Roles can be created and managed within the [Dashboard](https://stytch.com/docs/dashboard/rbac). Additionally, [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically managed through certain Stytch API endpoints.
     #
     # Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model.
     #
@@ -35,7 +35,7 @@ module StytchB2B
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
     # policy::
-    #   The RBAC Policy document that contains all defined Roles and Resources – which are managed in the [Dashboard](/dashboard/rbac). Read more about these entities and how they work in our [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview).
+    #   The RBAC Policy document that contains all defined Roles and Resources – which are managed in the [Dashboard](https://stytch.com/docs/dashboard/rbac). Read more about these entities and how they work in our [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview).
     #   The type of this field is nilable +Policy+ (+object+).
     def policy
       headers = {}

data/lib/stytch/b2b_sessions.rb

@@ -341,7 +341,7 @@ module StytchB2B
       post_request('/v1/b2b/sessions/exchange', request, headers)
     end
 
-    # Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing in your and create a Stytch Session. You will need to create the member before using this endpoint.
+    # Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](https://stytch.com/docs/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing in your and create a Stytch Session. You will need to create the member before using this endpoint.
     #
     # == Parameters:
     # session_token::

data/lib/stytch/client.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'crypto_wallets'
+require_relative 'fraud'
 require_relative 'm2m'
 require_relative 'magic_links'
 require_relative 'oauth'
@@ -16,17 +17,19 @@ module Stytch
   class Client
     ENVIRONMENTS = %i[live test].freeze
 
-    attr_reader :crypto_wallets, :m2m, :magic_links, :oauth, :otps, :passwords, :project, :sessions, :totps, :users, :webauthn
+    attr_reader :crypto_wallets, :fraud, :m2m, :magic_links, :oauth, :otps, :passwords, :project, :sessions, :totps, :users, :webauthn
 
-    def initialize(project_id:, secret:, env: nil, &block)
-      @api_host   = api_host(env, project_id)
+    def initialize(project_id:, secret:, env: nil, fraud_env: nil, &block)
+      @api_host = api_host(env, project_id)
+      @fraud_api_host = fraud_api_host(fraud_env)
       @project_id = project_id
-      @secret     = secret
+      @secret = secret
       @is_b2b_client = false
 
       create_connection(&block)
 
       @crypto_wallets = Stytch::CryptoWallets.new(@connection)
+      @fraud = Stytch::Fraud.new(@fraud_connection)
       @m2m = Stytch::M2M.new(@connection, @project_id, @is_b2b_client)
       @magic_links = Stytch::MagicLinks.new(@connection)
       @oauth = Stytch::OAuth.new(@connection)
@@ -59,11 +62,25 @@ module Stytch
       end
     end
 
+    def fraud_api_host(fraud_env)
+      case fraud_env
+      when %r{\Ahttps?://}
+        # If this is a string that looks like a URL, assume it's an internal development URL.
+        fraud_env
+      else
+        'https://telemetry.stytch.com'
+      end
+    end
+
     def create_connection
       @connection = Faraday.new(url: @api_host) do |builder|
         block_given? ? yield(builder) : build_default_connection(builder)
       end
+      @fraud_connection = Faraday.new(url: @fraud_api_host) do |builder|
+        block_given? ? yield(builder) : build_default_connection(builder)
+      end
       @connection.set_basic_auth(@project_id, @secret)
+      @fraud_connection.set_basic_auth(@project_id, @secret)
     end
 
     def build_default_connection(builder)

data/lib/stytch/fraud.rb

@@ -0,0 +1,190 @@
+# frozen_string_literal: true
+
+# !!!
+# WARNING: This file is autogenerated
+# Only modify code within MANUAL() sections
+# or your changes may be overwritten later!
+# !!!
+
+require_relative 'request_helper'
+
+module Stytch
+  class Fraud
+    include Stytch::RequestHelper
+    attr_reader :fingerprint, :rules
+
+    def initialize(connection)
+      @connection = connection
+
+      @fingerprint = Stytch::Fraud::Fingerprint.new(@connection)
+      @rules = Stytch::Fraud::Rules.new(@connection)
+    end
+
+    class Fingerprint
+      include Stytch::RequestHelper
+
+      def initialize(connection)
+        @connection = connection
+      end
+
+      # Lookup the associated fingerprint for the `telemetry_id` returned from the `GetTelemetryID` function. Learn more about the different fingerprint types and verdicts in our [DFP guide](https://stytch.com/docs/fraud/guides/device-fingerprinting/overview).
+      #
+      # Make a decision based on the returned `verdict`:
+      # * `ALLOW` - This is a known valid device grouping or device profile that is part of the default `ALLOW` listed set of known devices by Stytch. This grouping is made up of  verified device profiles that match the characteristics of known/authentic traffic origins.
+      # * `BLOCK` - This is a known bad or malicious device profile that is undesirable and should be blocked from completing the privileged action in question.
+      # * `CHALLENGE` - This is an unknown or potentially malicious device that should be put through increased friction such as 2FA or other forms of extended user verification before allowing the privileged action to proceed.
+      #
+      # If the `telemetry_id` is not found, we will return a 404 `telemetry_id_not_found` [error](https://stytch.com/docs/fraud/api/errors/404#telemetry_id_not_found). We recommend treating 404 errors as a `BLOCK`, since it could be a sign of an attacker trying to bypass DFP protections by generating fake telemetry IDs.
+      #
+      # == Parameters:
+      # telemetry_id::
+      #   The telemetry ID associated with the fingerprint getting looked up.
+      #   The type of this field is +String+.
+      # external_metadata::
+      #   External identifiers that you wish to associate with the given telemetry ID. You will be able to search for fingerprint results by these identifiers in the DFP analytics dashboard. External metadata fields may not exceed 65 characters. They may only contain alphanumerics and the characters `_` `-` `+` `.` or `@`.
+      #   The type of this field is nilable +Metadata+ (+object+).
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # telemetry_id::
+      #   The telemetry ID associated with the fingerprint getting looked up.
+      #   The type of this field is +String+.
+      # fingerprints::
+      #   A Stytch fingerprint consists of the following identifiers:
+      #   The type of this field is +Fingerprints+ (+object+).
+      # verdict::
+      #   The metadata associated with each fingerprint
+      #   The type of this field is +Verdict+ (+object+).
+      # external_metadata::
+      #   External identifiers that you wish to associate with the given telemetry ID. You will be able to search for fingerprint results by these identifiers in the DFP analytics dashboard. External metadata fields may not exceed 65 characters. They may only contain alphanumerics and the characters `_` `-` `+` `.` or `@`.
+      #   The type of this field is +Metadata+ (+object+).
+      # created_at::
+      #   The time when the fingerprint was taken. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
+      #   The type of this field is +String+.
+      # expires_at::
+      #   The timestamp when the fingerprint expires. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
+      #   The type of this field is +String+.
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      # properties::
+      #   Additional information about the user's browser and network.
+      #   The type of this field is nilable +Properties+ (+object+).
+      def lookup(
+        telemetry_id:,
+        external_metadata: nil
+      )
+        headers = {}
+        request = {
+          telemetry_id: telemetry_id
+        }
+        request[:external_metadata] = external_metadata unless external_metadata.nil?
+
+        post_request('/v1/fingerprint/lookup', request, headers)
+      end
+    end
+
+    class Rules
+      include Stytch::RequestHelper
+
+      def initialize(connection)
+        @connection = connection
+      end
+
+      # Set a rule for a particular `visitor_id`, `browser_id`, `visitor_fingerprint`, `browser_fingerprint`, `hardware_fingerprint`, or `network_fingerprint`. This is helpful in cases where you want to allow or block a specific user or fingerprint. You should be careful when setting rules for `browser_fingerprint`, `hardware_fingerprint`, or `network_fingerprint` as they can be shared across multiple users, and you could affect more users than intended.
+      #
+      # Rules are applied in the order specified above. For example, if an end user has an `ALLOW` rule set for their `visitor_id` but a `BLOCK` rule set for their `hardware_fingerprint`, they will receive an `ALLOW` verdict because the `visitor_id` rule takes precedence.
+      #
+      # == Parameters:
+      # action::
+      #   The action that should be returned by a fingerprint lookup for that fingerprint or ID with a `RULE_MATCH` reason. The following values are valid: `ALLOW`, `BLOCK`, `CHALLENGE`, or `NONE`. If a `NONE` action is specified, it will clear the stored rule.
+      #   The type of this field is +RuleAction+ (string enum).
+      # visitor_id::
+      #   The visitor ID we want to set a rule for. Only one fingerprint or ID can be specified in the request.
+      #   The type of this field is nilable +String+.
+      # browser_id::
+      #   The browser ID we want to set a rule for. Only one fingerprint or ID can be specified in the request.
+      #   The type of this field is nilable +String+.
+      # visitor_fingerprint::
+      #   The visitor fingerprint we want to set a rule for. Only one fingerprint or ID can be specified in the request.
+      #   The type of this field is nilable +String+.
+      # browser_fingerprint::
+      #   The browser fingerprint we want to set a rule for. Only one fingerprint or ID can be specified in the request.
+      #   The type of this field is nilable +String+.
+      # hardware_fingerprint::
+      #   The hardware fingerprint we want to set a rule for. Only one fingerprint or ID can be specified in the request.
+      #   The type of this field is nilable +String+.
+      # network_fingerprint::
+      #   The network fingerprint we want to set a rule for. Only one fingerprint or ID can be specified in the request.
+      #   The type of this field is nilable +String+.
+      # expires_in_minutes::
+      #   The number of minutes until this rule expires. If no `expires_in_minutes` is specified, then the rule is kept permanently.
+      #   The type of this field is nilable +Integer+.
+      # description::
+      #   An optional description for the rule.
+      #   The type of this field is nilable +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # action::
+      #   The action that will be returned for the specified fingerprint or ID.
+      #   The type of this field is +RuleAction+ (string enum).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      # visitor_id::
+      #   The cookie stored on the user's device that uniquely identifies them.
+      #   The type of this field is nilable +String+.
+      # browser_id::
+      #   Combination of VisitorID and NetworkFingerprint to create a clear identifier of a browser.
+      #   The type of this field is nilable +String+.
+      # visitor_fingerprint::
+      #   Cookie-less way of identifying a unique user.
+      #   The type of this field is nilable +String+.
+      # browser_fingerprint::
+      #   Combination of signals to identify a browser and its specific version.
+      #   The type of this field is nilable +String+.
+      # hardware_fingerprint::
+      #   Combinations of signals to identify an operating system and architecture.
+      #   The type of this field is nilable +String+.
+      # network_fingerprint::
+      #   Combination of signals associated with a specific network commonly known as TLS fingerprinting.
+      #   The type of this field is nilable +String+.
+      # expires_at::
+      #   The timestamp when the rule expires. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
+      #   The type of this field is nilable +String+.
+      def set(
+        action:,
+        visitor_id: nil,
+        browser_id: nil,
+        visitor_fingerprint: nil,
+        browser_fingerprint: nil,
+        hardware_fingerprint: nil,
+        network_fingerprint: nil,
+        expires_in_minutes: nil,
+        description: nil
+      )
+        headers = {}
+        request = {
+          action: action
+        }
+        request[:visitor_id] = visitor_id unless visitor_id.nil?
+        request[:browser_id] = browser_id unless browser_id.nil?
+        request[:visitor_fingerprint] = visitor_fingerprint unless visitor_fingerprint.nil?
+        request[:browser_fingerprint] = browser_fingerprint unless browser_fingerprint.nil?
+        request[:hardware_fingerprint] = hardware_fingerprint unless hardware_fingerprint.nil?
+        request[:network_fingerprint] = network_fingerprint unless network_fingerprint.nil?
+        request[:expires_in_minutes] = expires_in_minutes unless expires_in_minutes.nil?
+        request[:description] = description unless description.nil?
+
+        post_request('/v1/rules/set', request, headers)
+      end
+    end
+  end
+end

data/lib/stytch/magic_links.rb

@@ -27,7 +27,7 @@ module Stytch
     #
     #       The redirect URL will look like `https://example.com/authenticate?stytch_token_type=magic_links&token=rM_kw42CWBhsHLF62V75jELMbvJ87njMe3tFVj7Qupu7`
     #
-    #       In the redirect URL, the `stytch_token_type` will be `magic_link`. See [here](/workspace-management/redirect-urls) for more detail.
+    #       In the redirect URL, the `stytch_token_type` will be `magic_link`. See [here](https://stytch.com/docs/workspace-management/redirect-urls) for more detail.
     #   The type of this field is +String+.
     # attributes::
     #   Provided attributes help with fraud detection.

data/lib/stytch/oauth.rb

@@ -72,7 +72,7 @@ module Stytch
     #
     #       The redirect URL will look like `https://example.com/authenticate?stytch_token_type=oauth&token=rM_kw42CWBhsHLF62V75jELMbvJ87njMe3tFVj7Qupu7`
     #
-    #       In the redirect URL, the `stytch_token_type` will be `oauth`. See [here](/workspace-management/redirect-urls) for more detail.
+    #       In the redirect URL, the `stytch_token_type` will be `oauth`. See [here](https://stytch.com/docs/workspace-management/redirect-urls) for more detail.
     #   The type of this field is +String+.
     # session_token::
     #   Reuse an existing session instead of creating a new one. If you provide us with a `session_token`, then we'll update the session represented by this session token with this OAuth factor. If this `session_token` belongs to a different user than the OAuth token, the session_jwt will be ignored. This endpoint will error if both `session_token` and `session_jwt` are provided.

data/lib/stytch/passwords.rb

@@ -387,7 +387,7 @@ module Stytch
       # login_redirect_url::
       #   The URL Stytch redirects to after the OAuth flow is completed for a user that already exists. This URL should be a route in your application which will run `oauth.authenticate` (see below) and finish the login.
       #
-      #   The URL must be configured as a Login URL in the [Redirect URL page](/dashboard/redirect-urls). If the field is not specified, the default Login URL will be used.
+      #   The URL must be configured as a Login URL in the [Redirect URL page](https://stytch.com/docs/dashboard/redirect-urls). If the field is not specified, the default Login URL will be used.
       #   The type of this field is nilable +String+.
       # locale::
       #   Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
@@ -453,7 +453,7 @@ module Stytch
       #
       #       In the redirect URL, the `stytch_token_type` will be `login` or `reset_password`.
       #
-      #       See examples and read more about redirect URLs [here](/workspace-management/redirect-urls).
+      #       See examples and read more about redirect URLs [here](https://stytch.com/docs/workspace-management/redirect-urls).
       #   The type of this field is +String+.
       # password::
       #   The password for the user. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.

data/lib/stytch/sessions.rb

@@ -156,7 +156,7 @@ module Stytch
       post_request('/v1/sessions/revoke', request, headers)
     end
 
-    # Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing User and create a Stytch Session. You will need to create the user before using this endpoint.
+    # Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](https://stytch.com/docs/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing User and create a Stytch Session. You will need to create the user before using this endpoint.
     #
     # == Parameters:
     # session_token::

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '9.12.0'
+  VERSION = '10.0.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 9.12.0
+  version: 10.0.0
 platform: ruby
 authors:
 - stytch
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-01-03 00:00:00.000000000 Z
+date: 2025-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -140,6 +140,7 @@ files:
 - lib/stytch/client.rb
 - lib/stytch/crypto_wallets.rb
 - lib/stytch/errors.rb
+- lib/stytch/fraud.rb
 - lib/stytch/m2m.rb
 - lib/stytch/magic_links.rb
 - lib/stytch/method_options.rb