stytch 8.0.0 → 8.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ccc9948429ae0e2593b84c5cc3a67f23ab3203c23884b93a58af2a7c6aa34c0b
-  data.tar.gz: bf365eef52a61a836855abf747aaab619b98244cdfef94fc091ee74366993e1b
+  metadata.gz: 641a8f3466452e18a1f85ed1f410a575100ca512de0118a638735dc93d2f5842
+  data.tar.gz: 31a2da5d7789dc4bdf160654201dfcbe8000d3c76450aa7b09f4c63247eaa644
 SHA512:
-  metadata.gz: fc4cefae842f14dadd8152eb61095abb6969b4abe934c33f9fcf168377642a8101bdde9eab5c929d3dbf13a7dea1146b608f614ee678f7a485e13255d6376f5c
-  data.tar.gz: 6f3e5f2e1589a50898bc3a8fd95eb4a772e697de007d1b6a734c01fdeac46cc8ab71a7bcea4b97476ec8447da4ac16f1418452754af01ebaddafa873b4c84b57
+  metadata.gz: 1141d505b32c4184040a2637da78dcc255cf9d07488cb411edeb0d382edba1343df9b571f7eddcb678b5253fe0ce90b2e9897bc21432c980a472ee54ad20442d
+  data.tar.gz: f4bd6e921c39ae22ca405e6c6b1b5c300a2a23da5b3986faf4d04db5199c50488aadb4082710e4fb2422b755849f3dae9777664d368a7120dddf5d553bf0f7ea

data/lib/stytch/b2b_discovery.rb

@@ -147,7 +147,7 @@ module StytchB2B
       # This endpoint will also create an initial Member Session for the newly created Member.
       #
       # The Member created by this endpoint will automatically be granted the `stytch_admin` Role. See the
-      # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for more details on this Role.
+      # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for more details on this Role.
       #
       # If the new Organization is created with a `mfa_policy` of `REQUIRED_FOR_ALL`, the newly created Member will need to complete an MFA step to log in to the Organization.
       # The `intermediate_session_token` will not be consumed and instead will be returned in the response.

data/lib/stytch/b2b_oauth.rb

@@ -122,7 +122,7 @@ module StytchB2B
     # provider_values::
     #   The `provider_values` object lists relevant identifiers, values, and scopes for a given OAuth provider. For example this object will include a provider's `access_token` that you can use to access the provider's API for a given user.
     #
-    #   Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only returned by Microsoft.
+    #   Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only returned by Microsoft. Google One Tap does not return access tokens or refresh tokens.
     #   The type of this field is nilable +ProviderValues+ (+object+).
     # mfa_required::
     #   Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.

data/lib/stytch/b2b_organizations.rb

@@ -929,6 +929,41 @@ module StytchB2B
         delete_request("/v1/b2b/organizations/#{organization_id}/members/mfa_phone_numbers/#{member_id}", headers)
       end
 
+      # Delete a Member's MFA TOTP registration.
+      #
+      # To mint a new registration for a Member, you must first call this endpoint to delete the existing registration.
+      #
+      # Existing Member Sessions that include the TOTP authentication factor will not be revoked if the registration is deleted, and MFA will not be enforced until the Member logs in again.
+      #  /%}
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member.
+      #   The type of this field is +String+.
+      # member::
+      #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+      #   The type of this field is +Member+ (+object+).
+      # organization::
+      #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+      #   The type of this field is +Organization+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      #
+      # == Method Options:
+      # This method supports an optional +StytchB2B::Organizations::Members::DeleteTOTPRequestOptions+ object which will modify the headers sent in the HTTP request.
       def delete_totp(
         organization_id:,
         member_id:,
@@ -1223,6 +1258,8 @@ module StytchB2B
         # issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch will refresh the
         # access token automatically.
         #
+        # Google One Tap does not return access tokens. If the member has only authenticated through Google One Tap and not through a regular Google OAuth flow, this endpoint will not return any tokens.
+        #
         # __Note:__ Google does not issue a refresh token on every login, and refresh tokens may expire if unused.
         # To force a refresh token to be issued, pass the `?provider_prompt=consent` query param into the
         # [Start Google OAuth flow](https://stytch.com/docs/b2b/api/oauth-google-start) endpoint.
@@ -1249,12 +1286,6 @@ module StytchB2B
         # provider_subject::
         #   The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or "Subject field" in OAuth protocols.
         #   The type of this field is +String+.
-        # access_token::
-        #   The `access_token` that you may use to access the User's data in the provider's API.
-        #   The type of this field is +String+.
-        # access_token_expires_in::
-        #   The number of seconds until the access token expires.
-        #   The type of this field is +Integer+.
         # id_token::
         #   The `id_token` returned by the OAuth provider. ID Tokens are JWTs that contain structured information about a user. The exact content of each ID Token varies from provider to provider. ID Tokens are returned from OAuth providers that conform to the [OpenID Connect](https://openid.net/foundation/) specification, which is based on OAuth.
         #   The type of this field is +String+.
@@ -1264,6 +1295,12 @@ module StytchB2B
         # status_code::
         #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
         #   The type of this field is +Integer+.
+        # access_token::
+        #   The `access_token` that you may use to access the User's data in the provider's API.
+        #   The type of this field is nilable +String+.
+        # access_token_expires_in::
+        #   The number of seconds until the access token expires.
+        #   The type of this field is nilable +Integer+.
         # refresh_token::
         #   The `refresh_token` that you may use to obtain a new `access_token` for the User within the provider's API.
         #   The type of this field is nilable +String+.

data/lib/stytch/b2b_sessions.rb

@@ -70,7 +70,7 @@ module StytchB2B
 
     # Authenticates a Session and updates its lifetime by the specified `session_duration_minutes`. If the `session_duration_minutes` is not specified, a Session will not be extended. This endpoint requires either a `session_jwt` or `session_token` be included in the request. It will return an error if both are present.
     #
-    # You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid.
+    # You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid. See our [How to use Stytch Session JWTs](https://stytch.com/docs/b2b/guides/sessions/using-jwts) guide for more information.
     #
     # If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
     # In addition, the `organization_id` passed in the authorization check must match the Member's Organization.
@@ -316,7 +316,7 @@ module StytchB2B
       post_request('/v1/b2b/sessions/exchange', request, headers)
     end
 
-    # Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with a Member in your Organization and create a Stytch Session.
+    # Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing Member in your Organization and create a Stytch Session. You will need to create the member before using this endpoint.
     #
     # == Parameters:
     # session_token::
@@ -397,6 +397,8 @@ module StytchB2B
     #
     # If you're using your own JWT validation library, many have built-in support for JWKS rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWKS to use for validation by inspecting the `kid` value.
     #
+    # See our [How to use Stytch Session JWTs](https://stytch.com/docs/b2b/guides/sessions/using-jwts) guide for more information.
+    #
     # == Parameters:
     # project_id::
     #   The `project_id` to get the JWKS for.

data/lib/stytch/b2b_sso.rb

@@ -76,6 +76,9 @@ module StytchB2B
     # oidc_connections::
     #   The list of [OIDC Connections](https://stytch.com/docs/b2b/api/oidc-connection-object) owned by this organization.
     #   The type of this field is list of +OIDCConnection+ (+object+).
+    # external_connections::
+    #   (no documentation yet)
+    #   The type of this field is list of +Connection+ (+object+).
     # status_code::
     #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
     #   The type of this field is +Integer+.
@@ -306,6 +309,9 @@ module StytchB2B
       # display_name::
       #   A human-readable display name for the connection.
       #   The type of this field is nilable +String+.
+      # identity_provider::
+      #   The identity provider of this connection. For OIDC, the accepted values are `generic`, `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, and `google-workspace`.
+      #   The type of this field is nilable +CreateConnectionRequestIdentityProvider+ (string enum).
       #
       # == Returns:
       # An object with the following fields:
@@ -324,12 +330,14 @@ module StytchB2B
       def create_connection(
         organization_id:,
         display_name: nil,
+        identity_provider: nil,
         method_options: nil
       )
         headers = {}
         headers = headers.merge(method_options.to_headers) unless method_options.nil?
         request = {}
         request[:display_name] = display_name unless display_name.nil?
+        request[:identity_provider] = identity_provider unless identity_provider.nil?
 
         post_request("/v1/b2b/sso/oidc/#{organization_id}", request, headers)
       end
@@ -385,6 +393,9 @@ module StytchB2B
       # jwks_url::
       #   The location of the IdP's JSON Web Key Set, used to verify credentials issued by the IdP. This will be provided by the IdP.
       #   The type of this field is nilable +String+.
+      # identity_provider::
+      #   The identity provider of this connection. For OIDC, the accepted values are `generic`, `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, and `google-workspace`.
+      #   The type of this field is nilable +UpdateConnectionRequestIdentityProvider+ (string enum).
       #
       # == Returns:
       # An object with the following fields:
@@ -414,6 +425,7 @@ module StytchB2B
         token_url: nil,
         userinfo_url: nil,
         jwks_url: nil,
+        identity_provider: nil,
         method_options: nil
       )
         headers = {}
@@ -427,6 +439,7 @@ module StytchB2B
         request[:token_url] = token_url unless token_url.nil?
         request[:userinfo_url] = userinfo_url unless userinfo_url.nil?
         request[:jwks_url] = jwks_url unless jwks_url.nil?
+        request[:identity_provider] = identity_provider unless identity_provider.nil?
 
         put_request("/v1/b2b/sso/oidc/#{organization_id}/connections/#{connection_id}", request, headers)
       end
@@ -524,6 +537,9 @@ module StytchB2B
       # display_name::
       #   A human-readable display name for the connection.
       #   The type of this field is nilable +String+.
+      # identity_provider::
+      #   The identity provider of this connection. For OIDC, the accepted values are `generic`, `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, and `google-workspace`.
+      #   The type of this field is nilable +CreateConnectionRequestIdentityProvider+ (string enum).
       #
       # == Returns:
       # An object with the following fields:
@@ -542,12 +558,14 @@ module StytchB2B
       def create_connection(
         organization_id:,
         display_name: nil,
+        identity_provider: nil,
         method_options: nil
       )
         headers = {}
         headers = headers.merge(method_options.to_headers) unless method_options.nil?
         request = {}
         request[:display_name] = display_name unless display_name.nil?
+        request[:identity_provider] = identity_provider unless identity_provider.nil?
 
         post_request("/v1/b2b/sso/saml/#{organization_id}", request, headers)
       end
@@ -597,6 +615,9 @@ module StytchB2B
       # alternative_audience_uri::
       #   An alternative URL to use for the Audience Restriction. This value can be used when you wish to migrate an existing SAML integration to Stytch with zero downtime.
       #   The type of this field is nilable +String+.
+      # identity_provider::
+      #   The identity provider of this connection. For OIDC, the accepted values are `generic`, `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, and `google-workspace`.
+      #   The type of this field is nilable +UpdateConnectionRequestIdentityProvider+ (string enum).
       #
       # == Returns:
       # An object with the following fields:
@@ -623,6 +644,7 @@ module StytchB2B
         saml_connection_implicit_role_assignments: nil,
         saml_group_implicit_role_assignments: nil,
         alternative_audience_uri: nil,
+        identity_provider: nil,
         method_options: nil
       )
         headers = {}
@@ -636,6 +658,7 @@ module StytchB2B
         request[:saml_connection_implicit_role_assignments] = saml_connection_implicit_role_assignments unless saml_connection_implicit_role_assignments.nil?
         request[:saml_group_implicit_role_assignments] = saml_group_implicit_role_assignments unless saml_group_implicit_role_assignments.nil?
         request[:alternative_audience_uri] = alternative_audience_uri unless alternative_audience_uri.nil?
+        request[:identity_provider] = identity_provider unless identity_provider.nil?
 
         put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}", request, headers)
       end

data/lib/stytch/sessions.rb

@@ -62,7 +62,9 @@ module Stytch
       get_request(request, headers)
     end
 
-    # Authenticate a session token and retrieve associated session data. If `session_duration_minutes` is included, update the lifetime of the session to be that many minutes from now. All timestamps are formatted according to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. This endpoint requires exactly one `session_jwt` or `session_token` as part of the request. If both are included you will receive a `too_many_session_arguments` error.
+    # Authenticate a session token or session JWT and retrieve associated session data. If `session_duration_minutes` is included, update the lifetime of the session to be that many minutes from now. All timestamps are formatted according to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. This endpoint requires exactly one `session_jwt` or `session_token` as part of the request. If both are included, you will receive a `too_many_session_arguments` error.
+    #
+    # You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid. See our [How to use Stytch Session JWTs](https://stytch.com/docs/guides/sessions/using-jwts) guide for more information.
     #
     # == Parameters:
     # session_token::
@@ -164,6 +166,8 @@ module Stytch
     #
     # If you're using your own JWT validation library, many have built-in support for JWKS rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWKS to use for validation by inspecting the `kid` value.
     #
+    # See our [How to use Stytch Session JWTs](https://stytch.com/docs/guides/sessions/using-jwts) guide for more information.
+    #
     # == Parameters:
     # project_id::
     #   The `project_id` to get the JWKS for.

data/lib/stytch/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '8.0.0'
+  VERSION = '8.1.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 8.0.0
+  version: 8.1.0
 platform: ruby
 authors:
 - stytch
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-04-26 00:00:00.000000000 Z
+date: 2024-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday