@stytch/vanilla-js 1.1.4 → 2.0.0

package/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @stytch/vanilla-js
 
+## 2.0.0
+
+### Major Changes
+
+- a4083c7: Breaking Changes: The intermediate session token (IST) will no longer be accepted as an argument for the discovery list organizations, intermediate sessions exchange, and create organization via discovery endpoints. The IST will be passed in automatically. ISTs are stored as browser cookies or persisted on device when they are generated after calls to discovery authenticate endpoints, such as email magic link discovery authenticate, or primary authenticate endpoints in the case where MFA is required, such as email magic link authenticate or SSO authenticate.
+
+  New Features: Our B2B product now supports multi-factor authentication (MFA) with one-time passcodes (OTPs) via SMS. MFA policies can be set on the Organization level or on the Member level. See the Stytch docs for more information.
+
+### Patch Changes
+
+- Updated dependencies [a4083c7]
+  - @stytch/core@0.15.0
+
 ## 1.1.4
 
 ### Patch Changes

package/dist/b2b/index.d.ts

@@ -1,4 +1,4 @@
-import { IHeadlessB2BSessionClient, IHeadlessB2BMagicLinksClient, IHeadlessB2BOrganizationClient, IHeadlessB2BOAuthClient, IHeadlessB2BMemberClient, IHeadlessB2BSSOClient, IHeadlessB2BDiscoveryClient, StytchClientOptions } from "@stytch/core/public";
+import { IHeadlessB2BSessionClient, IHeadlessB2BMagicLinksClient, IHeadlessB2BOrganizationClient, IHeadlessB2BOAuthClient, IHeadlessB2BMemberClient, IHeadlessB2BSSOClient, IHeadlessB2BDiscoveryClient, IHeadlessB2BOTPsClient, StytchClientOptions } from "@stytch/core/public";
 import { Callbacks as Callbacks$0 } from "@stytch/core/public";
 import { StyleConfig as StyleConfig$0 } from "@stytch/core/public";
 import { StytchB2BUIConfig as StytchB2BUIConfig$0 } from "@stytch/core/public";
@@ -26,6 +26,7 @@ type SessionDurationOptions = {
      */
     session_duration_minutes: number;
 };
+type locale = "en" | "es" | "pt-br" | string;
 // Authentication Factors
 interface B2BEmailFactor {
     delivery_method: "email";
@@ -35,8 +36,41 @@ interface B2BEmailFactor {
         email_id: string;
         email_address: string;
     };
+    sequence_order: "PRIMARY";
 }
-type B2BAuthenticationFactor = B2BEmailFactor;
+interface B2BPhoneNumberFactor {
+    delivery_method: "sms" | "whatsapp";
+    type: string;
+    last_authenticated_at: string;
+    phone_number_factor: {
+        phone_id: string;
+        phone_number: string;
+    };
+    sequence_order: "SECONDARY";
+}
+interface B2BGoogleOAuthFactor {
+    delivery_method: "oauth_google";
+    type: string;
+    last_authenticated_at: string;
+    google_oauth_factor: {
+        id: string;
+        email_id: string;
+        provider_subject: string;
+    };
+    sequence_order: "PRIMARY";
+}
+interface B2BMicrosoftOAuthFactor {
+    delivery_method: "oauth_microsoft";
+    type: string;
+    last_authenticated_at: string;
+    microsoft_oauth_factor: {
+        id: string;
+        email_id: string;
+        provider_subject: string;
+    };
+    sequence_order: "PRIMARY";
+}
+type B2BAuthenticationFactor = B2BEmailFactor | B2BPhoneNumberFactor | B2BGoogleOAuthFactor | B2BMicrosoftOAuthFactor;
 type MemberResponseCommon = ResponseCommon & {
     /**
      * Globally unique UUID that identifies a specific member in the Stytch API.
@@ -146,6 +180,15 @@ interface Member {
      * Returned if the member has a registered password
      */
     member_password_id: string;
+    /**
+     * If true, the member must complete a secondary authentication flow, such as SMS OTP, along with their
+     * primary authentication factor in order to log in and attain a member session.
+     */
+    mfa_enrolled: boolean;
+    /**
+     * Returned if the member has a phone number
+     */
+    mfa_phone_number: string;
 }
 type B2BAuthenticateResponse = ResponseCommon & {
     /**
@@ -184,6 +227,30 @@ type B2BAuthenticateResponse = ResponseCommon & {
      */
     organization: Organization;
 };
+type B2BAuthenticateResponseWithMFA = B2BAuthenticateResponse & {
+    /**
+     * The Member Session object.
+     * See {@link MemberSession} for details.
+     */
+    member_session: MemberSession | null;
+    /**
+     * Returns true if the member is fully authenticated, in which case a member session is returned.
+     * Returns false if the member still needs to complete a secondary authentication requirement,
+     * in which case an intermediate_session_token is returned.
+     */
+    member_authenticated: boolean;
+    /**
+     * If the intermediate_session_token is present, the member needs to complete MFA.
+     * The intermediate_session_token can be passed into a secondary authentication endpoint, such as OTP authenticate,
+     * in order to receive a member session. The intermediate_session_token can also be used with discovery endpoints
+     * to join a different organization or create a new organization.
+     */
+    intermediate_session_token: string;
+    /**
+     * Contains information about the member's options for completing MFA, if applicable.
+     */
+    mfa_required: MfaRequired | null;
+};
 interface Organization {
     /**
      * Globally unique UUID that identifies an organization in the Stytch API.
@@ -218,6 +285,17 @@ interface Organization {
     email_invites: "ALL_ALLOWED" | "RESTRICTED" | "NOT_ALLOWED";
     auth_methods: "ALL_ALLOWED" | "RESTRICTED";
     allowed_auth_methods: string[];
+    mfa_policy: "OPTIONAL" | "REQUIRED_FOR_ALL";
+}
+interface MfaRequired {
+    member_options: MemberOptions;
+    /**
+     * Equal to 'sms_otp' if an OTP code was sent to the member's phone number.
+     */
+    secondary_auth_initiated: "sms_otp" | null;
+}
+interface MemberOptions {
+    mfa_phone_number: string;
 }
 type B2BPasswordAuthenticateOptions = SessionDurationOptions & {
     /**
@@ -232,8 +310,13 @@ type B2BPasswordAuthenticateOptions = SessionDurationOptions & {
      * The password for the Member.
      */
     password: string;
+    /**
+     * The locale will be used if an OTP code is sent to the member's phone number as part of a
+     * secondary authentication requirement.
+     */
+    locale?: locale;
 };
-type B2BPasswordAuthenticateResponse = B2BAuthenticateResponse;
+type B2BPasswordAuthenticateResponse = B2BAuthenticateResponseWithMFA;
 type B2BPasswordResetByEmailStartOptions = {
     /**
      * The id of the Organization under which the Member and password belong
@@ -281,8 +364,13 @@ type B2BPasswordResetByEmailOptions = SessionDurationOptions & {
      * The new password for the Member.
      */
     password: string;
+    /**
+     * The locale will be used if an OTP code is sent to the member's phone number as part of a
+     * secondary authentication requirement.
+     */
+    locale?: locale;
 };
-type B2BPasswordResetByEmailResponse = B2BAuthenticateResponse;
+type B2BPasswordResetByEmailResponse = B2BAuthenticateResponseWithMFA;
 type B2BPasswordResetByExistingPasswordOptions = SessionDurationOptions & {
     /**
      * The id of the Organization under which the Member and password belong
@@ -300,8 +388,13 @@ type B2BPasswordResetByExistingPasswordOptions = SessionDurationOptions & {
      * The new password for the Member.
      */
     new_password: string;
+    /**
+     * The locale will be used if an OTP code is sent to the member's phone number as part of a
+     * secondary authentication requirement.
+     */
+    locale?: locale;
 };
-type B2BPasswordResetByExistingPasswordResponse = B2BAuthenticateResponse;
+type B2BPasswordResetByExistingPasswordResponse = B2BAuthenticateResponseWithMFA;
 type B2BPasswordResetBySessionOptions = {
     /**
      * The id of the Organization under which the Member and password belong
@@ -529,6 +622,7 @@ declare class StytchB2BHeadlessClient {
     sso: IHeadlessB2BSSOClient;
     discovery: IHeadlessB2BDiscoveryClient;
     passwords: IHeadlessB2BPasswordClient;
+    otps: IHeadlessB2BOTPsClient;
     constructor(_PUBLIC_TOKEN: string, options?: StytchClientOptions);
 }
 /**

package/dist/b2b/index.esm.d.ts

@@ -1,4 +1,4 @@
-import { IHeadlessB2BSessionClient, IHeadlessB2BMagicLinksClient, IHeadlessB2BOrganizationClient, IHeadlessB2BOAuthClient, IHeadlessB2BMemberClient, IHeadlessB2BSSOClient, IHeadlessB2BDiscoveryClient, StytchClientOptions } from "@stytch/core/public";
+import { IHeadlessB2BSessionClient, IHeadlessB2BMagicLinksClient, IHeadlessB2BOrganizationClient, IHeadlessB2BOAuthClient, IHeadlessB2BMemberClient, IHeadlessB2BSSOClient, IHeadlessB2BDiscoveryClient, IHeadlessB2BOTPsClient, StytchClientOptions } from "@stytch/core/public";
 import { Callbacks as Callbacks$0 } from "@stytch/core/public";
 import { StyleConfig as StyleConfig$0 } from "@stytch/core/public";
 import { StytchB2BUIConfig as StytchB2BUIConfig$0 } from "@stytch/core/public";
@@ -26,6 +26,7 @@ type SessionDurationOptions = {
      */
     session_duration_minutes: number;
 };
+type locale = "en" | "es" | "pt-br" | string;
 // Authentication Factors
 interface B2BEmailFactor {
     delivery_method: "email";
@@ -35,8 +36,41 @@ interface B2BEmailFactor {
         email_id: string;
         email_address: string;
     };
+    sequence_order: "PRIMARY";
 }
-type B2BAuthenticationFactor = B2BEmailFactor;
+interface B2BPhoneNumberFactor {
+    delivery_method: "sms" | "whatsapp";
+    type: string;
+    last_authenticated_at: string;
+    phone_number_factor: {
+        phone_id: string;
+        phone_number: string;
+    };
+    sequence_order: "SECONDARY";
+}
+interface B2BGoogleOAuthFactor {
+    delivery_method: "oauth_google";
+    type: string;
+    last_authenticated_at: string;
+    google_oauth_factor: {
+        id: string;
+        email_id: string;
+        provider_subject: string;
+    };
+    sequence_order: "PRIMARY";
+}
+interface B2BMicrosoftOAuthFactor {
+    delivery_method: "oauth_microsoft";
+    type: string;
+    last_authenticated_at: string;
+    microsoft_oauth_factor: {
+        id: string;
+        email_id: string;
+        provider_subject: string;
+    };
+    sequence_order: "PRIMARY";
+}
+type B2BAuthenticationFactor = B2BEmailFactor | B2BPhoneNumberFactor | B2BGoogleOAuthFactor | B2BMicrosoftOAuthFactor;
 type MemberResponseCommon = ResponseCommon & {
     /**
      * Globally unique UUID that identifies a specific member in the Stytch API.
@@ -146,6 +180,15 @@ interface Member {
      * Returned if the member has a registered password
      */
     member_password_id: string;
+    /**
+     * If true, the member must complete a secondary authentication flow, such as SMS OTP, along with their
+     * primary authentication factor in order to log in and attain a member session.
+     */
+    mfa_enrolled: boolean;
+    /**
+     * Returned if the member has a phone number
+     */
+    mfa_phone_number: string;
 }
 type B2BAuthenticateResponse = ResponseCommon & {
     /**
@@ -184,6 +227,30 @@ type B2BAuthenticateResponse = ResponseCommon & {
      */
     organization: Organization;
 };
+type B2BAuthenticateResponseWithMFA = B2BAuthenticateResponse & {
+    /**
+     * The Member Session object.
+     * See {@link MemberSession} for details.
+     */
+    member_session: MemberSession | null;
+    /**
+     * Returns true if the member is fully authenticated, in which case a member session is returned.
+     * Returns false if the member still needs to complete a secondary authentication requirement,
+     * in which case an intermediate_session_token is returned.
+     */
+    member_authenticated: boolean;
+    /**
+     * If the intermediate_session_token is present, the member needs to complete MFA.
+     * The intermediate_session_token can be passed into a secondary authentication endpoint, such as OTP authenticate,
+     * in order to receive a member session. The intermediate_session_token can also be used with discovery endpoints
+     * to join a different organization or create a new organization.
+     */
+    intermediate_session_token: string;
+    /**
+     * Contains information about the member's options for completing MFA, if applicable.
+     */
+    mfa_required: MfaRequired | null;
+};
 interface Organization {
     /**
      * Globally unique UUID that identifies an organization in the Stytch API.
@@ -218,6 +285,17 @@ interface Organization {
     email_invites: "ALL_ALLOWED" | "RESTRICTED" | "NOT_ALLOWED";
     auth_methods: "ALL_ALLOWED" | "RESTRICTED";
     allowed_auth_methods: string[];
+    mfa_policy: "OPTIONAL" | "REQUIRED_FOR_ALL";
+}
+interface MfaRequired {
+    member_options: MemberOptions;
+    /**
+     * Equal to 'sms_otp' if an OTP code was sent to the member's phone number.
+     */
+    secondary_auth_initiated: "sms_otp" | null;
+}
+interface MemberOptions {
+    mfa_phone_number: string;
 }
 type B2BPasswordAuthenticateOptions = SessionDurationOptions & {
     /**
@@ -232,8 +310,13 @@ type B2BPasswordAuthenticateOptions = SessionDurationOptions & {
      * The password for the Member.
      */
     password: string;
+    /**
+     * The locale will be used if an OTP code is sent to the member's phone number as part of a
+     * secondary authentication requirement.
+     */
+    locale?: locale;
 };
-type B2BPasswordAuthenticateResponse = B2BAuthenticateResponse;
+type B2BPasswordAuthenticateResponse = B2BAuthenticateResponseWithMFA;
 type B2BPasswordResetByEmailStartOptions = {
     /**
      * The id of the Organization under which the Member and password belong
@@ -281,8 +364,13 @@ type B2BPasswordResetByEmailOptions = SessionDurationOptions & {
      * The new password for the Member.
      */
     password: string;
+    /**
+     * The locale will be used if an OTP code is sent to the member's phone number as part of a
+     * secondary authentication requirement.
+     */
+    locale?: locale;
 };
-type B2BPasswordResetByEmailResponse = B2BAuthenticateResponse;
+type B2BPasswordResetByEmailResponse = B2BAuthenticateResponseWithMFA;
 type B2BPasswordResetByExistingPasswordOptions = SessionDurationOptions & {
     /**
      * The id of the Organization under which the Member and password belong
@@ -300,8 +388,13 @@ type B2BPasswordResetByExistingPasswordOptions = SessionDurationOptions & {
      * The new password for the Member.
      */
     new_password: string;
+    /**
+     * The locale will be used if an OTP code is sent to the member's phone number as part of a
+     * secondary authentication requirement.
+     */
+    locale?: locale;
 };
-type B2BPasswordResetByExistingPasswordResponse = B2BAuthenticateResponse;
+type B2BPasswordResetByExistingPasswordResponse = B2BAuthenticateResponseWithMFA;
 type B2BPasswordResetBySessionOptions = {
     /**
      * The id of the Organization under which the Member and password belong
@@ -529,6 +622,7 @@ declare class StytchB2BHeadlessClient {
     sso: IHeadlessB2BSSOClient;
     discovery: IHeadlessB2BDiscoveryClient;
     passwords: IHeadlessB2BPasswordClient;
+    otps: IHeadlessB2BOTPsClient;
     constructor(_PUBLIC_TOKEN: string, options?: StytchClientOptions);
 }
 /**