diff --git a/lib/stytch/b2b_discovery.rb b/lib/stytch/b2b_discovery.rb index 0d42eaf..375ab0a 100644 --- a/lib/stytch/b2b_discovery.rb +++ b/lib/stytch/b2b_discovery.rb @@ -147,7 +147,7 @@ def initialize(connection) # This endpoint will also create an initial Member Session for the newly created Member. # # The Member created by this endpoint will automatically be granted the `stytch_admin` Role. See the - # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for more details on this Role. + # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for more details on this Role. # # If the new Organization is created with a `mfa_policy` of `REQUIRED_FOR_ALL`, the newly created Member will need to complete an MFA step to log in to the Organization. # The `intermediate_session_token` will not be consumed and instead will be returned in the response. diff --git a/lib/stytch/b2b_oauth.rb b/lib/stytch/b2b_oauth.rb index 99bb8a4..951d3f6 100644 --- a/lib/stytch/b2b_oauth.rb +++ b/lib/stytch/b2b_oauth.rb @@ -122,7 +122,7 @@ def initialize(connection) # provider_values:: # The `provider_values` object lists relevant identifiers, values, and scopes for a given OAuth provider. For example this object will include a provider's `access_token` that you can use to access the provider's API for a given user. # - # Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only returned by Microsoft. + # Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only returned by Microsoft. Google One Tap does not return access tokens or refresh tokens. # The type of this field is nilable +ProviderValues+ (+object+). # mfa_required:: # Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA. diff --git a/lib/stytch/b2b_organizations.rb b/lib/stytch/b2b_organizations.rb index c3ba826..53ed1df 100644 --- a/lib/stytch/b2b_organizations.rb +++ b/lib/stytch/b2b_organizations.rb @@ -929,6 +929,41 @@ def delete_mfa_phone_number( delete_request("/v1/b2b/organizations/#{organization_id}/members/mfa_phone_numbers/#{member_id}", headers) end + # Delete a Member's MFA TOTP registration. + # + # To mint a new registration for a Member, you must first call this endpoint to delete the existing registration. + # + # Existing Member Sessions that include the TOTP authentication factor will not be revoked if the registration is deleted, and MFA will not be enforced until the Member logs in again. + # /%} + # + # == Parameters: + # organization_id:: + # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. + # The type of this field is +String+. + # member_id:: + # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. + # The type of this field is +String+. + # + # == Returns: + # An object with the following fields: + # request_id:: + # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. + # The type of this field is +String+. + # member_id:: + # Globally unique UUID that identifies a specific Member. + # The type of this field is +String+. + # member:: + # The [Member object](https://stytch.com/docs/b2b/api/member-object) + # The type of this field is +Member+ (+object+). + # organization:: + # The [Organization object](https://stytch.com/docs/b2b/api/organization-object). + # The type of this field is +Organization+ (+object+). + # status_code:: + # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. + # The type of this field is +Integer+. + # + # == Method Options: + # This method supports an optional +StytchB2B::Organizations::Members::DeleteTOTPRequestOptions+ object which will modify the headers sent in the HTTP request. def delete_totp( organization_id:, member_id:, @@ -1223,6 +1258,8 @@ def initialize(connection) # issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch will refresh the # access token automatically. # + # Google One Tap does not return access tokens. If the member has only authenticated through Google One Tap and not through a regular Google OAuth flow, this endpoint will not return any tokens. + # # __Note:__ Google does not issue a refresh token on every login, and refresh tokens may expire if unused. # To force a refresh token to be issued, pass the `?provider_prompt=consent` query param into the # [Start Google OAuth flow](https://stytch.com/docs/b2b/api/oauth-google-start) endpoint. @@ -1249,12 +1286,6 @@ def initialize(connection) # provider_subject:: # The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or "Subject field" in OAuth protocols. # The type of this field is +String+. - # access_token:: - # The `access_token` that you may use to access the User's data in the provider's API. - # The type of this field is +String+. - # access_token_expires_in:: - # The number of seconds until the access token expires. - # The type of this field is +Integer+. # id_token:: # The `id_token` returned by the OAuth provider. ID Tokens are JWTs that contain structured information about a user. The exact content of each ID Token varies from provider to provider. ID Tokens are returned from OAuth providers that conform to the [OpenID Connect](https://openid.net/foundation/) specification, which is based on OAuth. # The type of this field is +String+. @@ -1264,6 +1295,12 @@ def initialize(connection) # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. + # access_token:: + # The `access_token` that you may use to access the User's data in the provider's API. + # The type of this field is nilable +String+. + # access_token_expires_in:: + # The number of seconds until the access token expires. + # The type of this field is nilable +Integer+. # refresh_token:: # The `refresh_token` that you may use to obtain a new `access_token` for the User within the provider's API. # The type of this field is nilable +String+. diff --git a/lib/stytch/b2b_sessions.rb b/lib/stytch/b2b_sessions.rb index 1bf640d..2f51562 100644 --- a/lib/stytch/b2b_sessions.rb +++ b/lib/stytch/b2b_sessions.rb @@ -70,7 +70,7 @@ def get( # Authenticates a Session and updates its lifetime by the specified `session_duration_minutes`. If the `session_duration_minutes` is not specified, a Session will not be extended. This endpoint requires either a `session_jwt` or `session_token` be included in the request. It will return an error if both are present. # - # You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid. + # You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid. See our [How to use Stytch Session JWTs](https://stytch.com/docs/b2b/guides/sessions/using-jwts) guide for more information. # # If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions. # In addition, the `organization_id` passed in the authorization check must match the Member's Organization. @@ -316,7 +316,7 @@ def exchange( post_request('/v1/b2b/sessions/exchange', request, headers) end - # Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with a Member in your Organization and create a Stytch Session. + # Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing Member in your Organization and create a Stytch Session. You will need to create the member before using this endpoint. # # == Parameters: # session_token:: @@ -397,6 +397,8 @@ def migrate( # # If you're using your own JWT validation library, many have built-in support for JWKS rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWKS to use for validation by inspecting the `kid` value. # + # See our [How to use Stytch Session JWTs](https://stytch.com/docs/b2b/guides/sessions/using-jwts) guide for more information. + # # == Parameters: # project_id:: # The `project_id` to get the JWKS for. diff --git a/lib/stytch/b2b_sso.rb b/lib/stytch/b2b_sso.rb index 1066bdc..3a3fba6 100644 --- a/lib/stytch/b2b_sso.rb +++ b/lib/stytch/b2b_sso.rb @@ -76,6 +76,9 @@ def initialize(connection) # oidc_connections:: # The list of [OIDC Connections](https://stytch.com/docs/b2b/api/oidc-connection-object) owned by this organization. # The type of this field is list of +OIDCConnection+ (+object+). + # external_connections:: + # (no documentation yet) + # The type of this field is list of +Connection+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. @@ -306,6 +309,9 @@ def initialize(connection) # display_name:: # A human-readable display name for the connection. # The type of this field is nilable +String+. + # identity_provider:: + # The identity provider of this connection. For OIDC, the accepted values are `generic`, `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, and `google-workspace`. + # The type of this field is nilable +CreateConnectionRequestIdentityProvider+ (string enum). # # == Returns: # An object with the following fields: @@ -324,12 +330,14 @@ def initialize(connection) def create_connection( organization_id:, display_name: nil, + identity_provider: nil, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? request = {} request[:display_name] = display_name unless display_name.nil? + request[:identity_provider] = identity_provider unless identity_provider.nil? post_request("/v1/b2b/sso/oidc/#{organization_id}", request, headers) end @@ -385,6 +393,9 @@ def create_connection( # jwks_url:: # The location of the IdP's JSON Web Key Set, used to verify credentials issued by the IdP. This will be provided by the IdP. # The type of this field is nilable +String+. + # identity_provider:: + # The identity provider of this connection. For OIDC, the accepted values are `generic`, `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, and `google-workspace`. + # The type of this field is nilable +UpdateConnectionRequestIdentityProvider+ (string enum). # # == Returns: # An object with the following fields: @@ -414,6 +425,7 @@ def update_connection( token_url: nil, userinfo_url: nil, jwks_url: nil, + identity_provider: nil, method_options: nil ) headers = {} @@ -427,6 +439,7 @@ def update_connection( request[:token_url] = token_url unless token_url.nil? request[:userinfo_url] = userinfo_url unless userinfo_url.nil? request[:jwks_url] = jwks_url unless jwks_url.nil? + request[:identity_provider] = identity_provider unless identity_provider.nil? put_request("/v1/b2b/sso/oidc/#{organization_id}/connections/#{connection_id}", request, headers) end @@ -524,6 +537,9 @@ def initialize(connection) # display_name:: # A human-readable display name for the connection. # The type of this field is nilable +String+. + # identity_provider:: + # The identity provider of this connection. For OIDC, the accepted values are `generic`, `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, and `google-workspace`. + # The type of this field is nilable +CreateConnectionRequestIdentityProvider+ (string enum). # # == Returns: # An object with the following fields: @@ -542,12 +558,14 @@ def initialize(connection) def create_connection( organization_id:, display_name: nil, + identity_provider: nil, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? request = {} request[:display_name] = display_name unless display_name.nil? + request[:identity_provider] = identity_provider unless identity_provider.nil? post_request("/v1/b2b/sso/saml/#{organization_id}", request, headers) end @@ -597,6 +615,9 @@ def create_connection( # alternative_audience_uri:: # An alternative URL to use for the Audience Restriction. This value can be used when you wish to migrate an existing SAML integration to Stytch with zero downtime. # The type of this field is nilable +String+. + # identity_provider:: + # The identity provider of this connection. For OIDC, the accepted values are `generic`, `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, and `google-workspace`. + # The type of this field is nilable +UpdateConnectionRequestIdentityProvider+ (string enum). # # == Returns: # An object with the following fields: @@ -623,6 +644,7 @@ def update_connection( saml_connection_implicit_role_assignments: nil, saml_group_implicit_role_assignments: nil, alternative_audience_uri: nil, + identity_provider: nil, method_options: nil ) headers = {} @@ -636,6 +658,7 @@ def update_connection( request[:saml_connection_implicit_role_assignments] = saml_connection_implicit_role_assignments unless saml_connection_implicit_role_assignments.nil? request[:saml_group_implicit_role_assignments] = saml_group_implicit_role_assignments unless saml_group_implicit_role_assignments.nil? request[:alternative_audience_uri] = alternative_audience_uri unless alternative_audience_uri.nil? + request[:identity_provider] = identity_provider unless identity_provider.nil? put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}", request, headers) end diff --git a/lib/stytch/sessions.rb b/lib/stytch/sessions.rb index 3b92f14..6394e50 100644 --- a/lib/stytch/sessions.rb +++ b/lib/stytch/sessions.rb @@ -62,7 +62,9 @@ def get( get_request(request, headers) end - # Authenticate a session token and retrieve associated session data. If `session_duration_minutes` is included, update the lifetime of the session to be that many minutes from now. All timestamps are formatted according to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. This endpoint requires exactly one `session_jwt` or `session_token` as part of the request. If both are included you will receive a `too_many_session_arguments` error. + # Authenticate a session token or session JWT and retrieve associated session data. If `session_duration_minutes` is included, update the lifetime of the session to be that many minutes from now. All timestamps are formatted according to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. This endpoint requires exactly one `session_jwt` or `session_token` as part of the request. If both are included, you will receive a `too_many_session_arguments` error. + # + # You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid. See our [How to use Stytch Session JWTs](https://stytch.com/docs/guides/sessions/using-jwts) guide for more information. # # == Parameters: # session_token:: @@ -164,6 +166,8 @@ def revoke( # # If you're using your own JWT validation library, many have built-in support for JWKS rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWKS to use for validation by inspecting the `kid` value. # + # See our [How to use Stytch Session JWTs](https://stytch.com/docs/guides/sessions/using-jwts) guide for more information. + # # == Parameters: # project_id:: # The `project_id` to get the JWKS for. diff --git a/lib/stytch/version.rb b/lib/stytch/version.rb index 523ee60..f6cc401 100644 --- a/lib/stytch/version.rb +++ b/lib/stytch/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Stytch - VERSION = '8.0.0' + VERSION = '8.1.0' end