diff --git a/lib/stytch/b2b_client.rb b/lib/stytch/b2b_client.rb index 721941e..686b93c 100644 --- a/lib/stytch/b2b_client.rb +++ b/lib/stytch/b2b_client.rb @@ -56,7 +56,7 @@ def api_host(env, project_id) 'https://api.stytch.com' when :test 'https://test.stytch.com' - when %r{\Ahttps?://} + when /\Ahttps?:\/\// # If this is a string that looks like a URL, assume it's an internal development URL. env else @@ -84,4 +84,4 @@ def build_default_connection(builder) builder.adapter Faraday.default_adapter end end -end +end \ No newline at end of file diff --git a/lib/stytch/b2b_discovery.rb b/lib/stytch/b2b_discovery.rb index 0d42eaf..83330bb 100644 --- a/lib/stytch/b2b_discovery.rb +++ b/lib/stytch/b2b_discovery.rb @@ -9,6 +9,7 @@ require_relative 'request_helper' module StytchB2B + class Discovery include Stytch::RequestHelper attr_reader :intermediate_sessions, :organizations @@ -20,24 +21,27 @@ def initialize(connection) @organizations = StytchB2B::Discovery::Organizations.new(@connection) end + + class IntermediateSessions include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Exchange an Intermediate Session for a fully realized [Member Session](https://stytch.com/docs/b2b/api/session-object) in a desired [Organization](https://stytch.com/docs/b2b/api/organization-object). # This operation consumes the Intermediate Session. - # + # # This endpoint can be used to accept invites and create new members via domain matching. - # + # # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`. # The `intermediate_session_token` will not be consumed and instead will be returned in the response. # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. # The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. - # + # # == Parameters: # intermediate_session_token:: # The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. @@ -46,14 +50,14 @@ def initialize(connection) # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -65,15 +69,15 @@ def initialize(connection) # The type of this field is nilable +object+. # locale:: # If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. - # + # # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +ExchangeRequestLocale+ (string enum). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -113,8 +117,8 @@ def initialize(connection) # (no documentation yet) # The type of this field is nilable +PrimaryRequired+ (+object+). def exchange( - intermediate_session_token:, - organization_id:, + intermediate_session_token: , + organization_id: , session_duration_minutes: nil, session_custom_claims: nil, locale: nil @@ -124,37 +128,40 @@ def exchange( intermediate_session_token: intermediate_session_token, organization_id: organization_id } - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:locale] = locale unless locale.nil? + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:locale] = locale if locale != nil - post_request('/v1/b2b/discovery/intermediate_sessions/exchange', request, headers) + post_request("/v1/b2b/discovery/intermediate_sessions/exchange", request, headers) end - end + + + end class Organizations include Stytch::RequestHelper def initialize(connection) @connection = connection + end # If an end user does not want to join any already-existing Organization, or has no possible Organizations to join, this endpoint can be used to create a new # [Organization](https://stytch.com/docs/b2b/api/organization-object) and [Member](https://stytch.com/docs/b2b/api/member-object). - # + # # This operation consumes the Intermediate Session. - # + # # This endpoint will also create an initial Member Session for the newly created Member. - # - # The Member created by this endpoint will automatically be granted the `stytch_admin` Role. See the + # + # The Member created by this endpoint will automatically be granted the `stytch_admin` Role. See the # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for more details on this Role. - # + # # If the new Organization is created with a `mfa_policy` of `REQUIRED_FOR_ALL`, the newly created Member will need to complete an MFA step to log in to the Organization. # The `intermediate_session_token` will not be consumed and instead will be returned in the response. # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. # The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. - # + # # == Parameters: # intermediate_session_token:: # The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. @@ -166,14 +173,14 @@ def initialize(connection) # The unique URL slug of the Organization. A minimum of two characters is required. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. If the slug is not specified, a default slug will be created based on the email used to initiate the discovery flow. If the email domain is a common email provider such as gmail.com, or if the email is a .edu email, the organization slug will be generated based on the name portion of the email. Otherwise, the organization slug will be generated based on the email domain. # The type of this field is +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -191,79 +198,79 @@ def initialize(connection) # The type of this field is nilable +object+. # sso_jit_provisioning:: # The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are: - # + # # `ALL_ALLOWED` – new Members will be automatically provisioned upon successful authentication via any of the Organization's `sso_active_connections`. - # + # # `RESTRICTED` – only new Members with SSO logins that comply with `sso_jit_provisioning_allowed_connections` can be provisioned upon authentication. - # + # # `NOT_ALLOWED` – disable JIT provisioning via SSO. - # + # # The type of this field is nilable +String+. # email_allowed_domains:: - # An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`. - # - # + # An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`. + # + # # Common domains such as `gmail.com` are not allowed. See the [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list. # The type of this field is nilable list of +String+. # email_jit_provisioning:: - # The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are: - # + # The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are: + # # `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth. - # + # # `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth. - # + # # The type of this field is nilable +String+. # email_invites:: - # The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are: - # - # `ALL_ALLOWED` – any new Member can be invited to join via email. - # + # The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are: + # + # `ALL_ALLOWED` – any new Member can be invited to join via email. + # # `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be invited via email. - # + # # `NOT_ALLOWED` – disable email invites. - # + # # The type of this field is nilable +String+. # auth_methods:: # The setting that controls which authentication methods can be used by Members of an Organization. The accepted values are: - # + # # `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. - # + # # `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. - # + # # The type of this field is nilable +String+. # allowed_auth_methods:: - # An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. + # An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. # The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`. - # + # # The type of this field is nilable list of +String+. # mfa_policy:: # The setting that controls the MFA policy for all Members in the Organization. The accepted values are: - # - # `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid. - # + # + # `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid. + # # `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true. - # + # # The type of this field is nilable +String+. # rbac_email_implicit_role_assignments:: - # Implicit role assignments based off of email domains. + # Implicit role assignments based off of email domains. # For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the # associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) # for more information about role assignment. # The type of this field is nilable list of +EmailImplicitRoleAssignment+ (+object+). # mfa_methods:: # The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are: - # + # # `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. - # + # # `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. - # + # # The type of this field is nilable +String+. # allowed_mfa_methods:: # An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`. # The list's accepted values are: `sms_otp` and `totp`. - # + # # The type of this field is nilable list of +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -303,9 +310,9 @@ def initialize(connection) # (no documentation yet) # The type of this field is nilable +PrimaryRequired+ (+object+). def create( - intermediate_session_token:, - organization_name:, - organization_slug:, + intermediate_session_token: , + organization_name: , + organization_slug: , session_duration_minutes: nil, session_custom_claims: nil, organization_logo_url: nil, @@ -327,38 +334,38 @@ def create( organization_name: organization_name, organization_slug: organization_slug } - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:organization_logo_url] = organization_logo_url unless organization_logo_url.nil? - request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? - request[:sso_jit_provisioning] = sso_jit_provisioning unless sso_jit_provisioning.nil? - request[:email_allowed_domains] = email_allowed_domains unless email_allowed_domains.nil? - request[:email_jit_provisioning] = email_jit_provisioning unless email_jit_provisioning.nil? - request[:email_invites] = email_invites unless email_invites.nil? - request[:auth_methods] = auth_methods unless auth_methods.nil? - request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil? - request[:mfa_policy] = mfa_policy unless mfa_policy.nil? - request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil? - request[:mfa_methods] = mfa_methods unless mfa_methods.nil? - request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil? + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:organization_logo_url] = organization_logo_url if organization_logo_url != nil + request[:trusted_metadata] = trusted_metadata if trusted_metadata != nil + request[:sso_jit_provisioning] = sso_jit_provisioning if sso_jit_provisioning != nil + request[:email_allowed_domains] = email_allowed_domains if email_allowed_domains != nil + request[:email_jit_provisioning] = email_jit_provisioning if email_jit_provisioning != nil + request[:email_invites] = email_invites if email_invites != nil + request[:auth_methods] = auth_methods if auth_methods != nil + request[:allowed_auth_methods] = allowed_auth_methods if allowed_auth_methods != nil + request[:mfa_policy] = mfa_policy if mfa_policy != nil + request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments if rbac_email_implicit_role_assignments != nil + request[:mfa_methods] = mfa_methods if mfa_methods != nil + request[:allowed_mfa_methods] = allowed_mfa_methods if allowed_mfa_methods != nil - post_request('/v1/b2b/discovery/organizations/create', request, headers) + post_request("/v1/b2b/discovery/organizations/create", request, headers) end # List all possible organization relationships connected to a [Member Session](https://stytch.com/docs/b2b/api/session-object) or Intermediate Session. - # + # # When a Member Session is passed in, relationships with a type of `active_member`, `pending_member`, or `invited_member` # will be returned, and any membership can be assumed by calling the [Exchange Session](https://stytch.com/docs/b2b/api/exchange-session) endpoint. - # - # When an Intermediate Session is passed in, all relationship types - `active_member`, `pending_member`, `invited_member`, - # and `eligible_to_join_by_email_domain` - will be returned, - # and any membership can be assumed by calling the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) endpoint. - # + # + # When an Intermediate Session is passed in, all relationship types - `active_member`, `pending_member`, `invited_member`, + # and `eligible_to_join_by_email_domain` - will be returned, + # and any membership can be assumed by calling the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) endpoint. + # # This endpoint requires either an `intermediate_session_token`, `session_jwt` or `session_token` be included in the request. # It will return an error if multiple are present. - # + # # This operation does not consume the Intermediate Session or Session Token passed in. - # + # # == Parameters: # intermediate_session_token:: # The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. @@ -369,7 +376,7 @@ def create( # session_jwt:: # The JSON Web Token (JWT) for a given Stytch Session. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -380,16 +387,16 @@ def create( # The type of this field is +String+. # discovered_organizations:: # An array of `discovered_organization` objects tied to the `intermediate_session_token`, `session_token`, or `session_jwt`. See the [Discovered Organization Object](https://stytch.com/docs/b2b/api/discovered-organization-object) for complete details. - # + # # Note that Organizations will only appear here under any of the following conditions: # 1. The end user is already a Member of the Organization. - # 2. The end user is invited to the Organization. - # 3. The end user can join the Organization because: - # + # 2. The end user is invited to the Organization. + # 3. The end user can join the Organization because: + # # a) The Organization allows JIT provisioning. - # + # # b) The Organizations' allowed domains list contains the Member's email domain. - # + # # c) The Organization has at least one other Member with a verified email address with the same domain as the end user (to prevent phishing attacks). # The type of this field is list of +DiscoveredOrganization+ (+object+). # status_code:: @@ -404,13 +411,17 @@ def list( session_jwt: nil ) headers = {} - request = {} - request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? + request = { + } + request[:intermediate_session_token] = intermediate_session_token if intermediate_session_token != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil - post_request('/v1/b2b/discovery/organizations', request, headers) + post_request("/v1/b2b/discovery/organizations", request, headers) end + + + end end -end +end \ No newline at end of file diff --git a/lib/stytch/b2b_magic_links.rb b/lib/stytch/b2b_magic_links.rb index 820ba63..d7875fc 100644 --- a/lib/stytch/b2b_magic_links.rb +++ b/lib/stytch/b2b_magic_links.rb @@ -9,6 +9,7 @@ require_relative 'request_helper' module StytchB2B + class MagicLinks include Stytch::RequestHelper attr_reader :email, :discovery @@ -22,15 +23,15 @@ def initialize(connection) # Authenticate a Member with a Magic Link. This endpoint requires a Magic Link token that is not expired or previously used. If the Member’s status is `pending` or `invited`, they will be updated to `active`. # Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. - # + # # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. - # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), # or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA step and acquire a full member session. # The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. - # + # # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step. - # + # # == Parameters: # magic_links_token:: # The Email Magic Link token to authenticate. @@ -49,14 +50,14 @@ def initialize(connection) # are provided. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -68,18 +69,18 @@ def initialize(connection) # The type of this field is nilable +object+. # locale:: # If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. - # + # # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +AuthenticateRequestLocale+ (string enum). # intermediate_session_token:: # Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -126,7 +127,7 @@ def initialize(connection) # Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA. # The type of this field is nilable +MfaRequired+ (+object+). def authenticate( - magic_links_token:, + magic_links_token: , pkce_code_verifier: nil, session_token: nil, session_jwt: nil, @@ -139,17 +140,19 @@ def authenticate( request = { magic_links_token: magic_links_token } - request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:locale] = locale unless locale.nil? - request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil? - - post_request('/v1/b2b/magic_links/authenticate', request, headers) + request[:pkce_code_verifier] = pkce_code_verifier if pkce_code_verifier != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:locale] = locale if locale != nil + request[:intermediate_session_token] = intermediate_session_token if intermediate_session_token != nil + + post_request("/v1/b2b/magic_links/authenticate", request, headers) end + + class Email include Stytch::RequestHelper attr_reader :discovery @@ -161,7 +164,7 @@ def initialize(connection) end # Send either a login or signup magic link to a Member. A new, pending, or invited Member will receive a signup Email Magic Link. Members will have a `pending` status until they successfully authenticate. An active Member will receive a login Email Magic Link. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -192,13 +195,13 @@ def initialize(connection) # The type of this field is nilable +String+. # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +LoginOrSignupRequestLocale+ (string enum). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -220,8 +223,8 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def login_or_signup( - organization_id:, - email_address:, + organization_id: , + email_address: , login_redirect_url: nil, signup_redirect_url: nil, pkce_code_challenge: nil, @@ -234,18 +237,18 @@ def login_or_signup( organization_id: organization_id, email_address: email_address } - request[:login_redirect_url] = login_redirect_url unless login_redirect_url.nil? - request[:signup_redirect_url] = signup_redirect_url unless signup_redirect_url.nil? - request[:pkce_code_challenge] = pkce_code_challenge unless pkce_code_challenge.nil? - request[:login_template_id] = login_template_id unless login_template_id.nil? - request[:signup_template_id] = signup_template_id unless signup_template_id.nil? - request[:locale] = locale unless locale.nil? - - post_request('/v1/b2b/magic_links/email/login_or_signup', request, headers) + request[:login_redirect_url] = login_redirect_url if login_redirect_url != nil + request[:signup_redirect_url] = signup_redirect_url if signup_redirect_url != nil + request[:pkce_code_challenge] = pkce_code_challenge if pkce_code_challenge != nil + request[:login_template_id] = login_template_id if login_template_id != nil + request[:signup_template_id] = signup_template_id if signup_template_id != nil + request[:locale] = locale if locale != nil + + post_request("/v1/b2b/magic_links/email/login_or_signup", request, headers) end # Send an invite email to a new Member to join an Organization. The Member will be created with an `invited` status until they successfully authenticate. Sending invites to `pending` Members will update their status to `invited`. Sending invites to already `active` Members will return an error. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -278,17 +281,17 @@ def login_or_signup( # The type of this field is nilable +String+. # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +InviteRequestLocale+ (string enum). # roles:: # Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) # for more information about role assignment. # The type of this field is nilable list of +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -306,12 +309,12 @@ def login_or_signup( # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +InviteRequestOptions+ object which will modify the headers sent in the HTTP request. def invite( - organization_id:, - email_address:, + organization_id: , + email_address: , invite_redirect_url: nil, invited_by_member_id: nil, name: nil, @@ -323,32 +326,35 @@ def invite( method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil request = { organization_id: organization_id, email_address: email_address } - request[:invite_redirect_url] = invite_redirect_url unless invite_redirect_url.nil? - request[:invited_by_member_id] = invited_by_member_id unless invited_by_member_id.nil? - request[:name] = name unless name.nil? - request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? - request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil? - request[:invite_template_id] = invite_template_id unless invite_template_id.nil? - request[:locale] = locale unless locale.nil? - request[:roles] = roles unless roles.nil? - - post_request('/v1/b2b/magic_links/email/invite', request, headers) + request[:invite_redirect_url] = invite_redirect_url if invite_redirect_url != nil + request[:invited_by_member_id] = invited_by_member_id if invited_by_member_id != nil + request[:name] = name if name != nil + request[:trusted_metadata] = trusted_metadata if trusted_metadata != nil + request[:untrusted_metadata] = untrusted_metadata if untrusted_metadata != nil + request[:invite_template_id] = invite_template_id if invite_template_id != nil + request[:locale] = locale if locale != nil + request[:roles] = roles if roles != nil + + post_request("/v1/b2b/magic_links/email/invite", request, headers) end + + class Discovery include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Send a discovery magic link to an email address. - # + # # == Parameters: # email_address:: # The email address of the Member. @@ -367,13 +373,13 @@ def initialize(connection) # The type of this field is nilable +String+. # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +SendRequestLocale+ (string enum). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -383,7 +389,7 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def send( - email_address:, + email_address: , discovery_redirect_url: nil, pkce_code_challenge: nil, login_template_id: nil, @@ -393,25 +399,28 @@ def send( request = { email_address: email_address } - request[:discovery_redirect_url] = discovery_redirect_url unless discovery_redirect_url.nil? - request[:pkce_code_challenge] = pkce_code_challenge unless pkce_code_challenge.nil? - request[:login_template_id] = login_template_id unless login_template_id.nil? - request[:locale] = locale unless locale.nil? + request[:discovery_redirect_url] = discovery_redirect_url if discovery_redirect_url != nil + request[:pkce_code_challenge] = pkce_code_challenge if pkce_code_challenge != nil + request[:login_template_id] = login_template_id if login_template_id != nil + request[:locale] = locale if locale != nil - post_request('/v1/b2b/magic_links/email/discovery/send', request, headers) + post_request("/v1/b2b/magic_links/email/discovery/send", request, headers) end + + + end end - class Discovery include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Authenticates the Discovery Magic Link token and exchanges it for an Intermediate Session Token. Intermediate Session Tokens can be used for various Discovery login flows and are valid for 10 minutes. - # + # # == Parameters: # discovery_magic_links_token:: # The Discovery Email Magic Link token to authenticate. @@ -419,7 +428,7 @@ def initialize(connection) # pkce_code_verifier:: # A base64url encoded one time secret used to validate that the request starts and ends on the same device. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -433,33 +442,36 @@ def initialize(connection) # The type of this field is +String+. # discovered_organizations:: # An array of `discovered_organization` objects tied to the `intermediate_session_token`, `session_token`, or `session_jwt`. See the [Discovered Organization Object](https://stytch.com/docs/b2b/api/discovered-organization-object) for complete details. - # + # # Note that Organizations will only appear here under any of the following conditions: # 1. The end user is already a Member of the Organization. - # 2. The end user is invited to the Organization. - # 3. The end user can join the Organization because: - # + # 2. The end user is invited to the Organization. + # 3. The end user can join the Organization because: + # # a) The Organization allows JIT provisioning. - # + # # b) The Organizations' allowed domains list contains the Member's email domain. - # + # # c) The Organization has at least one other Member with a verified email address with the same domain as the end user (to prevent phishing attacks). # The type of this field is list of +DiscoveredOrganization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def authenticate( - discovery_magic_links_token:, + discovery_magic_links_token: , pkce_code_verifier: nil ) headers = {} request = { discovery_magic_links_token: discovery_magic_links_token } - request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil? + request[:pkce_code_verifier] = pkce_code_verifier if pkce_code_verifier != nil - post_request('/v1/b2b/magic_links/discovery/authenticate', request, headers) + post_request("/v1/b2b/magic_links/discovery/authenticate", request, headers) end + + + end end -end +end \ No newline at end of file diff --git a/lib/stytch/b2b_oauth.rb b/lib/stytch/b2b_oauth.rb index 99bb8a4..994ff4d 100644 --- a/lib/stytch/b2b_oauth.rb +++ b/lib/stytch/b2b_oauth.rb @@ -9,6 +9,7 @@ require_relative 'request_helper' module StytchB2B + class OAuth include Stytch::RequestHelper attr_reader :discovery @@ -20,16 +21,16 @@ def initialize(connection) end # Authenticate a Member given a `token`. This endpoint verifies that the member completed the OAuth flow by verifying that the token is valid and hasn't expired. Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. - # + # # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. # The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. - # + # # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step. - # + # # We’re actively accepting requests for new OAuth providers! Please [email us](mailto:support@stytch.com) or [post in our community](https://stytch.com/docs/b2b/resources) if you are looking for an OAuth provider that is not currently supported. - # + # # == Parameters: # oauth_token:: # The token to authenticate. @@ -38,14 +39,14 @@ def initialize(connection) # A secret token for a given Stytch Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -63,18 +64,18 @@ def initialize(connection) # The type of this field is nilable +String+. # locale:: # If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. - # + # # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +AuthenticateRequestLocale+ (string enum). # intermediate_session_token:: # Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -121,7 +122,7 @@ def initialize(connection) # The type of this field is nilable +MemberSession+ (+object+). # provider_values:: # The `provider_values` object lists relevant identifiers, values, and scopes for a given OAuth provider. For example this object will include a provider's `access_token` that you can use to access the provider's API for a given user. - # + # # Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only returned by Microsoft. # The type of this field is nilable +ProviderValues+ (+object+). # mfa_required:: @@ -131,7 +132,7 @@ def initialize(connection) # (no documentation yet) # The type of this field is nilable +PrimaryRequired+ (+object+). def authenticate( - oauth_token:, + oauth_token: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -144,26 +145,29 @@ def authenticate( request = { oauth_token: oauth_token } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil? - request[:locale] = locale unless locale.nil? - request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil? - - post_request('/v1/b2b/oauth/authenticate', request, headers) + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:pkce_code_verifier] = pkce_code_verifier if pkce_code_verifier != nil + request[:locale] = locale if locale != nil + request[:intermediate_session_token] = intermediate_session_token if intermediate_session_token != nil + + post_request("/v1/b2b/oauth/authenticate", request, headers) end + + class Discovery include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Authenticates the Discovery OAuth token and exchanges it for an Intermediate Session Token. Intermediate Session Tokens can be used for various Discovery login flows and are valid for 10 minutes. - # + # # == Parameters: # discovery_oauth_token:: # The Discovery OAuth token to authenticate. @@ -183,7 +187,7 @@ def initialize(connection) # pkce_code_verifier:: # A base64url encoded one time secret used to validate that the request starts and ends on the same device. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -197,16 +201,16 @@ def initialize(connection) # The type of this field is +String+. # discovered_organizations:: # An array of `discovered_organization` objects tied to the `intermediate_session_token`, `session_token`, or `session_jwt`. See the [Discovered Organization Object](https://stytch.com/docs/b2b/api/discovered-organization-object) for complete details. - # + # # Note that Organizations will only appear here under any of the following conditions: # 1. The end user is already a Member of the Organization. - # 2. The end user is invited to the Organization. - # 3. The end user can join the Organization because: - # + # 2. The end user is invited to the Organization. + # 3. The end user can join the Organization because: + # # a) The Organization allows JIT provisioning. - # + # # b) The Organizations' allowed domains list contains the Member's email domain. - # + # # c) The Organization has at least one other Member with a verified email address with the same domain as the end user (to prevent phishing attacks). # The type of this field is list of +DiscoveredOrganization+ (+object+). # provider_type:: @@ -219,7 +223,7 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def authenticate( - discovery_oauth_token:, + discovery_oauth_token: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -230,14 +234,17 @@ def authenticate( request = { discovery_oauth_token: discovery_oauth_token } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil? + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:pkce_code_verifier] = pkce_code_verifier if pkce_code_verifier != nil - post_request('/v1/b2b/oauth/discovery/authenticate', request, headers) + post_request("/v1/b2b/oauth/discovery/authenticate", request, headers) end + + + end end -end +end \ No newline at end of file diff --git a/lib/stytch/b2b_organizations.rb b/lib/stytch/b2b_organizations.rb index 3659dfa..741a8b6 100644 --- a/lib/stytch/b2b_organizations.rb +++ b/lib/stytch/b2b_organizations.rb @@ -11,38 +11,35 @@ module StytchB2B class UpdateRequestOptions # Optional authorization object. - # Pass in an active Stytch Member session token or session JWT and the request - # will be run using that member's permissions. +# Pass in an active Stytch Member session token or session JWT and the request +# will be run using that member's permissions. attr_accessor :authorization def initialize( - authorization: nil - ) + authorization: nil ) @authorization = authorization end def to_headers headers = {} - headers.merge!(@authorization.to_headers) if authorization + headers.merge!(@authorization.to_headers) if self.authorization headers end end - class DeleteRequestOptions # Optional authorization object. - # Pass in an active Stytch Member session token or session JWT and the request - # will be run using that member's permissions. +# Pass in an active Stytch Member session token or session JWT and the request +# will be run using that member's permissions. attr_accessor :authorization def initialize( - authorization: nil - ) + authorization: nil ) @authorization = authorization end def to_headers headers = {} - headers.merge!(@authorization.to_headers) if authorization + headers.merge!(@authorization.to_headers) if self.authorization headers end end @@ -58,11 +55,11 @@ def initialize(connection) end # Creates an Organization. An `organization_name` and a unique `organization_slug` are required. - # + # # By default, `email_invites` and `sso_jit_provisioning` will be set to `ALL_ALLOWED`, and `mfa_policy` will be set to `OPTIONAL` if no Organization authentication settings are explicitly defined in the request. - # + # # *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors. - # + # # == Parameters: # organization_name:: # The name of the Organization. Must be between 1 and 128 characters in length. @@ -78,79 +75,79 @@ def initialize(connection) # The type of this field is nilable +object+. # sso_jit_provisioning:: # The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are: - # + # # `ALL_ALLOWED` – new Members will be automatically provisioned upon successful authentication via any of the Organization's `sso_active_connections`. - # + # # `RESTRICTED` – only new Members with SSO logins that comply with `sso_jit_provisioning_allowed_connections` can be provisioned upon authentication. - # + # # `NOT_ALLOWED` – disable JIT provisioning via SSO. - # + # # The type of this field is nilable +String+. # email_allowed_domains:: - # An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`. - # - # + # An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`. + # + # # Common domains such as `gmail.com` are not allowed. See the [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list. # The type of this field is nilable list of +String+. # email_jit_provisioning:: - # The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are: - # + # The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are: + # # `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth. - # + # # `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth. - # + # # The type of this field is nilable +String+. # email_invites:: - # The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are: - # - # `ALL_ALLOWED` – any new Member can be invited to join via email. - # + # The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are: + # + # `ALL_ALLOWED` – any new Member can be invited to join via email. + # # `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be invited via email. - # + # # `NOT_ALLOWED` – disable email invites. - # + # # The type of this field is nilable +String+. # auth_methods:: # The setting that controls which authentication methods can be used by Members of an Organization. The accepted values are: - # + # # `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. - # + # # `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. - # + # # The type of this field is nilable +String+. # allowed_auth_methods:: - # An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. + # An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. # The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`. - # + # # The type of this field is nilable list of +String+. # mfa_policy:: # The setting that controls the MFA policy for all Members in the Organization. The accepted values are: - # - # `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid. - # + # + # `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid. + # # `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true. - # + # # The type of this field is nilable +String+. # rbac_email_implicit_role_assignments:: - # Implicit role assignments based off of email domains. + # Implicit role assignments based off of email domains. # For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the # associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) # for more information about role assignment. # The type of this field is nilable list of +EmailImplicitRoleAssignment+ (+object+). # mfa_methods:: # The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are: - # + # # `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. - # + # # `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. - # + # # The type of this field is nilable +String+. # allowed_mfa_methods:: # An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`. # The list's accepted values are: `sms_otp` and `totp`. - # + # # The type of this field is nilable list of +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -163,7 +160,7 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def create( - organization_name:, + organization_name: , organization_slug: nil, organization_logo_url: nil, trusted_metadata: nil, @@ -182,30 +179,30 @@ def create( request = { organization_name: organization_name } - request[:organization_slug] = organization_slug unless organization_slug.nil? - request[:organization_logo_url] = organization_logo_url unless organization_logo_url.nil? - request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? - request[:sso_jit_provisioning] = sso_jit_provisioning unless sso_jit_provisioning.nil? - request[:email_allowed_domains] = email_allowed_domains unless email_allowed_domains.nil? - request[:email_jit_provisioning] = email_jit_provisioning unless email_jit_provisioning.nil? - request[:email_invites] = email_invites unless email_invites.nil? - request[:auth_methods] = auth_methods unless auth_methods.nil? - request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil? - request[:mfa_policy] = mfa_policy unless mfa_policy.nil? - request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil? - request[:mfa_methods] = mfa_methods unless mfa_methods.nil? - request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil? + request[:organization_slug] = organization_slug if organization_slug != nil + request[:organization_logo_url] = organization_logo_url if organization_logo_url != nil + request[:trusted_metadata] = trusted_metadata if trusted_metadata != nil + request[:sso_jit_provisioning] = sso_jit_provisioning if sso_jit_provisioning != nil + request[:email_allowed_domains] = email_allowed_domains if email_allowed_domains != nil + request[:email_jit_provisioning] = email_jit_provisioning if email_jit_provisioning != nil + request[:email_invites] = email_invites if email_invites != nil + request[:auth_methods] = auth_methods if auth_methods != nil + request[:allowed_auth_methods] = allowed_auth_methods if allowed_auth_methods != nil + request[:mfa_policy] = mfa_policy if mfa_policy != nil + request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments if rbac_email_implicit_role_assignments != nil + request[:mfa_methods] = mfa_methods if mfa_methods != nil + request[:allowed_mfa_methods] = allowed_mfa_methods if allowed_mfa_methods != nil - post_request('/v1/b2b/organizations', request, headers) + post_request("/v1/b2b/organizations", request, headers) end # Returns an Organization specified by `organization_id`. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -218,160 +215,161 @@ def create( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def get( - organization_id: + organization_id: ) headers = {} - query_params = {} + query_params = { + } request = request_with_query_params("/v1/b2b/organizations/#{organization_id}", query_params) get_request(request, headers) end # Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members. - # + # # *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors. - # + # # Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in # a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the # Member Session has the necessary permissions. The specific permissions needed depend on which of the optional fields # are passed in the request. For example, if the `organization_name` argument is provided, the Member Session must have # permission to perform the `update.info.name` action on the `stytch.organization` Resource. - # + # # If the Member Session does not contain a Role that satisfies the requested permissions, or if the Member's Organization # does not match the `organization_id` passed in the request, a 403 error will be thrown. Otherwise, the request will # proceed as normal. - # + # # To learn more about our RBAC implementation, see our [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/overview). - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # organization_name:: # The name of the Organization. Must be between 1 and 128 characters in length. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.name` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # organization_slug:: # The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.slug` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # organization_logo_url:: # The image URL of the Organization logo. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.logo-url` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # trusted_metadata:: # An arbitrary JSON object for storing application-specific data or identity-provider-specific data. - # If a session header is passed into the request, this field may **not** be passed into the request. You cannot + # If a session header is passed into the request, this field may **not** be passed into the request. You cannot # update trusted metadata when acting as a Member. # The type of this field is nilable +object+. # sso_default_connection_id:: # The default connection used for SSO when there are multiple active connections. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.default-sso-connection` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # sso_jit_provisioning:: # The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are: - # + # # `ALL_ALLOWED` – new Members will be automatically provisioned upon successful authentication via any of the Organization's `sso_active_connections`. - # + # # `RESTRICTED` – only new Members with SSO logins that comply with `sso_jit_provisioning_allowed_connections` can be provisioned upon authentication. - # + # # `NOT_ALLOWED` – disable JIT provisioning via SSO. - # - # + # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.sso-jit-provisioning` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # sso_jit_provisioning_allowed_connections:: - # An array of `connection_id`s that reference [SAML Connection objects](https://stytch.com/docs/b2b/api/saml-connection-object). + # An array of `connection_id`s that reference [SAML Connection objects](https://stytch.com/docs/b2b/api/saml-connection-object). # Only these connections will be allowed to JIT provision Members via SSO when `sso_jit_provisioning` is set to `RESTRICTED`. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.sso-jit-provisioning` action on the `stytch.organization` Resource. # The type of this field is nilable list of +String+. # email_allowed_domains:: - # An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`. - # - # + # An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`. + # + # # Common domains such as `gmail.com` are not allowed. See the [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-domains` action on the `stytch.organization` Resource. # The type of this field is nilable list of +String+. # email_jit_provisioning:: - # The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are: - # + # The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are: + # # `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth. - # + # # `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth. - # - # + # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.email-jit-provisioning` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # email_invites:: - # The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are: - # - # `ALL_ALLOWED` – any new Member can be invited to join via email. - # + # The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are: + # + # `ALL_ALLOWED` – any new Member can be invited to join via email. + # # `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be invited via email. - # + # # `NOT_ALLOWED` – disable email invites. - # - # + # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.email-invites` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # auth_methods:: # The setting that controls which authentication methods can be used by Members of an Organization. The accepted values are: - # + # # `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. - # + # # `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. - # - # + # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # allowed_auth_methods:: - # An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. + # An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. # The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`. - # - # + # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource. # The type of this field is nilable list of +String+. # mfa_policy:: # The setting that controls the MFA policy for all Members in the Organization. The accepted values are: - # - # `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid. - # + # + # `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid. + # # `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true. - # - # + # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.mfa-policy` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # rbac_email_implicit_role_assignments:: - # Implicit role assignments based off of email domains. + # Implicit role assignments based off of email domains. # For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the # associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) # for more information about role assignment. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.implicit-roles` action on the `stytch.organization` Resource. # The type of this field is nilable list of +EmailImplicitRoleAssignment+. # mfa_methods:: # The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are: - # + # # `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. - # + # # `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. - # - # + # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # allowed_mfa_methods:: # An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`. # The list's accepted values are: `sms_otp` and `totp`. - # - # + # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource. # The type of this field is nilable list of +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -383,11 +381,11 @@ def get( # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +UpdateRequestOptions+ object which will modify the headers sent in the HTTP request. def update( - organization_id:, + organization_id: , organization_name: nil, organization_slug: nil, organization_logo_url: nil, @@ -407,35 +405,36 @@ def update( method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - request = {} - request[:organization_name] = organization_name unless organization_name.nil? - request[:organization_slug] = organization_slug unless organization_slug.nil? - request[:organization_logo_url] = organization_logo_url unless organization_logo_url.nil? - request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? - request[:sso_default_connection_id] = sso_default_connection_id unless sso_default_connection_id.nil? - request[:sso_jit_provisioning] = sso_jit_provisioning unless sso_jit_provisioning.nil? - request[:sso_jit_provisioning_allowed_connections] = sso_jit_provisioning_allowed_connections unless sso_jit_provisioning_allowed_connections.nil? - request[:email_allowed_domains] = email_allowed_domains unless email_allowed_domains.nil? - request[:email_jit_provisioning] = email_jit_provisioning unless email_jit_provisioning.nil? - request[:email_invites] = email_invites unless email_invites.nil? - request[:auth_methods] = auth_methods unless auth_methods.nil? - request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil? - request[:mfa_policy] = mfa_policy unless mfa_policy.nil? - request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil? - request[:mfa_methods] = mfa_methods unless mfa_methods.nil? - request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil + request = { + } + request[:organization_name] = organization_name if organization_name != nil + request[:organization_slug] = organization_slug if organization_slug != nil + request[:organization_logo_url] = organization_logo_url if organization_logo_url != nil + request[:trusted_metadata] = trusted_metadata if trusted_metadata != nil + request[:sso_default_connection_id] = sso_default_connection_id if sso_default_connection_id != nil + request[:sso_jit_provisioning] = sso_jit_provisioning if sso_jit_provisioning != nil + request[:sso_jit_provisioning_allowed_connections] = sso_jit_provisioning_allowed_connections if sso_jit_provisioning_allowed_connections != nil + request[:email_allowed_domains] = email_allowed_domains if email_allowed_domains != nil + request[:email_jit_provisioning] = email_jit_provisioning if email_jit_provisioning != nil + request[:email_invites] = email_invites if email_invites != nil + request[:auth_methods] = auth_methods if auth_methods != nil + request[:allowed_auth_methods] = allowed_auth_methods if allowed_auth_methods != nil + request[:mfa_policy] = mfa_policy if mfa_policy != nil + request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments if rbac_email_implicit_role_assignments != nil + request[:mfa_methods] = mfa_methods if mfa_methods != nil + request[:allowed_mfa_methods] = allowed_mfa_methods if allowed_mfa_methods != nil put_request("/v1/b2b/organizations/#{organization_id}", request, headers) end # Deletes an Organization specified by `organization_id`. All Members of the Organization will also be deleted. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -447,20 +446,20 @@ def update( # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +DeleteRequestOptions+ object which will modify the headers sent in the HTTP request. def delete( - organization_id:, + organization_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil delete_request("/v1/b2b/organizations/#{organization_id}", headers) end # Search for Organizations. If you send a request with no body params, no filtering will be applied and the endpoint will return all Organizations. All fuzzy search filters require a minimum of three characters. - # + # # == Parameters: # cursor:: # The `cursor` field allows you to paginate through your results. Each result array is limited to 1000 results. If your query returns more than 1000 results, you will need to paginate the responses using the `cursor`. If you receive a response that includes a non-null `next_cursor` in the `results_metadata` object, repeat the search call with the `next_cursor` value set to the `cursor` field to retrieve the next page of results. Continue to make search calls until the `next_cursor` in the response is null. @@ -471,7 +470,7 @@ def delete( # query:: # The optional query object contains the operator, i.e. `AND` or `OR`, and the operands that will filter your results. Only an operator is required. If you include no operands, no filtering will be applied. If you include no query object, it will return all Organizations with no filtering applied. # The type of this field is nilable +SearchQuery+ (+object+). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -492,23 +491,27 @@ def search( query: nil ) headers = {} - request = {} - request[:cursor] = cursor unless cursor.nil? - request[:limit] = limit unless limit.nil? - request[:query] = query unless query.nil? + request = { + } + request[:cursor] = cursor if cursor != nil + request[:limit] = limit if limit != nil + request[:query] = query if query != nil - post_request('/v1/b2b/organizations/search', request, headers) + post_request("/v1/b2b/organizations/search", request, headers) end def metrics( - organization_id: + organization_id: ) headers = {} - query_params = {} + query_params = { + } request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/metrics", query_params) get_request(request, headers) end + + class Members include Stytch::RequestHelper attr_reader :oauth_providers @@ -520,19 +523,19 @@ def initialize(connection) end # Updates a Member specified by `organization_id` and `member_id`. - # + # # Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in # a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the # Member Session has the necessary permissions. The specific permissions needed depend on which of the optional fields # are passed in the request. For example, if the `organization_name` argument is provided, the Member Session must have # permission to perform the `update.info.name` action on the `stytch.organization` Resource. - # + # # If the Member Session does not contain a Role that satisfies the requested permissions, or if the Member's Organization # does not match the `organization_id` passed in the request, a 403 error will be thrown. Otherwise, the request will # proceed as normal. - # + # # To learn more about our RBAC implementation, see our [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/overview). - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -542,46 +545,46 @@ def initialize(connection) # The type of this field is +String+. # name:: # The name of the Member. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.name` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.name` action on the `stytch.self` Resource. # The type of this field is nilable +String+. # trusted_metadata:: # An arbitrary JSON object for storing application-specific data or identity-provider-specific data. - # If a session header is passed into the request, this field may **not** be passed into the request. You cannot + # If a session header is passed into the request, this field may **not** be passed into the request. You cannot # update trusted metadata when acting as a Member. # The type of this field is nilable +object+. # untrusted_metadata:: # An arbitrary JSON object of application-specific data. These fields can be edited directly by the # frontend SDK, and should not be used to store critical information. See the [Metadata resource](https://stytch.com/docs/b2b/api/metadata) # for complete field behavior details. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.untrusted-metadata` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.untrusted-metadata` action on the `stytch.self` Resource. # The type of this field is nilable +object+. # is_breakglass:: # Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](organization-object) and its `auth_methods` and `allowed_auth_methods` fields for more details. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.is-breakglass` action on the `stytch.member` Resource. # The type of this field is nilable +Boolean+. # mfa_phone_number:: # Sets the Member's phone number. Throws an error if the Member already has a phone number. To change the Member's phone number, use the [Delete member phone number endpoint](https://stytch.com/docs/b2b/api/delete-member-mfa-phone-number) to delete the Member's existing phone number first. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.mfa-phone` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.mfa-phone` action on the `stytch.self` Resource. # The type of this field is nilable +String+. # mfa_enrolled:: # Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.mfa-enrolled` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.mfa-enrolled` action on the `stytch.self` Resource. # The type of this field is nilable +Boolean+. # roles:: # Roles to explicitly assign to this Member. # Will completely replace any existing explicitly assigned roles. See the # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment. - # + # # If a Role is removed from a Member, and the Member is also implicitly assigned this Role from an SSO connection # or an SSO group, we will by default revoke any existing sessions for the Member that contain any SSO # authentication factors with the affected connection ID. You can preserve these sessions by passing in the # `preserve_existing_sessions` parameter with a value of `true`. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.roles` action on the `stytch.member` Resource. # The type of this field is nilable list of +String+. # preserve_existing_sessions:: @@ -591,17 +594,17 @@ def initialize(connection) # The type of this field is nilable +Boolean+. # default_mfa_method:: # Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.default-mfa-method` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.default-mfa-method` action on the `stytch.self` Resource. # The type of this field is nilable +String+. # email_address:: # Updates the Member's `email_address`, if provided. # If a Member's email address is changed, other Members in the same Organization cannot use the old email address, although the Member may update back to their old email address. # A Member's email address can only be useable again by other Members if the Member is deleted. - # + # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.email` action on the `stytch.member` Resource. Members cannot update their own email address. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -619,12 +622,12 @@ def initialize(connection) # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +UpdateRequestOptions+ object which will modify the headers sent in the HTTP request. def update( - organization_id:, - member_id:, + organization_id: , + member_id: , name: nil, trusted_metadata: nil, untrusted_metadata: nil, @@ -638,24 +641,25 @@ def update( method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - request = {} - request[:name] = name unless name.nil? - request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? - request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil? - request[:is_breakglass] = is_breakglass unless is_breakglass.nil? - request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil? - request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil? - request[:roles] = roles unless roles.nil? - request[:preserve_existing_sessions] = preserve_existing_sessions unless preserve_existing_sessions.nil? - request[:default_mfa_method] = default_mfa_method unless default_mfa_method.nil? - request[:email_address] = email_address unless email_address.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil + request = { + } + request[:name] = name if name != nil + request[:trusted_metadata] = trusted_metadata if trusted_metadata != nil + request[:untrusted_metadata] = untrusted_metadata if untrusted_metadata != nil + request[:is_breakglass] = is_breakglass if is_breakglass != nil + request[:mfa_phone_number] = mfa_phone_number if mfa_phone_number != nil + request[:mfa_enrolled] = mfa_enrolled if mfa_enrolled != nil + request[:roles] = roles if roles != nil + request[:preserve_existing_sessions] = preserve_existing_sessions if preserve_existing_sessions != nil + request[:default_mfa_method] = default_mfa_method if default_mfa_method != nil + request[:email_address] = email_address if email_address != nil put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", request, headers) end # Deletes a Member specified by `organization_id` and `member_id`. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -663,7 +667,7 @@ def update( # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -675,21 +679,21 @@ def update( # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +DeleteRequestOptions+ object which will modify the headers sent in the HTTP request. def delete( - organization_id:, - member_id:, + organization_id: , + member_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", headers) end # Reactivates a deleted Member's status and its associated email status (if applicable) to active, specified by `organization_id` and `member_id`. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -697,7 +701,7 @@ def delete( # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -715,30 +719,31 @@ def delete( # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +ReactivateRequestOptions+ object which will modify the headers sent in the HTTP request. def reactivate( - organization_id:, - member_id:, + organization_id: , + member_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - request = {} + headers = headers.merge(method_options.to_headers) if method_options != nil + request = { + } put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/reactivate", request, headers) end - # Delete a Member's MFA phone number. - # + # Delete a Member's MFA phone number. + # # To change a Member's phone number, you must first call this endpoint to delete the existing phone number. - # + # # Existing Member Sessions that include a phone number authentication factor will not be revoked if the phone number is deleted, and MFA will not be enforced until the Member logs in again. # If you wish to enforce MFA immediately after a phone number is deleted, you can do so by prompting the Member to enter a new phone number # and calling the [OTP SMS send](https://stytch.com/docs/b2b/api/otp-sms-send) endpoint, then calling the [OTP SMS Authenticate](https://stytch.com/docs/b2b/api/authenticate-otp-sms) endpoint. # /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -746,7 +751,7 @@ def reactivate( # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -764,45 +769,45 @@ def reactivate( # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +DeleteMFAPhoneNumberRequestOptions+ object which will modify the headers sent in the HTTP request. def delete_mfa_phone_number( - organization_id:, - member_id:, + organization_id: , + member_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil delete_request("/v1/b2b/organizations/#{organization_id}/members/mfa_phone_numbers/#{member_id}", headers) end def delete_totp( - organization_id:, - member_id:, + organization_id: , + member_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/totp", headers) end # Search for Members within specified Organizations. An array with at least one `organization_id` is required. Submitting an empty `query` returns all non-deleted Members within the specified Organizations. - # + # # *All fuzzy search filters require a minimum of three characters. - # + # # Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in # a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the # Member Session has permission to perform the `search` action on the `stytch.member` Resource. In addition, enforcing # RBAC on this endpoint means that you may only search for Members within the calling Member's Organization, so the # `organization_ids` argument may only contain the `organization_id` of the Member Session passed in the header. - # + # # If the Member Session does not contain a Role that satisfies the requested permission, or if the `organization_ids` # argument contains an `organization_id` that the Member Session does not belong to, a 403 error will be thrown. # Otherwise, the request will proceed as normal. - # + # # To learn more about our RBAC implementation, see our [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/overview). - # + # # == Parameters: # organization_ids:: # An array of organization_ids. At least one value is required. @@ -816,7 +821,7 @@ def delete_totp( # query:: # The optional query object contains the operator, i.e. `AND` or `OR`, and the operands that will filter your results. Only an operator is required. If you include no operands, no filtering will be applied. If you include no query object, it will return all Members with no filtering applied. # The type of this field is nilable +SearchQuery+ (+object+). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -834,30 +839,30 @@ def delete_totp( # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +SearchRequestOptions+ object which will modify the headers sent in the HTTP request. def search( - organization_ids:, + organization_ids: , cursor: nil, limit: nil, query: nil, method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil request = { organization_ids: organization_ids } - request[:cursor] = cursor unless cursor.nil? - request[:limit] = limit unless limit.nil? - request[:query] = query unless query.nil? + request[:cursor] = cursor if cursor != nil + request[:limit] = limit if limit != nil + request[:query] = query if query != nil - post_request('/v1/b2b/organizations/members/search', request, headers) + post_request("/v1/b2b/organizations/members/search", request, headers) end # Delete a Member's password. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -865,7 +870,7 @@ def search( # member_password_id:: # Globally unique UUID that identifies a Member's password. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -883,26 +888,26 @@ def search( # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +DeletePasswordRequestOptions+ object which will modify the headers sent in the HTTP request. def delete_password( - organization_id:, - member_password_id:, + organization_id: , + member_password_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil delete_request("/v1/b2b/organizations/#{organization_id}/members/passwords/#{member_password_id}", headers) end # Get a Member by `member_id`. This endpoint does not require an `organization_id`, enabling you to get members across organizations. This is a dangerous operation. Incorrect use may open you up to indirect object reference (IDOR) attacks. We recommend using the [Get Member](https://stytch.com/docs/b2b/api/get-member) API instead. - # + # # == Parameters: # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -921,16 +926,17 @@ def delete_password( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def dangerously_get( - member_id: + member_id: ) headers = {} - query_params = {} + query_params = { + } request = request_with_query_params("/v1/b2b/organizations/members/dangerously_get/#{member_id}", query_params) get_request(request, headers) end # Creates a Member. An `organization_id` and `email_address` are required. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -965,7 +971,7 @@ def dangerously_get( # Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) # for more information about role assignment. # The type of this field is nilable list of +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -983,12 +989,12 @@ def dangerously_get( # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +CreateRequestOptions+ object which will modify the headers sent in the HTTP request. def create( - organization_id:, - email_address:, + organization_id: , + email_address: , name: nil, trusted_metadata: nil, untrusted_metadata: nil, @@ -1000,24 +1006,24 @@ def create( method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil request = { email_address: email_address } - request[:name] = name unless name.nil? - request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? - request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil? - request[:create_member_as_pending] = create_member_as_pending unless create_member_as_pending.nil? - request[:is_breakglass] = is_breakglass unless is_breakglass.nil? - request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil? - request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil? - request[:roles] = roles unless roles.nil? + request[:name] = name if name != nil + request[:trusted_metadata] = trusted_metadata if trusted_metadata != nil + request[:untrusted_metadata] = untrusted_metadata if untrusted_metadata != nil + request[:create_member_as_pending] = create_member_as_pending if create_member_as_pending != nil + request[:is_breakglass] = is_breakglass if is_breakglass != nil + request[:mfa_phone_number] = mfa_phone_number if mfa_phone_number != nil + request[:mfa_enrolled] = mfa_enrolled if mfa_enrolled != nil + request[:roles] = roles if roles != nil post_request("/v1/b2b/organizations/#{organization_id}/members", request, headers) end # Get a Member by `member_id` or `email_address`. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -1028,7 +1034,7 @@ def create( # email_address:: # The email address of the Member. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -1047,7 +1053,7 @@ def create( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def get( - organization_id:, + organization_id: , member_id: nil, email_address: nil ) @@ -1060,21 +1066,24 @@ def get( get_request(request, headers) end + + class OAuthProviders include Stytch::RequestHelper def initialize(connection) @connection = connection + end - # Retrieve the saved Google access token and ID token for a member. After a successful OAuth login, Stytch will save the - # issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch will refresh the + # Retrieve the saved Google access token and ID token for a member. After a successful OAuth login, Stytch will save the + # issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch will refresh the # access token automatically. - # + # # __Note:__ Google does not issue a refresh token on every login, and refresh tokens may expire if unused. # To force a refresh token to be issued, pass the `?provider_prompt=consent` query param into the # [Start Google OAuth flow](https://stytch.com/docs/b2b/api/oauth-google-start) endpoint. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -1085,7 +1094,7 @@ def initialize(connection) # include_refresh_token:: # Whether to return the refresh token Stytch has stored for the OAuth Provider. Defaults to false. **Important:** If your application exchanges the refresh token, Stytch may not be able to automatically refresh access tokens in the future. # The type of this field is nilable +Boolean+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -1116,8 +1125,8 @@ def initialize(connection) # The `refresh_token` that you may use to obtain a new `access_token` for the User within the provider's API. # The type of this field is nilable +String+. def google( - organization_id:, - member_id:, + organization_id: , + member_id: , include_refresh_token: nil ) headers = {} @@ -1131,7 +1140,7 @@ def google( # Retrieve the saved Microsoft access token and ID token for a member. After a successful OAuth login, Stytch will save the # issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch will refresh the # access token automatically. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -1142,7 +1151,7 @@ def google( # include_refresh_token:: # Whether to return the refresh token Stytch has stored for the OAuth Provider. Defaults to false. **Important:** If your application exchanges the refresh token, Stytch may not be able to automatically refresh access tokens in the future. # The type of this field is nilable +Boolean+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -1173,8 +1182,8 @@ def google( # The `refresh_token` that you may use to obtain a new `access_token` for the User within the provider's API. # The type of this field is nilable +String+. def microsoft( - organization_id:, - member_id:, + organization_id: , + member_id: , include_refresh_token: nil ) headers = {} @@ -1184,7 +1193,10 @@ def microsoft( request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/oauth_providers/microsoft", query_params) get_request(request, headers) end + + + end end end -end +end \ No newline at end of file diff --git a/lib/stytch/b2b_otp.rb b/lib/stytch/b2b_otp.rb index 5bd841a..3545643 100644 --- a/lib/stytch/b2b_otp.rb +++ b/lib/stytch/b2b_otp.rb @@ -9,6 +9,7 @@ require_relative 'request_helper' module StytchB2B + class OTPs include Stytch::RequestHelper attr_reader :sms @@ -19,33 +20,36 @@ def initialize(connection) @sms = StytchB2B::OTPs::Sms.new(@connection) end + + class Sms include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Send a One-Time Passcode (OTP) to a Member's phone number. - # + # # If the Member already has a phone number, the `mfa_phone_number` field is not needed; the endpoint will send an OTP to the number associated with the Member. # If the Member does not have a phone number, the endpoint will send an OTP to the `mfa_phone_number` provided and link the `mfa_phone_number` with the Member. - # + # # An error will be thrown if the Member already has a phone number and the provided `mfa_phone_number` does not match the existing one. - # + # # Note that sending another OTP code before the first has expired will invalidate the first code. - # + # # If a Member has a phone number and is enrolled in MFA, then after a successful primary authentication event (e.g. [email magic link](https://stytch.com/docs/b2b/api/authenticate-magic-link) or [SSO](https://stytch.com/docs/b2b/api/sso-authenticate) login is complete), an SMS OTP will automatically be sent to their phone number. In that case, this endpoint should only be used for subsequent authentication events, such as prompting a Member for an OTP again after a period of inactivity. - # + # # Passing an intermediate session token, session token, or session JWT is not required, but if passed must match the Member ID passed. - # + # # ### Cost to send SMS OTP # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview). - # + # # Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries). - # + # # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS). - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -58,11 +62,11 @@ def initialize(connection) # The type of this field is nilable +String+. # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +SendRequestLocale+ (string enum). # intermediate_session_token:: # The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. @@ -73,7 +77,7 @@ def initialize(connection) # session_jwt:: # The JSON Web Token (JWT) for a given Stytch Session. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -92,8 +96,8 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def send( - organization_id:, - member_id:, + organization_id: , + member_id: , mfa_phone_number: nil, locale: nil, intermediate_session_token: nil, @@ -105,32 +109,32 @@ def send( organization_id: organization_id, member_id: member_id } - request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil? - request[:locale] = locale unless locale.nil? - request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? + request[:mfa_phone_number] = mfa_phone_number if mfa_phone_number != nil + request[:locale] = locale if locale != nil + request[:intermediate_session_token] = intermediate_session_token if intermediate_session_token != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil - post_request('/v1/b2b/otps/sms/send', request, headers) + post_request("/v1/b2b/otps/sms/send", request, headers) end # SMS OTPs may not be used as a primary authentication mechanism. They can be used to complete an MFA requirement, or they can be used as a step-up factor to be added to an existing session. - # + # # This endpoint verifies that the one-time passcode (OTP) is valid and hasn't expired or been previously used. A given Member may only have a single active OTP code at any given time. If a Member requests another OTP code before the first one has expired, the first one will be invalidated. - # + # # Exactly one of `intermediate_session_token`, `session_token`, or `session_jwt` must be provided in the request. # If an intermediate session token is provided, this operation will consume it. - # + # # Intermediate session tokens are generated upon successful calls to primary authenticate methods in the case where MFA is required, # such as [email magic link authenticate](https://stytch.com/docs/b2b/api/authenticate-magic-link), # or upon successful calls to discovery authenticate methods, such as [email magic link discovery authenticate](https://stytch.com/docs/b2b/api/authenticate-discovery-magic-link). - # + # # If the Organization's MFA policy is `REQUIRED_FOR_ALL`, a successful OTP authentication will change the Member's `mfa_enrolled` status to `true` if it is not already `true`. # If the Organization's MFA policy is `OPTIONAL`, the Member's MFA enrollment can be toggled by passing in a value for the `set_mfa_enrollment` field. # The Member's MFA enrollment can also be toggled through the [Update Member](https://stytch.com/docs/b2b/api/update-member) endpoint. - # + # # Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a duration of 60 minutes. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -151,14 +155,14 @@ def send( # The JSON Web Token (JWT) for a given Stytch Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -170,16 +174,16 @@ def send( # The type of this field is nilable +object+. # set_mfa_enrollment:: # Optionally sets the Member’s MFA enrollment status upon a successful authentication. If the Organization’s MFA policy is `REQUIRED_FOR_ALL`, this field will be ignored. If this field is not passed in, the Member’s `mfa_enrolled` boolean will not be affected. The options are: - # + # # `enroll` – sets the Member's `mfa_enrolled` boolean to `true`. The Member will be required to complete an MFA step upon subsequent logins to the Organization. - # + # # `unenroll` – sets the Member's `mfa_enrolled` boolean to `false`. The Member will no longer be required to complete MFA steps when logging in to the Organization. - # + # # The type of this field is nilable +String+. # set_default_mfa:: # (no documentation yet) # The type of this field is nilable +Boolean+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -207,9 +211,9 @@ def send( # The [Session object](https://stytch.com/docs/b2b/api/session-object). # The type of this field is nilable +MemberSession+ (+object+). def authenticate( - organization_id:, - member_id:, - code:, + organization_id: , + member_id: , + code: , intermediate_session_token: nil, session_token: nil, session_jwt: nil, @@ -224,16 +228,19 @@ def authenticate( member_id: member_id, code: code } - request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:set_mfa_enrollment] = set_mfa_enrollment unless set_mfa_enrollment.nil? - request[:set_default_mfa] = set_default_mfa unless set_default_mfa.nil? - - post_request('/v1/b2b/otps/sms/authenticate', request, headers) + request[:intermediate_session_token] = intermediate_session_token if intermediate_session_token != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:set_mfa_enrollment] = set_mfa_enrollment if set_mfa_enrollment != nil + request[:set_default_mfa] = set_default_mfa if set_default_mfa != nil + + post_request("/v1/b2b/otps/sms/authenticate", request, headers) end + + + end end -end +end \ No newline at end of file diff --git a/lib/stytch/b2b_passwords.rb b/lib/stytch/b2b_passwords.rb index 558a377..94c5c6b 100644 --- a/lib/stytch/b2b_passwords.rb +++ b/lib/stytch/b2b_passwords.rb @@ -9,6 +9,7 @@ require_relative 'request_helper' module StytchB2B + class Passwords include Stytch::RequestHelper attr_reader :email, :sessions, :existing_password @@ -22,16 +23,16 @@ def initialize(connection) end # This API allows you to check whether the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password. - # + # # This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config). - # + # # ## Password feedback # The zxcvbn_feedback and luds_feedback objects contains relevant fields for you to relay feedback to users that failed to create a strong enough password. - # + # # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the feedback object will contain warning and suggestions for any password that does not meet the [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) strength requirements. You can return these strings directly to the user to help them craft a strong password. - # + # # If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), the feedback object will contain a collection of fields that the user failed or passed. You'll want to prompt the user to create a password that meets all requirements that they failed. - # + # # == Parameters: # password:: # The password to authenticate. @@ -39,16 +40,16 @@ def initialize(connection) # email_address:: # The email address of the Member. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # valid_password:: - # Returns `true` if the password passes our password validation. We offer two validation options, - # [zxcvbn](https://stytch.com/docs/passwords#strength-requirements) is the default option which offers a high level of sophistication. - # We also offer [LUDS](https://stytch.com/docs/passwords#strength-requirements). If an email address is included in the call we also + # Returns `true` if the password passes our password validation. We offer two validation options, + # [zxcvbn](https://stytch.com/docs/passwords#strength-requirements) is the default option which offers a high level of sophistication. + # We also offer [LUDS](https://stytch.com/docs/passwords#strength-requirements). If an email address is included in the call we also # require that the password hasn't been compromised using built-in breach detection powered by [HaveIBeenPwned](https://haveibeenpwned.com/) # The type of this field is +Boolean+. # score:: @@ -61,8 +62,8 @@ def initialize(connection) # The strength policy type enforced, either `zxcvbn` or `luds`. # The type of this field is +String+. # breach_detection_on_create:: - # Will return `true` if breach detection will be evaluated. By default this option is enabled. - # This option can be disabled by contacting [support@stytch.com](mailto:support@stytch.com?subject=Password%20strength%20configuration). + # Will return `true` if breach detection will be evaluated. By default this option is enabled. + # This option can be disabled by contacting [support@stytch.com](mailto:support@stytch.com?subject=Password%20strength%20configuration). # If this value is false then `breached_password` will always be `false` as well. # The type of this field is +Boolean+. # status_code:: @@ -75,20 +76,20 @@ def initialize(connection) # Feedback for how to improve the password's strength using [zxcvbn](https://stytch.com/docs/passwords#strength-requirements). # The type of this field is nilable +ZxcvbnFeedback+ (+object+). def strength_check( - password:, + password: , email_address: nil ) headers = {} request = { password: password } - request[:email_address] = email_address unless email_address.nil? + request[:email_address] = email_address if email_address != nil - post_request('/v1/b2b/passwords/strength_check', request, headers) + post_request("/v1/b2b/passwords/strength_check", request, headers) end # Adds an existing password to a member's email that doesn't have a password yet. We support migrating members from passwords stored with bcrypt, scrypt, argon2, MD-5, SHA-1, and PBKDF2. This endpoint has a rate limit of 100 requests per second. - # + # # == Parameters: # email_address:: # The email address of the Member. @@ -132,7 +133,7 @@ def strength_check( # Roles to explicitly assign to this Member. # Will completely replace any existing explicitly assigned roles. See the # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment. - # + # # If a Role is removed from a Member, and the Member is also implicitly assigned this Role from an SSO connection # or an SSO group, we will by default revoke any existing sessions for the Member that contain any SSO # authentication factors with the affected connection ID. You can preserve these sessions by passing in the @@ -143,7 +144,7 @@ def strength_check( # by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO # authentication factors with the affected SSO connection IDs will be revoked. # The type of this field is nilable +Boolean+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -165,10 +166,10 @@ def strength_check( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def migrate( - email_address:, - hash:, - hash_type:, - organization_id:, + email_address: , + hash: , + hash_type: , + organization_id: , md_5_config: nil, argon_2_config: nil, sha_1_config: nil, @@ -187,30 +188,30 @@ def migrate( hash_type: hash_type, organization_id: organization_id } - request[:md_5_config] = md_5_config unless md_5_config.nil? - request[:argon_2_config] = argon_2_config unless argon_2_config.nil? - request[:sha_1_config] = sha_1_config unless sha_1_config.nil? - request[:scrypt_config] = scrypt_config unless scrypt_config.nil? - request[:pbkdf_2_config] = pbkdf_2_config unless pbkdf_2_config.nil? - request[:name] = name unless name.nil? - request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? - request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil? - request[:roles] = roles unless roles.nil? - request[:preserve_existing_sessions] = preserve_existing_sessions unless preserve_existing_sessions.nil? - - post_request('/v1/b2b/passwords/migrate', request, headers) + request[:md_5_config] = md_5_config if md_5_config != nil + request[:argon_2_config] = argon_2_config if argon_2_config != nil + request[:sha_1_config] = sha_1_config if sha_1_config != nil + request[:scrypt_config] = scrypt_config if scrypt_config != nil + request[:pbkdf_2_config] = pbkdf_2_config if pbkdf_2_config != nil + request[:name] = name if name != nil + request[:trusted_metadata] = trusted_metadata if trusted_metadata != nil + request[:untrusted_metadata] = untrusted_metadata if untrusted_metadata != nil + request[:roles] = roles if roles != nil + request[:preserve_existing_sessions] = preserve_existing_sessions if preserve_existing_sessions != nil + + post_request("/v1/b2b/passwords/migrate", request, headers) end # Authenticate a member with their email address and password. This endpoint verifies that the member has a password currently set, and that the entered password is correct. - # + # # If you have breach detection during authentication enabled in your [password strength policy](https://stytch.com/docs/b2b/guides/passwords/strength-policies) and the member's credentials have appeared in the HaveIBeenPwned dataset, this endpoint will return a `member_reset_password` error even if the member enters a correct password. We force a password reset in this case to ensure that the member is the legitimate owner of the email address and not a malicious actor abusing the compromised credentials. - # + # # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. - # + # # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -225,14 +226,14 @@ def migrate( # A secret token for a given Stytch Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -247,18 +248,18 @@ def migrate( # The type of this field is nilable +object+. # locale:: # If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. - # + # # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +AuthenticateRequestLocale+ (string enum). # intermediate_session_token:: # Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -298,9 +299,9 @@ def migrate( # Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA. # The type of this field is nilable +MfaRequired+ (+object+). def authenticate( - organization_id:, - email_address:, - password:, + organization_id: , + email_address: , + password: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -314,31 +315,34 @@ def authenticate( email_address: email_address, password: password } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:locale] = locale unless locale.nil? - request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil? - - post_request('/v1/b2b/passwords/authenticate', request, headers) + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:locale] = locale if locale != nil + request[:intermediate_session_token] = intermediate_session_token if intermediate_session_token != nil + + post_request("/v1/b2b/passwords/authenticate", request, headers) end + + class Email include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Initiates a password reset for the email address provided. This will trigger an email to be sent to the address, containing a magic link that will allow them to set a new password and authenticate. - # + # # This endpoint adapts to your Project's password strength configuration. # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are # considered valid if they meet the requirements that you've set with Stytch. # You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config). - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -347,8 +351,8 @@ def initialize(connection) # The email address of the Member to start the email reset process for. # The type of this field is +String+. # reset_password_redirect_url:: - # The URL that the Member clicks from the reset password link. This URL should be an endpoint in the backend server that verifies the request by querying - # Stytch's authenticate endpoint and finishes the reset password flow. If this value is not passed, the default `reset_password_redirect_url` that you set in your Dashboard is used. + # The URL that the Member clicks from the reset password link. This URL should be an endpoint in the backend server that verifies the request by querying + # Stytch's authenticate endpoint and finishes the reset password flow. If this value is not passed, the default `reset_password_redirect_url` that you set in your Dashboard is used. # If you have not set a default `reset_password_redirect_url`, an error is returned. # The type of this field is nilable +String+. # reset_password_expiration_minutes:: @@ -358,23 +362,23 @@ def initialize(connection) # A base64url encoded SHA256 hash of a one time secret used to validate that the request starts and ends on the same device. # The type of this field is nilable +String+. # login_redirect_url:: - # The URL that the member clicks from the reset without password link. This URL should be an endpoint in the backend server - # that verifies the request by querying Stytch's authenticate endpoint and finishes the magic link flow. If this value is not passed, the - # default `login_redirect_url` that you set in your Dashboard is used. This value is only used if magic links are enabled for the member. If + # The URL that the member clicks from the reset without password link. This URL should be an endpoint in the backend server + # that verifies the request by querying Stytch's authenticate endpoint and finishes the magic link flow. If this value is not passed, the + # default `login_redirect_url` that you set in your Dashboard is used. This value is only used if magic links are enabled for the member. If # you have not set a default `login_redirect_url` and magic links are not enabled for the member, an error is returned. # The type of this field is nilable +String+. # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +ResetStartRequestLocale+ (string enum). # reset_password_template_id:: # Use a custom template for reset password emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic Links - Reset Password. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -393,8 +397,8 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def reset_start( - organization_id:, - email_address:, + organization_id: , + email_address: , reset_password_redirect_url: nil, reset_password_expiration_minutes: nil, code_challenge: nil, @@ -407,26 +411,26 @@ def reset_start( organization_id: organization_id, email_address: email_address } - request[:reset_password_redirect_url] = reset_password_redirect_url unless reset_password_redirect_url.nil? - request[:reset_password_expiration_minutes] = reset_password_expiration_minutes unless reset_password_expiration_minutes.nil? - request[:code_challenge] = code_challenge unless code_challenge.nil? - request[:login_redirect_url] = login_redirect_url unless login_redirect_url.nil? - request[:locale] = locale unless locale.nil? - request[:reset_password_template_id] = reset_password_template_id unless reset_password_template_id.nil? - - post_request('/v1/b2b/passwords/email/reset/start', request, headers) + request[:reset_password_redirect_url] = reset_password_redirect_url if reset_password_redirect_url != nil + request[:reset_password_expiration_minutes] = reset_password_expiration_minutes if reset_password_expiration_minutes != nil + request[:code_challenge] = code_challenge if code_challenge != nil + request[:login_redirect_url] = login_redirect_url if login_redirect_url != nil + request[:locale] = locale if locale != nil + request[:reset_password_template_id] = reset_password_template_id if reset_password_template_id != nil + + post_request("/v1/b2b/passwords/email/reset/start", request, headers) end # Reset the member's password and authenticate them. This endpoint checks that the password reset token is valid, hasn’t expired, or already been used. - # + # # The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated. - # + # # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. - # + # # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step. - # + # # == Parameters: # password_reset_token:: # The password reset token to authenticate. @@ -440,14 +444,14 @@ def reset_start( # both `session_token` and `session_jwt` are provided. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -467,18 +471,18 @@ def reset_start( # The type of this field is nilable +object+. # locale:: # If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. - # + # # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +ResetRequestLocale+ (string enum). # intermediate_session_token:: # Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -521,8 +525,8 @@ def reset_start( # Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA. # The type of this field is nilable +MfaRequired+ (+object+). def reset( - password_reset_token:, - password:, + password_reset_token: , + password: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -536,27 +540,30 @@ def reset( password_reset_token: password_reset_token, password: password } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:code_verifier] = code_verifier unless code_verifier.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:locale] = locale unless locale.nil? - request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil? - - post_request('/v1/b2b/passwords/email/reset', request, headers) + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:code_verifier] = code_verifier if code_verifier != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:locale] = locale if locale != nil + request[:intermediate_session_token] = intermediate_session_token if intermediate_session_token != nil + + post_request("/v1/b2b/passwords/email/reset", request, headers) end - end + + + end class Sessions include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Reset the Member's password using their existing session. The endpoint will error if the session does not contain an authentication factor that has been issued within the last 5 minutes. Either `session_token` or `session_jwt` should be provided. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -571,14 +578,14 @@ def initialize(connection) # The JSON Web Token (JWT) for a given Stytch Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -590,13 +597,13 @@ def initialize(connection) # The type of this field is nilable +object+. # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +ResetRequestLocale+ (string enum). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -633,8 +640,8 @@ def initialize(connection) # Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA. # The type of this field is nilable +MfaRequired+ (+object+). def reset( - organization_id:, - password:, + organization_id: , + password: , session_token: nil, session_jwt: nil, session_duration_minutes: nil, @@ -646,37 +653,40 @@ def reset( organization_id: organization_id, password: password } - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:locale] = locale unless locale.nil? + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:locale] = locale if locale != nil - post_request('/v1/b2b/passwords/session/reset', request, headers) + post_request("/v1/b2b/passwords/session/reset", request, headers) end - end + + + end class ExistingPassword include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Reset the member’s password using their existing password. - # + # # This endpoint adapts to your Project's password strength configuration. # If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid # if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are # considered valid if they meet the requirements that you've set with Stytch. # You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config). - # + # # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. - # + # # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step. - # + # # == Parameters: # email_address:: # The email address of the Member. @@ -694,14 +704,14 @@ def initialize(connection) # A secret token for a given Stytch Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -716,15 +726,15 @@ def initialize(connection) # The type of this field is nilable +object+. # locale:: # If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. - # + # # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +ResetRequestLocale+ (string enum). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -761,10 +771,10 @@ def initialize(connection) # Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA. # The type of this field is nilable +MfaRequired+ (+object+). def reset( - email_address:, - existing_password:, - new_password:, - organization_id:, + email_address: , + existing_password: , + new_password: , + organization_id: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -778,14 +788,17 @@ def reset( new_password: new_password, organization_id: organization_id } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:locale] = locale unless locale.nil? + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:locale] = locale if locale != nil - post_request('/v1/b2b/passwords/existing_password/reset', request, headers) + post_request("/v1/b2b/passwords/existing_password/reset", request, headers) end + + + end end -end +end \ No newline at end of file diff --git a/lib/stytch/b2b_rbac.rb b/lib/stytch/b2b_rbac.rb index 6d23b2b..db498f2 100644 --- a/lib/stytch/b2b_rbac.rb +++ b/lib/stytch/b2b_rbac.rb @@ -9,23 +9,25 @@ require_relative 'request_helper' module StytchB2B + class RBAC include Stytch::RequestHelper def initialize(connection) @connection = connection + end - # Get the active RBAC Policy for your current Stytch Project. An RBAC Policy is the canonical document that stores all defined Resources and Roles within your RBAC permissioning model. - # + # Get the active RBAC Policy for your current Stytch Project. An RBAC Policy is the canonical document that stores all defined Resources and Roles within your RBAC permissioning model. + # # When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating the need for an extra request to Stytch. The policy will be refreshed if an authorization check is requested and the RBAC policy was last updated more than 5 minutes ago. - # + # # Resources and Roles can be created and managed within the [Dashboard](/dashboard/rbac). Additionally, [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically managed through certain Stytch API endpoints. - # + # # Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about Stytch's RBAC permissioning model. - # + # # == Parameters: - # + # # == Returns: # An object with the following fields: # request_id:: @@ -37,11 +39,16 @@ def initialize(connection) # policy:: # The RBAC Policy document that contains all defined Roles and Resources – which are managed in the [Dashboard](/dashboard/rbac). Read more about these entities and how they work in our [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview). # The type of this field is nilable +Policy+ (+object+). - def policy + def policy( + ) headers = {} - query_params = {} - request = request_with_query_params('/v1/b2b/rbac/policy', query_params) + query_params = { + } + request = request_with_query_params("/v1/b2b/rbac/policy", query_params) get_request(request, headers) end + + + end -end +end \ No newline at end of file diff --git a/lib/stytch/b2b_recovery_codes.rb b/lib/stytch/b2b_recovery_codes.rb index 5d3f717..abed70b 100644 --- a/lib/stytch/b2b_recovery_codes.rb +++ b/lib/stytch/b2b_recovery_codes.rb @@ -9,15 +9,17 @@ require_relative 'request_helper' module StytchB2B + class RecoveryCodes include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Allows a Member to complete an MFA flow by consuming a recovery code. This consumes the recovery code and returns a session token that can be used to authenticate the Member. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -38,14 +40,14 @@ def initialize(connection) # The JSON Web Token (JWT) for a given Stytch Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -55,7 +57,7 @@ def initialize(connection) # delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. # Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -86,9 +88,9 @@ def initialize(connection) # The [Session object](https://stytch.com/docs/b2b/api/session-object). # The type of this field is nilable +MemberSession+ (+object+). def recover( - organization_id:, - member_id:, - recovery_code:, + organization_id: , + member_id: , + recovery_code: , intermediate_session_token: nil, session_token: nil, session_jwt: nil, @@ -101,17 +103,17 @@ def recover( member_id: member_id, recovery_code: recovery_code } - request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? + request[:intermediate_session_token] = intermediate_session_token if intermediate_session_token != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil - post_request('/v1/b2b/recovery_codes/recover', request, headers) + post_request("/v1/b2b/recovery_codes/recover", request, headers) end # Returns a Member's full set of active recovery codes. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -119,7 +121,7 @@ def recover( # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -141,17 +143,18 @@ def recover( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def get( - organization_id:, - member_id: + organization_id: , + member_id: ) headers = {} - query_params = {} + query_params = { + } request = request_with_query_params("/v1/b2b/recovery_codes/#{organization_id}/#{member_id}", query_params) get_request(request, headers) end # Rotate a Member's recovery codes. This invalidates all existing recovery codes and generates a new set of recovery codes. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -159,7 +162,7 @@ def get( # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -181,8 +184,8 @@ def get( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def rotate( - organization_id:, - member_id: + organization_id: , + member_id: ) headers = {} request = { @@ -190,7 +193,10 @@ def rotate( member_id: member_id } - post_request('/v1/b2b/recovery_codes/rotate', request, headers) + post_request("/v1/b2b/recovery_codes/rotate", request, headers) end + + + end -end +end \ No newline at end of file diff --git a/lib/stytch/b2b_scim.rb b/lib/stytch/b2b_scim.rb index fffda41..bba2388 100644 --- a/lib/stytch/b2b_scim.rb +++ b/lib/stytch/b2b_scim.rb @@ -9,6 +9,7 @@ require_relative 'request_helper' module StytchB2B + class SCIM include Stytch::RequestHelper attr_reader :connections @@ -19,15 +20,18 @@ def initialize(connection) @connections = StytchB2B::SCIM::Connections.new(@connection) end + + class Connections include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Update a SCIM Connection. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -44,7 +48,7 @@ def initialize(connection) # scim_group_implicit_role_assignments:: # (no documentation yet) # The type of this field is nilable list of +SCIMGroupImplicitRoleAssignments+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -56,29 +60,30 @@ def initialize(connection) # connection:: # The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details. # The type of this field is nilable +SCIMConnection+ (+object+). - # + # # == Method Options: # This method supports an optional +UpdateRequestOptions+ object which will modify the headers sent in the HTTP request. def update( - organization_id:, - connection_id:, + organization_id: , + connection_id: , display_name: nil, identity_provider: nil, scim_group_implicit_role_assignments: nil, method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - request = {} - request[:display_name] = display_name unless display_name.nil? - request[:identity_provider] = identity_provider unless identity_provider.nil? - request[:scim_group_implicit_role_assignments] = scim_group_implicit_role_assignments unless scim_group_implicit_role_assignments.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil + request = { + } + request[:display_name] = display_name if display_name != nil + request[:identity_provider] = identity_provider if identity_provider != nil + request[:scim_group_implicit_role_assignments] = scim_group_implicit_role_assignments if scim_group_implicit_role_assignments != nil put_request("/v1/b2b/scim/#{organization_id}/connections/#{connection_id}", request, headers) end # Deletes a SCIM Connection. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -86,7 +91,7 @@ def update( # connection_id:: # The ID of the SCIM connection. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -98,21 +103,21 @@ def update( # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +DeleteRequestOptions+ object which will modify the headers sent in the HTTP request. def delete( - organization_id:, - connection_id:, + organization_id: , + connection_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil delete_request("/v1/b2b/scim/#{organization_id}/connections/#{connection_id}", headers) end # Start a SCIM token rotation. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -120,7 +125,7 @@ def delete( # connection_id:: # The ID of the SCIM connection. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -132,23 +137,24 @@ def delete( # connection:: # The `SCIM Connection` object affected by this API call. See the [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object) for complete response field details. # The type of this field is nilable +SCIMConnectionWithNextToken+ (+object+). - # + # # == Method Options: # This method supports an optional +RotateStartRequestOptions+ object which will modify the headers sent in the HTTP request. def rotate_start( - organization_id:, - connection_id:, + organization_id: , + connection_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - request = {} + headers = headers.merge(method_options.to_headers) if method_options != nil + request = { + } post_request("/v1/b2b/scim/#{organization_id}/connections/#{connection_id}/rotate/start", request, headers) end # Completes a SCIM token rotation. This will complete the current token rotation process and update the active token to be the new token supplied in the [start SCIM token rotation](https://stytch.com/docs/b2b/api/scim-rotate-token-start) response. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -156,7 +162,7 @@ def rotate_start( # connection_id:: # The ID of the SCIM connection. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -168,23 +174,24 @@ def rotate_start( # connection:: # The `SCIM Connection` object affected by this API call. See the [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object) for complete response field details. # The type of this field is nilable +SCIMConnection+ (+object+). - # + # # == Method Options: # This method supports an optional +RotateCompleteRequestOptions+ object which will modify the headers sent in the HTTP request. def rotate_complete( - organization_id:, - connection_id:, + organization_id: , + connection_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - request = {} + headers = headers.merge(method_options.to_headers) if method_options != nil + request = { + } post_request("/v1/b2b/scim/#{organization_id}/connections/#{connection_id}/rotate/complete", request, headers) end # Cancel a SCIM token rotation. This will cancel the current token rotation process, keeping the original token active. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -192,7 +199,7 @@ def rotate_complete( # connection_id:: # The ID of the SCIM connection. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -204,23 +211,24 @@ def rotate_complete( # connection:: # The `SCIM Connection` object affected by this API call. See the [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object) for complete response field details. # The type of this field is nilable +SCIMConnection+ (+object+). - # + # # == Method Options: # This method supports an optional +RotateCancelRequestOptions+ object which will modify the headers sent in the HTTP request. def rotate_cancel( - organization_id:, - connection_id:, + organization_id: , + connection_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - request = {} + headers = headers.merge(method_options.to_headers) if method_options != nil + request = { + } post_request("/v1/b2b/scim/#{organization_id}/connections/#{connection_id}/rotate/cancel", request, headers) end # Create a new SCIM Connection. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -231,7 +239,7 @@ def rotate_cancel( # identity_provider:: # (no documentation yet) # The type of this field is nilable +CreateRequestIdp+ (string enum). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -243,31 +251,32 @@ def rotate_cancel( # connection:: # The `SCIM Connection` object affected by this API call. See the [SCIM Connection Object](https://stytch.com/docs/b2b/api/scim-connection-object) for complete response field details. # The type of this field is nilable +SCIMConnectionWithToken+ (+object+). - # + # # == Method Options: # This method supports an optional +CreateRequestOptions+ object which will modify the headers sent in the HTTP request. def create( - organization_id:, + organization_id: , display_name: nil, identity_provider: nil, method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - request = {} - request[:display_name] = display_name unless display_name.nil? - request[:identity_provider] = identity_provider unless identity_provider.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil + request = { + } + request[:display_name] = display_name if display_name != nil + request[:identity_provider] = identity_provider if identity_provider != nil post_request("/v1/b2b/scim/#{organization_id}/connections", request, headers) end # Get SCIM Connections. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -279,19 +288,23 @@ def create( # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +GetRequestOptions+ object which will modify the headers sent in the HTTP request. def get( - organization_id:, + organization_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - query_params = {} + headers = headers.merge(method_options.to_headers) if method_options != nil + query_params = { + } request = request_with_query_params("/v1/b2b/scim/#{organization_id}/connections", query_params) get_request(request, headers) end + + + end end -end +end \ No newline at end of file diff --git a/lib/stytch/b2b_sessions.rb b/lib/stytch/b2b_sessions.rb index a871a8d..116489f 100644 --- a/lib/stytch/b2b_sessions.rb +++ b/lib/stytch/b2b_sessions.rb @@ -12,6 +12,7 @@ require_relative 'request_helper' module StytchB2B + class Sessions include Stytch::RequestHelper @@ -35,7 +36,7 @@ def initialize(connection, project_id, policy_cache) end # Retrieves all active Sessions for a Member. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -43,7 +44,7 @@ def initialize(connection, project_id, policy_cache) # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -56,42 +57,42 @@ def initialize(connection, project_id, policy_cache) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def get( - organization_id:, - member_id: + organization_id: , + member_id: ) headers = {} query_params = { organization_id: organization_id, member_id: member_id } - request = request_with_query_params('/v1/b2b/sessions', query_params) + request = request_with_query_params("/v1/b2b/sessions", query_params) get_request(request, headers) end # Authenticates a Session and updates its lifetime by the specified `session_duration_minutes`. If the `session_duration_minutes` is not specified, a Session will not be extended. This endpoint requires either a `session_jwt` or `session_token` be included in the request. It will return an error if both are present. - # + # # You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid. - # + # # If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions. # In addition, the `organization_id` passed in the authorization check must match the Member's Organization. - # + # # If the Member is not authorized to perform the specified action on the specified Resource, or if the # `organization_id` does not match the Member's Organization, a 403 error will be thrown. # Otherwise, the response will contain a list of Roles that satisfied the authorization check. - # + # # == Parameters: # session_token:: # A secret token for a given Stytch Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -110,16 +111,16 @@ def get( # their Member Session contains a Role, assigned # [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions. # In addition, the `organization_id` passed in the authorization check must match the Member's Organization. - # + # # The Roles on the Member Session may differ from the Roles you see on the Member object - Roles that are implicitly # assigned by SSO connection or SSO group will only be valid for a Member Session if there is at least one authentication # factor on the Member Session from the specified SSO connection. - # + # # If the Member is not authorized to perform the specified action on the specified Resource, or if the # `organization_id` does not match the Member's Organization, a 403 error will be thrown. # Otherwise, the response will contain a list of Roles that satisfied the authorization check. # The type of this field is nilable +AuthorizationCheck+ (+object+). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -155,18 +156,19 @@ def authenticate( authorization_check: nil ) headers = {} - request = {} - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:authorization_check] = authorization_check unless authorization_check.nil? - - post_request('/v1/b2b/sessions/authenticate', request, headers) + request = { + } + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:authorization_check] = authorization_check if authorization_check != nil + + post_request("/v1/b2b/sessions/authenticate", request, headers) end # Revoke a Session and immediately invalidate all its tokens. To revoke a specific Session, pass either the `member_session_id`, `session_token`, or `session_jwt`. To revoke all Sessions for a Member, pass the `member_id`. - # + # # == Parameters: # member_session_id:: # Globally unique UUID that identifies a specific Session in the Stytch API. The `member_session_id` is critical to perform operations on an Session, so be sure to preserve this value. @@ -180,7 +182,7 @@ def authenticate( # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -196,28 +198,29 @@ def revoke( member_id: nil ) headers = {} - request = {} - request[:member_session_id] = member_session_id unless member_session_id.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:member_id] = member_id unless member_id.nil? + request = { + } + request[:member_session_id] = member_session_id if member_session_id != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:member_id] = member_id if member_id != nil - post_request('/v1/b2b/sessions/revoke', request, headers) + post_request("/v1/b2b/sessions/revoke", request, headers) end # Use this endpoint to exchange a Member's existing session for another session in a different Organization. This can be used to accept an invite, but not to create a new member via domain matching. - # + # # To create a new member via domain matching, use the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) flow instead. - # + # # Only Email Magic Link, OAuth, and SMS OTP factors can be transferred between sessions. Other authentication factors, such as password factors, will not be transferred to the new session. # Any OAuth Tokens owned by the Member will not be transferred to the new Organization. # SMS OTP factors can be used to fulfill MFA requirements for the target Organization if both the original and target Member have the same phone number and the phone number is verified for both Members. - # + # # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. # The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -229,14 +232,14 @@ def revoke( # The `session_jwt` belonging to the member that you wish to associate the email with. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -248,15 +251,15 @@ def revoke( # The type of this field is nilable +object+. # locale:: # If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. - # + # # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +ExchangeRequestLocale+ (string enum). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -296,7 +299,7 @@ def revoke( # (no documentation yet) # The type of this field is nilable +PrimaryRequired+ (+object+). def exchange( - organization_id:, + organization_id: , session_token: nil, session_jwt: nil, session_duration_minutes: nil, @@ -307,17 +310,17 @@ def exchange( request = { organization_id: organization_id } - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:locale] = locale unless locale.nil? + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:locale] = locale if locale != nil - post_request('/v1/b2b/sessions/exchange', request, headers) + post_request("/v1/b2b/sessions/exchange", request, headers) end - # Migrate a session from an external endpoint. Stytch will call the UserInfo endpoint specified in your project settings, performing a lookup using the session token passed in. If the endpoint repsonds and the response contains a valid email, Stytch will attempt to match that email with a member in your organization, and create a Stytch Session for you. - # + # Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with a Member in your Organization and create a Stytch Session. + # # == Parameters: # session_token:: # The authorization token Stytch will pass in to the external userinfo endpoint. @@ -326,14 +329,14 @@ def exchange( # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -343,7 +346,7 @@ def exchange( # delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. # Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -371,8 +374,8 @@ def exchange( # The [Session object](https://stytch.com/docs/b2b/api/session-object). # The type of this field is nilable +MemberSession+ (+object+). def migrate( - session_token:, - organization_id:, + session_token: , + organization_id: , session_duration_minutes: nil, session_custom_claims: nil ) @@ -381,27 +384,27 @@ def migrate( session_token: session_token, organization_id: organization_id } - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil - post_request('/v1/b2b/sessions/migrate', request, headers) + post_request("/v1/b2b/sessions/migrate", request, headers) end # Get the JSON Web Key Set (JWKS) for a project. - # - # JWKS are rotated every ~6 months. Upon rotation, new JWTs will be signed using the new key set, and both key sets will be returned by this endpoint for a period of 1 month. - # - # JWTs have a set lifetime of 5 minutes, so there will be a 5 minute period where some JWTs will be signed by the old JWKS, and some JWTs will be signed by the new JWKS. The correct JWKS to use for validation is determined by matching the `kid` value of the JWT and JWKS. - # + # + # JWKS are rotated every ~6 months. Upon rotation, new JWTs will be signed using the new key set, and both key sets will be returned by this endpoint for a period of 1 month. + # + # JWTs have a set lifetime of 5 minutes, so there will be a 5 minute period where some JWTs will be signed by the old JWKS, and some JWTs will be signed by the new JWKS. The correct JWKS to use for validation is determined by matching the `kid` value of the JWT and JWKS. + # # If you're using one of our [backend SDKs](https://stytch.com/docs/b2b/sdks), the JWKS roll will be handled for you. - # + # # If you're using your own JWT validation library, many have built-in support for JWKS rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWKS to use for validation by inspecting the `kid` value. - # + # # == Parameters: # project_id:: # The `project_id` to get the JWKS for. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # keys:: @@ -414,14 +417,16 @@ def migrate( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def get_jwks( - project_id: + project_id: ) headers = {} - query_params = {} + query_params = { + } request = request_with_query_params("/v1/b2b/sessions/jwks/#{project_id}", query_params) get_request(request, headers) end + # MANUAL(Sessions::authenticate_jwt)(SERVICE_METHOD) # ADDIMPORT: require 'jwt' # ADDIMPORT: require 'json/jwt' @@ -542,5 +547,7 @@ def marshal_jwt_into_session(jwt) } end # ENDMANUAL(Sessions::authenticate_jwt) + + end -end +end \ No newline at end of file diff --git a/lib/stytch/b2b_sso.rb b/lib/stytch/b2b_sso.rb index fa72528..d550406 100644 --- a/lib/stytch/b2b_sso.rb +++ b/lib/stytch/b2b_sso.rb @@ -11,38 +11,35 @@ module StytchB2B class GetConnectionsRequestOptions # Optional authorization object. - # Pass in an active Stytch Member session token or session JWT and the request - # will be run using that member's permissions. +# Pass in an active Stytch Member session token or session JWT and the request +# will be run using that member's permissions. attr_accessor :authorization def initialize( - authorization: nil - ) + authorization: nil ) @authorization = authorization end def to_headers headers = {} - headers.merge!(@authorization.to_headers) if authorization + headers.merge!(@authorization.to_headers) if self.authorization headers end end - class DeleteConnectionRequestOptions # Optional authorization object. - # Pass in an active Stytch Member session token or session JWT and the request - # will be run using that member's permissions. +# Pass in an active Stytch Member session token or session JWT and the request +# will be run using that member's permissions. attr_accessor :authorization def initialize( - authorization: nil - ) + authorization: nil ) @authorization = authorization end def to_headers headers = {} - headers.merge!(@authorization.to_headers) if authorization + headers.merge!(@authorization.to_headers) if self.authorization headers end end @@ -59,12 +56,12 @@ def initialize(connection) end # Get all SSO Connections owned by the organization. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -79,22 +76,23 @@ def initialize(connection) # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +GetConnectionsRequestOptions+ object which will modify the headers sent in the HTTP request. def get_connections( - organization_id:, + organization_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - query_params = {} + headers = headers.merge(method_options.to_headers) if method_options != nil + query_params = { + } request = request_with_query_params("/v1/b2b/sso/#{organization_id}", query_params) get_request(request, headers) end # Delete an existing SSO connection. /%} - # + # # == Parameters: # organization_id:: # The organization ID that the SSO connection belongs to. @@ -102,7 +100,7 @@ def get_connections( # connection_id:: # The ID of the SSO connection. Both SAML and OIDC connection IDs can be provided. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -114,32 +112,32 @@ def get_connections( # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +DeleteConnectionRequestOptions+ object which will modify the headers sent in the HTTP request. def delete_connection( - organization_id:, - connection_id:, + organization_id: , + connection_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil delete_request("/v1/b2b/sso/#{organization_id}/connections/#{connection_id}", headers) end - # Authenticate a user given a token. + # Authenticate a user given a token. # This endpoint verifies that the user completed the SSO Authentication flow by verifying that the token is valid and hasn't expired. - # Provide the `session_duration_minutes` parameter to set the lifetime of the session. + # Provide the `session_duration_minutes` parameter to set the lifetime of the session. # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. # To link this authentication event to an existing Stytch session, include either the `session_token` or `session_jwt` param. - # + # # If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. # The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), # or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA step and acquire a full member session. # The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. - # + # # If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step. - # + # # == Parameters: # sso_token:: # The token to authenticate. @@ -154,14 +152,14 @@ def delete_connection( # The `session_jwt` belonging to the member that you wish to associate the email with. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -173,18 +171,18 @@ def delete_connection( # The type of this field is nilable +object+. # locale:: # If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. - # + # # Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +AuthenticateRequestLocale+ (string enum). # intermediate_session_token:: # Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -228,7 +226,7 @@ def delete_connection( # Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA. # The type of this field is nilable +MfaRequired+ (+object+). def authenticate( - sso_token:, + sso_token: , pkce_code_verifier: nil, session_token: nil, session_jwt: nil, @@ -241,26 +239,29 @@ def authenticate( request = { sso_token: sso_token } - request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:locale] = locale unless locale.nil? - request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil? - - post_request('/v1/b2b/sso/authenticate', request, headers) + request[:pkce_code_verifier] = pkce_code_verifier if pkce_code_verifier != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:locale] = locale if locale != nil + request[:intermediate_session_token] = intermediate_session_token if intermediate_session_token != nil + + post_request("/v1/b2b/sso/authenticate", request, headers) end + + class OIDC include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Create a new OIDC Connection. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -268,7 +269,7 @@ def initialize(connection) # display_name:: # A human-readable display name for the connection. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -280,32 +281,33 @@ def initialize(connection) # connection:: # The `OIDC Connection` object affected by this API call. See the [OIDC Connection Object](https://stytch.com/docs/b2b/api/oidc-connection-object) for complete response field details. # The type of this field is nilable +OIDCConnection+ (+object+). - # + # # == Method Options: # This method supports an optional +CreateConnectionRequestOptions+ object which will modify the headers sent in the HTTP request. def create_connection( - organization_id:, + organization_id: , display_name: nil, method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - request = {} - request[:display_name] = display_name unless display_name.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil + request = { + } + request[:display_name] = display_name if display_name != nil post_request("/v1/b2b/sso/oidc/#{organization_id}", request, headers) end # Updates an existing OIDC connection. - # + # # When the value of `issuer` changes, Stytch will attempt to retrieve the [OpenID Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata) document found at `$/.well-known/openid-configuration`. # If the metadata document can be retrieved successfully, Stytch will use it to infer the values of `authorization_url`, `token_url`, `jwks_url`, and `userinfo_url`. # The `client_id` and `client_secret` values cannot be inferred from the metadata document, and *must* be passed in explicitly. - # + # # If the metadata document cannot be retrieved, Stytch will still update the connection using values from the request body. - # - # If the metadata document can be retrieved, and values are passed in the request body, the explicit values passed in from the request body will take precedence over the values inferred from the metadata document. - # + # + # If the metadata document can be retrieved, and values are passed in the request body, the explicit values passed in from the request body will take precedence over the values inferred from the metadata document. + # # Note that a newly created connection will not become active until all of the following fields are provided: # * `issuer` # * `client_id` @@ -315,7 +317,7 @@ def create_connection( # * `userinfo_url` # * `jwks_url` # /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -347,7 +349,7 @@ def create_connection( # jwks_url:: # The location of the IdP's JSON Web Key Set, used to verify credentials issued by the IdP. This will be provided by the IdP. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -362,12 +364,12 @@ def create_connection( # warning:: # If it is not possible to resolve the well-known metadata document from the OIDC issuer, this field will explain what went wrong if the request is successful otherwise. In other words, even if the overall request succeeds, there could be relevant warnings related to the connection update. # The type of this field is nilable +String+. - # + # # == Method Options: # This method supports an optional +UpdateConnectionRequestOptions+ object which will modify the headers sent in the HTTP request. def update_connection( - organization_id:, - connection_id:, + organization_id: , + connection_id: , display_name: nil, client_id: nil, client_secret: nil, @@ -379,30 +381,34 @@ def update_connection( method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - request = {} - request[:display_name] = display_name unless display_name.nil? - request[:client_id] = client_id unless client_id.nil? - request[:client_secret] = client_secret unless client_secret.nil? - request[:issuer] = issuer unless issuer.nil? - request[:authorization_url] = authorization_url unless authorization_url.nil? - request[:token_url] = token_url unless token_url.nil? - request[:userinfo_url] = userinfo_url unless userinfo_url.nil? - request[:jwks_url] = jwks_url unless jwks_url.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil + request = { + } + request[:display_name] = display_name if display_name != nil + request[:client_id] = client_id if client_id != nil + request[:client_secret] = client_secret if client_secret != nil + request[:issuer] = issuer if issuer != nil + request[:authorization_url] = authorization_url if authorization_url != nil + request[:token_url] = token_url if token_url != nil + request[:userinfo_url] = userinfo_url if userinfo_url != nil + request[:jwks_url] = jwks_url if jwks_url != nil put_request("/v1/b2b/sso/oidc/#{organization_id}/connections/#{connection_id}", request, headers) end - end + + + end class SAML include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Create a new SAML Connection. /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -410,7 +416,7 @@ def initialize(connection) # display_name:: # A human-readable display name for the connection. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -422,31 +428,32 @@ def initialize(connection) # connection:: # The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details. # The type of this field is nilable +SAMLConnection+ (+object+). - # + # # == Method Options: # This method supports an optional +CreateConnectionRequestOptions+ object which will modify the headers sent in the HTTP request. def create_connection( - organization_id:, + organization_id: , display_name: nil, method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - request = {} - request[:display_name] = display_name unless display_name.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil + request = { + } + request[:display_name] = display_name if display_name != nil post_request("/v1/b2b/sso/saml/#{organization_id}", request, headers) end # Updates an existing SAML connection. - # + # # Note that a newly created connection will not become active until all of the following are provided: # * `idp_sso_url` # * `attribute_mapping` # * `idp_entity_id` # * `x509_certificate` # /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -483,7 +490,7 @@ def create_connection( # alternative_audience_uri:: # An alternative URL to use for the Audience Restriction. This value can be used when you wish to migrate an existing SAML integration to Stytch with zero downtime. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -495,12 +502,12 @@ def create_connection( # connection:: # The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details. # The type of this field is nilable +SAMLConnection+ (+object+). - # + # # == Method Options: # This method supports an optional +UpdateConnectionRequestOptions+ object which will modify the headers sent in the HTTP request. def update_connection( - organization_id:, - connection_id:, + organization_id: , + connection_id: , idp_entity_id: nil, display_name: nil, attribute_mapping: nil, @@ -512,29 +519,30 @@ def update_connection( method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? - request = {} - request[:idp_entity_id] = idp_entity_id unless idp_entity_id.nil? - request[:display_name] = display_name unless display_name.nil? - request[:attribute_mapping] = attribute_mapping unless attribute_mapping.nil? - request[:x509_certificate] = x509_certificate unless x509_certificate.nil? - request[:idp_sso_url] = idp_sso_url unless idp_sso_url.nil? - request[:saml_connection_implicit_role_assignments] = saml_connection_implicit_role_assignments unless saml_connection_implicit_role_assignments.nil? - request[:saml_group_implicit_role_assignments] = saml_group_implicit_role_assignments unless saml_group_implicit_role_assignments.nil? - request[:alternative_audience_uri] = alternative_audience_uri unless alternative_audience_uri.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil + request = { + } + request[:idp_entity_id] = idp_entity_id if idp_entity_id != nil + request[:display_name] = display_name if display_name != nil + request[:attribute_mapping] = attribute_mapping if attribute_mapping != nil + request[:x509_certificate] = x509_certificate if x509_certificate != nil + request[:idp_sso_url] = idp_sso_url if idp_sso_url != nil + request[:saml_connection_implicit_role_assignments] = saml_connection_implicit_role_assignments if saml_connection_implicit_role_assignments != nil + request[:saml_group_implicit_role_assignments] = saml_group_implicit_role_assignments if saml_group_implicit_role_assignments != nil + request[:alternative_audience_uri] = alternative_audience_uri if alternative_audience_uri != nil put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}", request, headers) end # Used to update an existing SAML connection using an IDP metadata URL. - # + # # A newly created connection will not become active until all the following are provided: # * `idp_sso_url` # * `idp_entity_id` # * `x509_certificate` # * `attribute_mapping` (must be supplied using [Update SAML Connection](update-saml-connection)) # /%} - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -545,7 +553,7 @@ def update_connection( # metadata_url:: # A URL that points to the IdP metadata. This will be provided by the IdP. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -557,17 +565,17 @@ def update_connection( # connection:: # The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details. # The type of this field is nilable +SAMLConnection+ (+object+). - # + # # == Method Options: # This method supports an optional +UpdateByURLRequestOptions+ object which will modify the headers sent in the HTTP request. def update_by_url( - organization_id:, - connection_id:, - metadata_url:, + organization_id: , + connection_id: , + metadata_url: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil request = { metadata_url: metadata_url } @@ -576,10 +584,10 @@ def update_by_url( end # Delete a SAML verification certificate. - # + # # You may need to do this when rotating certificates from your IdP, since Stytch allows a maximum of 5 certificates per connection. There must always be at least one certificate per active connection. # /%} - # + # # == Parameters: # organization_id:: # The organization ID that the SAML connection belongs to. @@ -590,7 +598,7 @@ def update_by_url( # certificate_id:: # The ID of the certificate to be deleted. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -602,19 +610,22 @@ def update_by_url( # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. - # + # # == Method Options: # This method supports an optional +DeleteVerificationCertificateRequestOptions+ object which will modify the headers sent in the HTTP request. def delete_verification_certificate( - organization_id:, - connection_id:, - certificate_id:, + organization_id: , + connection_id: , + certificate_id: , method_options: nil ) headers = {} - headers = headers.merge(method_options.to_headers) unless method_options.nil? + headers = headers.merge(method_options.to_headers) if method_options != nil delete_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}/verification_certificates/#{certificate_id}", headers) end + + + end end -end +end \ No newline at end of file diff --git a/lib/stytch/b2b_totps.rb b/lib/stytch/b2b_totps.rb index cbf9397..2c2ef70 100644 --- a/lib/stytch/b2b_totps.rb +++ b/lib/stytch/b2b_totps.rb @@ -9,17 +9,19 @@ require_relative 'request_helper' module StytchB2B + class TOTPs include Stytch::RequestHelper def initialize(connection) @connection = connection + end - # Create a new TOTP instance for a Member. The Member can use the authenticator application of their choice to scan the QR code or enter the secret. - # + # Create a new TOTP instance for a Member. The Member can use the authenticator application of their choice to scan the QR code or enter the secret. + # # Passing an intermediate session token, session token, or session JWT is not required, but if passed must match the Member ID passed. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -39,7 +41,7 @@ def initialize(connection) # session_jwt:: # The JSON Web Token (JWT) for a given Stytch Session. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -70,8 +72,8 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def create( - organization_id:, - member_id:, + organization_id: , + member_id: , expiration_minutes: nil, intermediate_session_token: nil, session_token: nil, @@ -82,16 +84,16 @@ def create( organization_id: organization_id, member_id: member_id } - request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil? - request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? + request[:expiration_minutes] = expiration_minutes if expiration_minutes != nil + request[:intermediate_session_token] = intermediate_session_token if intermediate_session_token != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil - post_request('/v1/b2b/totp', request, headers) + post_request("/v1/b2b/totp", request, headers) end # Authenticate a Member provided TOTP. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -112,14 +114,14 @@ def create( # The JSON Web Token (JWT) for a given Stytch Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want # to use the Stytch session product, you can ignore the session fields in the response. # The type of this field is nilable +Integer+. @@ -131,16 +133,16 @@ def create( # The type of this field is nilable +object+. # set_mfa_enrollment:: # Optionally sets the Member’s MFA enrollment status upon a successful authentication. If the Organization’s MFA policy is `REQUIRED_FOR_ALL`, this field will be ignored. If this field is not passed in, the Member’s `mfa_enrolled` boolean will not be affected. The options are: - # + # # `enroll` – sets the Member's `mfa_enrolled` boolean to `true`. The Member will be required to complete an MFA step upon subsequent logins to the Organization. - # + # # `unenroll` – sets the Member's `mfa_enrolled` boolean to `false`. The Member will no longer be required to complete MFA steps when logging in to the Organization. - # + # # The type of this field is nilable +String+. # set_default_mfa:: # If passed will set the authenticated method to the default MFA method. Completing an MFA authentication flow for the first time for a Member will implicitly set the method to the default MFA method. This option can be used to update the default MFA method if multiple are being used. # The type of this field is nilable +Boolean+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -168,9 +170,9 @@ def create( # The [Session object](https://stytch.com/docs/b2b/api/session-object). # The type of this field is nilable +MemberSession+ (+object+). def authenticate( - organization_id:, - member_id:, - code:, + organization_id: , + member_id: , + code: , intermediate_session_token: nil, session_token: nil, session_jwt: nil, @@ -185,19 +187,19 @@ def authenticate( member_id: member_id, code: code } - request[:intermediate_session_token] = intermediate_session_token unless intermediate_session_token.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:set_mfa_enrollment] = set_mfa_enrollment unless set_mfa_enrollment.nil? - request[:set_default_mfa] = set_default_mfa unless set_default_mfa.nil? + request[:intermediate_session_token] = intermediate_session_token if intermediate_session_token != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:set_mfa_enrollment] = set_mfa_enrollment if set_mfa_enrollment != nil + request[:set_default_mfa] = set_default_mfa if set_default_mfa != nil - post_request('/v1/b2b/totp/authenticate', request, headers) + post_request("/v1/b2b/totp/authenticate", request, headers) end # Migrate an existing TOTP instance for a Member. Recovery codes are not required and will be minted for the Member if not provided. - # + # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -211,7 +213,7 @@ def authenticate( # recovery_codes:: # An existing set of recovery codes to be imported into Stytch to be used to authenticate in place of the secondary MFA method. # The type of this field is list of +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -236,10 +238,10 @@ def authenticate( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def migrate( - organization_id:, - member_id:, - secret:, - recovery_codes: + organization_id: , + member_id: , + secret: , + recovery_codes: ) headers = {} request = { @@ -249,7 +251,10 @@ def migrate( recovery_codes: recovery_codes } - post_request('/v1/b2b/totp/migrate', request, headers) + post_request("/v1/b2b/totp/migrate", request, headers) end + + + end -end +end \ No newline at end of file diff --git a/lib/stytch/client.rb b/lib/stytch/client.rb index 1d9bf1a..da444f6 100644 --- a/lib/stytch/client.rb +++ b/lib/stytch/client.rb @@ -25,6 +25,7 @@ def initialize(project_id:, secret:, env: nil, &block) create_connection(&block) + @crypto_wallets = Stytch::CryptoWallets.new(@connection) @m2m = Stytch::M2M.new(@connection, @project_id) @magic_links = Stytch::MagicLinks.new(@connection) @@ -46,7 +47,7 @@ def api_host(env, project_id) 'https://api.stytch.com' when :test 'https://test.stytch.com' - when %r{\Ahttps?://} + when /\Ahttps?:\/\// # If this is a string that looks like a URL, assume it's an internal development URL. env else @@ -74,4 +75,4 @@ def build_default_connection(builder) builder.adapter Faraday.default_adapter end end -end +end \ No newline at end of file diff --git a/lib/stytch/crypto_wallets.rb b/lib/stytch/crypto_wallets.rb index 97b3f2b..d4ce9a9 100644 --- a/lib/stytch/crypto_wallets.rb +++ b/lib/stytch/crypto_wallets.rb @@ -9,15 +9,17 @@ require_relative 'request_helper' module Stytch + class CryptoWallets include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Initiate the authentication of a crypto wallet. After calling this endpoint, the user will need to sign a message containing only the returned `challenge` field. - # + # # == Parameters: # crypto_wallet_type:: # The type of wallet to authenticate. Currently `ethereum` and `solana` are supported. Wallets for any EVM-compatible chains (such as Polygon or BSC) are also supported and are grouped under the `ethereum` type. @@ -34,7 +36,7 @@ def initialize(connection) # session_jwt:: # The `session_jwt` associated with a User's existing Session. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -53,8 +55,8 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def authenticate_start( - crypto_wallet_type:, - crypto_wallet_address:, + crypto_wallet_type: , + crypto_wallet_address: , user_id: nil, session_token: nil, session_jwt: nil @@ -64,15 +66,15 @@ def authenticate_start( crypto_wallet_type: crypto_wallet_type, crypto_wallet_address: crypto_wallet_address } - request[:user_id] = user_id unless user_id.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? + request[:user_id] = user_id if user_id != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil - post_request('/v1/crypto_wallets/authenticate/start', request, headers) + post_request("/v1/crypto_wallets/authenticate/start", request, headers) end # Complete the authentication of a crypto wallet by passing the signature. - # + # # == Parameters: # crypto_wallet_type:: # The type of wallet to authenticate. Currently `ethereum` and `solana` are supported. Wallets for any EVM-compatible chains (such as Polygon or BSC) are also supported and are grouped under the `ethereum` type. @@ -87,14 +89,14 @@ def authenticate_start( # The `session_token` associated with a User's existing Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. # The type of this field is nilable +Integer+. # session_jwt:: @@ -102,10 +104,10 @@ def authenticate_start( # The type of this field is nilable +String+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -128,14 +130,14 @@ def authenticate_start( # The type of this field is +Integer+. # session:: # If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is nilable +Session+ (+object+). def authenticate( - crypto_wallet_type:, - crypto_wallet_address:, - signature:, + crypto_wallet_type: , + crypto_wallet_address: , + signature: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -147,12 +149,15 @@ def authenticate( crypto_wallet_address: crypto_wallet_address, signature: signature } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil - post_request('/v1/crypto_wallets/authenticate', request, headers) + post_request("/v1/crypto_wallets/authenticate", request, headers) end + + + end -end +end \ No newline at end of file diff --git a/lib/stytch/m2m.rb b/lib/stytch/m2m.rb index 1fbeaab..1568cb8 100644 --- a/lib/stytch/m2m.rb +++ b/lib/stytch/m2m.rb @@ -9,6 +9,7 @@ require_relative 'request_helper' module Stytch + class M2M include Stytch::RequestHelper attr_reader :clients @@ -32,6 +33,7 @@ def initialize(connection, project_id) end end + # MANUAL(M2M::get_jwks)(SERVICE_METHOD) # This is a helper so we can retrieve the JWKS for a project for decoding M2M access tokens def get_jwks( @@ -159,6 +161,7 @@ def marshal_jwt_into_response(jwt) end # ENDMANUAL(M2M::authenticate_token) + class Clients include Stytch::RequestHelper attr_reader :secrets @@ -170,12 +173,12 @@ def initialize(connection) end # Gets information about an existing M2M Client. - # + # # == Parameters: # client_id:: # The ID of the client. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -188,21 +191,22 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def get( - client_id: + client_id: ) headers = {} - query_params = {} + query_params = { + } request = request_with_query_params("/v1/m2m/clients/#{client_id}", query_params) get_request(request, headers) end # Search for M2M Clients within your Stytch Project. Submit an empty `query` in the request to return all M2M Clients. - # + # # The following search filters are supported today: # - `client_id`: Pass in a list of client IDs to get many clients in a single request # - `client_name`: Search for clients by exact match on client name # - `scopes`: Search for clients assigned a specific scope - # + # # == Parameters: # cursor:: # The `cursor` field allows you to paginate through your results. Each result array is limited to 1000 results. If your query returns more than 1000 results, you will need to paginate the responses using the `cursor`. If you receive a response that includes a non-null `next_cursor` in the `results_metadata` object, repeat the search call with the `next_cursor` value set to the `cursor` field to retrieve the next page of results. Continue to make search calls until the `next_cursor` in the response is null. @@ -213,7 +217,7 @@ def get( # query:: # The optional query object contains the operator, i.e. `AND` or `OR`, and the operands that will filter your results. Only an operator is required. If you include no operands, no filtering will be applied. If you include no query object, it will return all results with no filtering applied. # The type of this field is nilable +M2MSearchQuery+ (+object+). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -234,19 +238,20 @@ def search( query: nil ) headers = {} - request = {} - request[:cursor] = cursor unless cursor.nil? - request[:limit] = limit unless limit.nil? - request[:query] = query unless query.nil? + request = { + } + request[:cursor] = cursor if cursor != nil + request[:limit] = limit if limit != nil + request[:query] = query if query != nil - post_request('/v1/m2m/clients/search', request, headers) + post_request("/v1/m2m/clients/search", request, headers) end # Updates an existing M2M Client. You can use this endpoint to activate or deactivate a M2M Client by changing its `status`. A deactivated M2M Client will not be allowed to perform future token exchange flows until it is reactivated. - # + # # **Important:** Deactivating a M2M Client will not invalidate any existing JWTs issued to the client, only prevent it from receiving new ones. # To protect more-sensitive routes, pass a lower `max_token_age` value when[authenticating the token](https://stytch.com/docs/b2b/api/authenticate-m2m-token)[authenticating the token](https://stytch.com/docs/api/authenticate-m2m-token). - # + # # == Parameters: # client_id:: # The ID of the client. @@ -266,7 +271,7 @@ def search( # trusted_metadata:: # The `trusted_metadata` field contains an arbitrary JSON object of application-specific data. See the [Metadata](https://stytch.com/docs/api/metadata) reference for complete field behavior details. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -279,7 +284,7 @@ def search( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def update( - client_id:, + client_id: , client_name: nil, client_description: nil, status: nil, @@ -287,26 +292,27 @@ def update( trusted_metadata: nil ) headers = {} - request = {} - request[:client_name] = client_name unless client_name.nil? - request[:client_description] = client_description unless client_description.nil? - request[:status] = status unless status.nil? - request[:scopes] = scopes unless scopes.nil? - request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? + request = { + } + request[:client_name] = client_name if client_name != nil + request[:client_description] = client_description if client_description != nil + request[:status] = status if status != nil + request[:scopes] = scopes if scopes != nil + request[:trusted_metadata] = trusted_metadata if trusted_metadata != nil put_request("/v1/m2m/clients/#{client_id}", request, headers) end # Deletes the M2M Client. - # + # # **Important:** Deleting a M2M Client will not invalidate any existing JWTs issued to the client, only prevent it from receiving new ones. # To protect more-sensitive routes, pass a lower `max_token_age` value when[authenticating the token](https://stytch.com/docs/b2b/api/authenticate-m2m-token)[authenticating the token](https://stytch.com/docs/api/authenticate-m2m-token). - # + # # == Parameters: # client_id:: # The ID of the client. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -319,16 +325,16 @@ def update( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def delete( - client_id: + client_id: ) headers = {} delete_request("/v1/m2m/clients/#{client_id}", headers) end # Creates a new M2M Client. On initial client creation, you may pass in a custom `client_id` or `client_secret` to import an existing M2M client. If you do not pass in a custom `client_id` or `client_secret`, one will be generated automatically. The `client_id` must be unique among all clients in your project. - # + # # **Important:** This is the only time you will be able to view the generated `client_secret` in the API response. Stytch stores a hash of the `client_secret` and cannot recover the value if lost. Be sure to persist the `client_secret` in a secure location. If the `client_secret` is lost, you will need to trigger a secret rotation flow to receive another one. - # + # # == Parameters: # scopes:: # An array of scopes assigned to the client. @@ -348,7 +354,7 @@ def delete( # trusted_metadata:: # The `trusted_metadata` field contains an arbitrary JSON object of application-specific data. See the [Metadata](https://stytch.com/docs/api/metadata) reference for complete field behavior details. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -361,7 +367,7 @@ def delete( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def create( - scopes:, + scopes: , client_id: nil, client_secret: nil, client_name: nil, @@ -372,32 +378,35 @@ def create( request = { scopes: scopes } - request[:client_id] = client_id unless client_id.nil? - request[:client_secret] = client_secret unless client_secret.nil? - request[:client_name] = client_name unless client_name.nil? - request[:client_description] = client_description unless client_description.nil? - request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? + request[:client_id] = client_id if client_id != nil + request[:client_secret] = client_secret if client_secret != nil + request[:client_name] = client_name if client_name != nil + request[:client_description] = client_description if client_description != nil + request[:trusted_metadata] = trusted_metadata if trusted_metadata != nil - post_request('/v1/m2m/clients', request, headers) + post_request("/v1/m2m/clients", request, headers) end + + class Secrets include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Initiate the rotation of an M2M client secret. After this endpoint is called, both the client's `client_secret` and `next_client_secret` will be valid. To complete the secret rotation flow, update all usages of `client_secret` to `next_client_secret` and call the [Rotate Secret Endpoint](https://stytch.com/docs/b2b/api/m2m-rotate-secret)[Rotate Secret Endpoint](https://stytch.com/docs/api/m2m-rotate-secret) to complete the flow. # Secret rotation can be cancelled using the [Rotate Cancel Endpoint](https://stytch.com/docs/b2b/api/m2m-rotate-secret-cancel)[Rotate Cancel Endpoint](https://stytch.com/docs/api/m2m-rotate-secret-cancel). - # + # # **Important:** This is the only time you will be able to view the generated `next_client_secret` in the API response. Stytch stores a hash of the `next_client_secret` and cannot recover the value if lost. Be sure to persist the `next_client_secret` in a secure location. If the `next_client_secret` is lost, you will need to trigger a secret rotation flow to receive another one. - # + # # == Parameters: # client_id:: # The ID of the client. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -410,22 +419,23 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def rotate_start( - client_id: + client_id: ) headers = {} - request = {} + request = { + } post_request("/v1/m2m/clients/#{client_id}/secrets/rotate/start", request, headers) end # Cancel the rotation of an M2M client secret started with the [Start Secret Rotation Endpoint](https://stytch.com/docs/b2b/api/m2m-rotate-secret-start) [Start Secret Rotation Endpoint](https://stytch.com/docs/api/m2m-rotate-secret-start). # After this endpoint is called, the client's `next_client_secret` is discarded and only the original `client_secret` will be valid. - # + # # == Parameters: # client_id:: # The ID of the client. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -438,22 +448,23 @@ def rotate_start( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def rotate_cancel( - client_id: + client_id: ) headers = {} - request = {} + request = { + } post_request("/v1/m2m/clients/#{client_id}/secrets/rotate/cancel", request, headers) end # Complete the rotation of an M2M client secret started with the [Start Secret Rotation Endpoint](https://stytch.com/docs/b2b/api/m2m-rotate-secret-start) [Start Secret Rotation Endpoint](https://stytch.com/docs/api/m2m-rotate-secret-start). # After this endpoint is called, the client's `next_client_secret` becomes its `client_secret` and the previous `client_secret` will no longer be valid. - # + # # == Parameters: # client_id:: # The ID of the client. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -466,14 +477,18 @@ def rotate_cancel( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def rotate( - client_id: + client_id: ) headers = {} - request = {} + request = { + } post_request("/v1/m2m/clients/#{client_id}/secrets/rotate", request, headers) end + + + end end end -end +end \ No newline at end of file diff --git a/lib/stytch/magic_links.rb b/lib/stytch/magic_links.rb index 703ddd3..706943a 100644 --- a/lib/stytch/magic_links.rb +++ b/lib/stytch/magic_links.rb @@ -9,6 +9,7 @@ require_relative 'request_helper' module Stytch + class MagicLinks include Stytch::RequestHelper attr_reader :email @@ -20,13 +21,13 @@ def initialize(connection) end # Authenticate a User given a Magic Link. This endpoint verifies that the Magic Link token is valid, hasn't expired or been previously used, and any optional security settings such as IP match or user agent match are satisfied. - # + # # == Parameters: # token:: # The Magic Link `token` from the `?token=` query parameter in the URL. - # + # # The redirect URL will look like `https://example.com/authenticate?stytch_token_type=magic_links&token=rM_kw42CWBhsHLF62V75jELMbvJ87njMe3tFVj7Qupu7` - # + # # In the redirect URL, the `stytch_token_type` will be `magic_link`. See [here](https://stytch.com/docs/guides/dashboard/redirect-urls) for more detail. # The type of this field is +String+. # attributes:: @@ -39,14 +40,14 @@ def initialize(connection) # The `session_token` associated with a User's existing Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. # The type of this field is nilable +Integer+. # session_jwt:: @@ -54,13 +55,13 @@ def initialize(connection) # The type of this field is nilable +String+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. # code_verifier:: # A base64url encoded one time secret used to validate that the request starts and ends on the same device. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -89,12 +90,12 @@ def initialize(connection) # The type of this field is +Integer+. # session:: # If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is nilable +Session+ (+object+). def authenticate( - token:, + token: , attributes: nil, options: nil, session_token: nil, @@ -107,22 +108,22 @@ def authenticate( request = { token: token } - request[:attributes] = attributes unless attributes.nil? - request[:options] = options unless options.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:code_verifier] = code_verifier unless code_verifier.nil? + request[:attributes] = attributes if attributes != nil + request[:options] = options if options != nil + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:code_verifier] = code_verifier if code_verifier != nil - post_request('/v1/magic_links/authenticate', request, headers) + post_request("/v1/magic_links/authenticate", request, headers) end # Create an embeddable Magic Link token for a User. Access to this endpoint is restricted. To enable it, please send us a note at support@stytch.com. - # + # # ### Next steps # Send the returned `token` value to the end user in a link which directs to your application. When the end user follows your link, collect the token, and call [Authenticate Magic Link](https://stytch.com/docs/api/authenticate-magic-link) to complete authentication. - # + # # == Parameters: # user_id:: # The unique ID of a specific User. @@ -133,7 +134,7 @@ def authenticate( # attributes:: # Provided attributes help with fraud detection. # The type of this field is nilable +Attributes+ (+object+). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -149,7 +150,7 @@ def authenticate( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def create( - user_id:, + user_id: , expiration_minutes: nil, attributes: nil ) @@ -157,27 +158,30 @@ def create( request = { user_id: user_id } - request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil? - request[:attributes] = attributes unless attributes.nil? + request[:expiration_minutes] = expiration_minutes if expiration_minutes != nil + request[:attributes] = attributes if attributes != nil - post_request('/v1/magic_links', request, headers) + post_request("/v1/magic_links", request, headers) end + + class Email include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Send a magic link to an existing Stytch user using their email address. If you'd like to create a user and send them a magic link by email with one request, use our [log in or create endpoint](https://stytch.com/docs/api/log-in-or-create-user-by-email). - # + # # ### Add an email to an existing user # This endpoint also allows you to add a new email address to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in your Send Magic Link by email request will add the new, unverified email address to the existing Stytch User. If the user successfully authenticates within 5 minutes, the new email address will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that email address will create a new User. - # + # # ### Next steps # The user is emailed a magic link which redirects them to the provided [redirect URL](https://stytch.com/docs/guides/magic-links/email-magic-links/redirect-routing). Collect the `token` from the URL query parameters, and call [Authenticate magic link](https://stytch.com/docs/api/authenticate-magic-link) to complete authentication. - # + # # == Parameters: # email:: # The email address of the User to send the Magic Link to. @@ -214,16 +218,16 @@ def initialize(connection) # The type of this field is nilable +String+. # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +SendRequestLocale+ (string enum). # signup_template_id:: # Use a custom template for sign-up emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Sign-up. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -239,7 +243,7 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def send( - email:, + email: , login_template_id: nil, attributes: nil, login_magic_link_url: nil, @@ -257,27 +261,27 @@ def send( request = { email: email } - request[:login_template_id] = login_template_id unless login_template_id.nil? - request[:attributes] = attributes unless attributes.nil? - request[:login_magic_link_url] = login_magic_link_url unless login_magic_link_url.nil? - request[:signup_magic_link_url] = signup_magic_link_url unless signup_magic_link_url.nil? - request[:login_expiration_minutes] = login_expiration_minutes unless login_expiration_minutes.nil? - request[:signup_expiration_minutes] = signup_expiration_minutes unless signup_expiration_minutes.nil? - request[:code_challenge] = code_challenge unless code_challenge.nil? - request[:user_id] = user_id unless user_id.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:locale] = locale unless locale.nil? - request[:signup_template_id] = signup_template_id unless signup_template_id.nil? + request[:login_template_id] = login_template_id if login_template_id != nil + request[:attributes] = attributes if attributes != nil + request[:login_magic_link_url] = login_magic_link_url if login_magic_link_url != nil + request[:signup_magic_link_url] = signup_magic_link_url if signup_magic_link_url != nil + request[:login_expiration_minutes] = login_expiration_minutes if login_expiration_minutes != nil + request[:signup_expiration_minutes] = signup_expiration_minutes if signup_expiration_minutes != nil + request[:code_challenge] = code_challenge if code_challenge != nil + request[:user_id] = user_id if user_id != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:locale] = locale if locale != nil + request[:signup_template_id] = signup_template_id if signup_template_id != nil - post_request('/v1/magic_links/email/send', request, headers) + post_request("/v1/magic_links/email/send", request, headers) end # Send either a login or signup Magic Link to the User based on if the email is associated with a User already. A new or pending User will receive a signup Magic Link. An active User will receive a login Magic Link. For more information on how to control the status your Users are created in see the `create_user_as_pending` flag. - # + # # ### Next steps # The User is emailed a Magic Link which redirects them to the provided [redirect URL](https://stytch.com/docs/guides/magic-links/email-magic-links/redirect-routing). Collect the `token` from the URL query parameters and call [Authenticate Magic Link](https://stytch.com/docs/api/authenticate-magic-link) to complete authentication. - # + # # == Parameters: # email:: # The email address of the end user. @@ -315,13 +319,13 @@ def send( # The type of this field is nilable +String+. # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +LoginOrCreateRequestLocale+ (string enum). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -340,7 +344,7 @@ def send( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def login_or_create( - email:, + email: , login_magic_link_url: nil, signup_magic_link_url: nil, login_expiration_minutes: nil, @@ -356,25 +360,25 @@ def login_or_create( request = { email: email } - request[:login_magic_link_url] = login_magic_link_url unless login_magic_link_url.nil? - request[:signup_magic_link_url] = signup_magic_link_url unless signup_magic_link_url.nil? - request[:login_expiration_minutes] = login_expiration_minutes unless login_expiration_minutes.nil? - request[:signup_expiration_minutes] = signup_expiration_minutes unless signup_expiration_minutes.nil? - request[:login_template_id] = login_template_id unless login_template_id.nil? - request[:signup_template_id] = signup_template_id unless signup_template_id.nil? - request[:attributes] = attributes unless attributes.nil? - request[:create_user_as_pending] = create_user_as_pending unless create_user_as_pending.nil? - request[:code_challenge] = code_challenge unless code_challenge.nil? - request[:locale] = locale unless locale.nil? + request[:login_magic_link_url] = login_magic_link_url if login_magic_link_url != nil + request[:signup_magic_link_url] = signup_magic_link_url if signup_magic_link_url != nil + request[:login_expiration_minutes] = login_expiration_minutes if login_expiration_minutes != nil + request[:signup_expiration_minutes] = signup_expiration_minutes if signup_expiration_minutes != nil + request[:login_template_id] = login_template_id if login_template_id != nil + request[:signup_template_id] = signup_template_id if signup_template_id != nil + request[:attributes] = attributes if attributes != nil + request[:create_user_as_pending] = create_user_as_pending if create_user_as_pending != nil + request[:code_challenge] = code_challenge if code_challenge != nil + request[:locale] = locale if locale != nil - post_request('/v1/magic_links/email/login_or_create', request, headers) + post_request("/v1/magic_links/email/login_or_create", request, headers) end # Create a User and send an invite Magic Link to the provided `email`. The User will be created with a `pending` status until they click the Magic Link in the invite email. - # + # # ### Next steps # The User is emailed a Magic Link which redirects them to the provided [redirect URL](https://stytch.com/docs/guides/magic-links/email-magic-links/redirect-routing). Collect the `token` from the URL query parameters and call [Authenticate Magic Link](https://stytch.com/docs/api/authenticate-magic-link) to complete authentication. - # + # # == Parameters: # email:: # The email address of the User to send the invite Magic Link to. @@ -396,13 +400,13 @@ def login_or_create( # The type of this field is nilable +Integer+. # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +InviteRequestLocale+ (string enum). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -418,7 +422,7 @@ def login_or_create( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def invite( - email:, + email: , invite_template_id: nil, attributes: nil, name: nil, @@ -430,23 +434,23 @@ def invite( request = { email: email } - request[:invite_template_id] = invite_template_id unless invite_template_id.nil? - request[:attributes] = attributes unless attributes.nil? - request[:name] = name unless name.nil? - request[:invite_magic_link_url] = invite_magic_link_url unless invite_magic_link_url.nil? - request[:invite_expiration_minutes] = invite_expiration_minutes unless invite_expiration_minutes.nil? - request[:locale] = locale unless locale.nil? + request[:invite_template_id] = invite_template_id if invite_template_id != nil + request[:attributes] = attributes if attributes != nil + request[:name] = name if name != nil + request[:invite_magic_link_url] = invite_magic_link_url if invite_magic_link_url != nil + request[:invite_expiration_minutes] = invite_expiration_minutes if invite_expiration_minutes != nil + request[:locale] = locale if locale != nil - post_request('/v1/magic_links/email/invite', request, headers) + post_request("/v1/magic_links/email/invite", request, headers) end # Revoke a pending invite based on the `email` provided. - # + # # == Parameters: # email:: # The email of the user. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -456,15 +460,18 @@ def invite( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def revoke_invite( - email: + email: ) headers = {} request = { email: email } - post_request('/v1/magic_links/email/revoke_invite', request, headers) + post_request("/v1/magic_links/email/revoke_invite", request, headers) end + + + end end -end +end \ No newline at end of file diff --git a/lib/stytch/oauth.rb b/lib/stytch/oauth.rb index 4867d3e..e59666c 100644 --- a/lib/stytch/oauth.rb +++ b/lib/stytch/oauth.rb @@ -9,19 +9,21 @@ require_relative 'request_helper' module Stytch + class OAuth include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Generate an OAuth Attach Token to pre-associate an OAuth flow with an existing Stytch User. Pass the returned `oauth_attach_token` to the same provider's OAuth Start endpoint to treat this OAuth flow as a login for that user instead of a signup for a new user. - # + # # Exactly one of `user_id`, `session_token`, or `session_jwt` must be provided to identify the target Stytch User. - # + # # This is an optional step in the OAuth flow. Stytch can often determine whether to create a new user or log in an existing one based on verified identity provider information. This endpoint is useful for cases where we can't, such as missing or unverified provider information. - # + # # == Parameters: # provider:: # The OAuth provider's name. @@ -35,7 +37,7 @@ def initialize(connection) # session_jwt:: # The `session_jwt` associated with a User's existing Session. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -48,7 +50,7 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def attach( - provider:, + provider: , user_id: nil, session_token: nil, session_jwt: nil @@ -57,35 +59,35 @@ def attach( request = { provider: provider } - request[:user_id] = user_id unless user_id.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? + request[:user_id] = user_id if user_id != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil - post_request('/v1/oauth/attach', request, headers) + post_request("/v1/oauth/attach", request, headers) end # Authenticate a User given a `token`. This endpoint verifies that the user completed the OAuth flow by verifying that the token is valid and hasn't expired. To initiate a Stytch session for the user while authenticating their OAuth token, include `session_duration_minutes`; a session with the identity provider, e.g. Google or Facebook, will always be initiated upon successful authentication. - # + # # == Parameters: # token:: # The OAuth `token` from the `?token=` query parameter in the URL. - # + # # The redirect URL will look like `https://example.com/authenticate?stytch_token_type=oauth&token=rM_kw42CWBhsHLF62V75jELMbvJ87njMe3tFVj7Qupu7` - # + # # In the redirect URL, the `stytch_token_type` will be `oauth`. See [here](https://stytch.com/docs/guides/dashboard/redirect-urls) for more detail. # The type of this field is +String+. # session_token:: # Reuse an existing session instead of creating a new one. If you provide us with a `session_token`, then we'll update the session represented by this session token with this OAuth factor. If this `session_token` belongs to a different user than the OAuth token, the session_jwt will be ignored. This endpoint will error if both `session_token` and `session_jwt` are provided. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. # The type of this field is nilable +Integer+. # session_jwt:: @@ -93,13 +95,13 @@ def attach( # The type of this field is nilable +String+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. # code_verifier:: # A base64url encoded one time secret used to validate that the request starts and ends on the same device. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -122,7 +124,7 @@ def attach( # The type of this field is +String+. # provider_values:: # The `provider_values` object lists relevant identifiers, values, and scopes for a given OAuth provider. For example this object will include a provider's `access_token` that you can use to access the provider's API for a given user. - # + # # Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only returned by OIDC compliant identity providers. # The type of this field is +ProviderValues+ (+object+). # user:: @@ -139,12 +141,12 @@ def attach( # The type of this field is +Integer+. # user_session:: # A `Session` object. For backwards compatibility reasons, the session from an OAuth authenticate call is labeled as `user_session`, but is otherwise just a standard stytch `Session` object. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is nilable +Session+ (+object+). def authenticate( - token:, + token: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -155,13 +157,16 @@ def authenticate( request = { token: token } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:code_verifier] = code_verifier unless code_verifier.nil? + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:code_verifier] = code_verifier if code_verifier != nil - post_request('/v1/oauth/authenticate', request, headers) + post_request("/v1/oauth/authenticate", request, headers) end + + + end -end +end \ No newline at end of file diff --git a/lib/stytch/otps.rb b/lib/stytch/otps.rb index 6b3bd29..ffcb254 100644 --- a/lib/stytch/otps.rb +++ b/lib/stytch/otps.rb @@ -9,6 +9,7 @@ require_relative 'request_helper' module Stytch + class OTPs include Stytch::RequestHelper attr_reader :sms, :whatsapp, :email @@ -22,7 +23,7 @@ def initialize(connection) end # Authenticate a User given a `method_id` (the associated `email_id` or `phone_id`) and a `code`. This endpoint verifies that the code is valid, hasn't expired or been previously used, and any optional security settings such as IP match or user agent match are satisfied. A given `method_id` may only have a single active OTP code at any given time, if a User requests another OTP code before the first one has expired, the first one will be invalidated. - # + # # == Parameters: # method_id:: # The `email_id` or `phone_id` involved in the given authentication. @@ -40,14 +41,14 @@ def initialize(connection) # The `session_token` associated with a User's existing Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. # The type of this field is nilable +Integer+. # session_jwt:: @@ -55,10 +56,10 @@ def initialize(connection) # The type of this field is nilable +String+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -87,13 +88,13 @@ def initialize(connection) # The type of this field is +Integer+. # session:: # If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is nilable +Session+ (+object+). def authenticate( - method_id:, - code:, + method_id: , + code: , attributes: nil, options: nil, session_token: nil, @@ -106,42 +107,45 @@ def authenticate( method_id: method_id, code: code } - request[:attributes] = attributes unless attributes.nil? - request[:options] = options unless options.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - - post_request('/v1/otps/authenticate', request, headers) + request[:attributes] = attributes if attributes != nil + request[:options] = options if options != nil + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + + post_request("/v1/otps/authenticate", request, headers) end + + class Sms include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Send a one-time passcode (OTP) to a user's phone number. If you'd like to create a user and send them a passcode with one request, use our [log in or create](https://stytch.com/docs/api/log-in-or-create-user-by-sms) endpoint. - # + # # Note that sending another OTP code before the first has expired will invalidate the first code. - # + # # ### Cost to send SMS OTP # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview). - # + # # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS). - # + # # Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries). - # + # # ### Add a phone number to an existing user - # + # # This endpoint also allows you to add a new phone number to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in your Send one-time passcode by SMS request will add the new, unverified phone number to the existing Stytch User. If the user successfully authenticates within 5 minutes, the new phone number will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that phone number will create a new User. - # + # # ### Next steps - # + # # Collect the OTP which was delivered to the user. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`. - # + # # == Parameters: # phone_number:: # The phone number to use for one-time passcodes. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX). You may use +10000000000 to test this endpoint, see [Testing](https://stytch.com/docs/home#resources_testing) for more detail. @@ -154,11 +158,11 @@ def initialize(connection) # The type of this field is nilable +Attributes+ (+object+). # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +SendRequestLocale+ (string enum). # user_id:: # The unique ID of a specific User. @@ -169,7 +173,7 @@ def initialize(connection) # session_jwt:: # The `session_jwt` associated with a User's existing Session. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -185,7 +189,7 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def send( - phone_number:, + phone_number: , expiration_minutes: nil, attributes: nil, locale: nil, @@ -197,29 +201,29 @@ def send( request = { phone_number: phone_number } - request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil? - request[:attributes] = attributes unless attributes.nil? - request[:locale] = locale unless locale.nil? - request[:user_id] = user_id unless user_id.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - - post_request('/v1/otps/sms/send', request, headers) + request[:expiration_minutes] = expiration_minutes if expiration_minutes != nil + request[:attributes] = attributes if attributes != nil + request[:locale] = locale if locale != nil + request[:user_id] = user_id if user_id != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil + + post_request("/v1/otps/sms/send", request, headers) end # Send a One-Time Passcode (OTP) to a User using their phone number. If the phone number is not associated with a user already, a user will be created. - # + # # ### Cost to send SMS OTP # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview). - # + # # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [support@stytch.com](mailto:support@stytch.com?subject=Enable%20international%20SMS). - # + # # Even when international SMS is enabled, we do not support sending SMS to countries on our [Unsupported countries list](https://stytch.com/docs/guides/passcodes/unsupported-countries). - # + # # ### Next steps - # + # # Collect the OTP which was delivered to the User. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`. - # + # # == Parameters: # phone_number:: # The phone number to use for one-time passcodes. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX). You may use +10000000000 to test this endpoint, see [Testing](https://stytch.com/docs/home#resources_testing) for more detail. @@ -239,13 +243,13 @@ def send( # The type of this field is nilable +Boolean+. # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +LoginOrCreateRequestLocale+ (string enum). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -264,7 +268,7 @@ def send( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def login_or_create( - phone_number:, + phone_number: , expiration_minutes: nil, attributes: nil, create_user_as_pending: nil, @@ -274,37 +278,40 @@ def login_or_create( request = { phone_number: phone_number } - request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil? - request[:attributes] = attributes unless attributes.nil? - request[:create_user_as_pending] = create_user_as_pending unless create_user_as_pending.nil? - request[:locale] = locale unless locale.nil? + request[:expiration_minutes] = expiration_minutes if expiration_minutes != nil + request[:attributes] = attributes if attributes != nil + request[:create_user_as_pending] = create_user_as_pending if create_user_as_pending != nil + request[:locale] = locale if locale != nil - post_request('/v1/otps/sms/login_or_create', request, headers) + post_request("/v1/otps/sms/login_or_create", request, headers) end - end + + + end class Whatsapp include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Send a One-Time Passcode (OTP) to a User's WhatsApp. If you'd like to create a user and send them a passcode with one request, use our [log in or create](https://stytch.com/docs/api/whatsapp-login-or-create) endpoint. - # + # # Note that sending another OTP code before the first has expired will invalidate the first code. - # + # # ### Cost to send SMS OTP # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview). - # + # # ### Add a phone number to an existing user - # + # # This endpoint also allows you to add a new phone number to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in your Send one-time passcode by WhatsApp request will add the new, unverified phone number to the existing Stytch User. If the user successfully authenticates within 5 minutes, the new phone number will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that phone number will create a new User. - # + # # ### Next steps - # + # # Collect the OTP which was delivered to the user. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`. - # + # # == Parameters: # phone_number:: # The phone number to use for one-time passcodes. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX). You may use +10000000000 to test this endpoint, see [Testing](https://stytch.com/docs/home#resources_testing) for more detail. @@ -317,11 +324,11 @@ def initialize(connection) # The type of this field is nilable +Attributes+ (+object+). # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +SendRequestLocale+ (string enum). # user_id:: # The unique ID of a specific User. @@ -332,7 +339,7 @@ def initialize(connection) # session_jwt:: # The `session_jwt` associated with a User's existing Session. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -348,7 +355,7 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def send( - phone_number:, + phone_number: , expiration_minutes: nil, attributes: nil, locale: nil, @@ -360,25 +367,25 @@ def send( request = { phone_number: phone_number } - request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil? - request[:attributes] = attributes unless attributes.nil? - request[:locale] = locale unless locale.nil? - request[:user_id] = user_id unless user_id.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - - post_request('/v1/otps/whatsapp/send', request, headers) + request[:expiration_minutes] = expiration_minutes if expiration_minutes != nil + request[:attributes] = attributes if attributes != nil + request[:locale] = locale if locale != nil + request[:user_id] = user_id if user_id != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil + + post_request("/v1/otps/whatsapp/send", request, headers) end # Send a one-time passcode (OTP) to a User's WhatsApp using their phone number. If the phone number is not associated with a User already, a User will be created. - # + # # ### Cost to send SMS OTP # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview). - # + # # ### Next steps - # + # # Collect the OTP which was delivered to the User. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`. - # + # # == Parameters: # phone_number:: # The phone number to use for one-time passcodes. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX). You may use +10000000000 to test this endpoint, see [Testing](https://stytch.com/docs/home#resources_testing) for more detail. @@ -398,13 +405,13 @@ def send( # The type of this field is nilable +Boolean+. # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +LoginOrCreateRequestLocale+ (string enum). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -423,7 +430,7 @@ def send( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def login_or_create( - phone_number:, + phone_number: , expiration_minutes: nil, attributes: nil, create_user_as_pending: nil, @@ -433,30 +440,33 @@ def login_or_create( request = { phone_number: phone_number } - request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil? - request[:attributes] = attributes unless attributes.nil? - request[:create_user_as_pending] = create_user_as_pending unless create_user_as_pending.nil? - request[:locale] = locale unless locale.nil? + request[:expiration_minutes] = expiration_minutes if expiration_minutes != nil + request[:attributes] = attributes if attributes != nil + request[:create_user_as_pending] = create_user_as_pending if create_user_as_pending != nil + request[:locale] = locale if locale != nil - post_request('/v1/otps/whatsapp/login_or_create', request, headers) + post_request("/v1/otps/whatsapp/login_or_create", request, headers) end - end + + + end class Email include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Send a One-Time Passcode (OTP) to a User using their email. If you'd like to create a user and send them a passcode with one request, use our [log in or create endpoint](https://stytch.com/docs/api/log-in-or-create-user-by-email-otp). - # + # # ### Add an email to an existing user # This endpoint also allows you to add a new email address to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in your Send one-time passcode by email request will add the new, unverified email address to the existing Stytch User. If the user successfully authenticates within 5 minutes, the new email address will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that email address will create a new User. - # + # # ### Next steps # Collect the OTP which was delivered to the user. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `email_id` found in the response as the `method_id`. - # + # # == Parameters: # email:: # The email address of the user to send the one-time passcode to. You may use sandbox@stytch.com to test this endpoint, see [Testing](https://stytch.com/docs/home#resources_testing) for more detail. @@ -469,11 +479,11 @@ def initialize(connection) # The type of this field is nilable +Attributes+ (+object+). # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +SendRequestLocale+ (string enum). # user_id:: # The unique ID of a specific User. @@ -490,7 +500,7 @@ def initialize(connection) # signup_template_id:: # Use a custom template for sign-up emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Sign-up. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -506,7 +516,7 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def send( - email:, + email: , expiration_minutes: nil, attributes: nil, locale: nil, @@ -520,24 +530,24 @@ def send( request = { email: email } - request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil? - request[:attributes] = attributes unless attributes.nil? - request[:locale] = locale unless locale.nil? - request[:user_id] = user_id unless user_id.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:login_template_id] = login_template_id unless login_template_id.nil? - request[:signup_template_id] = signup_template_id unless signup_template_id.nil? - - post_request('/v1/otps/email/send', request, headers) + request[:expiration_minutes] = expiration_minutes if expiration_minutes != nil + request[:attributes] = attributes if attributes != nil + request[:locale] = locale if locale != nil + request[:user_id] = user_id if user_id != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:login_template_id] = login_template_id if login_template_id != nil + request[:signup_template_id] = signup_template_id if signup_template_id != nil + + post_request("/v1/otps/email/send", request, headers) end # Send a one-time passcode (OTP) to a User using their email. If the email is not associated with a User already, a User will be created. - # + # # ### Next steps - # + # # Collect the OTP which was delivered to the User. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`. - # + # # == Parameters: # email:: # The email address of the user to send the one-time passcode to. You may use sandbox@stytch.com to test this endpoint, see [Testing](https://stytch.com/docs/home#resources_testing) for more detail. @@ -557,11 +567,11 @@ def send( # The type of this field is nilable +Boolean+. # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +LoginOrCreateRequestLocale+ (string enum). # login_template_id:: # Use a custom template for login emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Login. @@ -569,7 +579,7 @@ def send( # signup_template_id:: # Use a custom template for sign-up emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic links - Sign-up. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -588,7 +598,7 @@ def send( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def login_or_create( - email:, + email: , expiration_minutes: nil, attributes: nil, create_user_as_pending: nil, @@ -600,15 +610,18 @@ def login_or_create( request = { email: email } - request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil? - request[:attributes] = attributes unless attributes.nil? - request[:create_user_as_pending] = create_user_as_pending unless create_user_as_pending.nil? - request[:locale] = locale unless locale.nil? - request[:login_template_id] = login_template_id unless login_template_id.nil? - request[:signup_template_id] = signup_template_id unless signup_template_id.nil? - - post_request('/v1/otps/email/login_or_create', request, headers) + request[:expiration_minutes] = expiration_minutes if expiration_minutes != nil + request[:attributes] = attributes if attributes != nil + request[:create_user_as_pending] = create_user_as_pending if create_user_as_pending != nil + request[:locale] = locale if locale != nil + request[:login_template_id] = login_template_id if login_template_id != nil + request[:signup_template_id] = signup_template_id if signup_template_id != nil + + post_request("/v1/otps/email/login_or_create", request, headers) end + + + end end -end +end \ No newline at end of file diff --git a/lib/stytch/passwords.rb b/lib/stytch/passwords.rb index f1e68bc..616b04d 100644 --- a/lib/stytch/passwords.rb +++ b/lib/stytch/passwords.rb @@ -9,6 +9,7 @@ require_relative 'request_helper' module Stytch + class Passwords include Stytch::RequestHelper attr_reader :email, :existing_password, :sessions @@ -22,13 +23,13 @@ def initialize(connection) end # Create a new user with a password. If `session_duration_minutes` is specified, a new session will be started as well. - # + # # If a user with this email already exists in your Stytch project, this endpoint will return a `duplicate_email` error. To add a password to an existing passwordless user, you'll need to either call the [Migrate password endpoint](https://stytch.com/docs/api/password-migrate) or prompt the user to complete one of our password reset flows. - # + # # This endpoint will return an error if the password provided does not meet our strength requirements, which you can check beforehand via the [Password strength check endpoint](https://stytch.com/docs/api/password-strength-check). - # + # # When creating new Passwords users, it's good practice to enforce an email verification flow. We'd recommend checking out our [Email verification guide](https://stytch.com/docs/guides/passwords/email-verification/overview) for more information. - # + # # == Parameters: # email:: # The email address of the end user. @@ -37,19 +38,19 @@ def initialize(connection) # The password of the user # The type of this field is +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. # The type of this field is nilable +Integer+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. # trusted_metadata:: @@ -61,7 +62,7 @@ def initialize(connection) # name:: # The name of the user. Each field in the name object is optional. # The type of this field is nilable +Name+ (+object+). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -87,13 +88,13 @@ def initialize(connection) # The type of this field is +Integer+. # session:: # If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is nilable +Session+ (+object+). def create( - email:, - password:, + email: , + password: , session_duration_minutes: nil, session_custom_claims: nil, trusted_metadata: nil, @@ -105,23 +106,23 @@ def create( email: email, password: password } - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? - request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil? - request[:name] = name unless name.nil? + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:trusted_metadata] = trusted_metadata if trusted_metadata != nil + request[:untrusted_metadata] = untrusted_metadata if untrusted_metadata != nil + request[:name] = name if name != nil - post_request('/v1/passwords', request, headers) + post_request("/v1/passwords", request, headers) end # Authenticate a user with their email address and password. This endpoint verifies that the user has a password currently set, and that the entered password is correct. There are two instances where the endpoint will return a `reset_password` error even if they enter their previous password: - # + # # **One:** The user’s credentials appeared in the HaveIBeenPwned dataset. We force a password reset to ensure that the user is the legitimate owner of the email address, and not a malicious actor abusing the compromised credentials. - # - # **Two:** A user that has previously authenticated with email/password uses a passwordless authentication method tied to the same email address (e.g. Magic Links, Google OAuth) for the first time. Any subsequent email/password authentication attempt will result in this error. We force a password reset in this instance in order to safely deduplicate the account by email address, without introducing the risk of a pre-hijack account takeover attack. - # + # + # **Two:** A user that has previously authenticated with email/password uses a passwordless authentication method tied to the same email address (e.g. Magic Links, Google OAuth) for the first time. Any subsequent email/password authentication attempt will result in this error. We force a password reset in this instance in order to safely deduplicate the account by email address, without introducing the risk of a pre-hijack account takeover attack. + # # Imagine a bad actor creates many accounts using passwords and the known email addresses of their victims. If a victim comes to the site and logs in for the first time with an email-based passwordless authentication method then both the victim and the bad actor have credentials to access to the same account. To prevent this, any further email/password login attempts first require a password reset which can only be accomplished by someone with access to the underlying email address. - # + # # == Parameters: # email:: # The email address of the end user. @@ -133,14 +134,14 @@ def create( # The `session_token` associated with a User's existing Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. # The type of this field is nilable +Integer+. # session_jwt:: @@ -148,10 +149,10 @@ def create( # The type of this field is nilable +String+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -174,13 +175,13 @@ def create( # The type of this field is +Integer+. # session:: # If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is nilable +Session+ (+object+). def authenticate( - email:, - password:, + email: , + password: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -191,27 +192,27 @@ def authenticate( email: email, password: password } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil - post_request('/v1/passwords/authenticate', request, headers) + post_request("/v1/passwords/authenticate", request, headers) end # This API allows you to check whether or not the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password. - # + # # This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config). - # - # + # + # # ### Password feedback - # + # # The `feedback` object contains relevant fields for you to relay feedback to users that failed to create a strong enough password. - # + # # If you're using zxcvbn, the `feedback` object will contain `warning` and `suggestions` for any password that does not meet the zxcvbn strength requirements. You can return these strings directly to the user to help them craft a strong password. - # + # # If you're using LUDS, the `feedback` object will contain an object named `luds_requirements` which contain a collection of fields that the user failed or passed. You'll want to prompt the user to create a password that meets all of the requirements that they failed. - # + # # == Parameters: # password:: # The password of the user @@ -219,7 +220,7 @@ def authenticate( # email:: # The email address of the end user. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -247,20 +248,20 @@ def authenticate( # Feedback for how to improve the password's strength [HaveIBeenPwned](https://haveibeenpwned.com/). # The type of this field is nilable +Feedback+ (+object+). def strength_check( - password:, + password: , email: nil ) headers = {} request = { password: password } - request[:email] = email unless email.nil? + request[:email] = email if email != nil - post_request('/v1/passwords/strength_check', request, headers) + post_request("/v1/passwords/strength_check", request, headers) end # Adds an existing password to a User's email that doesn't have a password yet. We support migrating users from passwords stored with `bcrypt`, `scrypt`, `argon2`, `MD-5`, `SHA-1`, or `PBKDF2`. This endpoint has a rate limit of 100 requests per second. - # + # # == Parameters: # email:: # The email address of the end user. @@ -293,14 +294,14 @@ def strength_check( # The `untrusted_metadata` field contains an arbitrary JSON object of application-specific data. Untrusted metadata can be edited by end users directly via the SDK, and **cannot be used to store critical information.** See the [Metadata](https://stytch.com/docs/api/metadata) reference for complete field behavior details. # The type of this field is nilable +object+. # set_email_verified:: - # Whether to set the user's email as verified. This is a dangerous field. Incorrect use may lead to users getting erroneously + # Whether to set the user's email as verified. This is a dangerous field. Incorrect use may lead to users getting erroneously # deduplicated into one user object. This flag should only be set if you can attest that the user owns the email address in question. # Access to this field is restricted. To enable it, please send us a note at support@stytch.com. # The type of this field is nilable +Boolean+. # name:: # The name of the user. Each field in the name object is optional. # The type of this field is nilable +Name+ (+object+). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -322,9 +323,9 @@ def strength_check( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def migrate( - email:, - hash:, - hash_type:, + email: , + hash: , + hash_type: , md_5_config: nil, argon_2_config: nil, sha_1_config: nil, @@ -341,41 +342,44 @@ def migrate( hash: hash, hash_type: hash_type } - request[:md_5_config] = md_5_config unless md_5_config.nil? - request[:argon_2_config] = argon_2_config unless argon_2_config.nil? - request[:sha_1_config] = sha_1_config unless sha_1_config.nil? - request[:scrypt_config] = scrypt_config unless scrypt_config.nil? - request[:pbkdf_2_config] = pbkdf_2_config unless pbkdf_2_config.nil? - request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? - request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil? - request[:set_email_verified] = set_email_verified unless set_email_verified.nil? - request[:name] = name unless name.nil? - - post_request('/v1/passwords/migrate', request, headers) + request[:md_5_config] = md_5_config if md_5_config != nil + request[:argon_2_config] = argon_2_config if argon_2_config != nil + request[:sha_1_config] = sha_1_config if sha_1_config != nil + request[:scrypt_config] = scrypt_config if scrypt_config != nil + request[:pbkdf_2_config] = pbkdf_2_config if pbkdf_2_config != nil + request[:trusted_metadata] = trusted_metadata if trusted_metadata != nil + request[:untrusted_metadata] = untrusted_metadata if untrusted_metadata != nil + request[:set_email_verified] = set_email_verified if set_email_verified != nil + request[:name] = name if name != nil + + post_request("/v1/passwords/migrate", request, headers) end + + class Email include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Initiates a password reset for the email address provided. This will trigger an email to be sent to the address, containing a magic link that will allow them to set a new password and authenticate. - # + # # == Parameters: # email:: # The email of the User that requested the password reset. # The type of this field is +String+. # reset_password_redirect_url:: - # The url that the user clicks from the password reset email to finish the reset password flow. - # This should be a url that your app receives and parses before showing your app's reset password page. - # After the user submits a new password to your app, it should send an API request to complete the password reset process. - # If this value is not passed, the default reset password redirect URL that you set in your Dashboard is used. + # The url that the user clicks from the password reset email to finish the reset password flow. + # This should be a url that your app receives and parses before showing your app's reset password page. + # After the user submits a new password to your app, it should send an API request to complete the password reset process. + # If this value is not passed, the default reset password redirect URL that you set in your Dashboard is used. # If you have not set a default reset password redirect URL, an error is returned. # The type of this field is nilable +String+. # reset_password_expiration_minutes:: - # Set the expiration for the password reset, in minutes. By default, it expires in 30 minutes. + # Set the expiration for the password reset, in minutes. By default, it expires in 30 minutes. # The minimum expiration is 5 minutes and the maximum is 7 days (10080 mins). # The type of this field is nilable +Integer+. # code_challenge:: @@ -386,22 +390,22 @@ def initialize(connection) # The type of this field is nilable +Attributes+ (+object+). # login_redirect_url:: # The URL Stytch redirects to after the OAuth flow is completed for a user that already exists. This URL should be a route in your application which will run `oauth.authenticate` (see below) and finish the login. - # + # # The URL must be configured as a Login URL in the [Redirect URL page](/dashboard/redirect-urls). If the field is not specified, the default Login URL will be used. # The type of this field is nilable +String+. # locale:: # Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. - # + # # Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. - # + # # Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - # + # # The type of this field is nilable +ResetStartRequestLocale+ (string enum). # reset_password_template_id:: - # Use a custom template for password reset emails. By default, it will use your default email template. + # Use a custom template for password reset emails. By default, it will use your default email template. # The template must be a template using our built-in customizations or a custom HTML email for Passwords - Password reset. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -417,7 +421,7 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def reset_start( - email:, + email: , reset_password_redirect_url: nil, reset_password_expiration_minutes: nil, code_challenge: nil, @@ -430,29 +434,29 @@ def reset_start( request = { email: email } - request[:reset_password_redirect_url] = reset_password_redirect_url unless reset_password_redirect_url.nil? - request[:reset_password_expiration_minutes] = reset_password_expiration_minutes unless reset_password_expiration_minutes.nil? - request[:code_challenge] = code_challenge unless code_challenge.nil? - request[:attributes] = attributes unless attributes.nil? - request[:login_redirect_url] = login_redirect_url unless login_redirect_url.nil? - request[:locale] = locale unless locale.nil? - request[:reset_password_template_id] = reset_password_template_id unless reset_password_template_id.nil? - - post_request('/v1/passwords/email/reset/start', request, headers) + request[:reset_password_redirect_url] = reset_password_redirect_url if reset_password_redirect_url != nil + request[:reset_password_expiration_minutes] = reset_password_expiration_minutes if reset_password_expiration_minutes != nil + request[:code_challenge] = code_challenge if code_challenge != nil + request[:attributes] = attributes if attributes != nil + request[:login_redirect_url] = login_redirect_url if login_redirect_url != nil + request[:locale] = locale if locale != nil + request[:reset_password_template_id] = reset_password_template_id if reset_password_template_id != nil + + post_request("/v1/passwords/email/reset/start", request, headers) end # Reset the user’s password and authenticate them. This endpoint checks that the magic link `token` is valid, hasn’t expired, or already been used – and can optionally require additional security settings, such as the IP address and user agent matching the initial reset request. - # + # # The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated. - # + # # Note that a successful password reset by email will revoke all active sessions for the `user_id`. - # + # # == Parameters: # token:: # The Passwords `token` from the `?token=` query parameter in the URL. - # + # # In the redirect URL, the `stytch_token_type` will be `login` or `reset_password`. - # + # # See examples and read more about redirect URLs [here](https://stytch.com/docs/guides/dashboard/redirect-urls). # The type of this field is +String+. # password:: @@ -462,14 +466,14 @@ def reset_start( # The `session_token` associated with a User's existing Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. # The type of this field is nilable +Integer+. # session_jwt:: @@ -480,7 +484,7 @@ def reset_start( # The type of this field is nilable +String+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. # attributes:: @@ -489,7 +493,7 @@ def reset_start( # options:: # Specify optional security settings. # The type of this field is nilable +Options+ (+object+). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -512,13 +516,13 @@ def reset_start( # The type of this field is +Integer+. # session:: # If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is nilable +Session+ (+object+). def reset( - token:, - password:, + token: , + password: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -532,29 +536,32 @@ def reset( token: token, password: password } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:code_verifier] = code_verifier unless code_verifier.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? - request[:attributes] = attributes unless attributes.nil? - request[:options] = options unless options.nil? - - post_request('/v1/passwords/email/reset', request, headers) + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:code_verifier] = code_verifier if code_verifier != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil + request[:attributes] = attributes if attributes != nil + request[:options] = options if options != nil + + post_request("/v1/passwords/email/reset", request, headers) end - end + + + end class ExistingPassword include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Reset the User’s password using their existing password. - # + # # Note that a successful password reset via an existing password will revoke all active sessions for the `user_id`. - # + # # == Parameters: # email:: # The email address of the end user. @@ -569,14 +576,14 @@ def initialize(connection) # The `session_token` associated with a User's existing Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. # The type of this field is nilable +Integer+. # session_jwt:: @@ -584,10 +591,10 @@ def initialize(connection) # The type of this field is nilable +String+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -610,14 +617,14 @@ def initialize(connection) # The type of this field is +Integer+. # session:: # If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is nilable +Session+ (+object+). def reset( - email:, - existing_password:, - new_password:, + email: , + existing_password: , + new_password: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -629,26 +636,29 @@ def reset( existing_password: existing_password, new_password: new_password } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil - post_request('/v1/passwords/existing_password/reset', request, headers) + post_request("/v1/passwords/existing_password/reset", request, headers) end - end + + + end class Sessions include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Reset the user’s password using their existing session. The endpoint will error if the session does not have a password, email magic link, or email OTP authentication factor that has been issued within the last 5 minutes. This endpoint requires either a `session_jwt` or `session_token` be included in the request. - # + # # Note that a successful password reset via an existing session will revoke all active sessions for the `user_id`, except for the one used during the reset flow. - # + # # == Parameters: # password:: # The password of the user @@ -660,22 +670,22 @@ def initialize(connection) # The `session_jwt` associated with a User's existing Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. # The type of this field is nilable +Integer+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -698,12 +708,12 @@ def initialize(connection) # The type of this field is +Integer+. # session:: # If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is nilable +Session+ (+object+). def reset( - password:, + password: , session_token: nil, session_jwt: nil, session_duration_minutes: nil, @@ -713,13 +723,16 @@ def reset( request = { password: password } - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil - post_request('/v1/passwords/session/reset', request, headers) + post_request("/v1/passwords/session/reset", request, headers) end + + + end end -end +end \ No newline at end of file diff --git a/lib/stytch/project.rb b/lib/stytch/project.rb index e64b5b3..1709cb3 100644 --- a/lib/stytch/project.rb +++ b/lib/stytch/project.rb @@ -9,18 +9,25 @@ require_relative 'request_helper' module Stytch + class Project include Stytch::RequestHelper def initialize(connection) @connection = connection + end - def metrics + def metrics( + ) headers = {} - query_params = {} - request = request_with_query_params('/v1/projects/metrics', query_params) + query_params = { + } + request = request_with_query_params("/v1/projects/metrics", query_params) get_request(request, headers) end + + + end -end +end \ No newline at end of file diff --git a/lib/stytch/sessions.rb b/lib/stytch/sessions.rb index 3b92f14..577ac1c 100644 --- a/lib/stytch/sessions.rb +++ b/lib/stytch/sessions.rb @@ -12,6 +12,7 @@ require_relative 'request_helper' module Stytch + class Sessions include Stytch::RequestHelper @@ -34,12 +35,12 @@ def initialize(connection, project_id) end # List all active Sessions for a given `user_id`. All timestamps are formatted according to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. - # + # # == Parameters: # user_id:: # The `user_id` to get active Sessions for. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -52,18 +53,18 @@ def initialize(connection, project_id) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def get( - user_id: + user_id: ) headers = {} query_params = { user_id: user_id } - request = request_with_query_params('/v1/sessions', query_params) + request = request_with_query_params("/v1/sessions", query_params) get_request(request, headers) end # Authenticate a session token and retrieve associated session data. If `session_duration_minutes` is included, update the lifetime of the session to be that many minutes from now. All timestamps are formatted according to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. This endpoint requires exactly one `session_jwt` or `session_token` as part of the request. If both are included you will receive a `too_many_session_arguments` error. - # + # # == Parameters: # session_token:: # The session token to authenticate. @@ -76,10 +77,10 @@ def get( # The type of this field is nilable +String+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -87,9 +88,9 @@ def get( # The type of this field is +String+. # session:: # If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is +Session+ (+object+). # session_token:: # A secret token for a given Stytch Session. @@ -110,17 +111,18 @@ def authenticate( session_custom_claims: nil ) headers = {} - request = {} - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? + request = { + } + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil - post_request('/v1/sessions/authenticate', request, headers) + post_request("/v1/sessions/authenticate", request, headers) end # Revoke a Session, immediately invalidating all of its session tokens. You can revoke a session in three ways: using its ID, or using one of its session tokens, or one of its JWTs. This endpoint requires exactly one of those to be included in the request. It will return an error if multiple are present. - # + # # == Parameters: # session_id:: # The `session_id` to revoke. @@ -131,7 +133,7 @@ def authenticate( # session_jwt:: # A JWT for the session to revoke. # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -146,29 +148,30 @@ def revoke( session_jwt: nil ) headers = {} - request = {} - request[:session_id] = session_id unless session_id.nil? - request[:session_token] = session_token unless session_token.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? + request = { + } + request[:session_id] = session_id if session_id != nil + request[:session_token] = session_token if session_token != nil + request[:session_jwt] = session_jwt if session_jwt != nil - post_request('/v1/sessions/revoke', request, headers) + post_request("/v1/sessions/revoke", request, headers) end # Get the JSON Web Key Set (JWKS) for a project. - # - # JWKS are rotated every ~6 months. Upon rotation, new JWTs will be signed using the new key set, and both key sets will be returned by this endpoint for a period of 1 month. - # - # JWTs have a set lifetime of 5 minutes, so there will be a 5 minute period where some JWTs will be signed by the old JWKS, and some JWTs will be signed by the new JWKS. The correct JWKS to use for validation is determined by matching the `kid` value of the JWT and JWKS. - # + # + # JWKS are rotated every ~6 months. Upon rotation, new JWTs will be signed using the new key set, and both key sets will be returned by this endpoint for a period of 1 month. + # + # JWTs have a set lifetime of 5 minutes, so there will be a 5 minute period where some JWTs will be signed by the old JWKS, and some JWTs will be signed by the new JWKS. The correct JWKS to use for validation is determined by matching the `kid` value of the JWT and JWKS. + # # If you're using one of our [backend SDKs](https://stytch.com/docs/sdks), the JWKS roll will be handled for you. - # + # # If you're using your own JWT validation library, many have built-in support for JWKS rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWKS to use for validation by inspecting the `kid` value. - # + # # == Parameters: # project_id:: # The `project_id` to get the JWKS for. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # keys:: @@ -181,14 +184,16 @@ def revoke( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def get_jwks( - project_id: + project_id: ) headers = {} - query_params = {} + query_params = { + } request = request_with_query_params("/v1/sessions/jwks/#{project_id}", query_params) get_request(request, headers) end + # MANUAL(Sessions::authenticate_jwt)(SERVICE_METHOD) # ADDIMPORT: require 'jwt' # ADDIMPORT: require 'json/jwt' @@ -286,5 +291,7 @@ def marshal_jwt_into_session(jwt) } end # ENDMANUAL(Sessions::authenticate_jwt) + + end -end +end \ No newline at end of file diff --git a/lib/stytch/totps.rb b/lib/stytch/totps.rb index 3dea80d..795c70e 100644 --- a/lib/stytch/totps.rb +++ b/lib/stytch/totps.rb @@ -9,15 +9,17 @@ require_relative 'request_helper' module Stytch + class TOTPs include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Create a new TOTP instance for a user. The user can use the authenticator application of their choice to scan the QR code or enter the secret. - # + # # == Parameters: # user_id:: # The `user_id` of an active user the TOTP registration should be tied to. @@ -25,7 +27,7 @@ def initialize(connection) # expiration_minutes:: # The expiration for the TOTP instance. If the newly created TOTP is not authenticated within this time frame the TOTP will be unusable. Defaults to 1440 (1 day) with a minimum of 5 and a maximum of 1440. # The type of this field is nilable +Integer+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -53,20 +55,20 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def create( - user_id:, + user_id: , expiration_minutes: nil ) headers = {} request = { user_id: user_id } - request[:expiration_minutes] = expiration_minutes unless expiration_minutes.nil? + request[:expiration_minutes] = expiration_minutes if expiration_minutes != nil - post_request('/v1/totps', request, headers) + post_request("/v1/totps", request, headers) end # Authenticate a TOTP code entered by a user. - # + # # == Parameters: # user_id:: # The `user_id` of an active user the TOTP registration should be tied to. @@ -78,14 +80,14 @@ def create( # The `session_token` associated with a User's existing Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. # The type of this field is nilable +Integer+. # session_jwt:: @@ -93,10 +95,10 @@ def create( # The type of this field is nilable +String+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -122,13 +124,13 @@ def create( # The type of this field is +Integer+. # session:: # If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is nilable +Session+ (+object+). def authenticate( - user_id:, - totp_code:, + user_id: , + totp_code: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -139,21 +141,21 @@ def authenticate( user_id: user_id, totp_code: totp_code } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil - post_request('/v1/totps/authenticate', request, headers) + post_request("/v1/totps/authenticate", request, headers) end # Retrieve the recovery codes for a TOTP instance tied to a User. - # + # # == Parameters: # user_id:: # The `user_id` of an active user the TOTP registration should be tied to. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -169,18 +171,18 @@ def authenticate( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def recovery_codes( - user_id: + user_id: ) headers = {} request = { user_id: user_id } - post_request('/v1/totps/recovery_codes', request, headers) + post_request("/v1/totps/recovery_codes", request, headers) end # Authenticate a recovery code for a TOTP instance. - # + # # == Parameters: # user_id:: # The `user_id` of an active user the TOTP registration should be tied to. @@ -192,14 +194,14 @@ def recovery_codes( # The `session_token` associated with a User's existing Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. # The type of this field is nilable +Integer+. # session_jwt:: @@ -207,10 +209,10 @@ def recovery_codes( # The type of this field is nilable +String+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -236,13 +238,13 @@ def recovery_codes( # The type of this field is +Integer+. # session:: # If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is nilable +Session+ (+object+). def recover( - user_id:, - recovery_code:, + user_id: , + recovery_code: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -253,12 +255,15 @@ def recover( user_id: user_id, recovery_code: recovery_code } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil - post_request('/v1/totps/recover', request, headers) + post_request("/v1/totps/recover", request, headers) end + + + end -end +end \ No newline at end of file diff --git a/lib/stytch/users.rb b/lib/stytch/users.rb index f32fcaa..957622b 100644 --- a/lib/stytch/users.rb +++ b/lib/stytch/users.rb @@ -9,15 +9,17 @@ require_relative 'request_helper' module Stytch + class Users include Stytch::RequestHelper def initialize(connection) @connection = connection + end # Add a User to Stytch. A `user_id` is returned in the response that can then be used to perform other operations within Stytch. An `email` or a `phone_number` is required. - # + # # == Parameters: # email:: # The email address of the end user. @@ -44,7 +46,7 @@ def initialize(connection) # untrusted_metadata:: # The `untrusted_metadata` field contains an arbitrary JSON object of application-specific data. Untrusted metadata can be edited by end users directly via the SDK, and **cannot be used to store critical information.** See the [Metadata](https://stytch.com/docs/api/metadata) reference for complete field behavior details. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -78,25 +80,26 @@ def create( untrusted_metadata: nil ) headers = {} - request = {} - request[:email] = email unless email.nil? - request[:name] = name unless name.nil? - request[:attributes] = attributes unless attributes.nil? - request[:phone_number] = phone_number unless phone_number.nil? - request[:create_user_as_pending] = create_user_as_pending unless create_user_as_pending.nil? - request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? - request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil? + request = { + } + request[:email] = email if email != nil + request[:name] = name if name != nil + request[:attributes] = attributes if attributes != nil + request[:phone_number] = phone_number if phone_number != nil + request[:create_user_as_pending] = create_user_as_pending if create_user_as_pending != nil + request[:trusted_metadata] = trusted_metadata if trusted_metadata != nil + request[:untrusted_metadata] = untrusted_metadata if untrusted_metadata != nil - post_request('/v1/users', request, headers) + post_request("/v1/users", request, headers) end # Get information about a specific User. - # + # # == Parameters: # user_id:: # The unique ID of a specific User. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -148,16 +151,17 @@ def create( # The `untrusted_metadata` field contains an arbitrary JSON object of application-specific data. Untrusted metadata can be edited by end users directly via the SDK, and **cannot be used to store critical information.** See the [Metadata](https://stytch.com/docs/api/metadata) reference for complete field behavior details. # The type of this field is nilable +object+. def get( - user_id: + user_id: ) headers = {} - query_params = {} + query_params = { + } request = request_with_query_params("/v1/users/#{user_id}", query_params) get_request(request, headers) end # Search for Users within your Stytch Project. Submit an empty `query` in the request to return all Users. - # + # # == Parameters: # cursor:: # The `cursor` field allows you to paginate through your results. Each result array is limited to 1000 results. If your query returns more than 1000 results, you will need to paginate the responses using the `cursor`. If you receive a response that includes a non-null `next_cursor` in the `results_metadata` object, repeat the search call with the `next_cursor` value set to the `cursor` field to retrieve the next page of results. Continue to make search calls until the `next_cursor` in the response is null. @@ -168,7 +172,7 @@ def get( # query:: # The optional query object contains the operator, i.e. `AND` or `OR`, and the operands that will filter your results. Only an operator is required. If you include no operands, no filtering will be applied. If you include no query object, it will return all results with no filtering applied. # The type of this field is nilable +SearchUsersQuery+ (+object+). - # + # # == Returns: # An object with the following fields: # request_id:: @@ -189,18 +193,19 @@ def search( query: nil ) headers = {} - request = {} - request[:cursor] = cursor unless cursor.nil? - request[:limit] = limit unless limit.nil? - request[:query] = query unless query.nil? + request = { + } + request[:cursor] = cursor if cursor != nil + request[:limit] = limit if limit != nil + request[:query] = query if query != nil - post_request('/v1/users/search', request, headers) + post_request("/v1/users/search", request, headers) end # Update a User's attributes. - # + # # **Note:** In order to add a new email address or phone number to an existing User object, pass the new email address or phone number into the respective `/send` endpoint for the authentication method of your choice. If you specify the existing User's `user_id` while calling the `/send` endpoint, the new, unverified email address or phone number will be added to the existing User object. If the user successfully authenticates within 5 minutes of the `/send` request, the new email address or phone number will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that phone number will create a new User. We require this process to guard against an account takeover vulnerability. - # + # # == Parameters: # user_id:: # The unique ID of a specific User. @@ -217,7 +222,7 @@ def search( # untrusted_metadata:: # The `untrusted_metadata` field contains an arbitrary JSON object of application-specific data. Untrusted metadata can be edited by end users directly via the SDK, and **cannot be used to store critical information.** See the [Metadata](https://stytch.com/docs/api/metadata) reference for complete field behavior details. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -242,30 +247,31 @@ def search( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def update( - user_id:, + user_id: , name: nil, attributes: nil, trusted_metadata: nil, untrusted_metadata: nil ) headers = {} - request = {} - request[:name] = name unless name.nil? - request[:attributes] = attributes unless attributes.nil? - request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? - request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil? + request = { + } + request[:name] = name if name != nil + request[:attributes] = attributes if attributes != nil + request[:trusted_metadata] = trusted_metadata if trusted_metadata != nil + request[:untrusted_metadata] = untrusted_metadata if untrusted_metadata != nil put_request("/v1/users/#{user_id}", request, headers) end # Exchange a user's email address or phone number for another. - # + # # Must pass either an `email_address` or a `phone_number`. - # + # # This endpoint only works if the user has exactly one factor. You are able to exchange the type of factor for another as well, i.e. exchange an `email_address` for a `phone_number`. - # + # # Use this endpoint with caution as it performs an admin level action. - # + # # == Parameters: # user_id:: # The unique ID of a specific User. @@ -276,7 +282,7 @@ def update( # phone_number:: # The phone number to exchange to. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX). # The type of this field is nilable +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -292,25 +298,26 @@ def update( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def exchange_primary_factor( - user_id:, + user_id: , email_address: nil, phone_number: nil ) headers = {} - request = {} - request[:email_address] = email_address unless email_address.nil? - request[:phone_number] = phone_number unless phone_number.nil? + request = { + } + request[:email_address] = email_address if email_address != nil + request[:phone_number] = phone_number if phone_number != nil put_request("/v1/users/#{user_id}/exchange_primary_factor", request, headers) end # Delete a User from Stytch. - # + # # == Parameters: # user_id:: # The unique ID of a specific User. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -323,19 +330,19 @@ def exchange_primary_factor( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def delete( - user_id: + user_id: ) headers = {} delete_request("/v1/users/#{user_id}", headers) end # Delete an email from a User. - # + # # == Parameters: # email_id:: # The `email_id` to be deleted. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -351,19 +358,19 @@ def delete( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def delete_email( - email_id: + email_id: ) headers = {} delete_request("/v1/users/emails/#{email_id}", headers) end # Delete a phone number from a User. - # + # # == Parameters: # phone_id:: # The `phone_id` to be deleted. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -379,19 +386,19 @@ def delete_email( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def delete_phone_number( - phone_id: + phone_id: ) headers = {} delete_request("/v1/users/phone_numbers/#{phone_id}", headers) end # Delete a WebAuthn registration from a User. - # + # # == Parameters: # webauthn_registration_id:: # The `webauthn_registration_id` to be deleted. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -407,19 +414,19 @@ def delete_phone_number( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def delete_webauthn_registration( - webauthn_registration_id: + webauthn_registration_id: ) headers = {} delete_request("/v1/users/webauthn_registrations/#{webauthn_registration_id}", headers) end # Delete a biometric registration from a User. - # + # # == Parameters: # biometric_registration_id:: # The `biometric_registration_id` to be deleted. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -435,19 +442,19 @@ def delete_webauthn_registration( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def delete_biometric_registration( - biometric_registration_id: + biometric_registration_id: ) headers = {} delete_request("/v1/users/biometric_registrations/#{biometric_registration_id}", headers) end # Delete a TOTP from a User. - # + # # == Parameters: # totp_id:: # The `totp_id` to be deleted. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -463,19 +470,19 @@ def delete_biometric_registration( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def delete_totp( - totp_id: + totp_id: ) headers = {} delete_request("/v1/users/totps/#{totp_id}", headers) end # Delete a crypto wallet from a User. - # + # # == Parameters: # crypto_wallet_id:: # The `crypto_wallet_id` to be deleted. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -491,19 +498,19 @@ def delete_totp( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def delete_crypto_wallet( - crypto_wallet_id: + crypto_wallet_id: ) headers = {} delete_request("/v1/users/crypto_wallets/#{crypto_wallet_id}", headers) end # Delete a password from a User. - # + # # == Parameters: # password_id:: # The `password_id` to be deleted. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -519,19 +526,19 @@ def delete_crypto_wallet( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def delete_password( - password_id: + password_id: ) headers = {} delete_request("/v1/users/passwords/#{password_id}", headers) end # Delete an OAuth registration from a User. - # + # # == Parameters: # oauth_user_registration_id:: # The `oauth_user_registration_id` to be deleted. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -547,10 +554,13 @@ def delete_password( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def delete_oauth_registration( - oauth_user_registration_id: + oauth_user_registration_id: ) headers = {} delete_request("/v1/users/oauth/#{oauth_user_registration_id}", headers) end + + + end -end +end \ No newline at end of file diff --git a/lib/stytch/webauthn.rb b/lib/stytch/webauthn.rb index 128a07b..5df50c1 100644 --- a/lib/stytch/webauthn.rb +++ b/lib/stytch/webauthn.rb @@ -9,21 +9,23 @@ require_relative 'request_helper' module Stytch + class WebAuthn include Stytch::RequestHelper def initialize(connection) @connection = connection + end - # Initiate the process of creating a new Passkey or WebAuthn registration. - # + # Initiate the process of creating a new Passkey or WebAuthn registration. + # # To optimize for Passkeys, set the `return_passkey_credential_options` field to `true`. - # - # After calling this endpoint, the browser will need to call [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) with the data from [public_key_credential_creation_options](https://w3c.github.io/webauthn/#dictionary-makecredentialoptions) passed to the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request via the public key argument. We recommend using the `create()` wrapper provided by the webauthn-json library. - # + # + # After calling this endpoint, the browser will need to call [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) with the data from [public_key_credential_creation_options](https://w3c.github.io/webauthn/#dictionary-makecredentialoptions) passed to the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request via the public key argument. We recommend using the `create()` wrapper provided by the webauthn-json library. + # # If you are not using the [webauthn-json](https://github.com/github/webauthn-json) library, the `public_key_credential_creation_options` will need to be converted to a suitable public key by unmarshalling the JSON, base64 decoding the user ID field, and converting user ID and the challenge fields into an array buffer. - # + # # == Parameters: # user_id:: # The `user_id` of an active user the Passkey or WebAuthn registration should be tied to. @@ -39,9 +41,9 @@ def initialize(connection) # The type of this field is nilable +String+. # return_passkey_credential_options:: # If true, the `public_key_credential_creation_options` returned will be optimized for Passkeys with `residentKey` set to `"required"` and `userVerification` set to `"preferred"`. - # + # # The type of this field is nilable +Boolean+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -57,8 +59,8 @@ def initialize(connection) # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def register_start( - user_id:, - domain:, + user_id: , + domain: , user_agent: nil, authenticator_type: nil, return_passkey_credential_options: nil @@ -68,17 +70,17 @@ def register_start( user_id: user_id, domain: domain } - request[:user_agent] = user_agent unless user_agent.nil? - request[:authenticator_type] = authenticator_type unless authenticator_type.nil? - request[:return_passkey_credential_options] = return_passkey_credential_options unless return_passkey_credential_options.nil? + request[:user_agent] = user_agent if user_agent != nil + request[:authenticator_type] = authenticator_type if authenticator_type != nil + request[:return_passkey_credential_options] = return_passkey_credential_options if return_passkey_credential_options != nil - post_request('/v1/webauthn/register/start', request, headers) + post_request("/v1/webauthn/register/start", request, headers) end - # Complete the creation of a WebAuthn registration by passing the response from the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request to this endpoint as the `public_key_credential` parameter. - # + # Complete the creation of a WebAuthn registration by passing the response from the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request to this endpoint as the `public_key_credential` parameter. + # # If the [webauthn-json](https://github.com/github/webauthn-json) library's `create()` method was used, the response can be passed directly to the [register endpoint](https://stytch.com/docs/api/webauthn-register). If not, some fields (the client data and the attestation object) from the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) response will need to be converted from array buffers to strings and marshalled into JSON. - # + # # == Parameters: # user_id:: # The `user_id` of an active user the Passkey or WebAuthn registration should be tied to. @@ -90,14 +92,14 @@ def register_start( # The `session_token` associated with a User's existing Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. # The type of this field is nilable +Integer+. # session_jwt:: @@ -105,10 +107,10 @@ def register_start( # The type of this field is nilable +String+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -134,13 +136,13 @@ def register_start( # The type of this field is +Integer+. # session:: # If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is nilable +Session+ (+object+). def register( - user_id:, - public_key_credential:, + user_id: , + public_key_credential: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -151,22 +153,22 @@ def register( user_id: user_id, public_key_credential: public_key_credential } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil - post_request('/v1/webauthn/register', request, headers) + post_request("/v1/webauthn/register", request, headers) end - # Initiate the authentication of a Passkey or WebAuthn registration. - # + # Initiate the authentication of a Passkey or WebAuthn registration. + # # To optimize for Passkeys, set the `return_passkey_credential_options` field to `true`. - # - # After calling this endpoint, the browser will need to call [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) with the data from `public_key_credential_request_options` passed to the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request via the public key argument. We recommend using the `get()` wrapper provided by the webauthn-json library. - # + # + # After calling this endpoint, the browser will need to call [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) with the data from `public_key_credential_request_options` passed to the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request via the public key argument. We recommend using the `get()` wrapper provided by the webauthn-json library. + # # If you are not using the [webauthn-json](https://github.com/github/webauthn-json) library, `the public_key_credential_request_options` will need to be converted to a suitable public key by unmarshalling the JSON and converting some the fields to array buffers. - # + # # == Parameters: # domain:: # The domain for Passkeys or WebAuthn. Defaults to `window.location.hostname`. @@ -176,9 +178,9 @@ def register( # The type of this field is nilable +String+. # return_passkey_credential_options:: # If true, the `public_key_credential_creation_options` returned will be optimized for Passkeys with `userVerification` set to `"preferred"`. - # + # # The type of this field is nilable +Boolean+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -194,7 +196,7 @@ def register( # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def authenticate_start( - domain:, + domain: , user_id: nil, return_passkey_credential_options: nil ) @@ -202,16 +204,16 @@ def authenticate_start( request = { domain: domain } - request[:user_id] = user_id unless user_id.nil? - request[:return_passkey_credential_options] = return_passkey_credential_options unless return_passkey_credential_options.nil? + request[:user_id] = user_id if user_id != nil + request[:return_passkey_credential_options] = return_passkey_credential_options if return_passkey_credential_options != nil - post_request('/v1/webauthn/authenticate/start', request, headers) + post_request("/v1/webauthn/authenticate/start", request, headers) end - # Complete the authentication of a Passkey or WebAuthn registration by passing the response from the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request to the authenticate endpoint. - # + # Complete the authentication of a Passkey or WebAuthn registration by passing the response from the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request to the authenticate endpoint. + # # If the [webauthn-json](https://github.com/github/webauthn-json) library's `get()` method was used, the response can be passed directly to the [authenticate endpoint](https://stytch.com/docs/api/webauthn-authenticate). If not some fields from the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) response will need to be converted from array buffers to strings and marshalled into JSON. - # + # # == Parameters: # public_key_credential:: # The response of the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential). @@ -220,14 +222,14 @@ def authenticate_start( # The `session_token` associated with a User's existing Session. # The type of this field is nilable +String+. # session_duration_minutes:: - # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, + # Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, # returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of # five minutes regardless of the underlying session duration, and will need to be refreshed over time. - # + # # This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). - # + # # If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes. - # + # # If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created. # The type of this field is nilable +Integer+. # session_jwt:: @@ -235,10 +237,10 @@ def authenticate_start( # The type of this field is nilable +String+. # session_custom_claims:: # Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. - # + # # Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. # The type of this field is nilable +object+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -264,12 +266,12 @@ def authenticate_start( # The type of this field is +Integer+. # session:: # If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. - # + # # See [GET sessions](https://stytch.com/docs/api/session-get) for complete response fields. - # + # # The type of this field is nilable +Session+ (+object+). def authenticate( - public_key_credential:, + public_key_credential: , session_token: nil, session_duration_minutes: nil, session_jwt: nil, @@ -279,16 +281,16 @@ def authenticate( request = { public_key_credential: public_key_credential } - request[:session_token] = session_token unless session_token.nil? - request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? - request[:session_jwt] = session_jwt unless session_jwt.nil? - request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? + request[:session_token] = session_token if session_token != nil + request[:session_duration_minutes] = session_duration_minutes if session_duration_minutes != nil + request[:session_jwt] = session_jwt if session_jwt != nil + request[:session_custom_claims] = session_custom_claims if session_custom_claims != nil - post_request('/v1/webauthn/authenticate', request, headers) + post_request("/v1/webauthn/authenticate", request, headers) end # Updates a Passkey or WebAuthn registration. - # + # # == Parameters: # webauthn_registration_id:: # Globally unique UUID that identifies a Passkey or WebAuthn registration in the Stytch API. The `webauthn_registration_id` is used when you need to operate on a specific User's WebAuthn registration. @@ -296,7 +298,7 @@ def authenticate( # name:: # The `name` of the WebAuthn registration or Passkey. # The type of this field is +String+. - # + # # == Returns: # An object with the following fields: # request_id:: @@ -309,8 +311,8 @@ def authenticate( # A Passkey or WebAuthn registration. # The type of this field is nilable +WebAuthnRegistration+ (+object+). def update( - webauthn_registration_id:, - name: + webauthn_registration_id: , + name: ) headers = {} request = { @@ -319,5 +321,8 @@ def update( put_request("/v1/webauthn/#{webauthn_registration_id}", request, headers) end + + + end -end +end \ No newline at end of file