From 1d0ef4eb2f3e64c97b0e3ad37660d9b8b1db2327 Mon Sep 17 00:00:00 2001 From: vincent <107003653+vincent-stytch@users.noreply.github.com> Date: Mon, 20 May 2024 10:50:32 -0700 Subject: [PATCH] Add identity_provider to SSO connections (#179) --- stytch/b2b/discovery_organizations.go | 2 +- stytch/b2b/oauth/types.go | 6 ++--- .../members/oauthproviders/types.go | 8 +++--- stytch/b2b/organizations/members/types.go | 25 ++++++++++++++---- stytch/b2b/organizations/types.go | 6 ++--- stytch/b2b/organizations_members.go | 9 +++++++ .../organizations_members_oauthproviders.go | 3 +++ stytch/b2b/rbac/types.go | 6 ++--- stytch/b2b/scim/types.go | 2 ++ stytch/b2b/sessions.go | 10 +++++-- stytch/b2b/sessions/types.go | 2 +- stytch/b2b/sso/oidc/types.go | 26 +++++++++++++++++++ stytch/b2b/sso/saml/types.go | 26 +++++++++++++++++++ stytch/b2b/sso/types.go | 18 ++++++++++--- stytch/config/version.go | 2 +- stytch/consumer/sessions.go | 18 +++++++++---- 16 files changed, 138 insertions(+), 31 deletions(-) diff --git a/stytch/b2b/discovery_organizations.go b/stytch/b2b/discovery_organizations.go index 97bafba..75da701 100644 --- a/stytch/b2b/discovery_organizations.go +++ b/stytch/b2b/discovery_organizations.go @@ -35,7 +35,7 @@ func NewDiscoveryOrganizationsClient(c stytch.Client) *DiscoveryOrganizationsCli // This endpoint will also create an initial Member Session for the newly created Member. // // The Member created by this endpoint will automatically be granted the `stytch_admin` Role. See the -// [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for more details on this Role. +// [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for more details on this Role. // // If the new Organization is created with a `mfa_policy` of `REQUIRED_FOR_ALL`, the newly created Member // will need to complete an MFA step to log in to the Organization. diff --git a/stytch/b2b/oauth/types.go b/stytch/b2b/oauth/types.go index fc538c1..5a1037f 100644 --- a/stytch/b2b/oauth/types.go +++ b/stytch/b2b/oauth/types.go @@ -71,11 +71,11 @@ type AuthenticateParams struct { // ProviderValues: type ProviderValues struct { - // AccessToken: The `access_token` that you may use to access the User's data in the provider's API. - AccessToken string `json:"access_token,omitempty"` // Scopes: The OAuth scopes included for a given provider. See each provider's section above to see which // scopes are included by default and how to add custom scopes. Scopes []string `json:"scopes,omitempty"` + // AccessToken: The `access_token` that you may use to access the User's data in the provider's API. + AccessToken string `json:"access_token,omitempty"` // RefreshToken: The `refresh_token` that you may use to obtain a new `access_token` for the User within // the provider's API. RefreshToken string `json:"refresh_token,omitempty"` @@ -139,7 +139,7 @@ type AuthenticateResponse struct { // access the provider's API for a given user. // // Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only - // returned by Microsoft. + // returned by Microsoft. Google One Tap does not return access tokens or refresh tokens. ProviderValues *ProviderValues `json:"provider_values,omitempty"` // MFARequired: Information about the MFA requirements of the Organization and the Member's options for // fulfilling MFA. diff --git a/stytch/b2b/organizations/members/oauthproviders/types.go b/stytch/b2b/organizations/members/oauthproviders/types.go index 235d2ef..22ae7d9 100644 --- a/stytch/b2b/organizations/members/oauthproviders/types.go +++ b/stytch/b2b/organizations/members/oauthproviders/types.go @@ -32,10 +32,6 @@ type GoogleResponse struct { // ProviderSubject: The unique identifier for the User within a given OAuth provider. Also commonly called // the `sub` or "Subject field" in OAuth protocols. ProviderSubject string `json:"provider_subject,omitempty"` - // AccessToken: The `access_token` that you may use to access the User's data in the provider's API. - AccessToken string `json:"access_token,omitempty"` - // AccessTokenExpiresIn: The number of seconds until the access token expires. - AccessTokenExpiresIn int32 `json:"access_token_expires_in,omitempty"` // IDToken: The `id_token` returned by the OAuth provider. ID Tokens are JWTs that contain structured // information about a user. The exact content of each ID Token varies from provider to provider. ID Tokens // are returned from OAuth providers that conform to the [OpenID Connect](https://openid.net/foundation/) @@ -48,6 +44,10 @@ type GoogleResponse struct { // patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX // are server errors. StatusCode int32 `json:"status_code,omitempty"` + // AccessToken: The `access_token` that you may use to access the User's data in the provider's API. + AccessToken string `json:"access_token,omitempty"` + // AccessTokenExpiresIn: The number of seconds until the access token expires. + AccessTokenExpiresIn int32 `json:"access_token_expires_in,omitempty"` // RefreshToken: The `refresh_token` that you may use to obtain a new `access_token` for the User within // the provider's API. RefreshToken string `json:"refresh_token,omitempty"` diff --git a/stytch/b2b/organizations/members/types.go b/stytch/b2b/organizations/members/types.go index 375e22c..f3142be 100644 --- a/stytch/b2b/organizations/members/types.go +++ b/stytch/b2b/organizations/members/types.go @@ -89,9 +89,14 @@ type DeletePasswordParams struct { MemberPasswordID string `json:"member_password_id,omitempty"` } +// DeleteTOTPParams: Request type for `Members.DeleteTOTP`. type DeleteTOTPParams struct { + // OrganizationID: Globally unique UUID that identifies a specific Organization. The `organization_id` is + // critical to perform operations on an Organization, so be sure to preserve this value. OrganizationID string `json:"organization_id,omitempty"` - MemberID string `json:"member_id,omitempty"` + // MemberID: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform + // operations on a Member, so be sure to preserve this value. + MemberID string `json:"member_id,omitempty"` } // GetParams: Request type for `Members.Get`. @@ -415,12 +420,22 @@ type DeleteResponse struct { StatusCode int32 `json:"status_code,omitempty"` } +// DeleteTOTPResponse: Response type for `Members.DeleteTOTP`. type DeleteTOTPResponse struct { - RequestID string `json:"request_id,omitempty"` - MemberID string `json:"member_id,omitempty"` - Member organizations.Member `json:"member,omitempty"` + // RequestID: Globally unique UUID that is returned with every API call. This value is important to log for + // debugging purposes; we may ask for this value to help identify a specific API call when helping you + // debug an issue. + RequestID string `json:"request_id,omitempty"` + // MemberID: Globally unique UUID that identifies a specific Member. + MemberID string `json:"member_id,omitempty"` + // Member: The [Member object](https://stytch.com/docs/b2b/api/member-object) + Member organizations.Member `json:"member,omitempty"` + // Organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object). Organization organizations.Organization `json:"organization,omitempty"` - StatusCode int32 `json:"status_code,omitempty"` + // StatusCode: The HTTP status code of the response. Stytch follows standard HTTP response status code + // patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX + // are server errors. + StatusCode int32 `json:"status_code,omitempty"` } // GetResponse: Response type for `Members.DangerouslyGet`, `Members.Get`. diff --git a/stytch/b2b/organizations/types.go b/stytch/b2b/organizations/types.go index cd092ae..f9b52f2 100644 --- a/stytch/b2b/organizations/types.go +++ b/stytch/b2b/organizations/types.go @@ -161,7 +161,7 @@ type EmailImplicitRoleAssignment struct { // * `stytch_member` // * `stytch_admin` // - // Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) + // Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-default) // for a more detailed explanation. // // @@ -210,7 +210,7 @@ type Member struct { // Members // who create an Organization through the // [discovery flow](https://stytch.com/docs/b2b/api/create-organization-via-discovery). See the - // [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for more details on this Role. + // [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for more details on this Role. IsAdmin bool `json:"is_admin,omitempty"` TOTPRegistrationID string `json:"totp_registration_id,omitempty"` // SCIMRegistrations: An array of scim member registrations, each one referencing a @@ -249,7 +249,7 @@ type MemberRole struct { // * `stytch_member` // * `stytch_admin` // - // Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) + // Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-default) // for a more detailed explanation. // // diff --git a/stytch/b2b/organizations_members.go b/stytch/b2b/organizations_members.go index 7bae0a1..b8579c6 100644 --- a/stytch/b2b/organizations_members.go +++ b/stytch/b2b/organizations_members.go @@ -174,6 +174,15 @@ func (c *OrganizationsMembersClient) DeleteMFAPhoneNumber( return &retVal, err } +// DeleteTOTP: Delete a Member's MFA TOTP registration. +// +// To mint a new registration for a Member, you must first call this endpoint to delete the existing +// registration. +// +// Existing Member Sessions that include the TOTP authentication factor will not be revoked if the +// registration is deleted, and MFA will not be enforced until the Member logs in again. +// +// /%} func (c *OrganizationsMembersClient) DeleteTOTP( ctx context.Context, body *members.DeleteTOTPParams, diff --git a/stytch/b2b/organizations_members_oauthproviders.go b/stytch/b2b/organizations_members_oauthproviders.go index a61dcdb..fea6e0a 100644 --- a/stytch/b2b/organizations_members_oauthproviders.go +++ b/stytch/b2b/organizations_members_oauthproviders.go @@ -30,6 +30,9 @@ func NewOrganizationsMembersOAuthProvidersClient(c stytch.Client) *Organizations // will refresh the // access token automatically. // +// Google One Tap does not return access tokens. If the member has only authenticated through Google One +// Tap and not through a regular Google OAuth flow, this endpoint will not return any tokens. +// // __Note:__ Google does not issue a refresh token on every login, and refresh tokens may expire if unused. // To force a refresh token to be issued, pass the `?provider_prompt=consent` query param into the // [Start Google OAuth flow](https://stytch.com/docs/b2b/api/oauth-google-start) endpoint. diff --git a/stytch/b2b/rbac/types.go b/stytch/b2b/rbac/types.go index 0fecfe2..26a7fa2 100644 --- a/stytch/b2b/rbac/types.go +++ b/stytch/b2b/rbac/types.go @@ -31,7 +31,7 @@ type PolicyResource struct { // * `stytch.self` // // Check out the - // [guide on Stytch default Resources](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for a more + // [guide on Stytch default Resources](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for a more // detailed explanation. // // @@ -93,7 +93,7 @@ type PolicyRole struct { // * `stytch_member` // * `stytch_admin` // - // Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) + // Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-default) // for a more detailed explanation. // // @@ -119,7 +119,7 @@ type PolicyRolePermission struct { // * `stytch.self` // // Check out the - // [guide on Stytch default Resources](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for a more + // [guide on Stytch default Resources](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for a more // detailed explanation. // // diff --git a/stytch/b2b/scim/types.go b/stytch/b2b/scim/types.go index 7229cb8..43261b1 100644 --- a/stytch/b2b/scim/types.go +++ b/stytch/b2b/scim/types.go @@ -19,7 +19,9 @@ type SCIMConnection struct { BaseURL string `json:"base_url,omitempty"` BearerTokenLastFour string `json:"bearer_token_last_four,omitempty"` SCIMGroupImplicitRoleAssignments []SCIMGroupImplicitRoleAssignments `json:"scim_group_implicit_role_assignments,omitempty"` + NextBearerTokenLastFour string `json:"next_bearer_token_last_four,omitempty"` BearerTokenExpiresAt *time.Time `json:"bearer_token_expires_at,omitempty"` + NextBearerTokenExpiresAt *time.Time `json:"next_bearer_token_expires_at,omitempty"` } type SCIMConnectionWithNextToken struct { diff --git a/stytch/b2b/sessions.go b/stytch/b2b/sessions.go index 01a2864..41d9cd6 100644 --- a/stytch/b2b/sessions.go +++ b/stytch/b2b/sessions.go @@ -68,7 +68,9 @@ func (c *SessionsClient) Get( // It will return an error if both are present. // // You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT -// will be returned if both the signature and the underlying Session are still valid. +// will be returned if both the signature and the underlying Session are still valid. See our +// [How to use Stytch Session JWTs](https://stytch.com/docs/b2b/guides/sessions/using-jwts) guide for more +// information. // // If an `authorization_check` object is passed in, this method will also check if the Member is authorized // to perform the given action on the given Resource in the specified Organization. A Member is authorized @@ -258,7 +260,8 @@ func (c *SessionsClient) Exchange( // Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo // endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a // lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to -// match that email address with a Member in your Organization and create a Stytch Session. +// match that email address with an existing Member in your Organization and create a Stytch Session. You +// will need to create the member before using this endpoint. func (c *SessionsClient) Migrate( ctx context.Context, body *sessions.MigrateParams, @@ -302,6 +305,9 @@ func (c *SessionsClient) Migrate( // If you're using your own JWT validation library, many have built-in support for JWKS rotation, and // you'll just need to supply this API endpoint. If not, your application should decide which JWKS to use // for validation by inspecting the `kid` value. +// +// See our [How to use Stytch Session JWTs](https://stytch.com/docs/b2b/guides/sessions/using-jwts) guide +// for more information. func (c *SessionsClient) GetJWKS( ctx context.Context, body *sessions.GetJWKSParams, diff --git a/stytch/b2b/sessions/types.go b/stytch/b2b/sessions/types.go index ae81a66..ca12b90 100644 --- a/stytch/b2b/sessions/types.go +++ b/stytch/b2b/sessions/types.go @@ -84,7 +84,7 @@ type AuthorizationCheck struct { // * `stytch.self` // // Check out the - // [guide on Stytch default Resources](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for a more + // [guide on Stytch default Resources](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for a more // detailed explanation. // // diff --git a/stytch/b2b/sso/oidc/types.go b/stytch/b2b/sso/oidc/types.go index f8dc3e9..84ddbe0 100644 --- a/stytch/b2b/sso/oidc/types.go +++ b/stytch/b2b/sso/oidc/types.go @@ -18,6 +18,10 @@ type CreateConnectionParams struct { OrganizationID string `json:"organization_id,omitempty"` // DisplayName: A human-readable display name for the connection. DisplayName string `json:"display_name,omitempty"` + // IdentityProvider: The identity provider of this connection. For OIDC, the accepted values are `generic`, + // `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, + // and `google-workspace`. + IdentityProvider CreateConnectionRequestIdentityProvider `json:"identity_provider,omitempty"` } // UpdateConnectionParams: Request type for `OIDC.UpdateConnection`. @@ -50,6 +54,10 @@ type UpdateConnectionParams struct { // JWKSURL: The location of the IdP's JSON Web Key Set, used to verify credentials issued by the IdP. This // will be provided by the IdP. JWKSURL string `json:"jwks_url,omitempty"` + // IdentityProvider: The identity provider of this connection. For OIDC, the accepted values are `generic`, + // `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, + // and `google-workspace`. + IdentityProvider UpdateConnectionRequestIdentityProvider `json:"identity_provider,omitempty"` } // CreateConnectionRequestOptions: @@ -113,3 +121,21 @@ type UpdateConnectionResponse struct { // overall request succeeds, there could be relevant warnings related to the connection update. Warning string `json:"warning,omitempty"` } + +type CreateConnectionRequestIdentityProvider string + +const ( + CreateConnectionRequestIdentityProviderGeneric CreateConnectionRequestIdentityProvider = "generic" + CreateConnectionRequestIdentityProviderOkta CreateConnectionRequestIdentityProvider = "okta" + CreateConnectionRequestIdentityProviderMicrosoftentra CreateConnectionRequestIdentityProvider = "microsoft-entra" + CreateConnectionRequestIdentityProviderGoogleworkspace CreateConnectionRequestIdentityProvider = "google-workspace" +) + +type UpdateConnectionRequestIdentityProvider string + +const ( + UpdateConnectionRequestIdentityProviderGeneric UpdateConnectionRequestIdentityProvider = "generic" + UpdateConnectionRequestIdentityProviderOkta UpdateConnectionRequestIdentityProvider = "okta" + UpdateConnectionRequestIdentityProviderMicrosoftentra UpdateConnectionRequestIdentityProvider = "microsoft-entra" + UpdateConnectionRequestIdentityProviderGoogleworkspace UpdateConnectionRequestIdentityProvider = "google-workspace" +) diff --git a/stytch/b2b/sso/saml/types.go b/stytch/b2b/sso/saml/types.go index be49475..1ad5d01 100644 --- a/stytch/b2b/sso/saml/types.go +++ b/stytch/b2b/sso/saml/types.go @@ -18,6 +18,10 @@ type CreateConnectionParams struct { OrganizationID string `json:"organization_id,omitempty"` // DisplayName: A human-readable display name for the connection. DisplayName string `json:"display_name,omitempty"` + // IdentityProvider: The identity provider of this connection. For OIDC, the accepted values are `generic`, + // `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, + // and `google-workspace`. + IdentityProvider CreateConnectionRequestIdentityProvider `json:"identity_provider,omitempty"` } // DeleteVerificationCertificateParams: Request type for `SAML.DeleteVerificationCertificate`. @@ -82,6 +86,10 @@ type UpdateConnectionParams struct { // AlternativeAudienceURI: An alternative URL to use for the Audience Restriction. This value can be used // when you wish to migrate an existing SAML integration to Stytch with zero downtime. AlternativeAudienceURI string `json:"alternative_audience_uri,omitempty"` + // IdentityProvider: The identity provider of this connection. For OIDC, the accepted values are `generic`, + // `okta`, and `microsoft-entra`. For SAML, the accepted values are `generic`, `okta`, `microsoft-entra`, + // and `google-workspace`. + IdentityProvider UpdateConnectionRequestIdentityProvider `json:"identity_provider,omitempty"` } // CreateConnectionRequestOptions: @@ -197,3 +205,21 @@ type UpdateConnectionResponse struct { // field details. Connection *sso.SAMLConnection `json:"connection,omitempty"` } + +type CreateConnectionRequestIdentityProvider string + +const ( + CreateConnectionRequestIdentityProviderGeneric CreateConnectionRequestIdentityProvider = "generic" + CreateConnectionRequestIdentityProviderOkta CreateConnectionRequestIdentityProvider = "okta" + CreateConnectionRequestIdentityProviderMicrosoftentra CreateConnectionRequestIdentityProvider = "microsoft-entra" + CreateConnectionRequestIdentityProviderGoogleworkspace CreateConnectionRequestIdentityProvider = "google-workspace" +) + +type UpdateConnectionRequestIdentityProvider string + +const ( + UpdateConnectionRequestIdentityProviderGeneric UpdateConnectionRequestIdentityProvider = "generic" + UpdateConnectionRequestIdentityProviderOkta UpdateConnectionRequestIdentityProvider = "okta" + UpdateConnectionRequestIdentityProviderMicrosoftentra UpdateConnectionRequestIdentityProvider = "microsoft-entra" + UpdateConnectionRequestIdentityProviderGoogleworkspace UpdateConnectionRequestIdentityProvider = "google-workspace" +) diff --git a/stytch/b2b/sso/types.go b/stytch/b2b/sso/types.go index 2167254..8924a49 100644 --- a/stytch/b2b/sso/types.go +++ b/stytch/b2b/sso/types.go @@ -70,6 +70,15 @@ type AuthenticateParams struct { IntermediateSessionToken string `json:"intermediate_session_token,omitempty"` } +type Connection struct { + OrganizationID string `json:"organization_id,omitempty"` + ConnectionID string `json:"connection_id,omitempty"` + ExternalOrganizationID string `json:"external_organization_id,omitempty"` + ExternalConnectionID string `json:"external_connection_id,omitempty"` + DisplayName string `json:"display_name,omitempty"` + Status string `json:"status,omitempty"` +} + // DeleteConnectionParams: Request type for `SSO.DeleteConnection`. type DeleteConnectionParams struct { // OrganizationID: The organization ID that the SSO connection belongs to. @@ -124,6 +133,7 @@ type OIDCConnection struct { TokenURL string `json:"token_url,omitempty"` UserinfoURL string `json:"userinfo_url,omitempty"` JWKSURL string `json:"jwks_url,omitempty"` + IdentityProvider string `json:"identity_provider,omitempty"` } type SAMLConnection struct { @@ -140,6 +150,7 @@ type SAMLConnection struct { SAMLConnectionImplicitRoleAssignments []SAMLConnectionImplicitRoleAssignment `json:"saml_connection_implicit_role_assignments,omitempty"` SAMLGroupImplicitRoleAssignments []SAMLGroupImplicitRoleAssignment `json:"saml_group_implicit_role_assignments,omitempty"` AlternativeAudienceURI string `json:"alternative_audience_uri,omitempty"` + IdentityProvider string `json:"identity_provider,omitempty"` AttributeMapping map[string]any `json:"attribute_mapping,omitempty"` } @@ -153,7 +164,7 @@ type SAMLConnectionImplicitRoleAssignment struct { // * `stytch_member` // * `stytch_admin` // - // Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) + // Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-default) // for a more detailed explanation. // // @@ -170,7 +181,7 @@ type SAMLGroupImplicitRoleAssignment struct { // * `stytch_member` // * `stytch_admin` // - // Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) + // Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-default) // for a more detailed explanation. // // @@ -259,7 +270,8 @@ type GetConnectionsResponse struct { SAMLConnections []SAMLConnection `json:"saml_connections,omitempty"` // OIDCConnections: The list of [OIDC Connections](https://stytch.com/docs/b2b/api/oidc-connection-object) // owned by this organization. - OIDCConnections []OIDCConnection `json:"oidc_connections,omitempty"` + OIDCConnections []OIDCConnection `json:"oidc_connections,omitempty"` + ExternalConnections []Connection `json:"external_connections,omitempty"` // StatusCode: The HTTP status code of the response. Stytch follows standard HTTP response status code // patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX // are server errors. diff --git a/stytch/config/version.go b/stytch/config/version.go index 8b85c1a..560cb1e 100644 --- a/stytch/config/version.go +++ b/stytch/config/version.go @@ -1,3 +1,3 @@ package config -const APIVersion = "14.0.0" +const APIVersion = "14.1.0" diff --git a/stytch/consumer/sessions.go b/stytch/consumer/sessions.go index 673dd8c..807267a 100644 --- a/stytch/consumer/sessions.go +++ b/stytch/consumer/sessions.go @@ -59,11 +59,16 @@ func (c *SessionsClient) Get( return &retVal, err } -// Authenticate a session token and retrieve associated session data. If `session_duration_minutes` is -// included, update the lifetime of the session to be that many minutes from now. All timestamps are -// formatted according to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. This -// endpoint requires exactly one `session_jwt` or `session_token` as part of the request. If both are -// included you will receive a `too_many_session_arguments` error. +// Authenticate a session token or session JWT and retrieve associated session data. If +// `session_duration_minutes` is included, update the lifetime of the session to be that many minutes from +// now. All timestamps are formatted according to the RFC 3339 standard and are expressed in UTC, e.g. +// `2021-12-29T12:33:09Z`. This endpoint requires exactly one `session_jwt` or `session_token` as part of +// the request. If both are included, you will receive a `too_many_session_arguments` error. +// +// You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT +// will be returned if both the signature and the underlying Session are still valid. See our +// [How to use Stytch Session JWTs](https://stytch.com/docs/guides/sessions/using-jwts) guide for more +// information. func (c *SessionsClient) Authenticate( ctx context.Context, body *sessions.AuthenticateParams, @@ -202,6 +207,9 @@ func (c *SessionsClient) Revoke( // If you're using your own JWT validation library, many have built-in support for JWKS rotation, and // you'll just need to supply this API endpoint. If not, your application should decide which JWKS to use // for validation by inspecting the `kid` value. +// +// See our [How to use Stytch Session JWTs](https://stytch.com/docs/guides/sessions/using-jwts) guide for +// more information. func (c *SessionsClient) GetJWKS( ctx context.Context, body *sessions.GetJWKSParams,