Fix member session for magic links (#193)

* Run codegen * Revert "Run codegen" This reverts commit 53d5195. * regenerate * bump minor version * remove patch number
stytchauth · Sep 26, 2024 · d9b35cd · d9b35cd
1 parent 15b392c
commit d9b35cd
Show file tree

Hide file tree

Showing 27 changed files with 175 additions and 107 deletions.
diff --git a/stytch/b2b/discovery/intermediatesessions/types.go b/stytch/b2b/discovery/intermediatesessions/types.go
@@ -52,9 +52,9 @@ type ExchangeParams struct {
 	// `exp`, `nbf`, `iat`, `jti`) will be ignored.
 	//   Total custom claims size cannot exceed four kilobytes.
 	SessionCustomClaims map[string]any `json:"session_custom_claims,omitempty"`
-	// Locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint
-	// will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will
-	// be used to determine which language to use when sending the passcode.
+	// Locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will
+	// pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be
+	// used to determine which language to use when sending the passcode.
 	//
 	// Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/),
 	// e.g. `"en"`.
@@ -107,7 +107,8 @@ type ExchangeResponse struct {
 	MemberSession *sessions.MemberSession `json:"member_session,omitempty"`
 	// MFARequired: Information about the MFA requirements of the Organization and the Member's options for
 	// fulfilling MFA.
-	MFARequired     *mfa.MfaRequired          `json:"mfa_required,omitempty"`
+	MFARequired *mfa.MfaRequired `json:"mfa_required,omitempty"`
+	// PrimaryRequired: Information about the primary authentication requirements of the Organization.
 	PrimaryRequired *sessions.PrimaryRequired `json:"primary_required,omitempty"`
 }
 

diff --git a/stytch/b2b/discovery/organizations/types.go b/stytch/b2b/discovery/organizations/types.go
@@ -225,7 +225,8 @@ type CreateResponse struct {
 	Organization *organizations.Organization `json:"organization,omitempty"`
 	// MFARequired: Information about the MFA requirements of the Organization and the Member's options for
 	// fulfilling MFA.
-	MFARequired     *mfa.MfaRequired          `json:"mfa_required,omitempty"`
+	MFARequired *mfa.MfaRequired `json:"mfa_required,omitempty"`
+	// PrimaryRequired: Information about the primary authentication requirements of the Organization.
 	PrimaryRequired *sessions.PrimaryRequired `json:"primary_required,omitempty"`
 }
 

diff --git a/stytch/b2b/discovery_intermediatesessions.go b/stytch/b2b/discovery_intermediatesessions.go
@@ -32,8 +32,8 @@ func NewDiscoveryIntermediateSessionsClient(c stytch.Client) *DiscoveryIntermedi
 //
 // This endpoint can be used to accept invites and create new members via domain matching.
 //
-// If the Member is required to complete MFA to log in to the Organization, the returned value of
-// `member_authenticated` will be `false`.
+// If the is required to complete MFA to log in to the, the returned value of `member_authenticated` will
+// be `false`.
 // The `intermediate_session_token` will not be consumed and instead will be returned in the response.
 // The `intermediate_session_token` can be passed into the
 // [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the
@@ -43,6 +43,13 @@ func NewDiscoveryIntermediateSessionsClient(c stytch.Client) *DiscoveryIntermedi
 // or the
 // [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one.
 // The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.
+//
+// If the Member is logging in via an OAuth provider that does not fully verify the email, the returned
+// value of `member_authenticated` will be `false`.
+// The `intermediate_session_token` will not be consumed and instead will be returned in the response.
+// The `primary_required` field details the authentication flow the Member must perform in order to
+// [complete a step-up authentication](https://stytch.com/docs/b2b/guides/oauth/auth-flows) into the
+// organization. The `intermediate_session_token` must be passed into that authentication flow.
 func (c *DiscoveryIntermediateSessionsClient) Exchange(
 	ctx context.Context,
 	body *intermediatesessions.ExchangeParams,

diff --git a/stytch/b2b/discovery_organizations.go b/stytch/b2b/discovery_organizations.go
@@ -25,16 +25,16 @@ func NewDiscoveryOrganizationsClient(c stytch.Client) *DiscoveryOrganizationsCli
 	}
 }
 
-// Create: If an end user does not want to join any already-existing Organization, or has no possible
-// Organizations to join, this endpoint can be used to create a new
+// Create: If an end user does not want to join any already-existing, or has no possible Organizations to
+// join, this endpoint can be used to create a new
 // [Organization](https://stytch.com/docs/b2b/api/organization-object) and
 // [Member](https://stytch.com/docs/b2b/api/member-object).
 //
 // This operation consumes the Intermediate Session.
 //
 // This endpoint will also create an initial Member Session for the newly created Member.
 //
-// The Member created by this endpoint will automatically be granted the `stytch_admin` Role. See the
+// The created by this endpoint will automatically be granted the `stytch_admin` Role. See the
 // [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for more details on this Role.
 //
 // If the new Organization is created with a `mfa_policy` of `REQUIRED_FOR_ALL`, the newly created Member

diff --git a/stytch/b2b/magiclinks.go b/stytch/b2b/magiclinks.go
@@ -32,14 +32,14 @@ func NewMagicLinksClient(c stytch.Client) *MagicLinksClient {
 	}
 }
 
-// Authenticate a Member with a Magic Link. This endpoint requires a Magic Link token that is not expired
-// or previously used. If the Member’s status is `pending` or `invited`, they will be updated to `active`.
+// Authenticate a with a Magic Link. This endpoint requires a Magic Link token that is not expired or
+// previously used. If the Member’s status is `pending` or `invited`, they will be updated to `active`.
 // Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the
 // `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute
 // duration.
 //
-// If the Member is required to complete MFA to log in to the Organization, the returned value of
-// `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+// If the Member is required to complete MFA to log in to the, the returned value of `member_authenticated`
+// will be `false`, and an `intermediate_session_token` will be returned.
 // The `intermediate_session_token` can be passed into the
 // [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms),
 // [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp),

diff --git a/stytch/b2b/magiclinks/types.go b/stytch/b2b/magiclinks/types.go
@@ -54,9 +54,9 @@ type AuthenticateParams struct {
 	// `exp`, `nbf`, `iat`, `jti`) will be ignored.
 	//   Total custom claims size cannot exceed four kilobytes.
 	SessionCustomClaims map[string]any `json:"session_custom_claims,omitempty"`
-	// Locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint
-	// will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will
-	// be used to determine which language to use when sending the passcode.
+	// Locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will
+	// pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be
+	// used to determine which language to use when sending the passcode.
 	//
 	// Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/),
 	// e.g. `"en"`.
@@ -99,8 +99,6 @@ type AuthenticateResponse struct {
 	SessionToken string `json:"session_token,omitempty"`
 	// SessionJWT: The JSON Web Token (JWT) for a given Stytch Session.
 	SessionJWT string `json:"session_jwt,omitempty"`
-	// MemberSession: The [Session object](https://stytch.com/docs/b2b/api/session-object).
-	MemberSession sessions.MemberSession `json:"member_session,omitempty"`
 	// Organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
 	Organization organizations.Organization `json:"organization,omitempty"`
 	// IntermediateSessionToken: The returned Intermediate Session Token contains an Email Magic Link factor
@@ -122,6 +120,8 @@ type AuthenticateResponse struct {
 	// patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX
 	// are server errors.
 	StatusCode int32 `json:"status_code,omitempty"`
+	// MemberSession: The [Session object](https://stytch.com/docs/b2b/api/session-object).
+	MemberSession *sessions.MemberSession `json:"member_session,omitempty"`
 	// MFARequired: Information about the MFA requirements of the Organization and the Member's options for
 	// fulfilling MFA.
 	MFARequired *mfa.MfaRequired `json:"mfa_required,omitempty"`

diff --git a/stytch/b2b/magiclinks_email.go b/stytch/b2b/magiclinks_email.go
@@ -61,9 +61,9 @@ func (c *MagicLinksEmailClient) LoginOrSignup(
 	return &retVal, err
 }
 
-// Invite: Send an invite email to a new Member to join an Organization. The Member will be created with an
-// `invited` status until they successfully authenticate. Sending invites to `pending` Members will update
-// their status to `invited`. Sending invites to already `active` Members will return an error.
+// Invite: Send an invite email to a new to join an. The Member will be created with an `invited` status
+// until they successfully authenticate. Sending invites to `pending` Members will update their status to
+// `invited`. Sending invites to already `active` Members will return an error.
 //
 // The magic link invite will be valid for 1 week.
 func (c *MagicLinksEmailClient) Invite(

diff --git a/stytch/b2b/oauth.go b/stytch/b2b/oauth.go
@@ -30,13 +30,13 @@ func NewOAuthClient(c stytch.Client) *OAuthClient {
 	}
 }
 
-// Authenticate a Member given a `token`. This endpoint verifies that the member completed the OAuth flow
-// by verifying that the token is valid and hasn't expired.  Provide the `session_duration_minutes`
-// parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not
-// specified, a Stytch session will be created with a 60 minute duration.
+// Authenticate a given a `token`. This endpoint verifies that the member completed the flow by verifying
+// that the token is valid and hasn't expired.  Provide the `session_duration_minutes` parameter to set the
+// lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session
+// will be created with a 60 minute duration.
 //
-// If the Member is required to complete MFA to log in to the Organization, the returned value of
-// `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+// If the Member is required to complete MFA to log in to the, the returned value of `member_authenticated`
+// will be `false`, and an `intermediate_session_token` will be returned.
 // The `intermediate_session_token` can be passed into the
 // [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the
 // MFA step and acquire a full member session.
@@ -49,6 +49,12 @@ func NewOAuthClient(c stytch.Client) *OAuthClient {
 // If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an
 // MFA step.
 //
+// If the Member is logging in via an OAuth provider that does not fully verify the email, the returned
+// value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned.
+// The `primary_required` field details the authentication flow the Member must perform in order to
+// [complete a step-up authentication](https://stytch.com/docs/b2b/guides/oauth/auth-flows) into the
+// organization. The `intermediate_session_token` must be passed into that authentication flow.
+//
 // We’re actively accepting requests for new OAuth providers! Please [email us](mailto:[email protected])
 // or [post in our community](https://stytch.com/docs/b2b/resources) if you are looking for an OAuth
 // provider that is not currently supported.

diff --git a/stytch/b2b/oauth/types.go b/stytch/b2b/oauth/types.go
@@ -48,9 +48,9 @@ type AuthenticateParams struct {
 	// PkceCodeVerifier: A base64url encoded one time secret used to validate that the request starts and ends
 	// on the same device.
 	PkceCodeVerifier string `json:"pkce_code_verifier,omitempty"`
-	// Locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint
-	// will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will
-	// be used to determine which language to use when sending the passcode.
+	// Locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will
+	// pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be
+	// used to determine which language to use when sending the passcode.
 	//
 	// Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/),
 	// e.g. `"en"`.
@@ -143,7 +143,8 @@ type AuthenticateResponse struct {
 	ProviderValues *ProviderValues `json:"provider_values,omitempty"`
 	// MFARequired: Information about the MFA requirements of the Organization and the Member's options for
 	// fulfilling MFA.
-	MFARequired     *mfa.MfaRequired          `json:"mfa_required,omitempty"`
+	MFARequired *mfa.MfaRequired `json:"mfa_required,omitempty"`
+	// PrimaryRequired: Information about the primary authentication requirements of the Organization.
 	PrimaryRequired *sessions.PrimaryRequired `json:"primary_required,omitempty"`
 }
 

diff --git a/stytch/b2b/oauth_discovery.go b/stytch/b2b/oauth_discovery.go
@@ -25,9 +25,8 @@ func NewOAuthDiscoveryClient(c stytch.Client) *OAuthDiscoveryClient {
 	}
 }
 
-// Authenticate: Authenticates the Discovery OAuth token and exchanges it for an Intermediate Session
-// Token. Intermediate Session Tokens can be used for various Discovery login flows and are valid for 10
-// minutes.
+// Authenticate: Authenticates the Discovery token and exchanges it for an Intermediate Session Token.
+// Intermediate Session Tokens can be used for various Discovery login flows and are valid for 10 minutes.
 func (c *OAuthDiscoveryClient) Authenticate(
 	ctx context.Context,
 	body *discovery.AuthenticateParams,

diff --git a/stytch/b2b/organizations.go b/stytch/b2b/organizations.go
@@ -29,7 +29,7 @@ func NewOrganizationsClient(c stytch.Client) *OrganizationsClient {
 	}
 }
 
-// Create: Creates an Organization. An `organization_name` and a unique `organization_slug` are required.
+// Create: Creates an. An `organization_name` and a unique `organization_slug` are required.
 //
 // By default, `email_invites` and `sso_jit_provisioning` will be set to `ALL_ALLOWED`, and `mfa_policy`
 // will be set to `OPTIONAL` if no Organization authentication settings are explicitly defined in the
@@ -66,7 +66,7 @@ func (c *OrganizationsClient) Create(
 	return &retVal, err
 }
 
-// Get: Returns an Organization specified by `organization_id`.
+// Get: Returns an specified by `organization_id`.
 func (c *OrganizationsClient) Get(
 	ctx context.Context,
 	body *organizations.GetParams,
@@ -86,8 +86,8 @@ func (c *OrganizationsClient) Get(
 	return &retVal, err
 }
 
-// Update: Updates an Organization specified by `organization_id`. An Organization must always have at
-// least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members.
+// Update: Updates an specified by `organization_id`. An Organization must always have at least one auth
+// setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members.
 //
 // *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings)
 // resource to learn more about fields like `email_jit_provisioning`, `email_invites`,
@@ -124,8 +124,7 @@ func (c *OrganizationsClient) Update(
 	return &retVal, err
 }
 
-// Delete: Deletes an Organization specified by `organization_id`. All Members of the Organization will
-// also be deleted.
+// Delete: Deletes an specified by `organization_id`. All Members of the Organization will also be deleted.
 func (c *OrganizationsClient) Delete(
 	ctx context.Context,
 	body *organizations.DeleteParams,

diff --git a/stytch/b2b/organizations_members.go b/stytch/b2b/organizations_members.go
@@ -29,7 +29,7 @@ func NewOrganizationsMembersClient(c stytch.Client) *OrganizationsMembersClient
 	}
 }
 
-// Update: Updates a Member specified by `organization_id` and `member_id`.
+// Update: Updates a specified by `organization_id` and `member_id`.
 func (c *OrganizationsMembersClient) Update(
 	ctx context.Context,
 	body *members.UpdateParams,
@@ -62,7 +62,7 @@ func (c *OrganizationsMembersClient) Update(
 	return &retVal, err
 }
 
-// Delete: Deletes a Member specified by `organization_id` and `member_id`.
+// Delete: Deletes a specified by `organization_id` and `member_id`.
 func (c *OrganizationsMembersClient) Delete(
 	ctx context.Context,
 	body *members.DeleteParams,
@@ -86,8 +86,9 @@ func (c *OrganizationsMembersClient) Delete(
 	return &retVal, err
 }
 
-// Reactivate: Reactivates a deleted Member's status and its associated email status (if applicable) to
-// active, specified by `organization_id` and `member_id`.
+// Reactivate: Reactivates a deleted's status and its associated email status (if applicable) to active,
+// specified by `organization_id` and `member_id`. This endpoint will only work for Members with at least
+// one verified email where their `email_address_verified` is `true`.
 func (c *OrganizationsMembersClient) Reactivate(
 	ctx context.Context,
 	body *members.ReactivateParams,
@@ -120,7 +121,7 @@ func (c *OrganizationsMembersClient) Reactivate(
 	return &retVal, err
 }
 
-// DeleteMFAPhoneNumber: Delete a Member's MFA phone number.
+// DeleteMFAPhoneNumber: Delete a's MFA phone number.
 //
 // To change a Member's phone number, you must first call this endpoint to delete the existing phone number.
 //
@@ -219,7 +220,7 @@ func (c *OrganizationsMembersClient) Search(
 	return &retVal, err
 }
 
-// DeletePassword: Delete a Member's password.
+// DeletePassword: Delete a's password.
 func (c *OrganizationsMembersClient) DeletePassword(
 	ctx context.Context,
 	body *members.DeletePasswordParams,
@@ -266,8 +267,8 @@ func (c *OrganizationsMembersClient) DangerouslyGet(
 	return &retVal, err
 }
 
-// UnlinkRetiredEmail: Unlinks a retired email address from a Member specified by their `organization_id`
-// and `member_id`. The email address
+// UnlinkRetiredEmail: Unlinks a retired email address from a specified by their `organization_id` and
+// `member_id`. The email address
 // to be retired can be identified in the request body by either its `email_id`, its `email_address`, or
 // both. If using
 // both identifiers they must refer to the same email.
@@ -319,7 +320,7 @@ func (c *OrganizationsMembersClient) UnlinkRetiredEmail(
 	return &retVal, err
 }
 
-// Create: Creates a Member. An `organization_id` and `email_address` are required.
+// Create: Creates a. An `organization_id` and `email_address` are required.
 func (c *OrganizationsMembersClient) Create(
 	ctx context.Context,
 	body *members.CreateParams,

diff --git a/stytch/b2b/otp_sms.go b/stytch/b2b/otp_sms.go
@@ -27,7 +27,7 @@ func NewOTPsSmsClient(c stytch.Client) *OTPsSmsClient {
 	}
 }
 
-// Send a One-Time Passcode (OTP) to a Member's phone number.
+// Send a One-Time Passcode (OTP) to a's phone number.
 //
 // If the Member already has a phone number, the `mfa_phone_number` field is not needed; the endpoint will
 // send an OTP to the number associated with the Member.
@@ -105,8 +105,8 @@ func (c *OTPsSmsClient) Send(
 // or upon successful calls to discovery authenticate methods, such as
 // [email magic link discovery authenticate](https://stytch.com/docs/b2b/api/authenticate-discovery-magic-link).
 //
-// If the Organization's MFA policy is `REQUIRED_FOR_ALL`, a successful OTP authentication will change the
-// Member's `mfa_enrolled` status to `true` if it is not already `true`.
+// If the's MFA policy is `REQUIRED_FOR_ALL`, a successful OTP authentication will change the's
+// `mfa_enrolled` status to `true` if it is not already `true`.
 // If the Organization's MFA policy is `OPTIONAL`, the Member's MFA enrollment can be toggled by passing in
 // a value for the `set_mfa_enrollment` field.
 // The Member's MFA enrollment can also be toggled through the