Uptake TOTP and recovery code changes and docs (#294)

* Uptake TOTP and recovery code changes and docs * version * delete naming, webauthn factor optional
stytchauth · Jan 23, 2024 · 036c3e7 · 036c3e7
1 parent 25767b1
commit 036c3e7
Show file tree

Hide file tree

Showing 25 changed files with 447 additions and 14 deletions.
diff --git a/dist/b2b/organizations_members.js b/dist/b2b/organizations_members.js
diff --git a/dist/b2b/otp_sms.js b/dist/b2b/otp_sms.js
diff --git a/dist/b2b/recovery_codes.js b/dist/b2b/recovery_codes.js
diff --git a/dist/b2b/totps.js b/dist/b2b/totps.js
diff --git a/dist/b2c/otps_sms.js b/dist/b2c/otps_sms.js
diff --git a/lib/b2b/index.ts b/lib/b2b/index.ts
@@ -58,6 +58,8 @@ export type {
   B2BOrganizationsMembersDeletePasswordResponse,
   B2BOrganizationsMembersDeleteRequest,
   B2BOrganizationsMembersDeleteResponse,
+  B2BOrganizationsMembersDeleteTOTPRequest,
+  B2BOrganizationsMembersDeleteTOTPResponse,
   B2BOrganizationsMembersGetRequest,
   B2BOrganizationsMembersGetResponse,
   B2BOrganizationsMembersReactivateRequest,
@@ -70,6 +72,7 @@ export type {
   B2BOrganizationsMembersDeleteRequestOptions,
   B2BOrganizationsMembersReactivateRequestOptions,
   B2BOrganizationsMembersDeleteMFAPhoneNumberRequestOptions,
+  B2BOrganizationsMembersDeleteTOTPRequestOptions,
   B2BOrganizationsMembersSearchRequestOptions,
   B2BOrganizationsMembersDeletePasswordRequestOptions,
   B2BOrganizationsMembersCreateRequestOptions,

diff --git a/lib/b2b/organizations.ts b/lib/b2b/organizations.ts
@@ -111,6 +111,7 @@ export interface Member {
    *   [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for more details on this Role.
    */
   is_admin: boolean;
+  totp_registration_id: string;
   /**
    * Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they
    * wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the

diff --git a/lib/b2b/organizations_members.ts b/lib/b2b/organizations_members.ts
@@ -53,6 +53,15 @@ export interface B2BOrganizationsMembersDeleteRequestOptions {
   authorization?: Authorization;
 }
 
+export interface B2BOrganizationsMembersDeleteTOTPRequestOptions {
+  /**
+   * Optional authorization object.
+   * Pass in an active Stytch Member session token or session JWT and the request
+   * will be run using that member's permissions.
+   */
+  authorization?: Authorization;
+}
+
 export interface B2BOrganizationsMembersReactivateRequestOptions {
   /**
    * Optional authorization object.
@@ -255,6 +264,19 @@ export interface B2BOrganizationsMembersDeleteResponse {
   status_code: number;
 }
 
+export interface B2BOrganizationsMembersDeleteTOTPRequest {
+  organization_id: string;
+  member_id: string;
+}
+
+export interface B2BOrganizationsMembersDeleteTOTPResponse {
+  request_id: string;
+  member_id: string;
+  member: Member;
+  organization: Organization;
+  status_code: number;
+}
+
 // Request type for `organizations.members.get`.
 export interface B2BOrganizationsMembersGetRequest {
   /**
@@ -480,6 +502,11 @@ export interface B2BOrganizationsMembersUpdateRequest {
    *   authentication factors with the affected SSO connection IDs will be revoked.
    */
   preserve_existing_sessions?: boolean;
+  /**
+   * The Member's default MFA method. This value is used to determine which secondary MFA method to use in
+   * the case of multiple methods registered for a Member. The current possible values are `sms_otp` and
+   * `totp`.
+   */
   default_mfa_method?: string;
 }
 
@@ -656,6 +683,33 @@ export class Members {
     );
   }
 
+  /**
+   * @param data {@link B2BOrganizationsMembersDeleteTOTPRequest}
+   * @param options {@link B2BOrganizationsMembersDeleteTOTPRequestOptions}
+   * @returns {@link B2BOrganizationsMembersDeleteTOTPResponse}
+   * @async
+   * @throws A {@link StytchError} on a non-2xx response from the Stytch API
+   * @throws A {@link RequestError} when the Stytch API cannot be reached
+   */
+  deleteTOTP(
+    data: B2BOrganizationsMembersDeleteTOTPRequest,
+    options?: B2BOrganizationsMembersDeleteTOTPRequestOptions
+  ): Promise<B2BOrganizationsMembersDeleteTOTPResponse> {
+    const headers: Record<string, string> = {};
+    if (options?.authorization) {
+      addAuthorizationHeaders(headers, options.authorization);
+    }
+    return request<B2BOrganizationsMembersDeleteTOTPResponse>(
+      this.fetchConfig,
+      {
+        method: "DELETE",
+        url: `/v1/b2b/organizations/${data.organization_id}/members/${data.member_id}/totp`,
+        headers,
+        data: {},
+      }
+    );
+  }
+
   /**
    * Search for Members within specified Organizations. An array with at least one `organization_id` is
    * required. Submitting an empty `query` returns all non-deleted Members within the specified Organizations.

diff --git a/lib/b2b/otp_sms.ts b/lib/b2b/otp_sms.ts
@@ -139,8 +139,22 @@ export interface B2BOTPSmsSendRequest {
    *
    */
   locale?: "en" | "es" | "pt-br" | string;
+  /**
+   * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a
+   * Member, but represents a bag of factors that may be converted to a member session.
+   *     The token can be used with the
+   * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA
+   * flow;
+   *     the
+   * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session)
+   * to join a specific Organization that allows the factors represented by the intermediate session token;
+   *     or the
+   * [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member.
+   */
   intermediate_session_token?: string;
+  // A secret token for a given Stytch Session.
   session_token?: string;
+  // The JSON Web Token (JWT) for a given Stytch Session.
   session_jwt?: string;
 }
 
@@ -191,6 +205,9 @@ export class Sms {
    * subsequent authentication events, such as prompting a Member for an OTP again after a period of
    * inactivity.
    *
+   * Passing an intermediate session token, session token, or session JWT is not required, but if passed must
+   * match the Member ID passed.
+   *
    * ### Cost to send SMS OTP
    * Before configuring SMS or WhatsApp OTPs, please review how Stytch
    * [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your

diff --git a/lib/b2b/passwords_email.ts b/lib/b2b/passwords_email.ts
@@ -195,6 +195,8 @@ export interface B2BPasswordsEmailResetStartResponse {
   member_id: string;
   // Globally unique UUID that identifies a member's email
   member_email_id: string;
+  // The [Member object](https://stytch.com/docs/b2b/api/member-object)
+  member: Member;
   /**
    * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g.
    * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.