diff --git a/dist/b2b/scim_connection.js b/dist/b2b/scim_connection.js index 2a465627..d357248b 100644 --- a/dist/b2b/scim_connection.js +++ b/dist/b2b/scim_connection.js @@ -217,7 +217,7 @@ class Connection { } /** - * Get SCIM Connections. + * Get SCIM Connection. * @param params {@link B2BSCIMConnectionGetRequest} * @param options {@link B2BSCIMConnectionGetRequestOptions} * @returns {@link B2BSCIMConnectionGetResponse} diff --git a/dist/b2c/m2m.js b/dist/b2c/m2m.js index c5392924..3707eb35 100644 --- a/dist/b2c/m2m.js +++ b/dist/b2c/m2m.js @@ -97,19 +97,19 @@ class M2M { // ADDIMPORT: import { performAuthorizationCheck, ScopeAuthorizationFunc } from "./m2m_local"; // ADDIMPORT: import { ClientError } from "../shared/errors"; /** - * Authenticate an access token issued by Stytch from the Token endpoint. - * M2M access tokens are JWTs signed with the project's JWKs, and can be validated locally using any Stytch client library. - * You may pass in an optional set of scopes that the JWT must contain in order to enforce permissions. - * You may also override the default scope authorization function to implement custom authorization logic. - * - * @param data {@link AuthenticateTokenRequest} - * @param scopeAuthorizationFunc {@link ScopeAuthorizationFunc} - A function that checks if the token has the required scopes. - The default function assumes scopes are either direct string matches or written in the form "action:resource". See the - documentation for {@link performAuthorizationCheck} for more information. - * @async - * @returns {@link AuthenticateTokenResponse} - * @throws {ClientError} when token can not be authenticated - */ + * Authenticate an access token issued by Stytch from the Token endpoint. + * M2M access tokens are JWTs signed with the project's JWKs, and can be validated locally using any Stytch client library. + * You may pass in an optional set of scopes that the JWT must contain in order to enforce permissions. + * You may also override the default scope authorization function to implement custom authorization logic. + * + * @param data {@link AuthenticateTokenRequest} + * @param scopeAuthorizationFunc {@link ScopeAuthorizationFunc} - A function that checks if the token has the required scopes. + The default function assumes scopes are either direct string matches or written in the form "action:resource". See the + documentation for {@link performAuthorizationCheck} for more information. + * @async + * @returns {@link AuthenticateTokenResponse} + * @throws {ClientError} when token can not be authenticated + */ async authenticateToken(data, scopeAuthorizationFunc = _m2m_local.performAuthorizationCheck) { const { sub, diff --git a/lib/b2b/index.ts b/lib/b2b/index.ts index 20b55877..0e747b2d 100644 --- a/lib/b2b/index.ts +++ b/lib/b2b/index.ts @@ -29,6 +29,7 @@ export type { B2BSCIMEmail, EnterpriseExtension, Group, + IMs, Manager, B2BSCIMName, B2BSCIMPhoneNumber, diff --git a/lib/b2b/organizations.ts b/lib/b2b/organizations.ts index fb3f551f..1b753f8f 100644 --- a/lib/b2b/organizations.ts +++ b/lib/b2b/organizations.ts @@ -251,6 +251,16 @@ export interface MemberRoleSource { * argument to the [Update SAML connection](https://stytch.com/docs/b2b/api/update-saml-connection) * endpoint. * + * `scim_connection_group` – an implicit Role granted by the Member's SCIM connection and group. If the + * Member has + * a SCIM Member registration with the given connection, and belongs to a specific group within the IdP, + * this role assignment will appear in the list. + * + * SCIM group implicit role assignments can be updated by passing in the + * `scim_group_implicit_role_assignments` + * argument to the [Update SCIM connection](https://stytch.com/docs/b2b/api/update-scim-connection) + * endpoint. + * */ type: string; /** @@ -267,6 +277,9 @@ export interface MemberRoleSource { * `group` * that granted the assignment. * + * `scim_connection_group` – will contain the `connection_id` of the SAML connection and the `group_id` + * that granted the assignment. + * */ details?: Record; // eslint-disable-line @typescript-eslint/no-explicit-any } diff --git a/lib/b2b/scim.ts b/lib/b2b/scim.ts index d480326e..5f1b1200 100644 --- a/lib/b2b/scim.ts +++ b/lib/b2b/scim.ts @@ -54,6 +54,11 @@ export interface Group { display: string; } +export interface IMs { + value: string; + type: string; +} + export interface Manager { value: string; ref: string; @@ -77,6 +82,7 @@ export interface SCIMAttributes { emails: B2BSCIMEmail[]; phone_numbers: B2BSCIMPhoneNumber[]; addresses: Address[]; + ims: IMs[]; name?: B2BSCIMName; enterprise_extension?: EnterpriseExtension; } @@ -138,6 +144,7 @@ export interface SCIMGroup { export interface SCIMGroupImplicitRoleAssignments { // The ID of the role. role_id: string; + // The ID of the group. group_id: string; group_name: string; } diff --git a/lib/b2b/scim_connection.ts b/lib/b2b/scim_connection.ts index eea162fa..e6362269 100644 --- a/lib/b2b/scim_connection.ts +++ b/lib/b2b/scim_connection.ts @@ -334,8 +334,8 @@ export interface B2BSCIMConnectionUpdateRequest { | "rippling" | string; /** - * An array of SCIM group implicit role assignments. Each object in the array must contain a `group` and a - * `role_id`. + * An array of SCIM group implicit role assignments. Each object in the array must contain a `group_id` and + * a `role_id`. */ scim_group_implicit_role_assignments?: SCIMGroupImplicitRoleAssignments[]; } @@ -557,7 +557,7 @@ export class Connection { } /** - * Get SCIM Connections. + * Get SCIM Connection. * @param params {@link B2BSCIMConnectionGetRequest} * @param options {@link B2BSCIMConnectionGetRequestOptions} * @returns {@link B2BSCIMConnectionGetResponse} diff --git a/lib/b2c/crypto_wallets.ts b/lib/b2c/crypto_wallets.ts index bc11d65d..2b9c86d4 100644 --- a/lib/b2c/crypto_wallets.ts +++ b/lib/b2c/crypto_wallets.ts @@ -26,9 +26,16 @@ export interface SIWEParams { * authentication. Every resource must be an RFC 3986 URI. */ resources: string[]; - // The EIP-155 Chain ID to which the session is bound. Defaults to 1. - chain_id?: number; - // A human-readable ASCII assertion that the user will sign. + /** + * The EIP-155 Chain ID to which the session is bound. Defaults to 1. Must be the string representation of + * an integer between 1 and 9,223,372,036,854,775,771, inclusive. + */ + chain_id?: string; + /** + * A human-readable ASCII assertion that the user will sign. The statement may only include reserved, + * unreserved, or space characters according to RFC 3986 definitions, and must not contain other forms of + * whitespace such as newlines, tabs, and carriage returns. + */ statement?: string; /** * The time when the message was generated. Defaults to the current time. All timestamps in our API conform @@ -41,7 +48,10 @@ export interface SIWEParams { * `2021-12-29T12:33:09Z`. */ not_before?: string; - // A system-specific identifier that may be used to uniquely refer to the sign-in request. + /** + * A system-specific identifier that may be used to uniquely refer to the sign-in request. The + * `message_request_id` must be a valid pchar according to RFC 3986 definitions. + */ message_request_id?: string; } @@ -172,7 +182,7 @@ export interface CryptoWalletsSIWEParamsResponse { // An RFC 3986 URI referring to the resource that is the subject of the signing. uri: string; // The EIP-155 Chain ID to which the session is bound. - chain_id: number; + chain_id: string; /** * A list of information or references to information the user wishes to have resolved as part of * authentication. Every resource must be an RFC 3986 URI. diff --git a/lib/b2c/m2m.ts b/lib/b2c/m2m.ts index d235a9d4..3e53d0de 100644 --- a/lib/b2c/m2m.ts +++ b/lib/b2c/m2m.ts @@ -241,19 +241,19 @@ export class M2M { // ADDIMPORT: import { performAuthorizationCheck, ScopeAuthorizationFunc } from "./m2m_local"; // ADDIMPORT: import { ClientError } from "../shared/errors"; /** - * Authenticate an access token issued by Stytch from the Token endpoint. - * M2M access tokens are JWTs signed with the project's JWKs, and can be validated locally using any Stytch client library. - * You may pass in an optional set of scopes that the JWT must contain in order to enforce permissions. - * You may also override the default scope authorization function to implement custom authorization logic. - * - * @param data {@link AuthenticateTokenRequest} - * @param scopeAuthorizationFunc {@link ScopeAuthorizationFunc} - A function that checks if the token has the required scopes. - The default function assumes scopes are either direct string matches or written in the form "action:resource". See the - documentation for {@link performAuthorizationCheck} for more information. - * @async - * @returns {@link AuthenticateTokenResponse} - * @throws {ClientError} when token can not be authenticated - */ + * Authenticate an access token issued by Stytch from the Token endpoint. + * M2M access tokens are JWTs signed with the project's JWKs, and can be validated locally using any Stytch client library. + * You may pass in an optional set of scopes that the JWT must contain in order to enforce permissions. + * You may also override the default scope authorization function to implement custom authorization logic. + * + * @param data {@link AuthenticateTokenRequest} + * @param scopeAuthorizationFunc {@link ScopeAuthorizationFunc} - A function that checks if the token has the required scopes. + The default function assumes scopes are either direct string matches or written in the form "action:resource". See the + documentation for {@link performAuthorizationCheck} for more information. + * @async + * @returns {@link AuthenticateTokenResponse} + * @throws {ClientError} when token can not be authenticated + */ async authenticateToken( data: AuthenticateTokenRequest, scopeAuthorizationFunc: ScopeAuthorizationFunc = performAuthorizationCheck diff --git a/package-lock.json b/package-lock.json index f4c3c8d7..665531de 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "stytch", - "version": "11.2.0", + "version": "11.3.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "stytch", - "version": "11.2.0", + "version": "11.3.0", "license": "MIT", "dependencies": { "jose": "^5.6.3", diff --git a/package.json b/package.json index d60e722a..4ddc703d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "stytch", - "version": "11.2.0", + "version": "11.3.0", "description": "A wrapper for the Stytch API", "types": "./types/lib/index.d.ts", "main": "./dist/index.js", diff --git a/types/lib/b2b/index.d.ts b/types/lib/b2b/index.d.ts index 2439c2a4..7cb93996 100644 --- a/types/lib/b2b/index.d.ts +++ b/types/lib/b2b/index.d.ts @@ -4,7 +4,7 @@ export type { B2BSessionsAuthenticateJwtRequest, B2BSessionsAuthenticateJwtLocal export type { PolicyCache, performAuthorizationCheck } from "./rbac_local"; export type { Policy, PolicyResource, PolicyRole, PolicyRolePermission, B2BRBACPolicyResponse, } from "./rbac"; export type { MemberOptions, MfaRequired } from "./mfa"; -export type { Address, B2BSCIMEmail, EnterpriseExtension, Group, Manager, B2BSCIMName, B2BSCIMPhoneNumber, SCIMAttributes, SCIMConnection, SCIMConnectionWithNextToken, SCIMConnectionWithToken, SCIMGroup, SCIMGroupImplicitRoleAssignments, } from "./scim"; +export type { Address, B2BSCIMEmail, EnterpriseExtension, Group, IMs, Manager, B2BSCIMName, B2BSCIMPhoneNumber, SCIMAttributes, SCIMConnection, SCIMConnectionWithNextToken, SCIMConnectionWithToken, SCIMGroup, SCIMGroupImplicitRoleAssignments, } from "./scim"; export type { B2BSCIMConnectionCreateRequest, B2BSCIMConnectionCreateResponse, B2BSCIMConnectionDeleteRequest, B2BSCIMConnectionDeleteResponse, B2BSCIMConnectionGetGroupsRequest, B2BSCIMConnectionGetGroupsResponse, B2BSCIMConnectionGetRequest, B2BSCIMConnectionGetResponse, B2BSCIMConnectionRotateCancelRequest, B2BSCIMConnectionRotateCancelResponse, B2BSCIMConnectionRotateCompleteRequest, B2BSCIMConnectionRotateCompleteResponse, B2BSCIMConnectionRotateStartRequest, B2BSCIMConnectionRotateStartResponse, B2BSCIMConnectionUpdateRequest, B2BSCIMConnectionUpdateResponse, B2BSCIMConnectionUpdateRequestOptions, B2BSCIMConnectionDeleteRequestOptions, B2BSCIMConnectionRotateStartRequestOptions, B2BSCIMConnectionRotateCompleteRequestOptions, B2BSCIMConnectionRotateCancelRequestOptions, B2BSCIMConnectionGetGroupsRequestOptions, B2BSCIMConnectionCreateRequestOptions, B2BSCIMConnectionGetRequestOptions, } from "./scim_connection"; export type { ActiveSCIMConnection, ActiveSSOConnection, EmailImplicitRoleAssignment, Member, MemberRole, MemberRoleSource, OAuthRegistration, Organization, B2BOrganizationsResultsMetadata, RetiredEmail, SCIMRegistration, SSORegistration, SearchQuery, B2BOrganizationsCreateRequest, B2BOrganizationsCreateResponse, B2BOrganizationsDeleteRequest, B2BOrganizationsDeleteResponse, B2BOrganizationsGetRequest, B2BOrganizationsGetResponse, B2BOrganizationsMetricsRequest, B2BOrganizationsMetricsResponse, B2BOrganizationsSearchRequest, B2BOrganizationsSearchResponse, B2BOrganizationsUpdateRequest, B2BOrganizationsUpdateResponse, B2BOrganizationsUpdateRequestOptions, B2BOrganizationsDeleteRequestOptions, } from "./organizations"; export type { B2BOrganizationsMembersCreateRequest, B2BOrganizationsMembersCreateResponse, B2BOrganizationsMembersDangerouslyGetRequest, B2BOrganizationsMembersDeleteMFAPhoneNumberRequest, B2BOrganizationsMembersDeleteMFAPhoneNumberResponse, B2BOrganizationsMembersDeletePasswordRequest, B2BOrganizationsMembersDeletePasswordResponse, B2BOrganizationsMembersDeleteRequest, B2BOrganizationsMembersDeleteResponse, B2BOrganizationsMembersDeleteTOTPRequest, B2BOrganizationsMembersDeleteTOTPResponse, B2BOrganizationsMembersGetRequest, B2BOrganizationsMembersGetResponse, B2BOrganizationsMembersReactivateRequest, B2BOrganizationsMembersReactivateResponse, B2BOrganizationsMembersSearchRequest, B2BOrganizationsMembersSearchResponse, B2BOrganizationsMembersUnlinkRetiredEmailRequest, B2BOrganizationsMembersUnlinkRetiredEmailResponse, B2BOrganizationsMembersUpdateRequest, B2BOrganizationsMembersUpdateResponse, B2BOrganizationsMembersUpdateRequestOptions, B2BOrganizationsMembersDeleteRequestOptions, B2BOrganizationsMembersReactivateRequestOptions, B2BOrganizationsMembersDeleteMFAPhoneNumberRequestOptions, B2BOrganizationsMembersDeleteTOTPRequestOptions, B2BOrganizationsMembersSearchRequestOptions, B2BOrganizationsMembersDeletePasswordRequestOptions, B2BOrganizationsMembersUnlinkRetiredEmailRequestOptions, B2BOrganizationsMembersCreateRequestOptions, } from "./organizations_members"; diff --git a/types/lib/b2b/organizations.d.ts b/types/lib/b2b/organizations.d.ts index c5b3152d..7bac1f69 100644 --- a/types/lib/b2b/organizations.d.ts +++ b/types/lib/b2b/organizations.d.ts @@ -217,6 +217,16 @@ export interface MemberRoleSource { * argument to the [Update SAML connection](https://stytch.com/docs/b2b/api/update-saml-connection) * endpoint. * + * `scim_connection_group` – an implicit Role granted by the Member's SCIM connection and group. If the + * Member has + * a SCIM Member registration with the given connection, and belongs to a specific group within the IdP, + * this role assignment will appear in the list. + * + * SCIM group implicit role assignments can be updated by passing in the + * `scim_group_implicit_role_assignments` + * argument to the [Update SCIM connection](https://stytch.com/docs/b2b/api/update-scim-connection) + * endpoint. + * */ type: string; /** @@ -233,6 +243,9 @@ export interface MemberRoleSource { * `group` * that granted the assignment. * + * `scim_connection_group` – will contain the `connection_id` of the SAML connection and the `group_id` + * that granted the assignment. + * */ details?: Record; } diff --git a/types/lib/b2b/scim.d.ts b/types/lib/b2b/scim.d.ts index ac81fca6..bbe5c777 100644 --- a/types/lib/b2b/scim.d.ts +++ b/types/lib/b2b/scim.d.ts @@ -40,6 +40,10 @@ export interface Group { value: string; display: string; } +export interface IMs { + value: string; + type: string; +} export interface Manager { value: string; ref: string; @@ -62,6 +66,7 @@ export interface SCIMAttributes { emails: B2BSCIMEmail[]; phone_numbers: B2BSCIMPhoneNumber[]; addresses: Address[]; + ims: IMs[]; name?: B2BSCIMName; enterprise_extension?: EnterpriseExtension; } diff --git a/types/lib/b2b/scim_connection.d.ts b/types/lib/b2b/scim_connection.d.ts index 5353f66b..a93e885c 100644 --- a/types/lib/b2b/scim_connection.d.ts +++ b/types/lib/b2b/scim_connection.d.ts @@ -252,8 +252,8 @@ export interface B2BSCIMConnectionUpdateRequest { display_name?: string; identity_provider?: "generic" | "okta" | "microsoft-entra" | "cyberark" | "jumpcloud" | "onelogin" | "pingfederate" | "rippling" | string; /** - * An array of SCIM group implicit role assignments. Each object in the array must contain a `group` and a - * `role_id`. + * An array of SCIM group implicit role assignments. Each object in the array must contain a `group_id` and + * a `role_id`. */ scim_group_implicit_role_assignments?: SCIMGroupImplicitRoleAssignments[]; } @@ -352,7 +352,7 @@ export declare class Connection { */ create(data: B2BSCIMConnectionCreateRequest, options?: B2BSCIMConnectionCreateRequestOptions): Promise; /** - * Get SCIM Connections. + * Get SCIM Connection. * @param params {@link B2BSCIMConnectionGetRequest} * @param options {@link B2BSCIMConnectionGetRequestOptions} * @returns {@link B2BSCIMConnectionGetResponse} diff --git a/types/lib/b2c/crypto_wallets.d.ts b/types/lib/b2c/crypto_wallets.d.ts index 878f7db2..c70e004a 100644 --- a/types/lib/b2c/crypto_wallets.d.ts +++ b/types/lib/b2c/crypto_wallets.d.ts @@ -17,7 +17,16 @@ export interface SIWEParams { * authentication. Every resource must be an RFC 3986 URI. */ resources: string[]; - chain_id?: number; + /** + * The EIP-155 Chain ID to which the session is bound. Defaults to 1. Must be the string representation of + * an integer between 1 and 9,223,372,036,854,775,771, inclusive. + */ + chain_id?: string; + /** + * A human-readable ASCII assertion that the user will sign. The statement may only include reserved, + * unreserved, or space characters according to RFC 3986 definitions, and must not contain other forms of + * whitespace such as newlines, tabs, and carriage returns. + */ statement?: string; /** * The time when the message was generated. Defaults to the current time. All timestamps in our API conform @@ -30,6 +39,10 @@ export interface SIWEParams { * `2021-12-29T12:33:09Z`. */ not_before?: string; + /** + * A system-specific identifier that may be used to uniquely refer to the sign-in request. The + * `message_request_id` must be a valid pchar according to RFC 3986 definitions. + */ message_request_id?: string; } export interface CryptoWalletsAuthenticateRequest { @@ -133,7 +146,7 @@ export interface CryptoWalletsAuthenticateStartResponse { export interface CryptoWalletsSIWEParamsResponse { domain: string; uri: string; - chain_id: number; + chain_id: string; /** * A list of information or references to information the user wishes to have resolved as part of * authentication. Every resource must be an RFC 3986 URI. diff --git a/types/lib/b2c/m2m.d.ts b/types/lib/b2c/m2m.d.ts index 7946a060..7beb3150 100644 --- a/types/lib/b2c/m2m.d.ts +++ b/types/lib/b2c/m2m.d.ts @@ -133,18 +133,18 @@ export declare class M2M { */ token(data: TokenRequest): Promise; /** - * Authenticate an access token issued by Stytch from the Token endpoint. - * M2M access tokens are JWTs signed with the project's JWKs, and can be validated locally using any Stytch client library. - * You may pass in an optional set of scopes that the JWT must contain in order to enforce permissions. - * You may also override the default scope authorization function to implement custom authorization logic. - * - * @param data {@link AuthenticateTokenRequest} - * @param scopeAuthorizationFunc {@link ScopeAuthorizationFunc} - A function that checks if the token has the required scopes. - The default function assumes scopes are either direct string matches or written in the form "action:resource". See the - documentation for {@link performAuthorizationCheck} for more information. - * @async - * @returns {@link AuthenticateTokenResponse} - * @throws {ClientError} when token can not be authenticated - */ + * Authenticate an access token issued by Stytch from the Token endpoint. + * M2M access tokens are JWTs signed with the project's JWKs, and can be validated locally using any Stytch client library. + * You may pass in an optional set of scopes that the JWT must contain in order to enforce permissions. + * You may also override the default scope authorization function to implement custom authorization logic. + * + * @param data {@link AuthenticateTokenRequest} + * @param scopeAuthorizationFunc {@link ScopeAuthorizationFunc} - A function that checks if the token has the required scopes. + The default function assumes scopes are either direct string matches or written in the form "action:resource". See the + documentation for {@link performAuthorizationCheck} for more information. + * @async + * @returns {@link AuthenticateTokenResponse} + * @throws {ClientError} when token can not be authenticated + */ authenticateToken(data: AuthenticateTokenRequest, scopeAuthorizationFunc?: ScopeAuthorizationFunc): Promise; }