AUTH-929: Add MFA to the Node SDK (#233)

* AUTH-929: Add MFA to the Node SDK * 7.3.0
stytchauth · Jul 18, 2023 · 959ce27 · 959ce27
1 parent 558fbc9
commit 959ce27
Show file tree

Hide file tree

Showing 39 changed files with 587 additions and 25 deletions.
diff --git a/dist/b2b/client.js b/dist/b2b/client.js
diff --git a/dist/b2b/members.js b/dist/b2b/members.js
diff --git a/dist/b2b/mfa.js b/dist/b2b/mfa.js
diff --git a/dist/b2b/otps.js b/dist/b2b/otps.js
diff --git a/lib/b2b/client.ts b/lib/b2b/client.ts
@@ -8,6 +8,7 @@ import { JwtConfig } from "../shared/sessions";
 import { Discovery } from "./discovery";
 import { Passwords } from "./passwords";
 import { OAuth } from "./oauth";
+import { OTPs } from "./otps";
 
 export class B2BClient extends BaseClient {
   protected jwtConfig: JwtConfig;
@@ -18,6 +19,7 @@ export class B2BClient extends BaseClient {
   sso: SSO;
   discovery: Discovery;
   passwords: Passwords;
+  otps: OTPs;
 
   constructor(config: ClientConfig) {
     super(config);
@@ -43,5 +45,6 @@ export class B2BClient extends BaseClient {
     this.discovery = new Discovery(this.fetchConfig);
     this.passwords = new Passwords(this.fetchConfig);
     this.oauth = new OAuth(this.fetchConfig);
+    this.otps = new OTPs(this.fetchConfig);
   }
 }
diff --git a/lib/b2b/discovery.ts b/lib/b2b/discovery.ts
@@ -1,6 +1,7 @@
 import { MemberSession, ResponseWithMember } from "./shared_b2b";
 import { BaseResponse, request, fetchConfig } from "../shared";
 import { DiscoveredOrganization } from "./organizations";
+import { MfaRequired } from "./mfa";
 
 export interface B2BDiscoveryOrganizationsRequest {
   intermediate_session_token?: string;
@@ -11,6 +12,7 @@ export interface B2BDiscoveryOrganizationsRequest {
 export interface B2BDiscoveryOrganizationsResponse extends BaseResponse {
   email_address: string;
   discovered_organizations: DiscoveredOrganization[];
+  organization_id_hint: string | null;
 }
 
 export interface B2BDiscoveryOrganizationCreateRequest {
@@ -27,27 +29,35 @@ export interface B2BDiscoveryOrganizationCreateRequest {
   email_invites?: "ALL_ALLOWED" | "RESTRICTED" | "NOT_ALLOWED";
   auth_methods?: "ALL_ALLOWED" | "RESTRICTED";
   allowed_auth_methods?: string[];
+  mfa_policy?: "OPTIONAL" | "REQUIRED_FOR_ALL";
 }
 
 export interface B2BDiscoveryOrganizationCreateResponse
   extends ResponseWithMember {
-  member_session: MemberSession;
+  member_session: MemberSession | null;
   session_token: string;
   session_jwt: string;
+  member_authenticated: boolean;
+  intermediate_session_token: string;
+  mfa_required: MfaRequired | null;
 }
 
 export interface B2BDiscoveryIntermediateSessionExchangeRequest {
   intermediate_session_token: string;
   organization_id: string;
   session_duration_minutes?: number;
   session_custom_claims?: Record<string, any>; // eslint-disable-line @typescript-eslint/no-explicit-any
+  locale?: "en" | "es" | "pt-br";
 }
 
 export interface B2BDiscoveryIntermediateSessionExchangeResponse
   extends ResponseWithMember {
-  member_session: MemberSession;
+  member_session: MemberSession | null;
   session_token: string;
   session_jwt: string;
+  member_authenticated: boolean;
+  intermediate_session_token: string;
+  mfa_required: MfaRequired | null;
 }
 
 class Organizations {

diff --git a/lib/b2b/index.ts b/lib/b2b/index.ts
@@ -119,3 +119,10 @@ export type {
   SAMLConnection,
   OIDCConnection,
 } from "./sso";
+
+export type {
+  B2BOTPsSMSSendRequest,
+  B2BOTPsSMSSendResponse,
+  B2BOTPsSMSAuthenticateRequest,
+  B2BOTPsSMSAuthenticateResponse,
+} from "./otps";
diff --git a/lib/b2b/magic_links.ts b/lib/b2b/magic_links.ts
@@ -1,6 +1,7 @@
 import { MemberSession, ResponseWithMember } from "./shared_b2b";
 import { BaseResponse, fetchConfig, request } from "../shared";
 import { DiscoveredOrganization } from "./organizations";
+import { MfaRequired } from "./mfa";
 
 export interface B2BMagicLinksLoginOrSignupByEmailRequest {
   organization_id: string;
@@ -39,15 +40,19 @@ export interface B2BMagicLinksAuthenticateRequest {
   session_duration_minutes?: number;
   session_custom_claims?: Record<string, any>; // eslint-disable-line @typescript-eslint/no-explicit-any
   pkce_code_verifier?: string;
+  locale?: "en" | "es" | "pt-br";
 }
 
 export interface B2BMagicLinksAuthenticateResponse extends ResponseWithMember {
   organization_id: string;
   method_id: string;
-  member_session?: MemberSession;
+  member_session: MemberSession | null;
   session_token?: string;
   session_jwt?: string;
   reset_sessions: boolean;
+  member_authenticated: boolean;
+  intermediate_session_token: string;
+  mfa_required: MfaRequired | null;
 }
 
 export interface B2BMagicLinksDiscoveryByEmailRequest {

diff --git a/lib/b2b/members.ts b/lib/b2b/members.ts
@@ -15,6 +15,8 @@ export interface B2BMemberCreateRequest {
   untrusted_metadata?: Record<string, any>; // eslint-disable-line @typescript-eslint/no-explicit-any
   create_member_as_pending?: boolean;
   is_breakglass?: boolean;
+  phone_number?: string;
+  mfa_enrolled?: boolean;
 }
 
 export type B2BMemberCreateResponse = ResponseWithMember;
@@ -34,6 +36,8 @@ export interface B2BMemberUpdateRequest {
   trusted_metadata?: Record<string, any>; // eslint-disable-line @typescript-eslint/no-explicit-any
   untrusted_metadata?: Record<string, any>; // eslint-disable-line @typescript-eslint/no-explicit-any
   is_breakglass?: boolean;
+  phone_number?: string;
+  mfa_enrolled?: boolean;
 }
 
 export type B2BMemberUpdateResponse = ResponseWithMember;
@@ -58,6 +62,14 @@ export type MemberSearchOperand =
   | {
       filter_name: "statuses";
       filter_value: string[];
+    }
+  | {
+      filter_name: "member_phone_numbers";
+      filter_value: string[];
+    }
+  | {
+      filter_name: "member_phone_number_fuzzy";
+      filter_value: string;
     };
 
 export interface B2BMemberSearchRequest {
@@ -85,6 +97,13 @@ export interface B2BMemberDeleteResponse extends BaseResponse {
   member_id: string;
 }
 
+export interface B2BMemberDeletePhoneNumberRequest {
+  organization_id: string;
+  member_phone_id: string;
+}
+
+export type B2BMemberDeletePhoneNumberResponse = ResponseWithMember;
+
 export class Members {
   private base_path: string;
   private fetchConfig: fetchConfig;
@@ -132,4 +151,13 @@ export class Members {
       data,
     });
   }
+
+  deletePhoneNumber(
+    data: B2BMemberDeletePhoneNumberRequest
+  ): Promise<B2BMemberDeletePhoneNumberResponse> {
+    return request(this.fetchConfig, {
+      method: "DELETE",
+      url: `${this.base_path}/${data.organization_id}/members/phone_numbers/${data.member_phone_id}`,
+    });
+  }
 }
diff --git a/lib/b2b/mfa.ts b/lib/b2b/mfa.ts
@@ -0,0 +1,8 @@
+export interface MemberOptions {
+  phone_number: string;
+}
+
+export interface MfaRequired {
+  member_options: MemberOptions;
+  secondary_auth_initiated: "sms_otp" | null;
+}
diff --git a/lib/b2b/oauth.ts b/lib/b2b/oauth.ts
@@ -1,6 +1,7 @@
 import { MemberSession, Member } from "./shared_b2b";
 import { request, BaseResponse, fetchConfig } from "../shared";
 import { DiscoveredOrganization, Organization } from "./organizations";
+import { MfaRequired } from "./mfa";
 
 export interface B2BOAuthAuthenticateRequest {
   oauth_token: string;
@@ -9,6 +10,7 @@ export interface B2BOAuthAuthenticateRequest {
   session_duration_minutes?: number;
   session_custom_claims?: Record<string, any>; // eslint-disable-line @typescript-eslint/no-explicit-any
   pkce_code_verifier?: string;
+  locale?: "en" | "es" | "pt-br";
 }
 
 export interface B2BDiscoveryOAuthAuthenticateRequest {
@@ -29,8 +31,11 @@ export interface B2BOAuthAuthenticateResponse extends BaseResponse {
   organization: Organization;
   session_token?: string;
   session_jwt?: string;
-  member_session?: MemberSession;
+  member_session: MemberSession | null;
   provider_values: ProvidersValues;
+  member_authenticated: boolean;
+  intermediate_session_token: string;
+  mfa_required: MfaRequired | null;
 }
 
 export interface ProvidersValues {

diff --git a/lib/b2b/organizations.ts b/lib/b2b/organizations.ts
@@ -1,6 +1,7 @@
 import { SearchOperator, ResultsMetadata, Member } from "./shared_b2b";
 import { BaseResponse, request, fetchConfig } from "../shared";
 import { Members } from "./members";
+import { MfaRequired } from "./mfa";
 
 export type OrganizationSearchOperand =
   | {
@@ -57,6 +58,8 @@ export interface Organization {
 
   auth_methods: "ALL_ALLOWED" | "RESTRICTED";
   allowed_auth_methods: string[];
+
+  mfa_policy: "OPTIONAL" | "REQUIRED_FOR_ALL";
 }
 
 export interface DiscoveredOrganization {
@@ -73,6 +76,10 @@ export interface DiscoveredOrganization {
         member: Member;
       };
   member_authenticated: boolean;
+  primary_required: {
+    allowed_auth_methods: string[];
+  };
+  mfa_required: MfaRequired;
 }
 
 export interface B2BOrganizationCreateRequest {
@@ -86,6 +93,7 @@ export interface B2BOrganizationCreateRequest {
   email_invites?: "ALL_ALLOWED" | "RESTRICTED" | "NOT_ALLOWED";
   auth_methods?: "ALL_ALLOWED" | "RESTRICTED";
   allowed_auth_methods?: string[];
+  mfa_policy?: "OPTIONAL" | "REQUIRED_FOR_ALL";
 }
 
 export interface B2BOrganizationCreateResponse extends BaseResponse {
@@ -139,6 +147,8 @@ export interface B2BOrganizationUpdateRequest {
 
   auth_methods?: "ALL_ALLOWED" | "RESTRICTED";
   allowed_auth_methods?: string[];
+
+  mfa_policy?: "OPTIONAL" | "REQUIRED_FOR_ALL";
 }
 
 export interface B2BOrganizationUpdateResponse extends BaseResponse {