stytchauth · ollie-stytch · Jan 2, 2024 · Jan 2, 2024
@@ -164,6 +164,24 @@ export interface B2BDiscoveryOrganizationsCreateRequest {
    *   for more information about role assignment.
    */
   rbac_email_implicit_role_assignments?: EmailImplicitRoleAssignment[];
+  /**
+   * The setting that controls which mfa methods can be used by Members of an Organization. The accepted
+   * values are:
+   *
+   *   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
+   *
+   *   `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication.
+   * This setting does not apply to Members with `is_breakglass` set to `true`.
+   *
+   */
+  mfa_methods?: string;
+  /**
+   * An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to
+   * `RESTRICTED`.
+   *   The list's accepted values are: `sms_otp` and `totp`.
+   *
+   */
+  allowed_mfa_methods?: string[];
 }
 
 // Response type for `discovery.organizations.create`.

@@ -499,7 +499,23 @@ export interface B2BOrganizationsCreateRequest {
    *   for more information about role assignment.
    */
   rbac_email_implicit_role_assignments?: EmailImplicitRoleAssignment[];
+  /**
+   * The setting that controls which mfa methods can be used by Members of an Organization. The accepted
+   * values are:
+   *
+   *   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
+   *
+   *   `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication.
+   * This setting does not apply to Members with `is_breakglass` set to `true`.
+   *
+   */
   mfa_methods?: string;
+  /**
+   * An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to
+   * `RESTRICTED`.
+   *   The list's accepted values are: `sms_otp` and `totp`.
+   *
+   */
   allowed_mfa_methods?: string[];
 }
 
@@ -786,7 +802,31 @@ export interface B2BOrganizationsUpdateRequest {
    * permission to perform the `update.settings.implicit-roles` action on the `stytch.organization` Resource.
    */
   rbac_email_implicit_role_assignments?: string[];
+  /**
+   * The setting that controls which mfa methods can be used by Members of an Organization. The accepted
+   * values are:
+   *
+   *   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
+   *
+   *   `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication.
+   * This setting does not apply to Members with `is_breakglass` set to `true`.
+   *
+   *
+   * If this field is provided and a session header is passed into the request, the Member Session must have
+   * permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization`
+   * Resource.
+   */
   mfa_methods?: string;
+  /**
+   * An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to
+   * `RESTRICTED`.
+   *   The list's accepted values are: `sms_otp` and `totp`.
+   *
+   *
+   * If this field is provided and a session header is passed into the request, the Member Session must have
+   * permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization`
+   * Resource.
+   */
   allowed_mfa_methods?: string[];
 }
 

@@ -122,7 +122,7 @@ export interface B2BSessionsAuthenticateRequest {
    *   authorized to perform the given action on the given Resource in the specified Organization. A Member
    * is authorized if
    *   their Member Session contains a Role, assigned
-   *   [explicitly or implicitly](https://github.com/docs/b2b/guides/rbac/role-assignment), with adequate
+   *   [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate
    * permissions.
    *   In addition, the `organization_id` passed in the authorization check must match the Member's
    * Organization.
@@ -456,7 +456,7 @@ export class Sessions {
    * If an `authorization_check` object is passed in, this method will also check if the Member is authorized
    * to perform the given action on the given Resource in the specified Organization. A Member is authorized
    * if their Member Session contains a Role, assigned
-   * [explicitly or implicitly](https://github.com/docs/b2b/guides/rbac/role-assignment), with adequate
+   * [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate
    * permissions.
    * In addition, the `organization_id` passed in the authorization check must match the Member's
    * Organization.

@@ -149,7 +149,7 @@ export interface OAuthAuthenticateResponse {
    * provider's API for a given user.
    *
    *   Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only
-   * returned by OIDC complaint identity providers.
+   * returned by OIDC compliant identity providers.
    */
   provider_values: OAuthProviderValues;
   /**