diff --git a/dist/b2b/magic_links.js b/dist/b2b/magic_links.js index e5b2446b..83b80a76 100644 --- a/dist/b2b/magic_links.js +++ b/dist/b2b/magic_links.js @@ -35,8 +35,10 @@ class MagicLinks { * If the Member is required to complete MFA to log in to the Organization, the returned value of * `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. * The `intermediate_session_token` can be passed into the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA step and acquire a full member session. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete + * the MFA step and acquire a full member session. * The `intermediate_session_token` can also be used with the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * or the diff --git a/dist/b2b/organizations_members.js b/dist/b2b/organizations_members.js index 71623759..de29f11a 100644 --- a/dist/b2b/organizations_members.js +++ b/dist/b2b/organizations_members.js @@ -5,6 +5,7 @@ Object.defineProperty(exports, "__esModule", { }); exports.Members = void 0; var _method_options = require("../shared/method_options"); +var _organizations_members_oauth_providers = require("./organizations_members_oauth_providers"); var _shared = require("../shared"); // !!! // WARNING: This file is autogenerated @@ -49,6 +50,7 @@ var _shared = require("../shared"); class Members { constructor(fetchConfig) { this.fetchConfig = fetchConfig; + this.oauthProviders = new _organizations_members_oauth_providers.OAuthProviders(this.fetchConfig); } /** diff --git a/dist/b2b/organizations_members_oauth_providers.js b/dist/b2b/organizations_members_oauth_providers.js new file mode 100644 index 00000000..c316959e --- /dev/null +++ b/dist/b2b/organizations_members_oauth_providers.js @@ -0,0 +1,77 @@ +"use strict"; + +Object.defineProperty(exports, "__esModule", { + value: true +}); +exports.OAuthProviders = void 0; +require("../shared/method_options"); +var _shared = require("../shared"); +// !!! +// WARNING: This file is autogenerated +// Only modify code within MANUAL() sections +// or your changes may be overwritten later! +// !!! + +// Response type for `organizations.members.oauthProviders.google`. + +/** + * Request type for `organizations.members.oauthProviders.google`, + * `organizations.members.oauthProviders.microsoft`. + */ + +// Response type for `organizations.members.oauthProviders.microsoft`. + +class OAuthProviders { + constructor(fetchConfig) { + this.fetchConfig = fetchConfig; + } + + /** + * Retrieve the saved Google access token and ID token for a member. After a successful OAuth login, Stytch + * will save the + * issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch + * will refresh the + * access token automatically. + * + * __Note:__ Google does not issue a refresh token on every login, and refresh tokens may expire if unused. + * To force a refresh token to be issued, pass the `?provider_prompt=consent` query param into the + * [Start Google OAuth flow](https://stytch.com/docs/b2b/api/oauth-google-start) endpoint. + * @param params {@link B2BOrganizationsMembersOAuthProvidersMicrosoftRequest} + * @returns {@link B2BOrganizationsMembersOAuthProvidersGoogleResponse} + * @async + * @throws A {@link StytchError} on a non-2xx response from the Stytch API + * @throws A {@link RequestError} when the Stytch API cannot be reached + */ + google(params) { + const headers = {}; + return (0, _shared.request)(this.fetchConfig, { + method: "GET", + url: `/v1/b2b/organizations/${params.organization_id}/members/${params.member_id}/oauth_providers/google`, + headers, + params: {} + }); + } + + /** + * Retrieve the saved Microsoft access token and ID token for a member. After a successful OAuth login, + * Stytch will save the + * issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch + * will refresh the + * access token automatically. + * @param params {@link B2BOrganizationsMembersOAuthProvidersMicrosoftRequest} + * @returns {@link B2BOrganizationsMembersOAuthProvidersMicrosoftResponse} + * @async + * @throws A {@link StytchError} on a non-2xx response from the Stytch API + * @throws A {@link RequestError} when the Stytch API cannot be reached + */ + microsoft(params) { + const headers = {}; + return (0, _shared.request)(this.fetchConfig, { + method: "GET", + url: `/v1/b2b/organizations/${params.organization_id}/members/${params.member_id}/oauth_providers/microsoft`, + headers, + params: {} + }); + } +} +exports.OAuthProviders = OAuthProviders; \ No newline at end of file diff --git a/dist/b2b/rbac.js b/dist/b2b/rbac.js index 449b399b..bac8e37e 100644 --- a/dist/b2b/rbac.js +++ b/dist/b2b/rbac.js @@ -23,14 +23,14 @@ class RBAC { * Get the active RBAC Policy for your current Stytch Project. An RBAC Policy is the canonical document * that stores all defined Resources and Roles within your RBAC permissioning model. * - * When using the backend SDKs, the RBAC Policy will automatically be loaded and refreshed in the - * background to allow for local evaluations, eliminating the need for an extra request to Stytch. + * When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating + * the need for an extra request to Stytch. The policy will be refreshed if an authorization check is + * requested and the RBAC policy was last updated more than 5 minutes ago. * - * Resources and Roles can be created and managed within the [Dashboard](/dashboard). Additionally, + * Resources and Roles can be created and managed within the [Dashboard](/dashboard/rbac). Additionally, * [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically * managed through certain Stytch API endpoints. * - * * Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about * Stytch's RBAC permissioning model. * @param params {@link B2BRBACPolicyRequest} diff --git a/dist/b2b/sso.js b/dist/b2b/sso.js index 15566041..2a11336a 100644 --- a/dist/b2b/sso.js +++ b/dist/b2b/sso.js @@ -90,8 +90,10 @@ class SSO { * If the Member is required to complete MFA to log in to the Organization, the returned value of * `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. * The `intermediate_session_token` can be passed into the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA step and acquire a full member session. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete + * the MFA step and acquire a full member session. * The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. * * If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an diff --git a/dist/b2c/otps_email.js b/dist/b2c/otps_email.js index 2cd6ad7f..c7c70dca 100644 --- a/dist/b2c/otps_email.js +++ b/dist/b2c/otps_email.js @@ -41,7 +41,7 @@ class Email { * ### Next steps * Collect the OTP which was delivered to the user. Call * [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the - * `phone_id` found in the response as the `method_id`. + * `email_id` found in the response as the `method_id`. * @param data {@link OTPsEmailSendRequest} * @returns {@link OTPsEmailSendResponse} * @async diff --git a/lib/b2b/discovery_intermediate_sessions.ts b/lib/b2b/discovery_intermediate_sessions.ts index 48e27b3f..214bfdf9 100644 --- a/lib/b2b/discovery_intermediate_sessions.ts +++ b/lib/b2b/discovery_intermediate_sessions.ts @@ -17,8 +17,10 @@ export interface B2BDiscoveryIntermediateSessionsExchangeRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; @@ -102,8 +104,10 @@ export interface B2BDiscoveryIntermediateSessionsExchangeResponse { * The returned Intermediate Session Token is identical to the one that was originally passed in to the * request. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * It can also be used with the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a different existing Organization, diff --git a/lib/b2b/discovery_organizations.ts b/lib/b2b/discovery_organizations.ts index 71bf0a02..957429fd 100644 --- a/lib/b2b/discovery_organizations.ts +++ b/lib/b2b/discovery_organizations.ts @@ -22,8 +22,10 @@ export interface B2BDiscoveryOrganizationsCreateRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; @@ -165,18 +167,18 @@ export interface B2BDiscoveryOrganizationsCreateRequest { */ rbac_email_implicit_role_assignments?: EmailImplicitRoleAssignment[]; /** - * The setting that controls which mfa methods can be used by Members of an Organization. The accepted + * The setting that controls which MFA methods can be used by Members of an Organization. The accepted * values are: * * `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. * - * `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. + * `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. * This setting does not apply to Members with `is_breakglass` set to `true`. * */ mfa_methods?: string; /** - * An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to + * An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to * `RESTRICTED`. * The list's accepted values are: `sms_otp` and `totp`. * @@ -208,8 +210,10 @@ export interface B2BDiscoveryOrganizationsCreateResponse { * The returned Intermediate Session Token is identical to the one that was originally passed in to the * request. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * It can also be used with the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a different existing Organization, @@ -236,8 +240,10 @@ export interface B2BDiscoveryOrganizationsListRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/lib/b2b/index.ts b/lib/b2b/index.ts index 62cf779a..928940bf 100644 --- a/lib/b2b/index.ts +++ b/lib/b2b/index.ts @@ -78,6 +78,12 @@ export type { B2BOrganizationsMembersCreateRequestOptions, } from "./organizations_members"; +export type { + B2BOrganizationsMembersOAuthProvidersGoogleResponse, + B2BOrganizationsMembersOAuthProvidersMicrosoftRequest, + B2BOrganizationsMembersOAuthProvidersMicrosoftResponse, +} from "./organizations_members_oauth_providers"; + export type { AuthorizationCheck, AuthorizationVerdict, diff --git a/lib/b2b/magic_links.ts b/lib/b2b/magic_links.ts index a4e5ce12..66cdc78d 100644 --- a/lib/b2b/magic_links.ts +++ b/lib/b2b/magic_links.ts @@ -117,8 +117,10 @@ export interface B2BMagicLinksAuthenticateResponse { * The returned Intermediate Session Token contains an Email Magic Link factor associated with the Member's * email address. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * It can also be used with the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a different existing Organization that allows login with Email Magic Links, @@ -161,8 +163,10 @@ export class MagicLinks { * If the Member is required to complete MFA to log in to the Organization, the returned value of * `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. * The `intermediate_session_token` can be passed into the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA step and acquire a full member session. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete + * the MFA step and acquire a full member session. * The `intermediate_session_token` can also be used with the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * or the diff --git a/lib/b2b/magic_links_discovery.ts b/lib/b2b/magic_links_discovery.ts index 44afc91e..c5f0509d 100644 --- a/lib/b2b/magic_links_discovery.ts +++ b/lib/b2b/magic_links_discovery.ts @@ -28,8 +28,10 @@ export interface B2BMagicLinksDiscoveryAuthenticateResponse { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/lib/b2b/magic_links_email.ts b/lib/b2b/magic_links_email.ts index 0f97ecfb..1a8b894a 100644 --- a/lib/b2b/magic_links_email.ts +++ b/lib/b2b/magic_links_email.ts @@ -5,8 +5,8 @@ // !!! import { - Authorization, addAuthorizationHeaders, + Authorization, } from "../shared/method_options"; import { Discovery } from "./magic_links_email_discovery"; import { fetchConfig } from "../shared"; diff --git a/lib/b2b/mfa.ts b/lib/b2b/mfa.ts index d5d42c49..2f91da61 100644 --- a/lib/b2b/mfa.ts +++ b/lib/b2b/mfa.ts @@ -9,6 +9,8 @@ import {} from "../shared/method_options"; export interface MemberOptions { // The Member's MFA phone number. mfa_phone_number: string; + // The Member's MFA TOTP registration ID. + totp_registration_id: string; } export interface MfaRequired { diff --git a/lib/b2b/oauth.ts b/lib/b2b/oauth.ts index b097d31e..dbb3ed0c 100644 --- a/lib/b2b/oauth.ts +++ b/lib/b2b/oauth.ts @@ -129,8 +129,10 @@ export interface B2BOAuthAuthenticateResponse { * The returned Intermediate Session Token contains an OAuth factor associated with the Member's email * address. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * It can also be used with the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a different existing Organization that allows login with OAuth, diff --git a/lib/b2b/oauth_discovery.ts b/lib/b2b/oauth_discovery.ts index 8f5dbd4b..83fa3261 100644 --- a/lib/b2b/oauth_discovery.ts +++ b/lib/b2b/oauth_discovery.ts @@ -32,8 +32,10 @@ export interface B2BOAuthDiscoveryAuthenticateResponse { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/lib/b2b/organizations.ts b/lib/b2b/organizations.ts index 4b221cf5..3a54f7e0 100644 --- a/lib/b2b/organizations.ts +++ b/lib/b2b/organizations.ts @@ -5,8 +5,8 @@ // !!! import { - Authorization, addAuthorizationHeaders, + Authorization, } from "../shared/method_options"; import { fetchConfig } from "../shared"; import { Members } from "./organizations_members"; @@ -354,18 +354,18 @@ export interface Organization { */ rbac_email_implicit_role_assignments: EmailImplicitRoleAssignment[]; /** - * The setting that controls which mfa methods can be used by Members of an Organization. The accepted + * The setting that controls which MFA methods can be used by Members of an Organization. The accepted * values are: * * `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. * - * `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. + * `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. * This setting does not apply to Members with `is_breakglass` set to `true`. * */ mfa_methods: string; /** - * An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to + * An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to * `RESTRICTED`. * The list's accepted values are: `sms_otp` and `totp`. * @@ -501,18 +501,18 @@ export interface B2BOrganizationsCreateRequest { */ rbac_email_implicit_role_assignments?: EmailImplicitRoleAssignment[]; /** - * The setting that controls which mfa methods can be used by Members of an Organization. The accepted + * The setting that controls which MFA methods can be used by Members of an Organization. The accepted * values are: * * `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. * - * `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. + * `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. * This setting does not apply to Members with `is_breakglass` set to `true`. * */ mfa_methods?: string; /** - * An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to + * An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to * `RESTRICTED`. * The list's accepted values are: `sms_otp` and `totp`. * @@ -804,22 +804,22 @@ export interface B2BOrganizationsUpdateRequest { */ rbac_email_implicit_role_assignments?: string[]; /** - * The setting that controls which mfa methods can be used by Members of an Organization. The accepted + * The setting that controls which MFA methods can be used by Members of an Organization. The accepted * values are: * * `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. * - * `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. + * `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. * This setting does not apply to Members with `is_breakglass` set to `true`. * * * If this field is provided and a session header is passed into the request, the Member Session must have - * permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` + * permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` * Resource. */ mfa_methods?: string; /** - * An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to + * An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to * `RESTRICTED`. * The list's accepted values are: `sms_otp` and `totp`. * diff --git a/lib/b2b/organizations_members.ts b/lib/b2b/organizations_members.ts index 58e75a55..aa2c5a00 100644 --- a/lib/b2b/organizations_members.ts +++ b/lib/b2b/organizations_members.ts @@ -5,8 +5,8 @@ // !!! import { - Authorization, addAuthorizationHeaders, + Authorization, } from "../shared/method_options"; import { B2BOrganizationsResultsMetadata, @@ -15,6 +15,7 @@ import { SearchQuery, } from "./organizations"; import { fetchConfig } from "../shared"; +import { OAuthProviders } from "./organizations_members_oauth_providers"; import { request } from "../shared"; export interface B2BOrganizationsMembersCreateRequestOptions { @@ -450,7 +451,7 @@ export interface B2BOrganizationsMembersUpdateRequest { * more details. * * If this field is provided and a session header is passed into the request, the Member Session must have - * permission to perform the `update.info.is-breakglass` action on the `stytch.member` Resource. + * permission to perform the `update.settings.is-breakglass` action on the `stytch.member` Resource. */ is_breakglass?: boolean; /** @@ -503,9 +504,15 @@ export interface B2BOrganizationsMembersUpdateRequest { */ preserve_existing_sessions?: boolean; /** - * The Member's default MFA method. This value is used to determine which secondary MFA method to use in - * the case of multiple methods registered for a Member. The current possible values are `sms_otp` and - * `totp`. + * Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they + * wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the + * Organization's MFA policy is set to `REQUIRED_FOR_ALL`. + * + * If this field is provided and a session header is passed into the request, the Member Session must have + * permission to perform the `update.settings.default-mfa-method` action on the `stytch.member` Resource. + * Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the + * request, the authorization check will also allow a Member Session that has permission to perform the + * `update.settings.default-mfa-method` action on the `stytch.self` Resource. */ default_mfa_method?: string; } @@ -532,9 +539,11 @@ export interface B2BOrganizationsMembersUpdateResponse { export class Members { private fetchConfig: fetchConfig; + oauthProviders: OAuthProviders; constructor(fetchConfig: fetchConfig) { this.fetchConfig = fetchConfig; + this.oauthProviders = new OAuthProviders(this.fetchConfig); } /** diff --git a/lib/b2b/organizations_members_oauth_providers.ts b/lib/b2b/organizations_members_oauth_providers.ts new file mode 100644 index 00000000..75cb630f --- /dev/null +++ b/lib/b2b/organizations_members_oauth_providers.ts @@ -0,0 +1,172 @@ +// !!! +// WARNING: This file is autogenerated +// Only modify code within MANUAL() sections +// or your changes may be overwritten later! +// !!! + +import {} from "../shared/method_options"; +import { fetchConfig } from "../shared"; +import { request } from "../shared"; + +// Response type for `organizations.members.oauthProviders.google`. +export interface B2BOrganizationsMembersOAuthProvidersGoogleResponse { + /** + * Globally unique UUID that is returned with every API call. This value is important to log for debugging + * purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. + */ + request_id: string; + /** + * Denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Microsoft, GitHub + * etc. + */ + provider_type: string; + /** + * The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or + * "Subject field" in OAuth protocols. + */ + provider_subject: string; + // The `access_token` that you may use to access the User's data in the provider's API. + access_token: string; + // The number of seconds until the access token expires. + access_token_expires_in: number; + /** + * The `id_token` returned by the OAuth provider. ID Tokens are JWTs that contain structured information + * about a user. The exact content of each ID Token varies from provider to provider. ID Tokens are + * returned from OAuth providers that conform to the [OpenID Connect](https://openid.net/foundation/) + * specification, which is based on OAuth. + */ + id_token: string; + /** + * The OAuth scopes included for a given provider. See each provider's section above to see which scopes + * are included by default and how to add custom scopes. + */ + scopes: string[]; + /** + * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. + * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. + */ + status_code: number; +} + +/** + * Request type for `organizations.members.oauthProviders.google`, + * `organizations.members.oauthProviders.microsoft`. + */ +export interface B2BOrganizationsMembersOAuthProvidersMicrosoftRequest { + /** + * Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to + * perform operations on an Organization, so be sure to preserve this value. + */ + organization_id: string; + /** + * Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform + * operations on a Member, so be sure to preserve this value. + */ + member_id: string; +} + +// Response type for `organizations.members.oauthProviders.microsoft`. +export interface B2BOrganizationsMembersOAuthProvidersMicrosoftResponse { + /** + * Globally unique UUID that is returned with every API call. This value is important to log for debugging + * purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. + */ + request_id: string; + /** + * Denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Microsoft, GitHub + * etc. + */ + provider_type: string; + /** + * The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or + * "Subject field" in OAuth protocols. + */ + provider_subject: string; + // The `access_token` that you may use to access the User's data in the provider's API. + access_token: string; + // The number of seconds until the access token expires. + access_token_expires_in: number; + /** + * The `id_token` returned by the OAuth provider. ID Tokens are JWTs that contain structured information + * about a user. The exact content of each ID Token varies from provider to provider. ID Tokens are + * returned from OAuth providers that conform to the [OpenID Connect](https://openid.net/foundation/) + * specification, which is based on OAuth. + */ + id_token: string; + /** + * The OAuth scopes included for a given provider. See each provider's section above to see which scopes + * are included by default and how to add custom scopes. + */ + scopes: string[]; + /** + * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. + * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. + */ + status_code: number; +} + +export class OAuthProviders { + private fetchConfig: fetchConfig; + + constructor(fetchConfig: fetchConfig) { + this.fetchConfig = fetchConfig; + } + + /** + * Retrieve the saved Google access token and ID token for a member. After a successful OAuth login, Stytch + * will save the + * issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch + * will refresh the + * access token automatically. + * + * __Note:__ Google does not issue a refresh token on every login, and refresh tokens may expire if unused. + * To force a refresh token to be issued, pass the `?provider_prompt=consent` query param into the + * [Start Google OAuth flow](https://stytch.com/docs/b2b/api/oauth-google-start) endpoint. + * @param params {@link B2BOrganizationsMembersOAuthProvidersMicrosoftRequest} + * @returns {@link B2BOrganizationsMembersOAuthProvidersGoogleResponse} + * @async + * @throws A {@link StytchError} on a non-2xx response from the Stytch API + * @throws A {@link RequestError} when the Stytch API cannot be reached + */ + google( + params: B2BOrganizationsMembersOAuthProvidersMicrosoftRequest + ): Promise { + const headers: Record = {}; + return request( + this.fetchConfig, + { + method: "GET", + url: `/v1/b2b/organizations/${params.organization_id}/members/${params.member_id}/oauth_providers/google`, + headers, + params: {}, + } + ); + } + + /** + * Retrieve the saved Microsoft access token and ID token for a member. After a successful OAuth login, + * Stytch will save the + * issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch + * will refresh the + * access token automatically. + * @param params {@link B2BOrganizationsMembersOAuthProvidersMicrosoftRequest} + * @returns {@link B2BOrganizationsMembersOAuthProvidersMicrosoftResponse} + * @async + * @throws A {@link StytchError} on a non-2xx response from the Stytch API + * @throws A {@link RequestError} when the Stytch API cannot be reached + */ + microsoft( + params: B2BOrganizationsMembersOAuthProvidersMicrosoftRequest + ): Promise { + const headers: Record = {}; + return request( + this.fetchConfig, + { + method: "GET", + url: `/v1/b2b/organizations/${params.organization_id}/members/${params.member_id}/oauth_providers/microsoft`, + headers, + params: {}, + } + ); + } +} diff --git a/lib/b2b/otp_sms.ts b/lib/b2b/otp_sms.ts index 09cc69ea..36ef3d9c 100644 --- a/lib/b2b/otp_sms.ts +++ b/lib/b2b/otp_sms.ts @@ -28,8 +28,10 @@ export interface B2BOTPSmsAuthenticateRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; @@ -143,8 +145,10 @@ export interface B2BOTPSmsSendRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/lib/b2b/passwords.ts b/lib/b2b/passwords.ts index a98ea2d0..00706d0d 100644 --- a/lib/b2b/passwords.ts +++ b/lib/b2b/passwords.ts @@ -144,8 +144,10 @@ export interface B2BPasswordsAuthenticateResponse { /** * The returned Intermediate Session Token contains a password factor associated with the Member. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * Password factors are not transferable between Organizations, so the intermediate session token is * not valid for use with discovery endpoints. */ diff --git a/lib/b2b/passwords_email.ts b/lib/b2b/passwords_email.ts index d72473ba..6f21962c 100644 --- a/lib/b2b/passwords_email.ts +++ b/lib/b2b/passwords_email.ts @@ -107,8 +107,10 @@ export interface B2BPasswordsEmailResetResponse { /** * The returned Intermediate Session Token contains a password factor associated with the Member. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * Password factors are not transferable between Organizations, so the intermediate session token is * not valid for use with discovery endpoints. */ diff --git a/lib/b2b/passwords_existing_password.ts b/lib/b2b/passwords_existing_password.ts index 510f09c9..41d47657 100644 --- a/lib/b2b/passwords_existing_password.ts +++ b/lib/b2b/passwords_existing_password.ts @@ -93,8 +93,10 @@ export interface B2BPasswordsExistingPasswordResetResponse { /** * The returned Intermediate Session Token contains a password factor associated with the Member. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * Password factors are not transferable between Organizations, so the intermediate session token is * not valid for use with discovery endpoints. */ diff --git a/lib/b2b/passwords_session.ts b/lib/b2b/passwords_session.ts index e6d8ff76..bcc19c62 100644 --- a/lib/b2b/passwords_session.ts +++ b/lib/b2b/passwords_session.ts @@ -86,8 +86,10 @@ export interface B2BPasswordsSessionResetResponse { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/lib/b2b/rbac.ts b/lib/b2b/rbac.ts index 13a4d9cf..b0712d6d 100644 --- a/lib/b2b/rbac.ts +++ b/lib/b2b/rbac.ts @@ -16,19 +16,120 @@ export interface Policy { } export interface PolicyResource { + /** + * A unique identifier of the RBAC Resource, provided by the developer and intended to be human-readable. + * + * A `resource_id` is not allowed to start with `stytch`, which is a special prefix used for Stytch + * default Resources with reserved `resource_id`s. These include: + * + * * `stytch.organization` + * * `stytch.member` + * * `stytch.sso` + * * `stytch.self` + * + * Check out the + * [guide on Stytch default Resources](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for a more + * detailed explanation. + * + * + */ resource_id: string; + // The description of the RBAC Resource. description: string; + /** + * A list of all possible actions for a provided Resource. + * + * Reserved `actions` that are predefined by Stytch include: + * + * * `*` + * * For the `stytch.organization` Resource: + * * `update.info.name` + * * `update.info.slug` + * * `update.info.untrusted_metadata` + * * `update.info.email_jit_provisioning` + * * `update.info.logo_url` + * * `update.info.email_invites` + * * `update.info.allowed_domains` + * * `update.info.default_sso_connection` + * * `update.info.sso_jit_provisioning` + * * `update.info.mfa_policy` + * * `update.info.implicit_roles` + * * `delete` + * * For the `stytch.member` Resource: + * * `create` + * * `update.info.name` + * * `update.info.untrusted_metadata` + * * `update.info.mfa-phone` + * * `update.info.delete.mfa-phone` + * * `update.settings.is-breakglass` + * * `update.settings.mfa_enrolled` + * * `update.settings.roles` + * * `search` + * * `delete` + * * For the `stytch.sso` Resource: + * * `create` + * * `update` + * * `delete` + * * For the `stytch.self` Resource: + * * `update.info.name` + * * `update.info.untrusted_metadata` + * * `update.info.mfa-phone` + * * `update.info.delete.mfa-phone` + * * `update.info.delete.password` + * * `update.settings.mfa_enrolled` + * * `delete` + * + */ actions: string[]; } export interface PolicyRole { + /** + * The unique identifier of the RBAC Role, provided by the developer and intended to be human-readable. + * + * Reserved `role_id`s that are predefined by Stytch include: + * + * * `stytch_member` + * * `stytch_admin` + * + * Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) + * for a more detailed explanation. + * + * + */ role_id: string; + // The description of the RBAC Role. description: string; + /** + * A list of permissions that link a [Resource](https://stytch.com/docs/b2b/api/rbac-resource-object) to a + * list of actions. + */ permissions: PolicyRolePermission[]; } export interface PolicyRolePermission { + /** + * A unique identifier of the RBAC Resource, provided by the developer and intended to be human-readable. + * + * A `resource_id` is not allowed to start with `stytch`, which is a special prefix used for Stytch + * default Resources with reserved `resource_id`s. These include: + * + * * `stytch.organization` + * * `stytch.member` + * * `stytch.sso` + * * `stytch.self` + * + * Check out the + * [guide on Stytch default Resources](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for a more + * detailed explanation. + * + * + */ resource_id: string; + /** + * A list of permitted actions the Role is authorized to take with the provided Resource. You can use `*` + * as a wildcard to grant a Role permission to use all possible actions related to the Resource. + */ actions: string[]; } @@ -46,7 +147,7 @@ export interface B2BRBACPolicyResponse { status_code: number; /** * The RBAC Policy document that contains all defined Roles and Resources – which are managed in the - * [Dashboard](/dashboard). Read more about these entities and how they work in our + * [Dashboard](/dashboard/rbac). Read more about these entities and how they work in our * [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview). */ policy?: Policy; @@ -63,14 +164,14 @@ export class RBAC { * Get the active RBAC Policy for your current Stytch Project. An RBAC Policy is the canonical document * that stores all defined Resources and Roles within your RBAC permissioning model. * - * When using the backend SDKs, the RBAC Policy will automatically be loaded and refreshed in the - * background to allow for local evaluations, eliminating the need for an extra request to Stytch. + * When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating + * the need for an extra request to Stytch. The policy will be refreshed if an authorization check is + * requested and the RBAC policy was last updated more than 5 minutes ago. * - * Resources and Roles can be created and managed within the [Dashboard](/dashboard). Additionally, + * Resources and Roles can be created and managed within the [Dashboard](/dashboard/rbac). Additionally, * [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically * managed through certain Stytch API endpoints. * - * * Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about * Stytch's RBAC permissioning model. * @param params {@link B2BRBACPolicyRequest} diff --git a/lib/b2b/recovery_codes.ts b/lib/b2b/recovery_codes.ts index 61d78b98..61f902da 100644 --- a/lib/b2b/recovery_codes.ts +++ b/lib/b2b/recovery_codes.ts @@ -67,8 +67,10 @@ export interface B2BRecoveryCodesRecoverRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/lib/b2b/sessions.ts b/lib/b2b/sessions.ts index d1a023e6..6927ba17 100644 --- a/lib/b2b/sessions.ts +++ b/lib/b2b/sessions.ts @@ -254,8 +254,10 @@ export interface B2BSessionsExchangeResponse { * The returned Intermediate Session Token contains any Email Magic Link or OAuth factors from the original * member session that are valid for the target Organization. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the target Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the target Organization. * It can also be used with the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a different existing Organization, diff --git a/lib/b2b/sso.ts b/lib/b2b/sso.ts index 6bf6740e..613da843 100644 --- a/lib/b2b/sso.ts +++ b/lib/b2b/sso.ts @@ -5,8 +5,8 @@ // !!! import { - Authorization, addAuthorizationHeaders, + Authorization, } from "../shared/method_options"; import { fetchConfig } from "../shared"; import { Member, Organization } from "./organizations"; @@ -170,8 +170,10 @@ export interface B2BSSOAuthenticateResponse { /** * The returned Intermediate Session Token contains an SSO factor associated with the Member. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * SSO factors are not transferable between Organizations, so the intermediate session token is not * valid for use with discovery endpoints. */ @@ -323,8 +325,10 @@ export class SSO { * If the Member is required to complete MFA to log in to the Organization, the returned value of * `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. * The `intermediate_session_token` can be passed into the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA step and acquire a full member session. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete + * the MFA step and acquire a full member session. * The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. * * If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an diff --git a/lib/b2b/sso_oidc.ts b/lib/b2b/sso_oidc.ts index 9b3c3097..06ed4ccd 100644 --- a/lib/b2b/sso_oidc.ts +++ b/lib/b2b/sso_oidc.ts @@ -5,8 +5,8 @@ // !!! import { - Authorization, addAuthorizationHeaders, + Authorization, } from "../shared/method_options"; import { fetchConfig } from "../shared"; import { OIDCConnection } from "./sso"; diff --git a/lib/b2b/sso_saml.ts b/lib/b2b/sso_saml.ts index 77db3228..c6291fdb 100644 --- a/lib/b2b/sso_saml.ts +++ b/lib/b2b/sso_saml.ts @@ -5,8 +5,8 @@ // !!! import { - Authorization, addAuthorizationHeaders, + Authorization, } from "../shared/method_options"; import { fetchConfig } from "../shared"; import { request } from "../shared"; diff --git a/lib/b2b/totps.ts b/lib/b2b/totps.ts index 413c9c71..4931b462 100644 --- a/lib/b2b/totps.ts +++ b/lib/b2b/totps.ts @@ -28,8 +28,10 @@ export interface B2BTOTPsAuthenticateRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; @@ -137,8 +139,10 @@ export interface B2BTOTPsCreateRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/lib/b2c/otps_email.ts b/lib/b2c/otps_email.ts index 459cd744..0f6bc164 100644 --- a/lib/b2c/otps_email.ts +++ b/lib/b2c/otps_email.ts @@ -165,7 +165,7 @@ export class Email { * ### Next steps * Collect the OTP which was delivered to the user. Call * [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the - * `phone_id` found in the response as the `method_id`. + * `email_id` found in the response as the `method_id`. * @param data {@link OTPsEmailSendRequest} * @returns {@link OTPsEmailSendResponse} * @async diff --git a/lib/b2c/passwords.ts b/lib/b2c/passwords.ts index 721645bf..ba498e30 100644 --- a/lib/b2c/passwords.ts +++ b/lib/b2c/passwords.ts @@ -307,6 +307,15 @@ export interface PasswordsMigrateRequest { * behavior details. */ untrusted_metadata?: Record; // eslint-disable-line @typescript-eslint/no-explicit-any + /** + * Whether to set the user's email as verified. This is a dangerous field. Incorrect use may lead to users + * getting erroneously + * deduplicated into one user object. This flag should only be set if you can attest that + * the user owns the email address in question. + * Access to this field is restricted. To enable it, please send us a note at + * support@stytch.com. + */ + set_email_verified?: boolean; // The name of the user. Each field in the name object is optional. name?: Name; } diff --git a/lib/b2c/sessions.ts b/lib/b2c/sessions.ts index 76d104fd..1d16276a 100644 --- a/lib/b2c/sessions.ts +++ b/lib/b2c/sessions.ts @@ -112,6 +112,7 @@ export interface AuthenticationFactor { microsoft_oauth_factor?: MicrosoftOAuthFactor; apple_oauth_factor?: AppleOAuthFactor; webauthn_factor?: WebAuthnFactor; + // Information about the TOTP-backed Authenticator App factor, if one is present. authenticator_app_factor?: AuthenticatorAppFactor; github_oauth_factor?: GithubOAuthFactor; recovery_code_factor?: RecoveryCodeFactor; @@ -145,6 +146,7 @@ export interface AuthenticationFactor { } export interface AuthenticatorAppFactor { + // Globally unique UUID that identifies a TOTP instance. totp_id: string; } diff --git a/lib/b2c/webauthn.ts b/lib/b2c/webauthn.ts index 43c64f41..f74403a9 100644 --- a/lib/b2c/webauthn.ts +++ b/lib/b2c/webauthn.ts @@ -229,7 +229,7 @@ export interface WebAuthnRegisterStartResponse { export interface WebAuthnUpdateRequest { /** * Globally unique UUID that identifies a Passkey or WebAuthn registration in the Stytch API. The - * `webautn_registration_id` is used when you need to operate on a specific User's WebAuthn registartion. + * `webauthn_registration_id` is used when you need to operate on a specific User's WebAuthn registration. */ webauthn_registration_id: string; // The `name` of the WebAuthn registration or Passkey. diff --git a/package-lock.json b/package-lock.json index d726e2c4..c14480d2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "stytch", - "version": "10.4.0", + "version": "10.5.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "stytch", - "version": "10.4.0", + "version": "10.5.0", "license": "MIT", "dependencies": { "jose": "^4.14.6", diff --git a/package.json b/package.json index 955e9a92..f3f93af1 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "stytch", - "version": "10.4.0", + "version": "10.5.0", "description": "A wrapper for the Stytch API", "types": "./types/lib/index.d.ts", "main": "./dist/index.js", diff --git a/types/lib/b2b/discovery_intermediate_sessions.d.ts b/types/lib/b2b/discovery_intermediate_sessions.d.ts index 51582bf2..f2fdd3cd 100644 --- a/types/lib/b2b/discovery_intermediate_sessions.d.ts +++ b/types/lib/b2b/discovery_intermediate_sessions.d.ts @@ -7,8 +7,10 @@ export interface B2BDiscoveryIntermediateSessionsExchangeRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; @@ -85,8 +87,10 @@ export interface B2BDiscoveryIntermediateSessionsExchangeResponse { * The returned Intermediate Session Token is identical to the one that was originally passed in to the * request. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * It can also be used with the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a different existing Organization, diff --git a/types/lib/b2b/discovery_organizations.d.ts b/types/lib/b2b/discovery_organizations.d.ts index 6666e665..875fb383 100644 --- a/types/lib/b2b/discovery_organizations.d.ts +++ b/types/lib/b2b/discovery_organizations.d.ts @@ -8,8 +8,10 @@ export interface B2BDiscoveryOrganizationsCreateRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; @@ -149,18 +151,18 @@ export interface B2BDiscoveryOrganizationsCreateRequest { */ rbac_email_implicit_role_assignments?: EmailImplicitRoleAssignment[]; /** - * The setting that controls which mfa methods can be used by Members of an Organization. The accepted + * The setting that controls which MFA methods can be used by Members of an Organization. The accepted * values are: * * `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. * - * `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. + * `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. * This setting does not apply to Members with `is_breakglass` set to `true`. * */ mfa_methods?: string; /** - * An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to + * An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to * `RESTRICTED`. * The list's accepted values are: `sms_otp` and `totp`. * @@ -186,8 +188,10 @@ export interface B2BDiscoveryOrganizationsCreateResponse { * The returned Intermediate Session Token is identical to the one that was originally passed in to the * request. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * It can also be used with the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a different existing Organization, @@ -209,8 +213,10 @@ export interface B2BDiscoveryOrganizationsListRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/types/lib/b2b/index.d.ts b/types/lib/b2b/index.d.ts index 823c93ad..dbdbf0c8 100644 --- a/types/lib/b2b/index.d.ts +++ b/types/lib/b2b/index.d.ts @@ -5,6 +5,7 @@ export type { Policy, PolicyResource, PolicyRole, PolicyRolePermission, B2BRBACP export type { MemberOptions, MfaRequired } from "./mfa"; export type { ActiveSSOConnection, EmailImplicitRoleAssignment, Member, MemberRole, MemberRoleSource, OAuthRegistration, Organization, B2BOrganizationsResultsMetadata, SSORegistration, SearchQuery, B2BOrganizationsCreateRequest, B2BOrganizationsCreateResponse, B2BOrganizationsDeleteRequest, B2BOrganizationsDeleteResponse, B2BOrganizationsGetRequest, B2BOrganizationsGetResponse, B2BOrganizationsSearchRequest, B2BOrganizationsSearchResponse, B2BOrganizationsUpdateRequest, B2BOrganizationsUpdateResponse, B2BOrganizationsUpdateRequestOptions, B2BOrganizationsDeleteRequestOptions, } from "./organizations"; export type { B2BOrganizationsMembersCreateRequest, B2BOrganizationsMembersCreateResponse, B2BOrganizationsMembersDangerouslyGetRequest, B2BOrganizationsMembersDeleteMFAPhoneNumberRequest, B2BOrganizationsMembersDeleteMFAPhoneNumberResponse, B2BOrganizationsMembersDeletePasswordRequest, B2BOrganizationsMembersDeletePasswordResponse, B2BOrganizationsMembersDeleteRequest, B2BOrganizationsMembersDeleteResponse, B2BOrganizationsMembersDeleteTOTPRequest, B2BOrganizationsMembersDeleteTOTPResponse, B2BOrganizationsMembersGetRequest, B2BOrganizationsMembersGetResponse, B2BOrganizationsMembersReactivateRequest, B2BOrganizationsMembersReactivateResponse, B2BOrganizationsMembersSearchRequest, B2BOrganizationsMembersSearchResponse, B2BOrganizationsMembersUpdateRequest, B2BOrganizationsMembersUpdateResponse, B2BOrganizationsMembersUpdateRequestOptions, B2BOrganizationsMembersDeleteRequestOptions, B2BOrganizationsMembersReactivateRequestOptions, B2BOrganizationsMembersDeleteMFAPhoneNumberRequestOptions, B2BOrganizationsMembersDeleteTOTPRequestOptions, B2BOrganizationsMembersSearchRequestOptions, B2BOrganizationsMembersDeletePasswordRequestOptions, B2BOrganizationsMembersCreateRequestOptions, } from "./organizations_members"; +export type { B2BOrganizationsMembersOAuthProvidersGoogleResponse, B2BOrganizationsMembersOAuthProvidersMicrosoftRequest, B2BOrganizationsMembersOAuthProvidersMicrosoftResponse, } from "./organizations_members_oauth_providers"; export type { AuthorizationCheck, AuthorizationVerdict, MemberSession, B2BSessionsAuthenticateRequest, B2BSessionsAuthenticateResponse, B2BSessionsExchangeRequest, B2BSessionsExchangeResponse, B2BSessionsGetJWKSRequest, B2BSessionsGetJWKSResponse, B2BSessionsGetRequest, B2BSessionsGetResponse, B2BSessionsRevokeRequest, B2BSessionsRevokeResponse, } from "./sessions"; export type { B2BRecoveryCodesGetRequest, B2BRecoveryCodesGetResponse, B2BRecoveryCodesRecoverRequest, B2BRecoveryCodesRecoverResponse, B2BRecoveryCodesRotateRequest, B2BRecoveryCodesRotateResponse, } from "./recovery_codes"; export type { B2BTOTPsAuthenticateRequest, B2BTOTPsAuthenticateResponse, B2BTOTPsCreateRequest, B2BTOTPsCreateResponse, B2BTOTPsMigrateRequest, B2BTOTPsMigrateResponse, } from "./totps"; diff --git a/types/lib/b2b/magic_links.d.ts b/types/lib/b2b/magic_links.d.ts index e69d4e3b..bfa43a89 100644 --- a/types/lib/b2b/magic_links.d.ts +++ b/types/lib/b2b/magic_links.d.ts @@ -96,8 +96,10 @@ export interface B2BMagicLinksAuthenticateResponse { * The returned Intermediate Session Token contains an Email Magic Link factor associated with the Member's * email address. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * It can also be used with the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a different existing Organization that allows login with Email Magic Links, @@ -132,8 +134,10 @@ export declare class MagicLinks { * If the Member is required to complete MFA to log in to the Organization, the returned value of * `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. * The `intermediate_session_token` can be passed into the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA step and acquire a full member session. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete + * the MFA step and acquire a full member session. * The `intermediate_session_token` can also be used with the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * or the diff --git a/types/lib/b2b/magic_links_discovery.d.ts b/types/lib/b2b/magic_links_discovery.d.ts index 7c4851b3..b2480c23 100644 --- a/types/lib/b2b/magic_links_discovery.d.ts +++ b/types/lib/b2b/magic_links_discovery.d.ts @@ -14,8 +14,10 @@ export interface B2BMagicLinksDiscoveryAuthenticateResponse { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/types/lib/b2b/mfa.d.ts b/types/lib/b2b/mfa.d.ts index b3cae9e6..e3d42699 100644 --- a/types/lib/b2b/mfa.d.ts +++ b/types/lib/b2b/mfa.d.ts @@ -1,5 +1,6 @@ export interface MemberOptions { mfa_phone_number: string; + totp_registration_id: string; } export interface MfaRequired { member_options?: MemberOptions; diff --git a/types/lib/b2b/oauth.d.ts b/types/lib/b2b/oauth.d.ts index 0c20ff00..53c1012b 100644 --- a/types/lib/b2b/oauth.d.ts +++ b/types/lib/b2b/oauth.d.ts @@ -105,8 +105,10 @@ export interface B2BOAuthAuthenticateResponse { * The returned Intermediate Session Token contains an OAuth factor associated with the Member's email * address. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * It can also be used with the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a different existing Organization that allows login with OAuth, diff --git a/types/lib/b2b/oauth_discovery.d.ts b/types/lib/b2b/oauth_discovery.d.ts index 9bdde5dc..f6560da4 100644 --- a/types/lib/b2b/oauth_discovery.d.ts +++ b/types/lib/b2b/oauth_discovery.d.ts @@ -18,8 +18,10 @@ export interface B2BOAuthDiscoveryAuthenticateResponse { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/types/lib/b2b/organizations.d.ts b/types/lib/b2b/organizations.d.ts index 2d75340e..46585515 100644 --- a/types/lib/b2b/organizations.d.ts +++ b/types/lib/b2b/organizations.d.ts @@ -317,18 +317,18 @@ export interface Organization { */ rbac_email_implicit_role_assignments: EmailImplicitRoleAssignment[]; /** - * The setting that controls which mfa methods can be used by Members of an Organization. The accepted + * The setting that controls which MFA methods can be used by Members of an Organization. The accepted * values are: * * `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. * - * `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. + * `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. * This setting does not apply to Members with `is_breakglass` set to `true`. * */ mfa_methods: string; /** - * An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to + * An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to * `RESTRICTED`. * The list's accepted values are: `sms_otp` and `totp`. * @@ -450,18 +450,18 @@ export interface B2BOrganizationsCreateRequest { */ rbac_email_implicit_role_assignments?: EmailImplicitRoleAssignment[]; /** - * The setting that controls which mfa methods can be used by Members of an Organization. The accepted + * The setting that controls which MFA methods can be used by Members of an Organization. The accepted * values are: * * `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. * - * `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. + * `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. * This setting does not apply to Members with `is_breakglass` set to `true`. * */ mfa_methods?: string; /** - * An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to + * An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to * `RESTRICTED`. * The list's accepted values are: `sms_otp` and `totp`. * @@ -734,22 +734,22 @@ export interface B2BOrganizationsUpdateRequest { */ rbac_email_implicit_role_assignments?: string[]; /** - * The setting that controls which mfa methods can be used by Members of an Organization. The accepted + * The setting that controls which MFA methods can be used by Members of an Organization. The accepted * values are: * * `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. * - * `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. + * `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. * This setting does not apply to Members with `is_breakglass` set to `true`. * * * If this field is provided and a session header is passed into the request, the Member Session must have - * permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` + * permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` * Resource. */ mfa_methods?: string; /** - * An array of allowed mfa authentication methods. This list is enforced when `mfa_methods` is set to + * An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to * `RESTRICTED`. * The list's accepted values are: `sms_otp` and `totp`. * diff --git a/types/lib/b2b/organizations_members.d.ts b/types/lib/b2b/organizations_members.d.ts index ef697e24..aabec843 100644 --- a/types/lib/b2b/organizations_members.d.ts +++ b/types/lib/b2b/organizations_members.d.ts @@ -1,6 +1,7 @@ import { Authorization } from "../shared/method_options"; import { B2BOrganizationsResultsMetadata, Member, Organization, SearchQuery } from "./organizations"; import { fetchConfig } from "../shared"; +import { OAuthProviders } from "./organizations_members_oauth_providers"; export interface B2BOrganizationsMembersCreateRequestOptions { /** * Optional authorization object. @@ -369,7 +370,7 @@ export interface B2BOrganizationsMembersUpdateRequest { * more details. * * If this field is provided and a session header is passed into the request, the Member Session must have - * permission to perform the `update.info.is-breakglass` action on the `stytch.member` Resource. + * permission to perform the `update.settings.is-breakglass` action on the `stytch.member` Resource. */ is_breakglass?: boolean; /** @@ -422,9 +423,15 @@ export interface B2BOrganizationsMembersUpdateRequest { */ preserve_existing_sessions?: boolean; /** - * The Member's default MFA method. This value is used to determine which secondary MFA method to use in - * the case of multiple methods registered for a Member. The current possible values are `sms_otp` and - * `totp`. + * Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they + * wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the + * Organization's MFA policy is set to `REQUIRED_FOR_ALL`. + * + * If this field is provided and a session header is passed into the request, the Member Session must have + * permission to perform the `update.settings.default-mfa-method` action on the `stytch.member` Resource. + * Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the + * request, the authorization check will also allow a Member Session that has permission to perform the + * `update.settings.default-mfa-method` action on the `stytch.self` Resource. */ default_mfa_method?: string; } @@ -445,6 +452,7 @@ export interface B2BOrganizationsMembersUpdateResponse { } export declare class Members { private fetchConfig; + oauthProviders: OAuthProviders; constructor(fetchConfig: fetchConfig); /** * Updates a Member specified by `organization_id` and `member_id`. diff --git a/types/lib/b2b/organizations_members_oauth_providers.d.ts b/types/lib/b2b/organizations_members_oauth_providers.d.ts new file mode 100644 index 00000000..d1c08bb0 --- /dev/null +++ b/types/lib/b2b/organizations_members_oauth_providers.d.ts @@ -0,0 +1,123 @@ +import { fetchConfig } from "../shared"; +export interface B2BOrganizationsMembersOAuthProvidersGoogleResponse { + /** + * Globally unique UUID that is returned with every API call. This value is important to log for debugging + * purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. + */ + request_id: string; + /** + * Denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Microsoft, GitHub + * etc. + */ + provider_type: string; + /** + * The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or + * "Subject field" in OAuth protocols. + */ + provider_subject: string; + access_token: string; + access_token_expires_in: number; + /** + * The `id_token` returned by the OAuth provider. ID Tokens are JWTs that contain structured information + * about a user. The exact content of each ID Token varies from provider to provider. ID Tokens are + * returned from OAuth providers that conform to the [OpenID Connect](https://openid.net/foundation/) + * specification, which is based on OAuth. + */ + id_token: string; + /** + * The OAuth scopes included for a given provider. See each provider's section above to see which scopes + * are included by default and how to add custom scopes. + */ + scopes: string[]; + /** + * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. + * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. + */ + status_code: number; +} +/** + * Request type for `organizations.members.oauthProviders.google`, + * `organizations.members.oauthProviders.microsoft`. + */ +export interface B2BOrganizationsMembersOAuthProvidersMicrosoftRequest { + /** + * Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to + * perform operations on an Organization, so be sure to preserve this value. + */ + organization_id: string; + /** + * Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform + * operations on a Member, so be sure to preserve this value. + */ + member_id: string; +} +export interface B2BOrganizationsMembersOAuthProvidersMicrosoftResponse { + /** + * Globally unique UUID that is returned with every API call. This value is important to log for debugging + * purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. + */ + request_id: string; + /** + * Denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Microsoft, GitHub + * etc. + */ + provider_type: string; + /** + * The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or + * "Subject field" in OAuth protocols. + */ + provider_subject: string; + access_token: string; + access_token_expires_in: number; + /** + * The `id_token` returned by the OAuth provider. ID Tokens are JWTs that contain structured information + * about a user. The exact content of each ID Token varies from provider to provider. ID Tokens are + * returned from OAuth providers that conform to the [OpenID Connect](https://openid.net/foundation/) + * specification, which is based on OAuth. + */ + id_token: string; + /** + * The OAuth scopes included for a given provider. See each provider's section above to see which scopes + * are included by default and how to add custom scopes. + */ + scopes: string[]; + /** + * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. + * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. + */ + status_code: number; +} +export declare class OAuthProviders { + private fetchConfig; + constructor(fetchConfig: fetchConfig); + /** + * Retrieve the saved Google access token and ID token for a member. After a successful OAuth login, Stytch + * will save the + * issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch + * will refresh the + * access token automatically. + * + * __Note:__ Google does not issue a refresh token on every login, and refresh tokens may expire if unused. + * To force a refresh token to be issued, pass the `?provider_prompt=consent` query param into the + * [Start Google OAuth flow](https://stytch.com/docs/b2b/api/oauth-google-start) endpoint. + * @param params {@link B2BOrganizationsMembersOAuthProvidersMicrosoftRequest} + * @returns {@link B2BOrganizationsMembersOAuthProvidersGoogleResponse} + * @async + * @throws A {@link StytchError} on a non-2xx response from the Stytch API + * @throws A {@link RequestError} when the Stytch API cannot be reached + */ + google(params: B2BOrganizationsMembersOAuthProvidersMicrosoftRequest): Promise; + /** + * Retrieve the saved Microsoft access token and ID token for a member. After a successful OAuth login, + * Stytch will save the + * issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch + * will refresh the + * access token automatically. + * @param params {@link B2BOrganizationsMembersOAuthProvidersMicrosoftRequest} + * @returns {@link B2BOrganizationsMembersOAuthProvidersMicrosoftResponse} + * @async + * @throws A {@link StytchError} on a non-2xx response from the Stytch API + * @throws A {@link RequestError} when the Stytch API cannot be reached + */ + microsoft(params: B2BOrganizationsMembersOAuthProvidersMicrosoftRequest): Promise; +} diff --git a/types/lib/b2b/otp_sms.d.ts b/types/lib/b2b/otp_sms.d.ts index 8369efb9..13b476da 100644 --- a/types/lib/b2b/otp_sms.d.ts +++ b/types/lib/b2b/otp_sms.d.ts @@ -17,8 +17,10 @@ export interface B2BOTPSmsAuthenticateRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; @@ -120,8 +122,10 @@ export interface B2BOTPSmsSendRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/types/lib/b2b/passwords.d.ts b/types/lib/b2b/passwords.d.ts index 2381e3c5..01a88f5f 100644 --- a/types/lib/b2b/passwords.d.ts +++ b/types/lib/b2b/passwords.d.ts @@ -112,8 +112,10 @@ export interface B2BPasswordsAuthenticateResponse { /** * The returned Intermediate Session Token contains a password factor associated with the Member. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * Password factors are not transferable between Organizations, so the intermediate session token is * not valid for use with discovery endpoints. */ diff --git a/types/lib/b2b/passwords_email.d.ts b/types/lib/b2b/passwords_email.d.ts index dded686d..7259d2dc 100644 --- a/types/lib/b2b/passwords_email.d.ts +++ b/types/lib/b2b/passwords_email.d.ts @@ -86,8 +86,10 @@ export interface B2BPasswordsEmailResetResponse { /** * The returned Intermediate Session Token contains a password factor associated with the Member. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * Password factors are not transferable between Organizations, so the intermediate session token is * not valid for use with discovery endpoints. */ diff --git a/types/lib/b2b/passwords_existing_password.d.ts b/types/lib/b2b/passwords_existing_password.d.ts index 36c0db42..97a412d8 100644 --- a/types/lib/b2b/passwords_existing_password.d.ts +++ b/types/lib/b2b/passwords_existing_password.d.ts @@ -71,8 +71,10 @@ export interface B2BPasswordsExistingPasswordResetResponse { /** * The returned Intermediate Session Token contains a password factor associated with the Member. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * Password factors are not transferable between Organizations, so the intermediate session token is * not valid for use with discovery endpoints. */ diff --git a/types/lib/b2b/passwords_session.d.ts b/types/lib/b2b/passwords_session.d.ts index 8a887316..5b61115d 100644 --- a/types/lib/b2b/passwords_session.d.ts +++ b/types/lib/b2b/passwords_session.d.ts @@ -66,8 +66,10 @@ export interface B2BPasswordsSessionResetResponse { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/types/lib/b2b/rbac.d.ts b/types/lib/b2b/rbac.d.ts index c30d0200..5c8ba32d 100644 --- a/types/lib/b2b/rbac.d.ts +++ b/types/lib/b2b/rbac.d.ts @@ -4,17 +4,116 @@ export interface Policy { resources: PolicyResource[]; } export interface PolicyResource { + /** + * A unique identifier of the RBAC Resource, provided by the developer and intended to be human-readable. + * + * A `resource_id` is not allowed to start with `stytch`, which is a special prefix used for Stytch + * default Resources with reserved `resource_id`s. These include: + * + * * `stytch.organization` + * * `stytch.member` + * * `stytch.sso` + * * `stytch.self` + * + * Check out the + * [guide on Stytch default Resources](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for a more + * detailed explanation. + * + * + */ resource_id: string; description: string; + /** + * A list of all possible actions for a provided Resource. + * + * Reserved `actions` that are predefined by Stytch include: + * + * * `*` + * * For the `stytch.organization` Resource: + * * `update.info.name` + * * `update.info.slug` + * * `update.info.untrusted_metadata` + * * `update.info.email_jit_provisioning` + * * `update.info.logo_url` + * * `update.info.email_invites` + * * `update.info.allowed_domains` + * * `update.info.default_sso_connection` + * * `update.info.sso_jit_provisioning` + * * `update.info.mfa_policy` + * * `update.info.implicit_roles` + * * `delete` + * * For the `stytch.member` Resource: + * * `create` + * * `update.info.name` + * * `update.info.untrusted_metadata` + * * `update.info.mfa-phone` + * * `update.info.delete.mfa-phone` + * * `update.settings.is-breakglass` + * * `update.settings.mfa_enrolled` + * * `update.settings.roles` + * * `search` + * * `delete` + * * For the `stytch.sso` Resource: + * * `create` + * * `update` + * * `delete` + * * For the `stytch.self` Resource: + * * `update.info.name` + * * `update.info.untrusted_metadata` + * * `update.info.mfa-phone` + * * `update.info.delete.mfa-phone` + * * `update.info.delete.password` + * * `update.settings.mfa_enrolled` + * * `delete` + * + */ actions: string[]; } export interface PolicyRole { + /** + * The unique identifier of the RBAC Role, provided by the developer and intended to be human-readable. + * + * Reserved `role_id`s that are predefined by Stytch include: + * + * * `stytch_member` + * * `stytch_admin` + * + * Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) + * for a more detailed explanation. + * + * + */ role_id: string; description: string; + /** + * A list of permissions that link a [Resource](https://stytch.com/docs/b2b/api/rbac-resource-object) to a + * list of actions. + */ permissions: PolicyRolePermission[]; } export interface PolicyRolePermission { + /** + * A unique identifier of the RBAC Resource, provided by the developer and intended to be human-readable. + * + * A `resource_id` is not allowed to start with `stytch`, which is a special prefix used for Stytch + * default Resources with reserved `resource_id`s. These include: + * + * * `stytch.organization` + * * `stytch.member` + * * `stytch.sso` + * * `stytch.self` + * + * Check out the + * [guide on Stytch default Resources](https://stytch.com/docs/b2b/guides/rbac/stytch-defaults) for a more + * detailed explanation. + * + * + */ resource_id: string; + /** + * A list of permitted actions the Role is authorized to take with the provided Resource. You can use `*` + * as a wildcard to grant a Role permission to use all possible actions related to the Resource. + */ actions: string[]; } export interface B2BRBACPolicyResponse { @@ -30,7 +129,7 @@ export interface B2BRBACPolicyResponse { status_code: number; /** * The RBAC Policy document that contains all defined Roles and Resources – which are managed in the - * [Dashboard](/dashboard). Read more about these entities and how they work in our + * [Dashboard](/dashboard/rbac). Read more about these entities and how they work in our * [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview). */ policy?: Policy; @@ -42,14 +141,14 @@ export declare class RBAC { * Get the active RBAC Policy for your current Stytch Project. An RBAC Policy is the canonical document * that stores all defined Resources and Roles within your RBAC permissioning model. * - * When using the backend SDKs, the RBAC Policy will automatically be loaded and refreshed in the - * background to allow for local evaluations, eliminating the need for an extra request to Stytch. + * When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating + * the need for an extra request to Stytch. The policy will be refreshed if an authorization check is + * requested and the RBAC policy was last updated more than 5 minutes ago. * - * Resources and Roles can be created and managed within the [Dashboard](/dashboard). Additionally, + * Resources and Roles can be created and managed within the [Dashboard](/dashboard/rbac). Additionally, * [Role assignment](https://stytch.com/docs/b2b/guides/rbac/role-assignment) can be programmatically * managed through certain Stytch API endpoints. * - * * Check out the [RBAC overview](https://stytch.com/docs/b2b/guides/rbac/overview) to learn more about * Stytch's RBAC permissioning model. * @param params {@link B2BRBACPolicyRequest} diff --git a/types/lib/b2b/recovery_codes.d.ts b/types/lib/b2b/recovery_codes.d.ts index 9a73d599..96549b64 100644 --- a/types/lib/b2b/recovery_codes.d.ts +++ b/types/lib/b2b/recovery_codes.d.ts @@ -49,8 +49,10 @@ export interface B2BRecoveryCodesRecoverRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/types/lib/b2b/sessions.d.ts b/types/lib/b2b/sessions.d.ts index 1eea7225..5b902f4f 100644 --- a/types/lib/b2b/sessions.d.ts +++ b/types/lib/b2b/sessions.d.ts @@ -213,8 +213,10 @@ export interface B2BSessionsExchangeResponse { * The returned Intermediate Session Token contains any Email Magic Link or OAuth factors from the original * member session that are valid for the target Organization. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the target Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the target Organization. * It can also be used with the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a different existing Organization, diff --git a/types/lib/b2b/sso.d.ts b/types/lib/b2b/sso.d.ts index 269a0fa1..30c72454 100644 --- a/types/lib/b2b/sso.d.ts +++ b/types/lib/b2b/sso.d.ts @@ -140,8 +140,10 @@ export interface B2BSSOAuthenticateResponse { /** * The returned Intermediate Session Token contains an SSO factor associated with the Member. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA flow and log in to the Organization. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete the MFA flow and log in to the Organization. * SSO factors are not transferable between Organizations, so the intermediate session token is not * valid for use with discovery endpoints. */ @@ -243,8 +245,10 @@ export declare class SSO { * If the Member is required to complete MFA to log in to the Organization, the returned value of * `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. * The `intermediate_session_token` can be passed into the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the - * MFA step and acquire a full member session. + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete + * the MFA step and acquire a full member session. * The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. * * If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an diff --git a/types/lib/b2b/totps.d.ts b/types/lib/b2b/totps.d.ts index 6b2ad783..f8caeeff 100644 --- a/types/lib/b2b/totps.d.ts +++ b/types/lib/b2b/totps.d.ts @@ -17,8 +17,10 @@ export interface B2BTOTPsAuthenticateRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; @@ -114,8 +116,10 @@ export interface B2BTOTPsCreateRequest { * The Intermediate Session Token. This token does not necessarily belong to a specific instance of a * Member, but represents a bag of factors that may be converted to a member session. * The token can be used with the - * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA - * flow; + * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), + * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + * or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to + * complete an MFA flow; * the * [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) * to join a specific Organization that allows the factors represented by the intermediate session token; diff --git a/types/lib/b2c/otps_email.d.ts b/types/lib/b2c/otps_email.d.ts index 8b5d0f9e..28f9ebeb 100644 --- a/types/lib/b2c/otps_email.d.ts +++ b/types/lib/b2c/otps_email.d.ts @@ -134,7 +134,7 @@ export declare class Email { * ### Next steps * Collect the OTP which was delivered to the user. Call * [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the - * `phone_id` found in the response as the `method_id`. + * `email_id` found in the response as the `method_id`. * @param data {@link OTPsEmailSendRequest} * @returns {@link OTPsEmailSendResponse} * @async diff --git a/types/lib/b2c/passwords.d.ts b/types/lib/b2c/passwords.d.ts index b805408e..ef1dac7b 100644 --- a/types/lib/b2c/passwords.d.ts +++ b/types/lib/b2c/passwords.d.ts @@ -234,6 +234,15 @@ export interface PasswordsMigrateRequest { * behavior details. */ untrusted_metadata?: Record; + /** + * Whether to set the user's email as verified. This is a dangerous field. Incorrect use may lead to users + * getting erroneously + * deduplicated into one user object. This flag should only be set if you can attest that + * the user owns the email address in question. + * Access to this field is restricted. To enable it, please send us a note at + * support@stytch.com. + */ + set_email_verified?: boolean; name?: Name; } export interface PasswordsMigrateResponse { diff --git a/types/lib/b2c/webauthn.d.ts b/types/lib/b2c/webauthn.d.ts index ba4ada77..b6b79cb1 100644 --- a/types/lib/b2c/webauthn.d.ts +++ b/types/lib/b2c/webauthn.d.ts @@ -181,7 +181,7 @@ export interface WebAuthnRegisterStartResponse { export interface WebAuthnUpdateRequest { /** * Globally unique UUID that identifies a Passkey or WebAuthn registration in the Stytch API. The - * `webautn_registration_id` is used when you need to operate on a specific User's WebAuthn registartion. + * `webauthn_registration_id` is used when you need to operate on a specific User's WebAuthn registration. */ webauthn_registration_id: string; name: string;