Add "dangerously get member" to SDKs and SAML Update by URL and Doc (#…

…104) Add "dangerously get member" to SDKs and SAML Update by URL and Doc (#104)
stytchauth · Nov 15, 2023 · 4d28557 · 4d28557
1 parent d8c6a06
commit 4d28557
Show file tree

Hide file tree

Showing 9 changed files with 148 additions and 17 deletions.
diff --git a/lib/stytch/b2b_organizations.rb b/lib/stytch/b2b_organizations.rb
@@ -27,10 +27,10 @@ def initialize(connection)
     #
     # == Parameters:
     # organization_name::
-    #   The name of the Organization.
+    #   The name of the Organization. Must be between 1 and 128 characters in length.
     #   The type of this field is +String+.
     # organization_slug::
-    #   The unique URL slug of the Organization. A minimum of two characters is required. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`.
+    #   The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
     #   The type of this field is nilable +String+.
     # organization_logo_url::
     #   The image URL of the Organization logo.
@@ -162,7 +162,7 @@ def get(
       get_request(request)
     end
 
-    # Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members. test
+    # Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members.
     #
     # *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.
     #
@@ -171,10 +171,10 @@ def get(
     #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
     #   The type of this field is +String+.
     # organization_name::
-    #   The name of the Organization.
+    #   The name of the Organization. Must be between 1 and 128 characters in length.
     #   The type of this field is nilable +String+.
     # organization_slug::
-    #   The unique URL slug of the Organization. A minimum of two characters is required. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`.
+    #   The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
     #   The type of this field is nilable +String+.
     # organization_logo_url::
     #   The image URL of the Organization logo.
@@ -619,6 +619,38 @@ def delete_password(
         delete_request("/v1/b2b/organizations/#{organization_id}/members/passwords/#{member_password_id}")
       end
 
+      # Get a Member by `member_id`. This endpoint does not require an `organization_id`, so you can use it to get members across organizations. This is a dangerous operation. Incorrect use may open you up to indirect object reference (IDOR) attacks. We recommend using the [Get Member](https://stytch.com/docs/b2b/api/get-member) API instead.
+      #
+      # == Parameters:
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # member_id::
+      #   Globally unique UUID that identifies a specific Member.
+      #   The type of this field is +String+.
+      # member::
+      #   The [Member object](https://stytch.com/docs/b2b/api/member-object)
+      #   The type of this field is +Member+ (+object+).
+      # organization::
+      #   The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+      #   The type of this field is +Organization+ (+object+).
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      def dangerously_get(
+        member_id:
+      )
+        query_params = {}
+        request = request_with_query_params("/v1/b2b/organizations/members/dangerously_get/#{member_id}", query_params)
+        get_request(request)
+      end
+
       # Creates a Member. An `organization_id` and `email_address` are required.
       #
       # == Parameters:

diff --git a/lib/stytch/b2b_otp.rb b/lib/stytch/b2b_otp.rb
@@ -40,6 +40,8 @@ def initialize(connection)
       # ### Cost to send SMS OTP
       # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview).
       #
+      # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [[email protected]](mailto:[email protected]?subject=Enable%20international%20SMS).
+      #
       # == Parameters:
       # organization_id::
       #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.

diff --git a/lib/stytch/b2b_sessions.rb b/lib/stytch/b2b_sessions.rb
@@ -284,6 +284,14 @@ def exchange(
 
     # Get the JSON Web Key Set (JWKS) for a project.
     #
+    # JWKS are rotated every ~6 months. Upon rotation, new JWTs will be signed using the new key set, and both key sets will be returned by this endpoint for a period of 1 month.
+    #
+    # JWTs have a set lifetime of 5 minutes, so there will be a 5 minute period where some JWTs will be signed by the old JWKS, and some JWTs will be signed by the new JWKS. The correct JWKS to use for validation is determined by matching the `kid` value of the JWT and JWKS.
+    #
+    # If you're using one of our [backend SDKs](https://stytch.com/docs/b2b/sdks), the JWKS roll will be handled for you.
+    #
+    # If you're using your own JWT validation library, many have built-in support for JWKS rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWKS to use for validation by inspecting the `kid` value.
+    #
     # == Parameters:
     # project_id::
     #   The `project_id` to get the JWKS for.

diff --git a/lib/stytch/b2b_sso.rb b/lib/stytch/b2b_sso.rb
@@ -394,6 +394,9 @@ def create_connection(
       # idp_sso_url::
       #   The URL for which assertions for login requests will be sent. This will be provided by the IdP.
       #   The type of this field is nilable +String+.
+      # alternative_audience_uri::
+      #   An alternative URL to use for the Audience Restriction. This value can be used when you wish to migrate an existing SAML integration to Stytch with zero downtime.
+      #   The type of this field is nilable +String+.
       #
       # == Returns:
       # An object with the following fields:
@@ -413,18 +416,62 @@ def update_connection(
         display_name: nil,
         attribute_mapping: nil,
         x509_certificate: nil,
-        idp_sso_url: nil
+        idp_sso_url: nil,
+        alternative_audience_uri: nil
       )
         request = {}
         request[:idp_entity_id] = idp_entity_id unless idp_entity_id.nil?
         request[:display_name] = display_name unless display_name.nil?
         request[:attribute_mapping] = attribute_mapping unless attribute_mapping.nil?
         request[:x509_certificate] = x509_certificate unless x509_certificate.nil?
         request[:idp_sso_url] = idp_sso_url unless idp_sso_url.nil?
+        request[:alternative_audience_uri] = alternative_audience_uri unless alternative_audience_uri.nil?
 
         put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}", request)
       end
 
+      # Used to update an existing SAML connection using an IDP metadata URL.
+      #
+      # A newly created connection will not become active until all the following are provided:
+      # * `idp_sso_url`
+      # * `idp_entity_id`
+      # * `x509_certificate`
+      # * `attribute_mapping` (must be supplied using [Update SAML Connection](update-saml-connection))
+      #
+      # == Parameters:
+      # organization_id::
+      #   Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      #   The type of this field is +String+.
+      # connection_id::
+      #   Globally unique UUID that identifies a specific SSO `connection_id` for a Member.
+      #   The type of this field is +String+.
+      # metadata_url::
+      #   A URL that points to the IdP metadata. This will be provided by the IdP.
+      #   The type of this field is +String+.
+      #
+      # == Returns:
+      # An object with the following fields:
+      # request_id::
+      #   Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
+      #   The type of this field is +String+.
+      # status_code::
+      #   The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
+      #   The type of this field is +Integer+.
+      # connection::
+      #   The `SAML Connection` object affected by this API call. See the [SAML Connection Object](https://stytch.com/docs/b2b/api/saml-connection-object) for complete response field details.
+      #   The type of this field is nilable +SAMLConnection+ (+object+).
+      def update_by_url(
+        organization_id:,
+        connection_id:,
+        metadata_url:
+      )
+        request = {
+          metadata_url: metadata_url
+        }
+
+        put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}/url", request)
+      end
+
       # Delete a SAML verification certificate.
       #
       # You may need to do this when rotating certificates from your IdP, since Stytch allows a maximum of 5 certificates per connection. There must always be at least one certificate per active connection.

diff --git a/lib/stytch/otps.rb b/lib/stytch/otps.rb
@@ -129,6 +129,8 @@ def initialize(connection)
       # ### Cost to send SMS OTP
       # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview).
       #
+      # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [[email protected]](mailto:[email protected]?subject=Enable%20international%20SMS).
+      #
       # ### Add a phone number to an existing user
       #
       # This endpoint also allows you to add a new phone number to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in your Send one-time passcode by SMS request will add the new, unverified phone number to the existing Stytch User. If the user successfully authenticates within 5 minutes, the new phone number will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that phone number will create a new User.
@@ -205,6 +207,9 @@ def send(
       #
       # ### Cost to send SMS OTP
       # Before configuring SMS or WhatsApp OTPs, please review how Stytch [bills the costs of international OTPs](https://stytch.com/pricing) and understand how to protect your app against [toll fraud](https://stytch.com/docs/guides/passcodes/toll-fraud/overview).
+      #
+      # __Note:__ SMS to phone numbers outside of the US and Canada is disabled by default for customers who did not use SMS prior to October 2023. If you're interested in sending international SMS, please reach out to [[email protected]](mailto:[email protected]?subject=Enable%20international%20SMS).
+      #
       # ### Next steps
       #
       # Collect the OTP which was delivered to the User. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`.

diff --git a/lib/stytch/sessions.rb b/lib/stytch/sessions.rb
@@ -151,7 +151,15 @@ def revoke(
       post_request('/v1/sessions/revoke', request)
     end
 
-    # Get the JSON Web Key Set (JWKS) for a Stytch Project.
+    # Get the JSON Web Key Set (JWKS) for a project.
+    #
+    # JWKS are rotated every ~6 months. Upon rotation, new JWTs will be signed using the new key set, and both key sets will be returned by this endpoint for a period of 1 month.
+    #
+    # JWTs have a set lifetime of 5 minutes, so there will be a 5 minute period where some JWTs will be signed by the old JWKS, and some JWTs will be signed by the new JWKS. The correct JWKS to use for validation is determined by matching the `kid` value of the JWT and JWKS.
+    #
+    # If you're using one of our [backend SDKs](https://stytch.com/docs/sdks), the JWKS roll will be handled for you.
+    #
+    # If you're using your own JWT validation library, many have built-in support for JWKS rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWKS to use for validation by inspecting the `kid` value.
     #
     # == Parameters:
     # project_id::

diff --git a/lib/stytch/totps.rb b/lib/stytch/totps.rb
@@ -23,7 +23,7 @@ def initialize(connection)
     #   The `user_id` of an active user the TOTP registration should be tied to.
     #   The type of this field is +String+.
     # expiration_minutes::
-    #   The expiration for the TOTP instance. If the newly created TOTP is not authenticated within this time frame the TOTP will be unusable. Defaults to 60 (1 hour) with a minimum of 5 and a maximum of 1440.
+    #   The expiration for the TOTP instance. If the newly created TOTP is not authenticated within this time frame the TOTP will be unusable. Defaults to 1440 (1 day) with a minimum of 5 and a maximum of 1440.
     #   The type of this field is nilable +Integer+.
     #
     # == Returns:

diff --git a/lib/stytch/version.rb b/lib/stytch/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '6.5.2'
+  VERSION = '6.6.0'
 end