Add allowed OAuth Tenants (#134)

stytchauth · Aug 14, 2024 · 7369506 · 7369506
1 parent c2cf018
commit 7369506
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 5 deletions.
diff --git a/lib/stytch/b2b_discovery.rb b/lib/stytch/b2b_discovery.rb
@@ -263,6 +263,17 @@ def initialize(connection)
       #   The list's accepted values are: `sms_otp` and `totp`.
       #
       #   The type of this field is nilable list of +String+.
+      # oauth_tenant_jit_provisioning::
+      #   The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are:
+      #
+      #   `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant.
+      #
+      #   `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant.
+      #
+      #   The type of this field is nilable +String+.
+      # allowed_oauth_tenants::
+      #   A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot".
+      #   The type of this field is nilable +object+.
       #
       # == Returns:
       # An object with the following fields:
@@ -319,7 +330,9 @@ def create(
         mfa_policy: nil,
         rbac_email_implicit_role_assignments: nil,
         mfa_methods: nil,
-        allowed_mfa_methods: nil
+        allowed_mfa_methods: nil,
+        oauth_tenant_jit_provisioning: nil,
+        allowed_oauth_tenants: nil
       )
         headers = {}
         request = {
@@ -341,6 +354,8 @@ def create(
         request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
         request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
         request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
+        request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
+        request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
 
         post_request('/v1/b2b/discovery/organizations/create', request, headers)
       end

diff --git a/lib/stytch/b2b_organizations.rb b/lib/stytch/b2b_organizations.rb
@@ -150,6 +150,17 @@ def initialize(connection)
     #   The list's accepted values are: `sms_otp` and `totp`.
     #
     #   The type of this field is nilable list of +String+.
+    # oauth_tenant_jit_provisioning::
+    #   The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are:
+    #
+    #   `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant.
+    #
+    #   `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant.
+    #
+    #   The type of this field is nilable +String+.
+    # allowed_oauth_tenants::
+    #   A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot".
+    #   The type of this field is nilable +object+.
     #
     # == Returns:
     # An object with the following fields:
@@ -176,7 +187,9 @@ def create(
       mfa_policy: nil,
       rbac_email_implicit_role_assignments: nil,
       mfa_methods: nil,
-      allowed_mfa_methods: nil
+      allowed_mfa_methods: nil,
+      oauth_tenant_jit_provisioning: nil,
+      allowed_oauth_tenants: nil
     )
       headers = {}
       request = {
@@ -195,6 +208,8 @@ def create(
       request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
       request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
       request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
+      request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
+      request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
 
       post_request('/v1/b2b/organizations', request, headers)
     end
@@ -359,6 +374,21 @@ def get(
     #
     # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.
     #   The type of this field is nilable list of +String+.
+    # oauth_tenant_jit_provisioning::
+    #   The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are:
+    #
+    #   `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant.
+    #
+    #   `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant.
+    #
+    #
+    # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.oauth-tenant-jit-provisioning` action on the `stytch.organization` Resource.
+    #   The type of this field is nilable +String+.
+    # allowed_oauth_tenants::
+    #   A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot".
+    #
+    # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-oauth-tenants` action on the `stytch.organization` Resource.
+    #   The type of this field is nilable +object+.
     #
     # == Returns:
     # An object with the following fields:
@@ -392,6 +422,8 @@ def update(
       rbac_email_implicit_role_assignments: nil,
       mfa_methods: nil,
       allowed_mfa_methods: nil,
+      oauth_tenant_jit_provisioning: nil,
+      allowed_oauth_tenants: nil,
       method_options: nil
     )
       headers = {}
@@ -413,6 +445,8 @@ def update(
       request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
       request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
       request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
+      request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
+      request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
 
       put_request("/v1/b2b/organizations/#{organization_id}", request, headers)
     end

diff --git a/lib/stytch/b2b_scim.rb b/lib/stytch/b2b_scim.rb
@@ -194,7 +194,7 @@ def initialize(connection)
       #   (no documentation yet)
       #   The type of this field is nilable +UpdateRequestIdentityProvider+ (string enum).
       # scim_group_implicit_role_assignments::
-      #   An array of SCIM group implicit role assignments. Each object in the array must contain a `group` and a `role_id`.
+      #   An array of SCIM group implicit role assignments. Each object in the array must contain a `group_id` and a `role_id`.
       #   The type of this field is nilable list of +SCIMGroupImplicitRoleAssignments+.
       #
       # == Returns:
@@ -460,7 +460,7 @@ def create(
         post_request("/v1/b2b/scim/#{organization_id}/connection", request, headers)
       end
 
-      # Get SCIM Connections.
+      # Get SCIM Connection.
       #
       # == Parameters:
       # organization_id::

diff --git a/lib/stytch/version.rb b/lib/stytch/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Stytch
-  VERSION = '9.4.0'
+  VERSION = '9.5.0'
 end