From 7369506bbeb909d7760e2a972f4f466dd1cb4b34 Mon Sep 17 00:00:00 2001 From: vincent <107003653+vincent-stytch@users.noreply.github.com> Date: Wed, 14 Aug 2024 10:06:52 -0700 Subject: [PATCH] Add allowed OAuth Tenants (#134) --- lib/stytch/b2b_discovery.rb | 17 +++++++++++++++- lib/stytch/b2b_organizations.rb | 36 ++++++++++++++++++++++++++++++++- lib/stytch/b2b_scim.rb | 4 ++-- lib/stytch/version.rb | 2 +- 4 files changed, 54 insertions(+), 5 deletions(-) diff --git a/lib/stytch/b2b_discovery.rb b/lib/stytch/b2b_discovery.rb index 375ab0a..584e433 100644 --- a/lib/stytch/b2b_discovery.rb +++ b/lib/stytch/b2b_discovery.rb @@ -263,6 +263,17 @@ def initialize(connection) # The list's accepted values are: `sms_otp` and `totp`. # # The type of this field is nilable list of +String+. + # oauth_tenant_jit_provisioning:: + # The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are: + # + # `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant. + # + # `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant. + # + # The type of this field is nilable +String+. + # allowed_oauth_tenants:: + # A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot". + # The type of this field is nilable +object+. # # == Returns: # An object with the following fields: @@ -319,7 +330,9 @@ def create( mfa_policy: nil, rbac_email_implicit_role_assignments: nil, mfa_methods: nil, - allowed_mfa_methods: nil + allowed_mfa_methods: nil, + oauth_tenant_jit_provisioning: nil, + allowed_oauth_tenants: nil ) headers = {} request = { @@ -341,6 +354,8 @@ def create( request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil? request[:mfa_methods] = mfa_methods unless mfa_methods.nil? request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil? + request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil? + request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil? post_request('/v1/b2b/discovery/organizations/create', request, headers) end diff --git a/lib/stytch/b2b_organizations.rb b/lib/stytch/b2b_organizations.rb index 77c906e..4976f2b 100644 --- a/lib/stytch/b2b_organizations.rb +++ b/lib/stytch/b2b_organizations.rb @@ -150,6 +150,17 @@ def initialize(connection) # The list's accepted values are: `sms_otp` and `totp`. # # The type of this field is nilable list of +String+. + # oauth_tenant_jit_provisioning:: + # The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are: + # + # `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant. + # + # `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant. + # + # The type of this field is nilable +String+. + # allowed_oauth_tenants:: + # A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot". + # The type of this field is nilable +object+. # # == Returns: # An object with the following fields: @@ -176,7 +187,9 @@ def create( mfa_policy: nil, rbac_email_implicit_role_assignments: nil, mfa_methods: nil, - allowed_mfa_methods: nil + allowed_mfa_methods: nil, + oauth_tenant_jit_provisioning: nil, + allowed_oauth_tenants: nil ) headers = {} request = { @@ -195,6 +208,8 @@ def create( request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil? request[:mfa_methods] = mfa_methods unless mfa_methods.nil? request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil? + request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil? + request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil? post_request('/v1/b2b/organizations', request, headers) end @@ -359,6 +374,21 @@ def get( # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource. # The type of this field is nilable list of +String+. + # oauth_tenant_jit_provisioning:: + # The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are: + # + # `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant. + # + # `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant. + # + # + # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.oauth-tenant-jit-provisioning` action on the `stytch.organization` Resource. + # The type of this field is nilable +String+. + # allowed_oauth_tenants:: + # A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot". + # + # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-oauth-tenants` action on the `stytch.organization` Resource. + # The type of this field is nilable +object+. # # == Returns: # An object with the following fields: @@ -392,6 +422,8 @@ def update( rbac_email_implicit_role_assignments: nil, mfa_methods: nil, allowed_mfa_methods: nil, + oauth_tenant_jit_provisioning: nil, + allowed_oauth_tenants: nil, method_options: nil ) headers = {} @@ -413,6 +445,8 @@ def update( request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil? request[:mfa_methods] = mfa_methods unless mfa_methods.nil? request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil? + request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil? + request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil? put_request("/v1/b2b/organizations/#{organization_id}", request, headers) end diff --git a/lib/stytch/b2b_scim.rb b/lib/stytch/b2b_scim.rb index 515fc9a..6d33350 100644 --- a/lib/stytch/b2b_scim.rb +++ b/lib/stytch/b2b_scim.rb @@ -194,7 +194,7 @@ def initialize(connection) # (no documentation yet) # The type of this field is nilable +UpdateRequestIdentityProvider+ (string enum). # scim_group_implicit_role_assignments:: - # An array of SCIM group implicit role assignments. Each object in the array must contain a `group` and a `role_id`. + # An array of SCIM group implicit role assignments. Each object in the array must contain a `group_id` and a `role_id`. # The type of this field is nilable list of +SCIMGroupImplicitRoleAssignments+. # # == Returns: @@ -460,7 +460,7 @@ def create( post_request("/v1/b2b/scim/#{organization_id}/connection", request, headers) end - # Get SCIM Connections. + # Get SCIM Connection. # # == Parameters: # organization_id:: diff --git a/lib/stytch/version.rb b/lib/stytch/version.rb index a727560..5185f1d 100644 --- a/lib/stytch/version.rb +++ b/lib/stytch/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Stytch - VERSION = '9.4.0' + VERSION = '9.5.0' end