Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release stytch-ruby v7 with new RBAC features #107

Merged
merged 14 commits into from
Dec 13, 2023
Merged

Release stytch-ruby v7 with new RBAC features #107

merged 14 commits into from
Dec 13, 2023

Conversation

logan-stytch
Copy link
Contributor

@logan-stytch logan-stytch commented Dec 8, 2023
edited
Loading

RBAC

  • The Stytch product will soon support role-based access control (RBAC)! See our RBAC guide at https://stytch.com/docs/b2b/guides/rbac/overview for more detailed explanations of our RBAC product.
  • RBAC policies must be set through the dashboard, but you can use various endpoints to assign Roles to Members and add implicit role assignments to Organizations and SSO connections (more details in the guide at https://stytch.com/docs/b2b/guides/rbac/role-assignment).
  • You can perform an RBAC authorization check when authenticating a JWT. This will use a locally cached version of the RBAC policy.
  • Some endpoints, such as Create Member, offer out-of-the-box handling of RBAC authorization checks if a session token or session JWT is passed in.

Other changes

  • Local JWT auth (both consumer and B2B) will set max_token_age_seconds to 300 if it was nil
  • Fixed a bug in local B2B JWT auth that meant certain "Invalid JWT" error constants weren't imported – the end result is that an error was still thrown, just a less useful one than we intended.
  • Calling authenticate_jwt_local will now marshal the decoded JWT into a session to be consistent with authenticate_jwt.
  • authenticate_jwt and authenticate_jwt_local now accept an optional AuthorizationCheck parameter for performing RBAC checks. These will use a cached version of the project's RBAC policy in order to make an authZ verdict.
    B2B sessions objects now hold a LazyCache that keeps track of the project's RBAC policy. This will only refresh the policy when using local JWT authentication with an authorization check. In other words, if your project does not use local JWT auth with RBAC checks, the cache will never fetch the policy.
  • Added support to core HTTP clients to send headers. This is used for certain routes that can be used in conjunction with RBAC for authorization, like magic_links.email.invite().
  • Additionally, this update features a large amount of documentation updates which should better reflect what you can find at https://stytch.com/docs.

@logan-stytch logan-stytch requested a review from a team as a code owner December 8, 2023 02:36
@logan-stytch logan-stytch changed the title [DNM] Release stytch-ruby v7 with new RBAC features Release stytch-ruby v7 with new RBAC features Dec 13, 2023
@logan-stytch logan-stytch merged commit c38f8b1 into main Dec 13, 2023
6 checks passed
@logan-stytch logan-stytch deleted the v7-prerelease branch December 13, 2023 21:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikhil-stytch nikhil-stytch nikhil-stytch approved these changes

@mia-stytch mia-stytch Awaiting requested review from mia-stytch mia-stytch is a code owner automatically assigned from stytchauth/client-libraries

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@logan-stytch @nikhil-stytch