Simplify logic

stytchauth · Dec 6, 2023 · 190ab8e · 190ab8e
1 parent 6aa2bf1
commit 190ab8e
Show file tree

Hide file tree

Showing 28 changed files with 148 additions and 216 deletions.
diff --git a/stytch/b2b/api/discovery.py b/stytch/b2b/api/discovery.py
@@ -23,12 +23,6 @@ def __init__(
         self.sync_client = sync_client
         self.async_client = async_client
         self.intermediate_sessions = IntermediateSessions(
-            api_base=api_base,
-            sync_client=sync_client,
-            async_client=async_client,
-        )
-        self.organizations = Organizations(
-            api_base=api_base,
-            sync_client=sync_client,
-            async_client=async_client,
+            api_base, sync_client, async_client
         )
+        self.organizations = Organizations(api_base, sync_client, async_client)
diff --git a/stytch/b2b/api/magic_links.py b/stytch/b2b/api/magic_links.py
@@ -28,16 +28,8 @@ def __init__(
         self.api_base = api_base
         self.sync_client = sync_client
         self.async_client = async_client
-        self.email = Email(
-            api_base=api_base,
-            sync_client=sync_client,
-            async_client=async_client,
-        )
-        self.discovery = Discovery(
-            api_base=api_base,
-            sync_client=sync_client,
-            async_client=async_client,
-        )
+        self.email = Email(api_base, sync_client, async_client)
+        self.discovery = Discovery(api_base, sync_client, async_client)
 
     def authenticate(
         self,

diff --git a/stytch/b2b/api/magic_links_email.py b/stytch/b2b/api/magic_links_email.py
@@ -29,11 +29,7 @@ def __init__(
         self.api_base = api_base
         self.sync_client = sync_client
         self.async_client = async_client
-        self.discovery = Discovery(
-            api_base=api_base,
-            sync_client=sync_client,
-            async_client=async_client,
-        )
+        self.discovery = Discovery(api_base, sync_client, async_client)
 
     def login_or_signup(
         self,

diff --git a/stytch/b2b/api/oauth.py b/stytch/b2b/api/oauth.py
@@ -24,11 +24,7 @@ def __init__(
         self.api_base = api_base
         self.sync_client = sync_client
         self.async_client = async_client
-        self.discovery = Discovery(
-            api_base=api_base,
-            sync_client=sync_client,
-            async_client=async_client,
-        )
+        self.discovery = Discovery(api_base, sync_client, async_client)
 
     def authenticate(
         self,

diff --git a/stytch/b2b/api/organizations.py b/stytch/b2b/api/organizations.py
@@ -31,11 +31,7 @@ def __init__(
         self.api_base = api_base
         self.sync_client = sync_client
         self.async_client = async_client
-        self.members = Members(
-            api_base=api_base,
-            sync_client=sync_client,
-            async_client=async_client,
-        )
+        self.members = Members(api_base, sync_client, async_client)
 
     def create(
         self,
@@ -58,8 +54,8 @@ def create(
         *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.
 
         Fields:
-          - organization_name: The name of the Organization.
-          - organization_slug: The unique URL slug of the Organization. A minimum of two characters is required. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`.
+          - organization_name: The name of the Organization. Must be between 1 and 128 characters in length.
+          - organization_slug: The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
           - organization_logo_url: The image URL of the Organization logo.
           - trusted_metadata: An arbitrary JSON object for storing application-specific data or identity-provider-specific data.
           - sso_jit_provisioning: The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are:
@@ -154,8 +150,8 @@ async def create_async(
         *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.
 
         Fields:
-          - organization_name: The name of the Organization.
-          - organization_slug: The unique URL slug of the Organization. A minimum of two characters is required. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`.
+          - organization_name: The name of the Organization. Must be between 1 and 128 characters in length.
+          - organization_slug: The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
           - organization_logo_url: The image URL of the Organization logo.
           - trusted_metadata: An arbitrary JSON object for storing application-specific data or identity-provider-specific data.
           - sso_jit_provisioning: The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are:
@@ -286,8 +282,8 @@ def update(
 
         Fields:
           - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
-          - organization_name: The name of the Organization.
-          - organization_slug: The unique URL slug of the Organization. A minimum of two characters is required. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`.
+          - organization_name: The name of the Organization. Must be between 1 and 128 characters in length.
+          - organization_slug: The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
           - organization_logo_url: The image URL of the Organization logo.
           - trusted_metadata: An arbitrary JSON object for storing application-specific data or identity-provider-specific data.
           - sso_default_connection_id: The default connection used for SSO when there are multiple active connections.
@@ -395,8 +391,8 @@ async def update_async(
 
         Fields:
           - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
-          - organization_name: The name of the Organization.
-          - organization_slug: The unique URL slug of the Organization. A minimum of two characters is required. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`.
+          - organization_name: The name of the Organization. Must be between 1 and 128 characters in length.
+          - organization_slug: The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
           - organization_logo_url: The image URL of the Organization logo.
           - trusted_metadata: An arbitrary JSON object for storing application-specific data or identity-provider-specific data.
           - sso_default_connection_id: The default connection used for SSO when there are multiple active connections.

diff --git a/stytch/b2b/api/organizations_members.py b/stytch/b2b/api/organizations_members.py
@@ -392,6 +392,11 @@ def dangerously_get(
         self,
         member_id: str,
     ) -> GetResponse:
+        """Get a Member by `member_id`. This endpoint does not require an `organization_id`, so you can use it to get members across organizations. This is a dangerous operation. Incorrect use may open you up to indirect object reference (IDOR) attacks. We recommend using the [Get Member](https://stytch.com/docs/b2b/api/get-member) API instead.
+
+        Fields:
+          - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+        """  # noqa
         data: Dict[str, Any] = {
             "member_id": member_id,
         }
@@ -406,6 +411,11 @@ async def dangerously_get_async(
         self,
         member_id: str,
     ) -> GetResponse:
+        """Get a Member by `member_id`. This endpoint does not require an `organization_id`, so you can use it to get members across organizations. This is a dangerous operation. Incorrect use may open you up to indirect object reference (IDOR) attacks. We recommend using the [Get Member](https://stytch.com/docs/b2b/api/get-member) API instead.
+
+        Fields:
+          - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
+        """  # noqa
         data: Dict[str, Any] = {
             "member_id": member_id,
         }

diff --git a/stytch/b2b/api/otp.py b/stytch/b2b/api/otp.py
@@ -21,8 +21,4 @@ def __init__(
         self.api_base = api_base
         self.sync_client = sync_client
         self.async_client = async_client
-        self.sms = Sms(
-            api_base=api_base,
-            sync_client=sync_client,
-            async_client=async_client,
-        )
+        self.sms = Sms(api_base, sync_client, async_client)
diff --git a/stytch/b2b/api/passwords.py b/stytch/b2b/api/passwords.py
@@ -39,21 +39,9 @@ def __init__(
         self.api_base = api_base
         self.sync_client = sync_client
         self.async_client = async_client
-        self.email = Email(
-            api_base=api_base,
-            sync_client=sync_client,
-            async_client=async_client,
-        )
-        self.sessions = Sessions(
-            api_base=api_base,
-            sync_client=sync_client,
-            async_client=async_client,
-        )
-        self.existing_password = ExistingPassword(
-            api_base=api_base,
-            sync_client=sync_client,
-            async_client=async_client,
-        )
+        self.email = Email(api_base, sync_client, async_client)
+        self.sessions = Sessions(api_base, sync_client, async_client)
+        self.existing_password = ExistingPassword(api_base, sync_client, async_client)
 
     def strength_check(
         self,

diff --git a/stytch/b2b/api/passwords_session.py b/stytch/b2b/api/passwords_session.py
@@ -41,9 +41,26 @@ def reset(
           - password: The password to authenticate.
           - session_token: A secret token for a given Stytch Session.
           - session_jwt: The JSON Web Token (JWT) for a given Stytch Session.
-          - session_duration_minutes: (no documentation yet)
-          - session_custom_claims: (no documentation yet)
-          - locale: (no documentation yet)
+          - session_duration_minutes: Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+          returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+          five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+
+          This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+
+          If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+
+          If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
+          to use the Stytch session product, you can ignore the session fields in the response.
+          - session_custom_claims: Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
+          `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
+          delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
+          Total custom claims size cannot exceed four kilobytes.
+          - locale: Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+
+        Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
+
+        Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
+
         """  # noqa
         data: Dict[str, Any] = {
             "organization_id": organization_id,
@@ -81,9 +98,26 @@ async def reset_async(
           - password: The password to authenticate.
           - session_token: A secret token for a given Stytch Session.
           - session_jwt: The JSON Web Token (JWT) for a given Stytch Session.
-          - session_duration_minutes: (no documentation yet)
-          - session_custom_claims: (no documentation yet)
-          - locale: (no documentation yet)
+          - session_duration_minutes: Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
+          returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
+          five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+
+          This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+
+          If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
+
+          If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
+          to use the Stytch session product, you can ignore the session fields in the response.
+          - session_custom_claims: Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
+          `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
+          delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
+          Total custom claims size cannot exceed four kilobytes.
+          - locale: Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
+
+        Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
+
+        Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
+
         """  # noqa
         data: Dict[str, Any] = {
             "organization_id": organization_id,

diff --git a/stytch/b2b/api/rbac.py b/stytch/b2b/api/rbac.py
@@ -15,10 +15,7 @@
 
 class RBAC:
     def __init__(
-        self,
-        api_base: ApiBase,
-        sync_client: SyncClient,
-        async_client: AsyncClient,
+        self, api_base: ApiBase, sync_client: SyncClient, async_client: AsyncClient
     ) -> None:
         self.api_base = api_base
         self.sync_client = sync_client

diff --git a/stytch/b2b/api/sessions.py b/stytch/b2b/api/sessions.py
@@ -35,22 +35,14 @@ def __init__(
         async_client: AsyncClient,
         jwks_client: jwt.PyJWKClient,
         project_id: str,
+        policy_cache: PolicyCache,
     ) -> None:
         self.api_base = api_base
         self.sync_client = sync_client
         self.async_client = async_client
+        self.policy_cache = policy_cache
         self.jwks_client = jwks_client
         self.project_id = project_id
-        self._policy_cache: Optional[PolicyCache] = None
-
-    @property
-    def policy_cache(self) -> PolicyCache:
-        assert self._policy_cache is not None
-        return self._policy_cache
-
-    @policy_cache.setter
-    def policy_cache(self, policy_cache: PolicyCache) -> None:
-        self._policy_cache = policy_cache
 
     def get(
         self,

diff --git a/stytch/b2b/api/sso.py b/stytch/b2b/api/sso.py
@@ -30,16 +30,8 @@ def __init__(
         self.api_base = api_base
         self.sync_client = sync_client
         self.async_client = async_client
-        self.oidc = OIDC(
-            api_base=api_base,
-            sync_client=sync_client,
-            async_client=async_client,
-        )
-        self.saml = SAML(
-            api_base=api_base,
-            sync_client=sync_client,
-            async_client=async_client,
-        )
+        self.oidc = OIDC(api_base, sync_client, async_client)
+        self.saml = SAML(api_base, sync_client, async_client)
 
     def get_connections(
         self,

diff --git a/stytch/b2b/api/sso_saml.py b/stytch/b2b/api/sso_saml.py
@@ -98,7 +98,7 @@ def update_connection(
           - attribute_mapping: An object that represents the attributes used to identify a Member. This object will map the IdP-defined User attributes to Stytch-specific values. Required attributes: `email` and one of `full_name` or `first_name` and `last_name`.
           - x509_certificate: A certificate that Stytch will use to verify the sign-in assertion sent by the IdP, in [PEM](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail) format. See our [X509 guide](https://stytch.com/docs/b2b/api/saml-certificates) for more info.
           - idp_sso_url: The URL for which assertions for login requests will be sent. This will be provided by the IdP.
-          - alternative_audience_uri: (no documentation yet)
+          - alternative_audience_uri: An alternative URL to use for the Audience Restriction. This value can be used when you wish to migrate an existing SAML integration to Stytch with zero downtime.
         """  # noqa
         data: Dict[str, Any] = {
             "organization_id": organization_id,
@@ -150,7 +150,7 @@ async def update_connection_async(
           - attribute_mapping: An object that represents the attributes used to identify a Member. This object will map the IdP-defined User attributes to Stytch-specific values. Required attributes: `email` and one of `full_name` or `first_name` and `last_name`.
           - x509_certificate: A certificate that Stytch will use to verify the sign-in assertion sent by the IdP, in [PEM](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail) format. See our [X509 guide](https://stytch.com/docs/b2b/api/saml-certificates) for more info.
           - idp_sso_url: The URL for which assertions for login requests will be sent. This will be provided by the IdP.
-          - alternative_audience_uri: (no documentation yet)
+          - alternative_audience_uri: An alternative URL to use for the Audience Restriction. This value can be used when you wish to migrate an existing SAML integration to Stytch with zero downtime.
         """  # noqa
         data: Dict[str, Any] = {
             "organization_id": organization_id,

diff --git a/stytch/b2b/client.py b/stytch/b2b/client.py
@@ -39,6 +39,14 @@ def __init__(
     ):
         super().__init__(project_id, secret, environment, suppress_warnings)
 
+        policy_cache = PolicyCache(
+            RBAC(
+                api_base=self.api_base,
+                sync_client=self.sync_client,
+                async_client=self.async_client,
+            )
+        )
+
         self.discovery = Discovery(
             api_base=self.api_base,
             sync_client=self.sync_client,
@@ -92,10 +100,8 @@ def __init__(
             async_client=self.async_client,
             jwks_client=self.jwks_client,
             project_id=project_id,
+            policy_cache=policy_cache,
         )
-        # Set up the policy cache for local RBAC
-        policy_cache = PolicyCache(self.rbac)
-        self.sessions.policy_cache = policy_cache
 
     def get_jwks_client(self, project_id: str) -> jwt.PyJWKClient:
         data = {"project_id": project_id}