Add User Impersonation Authenticate Method (#232)

Co-authored-by: Stytch Codegen Bot <[email protected]>
stytchauth · Jan 13, 2025 · 38baf27 · 38baf27
1 parent f11882c
commit 38baf27
Show file tree

Hide file tree

Showing 7 changed files with 89 additions and 8 deletions.
diff --git a/stytch/b2b/api/discovery_organizations.py b/stytch/b2b/api/discovery_organizations.py
@@ -115,7 +115,7 @@ def create(
           `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
 
           - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-          The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+          The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
           - mfa_policy: The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
 
@@ -285,7 +285,7 @@ async def create_async(
           `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
 
           - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-          The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+          The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
           - mfa_policy: The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
 

diff --git a/stytch/b2b/api/impersonation.py b/stytch/b2b/api/impersonation.py
@@ -0,0 +1,48 @@
+# !!!
+# WARNING: This file is autogenerated
+# Only modify code within MANUAL() sections
+# or your changes may be overwritten later!
+# !!!
+
+from __future__ import annotations
+
+from typing import Any, Dict
+
+from stytch.b2b.models.impersonation import AuthenticateResponse
+from stytch.core.api_base import ApiBase
+from stytch.core.http.client import AsyncClient, SyncClient
+
+
+class Impersonation:
+    def __init__(
+        self, api_base: ApiBase, sync_client: SyncClient, async_client: AsyncClient
+    ) -> None:
+        self.api_base = api_base
+        self.sync_client = sync_client
+        self.async_client = async_client
+
+    def authenticate(
+        self,
+        token: str,
+    ) -> AuthenticateResponse:
+        headers: Dict[str, str] = {}
+        data: Dict[str, Any] = {
+            "token": token,
+        }
+
+        url = self.api_base.url_for("/v1/b2b/impersonation/authenticate", data)
+        res = self.sync_client.post(url, data, headers)
+        return AuthenticateResponse.from_json(res.response.status_code, res.json)
+
+    async def authenticate_async(
+        self,
+        token: str,
+    ) -> AuthenticateResponse:
+        headers: Dict[str, str] = {}
+        data: Dict[str, Any] = {
+            "token": token,
+        }
+
+        url = self.api_base.url_for("/v1/b2b/impersonation/authenticate", data)
+        res = await self.async_client.post(url, data, headers)
+        return AuthenticateResponse.from_json(res.response.status, res.json)
diff --git a/stytch/b2b/api/organizations.py b/stytch/b2b/api/organizations.py
@@ -103,7 +103,7 @@ def create(
           `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
 
           - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-          The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+          The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
           - mfa_policy: The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
 
@@ -239,7 +239,7 @@ async def create_async(
           `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
 
           - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-          The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+          The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
           - mfa_policy: The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
 
@@ -439,7 +439,7 @@ def update(
 
         If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
           - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-          The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+          The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
 
         If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
@@ -627,7 +627,7 @@ async def update_async(
 
         If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
           - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-          The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+          The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
 
         If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.

diff --git a/stytch/b2b/client.py b/stytch/b2b/client.py
@@ -11,6 +11,7 @@
 import jwt
 
 from stytch.b2b.api.discovery import Discovery
+from stytch.b2b.api.impersonation import Impersonation
 from stytch.b2b.api.magic_links import MagicLinks
 from stytch.b2b.api.oauth import OAuth
 from stytch.b2b.api.organizations import Organizations
@@ -72,6 +73,11 @@ def __init__(
             sync_client=self.sync_client,
             async_client=self.async_client,
         )
+        self.impersonation = Impersonation(
+            api_base=self.api_base,
+            sync_client=self.sync_client,
+            async_client=self.async_client,
+        )
         self.m2m = M2M(
             api_base=self.api_base,
             sync_client=self.sync_client,

diff --git a/stytch/b2b/models/impersonation.py b/stytch/b2b/models/impersonation.py
@@ -0,0 +1,27 @@
+# !!!
+# WARNING: This file is autogenerated
+# Only modify code within MANUAL() sections
+# or your changes may be overwritten later!
+# !!!
+
+from __future__ import annotations
+
+from typing import Optional
+
+from stytch.b2b.models.mfa import MfaRequired
+from stytch.b2b.models.organizations import Member, Organization
+from stytch.b2b.models.sessions import MemberSession
+from stytch.core.response_base import ResponseBase
+
+
+class AuthenticateResponse(ResponseBase):
+    member_id: str
+    organization_id: str
+    member: Member
+    session_token: str
+    session_jwt: str
+    organization: Organization
+    intermediate_session_token: str
+    member_authenticated: bool
+    member_session: Optional[MemberSession] = None
+    mfa_required: Optional[MfaRequired] = None
diff --git a/stytch/b2b/models/organizations.py b/stytch/b2b/models/organizations.py
@@ -282,7 +282,7 @@ class Organization(pydantic.BaseModel):
       `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
 
       - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-      The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+      The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
       - mfa_policy: (no documentation yet)
       - rbac_email_implicit_role_assignments: Implicit role assignments based off of email domains.

diff --git a/stytch/version.py b/stytch/version.py
@@ -1 +1 @@
-__version__ = "12.1.0"
+__version__ = "12.2.0"