diff --git a/stytch/b2b/api/discovery_organizations.py b/stytch/b2b/api/discovery_organizations.py index 22dd69f..e68ba0e 100644 --- a/stytch/b2b/api/discovery_organizations.py +++ b/stytch/b2b/api/discovery_organizations.py @@ -43,6 +43,8 @@ def create( ] = None, mfa_methods: Optional[str] = None, allowed_mfa_methods: Optional[List[str]] = None, + oauth_tenant_jit_provisioning: Optional[str] = None, + allowed_oauth_tenants: Optional[Dict[str, Any]] = None, ) -> CreateResponse: """If an end user does not want to join any already-existing Organization, or has no possible Organizations to join, this endpoint can be used to create a new [Organization](https://stytch.com/docs/b2b/api/organization-object) and [Member](https://stytch.com/docs/b2b/api/member-object). @@ -134,6 +136,13 @@ def create( - allowed_mfa_methods: An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`. The list's accepted values are: `sms_otp` and `totp`. + - oauth_tenant_jit_provisioning: The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are: + + `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant. + + `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant. + + - allowed_oauth_tenants: A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot". """ # noqa headers: Dict[str, str] = {} data: Dict[str, Any] = { @@ -172,6 +181,10 @@ def create( data["mfa_methods"] = mfa_methods if allowed_mfa_methods is not None: data["allowed_mfa_methods"] = allowed_mfa_methods + if oauth_tenant_jit_provisioning is not None: + data["oauth_tenant_jit_provisioning"] = oauth_tenant_jit_provisioning + if allowed_oauth_tenants is not None: + data["allowed_oauth_tenants"] = allowed_oauth_tenants url = self.api_base.url_for("/v1/b2b/discovery/organizations/create", data) res = self.sync_client.post(url, data, headers) @@ -198,6 +211,8 @@ async def create_async( ] = None, mfa_methods: Optional[str] = None, allowed_mfa_methods: Optional[List[str]] = None, + oauth_tenant_jit_provisioning: Optional[str] = None, + allowed_oauth_tenants: Optional[Dict[str, Any]] = None, ) -> CreateResponse: """If an end user does not want to join any already-existing Organization, or has no possible Organizations to join, this endpoint can be used to create a new [Organization](https://stytch.com/docs/b2b/api/organization-object) and [Member](https://stytch.com/docs/b2b/api/member-object). @@ -289,6 +304,13 @@ async def create_async( - allowed_mfa_methods: An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`. The list's accepted values are: `sms_otp` and `totp`. + - oauth_tenant_jit_provisioning: The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are: + + `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant. + + `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant. + + - allowed_oauth_tenants: A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot". """ # noqa headers: Dict[str, str] = {} data: Dict[str, Any] = { @@ -327,6 +349,10 @@ async def create_async( data["mfa_methods"] = mfa_methods if allowed_mfa_methods is not None: data["allowed_mfa_methods"] = allowed_mfa_methods + if oauth_tenant_jit_provisioning is not None: + data["oauth_tenant_jit_provisioning"] = oauth_tenant_jit_provisioning + if allowed_oauth_tenants is not None: + data["allowed_oauth_tenants"] = allowed_oauth_tenants url = self.api_base.url_for("/v1/b2b/discovery/organizations/create", data) res = await self.async_client.post(url, data, headers) diff --git a/stytch/b2b/api/organizations.py b/stytch/b2b/api/organizations.py index e2fad37..c2b25a8 100644 --- a/stytch/b2b/api/organizations.py +++ b/stytch/b2b/api/organizations.py @@ -56,6 +56,8 @@ def create( ] = None, mfa_methods: Optional[str] = None, allowed_mfa_methods: Optional[List[str]] = None, + oauth_tenant_jit_provisioning: Optional[str] = None, + allowed_oauth_tenants: Optional[Dict[str, Any]] = None, ) -> CreateResponse: """Creates an Organization. An `organization_name` and a unique `organization_slug` are required. @@ -122,6 +124,13 @@ def create( - allowed_mfa_methods: An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`. The list's accepted values are: `sms_otp` and `totp`. + - oauth_tenant_jit_provisioning: The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are: + + `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant. + + `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant. + + - allowed_oauth_tenants: A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot". """ # noqa headers: Dict[str, str] = {} data: Dict[str, Any] = { @@ -156,6 +165,10 @@ def create( data["mfa_methods"] = mfa_methods if allowed_mfa_methods is not None: data["allowed_mfa_methods"] = allowed_mfa_methods + if oauth_tenant_jit_provisioning is not None: + data["oauth_tenant_jit_provisioning"] = oauth_tenant_jit_provisioning + if allowed_oauth_tenants is not None: + data["allowed_oauth_tenants"] = allowed_oauth_tenants url = self.api_base.url_for("/v1/b2b/organizations", data) res = self.sync_client.post(url, data, headers) @@ -179,6 +192,8 @@ async def create_async( ] = None, mfa_methods: Optional[str] = None, allowed_mfa_methods: Optional[List[str]] = None, + oauth_tenant_jit_provisioning: Optional[str] = None, + allowed_oauth_tenants: Optional[Dict[str, Any]] = None, ) -> CreateResponse: """Creates an Organization. An `organization_name` and a unique `organization_slug` are required. @@ -245,6 +260,13 @@ async def create_async( - allowed_mfa_methods: An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`. The list's accepted values are: `sms_otp` and `totp`. + - oauth_tenant_jit_provisioning: The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are: + + `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant. + + `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant. + + - allowed_oauth_tenants: A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot". """ # noqa headers: Dict[str, str] = {} data: Dict[str, Any] = { @@ -279,6 +301,10 @@ async def create_async( data["mfa_methods"] = mfa_methods if allowed_mfa_methods is not None: data["allowed_mfa_methods"] = allowed_mfa_methods + if oauth_tenant_jit_provisioning is not None: + data["oauth_tenant_jit_provisioning"] = oauth_tenant_jit_provisioning + if allowed_oauth_tenants is not None: + data["allowed_oauth_tenants"] = allowed_oauth_tenants url = self.api_base.url_for("/v1/b2b/organizations", data) res = await self.async_client.post(url, data, headers) @@ -341,6 +367,8 @@ def update( ] = None, mfa_methods: Optional[str] = None, allowed_mfa_methods: Optional[List[str]] = None, + oauth_tenant_jit_provisioning: Optional[str] = None, + allowed_oauth_tenants: Optional[Dict[str, Any]] = None, method_options: Optional[UpdateRequestOptions] = None, ) -> UpdateResponse: """Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members. @@ -442,6 +470,17 @@ def update( If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource. + - oauth_tenant_jit_provisioning: The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are: + + `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant. + + `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant. + + + If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.oauth-tenant-jit-provisioning` action on the `stytch.organization` Resource. + - allowed_oauth_tenants: A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot". + + If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-oauth-tenants` action on the `stytch.organization` Resource. """ # noqa headers: Dict[str, str] = {} if method_options is not None: @@ -486,6 +525,10 @@ def update( data["mfa_methods"] = mfa_methods if allowed_mfa_methods is not None: data["allowed_mfa_methods"] = allowed_mfa_methods + if oauth_tenant_jit_provisioning is not None: + data["oauth_tenant_jit_provisioning"] = oauth_tenant_jit_provisioning + if allowed_oauth_tenants is not None: + data["allowed_oauth_tenants"] = allowed_oauth_tenants url = self.api_base.url_for("/v1/b2b/organizations/{organization_id}", data) res = self.sync_client.put(url, data, headers) @@ -512,6 +555,8 @@ async def update_async( ] = None, mfa_methods: Optional[str] = None, allowed_mfa_methods: Optional[List[str]] = None, + oauth_tenant_jit_provisioning: Optional[str] = None, + allowed_oauth_tenants: Optional[Dict[str, Any]] = None, method_options: Optional[UpdateRequestOptions] = None, ) -> UpdateResponse: """Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members. @@ -613,6 +658,17 @@ async def update_async( If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource. + - oauth_tenant_jit_provisioning: The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are: + + `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant. + + `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant. + + + If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.oauth-tenant-jit-provisioning` action on the `stytch.organization` Resource. + - allowed_oauth_tenants: A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot". + + If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-oauth-tenants` action on the `stytch.organization` Resource. """ # noqa headers: Dict[str, str] = {} if method_options is not None: @@ -657,6 +713,10 @@ async def update_async( data["mfa_methods"] = mfa_methods if allowed_mfa_methods is not None: data["allowed_mfa_methods"] = allowed_mfa_methods + if oauth_tenant_jit_provisioning is not None: + data["oauth_tenant_jit_provisioning"] = oauth_tenant_jit_provisioning + if allowed_oauth_tenants is not None: + data["allowed_oauth_tenants"] = allowed_oauth_tenants url = self.api_base.url_for("/v1/b2b/organizations/{organization_id}", data) res = await self.async_client.put(url, data, headers) diff --git a/stytch/b2b/models/organizations.py b/stytch/b2b/models/organizations.py index dda73f3..85e3013 100644 --- a/stytch/b2b/models/organizations.py +++ b/stytch/b2b/models/organizations.py @@ -243,11 +243,18 @@ class Organization(pydantic.BaseModel): - allowed_mfa_methods: An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`. The list's accepted values are: `sms_otp` and `totp`. + - oauth_tenant_jit_provisioning: The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are: + + `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant. + + `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant. + - trusted_metadata: An arbitrary JSON object for storing application-specific data or identity-provider-specific data. - created_at: The timestamp of the Organization's creation. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. - updated_at: The timestamp of when the Organization was last updated. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. - sso_default_connection_id: The default connection used for SSO when there are multiple active connections. - scim_active_connection: An active [SCIM Connection references](https://stytch.com/docs/b2b/api/scim-connection-object). + - allowed_oauth_tenants: A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot". """ # noqa organization_id: str @@ -266,11 +273,13 @@ class Organization(pydantic.BaseModel): rbac_email_implicit_role_assignments: List[EmailImplicitRoleAssignment] mfa_methods: str allowed_mfa_methods: List[str] + oauth_tenant_jit_provisioning: str trusted_metadata: Optional[Dict[str, Any]] = None created_at: Optional[datetime.datetime] = None updated_at: Optional[datetime.datetime] = None sso_default_connection_id: Optional[str] = None scim_active_connection: Optional[ActiveSCIMConnection] = None + allowed_oauth_tenants: Optional[Dict[str, Any]] = None class ResultsMetadata(pydantic.BaseModel): diff --git a/stytch/version.py b/stytch/version.py index 80314c5..faa2340 100644 --- a/stytch/version.py +++ b/stytch/version.py @@ -1 +1 @@ -__version__ = "11.3.0" +__version__ = "11.4.0"