diff --git a/stytch/b2b/api/discovery_intermediate_sessions.py b/stytch/b2b/api/discovery_intermediate_sessions.py index 56c3611..a1f3c95 100644 --- a/stytch/b2b/api/discovery_intermediate_sessions.py +++ b/stytch/b2b/api/discovery_intermediate_sessions.py @@ -45,7 +45,8 @@ def exchange( Fields: - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -111,7 +112,8 @@ async def exchange_async( Fields: - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. diff --git a/stytch/b2b/api/discovery_organizations.py b/stytch/b2b/api/discovery_organizations.py index 9ac8db2..04f563c 100644 --- a/stytch/b2b/api/discovery_organizations.py +++ b/stytch/b2b/api/discovery_organizations.py @@ -62,7 +62,8 @@ def create( Fields: - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - organization_name: The name of the Organization. If the name is not specified, a default name will be created based on the email used to initiate the discovery flow. If the email domain is a common email provider such as gmail.com, or if the email is a .edu email, the organization name will be generated based on the name portion of the email. Otherwise, the organization name will be generated based on the email domain. @@ -219,7 +220,8 @@ async def create_async( Fields: - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - organization_name: The name of the Organization. If the name is not specified, a default name will be created based on the email used to initiate the discovery flow. If the email domain is a common email provider such as gmail.com, or if the email is a .edu email, the organization name will be generated based on the name portion of the email. Otherwise, the organization name will be generated based on the email domain. @@ -358,7 +360,8 @@ def list( Fields: - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - session_token: A secret token for a given Stytch Session. @@ -399,7 +402,8 @@ async def list_async( Fields: - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - session_token: A secret token for a given Stytch Session. diff --git a/stytch/b2b/api/magic_links.py b/stytch/b2b/api/magic_links.py index fca99c8..af3983c 100644 --- a/stytch/b2b/api/magic_links.py +++ b/stytch/b2b/api/magic_links.py @@ -50,7 +50,8 @@ def authenticate( Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. - The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. + The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA step and acquire a full member session. The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. @@ -123,7 +124,8 @@ async def authenticate_async( Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. - The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. + The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA step and acquire a full member session. The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. diff --git a/stytch/b2b/api/organizations_members.py b/stytch/b2b/api/organizations_members.py index 61ae8fa..2aa0e91 100644 --- a/stytch/b2b/api/organizations_members.py +++ b/stytch/b2b/api/organizations_members.py @@ -8,6 +8,7 @@ from typing import Any, Dict, List, Optional +from stytch.b2b.api.organizations_members_oauth_providers import OAuthProviders from stytch.b2b.models.organizations import SearchQuery from stytch.b2b.models.organizations_members import ( CreateRequestOptions, @@ -39,6 +40,11 @@ def __init__( self.api_base = api_base self.sync_client = sync_client self.async_client = async_client + self.oauth_providers = OAuthProviders( + api_base=self.api_base, + sync_client=self.sync_client, + async_client=self.async_client, + ) def update( self, @@ -109,7 +115,10 @@ def update( - preserve_existing_sessions: Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO authentication factors with the affected SSO connection IDs will be revoked. - - default_mfa_method: The Member's default MFA method. This value is used to determine which secondary MFA method to use in the case of multiple methods registered for a Member. The current possible values are `sms_otp` and `totp`. + - default_mfa_method: Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`. + + If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.default-mfa-method` action on the `stytch.member` Resource. + Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.default-mfa-method` action on the `stytch.self` Resource. """ # noqa headers: Dict[str, str] = {} if method_options is not None: @@ -212,7 +221,10 @@ async def update_async( - preserve_existing_sessions: Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO authentication factors with the affected SSO connection IDs will be revoked. - - default_mfa_method: The Member's default MFA method. This value is used to determine which secondary MFA method to use in the case of multiple methods registered for a Member. The current possible values are `sms_otp` and `totp`. + - default_mfa_method: Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`. + + If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.default-mfa-method` action on the `stytch.member` Resource. + Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.default-mfa-method` action on the `stytch.self` Resource. """ # noqa headers: Dict[str, str] = {} if method_options is not None: diff --git a/stytch/b2b/api/organizations_members_oauth_providers.py b/stytch/b2b/api/organizations_members_oauth_providers.py new file mode 100644 index 0000000..19c8ab5 --- /dev/null +++ b/stytch/b2b/api/organizations_members_oauth_providers.py @@ -0,0 +1,137 @@ +# !!! +# WARNING: This file is autogenerated +# Only modify code within MANUAL() sections +# or your changes may be overwritten later! +# !!! + +from __future__ import annotations + +from typing import Any, Dict + +from stytch.b2b.models.organizations_members_oauth_providers import ( + GoogleResponse, + MicrosoftResponse, +) +from stytch.core.api_base import ApiBase +from stytch.core.http.client import AsyncClient, SyncClient + + +class OAuthProviders: + def __init__( + self, api_base: ApiBase, sync_client: SyncClient, async_client: AsyncClient + ) -> None: + self.api_base = api_base + self.sync_client = sync_client + self.async_client = async_client + + def google( + self, + organization_id: str, + member_id: str, + ) -> GoogleResponse: + """Retrieve the saved Google access token and ID token for a member. After a successful OAuth login, Stytch will save the + issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch will refresh the + access token automatically. + + __Note:__ Google does not issue a refresh token on every login, and refresh tokens may expire if unused. + To force a refresh token to be issued, pass the `?provider_prompt=consent` query param into the + [Start Google OAuth flow](https://stytch.com/docs/b2b/api/oauth-google-start) endpoint. + + Fields: + - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. + - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. + """ # noqa + headers: Dict[str, str] = {} + data: Dict[str, Any] = { + "organization_id": organization_id, + "member_id": member_id, + } + + url = self.api_base.url_for( + "/v1/b2b/organizations/{organization_id}/members/{member_id}/oauth_providers/google", + data, + ) + res = self.sync_client.get(url, data, headers) + return GoogleResponse.from_json(res.response.status_code, res.json) + + async def google_async( + self, + organization_id: str, + member_id: str, + ) -> GoogleResponse: + """Retrieve the saved Google access token and ID token for a member. After a successful OAuth login, Stytch will save the + issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch will refresh the + access token automatically. + + __Note:__ Google does not issue a refresh token on every login, and refresh tokens may expire if unused. + To force a refresh token to be issued, pass the `?provider_prompt=consent` query param into the + [Start Google OAuth flow](https://stytch.com/docs/b2b/api/oauth-google-start) endpoint. + + Fields: + - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. + - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. + """ # noqa + headers: Dict[str, str] = {} + data: Dict[str, Any] = { + "organization_id": organization_id, + "member_id": member_id, + } + + url = self.api_base.url_for( + "/v1/b2b/organizations/{organization_id}/members/{member_id}/oauth_providers/google", + data, + ) + res = await self.async_client.get(url, data, headers) + return GoogleResponse.from_json(res.response.status, res.json) + + def microsoft( + self, + organization_id: str, + member_id: str, + ) -> MicrosoftResponse: + """Retrieve the saved Microsoft access token and ID token for a member. After a successful OAuth login, Stytch will save the + issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch will refresh the + access token automatically. + + Fields: + - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. + - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. + """ # noqa + headers: Dict[str, str] = {} + data: Dict[str, Any] = { + "organization_id": organization_id, + "member_id": member_id, + } + + url = self.api_base.url_for( + "/v1/b2b/organizations/{organization_id}/members/{member_id}/oauth_providers/microsoft", + data, + ) + res = self.sync_client.get(url, data, headers) + return MicrosoftResponse.from_json(res.response.status_code, res.json) + + async def microsoft_async( + self, + organization_id: str, + member_id: str, + ) -> MicrosoftResponse: + """Retrieve the saved Microsoft access token and ID token for a member. After a successful OAuth login, Stytch will save the + issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch will refresh the + access token automatically. + + Fields: + - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. + - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. + """ # noqa + headers: Dict[str, str] = {} + data: Dict[str, Any] = { + "organization_id": organization_id, + "member_id": member_id, + } + + url = self.api_base.url_for( + "/v1/b2b/organizations/{organization_id}/members/{member_id}/oauth_providers/microsoft", + data, + ) + res = await self.async_client.get(url, data, headers) + return MicrosoftResponse.from_json(res.response.status, res.json) diff --git a/stytch/b2b/api/otp_sms.py b/stytch/b2b/api/otp_sms.py index 8be9975..b285588 100644 --- a/stytch/b2b/api/otp_sms.py +++ b/stytch/b2b/api/otp_sms.py @@ -66,7 +66,8 @@ def send( Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - session_token: A secret token for a given Stytch Session. @@ -133,7 +134,8 @@ async def send_async( Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - session_token: A secret token for a given Stytch Session. @@ -194,7 +196,8 @@ def authenticate( - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. - code: The code to authenticate. - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - session_token: A secret token for a given Stytch Session. @@ -281,7 +284,8 @@ async def authenticate_async( - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. - code: The code to authenticate. - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - session_token: A secret token for a given Stytch Session. diff --git a/stytch/b2b/api/recovery_codes.py b/stytch/b2b/api/recovery_codes.py index 80def10..93bbda1 100644 --- a/stytch/b2b/api/recovery_codes.py +++ b/stytch/b2b/api/recovery_codes.py @@ -43,7 +43,8 @@ def recover( - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. - recovery_code: The recovery code generated by a secondary MFA method. This code is used to authenticate in place of the secondary MFA method if that method as a backup. - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - session_token: A secret token for a given Stytch Session. @@ -102,7 +103,8 @@ async def recover_async( - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. - recovery_code: The recovery code generated by a secondary MFA method. This code is used to authenticate in place of the secondary MFA method if that method as a backup. - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - session_token: A secret token for a given Stytch Session. diff --git a/stytch/b2b/api/sso.py b/stytch/b2b/api/sso.py index 5913843..74a70cd 100644 --- a/stytch/b2b/api/sso.py +++ b/stytch/b2b/api/sso.py @@ -151,7 +151,8 @@ def authenticate( To link this authentication event to an existing Stytch session, include either the `session_token` or `session_jwt` param. If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. - The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. + The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA step and acquire a full member session. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step. @@ -222,7 +223,8 @@ async def authenticate_async( To link this authentication event to an existing Stytch session, include either the `session_token` or `session_jwt` param. If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. - The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. + The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA step and acquire a full member session. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step. diff --git a/stytch/b2b/api/totps.py b/stytch/b2b/api/totps.py index 2407b67..f832fae 100644 --- a/stytch/b2b/api/totps.py +++ b/stytch/b2b/api/totps.py @@ -43,7 +43,8 @@ def create( - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. - expiration_minutes: The expiration for the TOTP registration. If the newly created TOTP registration is not authenticated within this time frame the member will have to restart the registration flow. Defaults to 60 (1 hour) with a minimum of 5 and a maximum of 1440. - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - session_token: A secret token for a given Stytch Session. @@ -85,7 +86,8 @@ async def create_async( - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. - expiration_minutes: The expiration for the TOTP registration. If the newly created TOTP registration is not authenticated within this time frame the member will have to restart the registration flow. Defaults to 60 (1 hour) with a minimum of 5 and a maximum of 1440. - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - session_token: A secret token for a given Stytch Session. @@ -129,7 +131,8 @@ def authenticate( - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. - code: The code to authenticate. - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - session_token: A secret token for a given Stytch Session. @@ -201,7 +204,8 @@ async def authenticate_async( - member_id: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. - code: The code to authenticate. - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - session_token: A secret token for a given Stytch Session. diff --git a/stytch/b2b/models/discovery_intermediate_sessions.py b/stytch/b2b/models/discovery_intermediate_sessions.py index 0a0674c..2eb355e 100644 --- a/stytch/b2b/models/discovery_intermediate_sessions.py +++ b/stytch/b2b/models/discovery_intermediate_sessions.py @@ -31,7 +31,8 @@ class ExchangeResponse(ResponseBase): - organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object). - member_authenticated: Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization. - intermediate_session_token: The returned Intermediate Session Token is identical to the one that was originally passed in to the request. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization. + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a different existing Organization, or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization. - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object). diff --git a/stytch/b2b/models/discovery_organizations.py b/stytch/b2b/models/discovery_organizations.py index ce77dd4..db58a38 100644 --- a/stytch/b2b/models/discovery_organizations.py +++ b/stytch/b2b/models/discovery_organizations.py @@ -24,7 +24,8 @@ class CreateResponse(ResponseBase): - member: The [Member object](https://stytch.com/docs/b2b/api/member-object) - member_authenticated: Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization. - intermediate_session_token: The returned Intermediate Session Token is identical to the one that was originally passed in to the request. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization. + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a different existing Organization, or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization. - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object). diff --git a/stytch/b2b/models/magic_links.py b/stytch/b2b/models/magic_links.py index 5effd7c..26cda2e 100644 --- a/stytch/b2b/models/magic_links.py +++ b/stytch/b2b/models/magic_links.py @@ -35,7 +35,8 @@ class AuthenticateResponse(ResponseBase): - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object). - organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object). - intermediate_session_token: The returned Intermediate Session Token contains an Email Magic Link factor associated with the Member's email address. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization. + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a different existing Organization that allows login with Email Magic Links, or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization. - member_authenticated: Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization. diff --git a/stytch/b2b/models/magic_links_discovery.py b/stytch/b2b/models/magic_links_discovery.py index fa2c416..7ea080d 100644 --- a/stytch/b2b/models/magic_links_discovery.py +++ b/stytch/b2b/models/magic_links_discovery.py @@ -16,7 +16,8 @@ class AuthenticateResponse(ResponseBase): """Response type for `Discovery.authenticate`. Fields: - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - email_address: The email address. diff --git a/stytch/b2b/models/mfa.py b/stytch/b2b/models/mfa.py index 84bfcff..9f82a76 100644 --- a/stytch/b2b/models/mfa.py +++ b/stytch/b2b/models/mfa.py @@ -15,9 +15,11 @@ class MemberOptions(pydantic.BaseModel): """ Fields: - mfa_phone_number: The Member's MFA phone number. + - totp_registration_id: The Member's MFA TOTP registration ID. """ # noqa mfa_phone_number: str + totp_registration_id: str class MfaRequired(pydantic.BaseModel): diff --git a/stytch/b2b/models/oauth.py b/stytch/b2b/models/oauth.py index 89b37e8..9eca721 100644 --- a/stytch/b2b/models/oauth.py +++ b/stytch/b2b/models/oauth.py @@ -55,7 +55,8 @@ class AuthenticateResponse(ResponseBase): - reset_sessions: (no documentation yet) - member_authenticated: Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization. - intermediate_session_token: The returned Intermediate Session Token contains an OAuth factor associated with the Member's email address. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization. + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a different existing Organization that allows login with OAuth, or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization. - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object). diff --git a/stytch/b2b/models/oauth_discovery.py b/stytch/b2b/models/oauth_discovery.py index 6f31cab..f113392 100644 --- a/stytch/b2b/models/oauth_discovery.py +++ b/stytch/b2b/models/oauth_discovery.py @@ -16,7 +16,8 @@ class AuthenticateResponse(ResponseBase): """Response type for `Discovery.authenticate`. Fields: - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - email_address: The email address. diff --git a/stytch/b2b/models/organizations_members_oauth_providers.py b/stytch/b2b/models/organizations_members_oauth_providers.py new file mode 100644 index 0000000..73c9ea0 --- /dev/null +++ b/stytch/b2b/models/organizations_members_oauth_providers.py @@ -0,0 +1,49 @@ +# !!! +# WARNING: This file is autogenerated +# Only modify code within MANUAL() sections +# or your changes may be overwritten later! +# !!! + +from __future__ import annotations + +from typing import List + +from stytch.core.response_base import ResponseBase + + +class GoogleResponse(ResponseBase): + """Response type for `OAuthProviders.google`. + Fields: + - provider_type: Denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Microsoft, GitHub etc. + - provider_subject: The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or "Subject field" in OAuth protocols. + - access_token: The `access_token` that you may use to access the User's data in the provider's API. + - access_token_expires_in: The number of seconds until the access token expires. + - id_token: The `id_token` returned by the OAuth provider. ID Tokens are JWTs that contain structured information about a user. The exact content of each ID Token varies from provider to provider. ID Tokens are returned from OAuth providers that conform to the [OpenID Connect](https://openid.net/foundation/) specification, which is based on OAuth. + - scopes: The OAuth scopes included for a given provider. See each provider's section above to see which scopes are included by default and how to add custom scopes. + """ # noqa + + provider_type: str + provider_subject: str + access_token: str + access_token_expires_in: int + id_token: str + scopes: List[str] + + +class MicrosoftResponse(ResponseBase): + """Response type for `OAuthProviders.microsoft`. + Fields: + - provider_type: Denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Microsoft, GitHub etc. + - provider_subject: The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or "Subject field" in OAuth protocols. + - access_token: The `access_token` that you may use to access the User's data in the provider's API. + - access_token_expires_in: The number of seconds until the access token expires. + - id_token: The `id_token` returned by the OAuth provider. ID Tokens are JWTs that contain structured information about a user. The exact content of each ID Token varies from provider to provider. ID Tokens are returned from OAuth providers that conform to the [OpenID Connect](https://openid.net/foundation/) specification, which is based on OAuth. + - scopes: The OAuth scopes included for a given provider. See each provider's section above to see which scopes are included by default and how to add custom scopes. + """ # noqa + + provider_type: str + provider_subject: str + access_token: str + access_token_expires_in: int + id_token: str + scopes: List[str] diff --git a/stytch/b2b/models/passwords.py b/stytch/b2b/models/passwords.py index 6be2e46..247af7b 100644 --- a/stytch/b2b/models/passwords.py +++ b/stytch/b2b/models/passwords.py @@ -76,7 +76,8 @@ class AuthenticateResponse(ResponseBase): - session_jwt: The JSON Web Token (JWT) for a given Stytch Session. - organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object). - intermediate_session_token: The returned Intermediate Session Token contains a password factor associated with the Member. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization. + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization. Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints. - member_authenticated: Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization. - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object). diff --git a/stytch/b2b/models/passwords_email.py b/stytch/b2b/models/passwords_email.py index 027e68b..56d2b0f 100644 --- a/stytch/b2b/models/passwords_email.py +++ b/stytch/b2b/models/passwords_email.py @@ -38,7 +38,8 @@ class ResetResponse(ResponseBase): - session_jwt: The JSON Web Token (JWT) for a given Stytch Session. - organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object). - intermediate_session_token: The returned Intermediate Session Token contains a password factor associated with the Member. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization. + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization. Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints. - member_authenticated: Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization. - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object). diff --git a/stytch/b2b/models/passwords_existing_password.py b/stytch/b2b/models/passwords_existing_password.py index 06427c2..9a7b9a0 100644 --- a/stytch/b2b/models/passwords_existing_password.py +++ b/stytch/b2b/models/passwords_existing_password.py @@ -30,7 +30,8 @@ class ResetResponse(ResponseBase): - session_jwt: The JSON Web Token (JWT) for a given Stytch Session. - organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object). - intermediate_session_token: The returned Intermediate Session Token contains a password factor associated with the Member. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization. + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization. Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints. - member_authenticated: Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization. - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object). diff --git a/stytch/b2b/models/passwords_session.py b/stytch/b2b/models/passwords_session.py index 63930d3..4fc515e 100644 --- a/stytch/b2b/models/passwords_session.py +++ b/stytch/b2b/models/passwords_session.py @@ -30,7 +30,8 @@ class ResetResponse(ResponseBase): - session_token: A secret token for a given Stytch Session. - session_jwt: The JSON Web Token (JWT) for a given Stytch Session. - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete an MFA flow; + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow; the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - member_authenticated: Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization. diff --git a/stytch/b2b/models/sessions.py b/stytch/b2b/models/sessions.py index bd625e3..b095b45 100644 --- a/stytch/b2b/models/sessions.py +++ b/stytch/b2b/models/sessions.py @@ -109,7 +109,8 @@ class ExchangeResponse(ResponseBase): - organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object). - member_authenticated: Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization. - intermediate_session_token: The returned Intermediate Session Token contains any Email Magic Link or OAuth factors from the original member session that are valid for the target Organization. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the target Organization. + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the target Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a different existing Organization, or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization. - mfa_required: Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA. diff --git a/stytch/b2b/models/sso.py b/stytch/b2b/models/sso.py index 5d3d8ff..a7db45e 100644 --- a/stytch/b2b/models/sso.py +++ b/stytch/b2b/models/sso.py @@ -120,7 +120,8 @@ class AuthenticateResponse(ResponseBase): Stytch's Session product. If you are using Stytch's Session product, we revoke the Member’s other Sessions for you. - organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object). - intermediate_session_token: The returned Intermediate Session Token contains an SSO factor associated with the Member. - The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA flow and log in to the Organization. + The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), + or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA flow and log in to the Organization. SSO factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints. - member_authenticated: Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization. - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object). diff --git a/stytch/consumer/api/otp_email.py b/stytch/consumer/api/otp_email.py index fff022c..4f633a3 100644 --- a/stytch/consumer/api/otp_email.py +++ b/stytch/consumer/api/otp_email.py @@ -45,7 +45,7 @@ def send( This endpoint also allows you to add a new email address to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in your Send one-time passcode by email request will add the new, unverified email address to the existing Stytch User. If the user successfully authenticates within 5 minutes, the new email address will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that email address will create a new User. ### Next steps - Collect the OTP which was delivered to the user. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`. + Collect the OTP which was delivered to the user. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `email_id` found in the response as the `method_id`. Fields: - email: The email address of the user to send the one-time passcode to. You may use sandbox@stytch.com to test this endpoint, see [Testing](https://stytch.com/docs/home#resources_testing) for more detail. @@ -106,7 +106,7 @@ async def send_async( This endpoint also allows you to add a new email address to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in your Send one-time passcode by email request will add the new, unverified email address to the existing Stytch User. If the user successfully authenticates within 5 minutes, the new email address will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that email address will create a new User. ### Next steps - Collect the OTP which was delivered to the user. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`. + Collect the OTP which was delivered to the user. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `email_id` found in the response as the `method_id`. Fields: - email: The email address of the user to send the one-time passcode to. You may use sandbox@stytch.com to test this endpoint, see [Testing](https://stytch.com/docs/home#resources_testing) for more detail. diff --git a/stytch/consumer/api/webauthn.py b/stytch/consumer/api/webauthn.py index 245a026..ef911c5 100644 --- a/stytch/consumer/api/webauthn.py +++ b/stytch/consumer/api/webauthn.py @@ -379,7 +379,7 @@ def update( """Updates a Passkey or WebAuthn registration. Fields: - - webauthn_registration_id: Globally unique UUID that identifies a Passkey or WebAuthn registration in the Stytch API. The `webautn_registration_id` is used when you need to operate on a specific User's WebAuthn registartion. + - webauthn_registration_id: Globally unique UUID that identifies a Passkey or WebAuthn registration in the Stytch API. The `webauthn_registration_id` is used when you need to operate on a specific User's WebAuthn registration. - name: The `name` of the WebAuthn registration or Passkey. """ # noqa headers: Dict[str, str] = {} @@ -400,7 +400,7 @@ async def update_async( """Updates a Passkey or WebAuthn registration. Fields: - - webauthn_registration_id: Globally unique UUID that identifies a Passkey or WebAuthn registration in the Stytch API. The `webautn_registration_id` is used when you need to operate on a specific User's WebAuthn registartion. + - webauthn_registration_id: Globally unique UUID that identifies a Passkey or WebAuthn registration in the Stytch API. The `webauthn_registration_id` is used when you need to operate on a specific User's WebAuthn registration. - name: The `name` of the WebAuthn registration or Passkey. """ # noqa headers: Dict[str, str] = {} diff --git a/stytch/consumer/models/sessions.py b/stytch/consumer/models/sessions.py index 3b00333..5076dcc 100644 --- a/stytch/consumer/models/sessions.py +++ b/stytch/consumer/models/sessions.py @@ -84,6 +84,11 @@ class AppleOAuthFactor(pydantic.BaseModel): class AuthenticatorAppFactor(pydantic.BaseModel): + """ + Fields: + - totp_id: Globally unique UUID that identifies a TOTP instance. + """ # noqa + totp_id: str @@ -343,7 +348,7 @@ class AuthenticationFactor(pydantic.BaseModel): - microsoft_oauth_factor: Information about the Microsoft OAuth factor, if one is present. - apple_oauth_factor: (no documentation yet) - webauthn_factor: (no documentation yet) - - authenticator_app_factor: (no documentation yet) + - authenticator_app_factor: Information about the TOTP-backed Authenticator App factor, if one is present. - github_oauth_factor: (no documentation yet) - recovery_code_factor: (no documentation yet) - facebook_oauth_factor: (no documentation yet) diff --git a/stytch/version.py b/stytch/version.py index 26ef49a..ec400e6 100644 --- a/stytch/version.py +++ b/stytch/version.py @@ -1 +1 @@ -__version__ = "8.2.0" +__version__ = "8.3.0"