merge

stytch/b2b/api/discovery_organizations.py

@@ -115,7 +115,7 @@ def create(
           `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
 
           - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-          The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+          The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
           - mfa_policy: The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
 
@@ -285,7 +285,7 @@ async def create_async(
           `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
 
           - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-          The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+          The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
           - mfa_policy: The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
 

stytch/b2b/api/impersonation.py

@@ -23,11 +23,17 @@ def __init__(
 
     def authenticate(
         self,
-        token: str,
+        impersonation_token: str,
     ) -> AuthenticateResponse:
+        """Authenticate an impersonation token to impersonate a. This endpoint requires an impersonation token that is not expired or previously used.
+        A Stytch session will be created for the impersonated member with a 60 minute duration. Impersonated sessions cannot be extended.
+
+        Fields:
+          - impersonation_token: The User Impersonation token to authenticate.
+        """  # noqa
         headers: Dict[str, str] = {}
         data: Dict[str, Any] = {
-            "token": token,
+            "impersonation_token": impersonation_token,
         }
 
         url = self.api_base.url_for("/v1/b2b/impersonation/authenticate", data)
@@ -36,11 +42,17 @@ def authenticate(
 
     async def authenticate_async(
         self,
-        token: str,
+        impersonation_token: str,
     ) -> AuthenticateResponse:
+        """Authenticate an impersonation token to impersonate a. This endpoint requires an impersonation token that is not expired or previously used.
+        A Stytch session will be created for the impersonated member with a 60 minute duration. Impersonated sessions cannot be extended.
+
+        Fields:
+          - impersonation_token: The User Impersonation token to authenticate.
+        """  # noqa
         headers: Dict[str, str] = {}
         data: Dict[str, Any] = {
-            "token": token,
+            "impersonation_token": impersonation_token,
         }
 
         url = self.api_base.url_for("/v1/b2b/impersonation/authenticate", data)

stytch/b2b/api/organizations.py

@@ -103,7 +103,7 @@ def create(
           `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
 
           - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-          The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+          The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
           - mfa_policy: The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
 
@@ -239,7 +239,7 @@ async def create_async(
           `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
 
           - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-          The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+          The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
           - mfa_policy: The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
 
@@ -439,7 +439,7 @@ def update(
 
         If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
           - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-          The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+          The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
 
         If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
@@ -627,7 +627,7 @@ async def update_async(
 
         If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
           - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-          The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+          The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
 
         If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.

stytch/b2b/models/impersonation.py

@@ -15,6 +15,20 @@
 
 
 class AuthenticateResponse(ResponseBase):
+    """Response type for `Impersonation.authenticate`.
+    Fields:
+      - member_id: Globally unique UUID that identifies a specific Member.
+      - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
+      - member: The [Member object](https://stytch.com/docs/b2b/api/member-object)
+      - session_token: A secret token for a given Stytch Session.
+      - session_jwt: The JSON Web Token (JWT) for a given Stytch Session.
+      - organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
+      - intermediate_session_token: Successfully authenticating an impersonation token will never result in an intermediate session. If the token is valid, a full session will be created.
+      - member_authenticated: The member will always be fully authenticated if an impersonation token is successfully authenticated.
+      - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object) for the impersonated Member.
+      - mfa_required: MFA will not be required when authenticating impersonation tokens.
+    """  # noqa
+
     member_id: str
     organization_id: str
     member: Member

stytch/b2b/models/organizations.py

@@ -282,7 +282,7 @@ class Organization(pydantic.BaseModel):
       `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
 
       - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
-      The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
+      The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
 
       - mfa_policy: (no documentation yet)
       - rbac_email_implicit_role_assignments: Implicit role assignments based off of email domains.

stytch/consumer/models/sessions.py

@@ -198,6 +198,12 @@ class HubspotOAuthFactor(pydantic.BaseModel):
 
 
 class ImpersonatedFactor(pydantic.BaseModel):
+    """
+    Fields:
+      - impersonator_id: The unique UUID of the impersonator. For impersonation sessions initiated via the Stytch dashboard, the `impersonator_id` will be the impersonator's Stytch workspace id.
+      - impersonator_email_address: The email address of the impersonator.
+    """  # noqa
+
     impersonator_id: str
     impersonator_email_address: str
 
@@ -408,7 +414,7 @@ class AuthenticationFactor(pydantic.BaseModel):
       - hubspot_oauth_exchange_factor: (no documentation yet)
       - github_oauth_exchange_factor: (no documentation yet)
       - google_oauth_exchange_factor: (no documentation yet)
-      - impersonated_factor: (no documentation yet)
+      - impersonated_factor: Information about the impersonated factor, if one is present.
     """  # noqa
 
     type: AuthenticationFactorType

stytch/version.py

@@ -1 +1 @@
-__version__ = "12.2.0"
+__version__ = "12.3.0"