diff --git a/stytch/b2b/api/discovery_organizations.py b/stytch/b2b/api/discovery_organizations.py index 918be61..5b37844 100644 --- a/stytch/b2b/api/discovery_organizations.py +++ b/stytch/b2b/api/discovery_organizations.py @@ -115,7 +115,7 @@ def create( `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. - The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`. + The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`. - mfa_policy: The setting that controls the MFA policy for all Members in the Organization. The accepted values are: @@ -285,7 +285,7 @@ async def create_async( `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. - The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`. + The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`. - mfa_policy: The setting that controls the MFA policy for all Members in the Organization. The accepted values are: diff --git a/stytch/b2b/api/impersonation.py b/stytch/b2b/api/impersonation.py index 1db2191..feea543 100644 --- a/stytch/b2b/api/impersonation.py +++ b/stytch/b2b/api/impersonation.py @@ -23,11 +23,17 @@ def __init__( def authenticate( self, - token: str, + impersonation_token: str, ) -> AuthenticateResponse: + """Authenticate an impersonation token to impersonate a. This endpoint requires an impersonation token that is not expired or previously used. + A Stytch session will be created for the impersonated member with a 60 minute duration. Impersonated sessions cannot be extended. + + Fields: + - impersonation_token: The User Impersonation token to authenticate. + """ # noqa headers: Dict[str, str] = {} data: Dict[str, Any] = { - "token": token, + "impersonation_token": impersonation_token, } url = self.api_base.url_for("/v1/b2b/impersonation/authenticate", data) @@ -36,11 +42,17 @@ def authenticate( async def authenticate_async( self, - token: str, + impersonation_token: str, ) -> AuthenticateResponse: + """Authenticate an impersonation token to impersonate a. This endpoint requires an impersonation token that is not expired or previously used. + A Stytch session will be created for the impersonated member with a 60 minute duration. Impersonated sessions cannot be extended. + + Fields: + - impersonation_token: The User Impersonation token to authenticate. + """ # noqa headers: Dict[str, str] = {} data: Dict[str, Any] = { - "token": token, + "impersonation_token": impersonation_token, } url = self.api_base.url_for("/v1/b2b/impersonation/authenticate", data) diff --git a/stytch/b2b/api/organizations.py b/stytch/b2b/api/organizations.py index a9da8c7..c64da1b 100644 --- a/stytch/b2b/api/organizations.py +++ b/stytch/b2b/api/organizations.py @@ -103,7 +103,7 @@ def create( `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. - The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`. + The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`. - mfa_policy: The setting that controls the MFA policy for all Members in the Organization. The accepted values are: @@ -239,7 +239,7 @@ async def create_async( `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. - The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`. + The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`. - mfa_policy: The setting that controls the MFA policy for all Members in the Organization. The accepted values are: @@ -439,7 +439,7 @@ def update( If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource. - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. - The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`. + The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`. If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource. @@ -627,7 +627,7 @@ async def update_async( If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource. - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. - The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`. + The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`. If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource. diff --git a/stytch/b2b/models/impersonation.py b/stytch/b2b/models/impersonation.py index 195bbba..903fd6e 100644 --- a/stytch/b2b/models/impersonation.py +++ b/stytch/b2b/models/impersonation.py @@ -15,6 +15,20 @@ class AuthenticateResponse(ResponseBase): + """Response type for `Impersonation.authenticate`. + Fields: + - member_id: Globally unique UUID that identifies a specific Member. + - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. + - member: The [Member object](https://stytch.com/docs/b2b/api/member-object) + - session_token: A secret token for a given Stytch Session. + - session_jwt: The JSON Web Token (JWT) for a given Stytch Session. + - organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object). + - intermediate_session_token: Successfully authenticating an impersonation token will never result in an intermediate session. If the token is valid, a full session will be created. + - member_authenticated: The member will always be fully authenticated if an impersonation token is successfully authenticated. + - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object) for the impersonated Member. + - mfa_required: MFA will not be required when authenticating impersonation tokens. + """ # noqa + member_id: str organization_id: str member: Member diff --git a/stytch/b2b/models/organizations.py b/stytch/b2b/models/organizations.py index 5bb6429..71b9454 100644 --- a/stytch/b2b/models/organizations.py +++ b/stytch/b2b/models/organizations.py @@ -282,7 +282,7 @@ class Organization(pydantic.BaseModel): `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. - allowed_auth_methods: An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. - The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`. + The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`. - mfa_policy: (no documentation yet) - rbac_email_implicit_role_assignments: Implicit role assignments based off of email domains. diff --git a/stytch/consumer/models/sessions.py b/stytch/consumer/models/sessions.py index 9f2968c..5c96f58 100644 --- a/stytch/consumer/models/sessions.py +++ b/stytch/consumer/models/sessions.py @@ -198,6 +198,12 @@ class HubspotOAuthFactor(pydantic.BaseModel): class ImpersonatedFactor(pydantic.BaseModel): + """ + Fields: + - impersonator_id: The unique UUID of the impersonator. For impersonation sessions initiated via the Stytch dashboard, the `impersonator_id` will be the impersonator's Stytch workspace id. + - impersonator_email_address: The email address of the impersonator. + """ # noqa + impersonator_id: str impersonator_email_address: str @@ -408,7 +414,7 @@ class AuthenticationFactor(pydantic.BaseModel): - hubspot_oauth_exchange_factor: (no documentation yet) - github_oauth_exchange_factor: (no documentation yet) - google_oauth_exchange_factor: (no documentation yet) - - impersonated_factor: (no documentation yet) + - impersonated_factor: Information about the impersonated factor, if one is present. """ # noqa type: AuthenticationFactorType diff --git a/stytch/version.py b/stytch/version.py index 59c3246..e4400ae 100644 --- a/stytch/version.py +++ b/stytch/version.py @@ -1 +1 @@ -__version__ = "12.2.0" +__version__ = "12.3.0"