Mark access token as optional for OAuth responses (#199)

Author: jennifer-stytch

stytch/b2b/api/sessions.py

@@ -424,7 +424,7 @@ def migrate(
         session_duration_minutes: Optional[int] = None,
         session_custom_claims: Optional[Dict[str, Any]] = None,
     ) -> MigrateResponse:
-        """Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with a Member in your Organization and create a Stytch Session.
+        """Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing Member in your Organization and create a Stytch Session. You will need to create the member before using this endpoint.
 
         Fields:
           - session_token: The authorization token Stytch will pass in to the external userinfo endpoint.
@@ -465,7 +465,7 @@ async def migrate_async(
         session_duration_minutes: Optional[int] = None,
         session_custom_claims: Optional[Dict[str, Any]] = None,
     ) -> MigrateResponse:
-        """Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with a Member in your Organization and create a Stytch Session.
+        """Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing Member in your Organization and create a Stytch Session. You will need to create the member before using this endpoint.
 
         Fields:
           - session_token: The authorization token Stytch will pass in to the external userinfo endpoint.

stytch/b2b/models/oauth.py

@@ -27,15 +27,15 @@ class AuthenticateRequestLocale(str, enum.Enum):
 class ProviderValues(pydantic.BaseModel):
     """
     Fields:
-      - access_token: The `access_token` that you may use to access the User's data in the provider's API.
       - scopes: The OAuth scopes included for a given provider. See each provider's section above to see which scopes are included by default and how to add custom scopes.
+      - access_token: The `access_token` that you may use to access the User's data in the provider's API.
       - refresh_token: The `refresh_token` that you may use to obtain a new `access_token` for the User within the provider's API.
       - expires_at: (no documentation yet)
       - id_token: The `id_token` returned by the OAuth provider. ID Tokens are JWTs that contain structured information about a user. The exact content of each ID Token varies from provider to provider. ID Tokens are returned from OAuth providers that conform to the [OpenID Connect](https://openid.net/foundation/) specification, which is based on OAuth.
     """  # noqa
 
-    access_token: str
     scopes: List[str]
+    access_token: Optional[str] = None
     refresh_token: Optional[str] = None
     expires_at: Optional[datetime.datetime] = None
     id_token: Optional[str] = None

stytch/b2b/models/organizations_members_oauth_providers.py

@@ -16,19 +16,19 @@ class GoogleResponse(ResponseBase):
     Fields:
       - provider_type: Denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Microsoft, GitHub etc.
       - provider_subject: The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or "Subject field" in OAuth protocols.
-      - access_token: The `access_token` that you may use to access the User's data in the provider's API.
-      - access_token_expires_in: The number of seconds until the access token expires.
       - id_token: The `id_token` returned by the OAuth provider. ID Tokens are JWTs that contain structured information about a user. The exact content of each ID Token varies from provider to provider. ID Tokens are returned from OAuth providers that conform to the [OpenID Connect](https://openid.net/foundation/) specification, which is based on OAuth.
       - scopes: The OAuth scopes included for a given provider. See each provider's section above to see which scopes are included by default and how to add custom scopes.
+      - access_token: The `access_token` that you may use to access the User's data in the provider's API.
+      - access_token_expires_in: The number of seconds until the access token expires.
       - refresh_token: The `refresh_token` that you may use to obtain a new `access_token` for the User within the provider's API.
     """  # noqa
 
     provider_type: str
     provider_subject: str
-    access_token: str
-    access_token_expires_in: int
     id_token: str
     scopes: List[str]
+    access_token: Optional[str] = None
+    access_token_expires_in: Optional[int] = None
     refresh_token: Optional[str] = None
 
 

stytch/b2b/models/scim.py

@@ -27,7 +27,9 @@ class SCIMConnection(pydantic.BaseModel):
     base_url: str
     bearer_token_last_four: str
     scim_group_implicit_role_assignments: List[SCIMGroupImplicitRoleAssignments]
+    next_bearer_token_last_four: str
     bearer_token_expires_at: Optional[datetime.datetime] = None
+    next_bearer_token_expires_at: Optional[datetime.datetime] = None
 
 
 class SCIMConnectionWithNextToken(pydantic.BaseModel):

stytch/version.py

@@ -1 +1 @@
-__version__ = "9.2.0"
+__version__ = "9.3.0"