# frozen_string_literal: true # !!! # WARNING: This file is autogenerated # Only modify code within MANUAL() sections # or your changes may be overwritten later! # !!! require_relative 'request_helper' module StytchB2B class Organizations class UpdateRequestOptions # Optional authorization object. # Pass in an active Stytch Member session token or session JWT and the request # will be run using that member's permissions. attr_accessor :authorization def initialize( authorization: nil ) @authorization = authorization end def to_headers headers = {} headers.merge!(@authorization.to_headers) if authorization headers end end class DeleteRequestOptions # Optional authorization object. # Pass in an active Stytch Member session token or session JWT and the request # will be run using that member's permissions. attr_accessor :authorization def initialize( authorization: nil ) @authorization = authorization end def to_headers headers = {} headers.merge!(@authorization.to_headers) if authorization headers end end include Stytch::RequestHelper attr_reader :members def initialize(connection) @connection = connection @members = StytchB2B::Organizations::Members.new(@connection) end # Creates an. An `organization_name` and a unique `organization_slug` are required. # # By default, `email_invites` and `sso_jit_provisioning` will be set to `ALL_ALLOWED`, and `mfa_policy` will be set to `OPTIONAL` if no Organization authentication settings are explicitly defined in the request. # # *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors. # # == Parameters: # organization_name:: # The name of the Organization. Must be between 1 and 128 characters in length. # The type of this field is +String+. # organization_slug:: # The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length. # The type of this field is nilable +String+. # organization_logo_url:: # The image URL of the Organization logo. # The type of this field is nilable +String+. # trusted_metadata:: # An arbitrary JSON object for storing application-specific data or identity-provider-specific data. # The type of this field is nilable +object+. # sso_jit_provisioning:: # The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are: # # `ALL_ALLOWED` – new Members will be automatically provisioned upon successful authentication via any of the Organization's `sso_active_connections`. # # `RESTRICTED` – only new Members with SSO logins that comply with `sso_jit_provisioning_allowed_connections` can be provisioned upon authentication. # # `NOT_ALLOWED` – disable JIT provisioning via SSO. # # The type of this field is nilable +String+. # email_allowed_domains:: # An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`. # # # Common domains such as `gmail.com` are not allowed. See the [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list. # The type of this field is nilable list of +String+. # email_jit_provisioning:: # The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are: # # `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth. # # `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth. # # The type of this field is nilable +String+. # email_invites:: # The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are: # # `ALL_ALLOWED` – any new Member can be invited to join via email. # # `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be invited via email. # # `NOT_ALLOWED` – disable email invites. # # The type of this field is nilable +String+. # auth_methods:: # The setting that controls which authentication methods can be used by Members of an Organization. The accepted values are: # # `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. # # `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. # # The type of this field is nilable +String+. # allowed_auth_methods:: # An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. # The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`. # # The type of this field is nilable list of +String+. # mfa_policy:: # The setting that controls the MFA policy for all Members in the Organization. The accepted values are: # # `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid. # # `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true. # # The type of this field is nilable +String+. # rbac_email_implicit_role_assignments:: # Implicit role assignments based off of email domains. # For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the # associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) # for more information about role assignment. # The type of this field is nilable list of +EmailImplicitRoleAssignment+ (+object+). # mfa_methods:: # The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are: # # `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. # # `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. # # The type of this field is nilable +String+. # allowed_mfa_methods:: # An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`. # The list's accepted values are: `sms_otp` and `totp`. # # The type of this field is nilable list of +String+. # oauth_tenant_jit_provisioning:: # The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are: # # `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant. # # `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant. # # The type of this field is nilable +String+. # allowed_oauth_tenants:: # A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot". # The type of this field is nilable +object+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # organization:: # The [Organization object](https://stytch.com/docs/b2b/api/organization-object). # The type of this field is +Organization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def create( organization_name:, organization_slug: nil, organization_logo_url: nil, trusted_metadata: nil, sso_jit_provisioning: nil, email_allowed_domains: nil, email_jit_provisioning: nil, email_invites: nil, auth_methods: nil, allowed_auth_methods: nil, mfa_policy: nil, rbac_email_implicit_role_assignments: nil, mfa_methods: nil, allowed_mfa_methods: nil, oauth_tenant_jit_provisioning: nil, allowed_oauth_tenants: nil ) headers = {} request = { organization_name: organization_name } request[:organization_slug] = organization_slug unless organization_slug.nil? request[:organization_logo_url] = organization_logo_url unless organization_logo_url.nil? request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? request[:sso_jit_provisioning] = sso_jit_provisioning unless sso_jit_provisioning.nil? request[:email_allowed_domains] = email_allowed_domains unless email_allowed_domains.nil? request[:email_jit_provisioning] = email_jit_provisioning unless email_jit_provisioning.nil? request[:email_invites] = email_invites unless email_invites.nil? request[:auth_methods] = auth_methods unless auth_methods.nil? request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil? request[:mfa_policy] = mfa_policy unless mfa_policy.nil? request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil? request[:mfa_methods] = mfa_methods unless mfa_methods.nil? request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil? request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil? request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil? post_request('/v1/b2b/organizations', request, headers) end # Returns an specified by `organization_id`. # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # organization:: # The [Organization object](https://stytch.com/docs/b2b/api/organization-object). # The type of this field is +Organization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def get( organization_id: ) headers = {} query_params = {} request = request_with_query_params("/v1/b2b/organizations/#{organization_id}", query_params) get_request(request, headers) end # Updates an specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members. # # *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors. # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # organization_name:: # The name of the Organization. Must be between 1 and 128 characters in length. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.name` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # organization_slug:: # The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.slug` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # organization_logo_url:: # The image URL of the Organization logo. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.logo-url` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # trusted_metadata:: # An arbitrary JSON object for storing application-specific data or identity-provider-specific data. # If a session header is passed into the request, this field may **not** be passed into the request. You cannot # update trusted metadata when acting as a Member. # The type of this field is nilable +object+. # sso_default_connection_id:: # The default connection used for SSO when there are multiple active connections. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.default-sso-connection` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # sso_jit_provisioning:: # The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are: # # `ALL_ALLOWED` – new Members will be automatically provisioned upon successful authentication via any of the Organization's `sso_active_connections`. # # `RESTRICTED` – only new Members with SSO logins that comply with `sso_jit_provisioning_allowed_connections` can be provisioned upon authentication. # # `NOT_ALLOWED` – disable JIT provisioning via SSO. # # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.sso-jit-provisioning` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # sso_jit_provisioning_allowed_connections:: # An array of `connection_id`s that reference [SAML Connection objects](https://stytch.com/docs/b2b/api/saml-connection-object). # Only these connections will be allowed to JIT provision Members via SSO when `sso_jit_provisioning` is set to `RESTRICTED`. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.sso-jit-provisioning` action on the `stytch.organization` Resource. # The type of this field is nilable list of +String+. # email_allowed_domains:: # An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`. # # # Common domains such as `gmail.com` are not allowed. See the [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-domains` action on the `stytch.organization` Resource. # The type of this field is nilable list of +String+. # email_jit_provisioning:: # The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are: # # `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth. # # `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth. # # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.email-jit-provisioning` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # email_invites:: # The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are: # # `ALL_ALLOWED` – any new Member can be invited to join via email. # # `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be invited via email. # # `NOT_ALLOWED` – disable email invites. # # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.email-invites` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # auth_methods:: # The setting that controls which authentication methods can be used by Members of an Organization. The accepted values are: # # `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. # # `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. # # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # allowed_auth_methods:: # An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. # The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`. # # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource. # The type of this field is nilable list of +String+. # mfa_policy:: # The setting that controls the MFA policy for all Members in the Organization. The accepted values are: # # `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid. # # `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true. # # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.mfa-policy` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # rbac_email_implicit_role_assignments:: # Implicit role assignments based off of email domains. # For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the # associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) # for more information about role assignment. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.implicit-roles` action on the `stytch.organization` Resource. # The type of this field is nilable list of +EmailImplicitRoleAssignment+. # mfa_methods:: # The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are: # # `ALL_ALLOWED` – the default setting which allows all authentication methods to be used. # # `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`. # # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # allowed_mfa_methods:: # An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`. # The list's accepted values are: `sms_otp` and `totp`. # # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource. # The type of this field is nilable list of +String+. # oauth_tenant_jit_provisioning:: # The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are: # # `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant. # # `NOT_ALLOWED` – disable JIT provisioning by OAuth Tenant. # # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.oauth-tenant-jit-provisioning` action on the `stytch.organization` Resource. # The type of this field is nilable +String+. # allowed_oauth_tenants:: # A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack" and "hubspot". # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-oauth-tenants` action on the `stytch.organization` Resource. # The type of this field is nilable +object+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # organization:: # The [Organization object](https://stytch.com/docs/b2b/api/organization-object). # The type of this field is +Organization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. # # == Method Options: # This method supports an optional +StytchB2B::Organizations::UpdateRequestOptions+ object which will modify the headers sent in the HTTP request. def update( organization_id:, organization_name: nil, organization_slug: nil, organization_logo_url: nil, trusted_metadata: nil, sso_default_connection_id: nil, sso_jit_provisioning: nil, sso_jit_provisioning_allowed_connections: nil, email_allowed_domains: nil, email_jit_provisioning: nil, email_invites: nil, auth_methods: nil, allowed_auth_methods: nil, mfa_policy: nil, rbac_email_implicit_role_assignments: nil, mfa_methods: nil, allowed_mfa_methods: nil, oauth_tenant_jit_provisioning: nil, allowed_oauth_tenants: nil, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? request = {} request[:organization_name] = organization_name unless organization_name.nil? request[:organization_slug] = organization_slug unless organization_slug.nil? request[:organization_logo_url] = organization_logo_url unless organization_logo_url.nil? request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? request[:sso_default_connection_id] = sso_default_connection_id unless sso_default_connection_id.nil? request[:sso_jit_provisioning] = sso_jit_provisioning unless sso_jit_provisioning.nil? request[:sso_jit_provisioning_allowed_connections] = sso_jit_provisioning_allowed_connections unless sso_jit_provisioning_allowed_connections.nil? request[:email_allowed_domains] = email_allowed_domains unless email_allowed_domains.nil? request[:email_jit_provisioning] = email_jit_provisioning unless email_jit_provisioning.nil? request[:email_invites] = email_invites unless email_invites.nil? request[:auth_methods] = auth_methods unless auth_methods.nil? request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil? request[:mfa_policy] = mfa_policy unless mfa_policy.nil? request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil? request[:mfa_methods] = mfa_methods unless mfa_methods.nil? request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil? request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil? request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil? put_request("/v1/b2b/organizations/#{organization_id}", request, headers) end # Deletes an specified by `organization_id`. All Members of the Organization will also be deleted. # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. # # == Method Options: # This method supports an optional +StytchB2B::Organizations::DeleteRequestOptions+ object which will modify the headers sent in the HTTP request. def delete( organization_id:, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? delete_request("/v1/b2b/organizations/#{organization_id}", headers) end # Search for Organizations. If you send a request with no body params, no filtering will be applied and the endpoint will return all Organizations. All fuzzy search filters require a minimum of three characters. # # == Parameters: # cursor:: # The `cursor` field allows you to paginate through your results. Each result array is limited to 1000 results. If your query returns more than 1000 results, you will need to paginate the responses using the `cursor`. If you receive a response that includes a non-null `next_cursor` in the `results_metadata` object, repeat the search call with the `next_cursor` value set to the `cursor` field to retrieve the next page of results. Continue to make search calls until the `next_cursor` in the response is null. # The type of this field is nilable +String+. # limit:: # The number of search results to return per page. The default limit is 100. A maximum of 1000 results can be returned by a single search request. If the total size of your result set is greater than one page size, you must paginate the response. See the `cursor` field. # The type of this field is nilable +Integer+. # query:: # The optional query object contains the operator, i.e. `AND` or `OR`, and the operands that will filter your results. Only an operator is required. If you include no operands, no filtering will be applied. If you include no query object, it will return all Organizations with no filtering applied. # The type of this field is nilable +SearchQuery+ (+object+). # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # organizations:: # An array of [Organization objects](https://stytch.com/docs/b2b/api/organization-object). # The type of this field is list of +Organization+ (+object+). # results_metadata:: # The search `results_metadata` object contains metadata relevant to your specific query like `total` and `next_cursor`. # The type of this field is +ResultsMetadata+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def search( cursor: nil, limit: nil, query: nil ) headers = {} request = {} request[:cursor] = cursor unless cursor.nil? request[:limit] = limit unless limit.nil? request[:query] = query unless query.nil? post_request('/v1/b2b/organizations/search', request, headers) end def metrics( organization_id: ) headers = {} query_params = {} request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/metrics", query_params) get_request(request, headers) end class Members class UpdateRequestOptions # Optional authorization object. # Pass in an active Stytch Member session token or session JWT and the request # will be run using that member's permissions. attr_accessor :authorization def initialize( authorization: nil ) @authorization = authorization end def to_headers headers = {} headers.merge!(@authorization.to_headers) if authorization headers end end class DeleteRequestOptions # Optional authorization object. # Pass in an active Stytch Member session token or session JWT and the request # will be run using that member's permissions. attr_accessor :authorization def initialize( authorization: nil ) @authorization = authorization end def to_headers headers = {} headers.merge!(@authorization.to_headers) if authorization headers end end class ReactivateRequestOptions # Optional authorization object. # Pass in an active Stytch Member session token or session JWT and the request # will be run using that member's permissions. attr_accessor :authorization def initialize( authorization: nil ) @authorization = authorization end def to_headers headers = {} headers.merge!(@authorization.to_headers) if authorization headers end end class DeleteMFAPhoneNumberRequestOptions # Optional authorization object. # Pass in an active Stytch Member session token or session JWT and the request # will be run using that member's permissions. attr_accessor :authorization def initialize( authorization: nil ) @authorization = authorization end def to_headers headers = {} headers.merge!(@authorization.to_headers) if authorization headers end end class DeleteTOTPRequestOptions # Optional authorization object. # Pass in an active Stytch Member session token or session JWT and the request # will be run using that member's permissions. attr_accessor :authorization def initialize( authorization: nil ) @authorization = authorization end def to_headers headers = {} headers.merge!(@authorization.to_headers) if authorization headers end end class SearchRequestOptions # Optional authorization object. # Pass in an active Stytch Member session token or session JWT and the request # will be run using that member's permissions. attr_accessor :authorization def initialize( authorization: nil ) @authorization = authorization end def to_headers headers = {} headers.merge!(@authorization.to_headers) if authorization headers end end class DeletePasswordRequestOptions # Optional authorization object. # Pass in an active Stytch Member session token or session JWT and the request # will be run using that member's permissions. attr_accessor :authorization def initialize( authorization: nil ) @authorization = authorization end def to_headers headers = {} headers.merge!(@authorization.to_headers) if authorization headers end end class UnlinkRetiredEmailRequestOptions # Optional authorization object. # Pass in an active Stytch Member session token or session JWT and the request # will be run using that member's permissions. attr_accessor :authorization def initialize( authorization: nil ) @authorization = authorization end def to_headers headers = {} headers.merge!(@authorization.to_headers) if authorization headers end end class CreateRequestOptions # Optional authorization object. # Pass in an active Stytch Member session token or session JWT and the request # will be run using that member's permissions. attr_accessor :authorization def initialize( authorization: nil ) @authorization = authorization end def to_headers headers = {} headers.merge!(@authorization.to_headers) if authorization headers end end include Stytch::RequestHelper attr_reader :oauth_providers def initialize(connection) @connection = connection @oauth_providers = StytchB2B::Organizations::Members::OAuthProviders.new(@connection) end # Updates a specified by `organization_id` and `member_id`. # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. # name:: # The name of the Member. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.name` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.name` action on the `stytch.self` Resource. # The type of this field is nilable +String+. # trusted_metadata:: # An arbitrary JSON object for storing application-specific data or identity-provider-specific data. # If a session header is passed into the request, this field may **not** be passed into the request. You cannot # update trusted metadata when acting as a Member. # The type of this field is nilable +object+. # untrusted_metadata:: # An arbitrary JSON object of application-specific data. These fields can be edited directly by the # frontend SDK, and should not be used to store critical information. See the [Metadata resource](https://stytch.com/docs/b2b/api/metadata) # for complete field behavior details. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.untrusted-metadata` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.untrusted-metadata` action on the `stytch.self` Resource. # The type of this field is nilable +object+. # is_breakglass:: # Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](organization-object) and its `auth_methods` and `allowed_auth_methods` fields for more details. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.is-breakglass` action on the `stytch.member` Resource. # The type of this field is nilable +Boolean+. # mfa_phone_number:: # Sets the Member's phone number. Throws an error if the Member already has a phone number. To change the Member's phone number, use the [Delete member phone number endpoint](https://stytch.com/docs/b2b/api/delete-member-mfa-phone-number) to delete the Member's existing phone number first. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.mfa-phone` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.mfa-phone` action on the `stytch.self` Resource. # The type of this field is nilable +String+. # mfa_enrolled:: # Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.mfa-enrolled` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.mfa-enrolled` action on the `stytch.self` Resource. # The type of this field is nilable +Boolean+. # roles:: # Roles to explicitly assign to this Member. # Will completely replace any existing explicitly assigned roles. See the # [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment. # # If a Role is removed from a Member, and the Member is also implicitly assigned this Role from an SSO connection # or an SSO group, we will by default revoke any existing sessions for the Member that contain any SSO # authentication factors with the affected connection ID. You can preserve these sessions by passing in the # `preserve_existing_sessions` parameter with a value of `true`. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.roles` action on the `stytch.member` Resource. # The type of this field is nilable list of +String+. # preserve_existing_sessions:: # Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned # by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO # authentication factors with the affected SSO connection IDs will be revoked. # The type of this field is nilable +Boolean+. # default_mfa_method:: # Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.default-mfa-method` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.default-mfa-method` action on the `stytch.self` Resource. # The type of this field is nilable +String+. # email_address:: # Updates the Member's `email_address`, if provided. # If a Member's email address is changed, other Members in the same Organization cannot use the old email address, although the Member may update back to their old email address. # A Member's email address can only be useable again by other Members if the Member is deleted. # # If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.email` action on the `stytch.member` Resource. Members cannot update their own email address. # The type of this field is nilable +String+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. # The type of this field is +String+. # member:: # The [Member object](https://stytch.com/docs/b2b/api/member-object) # The type of this field is +Member+ (+object+). # organization:: # The [Organization object](https://stytch.com/docs/b2b/api/organization-object). # The type of this field is +Organization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. # # == Method Options: # This method supports an optional +StytchB2B::Organizations::Members::UpdateRequestOptions+ object which will modify the headers sent in the HTTP request. def update( organization_id:, member_id:, name: nil, trusted_metadata: nil, untrusted_metadata: nil, is_breakglass: nil, mfa_phone_number: nil, mfa_enrolled: nil, roles: nil, preserve_existing_sessions: nil, default_mfa_method: nil, email_address: nil, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? request = {} request[:name] = name unless name.nil? request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil? request[:is_breakglass] = is_breakglass unless is_breakglass.nil? request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil? request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil? request[:roles] = roles unless roles.nil? request[:preserve_existing_sessions] = preserve_existing_sessions unless preserve_existing_sessions.nil? request[:default_mfa_method] = default_mfa_method unless default_mfa_method.nil? request[:email_address] = email_address unless email_address.nil? put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", request, headers) end # Deletes a specified by `organization_id` and `member_id`. # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. # The type of this field is +String+. # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. # # == Method Options: # This method supports an optional +StytchB2B::Organizations::Members::DeleteRequestOptions+ object which will modify the headers sent in the HTTP request. def delete( organization_id:, member_id:, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", headers) end # Reactivates a deleted's status and its associated email status (if applicable) to active, specified by `organization_id` and `member_id`. This endpoint will only work for Members with at least one verified email where their `email_address_verified` is `true`. # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. # The type of this field is +String+. # member:: # The [Member object](https://stytch.com/docs/b2b/api/member-object) # The type of this field is +Member+ (+object+). # organization:: # The [Organization object](https://stytch.com/docs/b2b/api/organization-object). # The type of this field is +Organization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. # # == Method Options: # This method supports an optional +StytchB2B::Organizations::Members::ReactivateRequestOptions+ object which will modify the headers sent in the HTTP request. def reactivate( organization_id:, member_id:, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? request = {} put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/reactivate", request, headers) end # Delete a's MFA phone number. # # To change a Member's phone number, you must first call this endpoint to delete the existing phone number. # # Existing Member Sessions that include a phone number authentication factor will not be revoked if the phone number is deleted, and MFA will not be enforced until the Member logs in again. # If you wish to enforce MFA immediately after a phone number is deleted, you can do so by prompting the Member to enter a new phone number # and calling the [OTP SMS send](https://stytch.com/docs/b2b/api/otp-sms-send) endpoint, then calling the [OTP SMS Authenticate](https://stytch.com/docs/b2b/api/authenticate-otp-sms) endpoint. # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. # The type of this field is +String+. # member:: # The [Member object](https://stytch.com/docs/b2b/api/member-object) # The type of this field is +Member+ (+object+). # organization:: # The [Organization object](https://stytch.com/docs/b2b/api/organization-object). # The type of this field is +Organization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. # # == Method Options: # This method supports an optional +StytchB2B::Organizations::Members::DeleteMFAPhoneNumberRequestOptions+ object which will modify the headers sent in the HTTP request. def delete_mfa_phone_number( organization_id:, member_id:, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? delete_request("/v1/b2b/organizations/#{organization_id}/members/mfa_phone_numbers/#{member_id}", headers) end # Delete a Member's MFA TOTP registration. # # To mint a new registration for a Member, you must first call this endpoint to delete the existing registration. # # Existing Member Sessions that include the TOTP authentication factor will not be revoked if the registration is deleted, and MFA will not be enforced until the Member logs in again. # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. # The type of this field is +String+. # member:: # The [Member object](https://stytch.com/docs/b2b/api/member-object) # The type of this field is +Member+ (+object+). # organization:: # The [Organization object](https://stytch.com/docs/b2b/api/organization-object). # The type of this field is +Organization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. # # == Method Options: # This method supports an optional +StytchB2B::Organizations::Members::DeleteTOTPRequestOptions+ object which will modify the headers sent in the HTTP request. def delete_totp( organization_id:, member_id:, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/totp", headers) end # Search for Members within specified Organizations. An array with at least one `organization_id` is required. Submitting an empty `query` returns all non-deleted Members within the specified Organizations. # # *All fuzzy search filters require a minimum of three characters. # # == Parameters: # organization_ids:: # An array of organization_ids. At least one value is required. # The type of this field is list of +String+. # cursor:: # The `cursor` field allows you to paginate through your results. Each result array is limited to 1000 results. If your query returns more than 1000 results, you will need to paginate the responses using the `cursor`. If you receive a response that includes a non-null `next_cursor` in the `results_metadata` object, repeat the search call with the `next_cursor` value set to the `cursor` field to retrieve the next page of results. Continue to make search calls until the `next_cursor` in the response is null. # The type of this field is nilable +String+. # limit:: # The number of search results to return per page. The default limit is 100. A maximum of 1000 results can be returned by a single search request. If the total size of your result set is greater than one page size, you must paginate the response. See the `cursor` field. # The type of this field is nilable +Integer+. # query:: # The optional query object contains the operator, i.e. `AND` or `OR`, and the operands that will filter your results. Only an operator is required. If you include no operands, no filtering will be applied. If you include no query object, it will return all Members with no filtering applied. # The type of this field is nilable +SearchQuery+ (+object+). # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # members:: # An array of [Member objects](member-object). # The type of this field is list of +Member+ (+object+). # results_metadata:: # The search `results_metadata` object contains metadata relevant to your specific query like `total` and `next_cursor`. # The type of this field is +ResultsMetadata+ (+object+). # organizations:: # A map from `organization_id` to [Organization object](https://stytch.com/docs/b2b/api/organization-object). The map only contains the Organizations that the Members belongs to. # The type of this field is map of +String+ to +Organization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. # # == Method Options: # This method supports an optional +StytchB2B::Organizations::Members::SearchRequestOptions+ object which will modify the headers sent in the HTTP request. def search( organization_ids:, cursor: nil, limit: nil, query: nil, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? request = { organization_ids: organization_ids } request[:cursor] = cursor unless cursor.nil? request[:limit] = limit unless limit.nil? request[:query] = query unless query.nil? post_request('/v1/b2b/organizations/members/search', request, headers) end # Delete a's password. # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # member_password_id:: # Globally unique UUID that identifies a Member's password. # The type of this field is +String+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. # The type of this field is +String+. # member:: # The [Member object](https://stytch.com/docs/b2b/api/member-object) # The type of this field is +Member+ (+object+). # organization:: # The [Organization object](https://stytch.com/docs/b2b/api/organization-object). # The type of this field is +Organization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. # # == Method Options: # This method supports an optional +StytchB2B::Organizations::Members::DeletePasswordRequestOptions+ object which will modify the headers sent in the HTTP request. def delete_password( organization_id:, member_password_id:, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? delete_request("/v1/b2b/organizations/#{organization_id}/members/passwords/#{member_password_id}", headers) end # Get a Member by `member_id`. This endpoint does not require an `organization_id`, enabling you to get members across organizations. This is a dangerous operation. Incorrect use may open you up to indirect object reference (IDOR) attacks. We recommend using the [Get Member](https://stytch.com/docs/b2b/api/get-member) API instead. # # == Parameters: # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. # The type of this field is +String+. # member:: # The [Member object](https://stytch.com/docs/b2b/api/member-object) # The type of this field is +Member+ (+object+). # organization:: # The [Organization object](https://stytch.com/docs/b2b/api/organization-object). # The type of this field is +Organization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def dangerously_get( member_id: ) headers = {} query_params = {} request = request_with_query_params("/v1/b2b/organizations/members/dangerously_get/#{member_id}", query_params) get_request(request, headers) end def oidc_providers( organization_id:, member_id:, include_refresh_token: nil ) headers = {} query_params = { include_refresh_token: include_refresh_token } request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/oidc_providers", query_params) get_request(request, headers) end # Unlinks a retired email address from a specified by their `organization_id` and `member_id`. The email address # to be retired can be identified in the request body by either its `email_id`, its `email_address`, or both. If using # both identifiers they must refer to the same email. # # A previously active email address can be marked as retired in one of two ways: # # - It's replaced with a new primary email address during an explicit Member update. # - A new email address is surfaced by an OAuth, SAML or OIDC provider. In this case the new email address becomes the # Member's primary email address and the old primary email address is retired. # # A retired email address cannot be used by other Members in the same Organization. However, unlinking retired email # addresses allows them to be subsequently re-used by other Organization Members. Retired email addresses can be viewed # on the [Member object](https://stytch.com/docs/b2b/api/member-object). # %} # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. # email_id:: # The globally unique UUID of a Member's email. # The type of this field is nilable +String+. # email_address:: # The email address of the Member. # The type of this field is nilable +String+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. # The type of this field is +String+. # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # member:: # The [Member object](https://stytch.com/docs/b2b/api/member-object) # The type of this field is +Member+ (+object+). # organization:: # The [Organization object](https://stytch.com/docs/b2b/api/organization-object). # The type of this field is +Organization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. # # == Method Options: # This method supports an optional +StytchB2B::Organizations::Members::UnlinkRetiredEmailRequestOptions+ object which will modify the headers sent in the HTTP request. def unlink_retired_email( organization_id:, member_id:, email_id: nil, email_address: nil, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? request = {} request[:email_id] = email_id unless email_id.nil? request[:email_address] = email_address unless email_address.nil? post_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/unlink_retired_email", request, headers) end # Creates a. An `organization_id` and `email_address` are required. # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # email_address:: # The email address of the Member. # The type of this field is +String+. # name:: # The name of the Member. # The type of this field is nilable +String+. # trusted_metadata:: # An arbitrary JSON object for storing application-specific data or identity-provider-specific data. # The type of this field is nilable +object+. # untrusted_metadata:: # An arbitrary JSON object of application-specific data. These fields can be edited directly by the # frontend SDK, and should not be used to store critical information. See the [Metadata resource](https://stytch.com/docs/b2b/api/metadata) # for complete field behavior details. # The type of this field is nilable +object+. # create_member_as_pending:: # Flag for whether or not to save a Member as `pending` or `active` in Stytch. It defaults to false. If true, new Members will be created with status `pending` in Stytch's backend. Their status will remain `pending` and they will continue to receive signup email templates for every Email Magic Link until that Member authenticates and becomes `active`. If false, new Members will be created with status `active`. # The type of this field is nilable +Boolean+. # is_breakglass:: # Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](organization-object) and its `auth_methods` and `allowed_auth_methods` fields for more details. # The type of this field is nilable +Boolean+. # mfa_phone_number:: # The Member's phone number. A Member may only have one phone number. # The type of this field is nilable +String+. # mfa_enrolled:: # Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`. # The type of this field is nilable +Boolean+. # roles:: # Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) # for more information about role assignment. # The type of this field is nilable list of +String+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. # The type of this field is +String+. # member:: # The [Member object](https://stytch.com/docs/b2b/api/member-object) # The type of this field is +Member+ (+object+). # organization:: # The [Organization object](https://stytch.com/docs/b2b/api/organization-object). # The type of this field is +Organization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. # # == Method Options: # This method supports an optional +StytchB2B::Organizations::Members::CreateRequestOptions+ object which will modify the headers sent in the HTTP request. def create( organization_id:, email_address:, name: nil, trusted_metadata: nil, untrusted_metadata: nil, create_member_as_pending: nil, is_breakglass: nil, mfa_phone_number: nil, mfa_enrolled: nil, roles: nil, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? request = { email_address: email_address } request[:name] = name unless name.nil? request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil? request[:create_member_as_pending] = create_member_as_pending unless create_member_as_pending.nil? request[:is_breakglass] = is_breakglass unless is_breakglass.nil? request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil? request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil? request[:roles] = roles unless roles.nil? post_request("/v1/b2b/organizations/#{organization_id}/members", request, headers) end # Get a Member by `member_id` or `email_address`. # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is nilable +String+. # email_address:: # The email address of the Member. # The type of this field is nilable +String+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. # The type of this field is +String+. # member:: # The [Member object](https://stytch.com/docs/b2b/api/member-object) # The type of this field is +Member+ (+object+). # organization:: # The [Organization object](https://stytch.com/docs/b2b/api/organization-object). # The type of this field is +Organization+ (+object+). # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. def get( organization_id:, member_id: nil, email_address: nil ) headers = {} query_params = { member_id: member_id, email_address: email_address } request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/member", query_params) get_request(request, headers) end class OAuthProviders include Stytch::RequestHelper def initialize(connection) @connection = connection end # Retrieve the saved Google access token and ID token for a member. After a successful OAuth login, Stytch will save the # issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch will refresh the # access token automatically. # # Google One Tap does not return access tokens. If the member has only authenticated through Google One Tap and not through a regular Google OAuth flow, this endpoint will not return any tokens. # # __Note:__ Google does not issue a refresh token on every login, and refresh tokens may expire if unused. # To force a refresh token to be issued, pass the `?provider_prompt=consent` query param into the # [Start Google OAuth flow](https://stytch.com/docs/b2b/api/oauth-google-start) endpoint. # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. # include_refresh_token:: # Whether to return the refresh token Stytch has stored for the OAuth Provider. Defaults to false. **Important:** If your application exchanges the refresh token, Stytch may not be able to automatically refresh access tokens in the future. # The type of this field is nilable +Boolean+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # provider_type:: # Denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Microsoft, GitHub etc. # The type of this field is +String+. # provider_subject:: # The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or "Subject field" in OAuth protocols. # The type of this field is +String+. # id_token:: # The `id_token` returned by the OAuth provider. ID Tokens are JWTs that contain structured information about a user. The exact content of each ID Token varies from provider to provider. ID Tokens are returned from OAuth providers that conform to the [OpenID Connect](https://openid.net/foundation/) specification, which is based on OAuth. # The type of this field is +String+. # scopes:: # The OAuth scopes included for a given provider. See each provider's section above to see which scopes are included by default and how to add custom scopes. # The type of this field is list of +String+. # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. # access_token:: # The `access_token` that you may use to access the User's data in the provider's API. # The type of this field is nilable +String+. # access_token_expires_in:: # The number of seconds until the access token expires. # The type of this field is nilable +Integer+. # refresh_token:: # The `refresh_token` that you may use to obtain a new `access_token` for the User within the provider's API. # The type of this field is nilable +String+. def google( organization_id:, member_id:, include_refresh_token: nil ) headers = {} query_params = { include_refresh_token: include_refresh_token } request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/oauth_providers/google", query_params) get_request(request, headers) end # Retrieve the saved Microsoft access token and ID token for a member. After a successful OAuth login, Stytch will save the # issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch will refresh the # access token automatically. # # == Parameters: # organization_id:: # Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. # The type of this field is +String+. # member_id:: # Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. # The type of this field is +String+. # include_refresh_token:: # Whether to return the refresh token Stytch has stored for the OAuth Provider. Defaults to false. **Important:** If your application exchanges the refresh token, Stytch may not be able to automatically refresh access tokens in the future. # The type of this field is nilable +Boolean+. # # == Returns: # An object with the following fields: # request_id:: # Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. # The type of this field is +String+. # provider_type:: # Denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Microsoft, GitHub etc. # The type of this field is +String+. # provider_subject:: # The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or "Subject field" in OAuth protocols. # The type of this field is +String+. # access_token:: # The `access_token` that you may use to access the User's data in the provider's API. # The type of this field is +String+. # access_token_expires_in:: # The number of seconds until the access token expires. # The type of this field is +Integer+. # id_token:: # The `id_token` returned by the OAuth provider. ID Tokens are JWTs that contain structured information about a user. The exact content of each ID Token varies from provider to provider. ID Tokens are returned from OAuth providers that conform to the [OpenID Connect](https://openid.net/foundation/) specification, which is based on OAuth. # The type of this field is +String+. # scopes:: # The OAuth scopes included for a given provider. See each provider's section above to see which scopes are included by default and how to add custom scopes. # The type of this field is list of +String+. # status_code:: # The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. # The type of this field is +Integer+. # refresh_token:: # The `refresh_token` that you may use to obtain a new `access_token` for the User within the provider's API. # The type of this field is nilable +String+. def microsoft( organization_id:, member_id:, include_refresh_token: nil ) headers = {} query_params = { include_refresh_token: include_refresh_token } request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/oauth_providers/microsoft", query_params) get_request(request, headers) end end end end end