Add B2B step-up fields (#303)

stytchauth · Mar 11, 2024 · db86178 · db86178
1 parent aabbc3c
commit db86178
Show file tree

Hide file tree

Showing 33 changed files with 107 additions and 46 deletions.
diff --git a/dist/b2b/sessions.js b/dist/b2b/sessions.js
diff --git a/lib/b2b/discovery.ts b/lib/b2b/discovery.ts
@@ -10,6 +10,7 @@ import { IntermediateSessions } from "./discovery_intermediate_sessions";
 import { Member, Organization } from "./organizations";
 import { MfaRequired } from "./mfa";
 import { Organizations } from "./discovery_organizations";
+import { PrimaryRequired } from "./sessions";
 
 export interface DiscoveredOrganization {
   /**
@@ -40,17 +41,6 @@ export interface Membership {
   member?: Member;
 }
 
-export interface PrimaryRequired {
-  /**
-   * If non-empty, indicates that the Organization restricts the authentication methods it allows for login
-   * (such as `sso` or `password`), and the end user must complete one of those authentication methods to log
-   * in. If empty, indicates that the Organization does not restrict the authentication method it allows for
-   * login, but the end user does not have any transferrable primary factors. Only email magic link and OAuth
-   * factors can be transferred between Organizations.
-   */
-  allowed_auth_methods: string[];
-}
-
 export class Discovery {
   private fetchConfig: fetchConfig;
   intermediateSessions: IntermediateSessions;

diff --git a/lib/b2b/discovery_intermediate_sessions.ts b/lib/b2b/discovery_intermediate_sessions.ts
@@ -7,7 +7,7 @@
 import {} from "../shared/method_options";
 import { fetchConfig } from "../shared";
 import { Member, Organization } from "./organizations";
-import { MemberSession } from "./sessions";
+import { MemberSession, PrimaryRequired } from "./sessions";
 import { MfaRequired } from "./mfa";
 import { request } from "../shared";
 
@@ -124,6 +124,7 @@ export interface B2BDiscoveryIntermediateSessionsExchangeResponse {
   member_session?: MemberSession;
   // Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
   mfa_required?: MfaRequired;
+  primary_required?: PrimaryRequired;
 }
 
 export class IntermediateSessions {

diff --git a/lib/b2b/discovery_organizations.ts b/lib/b2b/discovery_organizations.ts
@@ -12,7 +12,7 @@ import {
   Organization,
 } from "./organizations";
 import { fetchConfig } from "../shared";
-import { MemberSession } from "./sessions";
+import { MemberSession, PrimaryRequired } from "./sessions";
 import { MfaRequired } from "./mfa";
 import { request } from "../shared";
 
@@ -232,6 +232,7 @@ export interface B2BDiscoveryOrganizationsCreateResponse {
   organization?: Organization;
   // Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
   mfa_required?: MfaRequired;
+  primary_required?: PrimaryRequired;
 }
 
 // Request type for `discovery.organizations.list`.

diff --git a/lib/b2b/index.ts b/lib/b2b/index.ts
@@ -88,6 +88,7 @@ export type {
   AuthorizationCheck,
   AuthorizationVerdict,
   MemberSession,
+  PrimaryRequired,
   B2BSessionsAuthenticateRequest,
   B2BSessionsAuthenticateResponse,
   B2BSessionsExchangeRequest,
@@ -118,11 +119,7 @@ export type {
   B2BTOTPsMigrateResponse,
 } from "./totps";
 
-export type {
-  DiscoveredOrganization,
-  Membership,
-  PrimaryRequired,
-} from "./discovery";
+export type { DiscoveredOrganization, Membership } from "./discovery";
 
 export type {
   B2BDiscoveryIntermediateSessionsExchangeRequest,

diff --git a/lib/b2b/magic_links.ts b/lib/b2b/magic_links.ts
@@ -78,6 +78,7 @@ export interface B2BMagicLinksAuthenticateRequest {
    *
    */
   locale?: "en" | "es" | "pt-br" | string;
+  intermediate_session_token?: string;
 }
 
 // Response type for `magicLinks.authenticate`.

diff --git a/lib/b2b/magic_links_email.ts b/lib/b2b/magic_links_email.ts
@@ -5,8 +5,8 @@
 // !!!
 
 import {
-  addAuthorizationHeaders,
   Authorization,
+  addAuthorizationHeaders,
 } from "../shared/method_options";
 import { Discovery } from "./magic_links_email_discovery";
 import { fetchConfig } from "../shared";

diff --git a/lib/b2b/oauth.ts b/lib/b2b/oauth.ts
@@ -8,7 +8,7 @@ import {} from "../shared/method_options";
 import { Discovery } from "./oauth_discovery";
 import { fetchConfig } from "../shared";
 import { Member, Organization } from "./organizations";
-import { MemberSession } from "./sessions";
+import { MemberSession, PrimaryRequired } from "./sessions";
 import { MfaRequired } from "./mfa";
 import { request } from "../shared";
 
@@ -85,6 +85,7 @@ export interface B2BOAuthAuthenticateRequest {
    *
    */
   locale?: "en" | "es" | "pt-br" | string;
+  intermediate_session_token?: string;
 }
 
 // Response type for `oauth.authenticate`.
@@ -158,6 +159,7 @@ export interface B2BOAuthAuthenticateResponse {
   provider_values?: B2BOAuthProviderValues;
   // Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
   mfa_required?: MfaRequired;
+  primary_required?: PrimaryRequired;
 }
 
 export class OAuth {

diff --git a/lib/b2b/organizations.ts b/lib/b2b/organizations.ts
@@ -5,8 +5,8 @@
 // !!!
 
 import {
-  addAuthorizationHeaders,
   Authorization,
+  addAuthorizationHeaders,
 } from "../shared/method_options";
 import { fetchConfig } from "../shared";
 import { Members } from "./organizations_members";

diff --git a/lib/b2b/organizations_members.ts b/lib/b2b/organizations_members.ts
@@ -5,8 +5,8 @@
 // !!!
 
 import {
-  addAuthorizationHeaders,
   Authorization,
+  addAuthorizationHeaders,
 } from "../shared/method_options";
 import {
   B2BOrganizationsResultsMetadata,
@@ -515,7 +515,16 @@ export interface B2BOrganizationsMembersUpdateRequest {
    * `update.settings.default-mfa-method` action on the `stytch.self` Resource.
    */
   default_mfa_method?: string;
-  // Updates the Member's `email_address`, if provided.
+  /**
+   * Updates the Member's `email_address`, if provided.
+   *         If a Member's email address is changed, other Members in the same Organization cannot use the
+   * old email address, although the Member may update back to their old email address.
+   *         A Member's email address can only be useable again by other Members if the Member is deleted.
+   *
+   * If this field is provided and a session header is passed into the request, the Member Session must have
+   * permission to perform the `update.info.email` action on the `stytch.member` Resource. Members cannot
+   * update their own email address.
+   */
   email_address?: string;
 }
 

diff --git a/lib/b2b/passwords.ts b/lib/b2b/passwords.ts
@@ -117,6 +117,7 @@ export interface B2BPasswordsAuthenticateRequest {
    *
    */
   locale?: "en" | "es" | "pt-br" | string;
+  intermediate_session_token?: string;
 }
 
 // Response type for `passwords.authenticate`.

diff --git a/lib/b2b/passwords_email.ts b/lib/b2b/passwords_email.ts
@@ -78,6 +78,7 @@ export interface B2BPasswordsEmailResetRequest {
    *
    */
   locale?: "en" | "es" | "pt-br" | string;
+  intermediate_session_token?: string;
 }
 
 // Response type for `passwords.email.reset`.

diff --git a/lib/b2b/sessions.ts b/lib/b2b/sessions.ts
@@ -84,6 +84,17 @@ export interface MemberSession {
   custom_claims?: Record<string, any>; // eslint-disable-line @typescript-eslint/no-explicit-any
 }
 
+export interface PrimaryRequired {
+  /**
+   * If non-empty, indicates that the Organization restricts the authentication methods it allows for login
+   * (such as `sso` or `password`), and the end user must complete one of those authentication methods to log
+   * in. If empty, indicates that the Organization does not restrict the authentication method it allows for
+   * login, but the end user does not have any transferrable primary factors. Only email magic link and OAuth
+   * factors can be transferred between Organizations.
+   */
+  allowed_auth_methods: string[];
+}
+
 // Request type for `sessions.authenticate`.
 export interface B2BSessionsAuthenticateRequest {
   // A secret token for a given Stytch Session.
@@ -272,6 +283,7 @@ export interface B2BSessionsExchangeResponse {
   status_code: number;
   // Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.
   mfa_required?: MfaRequired;
+  primary_required?: PrimaryRequired;
 }
 
 // Request type for `sessions.getJWKS`.
@@ -514,6 +526,7 @@ export class Sessions {
    *
    * Only Email Magic Link, OAuth, and SMS OTP factors can be transferred between sessions. Other
    * authentication factors, such as password factors, will not be transferred to the new session.
+   * Any OAuth Tokens owned by the Member will not be transferred to the new Organization.
    * SMS OTP factors can be used to fulfill MFA requirements for the target Organization if both the original
    * and target Member have the same phone number and the phone number is verified for both Members.
    *

diff --git a/lib/b2b/sso.ts b/lib/b2b/sso.ts
@@ -5,8 +5,8 @@
 // !!!
 
 import {
-  addAuthorizationHeaders,
   Authorization,
+  addAuthorizationHeaders,
 } from "../shared/method_options";
 import { fetchConfig } from "../shared";
 import { Member, Organization } from "./organizations";
@@ -136,6 +136,7 @@ export interface B2BSSOAuthenticateRequest {
    *
    */
   locale?: "en" | "es" | "pt-br" | string;
+  intermediate_session_token?: string;
 }
 
 // Response type for `sso.authenticate`.

diff --git a/lib/b2b/sso_oidc.ts b/lib/b2b/sso_oidc.ts
@@ -5,8 +5,8 @@
 // !!!
 
 import {
-  addAuthorizationHeaders,
   Authorization,
+  addAuthorizationHeaders,
 } from "../shared/method_options";
 import { fetchConfig } from "../shared";
 import { OIDCConnection } from "./sso";

diff --git a/lib/b2b/sso_saml.ts b/lib/b2b/sso_saml.ts
@@ -5,8 +5,8 @@
 // !!!
 
 import {
-  addAuthorizationHeaders,
   Authorization,
+  addAuthorizationHeaders,
 } from "../shared/method_options";
 import { fetchConfig } from "../shared";
 import { request } from "../shared";

diff --git a/lib/b2c/index.ts b/lib/b2c/index.ts
@@ -83,6 +83,7 @@ export type {
   GitLabOAuthFactor,
   GithubOAuthFactor,
   GoogleOAuthFactor,
+  HubspotOAuthExchangeFactor,
   HubspotOAuthFactor,
   InstagramOAuthFactor,
   JWK,
@@ -95,6 +96,7 @@ export type {
   SalesforceOAuthFactor,
   Session,
   ShopifyOAuthFactor,
+  SlackOAuthExchangeFactor,
   SlackOAuthFactor,
   SnapchatOAuthFactor,
   SpotifyOAuthFactor,

diff --git a/lib/b2c/sessions.ts b/lib/b2c/sessions.ts
@@ -95,6 +95,8 @@ export interface AuthenticationFactor {
     | "oauth_yahoo"
     | "oauth_hubspot"
     | "imported_auth0"
+    | "oauth_exchange_slack"
+    | "oauth_exchange_hubspot"
     | string;
   // The timestamp when the factor was last authenticated.
   last_authenticated_at?: string;
@@ -143,6 +145,8 @@ export interface AuthenticationFactor {
   salesforce_oauth_factor?: SalesforceOAuthFactor;
   yahoo_oauth_factor?: YahooOAuthFactor;
   hubspot_oauth_factor?: HubspotOAuthFactor;
+  slack_oauth_exchange_factor?: SlackOAuthExchangeFactor;
+  hubspot_oauth_exchange_factor?: HubspotOAuthExchangeFactor;
 }
 
 export interface AuthenticatorAppFactor {
@@ -225,6 +229,10 @@ export interface GoogleOAuthFactor {
   provider_subject: string;
 }
 
+export interface HubspotOAuthExchangeFactor {
+  email_id: string;
+}
+
 export interface HubspotOAuthFactor {
   id: string;
   email_id: string;
@@ -339,6 +347,10 @@ export interface ShopifyOAuthFactor {
   provider_subject: string;
 }
 
+export interface SlackOAuthExchangeFactor {
+  email_id: string;
+}
+
 export interface SlackOAuthFactor {
   id: string;
   email_id: string;

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "stytch",
-  "version": "10.7.0",
+  "version": "10.8.0",
   "description": "A wrapper for the Stytch API",
   "types": "./types/lib/index.d.ts",
   "main": "./dist/index.js",

diff --git a/types/lib/b2b/discovery.d.ts b/types/lib/b2b/discovery.d.ts
diff --git a/types/lib/b2b/discovery_intermediate_sessions.d.ts b/types/lib/b2b/discovery_intermediate_sessions.d.ts
diff --git a/types/lib/b2b/discovery_organizations.d.ts b/types/lib/b2b/discovery_organizations.d.ts