b2b

package
v10.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 10, 2023 License: MIT Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DiscoveryClient 

type DiscoveryClient struct {
	C                    stytch.Client
	IntermediateSessions *DiscoveryIntermediateSessionsClient
	Organizations        *DiscoveryOrganizationsClient
}

func NewDiscoveryClient 

func NewDiscoveryClient(c stytch.Client) *DiscoveryClient

type DiscoveryIntermediateSessionsClient 

type DiscoveryIntermediateSessionsClient struct {
	C stytch.Client
}

func NewDiscoveryIntermediateSessionsClient 

func NewDiscoveryIntermediateSessionsClient(c stytch.Client) *DiscoveryIntermediateSessionsClient

func (*DiscoveryIntermediateSessionsClient) Exchange 

func (c *DiscoveryIntermediateSessionsClient) Exchange(
	ctx context.Context,
	body *intermediatesessions.ExchangeParams,
) (*intermediatesessions.ExchangeResponse, error)

Exchange an Intermediate Session for a fully realized [Member Session](https://stytch.com/docs/b2b/api/session-object) in a desired [Organization](https://stytch.com/docs/b2b/api/organization-object). This operation consumes the Intermediate Session.

This endpoint can be used to accept invites and create new members via domain matching.

If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`. The `intermediate_session_token` will not be consumed and instead will be returned in the response. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.

type DiscoveryOrganizationsClient 

type DiscoveryOrganizationsClient struct {
	C stytch.Client
}

func NewDiscoveryOrganizationsClient 

func NewDiscoveryOrganizationsClient(c stytch.Client) *DiscoveryOrganizationsClient

func (*DiscoveryOrganizationsClient) Create 

func (c *DiscoveryOrganizationsClient) Create(
	ctx context.Context,
	body *organizations.CreateParams,
) (*organizations.CreateResponse, error)

Create: If an end user does not want to join any already-existing organization, or has no possible organizations to join, this endpoint can be used to create a new [Organization](https://stytch.com/docs/b2b/api/organization-object) and [Member](https://stytch.com/docs/b2b/api/member-object).

This operation consumes the Intermediate Session.

This endpoint can also be used to start an initial session for the newly created member and organization.

If the new Organization is created with a `mfa_policy` of `REQUIRED_FOR_ALL`, the newly created Member will need to complete an MFA step to log in to the Organization. The `intermediate_session_token` will not be consumed and instead will be returned in the response. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.

func (*DiscoveryOrganizationsClient) List 

func (c *DiscoveryOrganizationsClient) List(
	ctx context.Context,
	body *organizations.ListParams,
) (*organizations.ListResponse, error)

List all possible organization relationships connected to a [Member Session](https://stytch.com/docs/b2b/api/session-object) or Intermediate Session.

When a Member Session is passed in, relationships with a type of `active_member`, `pending_member`, or `invited_member` will be returned, and any membership can be assumed by calling the [Exchange Session](https://stytch.com/docs/b2b/api/exchange-session) endpoint.

When an Intermediate Session is passed in, all relationship types - `active_member`, `pending_member`, `invited_member`, and `eligible_to_join_by_email_domain` - will be returned, and any membership can be assumed by calling the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) endpoint.

This endpoint requires either an `intermediate_session_token`, `session_jwt` or `session_token` be included in the request. It will return an error if multiple are present.

This operation does not consume the Intermediate Session or Session Token passed in.

type MagicLinksClient 

type MagicLinksClient struct {
	C         stytch.Client
	Email     *MagicLinksEmailClient
	Discovery *MagicLinksDiscoveryClient
}

func NewMagicLinksClient 

func NewMagicLinksClient(c stytch.Client) *MagicLinksClient

func (*MagicLinksClient) Authenticate 

func (c *MagicLinksClient) Authenticate(
	ctx context.Context,
	body *magiclinks.AuthenticateParams,
) (*magiclinks.AuthenticateResponse, error)

Authenticate a Member with a Magic Link. This endpoint requires a Magic Link token that is not expired or previously used. If the Member’s status is `pending` or `invited`, they will be updated to `active`. Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration.

If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.

If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.

type MagicLinksDiscoveryClient 

type MagicLinksDiscoveryClient struct {
	C stytch.Client
}

func NewMagicLinksDiscoveryClient 

func NewMagicLinksDiscoveryClient(c stytch.Client) *MagicLinksDiscoveryClient

func (*MagicLinksDiscoveryClient) Authenticate 

func (c *MagicLinksDiscoveryClient) Authenticate(
	ctx context.Context,
	body *discovery.AuthenticateParams,
) (*discovery.AuthenticateResponse, error)

Authenticate: Authenticates the Discovery Magic Link token and exchanges it for an Intermediate Session Token. Intermediate Session Tokens can be used for various Discovery login flows and are valid for 10 minutes.

type MagicLinksEmailClient 

type MagicLinksEmailClient struct {
	C         stytch.Client
	Discovery *MagicLinksEmailDiscoveryClient
}

func NewMagicLinksEmailClient 

func NewMagicLinksEmailClient(c stytch.Client) *MagicLinksEmailClient

func (*MagicLinksEmailClient) Invite 

func (c *MagicLinksEmailClient) Invite(
	ctx context.Context,
	body *email.InviteParams,
) (*email.InviteResponse, error)

Invite: Send an invite email to a new Member to join an Organization. The Member will be created with an `invited` status until they successfully authenticate. Sending invites to `pending` Members will update their status to `invited`. Sending invites to already `active` Members will return an error.

func (*MagicLinksEmailClient) LoginOrSignup 

func (c *MagicLinksEmailClient) LoginOrSignup(
	ctx context.Context,
	body *email.LoginOrSignupParams,
) (*email.LoginOrSignupResponse, error)

LoginOrSignup: Send either a login or signup magic link to a Member. A new, pending, or invited Member will receive a signup Email Magic Link. Members will have a `pending` status until they successfully authenticate. An active Member will receive a login Email Magic Link.

type MagicLinksEmailDiscoveryClient 

type MagicLinksEmailDiscoveryClient struct {
	C stytch.Client
}

func NewMagicLinksEmailDiscoveryClient 

func NewMagicLinksEmailDiscoveryClient(c stytch.Client) *MagicLinksEmailDiscoveryClient

func (*MagicLinksEmailDiscoveryClient) Send 

func (c *MagicLinksEmailDiscoveryClient) Send(
	ctx context.Context,
	body *discovery.SendParams,
) (*discovery.SendResponse, error)

Send a discovery magic link to an email address.

type OAuthClient 

type OAuthClient struct {
	C         stytch.Client
	Discovery *OAuthDiscoveryClient
}

func NewOAuthClient 

func NewOAuthClient(c stytch.Client) *OAuthClient

func (*OAuthClient) Authenticate 

func (c *OAuthClient) Authenticate(
	ctx context.Context,
	body *oauth.AuthenticateParams,
) (*oauth.AuthenticateResponse, error)

Authenticate a Member given a `token`. This endpoint verifies that the member completed the OAuth flow by verifying that the token is valid and hasn't expired. Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration.

If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.

If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.

type OAuthDiscoveryClient 

type OAuthDiscoveryClient struct {
	C stytch.Client
}

func NewOAuthDiscoveryClient 

func NewOAuthDiscoveryClient(c stytch.Client) *OAuthDiscoveryClient

func (*OAuthDiscoveryClient) Authenticate 

func (c *OAuthDiscoveryClient) Authenticate(
	ctx context.Context,
	body *discovery.AuthenticateParams,
) (*discovery.AuthenticateResponse, error)

Authenticate: Authenticates the Discovery OAuth token and exchanges it for an Intermediate Session Token. Intermediate Session Tokens can be used for various Discovery login flows and are valid for 10 minutes.

type OTPsClient 

type OTPsClient struct {
	C   stytch.Client
	Sms *OTPsSmsClient
}

func NewOTPsClient 

func NewOTPsClient(c stytch.Client) *OTPsClient

type OTPsSmsClient 

type OTPsSmsClient struct {
	C stytch.Client
}

func NewOTPsSmsClient 

func NewOTPsSmsClient(c stytch.Client) *OTPsSmsClient

func (*OTPsSmsClient) Authenticate 

func (c *OTPsSmsClient) Authenticate(
	ctx context.Context,
	body *sms.AuthenticateParams,
) (*sms.AuthenticateResponse, error)

Authenticate: SMS OTPs may not be used as a primary authentication mechanism. They can be used to complete an MFA requirement, or they can be used as a step-up factor to be added to an existing session.

This endpoint verifies that the one-time passcode (OTP) is valid and hasn't expired or been previously used. A given Member may only have a single active OTP code at any given time. If a Member requests another OTP code before the first one has expired, the first one will be invalidated.

Exactly one of `intermediate_session_token`, `session_token`, or `session_jwt` must be provided in the request. If an intermediate session token is provided, this operation will consume it.

Intermediate session tokens are generated upon successful calls to primary authenticate methods in the case where MFA is required, such as [email magic link authenticate](https://stytch.com/docs/b2b/api/authenticate-magic-link), or upon successful calls to discovery authenticate methods, such as [email magic link discovery authenticate](https://stytch.com/docs/b2b/api/authenticate-discovery-magic-link).

If the Organization's MFA policy is `REQUIRED_FOR_ALL`, a successful OTP authentication will change the Member's `mfa_enrolled` status to `true` if it is not already `true`. If the Organization's MFA policy is `OPTIONAL`, the Member's MFA enrollment can be toggled by passing in a value for the `set_mfa_enrollment` field. The Member's MFA enrollment can also be toggled through the [Update Member](https://stytch.com/docs/b2b/api/update-member) endpoint.

Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a duration of 60 minutes.

func (*OTPsSmsClient) Send 

func (c *OTPsSmsClient) Send(
	ctx context.Context,
	body *sms.SendParams,
) (*sms.SendResponse, error)

Send a one-time passcode (OTP) to a Member's phone number.

If the Member already has a phone number, the `mfa_phone_number` field is not needed; the endpoint will send an OTP to the number associated with the Member. If the Member does not have a phone number, the endpoint will send an OTP to the `mfa_phone_number` provided and link the `mfa_phone_number` with the Member.

An error will be thrown if the Member already has a phone number and the provided `mfa_phone_number` does not match the existing one.

Note that sending another OTP code before the first has expired will invalidate the first code.

If a Member has a phone number and is enrolled in MFA, then after a successful primary authentication event (e.g. [email magic link](https://stytch.com/docs/b2b/api/authenticate-magic-link) or [SSO](https://stytch.com/docs/b2b/api/sso-authenticate) login is complete), an SMS OTP will automatically be sent to their phone number. In that case, this endpoint should only be used for subsequent authentication events, such as prompting a Member for an OTP again after a period of inactivity.

type OrganizationsClient 

type OrganizationsClient struct {
	C       stytch.Client
	Members *OrganizationsMembersClient
}

func NewOrganizationsClient 

func NewOrganizationsClient(c stytch.Client) *OrganizationsClient

func (*OrganizationsClient) Create 

func (c *OrganizationsClient) Create(
	ctx context.Context,
	body *organizations.CreateParams,
) (*organizations.CreateResponse, error)

Create: Creates an Organization. An `organization_name` and a unique `organization_slug` are required.

By default, `email_invites` and `sso_jit_provisioning` will be set to `ALL_ALLOWED`, and `mfa_policy` will be set to `OPTIONAL` if no Organization authentication settings are explicitly defined in the request.

*See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.

func (*OrganizationsClient) Delete 

func (c *OrganizationsClient) Delete(
	ctx context.Context,
	body *organizations.DeleteParams,
) (*organizations.DeleteResponse, error)

Delete: Deletes an Organization specified by `organization_id`. All Members of the Organization will also be deleted.

func (*OrganizationsClient) Get 

func (c *OrganizationsClient) Get(
	ctx context.Context,
	body *organizations.GetParams,
) (*organizations.GetResponse, error)

Get: Returns an Organization specified by `organization_id`.

func (*OrganizationsClient) Search 

func (c *OrganizationsClient) Search(
	ctx context.Context,
	body *organizations.SearchParams,
) (*organizations.SearchResponse, error)

Search for Organizations. If you send a request with no body params, no filtering will be applied and the endpoint will return all Organizations. All fuzzy search filters require a minimum of three characters.

func (*OrganizationsClient) Update 

func (c *OrganizationsClient) Update(
	ctx context.Context,
	body *organizations.UpdateParams,
) (*organizations.UpdateResponse, error)

Update: Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members. test

*See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.

type OrganizationsMembersClient 

type OrganizationsMembersClient struct {
	C stytch.Client
}

func NewOrganizationsMembersClient 

func NewOrganizationsMembersClient(c stytch.Client) *OrganizationsMembersClient

func (*OrganizationsMembersClient) Create 

func (c *OrganizationsMembersClient) Create(
	ctx context.Context,
	body *members.CreateParams,
) (*members.CreateResponse, error)

Create: Creates a Member. An `organization_id` and `email_address` are required.

func (*OrganizationsMembersClient) Delete 

func (c *OrganizationsMembersClient) Delete(
	ctx context.Context,
	body *members.DeleteParams,
) (*members.DeleteResponse, error)

Delete: Deletes a Member specified by `organization_id` and `member_id`.

func (*OrganizationsMembersClient) DeleteMFAPhoneNumber added in v10.1.0 

func (c *OrganizationsMembersClient) DeleteMFAPhoneNumber(
	ctx context.Context,
	body *members.DeleteMFAPhoneNumberParams,
) (*members.DeleteMFAPhoneNumberResponse, error)

DeleteMFAPhoneNumber: Delete a Member's MFA phone number.

To change a Member's phone number, you must first call this endpoint to delete the existing phone number.

Existing Member Sessions that include a phone number authentication factor will not be revoked if the phone number is deleted, and MFA will not be enforced until the Member logs in again. If you wish to enforce MFA immediately after a phone number is deleted, you can do so by prompting the Member to enter a new phone number and calling the [OTP SMS send](https://stytch.com/docs/b2b/api/otp-sms-send) endpoint, then calling the [OTP SMS Authenticate](https://stytch.com/docs/b2b/api/authenticate-otp-sms) endpoint.

func (*OrganizationsMembersClient) DeletePassword 

func (c *OrganizationsMembersClient) DeletePassword(
	ctx context.Context,
	body *members.DeletePasswordParams,
) (*members.DeletePasswordResponse, error)

DeletePassword: Delete a Member's password.

func (*OrganizationsMembersClient) Get 

func (c *OrganizationsMembersClient) Get(
	ctx context.Context,
	body *members.GetParams,
) (*members.GetResponse, error)

Get a Member by `member_id` or `email_address`.

func (*OrganizationsMembersClient) Search 

func (c *OrganizationsMembersClient) Search(
	ctx context.Context,
	body *members.SearchParams,
) (*members.SearchResponse, error)

Search for Members within specified Organizations. An array with at least one `organization_id` is required. Submitting an empty `query` returns all Members within the specified Organizations.

*All fuzzy search filters require a minimum of three characters.

func (*OrganizationsMembersClient) Update 

func (c *OrganizationsMembersClient) Update(
	ctx context.Context,
	body *members.UpdateParams,
) (*members.UpdateResponse, error)

Update: Updates a Member specified by `organization_id` and `member_id`.

type PasswordsClient 

type PasswordsClient struct {
	C                stytch.Client
	Email            *PasswordsEmailClient
	Sessions         *PasswordsSessionsClient
	ExistingPassword *PasswordsExistingPasswordClient
}

func NewPasswordsClient 

func NewPasswordsClient(c stytch.Client) *PasswordsClient

func (*PasswordsClient) Authenticate 

func (c *PasswordsClient) Authenticate(
	ctx context.Context,
	body *passwords.AuthenticateParams,
) (*passwords.AuthenticateResponse, error)

Authenticate a member with their email address and password. This endpoint verifies that the member has a password currently set, and that the entered password is correct. There are two instances where the endpoint will return a reset_password error even if they enter their previous password: * The member’s credentials appeared in the HaveIBeenPwned dataset.

  • We force a password reset to ensure that the member is the legitimate owner of the email address,

and not a malicious actor abusing the compromised credentials. * A member that has previously authenticated with email/password uses a passwordless authentication method tied to the same email address (e.g. Magic Links) for the first time. Any subsequent email/password authentication attempt will result in this error.

  • We force a password reset in this instance in order to safely deduplicate the account by email

address, without introducing the risk of a pre-hijack account takeover attack.

  • Imagine a bad actor creates many accounts using passwords and the known email addresses of their

victims. If a victim comes to the site and logs in for the first time with an email-based passwordless authentication method then both the victim and the bad actor have credentials to access to the same account. To prevent this, any further email/password login attempts first require a password reset which can only be accomplished by someone with access to the underlying email address.

If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.

If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.

func (*PasswordsClient) Migrate 

func (c *PasswordsClient) Migrate(
	ctx context.Context,
	body *passwords.MigrateParams,
) (*passwords.MigrateResponse, error)

Migrate: Adds an existing password to a member's email that doesn't have a password yet. We support migrating members from passwords stored with bcrypt, scrypt, argon2, MD-5, SHA-1, and PBKDF2. This endpoint has a rate limit of 100 requests per second.

func (*PasswordsClient) StrengthCheck 

func (c *PasswordsClient) StrengthCheck(
	ctx context.Context,
	body *passwords.StrengthCheckParams,
) (*passwords.StrengthCheckResponse, error)

StrengthCheck: This API allows you to check whether the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password.

This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).

## Password feedback The zxcvbn_feedback and luds_feedback objects contains relevant fields for you to relay feedback to users that failed to create a strong enough password.

If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the feedback object will contain warning and suggestions for any password that does not meet the [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) strength requirements. You can return these strings directly to the user to help them craft a strong password.

If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), the feedback object will contain a collection of fields that the user failed or passed. You'll want to prompt the user to create a password that meets all requirements that they failed.

type PasswordsEmailClient 

type PasswordsEmailClient struct {
	C stytch.Client
}

func NewPasswordsEmailClient 

func NewPasswordsEmailClient(c stytch.Client) *PasswordsEmailClient

func (*PasswordsEmailClient) Reset 

func (c *PasswordsEmailClient) Reset(
	ctx context.Context,
	body *email.ResetParams,
) (*email.ResetResponse, error)

Reset the member's password and authenticate them. This endpoint checks that the password reset token is valid, hasn’t expired, or already been used.

The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated.

If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.

If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.

func (*PasswordsEmailClient) ResetStart 

func (c *PasswordsEmailClient) ResetStart(
	ctx context.Context,
	body *email.ResetStartParams,
) (*email.ResetStartResponse, error)

ResetStart: Initiates a password reset for the email address provided. This will trigger an email to be sent to the address, containing a magic link that will allow them to set a new password and authenticate.

This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).

type PasswordsExistingPasswordClient 

type PasswordsExistingPasswordClient struct {
	C stytch.Client
}

func NewPasswordsExistingPasswordClient 

func NewPasswordsExistingPasswordClient(c stytch.Client) *PasswordsExistingPasswordClient

func (*PasswordsExistingPasswordClient) Reset 

func (c *PasswordsExistingPasswordClient) Reset(
	ctx context.Context,
	body *existingpassword.ResetParams,
) (*existingpassword.ResetResponse, error)

Reset the member’s password using their existing password.

This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).

If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.

If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.

type PasswordsSessionsClient 

type PasswordsSessionsClient struct {
	C stytch.Client
}

func NewPasswordsSessionsClient 

func NewPasswordsSessionsClient(c stytch.Client) *PasswordsSessionsClient

func (*PasswordsSessionsClient) Reset 

func (c *PasswordsSessionsClient) Reset(
	ctx context.Context,
	body *session.ResetParams,
) (*session.ResetResponse, error)

Reset the Member's password using their existing session. The endpoint will error if the session does not contain an authentication factor that has been issued within the last 5 minutes. Either `session_token` or `session_jwt` should be provided.

type SSOClient 

type SSOClient struct {
	C    stytch.Client
	OIDC *SSOOIDCClient
	SAML *SSOSAMLClient
}

func NewSSOClient 

func NewSSOClient(c stytch.Client) *SSOClient

func (*SSOClient) Authenticate 

func (c *SSOClient) Authenticate(
	ctx context.Context,
	body *sso.AuthenticateParams,
) (*sso.AuthenticateResponse, error)

Authenticate a user given a token. This endpoint verifies that the user completed the SSO Authentication flow by verifying that the token is valid and hasn't expired. Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. To link this authentication event to an existing Stytch session, include either the `session_token` or `session_jwt` param.

If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.

If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step.

func (*SSOClient) DeleteConnection 

func (c *SSOClient) DeleteConnection(
	ctx context.Context,
	body *sso.DeleteConnectionParams,
) (*sso.DeleteConnectionResponse, error)

DeleteConnection: Delete an existing SSO connection.

func (*SSOClient) GetConnections 

func (c *SSOClient) GetConnections(
	ctx context.Context,
	body *sso.GetConnectionsParams,
) (*sso.GetConnectionsResponse, error)

GetConnections: Get all SSO Connections owned by the organization.

type SSOOIDCClient 

type SSOOIDCClient struct {
	C stytch.Client
}

func NewSSOOIDCClient 

func NewSSOOIDCClient(c stytch.Client) *SSOOIDCClient

func (*SSOOIDCClient) CreateConnection 

func (c *SSOOIDCClient) CreateConnection(
	ctx context.Context,
	body *oidc.CreateConnectionParams,
) (*oidc.CreateConnectionResponse, error)

CreateConnection: Create a new OIDC Connection.

func (*SSOOIDCClient) UpdateConnection 

func (c *SSOOIDCClient) UpdateConnection(
	ctx context.Context,
	body *oidc.UpdateConnectionParams,
) (*oidc.UpdateConnectionResponse, error)

UpdateConnection: Updates an existing OIDC connection.

When the value of `issuer` changes, Stytch will attempt to retrieve the [OpenID Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata) document found at `$/.well-known/openid-configuration`. If the metadata document can be retrieved successfully, Stytch will use it to infer the values of `authorization_url`, `token_url`, `jwks_url`, and `userinfo_url`. The `client_id` and `client_secret` values cannot be inferred from the metadata document, and *must* be passed in explicitly.

If the metadata document cannot be retrieved, Stytch will still update the connection using values from the request body.

If the metadata document can be retrieved, and values are passed in the request body, the explicit values passed in from the request body will take precedence over the values inferred from the metadata document.

Note that a newly created connection will not become active until all of the following fields are provided: * `issuer` * `client_id` * `client_secret` * `authorization_url` * `token_url` * `userinfo_url` * `jwks_url`

type SSOSAMLClient 

type SSOSAMLClient struct {
	C stytch.Client
}

func NewSSOSAMLClient 

func NewSSOSAMLClient(c stytch.Client) *SSOSAMLClient

func (*SSOSAMLClient) CreateConnection 

func (c *SSOSAMLClient) CreateConnection(
	ctx context.Context,
	body *saml.CreateConnectionParams,
) (*saml.CreateConnectionResponse, error)

CreateConnection: Create a new SAML Connection.

func (*SSOSAMLClient) DeleteVerificationCertificate 

func (c *SSOSAMLClient) DeleteVerificationCertificate(
	ctx context.Context,
	body *saml.DeleteVerificationCertificateParams,
) (*saml.DeleteVerificationCertificateResponse, error)

DeleteVerificationCertificate: Delete a SAML verification certificate.

You may need to do this when rotating certificates from your IdP, since Stytch allows a maximum of 5 certificates per connection. There must always be at least one certificate per active connection.

func (*SSOSAMLClient) UpdateConnection 

func (c *SSOSAMLClient) UpdateConnection(
	ctx context.Context,
	body *saml.UpdateConnectionParams,
) (*saml.UpdateConnectionResponse, error)

UpdateConnection: Updates an existing SAML connection.

Note that a newly created connection will not become active until all of the following are provided: * `idp_sso_url` * `attribute_mapping` * `idp_entity_id` * `x509_certificate`

type SessionsClient 

type SessionsClient struct {
	C stytch.Client
}

func NewSessionsClient 

func NewSessionsClient(c stytch.Client) *SessionsClient

func (*SessionsClient) Authenticate 

func (c *SessionsClient) Authenticate(
	ctx context.Context,
	body *sessions.AuthenticateParams,
) (*sessions.AuthenticateResponse, error)

Authenticate: Authenticates a Session and updates its lifetime by the specified `session_duration_minutes`. If the `session_duration_minutes` is not specified, a Session will not be extended. This endpoint requires either a `session_jwt` or `session_token` be included in the request. It will return an error if both are present.

You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid.

func (*SessionsClient) Exchange 

func (c *SessionsClient) Exchange(
	ctx context.Context,
	body *sessions.ExchangeParams,
) (*sessions.ExchangeResponse, error)

Exchange: Use this endpoint to exchange a Member's existing session for another session in a different Organization. This can be used to accept an invite, but not to create a new member via domain matching.

To create a new member via domain matching, use the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) flow instead.

Only Email Magic Link, OAuth, and SMS OTP factors can be transferred between sessions. Other authentication factors, such as password factors, will not be transferred to the new session. SMS OTP factors can be used to fulfill MFA requirements for the target Organization if both the original and target Member have the same phone number and the phone number is verified for both Members.

If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored.

func (*SessionsClient) Get 

func (c *SessionsClient) Get(
	ctx context.Context,
	body *sessions.GetParams,
) (*sessions.GetResponse, error)

Get: Retrieves all active Sessions for a Member.

func (*SessionsClient) GetJWKS 

func (c *SessionsClient) GetJWKS(
	ctx context.Context,
	body *sessions.GetJWKSParams,
) (*sessions.GetJWKSResponse, error)

GetJWKS: Get the JSON Web Key Set (JWKS) for a project.

func (*SessionsClient) Revoke 

func (c *SessionsClient) Revoke(
	ctx context.Context,
	body *sessions.RevokeParams,
) (*sessions.RevokeResponse, error)

Revoke a Session and immediately invalidate all its tokens. To revoke a specific Session, pass either the `member_session_id`, `session_token`, or `session_jwt`. To revoke all Sessions for a Member, pass the `member_id`.

Source Files

View all Source files

Directories

Path Synopsis
intermediatesessions
organizations
discovery
email
email/discovery
discovery
members
otp
sms
email
existingpassword
session
sso
oidc
saml

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.