Documentation ¶
Index ¶
- type CryptoWalletsClient
- func (c *CryptoWalletsClient) Authenticate(ctx context.Context, body *cryptowallets.AuthenticateParams) (*cryptowallets.AuthenticateResponse, error)
- func (c *CryptoWalletsClient) AuthenticateStart(ctx context.Context, body *cryptowallets.AuthenticateStartParams) (*cryptowallets.AuthenticateStartResponse, error)
- func (c *CryptoWalletsClient) AuthenticateWithClaims(ctx context.Context, body *cryptowallets.AuthenticateParams, claims any) (*cryptowallets.AuthenticateResponse, error)
- type M2MClient
- type M2MClientsClient
- func (c *M2MClientsClient) Create(ctx context.Context, body *clients.CreateParams) (*clients.CreateResponse, error)
- func (c *M2MClientsClient) Delete(ctx context.Context, body *clients.DeleteParams) (*clients.DeleteResponse, error)
- func (c *M2MClientsClient) Get(ctx context.Context, body *clients.GetParams) (*clients.GetResponse, error)
- func (c *M2MClientsClient) Search(ctx context.Context, body *clients.SearchParams) (*clients.SearchResponse, error)
- func (c *M2MClientsClient) Update(ctx context.Context, body *clients.UpdateParams) (*clients.UpdateResponse, error)
- type M2MClientsSecretsClient
- func (c *M2MClientsSecretsClient) Rotate(ctx context.Context, body *secrets.RotateParams) (*secrets.RotateResponse, error)
- func (c *M2MClientsSecretsClient) RotateCancel(ctx context.Context, body *secrets.RotateCancelParams) (*secrets.RotateCancelResponse, error)
- func (c *M2MClientsSecretsClient) RotateStart(ctx context.Context, body *secrets.RotateStartParams) (*secrets.RotateStartResponse, error)
- type MagicLinksClient
- func (c *MagicLinksClient) Authenticate(ctx context.Context, body *magiclinks.AuthenticateParams) (*magiclinks.AuthenticateResponse, error)
- func (c *MagicLinksClient) AuthenticateWithClaims(ctx context.Context, body *magiclinks.AuthenticateParams, claims any) (*magiclinks.AuthenticateResponse, error)
- func (c *MagicLinksClient) Create(ctx context.Context, body *magiclinks.CreateParams) (*magiclinks.CreateResponse, error)
- type MagicLinksEmailClient
- func (c *MagicLinksEmailClient) Invite(ctx context.Context, body *email.InviteParams) (*email.InviteResponse, error)
- func (c *MagicLinksEmailClient) LoginOrCreate(ctx context.Context, body *email.LoginOrCreateParams) (*email.LoginOrCreateResponse, error)
- func (c *MagicLinksEmailClient) RevokeInvite(ctx context.Context, body *email.RevokeInviteParams) (*email.RevokeInviteResponse, error)
- func (c *MagicLinksEmailClient) Send(ctx context.Context, body *email.SendParams) (*email.SendResponse, error)
- type OAuthClient
- func (c *OAuthClient) Attach(ctx context.Context, body *oauth.AttachParams) (*oauth.AttachResponse, error)
- func (c *OAuthClient) Authenticate(ctx context.Context, body *oauth.AuthenticateParams) (*oauth.AuthenticateResponse, error)
- func (c *OAuthClient) AuthenticateWithClaims(ctx context.Context, body *oauth.AuthenticateParams, claims any) (*oauth.AuthenticateResponse, error)
- type OTPsClient
- type OTPsEmailClient
- type OTPsSmsClient
- type OTPsWhatsappClient
- type PasswordsClient
- func (c *PasswordsClient) Authenticate(ctx context.Context, body *passwords.AuthenticateParams) (*passwords.AuthenticateResponse, error)
- func (c *PasswordsClient) AuthenticateWithClaims(ctx context.Context, body *passwords.AuthenticateParams, claims any) (*passwords.AuthenticateResponse, error)
- func (c *PasswordsClient) Create(ctx context.Context, body *passwords.CreateParams) (*passwords.CreateResponse, error)
- func (c *PasswordsClient) Migrate(ctx context.Context, body *passwords.MigrateParams) (*passwords.MigrateResponse, error)
- func (c *PasswordsClient) StrengthCheck(ctx context.Context, body *passwords.StrengthCheckParams) (*passwords.StrengthCheckResponse, error)
- type PasswordsEmailClient
- type PasswordsExistingPasswordClient
- type PasswordsSessionsClient
- type SessionsClient
- func (c *SessionsClient) Authenticate(ctx context.Context, body *sessions.AuthenticateParams) (*sessions.AuthenticateResponse, error)
- func (c *SessionsClient) AuthenticateJWT(ctx context.Context, maxTokenAge time.Duration, ...) (*sessions.AuthenticateResponse, error)
- func (c *SessionsClient) AuthenticateJWTLocal(token string, maxTokenAge time.Duration) (*sessions.Session, error)
- func (c *SessionsClient) AuthenticateJWTWithClaims(ctx context.Context, maxTokenAge time.Duration, ...) (*sessions.AuthenticateResponse, error)
- func (c *SessionsClient) AuthenticateWithClaims(ctx context.Context, body *sessions.AuthenticateParams, claims any) (*sessions.AuthenticateResponse, error)
- func (c *SessionsClient) Get(ctx context.Context, body *sessions.GetParams) (*sessions.GetResponse, error)
- func (c *SessionsClient) GetJWKS(ctx context.Context, body *sessions.GetJWKSParams) (*sessions.GetJWKSResponse, error)
- func (c *SessionsClient) Revoke(ctx context.Context, body *sessions.RevokeParams) (*sessions.RevokeResponse, error)
- type TOTPsClient
- func (c *TOTPsClient) Authenticate(ctx context.Context, body *totps.AuthenticateParams) (*totps.AuthenticateResponse, error)
- func (c *TOTPsClient) AuthenticateWithClaims(ctx context.Context, body *totps.AuthenticateParams, claims any) (*totps.AuthenticateResponse, error)
- func (c *TOTPsClient) Create(ctx context.Context, body *totps.CreateParams) (*totps.CreateResponse, error)
- func (c *TOTPsClient) Recover(ctx context.Context, body *totps.RecoverParams) (*totps.RecoverResponse, error)
- func (c *TOTPsClient) RecoveryCodes(ctx context.Context, body *totps.RecoveryCodesParams) (*totps.RecoveryCodesResponse, error)
- type UsersClient
- func (c *UsersClient) Create(ctx context.Context, body *users.CreateParams) (*users.CreateResponse, error)
- func (c *UsersClient) Delete(ctx context.Context, body *users.DeleteParams) (*users.DeleteResponse, error)
- func (c *UsersClient) DeleteBiometricRegistration(ctx context.Context, body *users.DeleteBiometricRegistrationParams) (*users.DeleteBiometricRegistrationResponse, error)
- func (c *UsersClient) DeleteCryptoWallet(ctx context.Context, body *users.DeleteCryptoWalletParams) (*users.DeleteCryptoWalletResponse, error)
- func (c *UsersClient) DeleteEmail(ctx context.Context, body *users.DeleteEmailParams) (*users.DeleteEmailResponse, error)
- func (c *UsersClient) DeleteOAuthRegistration(ctx context.Context, body *users.DeleteOAuthRegistrationParams) (*users.DeleteOAuthRegistrationResponse, error)
- func (c *UsersClient) DeletePassword(ctx context.Context, body *users.DeletePasswordParams) (*users.DeletePasswordResponse, error)
- func (c *UsersClient) DeletePhoneNumber(ctx context.Context, body *users.DeletePhoneNumberParams) (*users.DeletePhoneNumberResponse, error)
- func (c *UsersClient) DeleteTOTP(ctx context.Context, body *users.DeleteTOTPParams) (*users.DeleteTOTPResponse, error)
- func (c *UsersClient) DeleteWebAuthnRegistration(ctx context.Context, body *users.DeleteWebAuthnRegistrationParams) (*users.DeleteWebAuthnRegistrationResponse, error)
- func (c *UsersClient) Get(ctx context.Context, body *users.GetParams) (*users.GetResponse, error)
- func (c *UsersClient) Search(ctx context.Context, body *users.SearchParams) (*users.SearchResponse, error)
- func (c *UsersClient) Update(ctx context.Context, body *users.UpdateParams) (*users.UpdateResponse, error)
- type WebAuthnClient
- func (c *WebAuthnClient) Authenticate(ctx context.Context, body *webauthn.AuthenticateParams) (*webauthn.AuthenticateResponse, error)
- func (c *WebAuthnClient) AuthenticateStart(ctx context.Context, body *webauthn.AuthenticateStartParams) (*webauthn.AuthenticateStartResponse, error)
- func (c *WebAuthnClient) AuthenticateWithClaims(ctx context.Context, body *webauthn.AuthenticateParams, claims any) (*webauthn.AuthenticateResponse, error)
- func (c *WebAuthnClient) Register(ctx context.Context, body *webauthn.RegisterParams) (*webauthn.RegisterResponse, error)
- func (c *WebAuthnClient) RegisterStart(ctx context.Context, body *webauthn.RegisterStartParams) (*webauthn.RegisterStartResponse, error)
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CryptoWalletsClient ¶
func NewCryptoWalletsClient ¶
func NewCryptoWalletsClient(c stytch.Client) *CryptoWalletsClient
func (*CryptoWalletsClient) Authenticate ¶
func (c *CryptoWalletsClient) Authenticate( ctx context.Context, body *cryptowallets.AuthenticateParams, ) (*cryptowallets.AuthenticateResponse, error)
Authenticate: Complete the authentication of a crypto wallet by passing the signature.
func (*CryptoWalletsClient) AuthenticateStart ¶
func (c *CryptoWalletsClient) AuthenticateStart( ctx context.Context, body *cryptowallets.AuthenticateStartParams, ) (*cryptowallets.AuthenticateStartResponse, error)
AuthenticateStart: Initiate the authentication of a crypto wallet. After calling this endpoint, the user will need to sign a message containing only the returned `challenge` field.
func (*CryptoWalletsClient) AuthenticateWithClaims ¶
func (c *CryptoWalletsClient) AuthenticateWithClaims( ctx context.Context, body *cryptowallets.AuthenticateParams, claims any, ) (*cryptowallets.AuthenticateResponse, error)
AuthenticateWithClaims fills in the claims pointer with custom claims from the response. Pass in a map with the types of values you're expecting so that this function can marshal the claims from the response. See ExampleClient_AuthenticateWithClaims_map, ExampleClient_AuthenticateWithClaims_struct for examples
type M2MClient ¶ added in v10.1.0
type M2MClient struct { C stytch.Client Clients *M2MClientsClient JWKS *keyfunc.JWKS }
func NewM2MClient ¶ added in v10.1.0
func (*M2MClient) AuthenticateToken ¶ added in v10.1.0
func (c *M2MClient) AuthenticateToken( ctx context.Context, req *m2m.AuthenticateTokenParams, ) (*m2m.AuthenticateTokenResponse, error)
AuthenticateToken validates an access token issued by Stytch from the Token endpoint. M2M access tokens are JWTs signed with the project's JWKs, and can be validated locally using any Stytch client library. You may pass in an optional set of scopes that the JWT must contain in order to enforce permissions.
func (*M2MClient) Token ¶ added in v10.1.0
func (c *M2MClient) Token( ctx context.Context, body *m2m.TokenParams, ) (*m2m.TokenResponse, error)
Token retrieves an access token for the given M2M Client. Access tokens are JWTs signed with the project's JWKs, and are valid for one hour after issuance. M2M Access tokens contain a standard set of claims as well as any custom claims generated from templates. M2M Access tokens can be validated locally using the Authenticate Access Token method in the Stytch Backend SDKs, or with any library that supports JWT signature validation.
Here is an example of a standard set of claims from a M2M Access Token: ```
{ "sub": "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885", "iss": "stytch.com/project-test-3e71d0a1-1e3e-4ee2-9be0-d7c0900f02c2", "aud": ["project-test-3e71d0a1-1e3e-4ee2-9be0-d7c0900f02c2"], "scope": "read:users write:users", "iat": 4102473300, "nbf": 4102473300, "exp": 4102476900 }
```
type M2MClientsClient ¶ added in v10.1.0
type M2MClientsClient struct { C stytch.Client Secrets *M2MClientsSecretsClient }
func NewM2MClientsClient ¶ added in v10.1.0
func NewM2MClientsClient(c stytch.Client) *M2MClientsClient
func (*M2MClientsClient) Create ¶ added in v10.1.0
func (c *M2MClientsClient) Create( ctx context.Context, body *clients.CreateParams, ) (*clients.CreateResponse, error)
Create: Creates a new M2M Client. On initial client creation, you may pass in a custom `client_id` or `client_secret` to import an existing M2M client. If you do not pass in a custom `client_id` or `client_secret`, one will be generated automatically. The `client_id` must be unique among all clients in your project.
**Important:** This is the only time you will be able to view the generated `client_secret` in the API response. Stytch stores a hash of the `client_secret` and cannot recover the value if lost. Be sure to persist the `client_secret` in a secure location. If the `client_secret` is lost, you will need to trigger a secret rotation flow to receive another one.
func (*M2MClientsClient) Delete ¶ added in v10.1.0
func (c *M2MClientsClient) Delete( ctx context.Context, body *clients.DeleteParams, ) (*clients.DeleteResponse, error)
Delete: Deletes the M2M Client.
**Important:** Deleting a M2M Client will not invalidate any existing JWTs issued to the client, only prevent it from receiving new ones. To protect more-sensitive routes, pass a lower `max_token_age` value when[authenticating the token](https://stytch.com/docs/b2b/api/authenticate-m2m-token)[authenticating the token](https://stytch.com/docs/api/authenticate-m2m-token).
func (*M2MClientsClient) Get ¶ added in v10.1.0
func (c *M2MClientsClient) Get( ctx context.Context, body *clients.GetParams, ) (*clients.GetResponse, error)
Get: Gets information about an existing M2M Client.
func (*M2MClientsClient) Search ¶ added in v10.1.0
func (c *M2MClientsClient) Search( ctx context.Context, body *clients.SearchParams, ) (*clients.SearchResponse, error)
Search for M2M Clients within your Stytch Project. Submit an empty `query` in the request to return all M2M Clients.
The following search filters are supported today: - `client_id`: Pass in a list of client IDs to get many clients in a single request - `client_name`: Search for clients by exact match on client name - `scopes`: Search for clients assigned a specific scope
func (*M2MClientsClient) Update ¶ added in v10.1.0
func (c *M2MClientsClient) Update( ctx context.Context, body *clients.UpdateParams, ) (*clients.UpdateResponse, error)
Update: Updates an existing M2M Client. You can use this endpoint to activate or deactivate a M2M Client by changing its `status`. A deactivated M2M Client will not be allowed to perform future token exchange flows until it is reactivated.
**Important:** Deactivating a M2M Client will not invalidate any existing JWTs issued to the client, only prevent it from receiving new ones. To protect more-sensitive routes, pass a lower `max_token_age` value when[authenticating the token](https://stytch.com/docs/b2b/api/authenticate-m2m-token)[authenticating the token](https://stytch.com/docs/api/authenticate-m2m-token).
type M2MClientsSecretsClient ¶ added in v10.1.0
func NewM2MClientsSecretsClient ¶ added in v10.1.0
func NewM2MClientsSecretsClient(c stytch.Client) *M2MClientsSecretsClient
func (*M2MClientsSecretsClient) Rotate ¶ added in v10.1.0
func (c *M2MClientsSecretsClient) Rotate( ctx context.Context, body *secrets.RotateParams, ) (*secrets.RotateResponse, error)
Rotate: Complete the rotation of an M2M client secret started with the[Start Secret Rotation Endpoint](https://stytch.com/docs/b2b/api/m2m-rotate-secret-start)[Start Secret Rotation Endpoint](https://stytch.com/docs/api/m2m-rotate-secret-start). After this endpoint is called, the client's `next_client_secret` becomes its `client_secret` and the previous `client_secret` will no longer be valid.
func (*M2MClientsSecretsClient) RotateCancel ¶ added in v10.1.0
func (c *M2MClientsSecretsClient) RotateCancel( ctx context.Context, body *secrets.RotateCancelParams, ) (*secrets.RotateCancelResponse, error)
RotateCancel: Cancel the rotation of an M2M client secret started with the[Start Secret Rotation Endpoint](https://stytch.com/docs/b2b/api/m2m-rotate-secret-start)[Start Secret Rotation Endpoint](https://stytch.com/docs/api/m2m-rotate-secret-start). After this endpoint is called, the client's `next_client_secret` is discarded and only the original `client_secret` will be valid.
func (*M2MClientsSecretsClient) RotateStart ¶ added in v10.1.0
func (c *M2MClientsSecretsClient) RotateStart( ctx context.Context, body *secrets.RotateStartParams, ) (*secrets.RotateStartResponse, error)
RotateStart: Initiate the rotation of an M2M client secret. After this endpoint is called, both the client's `client_secret` and `next_client_secret` will be valid. To complete the secret rotation flow, update all usages of `client_secret` to `next_client_secret` and call the[Rotate Secret Endpoint](https://stytch.com/docs/b2b/api/m2m-rotate-secret)[Rotate Secret Endpoint](https://stytch.com/docs/api/m2m-rotate-secret) to complete the flow. Secret rotation can be cancelled using the[Rotate Cancel Endpoint](https://stytch.com/docs/b2b/api/m2m-rotate-secret-cancel)[Rotate Cancel Endpoint](https://stytch.com/docs/api/m2m-rotate-secret-cancel).
**Important:** This is the only time you will be able to view the generated `next_client_secret` in the API response. Stytch stores a hash of the `next_client_secret` and cannot recover the value if lost. Be sure to persist the `next_client_secret` in a secure location. If the `next_client_secret` is lost, you will need to trigger a secret rotation flow to receive another one.
type MagicLinksClient ¶
type MagicLinksClient struct { C stytch.Client Email *MagicLinksEmailClient }
func NewMagicLinksClient ¶
func NewMagicLinksClient(c stytch.Client) *MagicLinksClient
func (*MagicLinksClient) Authenticate ¶
func (c *MagicLinksClient) Authenticate( ctx context.Context, body *magiclinks.AuthenticateParams, ) (*magiclinks.AuthenticateResponse, error)
Authenticate a User given a Magic Link. This endpoint verifies that the Magic Link token is valid, hasn't expired or been previously used, and any optional security settings such as IP match or user agent match are satisfied.
func (*MagicLinksClient) AuthenticateWithClaims ¶
func (c *MagicLinksClient) AuthenticateWithClaims( ctx context.Context, body *magiclinks.AuthenticateParams, claims any, ) (*magiclinks.AuthenticateResponse, error)
AuthenticateWithClaims fills in the claims pointer with custom claims from the response. Pass in a map with the types of values you're expecting so that this function can marshal the claims from the response. See ExampleClient_AuthenticateWithClaims_map, ExampleClient_AuthenticateWithClaims_struct for examples
func (*MagicLinksClient) Create ¶
func (c *MagicLinksClient) Create( ctx context.Context, body *magiclinks.CreateParams, ) (*magiclinks.CreateResponse, error)
Create an embeddable Magic Link token for a User. Access to this endpoint is restricted. To enable it, please send us a note at support@stytch.com.
### Next steps Send the returned `token` value to the end user in a link which directs to your application. When the end user follows your link, collect the token, and call [Authenticate Magic Link](https://stytch.com/docs/api/authenticate-magic-link) to complete authentication.
type MagicLinksEmailClient ¶
func NewMagicLinksEmailClient ¶
func NewMagicLinksEmailClient(c stytch.Client) *MagicLinksEmailClient
func (*MagicLinksEmailClient) Invite ¶
func (c *MagicLinksEmailClient) Invite( ctx context.Context, body *email.InviteParams, ) (*email.InviteResponse, error)
Invite: Create a User and send an invite Magic Link to the provided `email`. The User will be created with a `pending` status until they click the Magic Link in the invite email.
### Next steps The User is emailed a Magic Link which redirects them to the provided [redirect URL](https://stytch.com/docs/magic-links#email-magic-links_redirect-routing). Collect the `token` from the URL query parameters and call [Authenticate Magic Link](https://stytch.com/docs/api/authenticate-magic-link) to complete authentication.
func (*MagicLinksEmailClient) LoginOrCreate ¶
func (c *MagicLinksEmailClient) LoginOrCreate( ctx context.Context, body *email.LoginOrCreateParams, ) (*email.LoginOrCreateResponse, error)
LoginOrCreate: Send either a login or signup Magic Link to the User based on if the email is associated with a User already. A new or pending User will receive a signup Magic Link. An active User will receive a login Magic Link. For more information on how to control the status your Users are created in see the `create_user_as_pending` flag.
### Next steps The User is emailed a Magic Link which redirects them to the provided [redirect URL](https://stytch.com/docs/magic-links#email-magic-links_redirect-routing). Collect the `token` from the URL query parameters and call [Authenticate Magic Link](https://stytch.com/docs/api/authenticate-magic-link) to complete authentication.
func (*MagicLinksEmailClient) RevokeInvite ¶
func (c *MagicLinksEmailClient) RevokeInvite( ctx context.Context, body *email.RevokeInviteParams, ) (*email.RevokeInviteResponse, error)
RevokeInvite: Revoke a pending invite based on the `email` provided.
func (*MagicLinksEmailClient) Send ¶
func (c *MagicLinksEmailClient) Send( ctx context.Context, body *email.SendParams, ) (*email.SendResponse, error)
Send a magic link to an existing Stytch user using their email address. If you'd like to create a user and send them a magic link by email with one request, use our [log in or create endpoint](https://stytch.com/docs/api/log-in-or-create-user-by-email).
### Add an email to an existing user This endpoint also allows you to add a new email to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in the request will add the email to the pre-existing Stytch User upon successful authentication.
Adding a new email to an existing Stytch User requires the user to be present and validate the email via magic link. This requirement is in place to prevent account takeover attacks.
### Next steps The user is emailed a magic link which redirects them to the provided [redirect URL](https://stytch.com/docs/guides/magic-links/email-magic-links/redirect-routing). Collect the `token` from the URL query parameters, and call [Authenticate magic link](https://stytch.com/docs/api/authenticate-magic-link) to complete authentication.
type OAuthClient ¶
func NewOAuthClient ¶
func NewOAuthClient(c stytch.Client) *OAuthClient
func (*OAuthClient) Attach ¶
func (c *OAuthClient) Attach( ctx context.Context, body *oauth.AttachParams, ) (*oauth.AttachResponse, error)
Attach: Generate an OAuth Attach Token to pre-associate an OAuth flow with an existing Stytch User. Pass the returned `oauth_attach_token` to the same provider's OAuth Start endpoint to treat this OAuth flow as a login for that user instead of a signup for a new user.
Exactly one of `user_id`, `session_token`, or `session_jwt` must be provided to identify the target Stytch User.
This is an optional step in the OAuth flow. Stytch can often determine whether to create a new user or log in an existing one based on verified identity provider information. This endpoint is useful for cases where we can't, such as missing or unverified provider information.
func (*OAuthClient) Authenticate ¶
func (c *OAuthClient) Authenticate( ctx context.Context, body *oauth.AuthenticateParams, ) (*oauth.AuthenticateResponse, error)
Authenticate a User given a `token`. This endpoint verifies that the user completed the OAuth flow by verifying that the token is valid and hasn't expired. To initiate a Stytch session for the user while authenticating their OAuth token, include `session_duration_minutes`; a session with the identity provider, e.g. Google or Facebook, will always be initiated upon successful authentication.
func (*OAuthClient) AuthenticateWithClaims ¶
func (c *OAuthClient) AuthenticateWithClaims( ctx context.Context, body *oauth.AuthenticateParams, claims any, ) (*oauth.AuthenticateResponse, error)
AuthenticateWithClaims fills in the claims pointer with custom claims from the response. Pass in a map with the types of values you're expecting so that this function can marshal the claims from the response. See ExampleClient_AuthenticateWithClaims_map, ExampleClient_AuthenticateWithClaims_struct for examples
type OTPsClient ¶
type OTPsClient struct { C stytch.Client Sms *OTPsSmsClient Whatsapp *OTPsWhatsappClient Email *OTPsEmailClient }
func NewOTPsClient ¶
func NewOTPsClient(c stytch.Client) *OTPsClient
func (*OTPsClient) Authenticate ¶
func (c *OTPsClient) Authenticate( ctx context.Context, body *otp.AuthenticateParams, ) (*otp.AuthenticateResponse, error)
Authenticate a User given a `method_id` (the associated `email_id` or `phone_id`) and a `code`. This endpoint verifies that the code is valid, hasn't expired or been previously used, and any optional security settings such as IP match or user agent match are satisfied. A given `method_id` may only have a single active OTP code at any given time, if a User requests another OTP code before the first one has expired, the first one will be invalidated.
func (*OTPsClient) AuthenticateWithClaims ¶
func (c *OTPsClient) AuthenticateWithClaims( ctx context.Context, body *otp.AuthenticateParams, claims any, ) (*otp.AuthenticateResponse, error)
AuthenticateWithClaims fills in the claims pointer with custom claims from the response. Pass in a map with the types of values you're expecting so that this function can marshal the claims from the response. See ExampleClient_AuthenticateWithClaims_map, ExampleClient_AuthenticateWithClaims_struct for examples
type OTPsEmailClient ¶
func NewOTPsEmailClient ¶
func NewOTPsEmailClient(c stytch.Client) *OTPsEmailClient
func (*OTPsEmailClient) LoginOrCreate ¶
func (c *OTPsEmailClient) LoginOrCreate( ctx context.Context, body *email.LoginOrCreateParams, ) (*email.LoginOrCreateResponse, error)
LoginOrCreate: Send a one-time passcode (OTP) to a User using their email. If the email is not associated with a User already, a User will be created.
### Next steps
Collect the OTP which was delivered to the User. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`.
func (*OTPsEmailClient) Send ¶
func (c *OTPsEmailClient) Send( ctx context.Context, body *email.SendParams, ) (*email.SendResponse, error)
Send a one-time passcode (OTP) to a User using their email. If you'd like to create a user and send them a passcode with one request, use our [log in or create endpoint](https://stytch.com/docs/api/log-in-or-create-user-by-email-otp).
### Add an email to an existing user This endpoint also allows you to add a new email to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in the request will add the email to the pre-existing Stytch User upon successful authentication.
Adding a new email to an existing Stytch User requires the User to be present and validate the email via OTP. This requirement is in place to prevent account takeover attacks.
### Next steps Collect the OTP which was delivered to the user. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`.
type OTPsSmsClient ¶
func NewOTPsSmsClient ¶
func NewOTPsSmsClient(c stytch.Client) *OTPsSmsClient
func (*OTPsSmsClient) LoginOrCreate ¶
func (c *OTPsSmsClient) LoginOrCreate( ctx context.Context, body *sms.LoginOrCreateParams, ) (*sms.LoginOrCreateResponse, error)
LoginOrCreate: Send a one-time passcode (OTP) to a User using their phone number. If the phone number is not associated with a user already, a user will be created.
### Next steps
Collect the OTP which was delivered to the User. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`.
func (*OTPsSmsClient) Send ¶
func (c *OTPsSmsClient) Send( ctx context.Context, body *sms.SendParams, ) (*sms.SendResponse, error)
Send a one-time passcode (OTP) to a user's phone number. If you'd like to create a user and send them a passcode with one request, use our [log in or create](https://stytch.com/docs/api/log-in-or-create-user-by-sms) endpoint.
Note that sending another OTP code before the first has expired will invalidate the first code.
### Add a phone number to an existing user
This endpoint also allows you to add a new phone number to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in the request will add the phone number to the pre-existing Stytch User upon successful authentication.
Adding a new phone number to an existing Stytch User requires the user to be present and validate the phone number via OTP. This requirement is in place to prevent account takeover attacks.
### Next steps
Collect the OTP which was delivered to the user. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`.
type OTPsWhatsappClient ¶
func NewOTPsWhatsappClient ¶
func NewOTPsWhatsappClient(c stytch.Client) *OTPsWhatsappClient
func (*OTPsWhatsappClient) LoginOrCreate ¶
func (c *OTPsWhatsappClient) LoginOrCreate( ctx context.Context, body *whatsapp.LoginOrCreateParams, ) (*whatsapp.LoginOrCreateResponse, error)
LoginOrCreate: Send a one-time passcode (OTP) to a User's WhatsApp using their phone number. If the phone number is not associated with a User already, a User will be created.
### Next steps
Collect the OTP which was delivered to the User. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`.
func (*OTPsWhatsappClient) Send ¶
func (c *OTPsWhatsappClient) Send( ctx context.Context, body *whatsapp.SendParams, ) (*whatsapp.SendResponse, error)
Send a one-time passcode (OTP) to a User's WhatsApp. If you'd like to create a user and send them a passcode with one request, use our [log in or create](https://stytch.com/docs/api/whatsapp-login-or-create) endpoint.
Note that sending another OTP code before the first has expired will invalidate the first code.
### Add a phone number to an existing user
This endpoint also allows you to add a new phone number to an existing Stytch User. Including a `user_id`, `session_token`, or `session_jwt` in the request will add the phone number to the pre-existing Stytch User upon successful authentication.
Adding a new phone number to an existing Stytch User requires the user to be present and validate the phone number via OTP. This requirement is in place to prevent account takeover attacks.
### Next steps
Collect the OTP which was delivered to the user. Call [Authenticate OTP](https://stytch.com/docs/api/authenticate-otp) using the OTP `code` along with the `phone_id` found in the response as the `method_id`.
type PasswordsClient ¶
type PasswordsClient struct { C stytch.Client Email *PasswordsEmailClient ExistingPassword *PasswordsExistingPasswordClient Sessions *PasswordsSessionsClient }
func NewPasswordsClient ¶
func NewPasswordsClient(c stytch.Client) *PasswordsClient
func (*PasswordsClient) Authenticate ¶
func (c *PasswordsClient) Authenticate( ctx context.Context, body *passwords.AuthenticateParams, ) (*passwords.AuthenticateResponse, error)
Authenticate a user with their email address and password. This endpoint verifies that the user has a password currently set, and that the entered password is correct. There are two instances where the endpoint will return a `reset_password` error even if they enter their previous password:
**One:** The user’s credentials appeared in the HaveIBeenPwned dataset. We force a password reset to ensure that the user is the legitimate owner of the email address, and not a malicious actor abusing the compromised credentials.
**Two:** A user that has previously authenticated with email/password uses a passwordless authentication method tied to the same email address (e.g. Magic Links, Google OAuth) for the first time. Any subsequent email/password authentication attempt will result in this error. We force a password reset in this instance in order to safely deduplicate the account by email address, without introducing the risk of a pre-hijack account takeover attack.
Imagine a bad actor creates many accounts using passwords and the known email addresses of their victims. If a victim comes to the site and logs in for the first time with an email-based passwordless authentication method then both the victim and the bad actor have credentials to access to the same account. To prevent this, any further email/password login attempts first require a password reset which can only be accomplished by someone with access to the underlying email address.
func (*PasswordsClient) AuthenticateWithClaims ¶
func (c *PasswordsClient) AuthenticateWithClaims( ctx context.Context, body *passwords.AuthenticateParams, claims any, ) (*passwords.AuthenticateResponse, error)
AuthenticateWithClaims fills in the claims pointer with custom claims from the response. Pass in a map with the types of values you're expecting so that this function can marshal the claims from the response. See ExampleClient_AuthenticateWithClaims_map, ExampleClient_AuthenticateWithClaims_struct for examples
func (*PasswordsClient) Create ¶
func (c *PasswordsClient) Create( ctx context.Context, body *passwords.CreateParams, ) (*passwords.CreateResponse, error)
Create a new user with a password and an authenticated session for the user if requested. If a user with this email already exists in the project, this API will return an error.
Existing passwordless users who wish to create a password need to go through the reset password flow.
This endpoint will return an error if the password provided does not meet our strength requirements, which you can check beforehand with the password strength endpoint.
func (*PasswordsClient) Migrate ¶
func (c *PasswordsClient) Migrate( ctx context.Context, body *passwords.MigrateParams, ) (*passwords.MigrateResponse, error)
Migrate: Adds an existing password to a User's email that doesn't have a password yet. We support migrating users from passwords stored with `bcrypt`, `scrypt`, `argon2`, `MD-5`, `SHA-1`, or `PBKDF2`. This endpoint has a rate limit of 100 requests per second.
func (*PasswordsClient) StrengthCheck ¶
func (c *PasswordsClient) StrengthCheck( ctx context.Context, body *passwords.StrengthCheckParams, ) (*passwords.StrengthCheckResponse, error)
StrengthCheck: This API allows you to check whether or not the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password.
This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
### Password feedback
The `feedback` object contains relevant fields for you to relay feedback to users that failed to create a strong enough password.
If you're using zxcvbn, the `feedback` object will contain `warning` and `suggestions` for any password that does not meet the zxcvbn strength requirements. You can return these strings directly to the user to help them craft a strong password.
If you're using LUDS, the `feedback` object will contain an object named `luds_requirements` which contain a collection of fields that the user failed or passed. You'll want to prompt the user to create a password that meets all of the requirements that they failed.
type PasswordsEmailClient ¶
func NewPasswordsEmailClient ¶
func NewPasswordsEmailClient(c stytch.Client) *PasswordsEmailClient
func (*PasswordsEmailClient) Reset ¶
func (c *PasswordsEmailClient) Reset( ctx context.Context, body *email.ResetParams, ) (*email.ResetResponse, error)
Reset the user’s password and authenticate them. This endpoint checks that the magic link `token` is valid, hasn’t expired, or already been used – and can optionally require additional security settings, such as the IP address and user agent matching the initial reset request.
The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated.
func (*PasswordsEmailClient) ResetStart ¶
func (c *PasswordsEmailClient) ResetStart( ctx context.Context, body *email.ResetStartParams, ) (*email.ResetStartResponse, error)
ResetStart: Initiates a password reset for the email address provided. This will trigger an email to be sent to the address, containing a magic link that will allow them to set a new password and authenticate.
type PasswordsExistingPasswordClient ¶
func NewPasswordsExistingPasswordClient ¶
func NewPasswordsExistingPasswordClient(c stytch.Client) *PasswordsExistingPasswordClient
func (*PasswordsExistingPasswordClient) Reset ¶
func (c *PasswordsExistingPasswordClient) Reset( ctx context.Context, body *existingpassword.ResetParams, ) (*existingpassword.ResetResponse, error)
Reset the User’s password using their existing password.
type PasswordsSessionsClient ¶
func NewPasswordsSessionsClient ¶
func NewPasswordsSessionsClient(c stytch.Client) *PasswordsSessionsClient
func (*PasswordsSessionsClient) Reset ¶
func (c *PasswordsSessionsClient) Reset( ctx context.Context, body *session.ResetParams, ) (*session.ResetResponse, error)
Reset the user’s password using their existing session. The endpoint will error if the session does not have a password, email magic link, or email OTP authentication factor that has been issued within the last 5 minutes. This endpoint requires either a `session_jwt` or `session_token` be included in the request.
type SessionsClient ¶
func NewSessionsClient ¶
func NewSessionsClient(c stytch.Client) *SessionsClient
func (*SessionsClient) Authenticate ¶
func (c *SessionsClient) Authenticate( ctx context.Context, body *sessions.AuthenticateParams, ) (*sessions.AuthenticateResponse, error)
Authenticate a session token and retrieve associated session data. If `session_duration_minutes` is included, update the lifetime of the session to be that many minutes from now. All timestamps are formatted according to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. This endpoint requires exactly one `session_jwt` or `session_token` as part of the request. If both are included you will receive a `too_many_session_arguments` error.
func (*SessionsClient) AuthenticateJWT ¶
func (c *SessionsClient) AuthenticateJWT( ctx context.Context, maxTokenAge time.Duration, body *sessions.AuthenticateParams, ) (*sessions.AuthenticateResponse, error)
func (*SessionsClient) AuthenticateJWTLocal ¶
func (*SessionsClient) AuthenticateJWTWithClaims ¶
func (c *SessionsClient) AuthenticateJWTWithClaims( ctx context.Context, maxTokenAge time.Duration, body *sessions.AuthenticateParams, claims map[string]any, ) (*sessions.AuthenticateResponse, error)
func (*SessionsClient) AuthenticateWithClaims ¶
func (c *SessionsClient) AuthenticateWithClaims( ctx context.Context, body *sessions.AuthenticateParams, claims any, ) (*sessions.AuthenticateResponse, error)
AuthenticateWithClaims fills in the claims pointer with custom claims from the response. Pass in a map with the types of values you're expecting so that this function can marshal the claims from the response. See ExampleClient_AuthenticateWithClaims_map, ExampleClient_AuthenticateWithClaims_struct for examples
Example (Map) ¶
package main import ( "context" "fmt" "net/http" "net/http/httptest" "strings" "github.com/stytchauth/stytch-go/v10/stytch/consumer/sessions" "github.com/stytchauth/stytch-go/v10/stytch/consumer/stytchapi" ) func main() { // If we know that our claims will follow this exact map structure, we can marshal the // custom claims from the response into it srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Handle the async JWKS fetch. if strings.HasPrefix(r.URL.Path, "/v1/sessions/jwks/") { _, _ = w.Write([]byte(`{"keys": []}`)) return } // This is the test request if r.URL.Path == "/v1/sessions/authenticate" { // There are many other fields in this response, but these are the only ones we need // for this test. _, _ = w.Write([]byte(`{ "session": { "expires_at": "2022-06-29T19:53:48Z", "last_accessed_at": "2022-06-29T17:54:13Z", "session_id": "session-test-aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "started_at": "2022-06-29T17:53:48Z", "user_id": "user-test-00000000-0000-0000-0000-000000000000", "custom_claims": { "https://my-app.example.net/custom-claim": { "claim1": 1, "claim2": 2, "claim3": 3 } } } }`)) return } http.Error(w, "Bad Request", http.StatusBadRequest) })) client, _ := stytchapi.NewClient( "project-test-00000000-0000-0000-0000-000000000000", "secret-test-11111111-1111-1111-1111-111111111111", stytchapi.WithBaseURI(srv.URL), ) // Expecting a map where all the values are maps from strings to integers var mapClaims map[string]map[string]int32 _, _ = client.Sessions.AuthenticateWithClaims( context.Background(), &sessions.AuthenticateParams{ SessionToken: "fake session token", }, &mapClaims, ) fmt.Println(mapClaims) }
Output: map[https://my-app.example.net/custom-claim:map[claim1:1 claim2:2 claim3:3]]
Example (Struct) ¶
package main import ( "context" "fmt" "net/http" "net/http/httptest" "strings" "github.com/stytchauth/stytch-go/v10/stytch/consumer/sessions" "github.com/stytchauth/stytch-go/v10/stytch/consumer/stytchapi" ) func main() { // When we define a struct that follows the shape of our claims, we can marshal the // custom claims from the response into it srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Handle the async JWKS fetch. if strings.HasPrefix(r.URL.Path, "/v1/sessions/jwks/") { _, _ = w.Write([]byte(`{"keys": []}`)) return } // This is the test request if r.URL.Path == "/v1/sessions/authenticate" { // There are many other fields in this response, but these are the only ones we need // for this test. _, _ = w.Write([]byte(`{ "session": { "expires_at": "2022-06-29T19:53:48Z", "last_accessed_at": "2022-06-29T17:54:13Z", "session_id": "session-test-aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "started_at": "2022-06-29T17:53:48Z", "user_id": "user-test-00000000-0000-0000-0000-000000000000", "custom_claims": { "https://my-app.example.net/custom-claim": { "number": 1, "array": [1, "foo", null], "nested": { "data": "here" } } } } }`)) return } http.Error(w, "Bad Request", http.StatusBadRequest) })) client, _ := stytchapi.NewClient( "project-test-00000000-0000-0000-0000-000000000000", "secret-test-11111111-1111-1111-1111-111111111111", stytchapi.WithBaseURI(srv.URL), ) // Expecting claims to follow this exact data structure type MyAppClaims struct { Number int Array []interface{} Nested struct { Data string } } type StructClaims struct { MyApp MyAppClaims `json:"https://my-app.example.net/custom-claim"` } var structClaims StructClaims _, _ = client.Sessions.AuthenticateWithClaims( context.Background(), &sessions.AuthenticateParams{ SessionToken: "fake session token", }, &structClaims, ) fmt.Println(structClaims) }
Output: {{1 [1 foo <nil>] {here}}}
func (*SessionsClient) Get ¶
func (c *SessionsClient) Get( ctx context.Context, body *sessions.GetParams, ) (*sessions.GetResponse, error)
Get: List all active Sessions for a given `user_id`. All timestamps are formatted according to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
func (*SessionsClient) GetJWKS ¶
func (c *SessionsClient) GetJWKS( ctx context.Context, body *sessions.GetJWKSParams, ) (*sessions.GetJWKSResponse, error)
GetJWKS: Get the JSON Web Key Set (JWKS) for a Stytch Project.
func (*SessionsClient) Revoke ¶
func (c *SessionsClient) Revoke( ctx context.Context, body *sessions.RevokeParams, ) (*sessions.RevokeResponse, error)
Revoke a Session, immediately invalidating all of its session tokens. You can revoke a session in three ways: using its ID, or using one of its session tokens, or one of its JWTs. This endpoint requires exactly one of those to be included in the request. It will return an error if multiple are present.
type TOTPsClient ¶
func NewTOTPsClient ¶
func NewTOTPsClient(c stytch.Client) *TOTPsClient
func (*TOTPsClient) Authenticate ¶
func (c *TOTPsClient) Authenticate( ctx context.Context, body *totps.AuthenticateParams, ) (*totps.AuthenticateResponse, error)
Authenticate a TOTP code entered by a user.
func (*TOTPsClient) AuthenticateWithClaims ¶
func (c *TOTPsClient) AuthenticateWithClaims( ctx context.Context, body *totps.AuthenticateParams, claims any, ) (*totps.AuthenticateResponse, error)
AuthenticateWithClaims fills in the claims pointer with custom claims from the response. Pass in a map with the types of values you're expecting so that this function can marshal the claims from the response. See ExampleClient_AuthenticateWithClaims_map, ExampleClient_AuthenticateWithClaims_struct for examples
func (*TOTPsClient) Create ¶
func (c *TOTPsClient) Create( ctx context.Context, body *totps.CreateParams, ) (*totps.CreateResponse, error)
Create a new TOTP instance for a user. The user can use the authenticator application of their choice to scan the QR code or enter the secret.
func (*TOTPsClient) Recover ¶
func (c *TOTPsClient) Recover( ctx context.Context, body *totps.RecoverParams, ) (*totps.RecoverResponse, error)
Recover: Authenticate a recovery code for a TOTP instance.
func (*TOTPsClient) RecoveryCodes ¶
func (c *TOTPsClient) RecoveryCodes( ctx context.Context, body *totps.RecoveryCodesParams, ) (*totps.RecoveryCodesResponse, error)
RecoveryCodes: Retrieve the recovery codes for a TOTP instance tied to a User.
type UsersClient ¶
func NewUsersClient ¶
func NewUsersClient(c stytch.Client) *UsersClient
func (*UsersClient) Create ¶
func (c *UsersClient) Create( ctx context.Context, body *users.CreateParams, ) (*users.CreateResponse, error)
Create: Add a User to Stytch. A `user_id` is returned in the response that can then be used to perform other operations within Stytch. An `email` or a `phone_number` is required.
func (*UsersClient) Delete ¶
func (c *UsersClient) Delete( ctx context.Context, body *users.DeleteParams, ) (*users.DeleteResponse, error)
Delete a User from Stytch.
func (*UsersClient) DeleteBiometricRegistration ¶
func (c *UsersClient) DeleteBiometricRegistration( ctx context.Context, body *users.DeleteBiometricRegistrationParams, ) (*users.DeleteBiometricRegistrationResponse, error)
DeleteBiometricRegistration: Delete a biometric registration from a User.
func (*UsersClient) DeleteCryptoWallet ¶
func (c *UsersClient) DeleteCryptoWallet( ctx context.Context, body *users.DeleteCryptoWalletParams, ) (*users.DeleteCryptoWalletResponse, error)
DeleteCryptoWallet: Delete a crypto wallet from a User.
func (*UsersClient) DeleteEmail ¶
func (c *UsersClient) DeleteEmail( ctx context.Context, body *users.DeleteEmailParams, ) (*users.DeleteEmailResponse, error)
DeleteEmail: Delete an email from a User.
func (*UsersClient) DeleteOAuthRegistration ¶
func (c *UsersClient) DeleteOAuthRegistration( ctx context.Context, body *users.DeleteOAuthRegistrationParams, ) (*users.DeleteOAuthRegistrationResponse, error)
DeleteOAuthRegistration: Delete an OAuth registration from a User.
func (*UsersClient) DeletePassword ¶
func (c *UsersClient) DeletePassword( ctx context.Context, body *users.DeletePasswordParams, ) (*users.DeletePasswordResponse, error)
DeletePassword: Delete a password from a User.
func (*UsersClient) DeletePhoneNumber ¶
func (c *UsersClient) DeletePhoneNumber( ctx context.Context, body *users.DeletePhoneNumberParams, ) (*users.DeletePhoneNumberResponse, error)
DeletePhoneNumber: Delete a phone number from a User.
func (*UsersClient) DeleteTOTP ¶
func (c *UsersClient) DeleteTOTP( ctx context.Context, body *users.DeleteTOTPParams, ) (*users.DeleteTOTPResponse, error)
DeleteTOTP: Delete a TOTP from a User.
func (*UsersClient) DeleteWebAuthnRegistration ¶
func (c *UsersClient) DeleteWebAuthnRegistration( ctx context.Context, body *users.DeleteWebAuthnRegistrationParams, ) (*users.DeleteWebAuthnRegistrationResponse, error)
DeleteWebAuthnRegistration: Delete a WebAuthn registration from a User.
func (*UsersClient) Get ¶
func (c *UsersClient) Get( ctx context.Context, body *users.GetParams, ) (*users.GetResponse, error)
Get information about a specific User.
func (*UsersClient) Search ¶
func (c *UsersClient) Search( ctx context.Context, body *users.SearchParams, ) (*users.SearchResponse, error)
Search for Users within your Stytch Project. Submit an empty `query` in the request to return all Users.
func (*UsersClient) Update ¶
func (c *UsersClient) Update( ctx context.Context, body *users.UpdateParams, ) (*users.UpdateResponse, error)
Update a User's attributes.
**Note:** In order to add a new email address or phone number to an existing User object, pass the new email address or phone number into the respective `/send` endpoint for the authentication method of your choice. If you specify the existing User's `user_id` while calling the `/send` endpoint, the new email address or phone number will be added to the existing User object upon successful authentication. We require this process to guard against an account takeover vulnerability.
type WebAuthnClient ¶
func NewWebAuthnClient ¶
func NewWebAuthnClient(c stytch.Client) *WebAuthnClient
func (*WebAuthnClient) Authenticate ¶
func (c *WebAuthnClient) Authenticate( ctx context.Context, body *webauthn.AuthenticateParams, ) (*webauthn.AuthenticateResponse, error)
Authenticate: Complete the authentication of a WebAuthn registration by passing the response from the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request to the authenticate endpoint.
If the [webauthn-json](https://github.com/github/webauthn-json) library's `get()` method was used, the response can be passed directly to the [authenticate endpoint](https://stytch.com/docs/api/webauthn-authenticate). If not some fields from the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) response will need to be converted from array buffers to strings and marshalled into JSON.
func (*WebAuthnClient) AuthenticateStart ¶
func (c *WebAuthnClient) AuthenticateStart( ctx context.Context, body *webauthn.AuthenticateStartParams, ) (*webauthn.AuthenticateStartResponse, error)
AuthenticateStart: Initiate the authentication of a WebAuthn registration. After calling this endpoint, the browser will need to call [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) with the data from `public_key_credential_request_options` passed to the [navigator.credentials.get()](https://www.w3.org/TR/webauthn-2/#sctn-getAssertion) request via the public key argument. We recommend using the `get()` wrapper provided by the webauthn-json library.
If you are not using the [webauthn-json](https://github.com/github/webauthn-json) library, `the public_key_credential_request_options` will need to be converted to a suitable public key by unmarshalling the JSON and converting some the fields to array buffers.
func (*WebAuthnClient) AuthenticateWithClaims ¶
func (c *WebAuthnClient) AuthenticateWithClaims( ctx context.Context, body *webauthn.AuthenticateParams, claims any, ) (*webauthn.AuthenticateResponse, error)
AuthenticateWithClaims fills in the claims pointer with custom claims from the response. Pass in a map with the types of values you're expecting so that this function can marshal the claims from the response. See ExampleClient_AuthenticateWithClaims_map, ExampleClient_AuthenticateWithClaims_struct for examples
func (*WebAuthnClient) Register ¶
func (c *WebAuthnClient) Register( ctx context.Context, body *webauthn.RegisterParams, ) (*webauthn.RegisterResponse, error)
Register: Complete the creation of a WebAuthn registration by passing the response from the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request to this endpoint as the `public_key_credential` parameter.
If the [webauthn-json](https://github.com/github/webauthn-json) library's `create()` method was used, the response can be passed directly to the [register endpoint](https://stytch.com/docs/api/webauthn-register). If not, some fields (the client data and the attestation object) from the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) response will need to be converted from array buffers to strings and marshalled into JSON.
func (*WebAuthnClient) RegisterStart ¶
func (c *WebAuthnClient) RegisterStart( ctx context.Context, body *webauthn.RegisterStartParams, ) (*webauthn.RegisterStartResponse, error)
RegisterStart: Initiate the process of creating a new WebAuthn registration. After calling this endpoint, the browser will need to call [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) with the data from [public_key_credential_creation_options](https://w3c.github.io/webauthn/#dictionary-makecredentialoptions) passed to the [navigator.credentials.create()](https://www.w3.org/TR/webauthn-2/#sctn-createCredential) request via the public key argument. We recommend using the `create()` wrapper provided by the webauthn-json library.
If you are not using the [webauthn-json](https://github.com/github/webauthn-json) library, the `public_key_credential_creation_options` will need to be converted to a suitable public key by unmarshalling the JSON, base64 decoding the user ID field, and converting user ID and the challenge fields into an array buffer.