organizations

package
v15.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 11, 2024 License: MIT Imports: 2 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ActiveSCIMConnection

type ActiveSCIMConnection struct {
	// ConnectionID: The ID of the SCIM connection.
	ConnectionID string `json:"connection_id,omitempty"`
	// DisplayName: A human-readable display name for the connection.
	DisplayName          string     `json:"display_name,omitempty"`
	BearerTokenLastFour  string     `json:"bearer_token_last_four,omitempty"`
	BearerTokenExpiresAt *time.Time `json:"bearer_token_expires_at,omitempty"`
}

ActiveSCIMConnection:

type ActiveSSOConnection

type ActiveSSOConnection struct {
	// ConnectionID: Globally unique UUID that identifies a specific SSO `connection_id` for a Member.
	ConnectionID string `json:"connection_id,omitempty"`
	// DisplayName: A human-readable display name for the connection.
	DisplayName string `json:"display_name,omitempty"`
}

ActiveSSOConnection:

type CreateParams

type CreateParams struct {
	// OrganizationName: The name of the Organization. Must be between 1 and 128 characters in length.
	OrganizationName string `json:"organization_name,omitempty"`
	// OrganizationSlug: The unique URL slug of the Organization. The slug only accepts alphanumeric characters
	// and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
	OrganizationSlug string `json:"organization_slug,omitempty"`
	// OrganizationLogoURL: The image URL of the Organization logo.
	OrganizationLogoURL string `json:"organization_logo_url,omitempty"`
	// TrustedMetadata: An arbitrary JSON object for storing application-specific data or
	// identity-provider-specific data.
	TrustedMetadata map[string]any `json:"trusted_metadata,omitempty"`
	// SSOJITProvisioning: The authentication setting that controls the JIT provisioning of Members when
	// authenticating via SSO. The accepted values are:
	//
	//   `ALL_ALLOWED` – new Members will be automatically provisioned upon successful authentication via any
	// of the Organization's `sso_active_connections`.
	//
	//   `RESTRICTED` – only new Members with SSO logins that comply with
	// `sso_jit_provisioning_allowed_connections` can be provisioned upon authentication.
	//
	//   `NOT_ALLOWED` – disable JIT provisioning via SSO.
	//
	SSOJITProvisioning string `json:"sso_jit_provisioning,omitempty"`
	// EmailAllowedDomains: An array of email domains that allow invites or JIT provisioning for new Members.
	// This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`.
	//
	//
	//     Common domains such as `gmail.com` are not allowed. See the
	// [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list.
	EmailAllowedDomains []string `json:"email_allowed_domains,omitempty"`
	// EmailJITProvisioning: The authentication setting that controls how a new Member can be provisioned by
	// authenticating via Email Magic Link or OAuth. The accepted values are:
	//
	//   `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be
	// provisioned upon authentication via Email Magic Link or OAuth.
	//
	//   `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth.
	//
	EmailJITProvisioning string `json:"email_jit_provisioning,omitempty"`
	// EmailInvites: The authentication setting that controls how a new Member can be invited to an
	// organization by email. The accepted values are:
	//
	//   `ALL_ALLOWED` – any new Member can be invited to join via email.
	//
	//   `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be
	// invited via email.
	//
	//   `NOT_ALLOWED` – disable email invites.
	//
	EmailInvites string `json:"email_invites,omitempty"`
	// AuthMethods: The setting that controls which authentication methods can be used by Members of an
	// Organization. The accepted values are:
	//
	//   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
	//
	//   `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication.
	// This setting does not apply to Members with `is_breakglass` set to `true`.
	//
	AuthMethods string `json:"auth_methods,omitempty"`
	// AllowedAuthMethods: An array of allowed authentication methods. This list is enforced when
	// `auth_methods` is set to `RESTRICTED`.
	//   The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
	//
	AllowedAuthMethods []string `json:"allowed_auth_methods,omitempty"`
	// MFAPolicy: The setting that controls the MFA policy for all Members in the Organization. The accepted
	// values are:
	//
	//   `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time
	// they wish to log in. However, any active Session that existed prior to this setting change will remain
	// valid.
	//
	//   `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members.
	// Members will be required to complete MFA only if their `mfa_enrolled` status is set to true.
	//
	MFAPolicy string `json:"mfa_policy,omitempty"`
	// RBACEmailImplicitRoleAssignments: Implicit role assignments based off of email domains.
	//   For each domain-Role pair, all Members whose email addresses have the specified email domain will be
	// granted the
	//   associated Role, regardless of their login method. See the
	// [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
	//   for more information about role assignment.
	RBACEmailImplicitRoleAssignments []*EmailImplicitRoleAssignment `json:"rbac_email_implicit_role_assignments,omitempty"`
	// MFAMethods: The setting that controls which MFA methods can be used by Members of an Organization. The
	// accepted values are:
	//
	//   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
	//
	//   `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication.
	// This setting does not apply to Members with `is_breakglass` set to `true`.
	//
	MFAMethods string `json:"mfa_methods,omitempty"`
	// AllowedMFAMethods: An array of allowed MFA authentication methods. This list is enforced when
	// `mfa_methods` is set to `RESTRICTED`.
	//   The list's accepted values are: `sms_otp` and `totp`.
	//
	AllowedMFAMethods []string `json:"allowed_mfa_methods,omitempty"`
}

CreateParams: Request type for `Organizations.Create`.

type CreateResponse

type CreateResponse struct {
	// RequestID: Globally unique UUID that is returned with every API call. This value is important to log for
	// debugging purposes; we may ask for this value to help identify a specific API call when helping you
	// debug an issue.
	RequestID string `json:"request_id,omitempty"`
	// Organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
	Organization Organization `json:"organization,omitempty"`
	// StatusCode: The HTTP status code of the response. Stytch follows standard HTTP response status code
	// patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX
	// are server errors.
	StatusCode int32 `json:"status_code,omitempty"`
}

CreateResponse: Response type for `Organizations.Create`.

type DeleteParams

type DeleteParams struct {
	// OrganizationID: Globally unique UUID that identifies a specific Organization. The `organization_id` is
	// critical to perform operations on an Organization, so be sure to preserve this value.
	OrganizationID string `json:"organization_id,omitempty"`
}

DeleteParams: Request type for `Organizations.Delete`.

type DeleteRequestOptions

type DeleteRequestOptions struct {
	// Authorization: Optional authorization object.
	// Pass in an active Stytch Member session token or session JWT and the request
	// will be run using that member's permissions.
	Authorization methodoptions.Authorization `json:"authorization,omitempty"`
}

DeleteRequestOptions:

func (*DeleteRequestOptions) AddHeaders

func (o *DeleteRequestOptions) AddHeaders(headers map[string][]string) map[string][]string

type DeleteResponse

type DeleteResponse struct {
	// RequestID: Globally unique UUID that is returned with every API call. This value is important to log for
	// debugging purposes; we may ask for this value to help identify a specific API call when helping you
	// debug an issue.
	RequestID string `json:"request_id,omitempty"`
	// OrganizationID: Globally unique UUID that identifies a specific Organization. The `organization_id` is
	// critical to perform operations on an Organization, so be sure to preserve this value.
	OrganizationID string `json:"organization_id,omitempty"`
	// StatusCode: The HTTP status code of the response. Stytch follows standard HTTP response status code
	// patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX
	// are server errors.
	StatusCode int32 `json:"status_code,omitempty"`
}

DeleteResponse: Response type for `Organizations.Delete`.

type EmailImplicitRoleAssignment

type EmailImplicitRoleAssignment struct {
	// Domain: Email domain that grants the specified Role.
	Domain string `json:"domain,omitempty"`
	// RoleID: The unique identifier of the RBAC Role, provided by the developer and intended to be
	// human-readable.
	//
	//   Reserved `role_id`s that are predefined by Stytch include:
	//
	//   * `stytch_member`
	//   * `stytch_admin`
	//
	//   Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-default)
	// for a more detailed explanation.
	//
	//
	RoleID string `json:"role_id,omitempty"`
}

EmailImplicitRoleAssignment:

type GetParams

type GetParams struct {
	// OrganizationID: Globally unique UUID that identifies a specific Organization. The `organization_id` is
	// critical to perform operations on an Organization, so be sure to preserve this value.
	OrganizationID string `json:"organization_id,omitempty"`
}

GetParams: Request type for `Organizations.Get`.

type GetResponse

type GetResponse struct {
	// RequestID: Globally unique UUID that is returned with every API call. This value is important to log for
	// debugging purposes; we may ask for this value to help identify a specific API call when helping you
	// debug an issue.
	RequestID string `json:"request_id,omitempty"`
	// Organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
	Organization Organization `json:"organization,omitempty"`
	// StatusCode: The HTTP status code of the response. Stytch follows standard HTTP response status code
	// patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX
	// are server errors.
	StatusCode int32 `json:"status_code,omitempty"`
}

GetResponse: Response type for `Organizations.Get`.

type Member

type Member struct {
	// OrganizationID: Globally unique UUID that identifies a specific Organization. The `organization_id` is
	// critical to perform operations on an Organization, so be sure to preserve this value.
	OrganizationID string `json:"organization_id,omitempty"`
	// MemberID: Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform
	// operations on a Member, so be sure to preserve this value.
	MemberID string `json:"member_id,omitempty"`
	// EmailAddress: The email address of the Member.
	EmailAddress string `json:"email_address,omitempty"`
	// Status: The status of the Member. The possible values are: `pending`, `invited`, `active`, or `deleted`.
	Status string `json:"status,omitempty"`
	// Name: The name of the Member.
	Name string `json:"name,omitempty"`
	// SSORegistrations: An array of registered [SAML Connection](saml-connection-object) or
	// [OIDC Connection](oidc-connection-object) objects the Member has authenticated with.
	SSORegistrations []SSORegistration `json:"sso_registrations,omitempty"`
	// IsBreakglass: Identifies the Member as a break glass user - someone who has permissions to authenticate
	// into an Organization by bypassing the Organization's settings. A break glass account is typically used
	// for emergency purposes to gain access outside of normal authentication procedures. Refer to the
	// [Organization object](organization-object) and its `auth_methods` and `allowed_auth_methods` fields for
	// more details.
	IsBreakglass bool `json:"is_breakglass,omitempty"`
	// MemberPasswordID: Globally unique UUID that identifies a Member's password.
	MemberPasswordID string `json:"member_password_id,omitempty"`
	// OAuthRegistrations: A list of OAuth registrations for this member.
	OAuthRegistrations []OAuthRegistration `json:"oauth_registrations,omitempty"`
	// EmailAddressVerified: Whether or not the Member's email address is verified.
	EmailAddressVerified bool `json:"email_address_verified,omitempty"`
	// MFAPhoneNumberVerified: Whether or not the Member's phone number is verified.
	MFAPhoneNumberVerified bool `json:"mfa_phone_number_verified,omitempty"`
	// IsAdmin: Whether or not the Member has the `stytch_admin` Role. This Role is automatically granted to
	// Members
	//   who create an Organization through the
	// [discovery flow](https://stytch.com/docs/b2b/api/create-organization-via-discovery). See the
	//   [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for more details on this Role.
	IsAdmin            bool   `json:"is_admin,omitempty"`
	TOTPRegistrationID string `json:"totp_registration_id,omitempty"`
	// MFAEnrolled: Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step
	// whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA
	// step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.
	MFAEnrolled bool `json:"mfa_enrolled,omitempty"`
	// MFAPhoneNumber: The Member's phone number. A Member may only have one phone number.
	MFAPhoneNumber   string `json:"mfa_phone_number,omitempty"`
	DefaultMFAMethod string `json:"default_mfa_method,omitempty"`
	// Roles: Explicit or implicit Roles assigned to this Member, along with details about the role assignment
	// source.
	//    See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information
	// about role assignment.
	Roles []MemberRole `json:"roles,omitempty"`
	// TrustedMetadata: An arbitrary JSON object for storing application-specific data or
	// identity-provider-specific data.
	TrustedMetadata map[string]any `json:"trusted_metadata,omitempty"`
	// UntrustedMetadata: An arbitrary JSON object of application-specific data. These fields can be edited
	// directly by the
	//   frontend SDK, and should not be used to store critical information. See the
	// [Metadata resource](https://stytch.com/docs/b2b/api/metadata)
	//   for complete field behavior details.
	UntrustedMetadata map[string]any `json:"untrusted_metadata,omitempty"`
	// CreatedAt: The timestamp of the Member's creation. Values conform to the RFC 3339 standard and are
	// expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
	CreatedAt *time.Time `json:"created_at,omitempty"`
	// UpdatedAt: The timestamp of when the Member was last updated. Values conform to the RFC 3339 standard
	// and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
	UpdatedAt *time.Time `json:"updated_at,omitempty"`
	// SCIMRegistration: A scim member registration, referencing a [SCIM Connection](scim-connection-object)
	// object in use for the Member creation.
	SCIMRegistration *SCIMRegistration `json:"scim_registration,omitempty"`
}

Member:

type MemberRole

type MemberRole struct {
	// RoleID: The unique identifier of the RBAC Role, provided by the developer and intended to be
	// human-readable.
	//
	//   Reserved `role_id`s that are predefined by Stytch include:
	//
	//   * `stytch_member`
	//   * `stytch_admin`
	//
	//   Check out the [guide on Stytch default Roles](https://stytch.com/docs/b2b/guides/rbac/stytch-default)
	// for a more detailed explanation.
	//
	//
	RoleID string `json:"role_id,omitempty"`
	// Sources: A list of sources for this role assignment. A role assignment can come from multiple sources -
	// for example, the Role could be both explicitly assigned and implicitly granted from the Member's email
	// domain.
	Sources []MemberRoleSource `json:"sources,omitempty"`
}

MemberRole:

type MemberRoleSource

type MemberRoleSource struct {
	// Type: The type of role assignment. The possible values are:
	//
	//   `direct_assignment` – an explicitly assigned Role.
	//
	//   Directly assigned roles can be updated by passing in the `roles` argument to the
	//   [Update Member](https://stytch.com/docs/b2b/api/update-member) endpoint.
	//
	//   `email_assignment` – an implicit Role granted by the Member's email domain, regardless of their login
	// method.
	//
	//   Email implicit role assignments can be updated by passing in the
	// `rbac_email_implicit_role_assignments` argument to
	//   the [Update Organization](https://stytch.com/docs/b2b/api/update-organization) endpoint.
	//
	//   `sso_connection` – an implicit Role granted by the Member's SSO connection. This is currently only
	// available
	//   for SAML connections and not for OIDC. If the Member has a SAML Member registration with the given
	// connection, this
	//   role assignment will appear in the list. However, for authorization check purposes (in
	//   [sessions authenticate](https://stytch.com/docs/b2b/api/authenticate-session) or in any endpoint that
	// enforces RBAC with session
	//   headers), the Member will only be granted the Role if their session contains an authentication factor
	// with the
	//   specified SAML connection.
	//
	//   SAML connection implicit role assignments can be updated by passing in the
	//   `saml_connection_implicit_role_assignments` argument to the
	//   [Update SAML connection](https://stytch.com/docs/b2b/api/update-saml-connection) endpoint.
	//
	//   `sso_connection_group` – an implicit Role granted by the Member's SSO connection and group. This is
	// currently only
	//   available for SAML connections and not for OIDC. If the Member has a SAML Member registration with the
	// given
	//   connection, and belongs to a specific group within the IdP, this role assignment will appear in the
	// list. However,
	//   for authorization check purposes (in
	// [sessions authenticate](https://stytch.com/docs/b2b/api/authenticate-session) or in any endpoint
	//   that enforces RBAC with session headers), the Member will only be granted the role if their session
	// contains an
	//   authentication factor with the specified SAML connection.
	//
	//   SAML group implicit role assignments can be updated by passing in the
	// `saml_group_implicit_role_assignments`
	//   argument to the [Update SAML connection](https://stytch.com/docs/b2b/api/update-saml-connection)
	// endpoint.
	//
	Type string `json:"type,omitempty"`
	// Details: An object containing additional metadata about the source assignment. The fields will vary
	// depending
	//   on the role assignment type as follows:
	//
	//   `direct_assignment` – no additional details.
	//
	//   `email_assignment` – will contain the email domain that granted the assignment.
	//
	//   `sso_connection` – will contain the `connection_id` of the SAML connection that granted the assignment.
	//
	//   `sso_connection_group` – will contain the `connection_id` of the SAML connection and the name of the
	// `group`
	//   that granted the assignment.
	//
	Details map[string]any `json:"details,omitempty"`
}

MemberRoleSource:

type MetricsParams

type MetricsParams struct {
	OrganizationID string `json:"organization_id,omitempty"`
}

type MetricsResponse

type MetricsResponse struct {
	RequestID   string `json:"request_id,omitempty"`
	MemberCount uint32 `json:"member_count,omitempty"`
	StatusCode  int32  `json:"status_code,omitempty"`
}

type OAuthRegistration

type OAuthRegistration struct {
	// ProviderType: Denotes the OAuth identity provider that the user has authenticated with, e.g. Google,
	// Microsoft, GitHub etc.
	ProviderType string `json:"provider_type,omitempty"`
	// ProviderSubject: The unique identifier for the User within a given OAuth provider. Also commonly called
	// the `sub` or "Subject field" in OAuth protocols.
	ProviderSubject string `json:"provider_subject,omitempty"`
	// MemberOAuthRegistrationID: The unique ID of an OAuth registration.
	MemberOAuthRegistrationID string `json:"member_oauth_registration_id,omitempty"`
	// ProfilePictureURL: If available, the `profile_picture_url` is a URL of the User's profile picture set in
	// OAuth identity the provider that the User has authenticated with, e.g. Google profile picture.
	ProfilePictureURL string `json:"profile_picture_url,omitempty"`
	// Locale: If available, the `locale` is the Member's locale set in the OAuth identity provider that the
	// user has authenticated with.
	Locale string `json:"locale,omitempty"`
}

OAuthRegistration:

type Organization

type Organization struct {
	// OrganizationID: Globally unique UUID that identifies a specific Organization. The `organization_id` is
	// critical to perform operations on an Organization, so be sure to preserve this value.
	OrganizationID string `json:"organization_id,omitempty"`
	// OrganizationName: The name of the Organization. Must be between 1 and 128 characters in length.
	OrganizationName string `json:"organization_name,omitempty"`
	// OrganizationLogoURL: The image URL of the Organization logo.
	OrganizationLogoURL string `json:"organization_logo_url,omitempty"`
	// OrganizationSlug: The unique URL slug of the Organization. The slug only accepts alphanumeric characters
	// and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
	OrganizationSlug string `json:"organization_slug,omitempty"`
	// SSOJITProvisioning: The authentication setting that controls the JIT provisioning of Members when
	// authenticating via SSO. The accepted values are:
	//
	//   `ALL_ALLOWED` – new Members will be automatically provisioned upon successful authentication via any
	// of the Organization's `sso_active_connections`.
	//
	//   `RESTRICTED` – only new Members with SSO logins that comply with
	// `sso_jit_provisioning_allowed_connections` can be provisioned upon authentication.
	//
	//   `NOT_ALLOWED` – disable JIT provisioning via SSO.
	//
	SSOJITProvisioning string `json:"sso_jit_provisioning,omitempty"`
	// SSOJITProvisioningAllowedConnections: An array of `connection_id`s that reference
	// [SAML Connection objects](https://stytch.com/docs/b2b/api/saml-connection-object).
	//   Only these connections will be allowed to JIT provision Members via SSO when `sso_jit_provisioning` is
	// set to `RESTRICTED`.
	SSOJITProvisioningAllowedConnections []string `json:"sso_jit_provisioning_allowed_connections,omitempty"`
	// SSOActiveConnections: An array of active
	// [SAML Connection references](https://stytch.com/docs/b2b/api/saml-connection-object) or
	// [OIDC Connection references](https://stytch.com/docs/b2b/api/oidc-connection-object).
	SSOActiveConnections []ActiveSSOConnection `json:"sso_active_connections,omitempty"`
	// EmailAllowedDomains: An array of email domains that allow invites or JIT provisioning for new Members.
	// This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`.
	//
	//
	//     Common domains such as `gmail.com` are not allowed. See the
	// [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list.
	EmailAllowedDomains []string `json:"email_allowed_domains,omitempty"`
	// EmailJITProvisioning: The authentication setting that controls how a new Member can be provisioned by
	// authenticating via Email Magic Link or OAuth. The accepted values are:
	//
	//   `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be
	// provisioned upon authentication via Email Magic Link or OAuth.
	//
	//   `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth.
	//
	EmailJITProvisioning string `json:"email_jit_provisioning,omitempty"`
	// EmailInvites: The authentication setting that controls how a new Member can be invited to an
	// organization by email. The accepted values are:
	//
	//   `ALL_ALLOWED` – any new Member can be invited to join via email.
	//
	//   `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be
	// invited via email.
	//
	//   `NOT_ALLOWED` – disable email invites.
	//
	EmailInvites string `json:"email_invites,omitempty"`
	// AuthMethods: The setting that controls which authentication methods can be used by Members of an
	// Organization. The accepted values are:
	//
	//   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
	//
	//   `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication.
	// This setting does not apply to Members with `is_breakglass` set to `true`.
	//
	AuthMethods string `json:"auth_methods,omitempty"`
	// AllowedAuthMethods: An array of allowed authentication methods. This list is enforced when
	// `auth_methods` is set to `RESTRICTED`.
	//   The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
	//
	AllowedAuthMethods []string `json:"allowed_auth_methods,omitempty"`
	MFAPolicy          string   `json:"mfa_policy,omitempty"`
	// RBACEmailImplicitRoleAssignments: Implicit role assignments based off of email domains.
	//   For each domain-Role pair, all Members whose email addresses have the specified email domain will be
	// granted the
	//   associated Role, regardless of their login method. See the
	// [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
	//   for more information about role assignment.
	RBACEmailImplicitRoleAssignments []EmailImplicitRoleAssignment `json:"rbac_email_implicit_role_assignments,omitempty"`
	// MFAMethods: The setting that controls which MFA methods can be used by Members of an Organization. The
	// accepted values are:
	//
	//   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
	//
	//   `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication.
	// This setting does not apply to Members with `is_breakglass` set to `true`.
	//
	MFAMethods string `json:"mfa_methods,omitempty"`
	// AllowedMFAMethods: An array of allowed MFA authentication methods. This list is enforced when
	// `mfa_methods` is set to `RESTRICTED`.
	//   The list's accepted values are: `sms_otp` and `totp`.
	//
	AllowedMFAMethods []string `json:"allowed_mfa_methods,omitempty"`
	// TrustedMetadata: An arbitrary JSON object for storing application-specific data or
	// identity-provider-specific data.
	TrustedMetadata map[string]any `json:"trusted_metadata,omitempty"`
	// CreatedAt: The timestamp of the Organization's creation. Values conform to the RFC 3339 standard and are
	// expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
	CreatedAt *time.Time `json:"created_at,omitempty"`
	// UpdatedAt: The timestamp of when the Organization was last updated. Values conform to the RFC 3339
	// standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
	UpdatedAt *time.Time `json:"updated_at,omitempty"`
	// SSODefaultConnectionID: The default connection used for SSO when there are multiple active connections.
	SSODefaultConnectionID string `json:"sso_default_connection_id,omitempty"`
	// SCIMActiveConnection: An active
	// [SCIM Connection references](https://stytch.com/docs/b2b/api/scim-connection-object).
	SCIMActiveConnection *ActiveSCIMConnection `json:"scim_active_connection,omitempty"`
}

Organization:

type ResultsMetadata

type ResultsMetadata struct {
	// Total: The total number of results returned by your search query.
	Total int32 `json:"total,omitempty"`
	// NextCursor: The `next_cursor` string is returned when your search result contains more than one page of
	// results. This value is passed into your next search call in the `cursor` field.
	NextCursor string `json:"next_cursor,omitempty"`
}

ResultsMetadata:

type SCIMRegistration

type SCIMRegistration struct {
	// ConnectionID: The ID of the SCIM connection.
	ConnectionID string `json:"connection_id,omitempty"`
	// RegistrationID: The unique ID of a SCIM Registration.
	RegistrationID string `json:"registration_id,omitempty"`
	// ExternalID: The ID of the member given by the identity provider.
	ExternalID string `json:"external_id,omitempty"`
	// SCIMAttributes: An object for storing SCIM attributes brought over from the identity provider.
	SCIMAttributes map[string]any `json:"scim_attributes,omitempty"`
}

SCIMRegistration:

type SSORegistration

type SSORegistration struct {
	// ConnectionID: Globally unique UUID that identifies a specific SSO `connection_id` for a Member.
	ConnectionID string `json:"connection_id,omitempty"`
	// ExternalID: The ID of the member given by the identity provider.
	ExternalID string `json:"external_id,omitempty"`
	// RegistrationID: The unique ID of an SSO Registration.
	RegistrationID string `json:"registration_id,omitempty"`
	// SSOAttributes: An object for storing SSO attributes brought over from the identity provider.
	SSOAttributes map[string]any `json:"sso_attributes,omitempty"`
}

SSORegistration:

type SearchParams

type SearchParams struct {
	// Cursor: The `cursor` field allows you to paginate through your results. Each result array is limited to
	// 1000 results. If your query returns more than 1000 results, you will need to paginate the responses
	// using the `cursor`. If you receive a response that includes a non-null `next_cursor` in the
	// `results_metadata` object, repeat the search call with the `next_cursor` value set to the `cursor` field
	// to retrieve the next page of results. Continue to make search calls until the `next_cursor` in the
	// response is null.
	Cursor string `json:"cursor,omitempty"`
	// Limit: The number of search results to return per page. The default limit is 100. A maximum of 1000
	// results can be returned by a single search request. If the total size of your result set is greater than
	// one page size, you must paginate the response. See the `cursor` field.
	Limit uint32 `json:"limit,omitempty"`
	// Query: The optional query object contains the operator, i.e. `AND` or `OR`, and the operands that will
	// filter your results. Only an operator is required. If you include no operands, no filtering will be
	// applied. If you include no query object, it will return all Organizations with no filtering applied.
	Query *SearchQuery `json:"query,omitempty"`
}

SearchParams: Request type for `Organizations.Search`.

type SearchQuery

type SearchQuery struct {
	// Operator: The action to perform on the operands. The accepted value are:
	//
	//   `AND` – all the operand values provided must match.
	//
	//   `OR` – the operator will return any matches to at least one of the operand values you supply.
	Operator SearchQueryOperator `json:"operator,omitempty"`
	// Operands: An array of operand objects that contains all of the filters and values to apply to your
	// search query.
	Operands []map[string]any `json:"operands,omitempty"`
}

SearchQuery:

type SearchQueryOperator

type SearchQueryOperator string
const (
	SearchQueryOperatorOR  SearchQueryOperator = "OR"
	SearchQueryOperatorAND SearchQueryOperator = "AND"
)

type SearchResponse

type SearchResponse struct {
	// RequestID: Globally unique UUID that is returned with every API call. This value is important to log for
	// debugging purposes; we may ask for this value to help identify a specific API call when helping you
	// debug an issue.
	RequestID string `json:"request_id,omitempty"`
	// Organizations: An array of [Organization objects](https://stytch.com/docs/b2b/api/organization-object).
	Organizations []Organization `json:"organizations,omitempty"`
	// ResultsMetadata: The search `results_metadata` object contains metadata relevant to your specific query
	// like `total` and `next_cursor`.
	ResultsMetadata ResultsMetadata `json:"results_metadata,omitempty"`
	// StatusCode: The HTTP status code of the response. Stytch follows standard HTTP response status code
	// patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX
	// are server errors.
	StatusCode int32 `json:"status_code,omitempty"`
}

SearchResponse: Response type for `Organizations.Search`.

type UpdateParams

type UpdateParams struct {
	// OrganizationID: Globally unique UUID that identifies a specific Organization. The `organization_id` is
	// critical to perform operations on an Organization, so be sure to preserve this value.
	OrganizationID string `json:"organization_id,omitempty"`
	// OrganizationName: The name of the Organization. Must be between 1 and 128 characters in length.
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.info.name` action on the `stytch.organization` Resource.
	OrganizationName string `json:"organization_name,omitempty"`
	// OrganizationSlug: The unique URL slug of the Organization. The slug only accepts alphanumeric characters
	// and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.info.slug` action on the `stytch.organization` Resource.
	OrganizationSlug string `json:"organization_slug,omitempty"`
	// OrganizationLogoURL: The image URL of the Organization logo.
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.info.logo-url` action on the `stytch.organization` Resource.
	OrganizationLogoURL string `json:"organization_logo_url,omitempty"`
	// TrustedMetadata: An arbitrary JSON object for storing application-specific data or
	// identity-provider-specific data.
	//           If a session header is passed into the request, this field may **not** be passed into the
	// request. You cannot
	//           update trusted metadata when acting as a Member.
	TrustedMetadata map[string]any `json:"trusted_metadata,omitempty"`
	// SSODefaultConnectionID: The default connection used for SSO when there are multiple active connections.
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.settings.default-sso-connection` action on the `stytch.organization`
	// Resource.
	SSODefaultConnectionID string `json:"sso_default_connection_id,omitempty"`
	// SSOJITProvisioning: The authentication setting that controls the JIT provisioning of Members when
	// authenticating via SSO. The accepted values are:
	//
	//   `ALL_ALLOWED` – new Members will be automatically provisioned upon successful authentication via any
	// of the Organization's `sso_active_connections`.
	//
	//   `RESTRICTED` – only new Members with SSO logins that comply with
	// `sso_jit_provisioning_allowed_connections` can be provisioned upon authentication.
	//
	//   `NOT_ALLOWED` – disable JIT provisioning via SSO.
	//
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.settings.sso-jit-provisioning` action on the `stytch.organization`
	// Resource.
	SSOJITProvisioning string `json:"sso_jit_provisioning,omitempty"`
	// SSOJITProvisioningAllowedConnections: An array of `connection_id`s that reference
	// [SAML Connection objects](https://stytch.com/docs/b2b/api/saml-connection-object).
	//   Only these connections will be allowed to JIT provision Members via SSO when `sso_jit_provisioning` is
	// set to `RESTRICTED`.
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.settings.sso-jit-provisioning` action on the `stytch.organization`
	// Resource.
	SSOJITProvisioningAllowedConnections []string `json:"sso_jit_provisioning_allowed_connections,omitempty"`
	// EmailAllowedDomains: An array of email domains that allow invites or JIT provisioning for new Members.
	// This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`.
	//
	//
	//     Common domains such as `gmail.com` are not allowed. See the
	// [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list.
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.settings.allowed-domains` action on the `stytch.organization` Resource.
	EmailAllowedDomains []string `json:"email_allowed_domains,omitempty"`
	// EmailJITProvisioning: The authentication setting that controls how a new Member can be provisioned by
	// authenticating via Email Magic Link or OAuth. The accepted values are:
	//
	//   `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be
	// provisioned upon authentication via Email Magic Link or OAuth.
	//
	//   `NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth.
	//
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.settings.email-jit-provisioning` action on the `stytch.organization`
	// Resource.
	EmailJITProvisioning string `json:"email_jit_provisioning,omitempty"`
	// EmailInvites: The authentication setting that controls how a new Member can be invited to an
	// organization by email. The accepted values are:
	//
	//   `ALL_ALLOWED` – any new Member can be invited to join via email.
	//
	//   `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be
	// invited via email.
	//
	//   `NOT_ALLOWED` – disable email invites.
	//
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.settings.email-invites` action on the `stytch.organization` Resource.
	EmailInvites string `json:"email_invites,omitempty"`
	// AuthMethods: The setting that controls which authentication methods can be used by Members of an
	// Organization. The accepted values are:
	//
	//   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
	//
	//   `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication.
	// This setting does not apply to Members with `is_breakglass` set to `true`.
	//
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization`
	// Resource.
	AuthMethods string `json:"auth_methods,omitempty"`
	// AllowedAuthMethods: An array of allowed authentication methods. This list is enforced when
	// `auth_methods` is set to `RESTRICTED`.
	//   The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
	//
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization`
	// Resource.
	AllowedAuthMethods []string `json:"allowed_auth_methods,omitempty"`
	// MFAPolicy: The setting that controls the MFA policy for all Members in the Organization. The accepted
	// values are:
	//
	//   `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time
	// they wish to log in. However, any active Session that existed prior to this setting change will remain
	// valid.
	//
	//   `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members.
	// Members will be required to complete MFA only if their `mfa_enrolled` status is set to true.
	//
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.settings.mfa-policy` action on the `stytch.organization` Resource.
	MFAPolicy string `json:"mfa_policy,omitempty"`
	// RBACEmailImplicitRoleAssignments: Implicit role assignments based off of email domains.
	//   For each domain-Role pair, all Members whose email addresses have the specified email domain will be
	// granted the
	//   associated Role, regardless of their login method. See the
	// [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
	//   for more information about role assignment.
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.settings.implicit-roles` action on the `stytch.organization` Resource.
	RBACEmailImplicitRoleAssignments []*EmailImplicitRoleAssignment `json:"rbac_email_implicit_role_assignments,omitempty"`
	// MFAMethods: The setting that controls which MFA methods can be used by Members of an Organization. The
	// accepted values are:
	//
	//   `ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
	//
	//   `RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication.
	// This setting does not apply to Members with `is_breakglass` set to `true`.
	//
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization`
	// Resource.
	MFAMethods string `json:"mfa_methods,omitempty"`
	// AllowedMFAMethods: An array of allowed MFA authentication methods. This list is enforced when
	// `mfa_methods` is set to `RESTRICTED`.
	//   The list's accepted values are: `sms_otp` and `totp`.
	//
	//
	// If this field is provided and a session header is passed into the request, the Member Session must have
	// permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization`
	// Resource.
	AllowedMFAMethods []string `json:"allowed_mfa_methods,omitempty"`
}

UpdateParams: Request type for `Organizations.Update`.

type UpdateRequestOptions

type UpdateRequestOptions struct {
	// Authorization: Optional authorization object.
	// Pass in an active Stytch Member session token or session JWT and the request
	// will be run using that member's permissions.
	Authorization methodoptions.Authorization `json:"authorization,omitempty"`
}

UpdateRequestOptions:

func (*UpdateRequestOptions) AddHeaders

func (o *UpdateRequestOptions) AddHeaders(headers map[string][]string) map[string][]string

type UpdateResponse

type UpdateResponse struct {
	// RequestID: Globally unique UUID that is returned with every API call. This value is important to log for
	// debugging purposes; we may ask for this value to help identify a specific API call when helping you
	// debug an issue.
	RequestID string `json:"request_id,omitempty"`
	// Organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
	Organization Organization `json:"organization,omitempty"`
	// StatusCode: The HTTP status code of the response. Stytch follows standard HTTP response status code
	// patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX
	// are server errors.
	StatusCode int32 `json:"status_code,omitempty"`
}

UpdateResponse: Response type for `Organizations.Update`.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL