class StytchB2B::Sessions
def authenticate(
the complete list of Roles that gave the Member permission to perform the specified action on the specified Resource.
If an `authorization_check` is provided in the request and the check succeeds, this field will return
verdict::
The type of this field is +Integer+.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is +Organization+ (+object+).
The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
organization::
The type of this field is +Member+ (+object+).
The [Member object](https://stytch.com/docs/b2b/api/member-object)
member::
The type of this field is +String+.
The JSON Web Token (JWT) for a given Stytch Session.
session_jwt::
The type of this field is +String+.
A secret token for a given Stytch Session.
session_token::
The type of this field is +MemberSession+ (+object+).
The [Session object](https://stytch.com/docs/b2b/api/session-object).
member_session::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is nilable +AuthorizationCheck+ (+object+).
Otherwise, the response will contain a list of Roles that satisfied the authorization check.
`organization_id` does not match the Member's Organization, a 403 error will be thrown.
If the Member is not authorized to perform the specified action on the specified Resource, or if the
factor on the Member Session from the specified SSO connection.
assigned by SSO connection or SSO group will only be valid for a Member Session if there is at least one authentication
The Roles on the Member Session may differ from the Roles you see on the Member object - Roles that are implicitly
In addition, the `organization_id` passed in the authorization check must match the Member's Organization.
[explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
their Member Session contains a Role, assigned
authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if
If an `authorization_check` object is passed in, this endpoint will also check if the Member is
authorization_check::
The type of this field is nilable +object+.
Total custom claims size cannot exceed four kilobytes.
delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.
`session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
session_custom_claims::
The type of this field is nilable +String+.
The JSON Web Token (JWT) for a given Stytch Session.
session_jwt::
The type of this field is nilable +Integer+.
to use the Stytch session product, you can ignore the session fields in the response.
If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.
This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
five minutes regardless of the underlying session duration, and will need to be refreshed over time.
returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
session_duration_minutes::
The type of this field is nilable +String+.
A secret token for a given Stytch Session.
session_token::
== Parameters:
Otherwise, the response will contain a list of Roles that satisfied the authorization check.
`organization_id` does not match the Member's Organization, a 403 error will be thrown.
If the Member is not authorized to perform the specified action on the specified Resource, or if the
In addition, the `organization_id` passed in the authorization check must match the Member's Organization.
If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified. A is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.
You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid. See our [How to use Stytch Session JWTs](https://stytch.com/docs/b2b/guides/sessions/resources/using-jwts) guide for more information.
Authenticates a Session and updates its lifetime by the specified `session_duration_minutes`. If the `session_duration_minutes` is not specified, a Session will not be extended. This endpoint requires either a `session_jwt` or `session_token` be included in the request. It will return an error if both are present.
def authenticate( session_token: nil, session_duration_minutes: nil, session_jwt: nil, session_custom_claims: nil, authorization_check: nil ) headers = {} request = {} request[:session_token] = session_token unless session_token.nil? request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil? request[:session_jwt] = session_jwt unless session_jwt.nil? request[:session_custom_claims] = session_custom_claims unless session_custom_claims.nil? request[:authorization_check] = authorization_check unless authorization_check.nil? post_request('/v1/b2b/sessions/authenticate', request, headers) end