class StytchB2B::Passwords::Discovery::Email
def initialize(connection)
def initialize(connection) @connection = connection end
def reset(
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is list of +DiscoveredOrganization+ (+object+).
c) The Organization has at least one other Member with a verified email address with the same domain as the end user (to prevent phishing attacks).
b) The Organizations' allowed domains list contains the Member's email domain.
a) The Organization allows JIT provisioning.
3. The end user can join the Organization because:
2. The end user is invited to the Organization.
1. The end user is already a Member of the Organization.
Note that Organizations will only appear here under any of the following conditions:
An array of `discovered_organization` objects tied to the `intermediate_session_token`, `session_token`, or `session_jwt`. See the [Discovered Organization Object](https://stytch.com/docs/b2b/api/discovered-organization-object) for complete details.
discovered_organizations::
The type of this field is +String+.
The email address.
email_address::
The type of this field is +String+.
The returned Intermediate Session Token contains a password factor associated with the Member. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.
intermediate_session_token::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is nilable +String+.
(no documentation yet)
pkce_code_verifier::
The type of this field is +String+.
The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
password::
The type of this field is +String+.
The password reset token to authenticate.
password_reset_token::
== Parameters:
Resetting a password will start an intermediate session and return a list of discovered organizations the session can be exchanged into.
The provided password needs to meet the project's password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated.
Reset the password associated with an email and start an intermediate session. This endpoint checks that the password reset token is valid, hasn’t expired, or already been used.
def reset( password_reset_token:, password:, pkce_code_verifier: nil ) headers = {} request = { password_reset_token: password_reset_token, password: password } request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil? post_request('/v1/b2b/passwords/discovery/email/reset', request, headers) end
def reset_start(
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is nilable +String+.
Request support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")!
Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English.
Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
locale::
The type of this field is nilable +String+.
(no documentation yet)
pkce_code_challenge::
The type of this field is nilable +Integer+.
Sets a time limit after which the email link to reset the member's password will no longer be valid.
reset_password_expiration_minutes::
The type of this field is nilable +String+.
Use a custom template for reset password emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Magic Links - Reset Password.
reset_password_template_id::
The type of this field is nilable +String+.
discovery redirect URL that you set in your Dashboard is used. If you have not set a default discovery redirect URL, an error is returned.
verifies the request by querying Stytch's discovery authenticate endpoint and continues the flow. If this value is not passed, the default
The URL that the end user clicks from the discovery Magic Link. This URL should be an endpoint in the backend server that
discovery_redirect_url::
The type of this field is nilable +String+.
If you have not set a default `reset_password_redirect_url`, an error is returned.
Stytch's authenticate endpoint and finishes the reset password flow. If this value is not passed, the default `reset_password_redirect_url` that you set in your Dashboard is used.
The URL that the Member clicks from the reset password link. This URL should be an endpoint in the backend server that verifies the request by querying
reset_password_redirect_url::
The type of this field is +String+.
The email address of the Member to start the email reset process for.
email_address::
== Parameters:
You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
considered valid if they meet the requirements that you've set with Stytch.
if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are
If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid
This endpoint adapts to your Project's password strength configuration.
Initiates a password reset for the email address provided, when cross-org passwords are enabled. This will trigger an email to be sent to the address, containing a magic link that will allow them to set a new password and authenticate.
def reset_start( email_address:, reset_password_redirect_url: nil, discovery_redirect_url: nil, reset_password_template_id: nil, reset_password_expiration_minutes: nil, pkce_code_challenge: nil, locale: nil ) headers = {} request = { email_address: email_address } request[:reset_password_redirect_url] = reset_password_redirect_url unless reset_password_redirect_url.nil? request[:discovery_redirect_url] = discovery_redirect_url unless discovery_redirect_url.nil? request[:reset_password_template_id] = reset_password_template_id unless reset_password_template_id.nil? request[:reset_password_expiration_minutes] = reset_password_expiration_minutes unless reset_password_expiration_minutes.nil? request[:pkce_code_challenge] = pkce_code_challenge unless pkce_code_challenge.nil? request[:locale] = locale unless locale.nil? post_request('/v1/b2b/passwords/discovery/email/reset/start', request, headers) end