class StytchB2B::IDP::OAuth
def authorize(
A one-time use code that can be exchanged for tokens.
authorization_code::
The type of this field is +Integer+.
(no documentation yet)
status_code::
The type of this field is +String+.
The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant.
redirect_uri::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is nilable list of +String+.
(no documentation yet)
resources::
The type of this field is nilable +String+.
A base64url encoded challenge derived from the code verifier for PKCE flows.
code_challenge::
The type of this field is nilable +String+.
A string used to associate a client session with an ID token to mitigate replay attacks.
nonce::
The type of this field is nilable +String+.
An opaque value used to maintain state between the request and callback.
state::
The type of this field is nilable +String+.
Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only `consent` is supported today.
prompt::
The type of this field is nilable +String+.
The JSON Web Token (JWT) for a given Stytch Session.
session_jwt::
The type of this field is nilable +String+.
A secret token for a given Stytch Session.
session_token::
The type of this field is nilable +String+.
Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.
member_id::
The type of this field is nilable +String+.
Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.
organization_id::
The type of this field is +String+.
The OAuth 2.0 response type. For authorization code flows this value is `code`.
response_type::
The type of this field is +String+.
The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant.
redirect_uri::
The type of this field is +String+.
The ID of the Connected App client.
client_id::
The type of this field is list of +String+.
An array of scopes requested by the client.
scopes::
The type of this field is +Boolean+.
Indicates whether the user granted the requested scopes.
consent_granted::
== Parameters:
One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/b2b/api/connected-app-access-token-exchange) flow.
If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the Member's session for tracking purposes.
- `session_jwt`
- `session_token`
- `organization_id` + `member_id`
Exactly one of the following must be provided to identify the Member granting authorization:
In both cases, redirect the Member to the location for the response to be consumed by the Connected App.
If the authorization was unsuccessful, the `redirect_uri` will contain an OAuth2.1 `error_code`.
If the authorization was successful, the `redirect_uri` will contain a valid `authorization_code` embedded as a query parameter.
Note that this endpoint takes in a few additional parameters the preflight check does not- `state`, `nonce`, and `code_challenge`.
[Preflight Check](https://stytch.com/docs/b2b/api/connected-apps-oauth-authorize-start) API.
Call this endpoint using the query parameters from an OAuth Authorization request, after previously validating those parameters using the
Completes a request for authorization of a Connected App to access a Member's account.
def authorize( consent_granted:, scopes:, client_id:, redirect_uri:, response_type:, organization_id: nil, member_id: nil, session_token: nil, session_jwt: nil, prompt: nil, state: nil, nonce: nil, code_challenge: nil, resources: nil ) headers = {} request = { consent_granted: consent_granted, scopes: scopes, client_id: client_id, redirect_uri: redirect_uri, response_type: response_type } request[:organization_id] = organization_id unless organization_id.nil? request[:member_id] = member_id unless member_id.nil? request[:session_token] = session_token unless session_token.nil? request[:session_jwt] = session_jwt unless session_jwt.nil? request[:prompt] = prompt unless prompt.nil? request[:state] = state unless state.nil? request[:nonce] = nonce unless nonce.nil? request[:code_challenge] = code_challenge unless code_challenge.nil? request[:resources] = resources unless resources.nil? post_request('/v1/b2b/idp/oauth/authorize', request, headers) end
def authorize_start(
(no documentation yet)
status_code::
The type of this field is list of +ScopeResult+ (+object+).
Details about each requested scope.
scope_results::
The type of this field is +Boolean+.
Whether the user must provide explicit consent for the authorization request.
consent_required::
The type of this field is +ConnectedAppPublic+ (+object+).
(no documentation yet)
client::
The type of this field is +Organization+ (+object+).
The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
organization::
The type of this field is +Member+ (+object+).
The [Member object](https://stytch.com/docs/b2b/api/member-object)
member::
The type of this field is +String+.
Globally unique UUID that identifies a specific Member.
member_id::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is nilable +String+.
Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only `consent` is supported today.
prompt::
The type of this field is nilable +String+.
The JSON Web Token (JWT) for a given Stytch Session.
session_jwt::
The type of this field is nilable +String+.
A secret token for a given Stytch Session.
session_token::
The type of this field is nilable +String+.
Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.
member_id::
The type of this field is nilable +String+.
Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.
organization_id::
The type of this field is list of +String+.
An array of scopes requested by the client.
scopes::
The type of this field is +String+.
The OAuth 2.0 response type. For authorization code flows this value is `code`.
response_type::
The type of this field is +String+.
The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant.
redirect_uri::
The type of this field is +String+.
The ID of the Connected App client.
client_id::
== Parameters:
One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/b2b/api/connected-app-access-token-exchange) flow.
If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the Member's session for tracking purposes.
- `session_jwt`
- `session_token`
- `organization_id` + `member_id`
Exactly one of the following must be provided to identify the Member granting authorization:
Use this response to prompt the Member for consent (if necessary) before calling the [Submit OAuth Authorization](https://stytch.com/docs/b2b/api/connected-apps-oauth-authorize) endpoint.
- A list of scopes the Member has the ability to grant the Connected App
- Whether _explicit_ consent must be granted before proceeding with the authorization
- A public representation of the Connected App requesting authorization
This endpoint returns:
relevant information for rendering an OAuth Consent Screen.
This endpoint validates various fields (`scope`, `client_id`, `redirect_uri`, `prompt`, etc...) are correct and returns
Call this endpoint using the query parameters from an OAuth Authorization request.
Initiates a request for authorization of a Connected App to access a Member's account.
def authorize_start( client_id:, redirect_uri:, response_type:, scopes:, organization_id: nil, member_id: nil, session_token: nil, session_jwt: nil, prompt: nil ) headers = {} request = { client_id: client_id, redirect_uri: redirect_uri, response_type: response_type, scopes: scopes } request[:organization_id] = organization_id unless organization_id.nil? request[:member_id] = member_id unless member_id.nil? request[:session_token] = session_token unless session_token.nil? request[:session_jwt] = session_jwt unless session_jwt.nil? request[:prompt] = prompt unless prompt.nil? post_request('/v1/b2b/idp/oauth/authorize/start', request, headers) end
def initialize(connection)
def initialize(connection) @connection = connection end