Class: StytchB2B::Passwords::Discovery

Inherits:
Object
  • Object
show all
Includes:
Stytch::RequestHelper
Defined in:
lib/stytch/b2b_passwords.rb

Defined Under Namespace

Classes: Email

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Stytch::RequestHelper

#delete_request, #get_request, #post_request, #put_request, #request_with_query_params

Constructor Details

#initialize(connection) ⇒ Discovery

Returns a new instance of Discovery.



870
871
872
873
874
# File 'lib/stytch/b2b_passwords.rb', line 870

def initialize(connection)
  @connection = connection

  @email = StytchB2B::Passwords::Discovery::Email.new(@connection)
end

Instance Attribute Details

#emailObject (readonly)

Returns the value of attribute email.



868
869
870
# File 'lib/stytch/b2b_passwords.rb', line 868

def email
  @email
end

Instance Method Details

#authenticate(email_address:, password:) ⇒ Object

Authenticate an email/password combination in the discovery flow. This authenticate flow is only valid for cross-org passwords use cases, and is not tied to a specific organization.

If you have breach detection during authentication enabled in your [password strength policy](stytch.com/docs/b2b/guides/passwords/strength-policies) and the member’s credentials have appeared in the HaveIBeenPwned dataset, this endpoint will return a ‘member_reset_password` error even if the member enters a correct password. We force a password reset in this case to ensure that the member is the legitimate owner of the email address and not a malicious actor abusing the compromised credentials.

If successful, this endpoint will create a new intermediate session and return a list of discovered organizations that can be session exchanged into.

Parameters:

email_address

The email address of the Member. The type of this field is String.

password

The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc. The type of this field is String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

email_address

The email address. The type of this field is String.

intermediate_session_token

The returned Intermediate Session Token contains a password factor associated with the Member. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints. The type of this field is String.

discovered_organizations

An array of ‘discovered_organization` objects tied to the `intermediate_session_token`, `session_token`, or `session_jwt`. See the [Discovered Organization Object](stytch.com/docs/b2b/api/discovered-organization-object) for complete details.

Note that Organizations will only appear here under any of the following conditions:

  1. The end user is already a Member of the Organization.

  2. The end user is invited to the Organization.

  3. The end user can join the Organization because:

    a) The Organization allows JIT provisioning.
    
    b) The Organizations' allowed domains list contains the Member's email domain.
    
    c) The Organization has at least one other Member with a verified email address with the same domain as the end user (to prevent phishing attacks).
    

The type of this field is list of DiscoveredOrganization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.



918
919
920
921
922
923
924
925
926
927
928
929
# File 'lib/stytch/b2b_passwords.rb', line 918

def authenticate(
  email_address:,
  password:
)
  headers = {}
  request = {
    email_address: email_address,
    password: password
  }

  post_request('/v1/b2b/passwords/discovery/authenticate', request, headers)
end