Class: StytchB2B::SSO::OIDC
- Inherits:
-
Object
- Object
- StytchB2B::SSO::OIDC
- Includes:
- Stytch::RequestHelper
- Defined in:
- lib/stytch/b2b_sso.rb
Defined Under Namespace
Classes: CreateConnectionRequestOptions, UpdateConnectionRequestOptions
Instance Method Summary collapse
-
#create_connection(organization_id:, display_name: nil, identity_provider: nil, method_options: nil) ⇒ Object
Create a new OIDC Connection.
-
#initialize(connection) ⇒ OIDC
constructor
A new instance of OIDC.
-
#update_connection(organization_id:, connection_id:, display_name: nil, client_id: nil, client_secret: nil, issuer: nil, authorization_url: nil, token_url: nil, userinfo_url: nil, jwks_url: nil, identity_provider: nil, custom_scopes: nil, attribute_mapping: nil, method_options: nil) ⇒ Object
Updates an existing OIDC connection.
Methods included from Stytch::RequestHelper
#delete_request, #get_request, #post_request, #put_request, #request_with_query_params
Constructor Details
#initialize(connection) ⇒ OIDC
Returns a new instance of OIDC.
300 301 302 |
# File 'lib/stytch/b2b_sso.rb', line 300 def initialize(connection) @connection = connection end |
Instance Method Details
#create_connection(organization_id:, display_name: nil, identity_provider: nil, method_options: nil) ⇒ Object
Create a new OIDC Connection.
Parameters:
- organization_id
-
Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. The type of this field is
String
. - display_name
-
A human-readable display name for the connection. The type of this field is nilable
String
. - identity_provider
-
Name of the IdP. Enum with possible values: ‘classlink`, `cyberark`, `duo`, `google-workspace`, `jumpcloud`, `keycloak`, `miniorange`, `microsoft-entra`, `okta`, `onelogin`, `pingfederate`, `rippling`, `salesforce`, `shibboleth`, or `generic`.
Specifying a known provider allows Stytch to handle any provider-specific logic.
The type of this field is nilable +CreateConnectionRequestIdentityProvider+ (string enum).
Returns:
An object with the following fields:
- request_id
-
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is
String
. - status_code
-
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is
Integer
. - connection
-
The ‘OIDC Connection` object affected by this API call. See the [OIDC Connection Object](stytch.com/docs/b2b/api/oidc-connection-object) for complete response field details. The type of this field is nilable
OIDCConnection
(object
).
Method Options:
This method supports an optional StytchB2B::SSO::OIDC::CreateConnectionRequestOptions
object which will modify the headers sent in the HTTP request.
333 334 335 336 337 338 339 340 341 342 343 344 345 346 |
# File 'lib/stytch/b2b_sso.rb', line 333 def create_connection( organization_id:, display_name: nil, identity_provider: nil, method_options: nil ) headers = {} headers = headers.merge(.to_headers) unless .nil? request = {} request[:display_name] = display_name unless display_name.nil? request[:identity_provider] = identity_provider unless identity_provider.nil? post_request("/v1/b2b/sso/oidc/#{organization_id}", request, headers) end |
#update_connection(organization_id:, connection_id:, display_name: nil, client_id: nil, client_secret: nil, issuer: nil, authorization_url: nil, token_url: nil, userinfo_url: nil, jwks_url: nil, identity_provider: nil, custom_scopes: nil, attribute_mapping: nil, method_options: nil) ⇒ Object
Updates an existing OIDC connection.
When the value of ‘issuer` changes, Stytch will attempt to retrieve the [OpenID Provider Metadata](openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata) document found at `$/.well-known/openid-configuration`. If the metadata document can be retrieved successfully, Stytch will use it to infer the values of `authorization_url`, `token_url`, `jwks_url`, and `userinfo_url`. The `client_id` and `client_secret` values cannot be inferred from the metadata document, and must be passed in explicitly.
If the metadata document cannot be retrieved, Stytch will still update the connection using values from the request body.
If the metadata document can be retrieved, and values are passed in the request body, the explicit values passed in from the request body will take precedence over the values inferred from the metadata document.
Note that a newly created connection will not become active until all of the following fields are provided:
-
‘issuer`
-
‘client_id`
-
‘client_secret`
-
‘authorization_url`
-
‘token_url`
-
‘userinfo_url`
-
‘jwks_url`
Parameters:
- organization_id
-
Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. The type of this field is
String
. - connection_id
-
Globally unique UUID that identifies a specific SSO ‘connection_id` for a Member. The type of this field is
String
. - display_name
-
A human-readable display name for the connection. The type of this field is nilable
String
. - client_id
-
The OAuth2.0 client ID used to authenticate login attempts. This will be provided by the IdP. The type of this field is nilable
String
. - client_secret
-
The secret belonging to the OAuth2.0 client used to authenticate login attempts. This will be provided by the IdP. The type of this field is nilable
String
. - issuer
-
A case-sensitive ‘https://` URL that uniquely identifies the IdP. This will be provided by the IdP. The type of this field is nilable
String
. - authorization_url
-
The location of the URL that starts an OAuth login at the IdP. This will be provided by the IdP. The type of this field is nilable
String
. - token_url
-
The location of the URL that issues OAuth2.0 access tokens and OIDC ID tokens. This will be provided by the IdP. The type of this field is nilable
String
. - userinfo_url
-
The location of the IDP’s [UserInfo Endpoint](openid.net/specs/openid-connect-core-1_0.html#UserInfo). This will be provided by the IdP. The type of this field is nilable
String
. - jwks_url
-
The location of the IdP’s JSON Web Key Set, used to verify credentials issued by the IdP. This will be provided by the IdP. The type of this field is nilable
String
. - identity_provider
-
Name of the IdP. Enum with possible values: ‘classlink`, `cyberark`, `duo`, `google-workspace`, `jumpcloud`, `keycloak`, `miniorange`, `microsoft-entra`, `okta`, `onelogin`, `pingfederate`, `rippling`, `salesforce`, `shibboleth`, or `generic`.
Specifying a known provider allows Stytch to handle any provider-specific logic.
The type of this field is nilable +UpdateConnectionRequestIdentityProvider+ (string enum).
- custom_scopes
-
Include a space-separated list of custom scopes that you’d like to include. Note that this list must be URL encoded, e.g. the spaces must be expressed as %20. The type of this field is nilable
String
. - attribute_mapping
-
An object that represents the attributes used to identify a Member. This object will map the IdP-defined User attributes to Stytch-specific values, which will appear on the member’s Trusted Metadata. The type of this field is nilable
object
.
Returns:
An object with the following fields:
- request_id
-
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is
String
. - status_code
-
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is
Integer
. - connection
-
The ‘OIDC Connection` object affected by this API call. See the [OIDC Connection Object](stytch.com/docs/b2b/api/oidc-connection-object) for complete response field details. The type of this field is nilable
OIDCConnection
(object
). - warning
-
If it is not possible to resolve the well-known metadata document from the OIDC issuer, this field will explain what went wrong if the request is successful otherwise. In other words, even if the overall request succeeds, there could be relevant warnings related to the connection update. The type of this field is nilable
String
.
Method Options:
This method supports an optional StytchB2B::SSO::OIDC::UpdateConnectionRequestOptions
object which will modify the headers sent in the HTTP request.
427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 |
# File 'lib/stytch/b2b_sso.rb', line 427 def update_connection( organization_id:, connection_id:, display_name: nil, client_id: nil, client_secret: nil, issuer: nil, authorization_url: nil, token_url: nil, userinfo_url: nil, jwks_url: nil, identity_provider: nil, custom_scopes: nil, attribute_mapping: nil, method_options: nil ) headers = {} headers = headers.merge(.to_headers) unless .nil? request = {} request[:display_name] = display_name unless display_name.nil? request[:client_id] = client_id unless client_id.nil? request[:client_secret] = client_secret unless client_secret.nil? request[:issuer] = issuer unless issuer.nil? request[:authorization_url] = unless .nil? request[:token_url] = token_url unless token_url.nil? request[:userinfo_url] = userinfo_url unless userinfo_url.nil? request[:jwks_url] = jwks_url unless jwks_url.nil? request[:identity_provider] = identity_provider unless identity_provider.nil? request[:custom_scopes] = custom_scopes unless custom_scopes.nil? request[:attribute_mapping] = attribute_mapping unless attribute_mapping.nil? put_request("/v1/b2b/sso/oidc/#{organization_id}/connections/#{connection_id}", request, headers) end |