Class: StytchB2B::Passwords::Discovery::Email

Inherits:

Object

Object
StytchB2B::Passwords::Discovery::Email

show all

Includes:: Stytch::RequestHelper

Defined in:: lib/stytch/b2b_passwords.rb

Instance Method Summary collapse

#initialize(connection) ⇒ Email constructor

A new instance of Email.
#reset(password_reset_token:, password:, pkce_code_verifier: nil) ⇒ Object

Reset the password associated with an email and start an intermediate session.
#reset_start(email_address:, reset_password_redirect_url: nil, discovery_redirect_url: nil, reset_password_template_id: nil, reset_password_expiration_minutes: nil, pkce_code_challenge: nil, locale: nil, verify_email_template_id: nil) ⇒ Object

Initiates a password reset for the email address provided, when cross-org passwords are enabled.

Methods included from Stytch::RequestHelper

#delete_request, #get_request, #post_request, #put_request, #request_with_query_params

Constructor Details

#initialize(connection) ⇒ `Email`

Returns a new instance of Email.



1032
1033
1034

# File 'lib/stytch/b2b_passwords.rb', line 1032

def initialize(connection)
  @connection = connection
end

Instance Method Details

#reset(password_reset_token:, password:, pkce_code_verifier: nil) ⇒ `Object`

Reset the password associated with an email and start an intermediate session. This endpoint checks that the password reset token is valid, hasn’t expired, or already been used.

The provided password needs to meet the project’s password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated.

Resetting a password will start an intermediate session and return a list of discovered organizations the session can be exchanged into.

Parameters:

password_reset_token: The password reset token to authenticate. The type of this field is String.
password: The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc. The type of this field is String.
pkce_code_verifier: (no documentation yet) The type of this field is nilable String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

intermediate_session_token

The returned Intermediate Session Token contains a password factor associated with the Member. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. The token has a default expiry of 10 minutes. Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints. The type of this field is String.

email_address

The email address. The type of this field is String.

discovered_organizations

An array of ‘discovered_organization` objects tied to the `intermediate_session_token`, `session_token`, or `session_jwt`. See the [Discovered Organization Object](stytch.com/docs/b2b/api/discovered-organization-object) for complete details.

Note that Organizations will only appear here under any of the following conditions:

The end user is already a Member of the Organization.
The end user is invited to the Organization.

The end user can join the Organization because:

a) The Organization allows JIT provisioning.

b) The Organizations' allowed domains list contains the Member's email domain.

c) The Organization has at least one other Member with a verified email address with the same domain as the end user (to prevent phishing attacks).

The type of this field is list of DiscoveredOrganization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

intermediate_session_token_expires_at

(no documentation yet) The type of this field is nilable String.

# File 'lib/stytch/b2b_passwords.rb', line 1161

def reset(
  password_reset_token:,
  password:,
  pkce_code_verifier: nil
)
  headers = {}
  request = {
    password_reset_token: password_reset_token,
    password: password
  }
  request[:pkce_code_verifier] = pkce_code_verifier unless pkce_code_verifier.nil?

  post_request('/v1/b2b/passwords/discovery/email/reset', request, headers)
end

#reset_start(email_address:, reset_password_redirect_url: nil, discovery_redirect_url: nil, reset_password_template_id: nil, reset_password_expiration_minutes: nil, pkce_code_challenge: nil, locale: nil, verify_email_template_id: nil) ⇒ `Object`

Initiates a password reset for the email address provided, when cross-org passwords are enabled. This will trigger an email to be sent to the address, containing a magic link that will allow them to set a new password and authenticate.

This endpoint adapts to your Project’s password strength configuration. If you’re using [zxcvbn](stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you’re using [LUDS](stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you’ve set with Stytch. You may update your password strength configuration on the [Passwords Policy page](stytch.com/dashboard/password-strength-config) in the Stytch Dashboard.

Parameters:

email_address: The email address of the Member to start the email reset process for. The type of this field is String.
reset_password_redirect_url: The URL that the Member is redirected to from the reset password magic link. This URL should display your application’s reset password page. Before rendering the reset page, extract the ‘token` from the query parameters. On the reset page, collect the new password and complete the flow by calling the corresponding Password Reset by Email endpoint. If this parameter is not specified, the default Reset Password redirect URL configured in the Dashboard will be used. If you have not set a default Reset Password redirect URL, an error is returned. The type of this field is nilable String.
discovery_redirect_url: The URL that the end user clicks from the discovery Magic Link. This URL should be an endpoint in the backend server that verifies the request by querying Stytch’s discovery authenticate endpoint and continues the flow. If this value is not passed, the default discovery redirect URL that you set in your Dashboard is used. If you have not set a default discovery redirect URL, an error is returned. The type of this field is nilable String.
reset_password_template_id: Use a custom template for reset password emails. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Passwords - Reset Password”. The type of this field is nilable String.
reset_password_expiration_minutes: Sets a time limit after which the email link to reset the member’s password will no longer be valid. The minimum allowed expiration is 5 minutes and the maximum is 10080 minutes (7 days). By default, the expiration is 30 minutes. The type of this field is nilable Integer.
pkce_code_challenge: (no documentation yet) The type of this field is nilable String.
locale: Used to determine which language to use when sending the user this delivery method. Parameter is an [IETF BCP 47 language tag](www.w3.org/International/articles/language-tags/), e.g. ‘“en”`.

Currently supported languages are English (‘“en”`), Spanish (`“es”`), French (`“fr”`) and Brazilian Portuguese (`“pt-br”`); if no value is provided, the copy defaults to English.

Request support for additional languages [here](docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link“)!

The type of this field is nilable +String+.

verify_email_template_id: Use a custom template for verification emails sent during password reset flows. When cross-organization passwords are enabled for your Project, this template will be used the first time a user sets a password via a password reset flow. By default, it will use your default email template. Templates can be added in the [Stytch dashboard](stytch.com/dashboard/templates) using our built-in customization options or custom HTML templates with type “Passwords - Email Verification”. The type of this field is nilable String.

Returns:

An object with the following fields:

request_id: Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.
status_code: The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

# File 'lib/stytch/b2b_passwords.rb', line 1088

def reset_start(
  email_address:,
  reset_password_redirect_url: nil,
  discovery_redirect_url: nil,
  reset_password_template_id: nil,
  reset_password_expiration_minutes: nil,
  pkce_code_challenge: nil,
  locale: nil,
  verify_email_template_id: nil
)
  headers = {}
  request = {
    email_address: email_address
  }
  request[:reset_password_redirect_url] = reset_password_redirect_url unless reset_password_redirect_url.nil?
  request[:discovery_redirect_url] = discovery_redirect_url unless discovery_redirect_url.nil?
  request[:reset_password_template_id] = reset_password_template_id unless reset_password_template_id.nil?
  request[:reset_password_expiration_minutes] = reset_password_expiration_minutes unless reset_password_expiration_minutes.nil?
  request[:pkce_code_challenge] = pkce_code_challenge unless pkce_code_challenge.nil?
  request[:locale] = locale unless locale.nil?
  request[:verify_email_template_id] = verify_email_template_id unless verify_email_template_id.nil?

  post_request('/v1/b2b/passwords/discovery/email/reset/start', request, headers)
end

Class: StytchB2B::Passwords::Discovery::Email

Instance Method Summary collapse

Methods included from Stytch::RequestHelper

Constructor Details

#initialize(connection) ⇒ Email

Instance Method Details

#reset(password_reset_token:, password:, pkce_code_verifier: nil) ⇒ Object

Parameters:

Returns:

#reset_start(email_address:, reset_password_redirect_url: nil, discovery_redirect_url: nil, reset_password_template_id: nil, reset_password_expiration_minutes: nil, pkce_code_challenge: nil, locale: nil, verify_email_template_id: nil) ⇒ Object

Parameters:

Returns:

#initialize(connection) ⇒ `Email`

#reset(password_reset_token:, password:, pkce_code_verifier: nil) ⇒ `Object`

#reset_start(email_address:, reset_password_redirect_url: nil, discovery_redirect_url: nil, reset_password_template_id: nil, reset_password_expiration_minutes: nil, pkce_code_challenge: nil, locale: nil, verify_email_template_id: nil) ⇒ `Object`