feat: [AUTH-1645] Add additional params to PasswordsSessionReset (#145)

stytchauth · Sep 11, 2023 · ddb56d9 · ddb56d9
1 parent 6b61606
commit ddb56d9
Show file tree

Hide file tree

Showing 9 changed files with 147 additions and 73 deletions.
diff --git a/stytch/b2b/sessions/types.go b/stytch/b2b/sessions/types.go
@@ -124,7 +124,7 @@ type MemberSession struct {
 	// ExpiresAt: The timestamp when the Session expires. Values conform to the RFC 3339 standard and are
 	// expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
 	ExpiresAt *time.Time `json:"expires_at,omitempty"`
-	// AuthenticationFactors: An array of different authentication factors that have initiated a Session.
+	// AuthenticationFactors: An array of different authentication factors that comprise a Session.
 	AuthenticationFactors []sessions.AuthenticationFactor `json:"authentication_factors,omitempty"`
 	// OrganizationID: Globally unique UUID that identifies a specific Organization. The `organization_id` is
 	// critical to perform operations on an Organization, so be sure to preserve this value.

diff --git a/stytch/config/version.go b/stytch/config/version.go
@@ -1,3 +1,3 @@
 package config
 
-const APIVersion = "11.3.0"
+const APIVersion = "11.3.1"
diff --git a/stytch/consumer/magiclinks_email.go b/stytch/consumer/magiclinks_email.go
@@ -30,12 +30,10 @@ func NewMagicLinksEmailClient(c stytch.Client) *MagicLinksEmailClient {
 // [log in or create endpoint](https://stytch.com/docs/api/log-in-or-create-user-by-email).
 //
 // ### Add an email to an existing user
-// This endpoint also allows you to add a new email to an existing Stytch User. Including a `user_id`,
-// `session_token`, or `session_jwt` in the request will add the email to the pre-existing Stytch User upon
-// successful authentication.
-//
-// Adding a new email to an existing Stytch User requires the user to be present and validate the email via
-// magic link. This requirement is in place to prevent account takeover attacks.
+// This endpoint also allows you to add a new email address to an existing Stytch User. Including a
+// `user_id`, `session_token`, or `session_jwt` in your Send Magic Link by email request will add the new,
+// unverified email address to the existing Stytch User. Upon successful authentication, the email address
+// will be marked as verified.
 //
 // ### Next steps
 // The user is emailed a magic link which redirects them to the provided

diff --git a/stytch/consumer/otp_email.go b/stytch/consumer/otp_email.go
@@ -30,12 +30,10 @@ func NewOTPsEmailClient(c stytch.Client) *OTPsEmailClient {
 // [log in or create endpoint](https://stytch.com/docs/api/log-in-or-create-user-by-email-otp).
 //
 // ### Add an email to an existing user
-// This endpoint also allows you to add a new email to an existing Stytch User. Including a `user_id`,
-// `session_token`, or `session_jwt` in the request will add the email to the pre-existing Stytch User upon
-// successful authentication.
-//
-// Adding a new email to an existing Stytch User requires the User to be present and validate the email via
-// OTP. This requirement is in place to prevent account takeover attacks.
+// This endpoint also allows you to add a new email address to an existing Stytch User. Including a
+// `user_id`, `session_token`, or `session_jwt` in your Send one-time passcode by email request will add
+// the new, unverified email address to the existing Stytch User. Upon successful authentication, the email
+// address will be marked as verified.
 //
 // ### Next steps
 // Collect the OTP which was delivered to the user. Call

diff --git a/stytch/consumer/otp_sms.go b/stytch/consumer/otp_sms.go
@@ -39,11 +39,9 @@ func NewOTPsSmsClient(c stytch.Client) *OTPsSmsClient {
 // ### Add a phone number to an existing user
 //
 // This endpoint also allows you to add a new phone number to an existing Stytch User. Including a
-// `user_id`, `session_token`, or `session_jwt` in the request will add the phone number to the
-// pre-existing Stytch User upon successful authentication.
-//
-// Adding a new phone number to an existing Stytch User requires the user to be present and validate the
-// phone number via OTP. This requirement is in place to prevent account takeover attacks.
+// `user_id`, `session_token`, or `session_jwt` in your Send one-time passcode by SMS request will add the
+// new, unverified phone number to the existing Stytch User. Upon successful authentication, the phone
+// number will be marked as verified.
 //
 // ### Next steps
 //

diff --git a/stytch/consumer/otp_whatsapp.go b/stytch/consumer/otp_whatsapp.go
@@ -39,11 +39,9 @@ func NewOTPsWhatsappClient(c stytch.Client) *OTPsWhatsappClient {
 // ### Add a phone number to an existing user
 //
 // This endpoint also allows you to add a new phone number to an existing Stytch User. Including a
-// `user_id`, `session_token`, or `session_jwt` in the request will add the phone number to the
-// pre-existing Stytch User upon successful authentication.
-//
-// Adding a new phone number to an existing Stytch User requires the user to be present and validate the
-// phone number via OTP. This requirement is in place to prevent account takeover attacks.
+// `user_id`, `session_token`, or `session_jwt` in your Send one-time passcode by WhatsApp request will add
+// the new, unverified phone number to the existing Stytch User. Upon successful authentication, the phone
+// number will be marked as verified.
 //
 // ### Next steps
 //

diff --git a/stytch/consumer/passwords/session/types.go b/stytch/consumer/passwords/session/types.go
@@ -19,6 +19,27 @@ type ResetParams struct {
 	SessionToken string `json:"session_token,omitempty"`
 	// SessionJWT: The `session_jwt` associated with a User's existing Session.
 	SessionJWT string `json:"session_jwt,omitempty"`
+	// SessionDurationMinutes: Set the session lifetime to be this many minutes from now. This will start a new
+	// session if one doesn't already exist,
+	//   returning both an opaque `session_token` and `session_jwt` for this session. Remember that the
+	// `session_jwt` will have a fixed lifetime of
+	//   five minutes regardless of the underlying session duration, and will need to be refreshed over time.
+	//
+	//   This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
+	//
+	//   If a `session_token` or `session_jwt` is provided then a successful authentication will continue to
+	// extend the session this many minutes.
+	//
+	//   If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created.
+	SessionDurationMinutes int32 `json:"session_duration_minutes,omitempty"`
+	// SessionCustomClaims: Add a custom claims map to the Session being authenticated. Claims are only created
+	// if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included
+	// on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
+	// delete a key, supply a null value.
+	//
+	//   Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be
+	// ignored. Total custom claims size cannot exceed four kilobytes.
+	SessionCustomClaims map[string]any `json:"session_custom_claims,omitempty"`
 }
 
 // ResetResponse: Response type for `Sessions.Reset`.
@@ -32,6 +53,10 @@ type ResetResponse struct {
 	// User: The `user` object affected by this API call. See the
 	// [Get user endpoint](https://stytch.com/docs/api/get-user) for complete response field details.
 	User users.User `json:"user,omitempty"`
+	// SessionToken: A secret token for a given Stytch Session.
+	SessionToken string `json:"session_token,omitempty"`
+	// SessionJWT: The JSON Web Token (JWT) for a given Stytch Session.
+	SessionJWT string `json:"session_jwt,omitempty"`
 	// StatusCode: The HTTP status code of the response. Stytch follows standard HTTP response status code
 	// patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX
 	// are server errors.

diff --git a/stytch/consumer/sessions/types.go b/stytch/consumer/sessions/types.go
@@ -47,45 +47,71 @@ type AuthenticateParams struct {
 	// ignored. Total custom claims size cannot exceed four kilobytes.
 	SessionCustomClaims map[string]any `json:"session_custom_claims,omitempty"`
 }
+
+// AuthenticationFactor:
 type AuthenticationFactor struct {
-	Type                      AuthenticationFactorType           `json:"type,omitempty"`
-	DeliveryMethod            AuthenticationFactorDeliveryMethod `json:"delivery_method,omitempty"`
-	LastAuthenticatedAt       *time.Time                         `json:"last_authenticated_at,omitempty"`
-	CreatedAt                 *time.Time                         `json:"created_at,omitempty"`
-	UpdatedAt                 *time.Time                         `json:"updated_at,omitempty"`
-	EmailFactor               *EmailFactor                       `json:"email_factor,omitempty"`
-	PhoneNumberFactor         *PhoneNumberFactor                 `json:"phone_number_factor,omitempty"`
-	GoogleOAuthFactor         *GoogleOAuthFactor                 `json:"google_oauth_factor,omitempty"`
-	MicrosoftOAuthFactor      *MicrosoftOAuthFactor              `json:"microsoft_oauth_factor,omitempty"`
-	AppleOAuthFactor          *AppleOAuthFactor                  `json:"apple_oauth_factor,omitempty"`
-	WebAuthnFactor            *WebAuthnFactor                    `json:"webauthn_factor,omitempty"`
-	AuthenticatorAppFactor    *AuthenticatorAppFactor            `json:"authenticator_app_factor,omitempty"`
-	GithubOAuthFactor         *GithubOAuthFactor                 `json:"github_oauth_factor,omitempty"`
-	RecoveryCodeFactor        *RecoveryCodeFactor                `json:"recovery_code_factor,omitempty"`
-	FacebookOAuthFactor       *FacebookOAuthFactor               `json:"facebook_oauth_factor,omitempty"`
-	CryptoWalletFactor        *CryptoWalletFactor                `json:"crypto_wallet_factor,omitempty"`
-	AmazonOAuthFactor         *AmazonOAuthFactor                 `json:"amazon_oauth_factor,omitempty"`
-	BitbucketOAuthFactor      *BitbucketOAuthFactor              `json:"bitbucket_oauth_factor,omitempty"`
-	CoinbaseOAuthFactor       *CoinbaseOAuthFactor               `json:"coinbase_oauth_factor,omitempty"`
-	DiscordOAuthFactor        *DiscordOAuthFactor                `json:"discord_oauth_factor,omitempty"`
-	FigmaOAuthFactor          *FigmaOAuthFactor                  `json:"figma_oauth_factor,omitempty"`
-	GitLabOAuthFactor         *GitLabOAuthFactor                 `json:"git_lab_oauth_factor,omitempty"`
-	InstagramOAuthFactor      *InstagramOAuthFactor              `json:"instagram_oauth_factor,omitempty"`
-	LinkedInOAuthFactor       *LinkedInOAuthFactor               `json:"linked_in_oauth_factor,omitempty"`
-	ShopifyOAuthFactor        *ShopifyOAuthFactor                `json:"shopify_oauth_factor,omitempty"`
-	SlackOAuthFactor          *SlackOAuthFactor                  `json:"slack_oauth_factor,omitempty"`
-	SnapchatOAuthFactor       *SnapchatOAuthFactor               `json:"snapchat_oauth_factor,omitempty"`
-	SpotifyOAuthFactor        *SpotifyOAuthFactor                `json:"spotify_oauth_factor,omitempty"`
-	SteamOAuthFactor          *SteamOAuthFactor                  `json:"steam_oauth_factor,omitempty"`
-	TikTokOAuthFactor         *TikTokOAuthFactor                 `json:"tik_tok_oauth_factor,omitempty"`
-	TwitchOAuthFactor         *TwitchOAuthFactor                 `json:"twitch_oauth_factor,omitempty"`
-	TwitterOAuthFactor        *TwitterOAuthFactor                `json:"twitter_oauth_factor,omitempty"`
-	EmbeddableMagicLinkFactor *EmbeddableMagicLinkFactor         `json:"embeddable_magic_link_factor,omitempty"`
-	BiometricFactor           *BiometricFactor                   `json:"biometric_factor,omitempty"`
-	SAMLSSOFactor             *SAMLSSOFactor                     `json:"saml_sso_factor,omitempty"`
-	OIDCSSOFactor             *OIDCSSOFactor                     `json:"oidc_sso_factor,omitempty"`
-	SalesforceOAuthFactor     *SalesforceOAuthFactor             `json:"salesforce_oauth_factor,omitempty"`
-	YahooOAuthFactor          *YahooOAuthFactor                  `json:"yahoo_oauth_factor,omitempty"`
+	// Type: The type of authentication factor. The possible values are: `magic_link`, `otp`,
+	//        `oauth`, `password`, or `sso`.
+	Type AuthenticationFactorType `json:"type,omitempty"`
+	// DeliveryMethod: The method that was used to deliver the authentication factor. The possible values
+	// depend on the `type`:
+	//
+	//       `magic_link` – Only `email`.
+	//
+	//       `otp` – Only `sms`.
+	//
+	//       `oauth` – Either `oauth_google` or `oauth_microsoft`.
+	//
+	//       `password` – Only `knowledge`.
+	//
+	//       `sso` – Either `sso_saml` or `sso_oidc`.
+	//
+	DeliveryMethod AuthenticationFactorDeliveryMethod `json:"delivery_method,omitempty"`
+	// LastAuthenticatedAt: The timestamp when the factor was last authenticated.
+	LastAuthenticatedAt *time.Time `json:"last_authenticated_at,omitempty"`
+	// CreatedAt: The timestamp when the factor was initially authenticated.
+	CreatedAt *time.Time `json:"created_at,omitempty"`
+	// UpdatedAt: The timestamp when the factor was last updated.
+	UpdatedAt *time.Time `json:"updated_at,omitempty"`
+	// EmailFactor: Information about the email factor, if one is present.
+	EmailFactor *EmailFactor `json:"email_factor,omitempty"`
+	// PhoneNumberFactor: Information about the phone number factor, if one is present.
+	PhoneNumberFactor *PhoneNumberFactor `json:"phone_number_factor,omitempty"`
+	// GoogleOAuthFactor: Information about the Google OAuth factor, if one is present.
+	GoogleOAuthFactor *GoogleOAuthFactor `json:"google_oauth_factor,omitempty"`
+	// MicrosoftOAuthFactor: Information about the Microsoft OAuth factor, if one is present.
+	MicrosoftOAuthFactor      *MicrosoftOAuthFactor      `json:"microsoft_oauth_factor,omitempty"`
+	AppleOAuthFactor          *AppleOAuthFactor          `json:"apple_oauth_factor,omitempty"`
+	WebAuthnFactor            *WebAuthnFactor            `json:"webauthn_factor,omitempty"`
+	AuthenticatorAppFactor    *AuthenticatorAppFactor    `json:"authenticator_app_factor,omitempty"`
+	GithubOAuthFactor         *GithubOAuthFactor         `json:"github_oauth_factor,omitempty"`
+	RecoveryCodeFactor        *RecoveryCodeFactor        `json:"recovery_code_factor,omitempty"`
+	FacebookOAuthFactor       *FacebookOAuthFactor       `json:"facebook_oauth_factor,omitempty"`
+	CryptoWalletFactor        *CryptoWalletFactor        `json:"crypto_wallet_factor,omitempty"`
+	AmazonOAuthFactor         *AmazonOAuthFactor         `json:"amazon_oauth_factor,omitempty"`
+	BitbucketOAuthFactor      *BitbucketOAuthFactor      `json:"bitbucket_oauth_factor,omitempty"`
+	CoinbaseOAuthFactor       *CoinbaseOAuthFactor       `json:"coinbase_oauth_factor,omitempty"`
+	DiscordOAuthFactor        *DiscordOAuthFactor        `json:"discord_oauth_factor,omitempty"`
+	FigmaOAuthFactor          *FigmaOAuthFactor          `json:"figma_oauth_factor,omitempty"`
+	GitLabOAuthFactor         *GitLabOAuthFactor         `json:"git_lab_oauth_factor,omitempty"`
+	InstagramOAuthFactor      *InstagramOAuthFactor      `json:"instagram_oauth_factor,omitempty"`
+	LinkedInOAuthFactor       *LinkedInOAuthFactor       `json:"linked_in_oauth_factor,omitempty"`
+	ShopifyOAuthFactor        *ShopifyOAuthFactor        `json:"shopify_oauth_factor,omitempty"`
+	SlackOAuthFactor          *SlackOAuthFactor          `json:"slack_oauth_factor,omitempty"`
+	SnapchatOAuthFactor       *SnapchatOAuthFactor       `json:"snapchat_oauth_factor,omitempty"`
+	SpotifyOAuthFactor        *SpotifyOAuthFactor        `json:"spotify_oauth_factor,omitempty"`
+	SteamOAuthFactor          *SteamOAuthFactor          `json:"steam_oauth_factor,omitempty"`
+	TikTokOAuthFactor         *TikTokOAuthFactor         `json:"tik_tok_oauth_factor,omitempty"`
+	TwitchOAuthFactor         *TwitchOAuthFactor         `json:"twitch_oauth_factor,omitempty"`
+	TwitterOAuthFactor        *TwitterOAuthFactor        `json:"twitter_oauth_factor,omitempty"`
+	EmbeddableMagicLinkFactor *EmbeddableMagicLinkFactor `json:"embeddable_magic_link_factor,omitempty"`
+	BiometricFactor           *BiometricFactor           `json:"biometric_factor,omitempty"`
+	// SAMLSSOFactor: Information about the SAML SSO factor, if one is present.
+	SAMLSSOFactor *SAMLSSOFactor `json:"saml_sso_factor,omitempty"`
+	// OIDCSSOFactor: Information about the OIDC SSO factor, if one is present.
+	OIDCSSOFactor         *OIDCSSOFactor         `json:"oidc_sso_factor,omitempty"`
+	SalesforceOAuthFactor *SalesforceOAuthFactor `json:"salesforce_oauth_factor,omitempty"`
+	YahooOAuthFactor      *YahooOAuthFactor      `json:"yahoo_oauth_factor,omitempty"`
 }
 type AuthenticatorAppFactor struct {
 	TOTPID string `json:"totp_id,omitempty"`
@@ -113,8 +139,12 @@ type DiscordOAuthFactor struct {
 	EmailID         string `json:"email_id,omitempty"`
 	ProviderSubject string `json:"provider_subject,omitempty"`
 }
+
+// EmailFactor:
 type EmailFactor struct {
-	EmailID      string `json:"email_id,omitempty"`
+	// EmailID: The globally unique UUID of the Member's email.
+	EmailID string `json:"email_id,omitempty"`
+	// EmailAddress: The email address of the Member.
 	EmailAddress string `json:"email_address,omitempty"`
 }
 type EmbeddableMagicLinkFactor struct {
@@ -152,9 +182,15 @@ type GithubOAuthFactor struct {
 	EmailID         string `json:"email_id,omitempty"`
 	ProviderSubject string `json:"provider_subject,omitempty"`
 }
+
+// GoogleOAuthFactor:
 type GoogleOAuthFactor struct {
-	ID              string `json:"id,omitempty"`
-	EmailID         string `json:"email_id,omitempty"`
+	// ID: The unique ID of an OAuth registration.
+	ID string `json:"id,omitempty"`
+	// EmailID: The globally unique UUID of the Member's email.
+	EmailID string `json:"email_id,omitempty"`
+	// ProviderSubject: The unique identifier for the User within a given OAuth provider. Also commonly called
+	// the `sub` or "Subject field" in OAuth protocols.
 	ProviderSubject string `json:"provider_subject,omitempty"`
 }
 type InstagramOAuthFactor struct {
@@ -178,18 +214,33 @@ type LinkedInOAuthFactor struct {
 	EmailID         string `json:"email_id,omitempty"`
 	ProviderSubject string `json:"provider_subject,omitempty"`
 }
+
+// MicrosoftOAuthFactor:
 type MicrosoftOAuthFactor struct {
-	ID              string `json:"id,omitempty"`
-	EmailID         string `json:"email_id,omitempty"`
+	// ID: The unique ID of an OAuth registration.
+	ID string `json:"id,omitempty"`
+	// EmailID: The globally unique UUID of the Member's email.
+	EmailID string `json:"email_id,omitempty"`
+	// ProviderSubject: The unique identifier for the User within a given OAuth provider. Also commonly called
+	// the `sub` or "Subject field" in OAuth protocols.
 	ProviderSubject string `json:"provider_subject,omitempty"`
 }
+
+// OIDCSSOFactor:
 type OIDCSSOFactor struct {
-	ID         string `json:"id,omitempty"`
+	// ID: The unique ID of an SSO Registration.
+	ID string `json:"id,omitempty"`
+	// ProviderID: Globally unique UUID that identifies a specific OIDC Connection.
 	ProviderID string `json:"provider_id,omitempty"`
+	// ExternalID: The ID of the member given by the identity provider.
 	ExternalID string `json:"external_id,omitempty"`
 }
+
+// PhoneNumberFactor:
 type PhoneNumberFactor struct {
-	PhoneID     string `json:"phone_id,omitempty"`
+	// PhoneID: The globally unique UUID of the Member's phone number.
+	PhoneID string `json:"phone_id,omitempty"`
+	// PhoneNumber: The phone number of the Member.
 	PhoneNumber string `json:"phone_number,omitempty"`
 }
 type RecoveryCodeFactor struct {
@@ -205,9 +256,14 @@ type RevokeParams struct {
 	// SessionJWT: A JWT for the session to revoke.
 	SessionJWT string `json:"session_jwt,omitempty"`
 }
+
+// SAMLSSOFactor:
 type SAMLSSOFactor struct {
-	ID         string `json:"id,omitempty"`
+	// ID: The unique ID of an SSO Registration.
+	ID string `json:"id,omitempty"`
+	// ProviderID: Globally unique UUID that identifies a specific SAML Connection.
 	ProviderID string `json:"provider_id,omitempty"`
+	// ExternalID: The ID of the member given by the identity provider.
 	ExternalID string `json:"external_id,omitempty"`
 }
 type SalesforceOAuthFactor struct {