Class: StytchB2B::Organizations::Members

Inherits:

Object

• Object
• StytchB2B::Organizations::Members

Includes:

Stytch::RequestHelper

Defined in:

lib/stytch/b2b_organizations.rb

Defined Under Namespace

Classes: ConnectedApps, CreateRequestOptions, DeleteMFAPhoneNumberRequestOptions, DeletePasswordRequestOptions, DeleteRequestOptions, DeleteTOTPRequestOptions, GetConnectedAppsRequestOptions, OAuthProviders, ReactivateRequestOptions, SearchRequestOptions, StartEmailUpdateRequestOptions, UnlinkRetiredEmailRequestOptions, UpdateRequestOptions

Instance Attribute Summary

• #connected_apps ⇒ Object readonly

  Returns the value of attribute connected_apps.

• #oauth_providers ⇒ Object readonly

  Returns the value of attribute oauth_providers.

Instance Method Summary

• #create(organization_id:, email_address:, name: nil, trusted_metadata: nil, untrusted_metadata: nil, create_member_as_pending: nil, is_breakglass: nil, mfa_phone_number: nil, mfa_enrolled: nil, roles: nil, external_id: nil, method_options: nil) ⇒ Object

  Creates a Member.

• #dangerously_get(member_id:, include_deleted: nil) ⇒ Object

  Get a Member by ‘member_id`.

• #delete(organization_id:, member_id:, method_options: nil) ⇒ Object

  Deletes a Member specified by ‘organization_id` and `member_id`.

• #delete_mfa_phone_number(organization_id:, member_id:, method_options: nil) ⇒ Object

  Delete a Member’s MFA phone number.

• #delete_password(organization_id:, member_password_id:, method_options: nil) ⇒ Object

  Delete a Member’s password.

• #delete_totp(organization_id:, member_id:, method_options: nil) ⇒ Object

  Delete a Member’s MFA TOTP registration.

• #get(organization_id:, member_id: nil, email_address: nil) ⇒ Object

  Get a Member by ‘member_id` or `email_address`.

• #get_connected_apps(organization_id:, member_id:, method_options: nil) ⇒ Object

  Member Get Connected Apps retrieves a list of Connected Apps with which the Member has successfully completed an authorization flow.

• #initialize(connection) ⇒ Members constructor

  A new instance of Members.

• #oidc_providers(organization_id:, member_id:, include_refresh_token: nil) ⇒ Object

  Retrieve the saved OIDC access tokens and ID tokens for a member.

• #reactivate(organization_id:, member_id:, method_options: nil) ⇒ Object

  Reactivates a deleted Member’s status and its associated email status (if applicable) to active, specified by ‘organization_id` and `member_id`.

• #search(organization_ids:, cursor: nil, limit: nil, query: nil, method_options: nil) ⇒ Object

  Warning: This endpoint is not recommended for use in login flows.

• #start_email_update(organization_id:, member_id:, email_address:, login_redirect_url: nil, locale: nil, login_template_id: nil, delivery_method: nil, method_options: nil) ⇒ Object

  Starts a self-serve email update for a Member specified by their ‘organization_id` and `member_id`.

• #unlink_retired_email(organization_id:, member_id:, email_id: nil, email_address: nil, method_options: nil) ⇒ Object

  Unlinks a retired email address from a Member specified by their ‘organization_id` and `member_id`.

• #update(organization_id:, member_id:, name: nil, trusted_metadata: nil, untrusted_metadata: nil, is_breakglass: nil, mfa_phone_number: nil, mfa_enrolled: nil, roles: nil, preserve_existing_sessions: nil, default_mfa_method: nil, email_address: nil, external_id: nil, unlink_email: nil, method_options: nil) ⇒ Object

  Updates a Member specified by ‘organization_id` and `member_id`.

Methods included from Stytch::RequestHelper

#delete_request, #get_request, #post_request, #put_request, #request_with_query_params

Constructor Details

#initialize(connection) ⇒ Members

Returns a new instance of Members.

# File 'lib/stytch/b2b_organizations.rb', line 962

def initialize(connection)
  @connection = connection

  @oauth_providers = StytchB2B::Organizations::Members::OAuthProviders.new(@connection)
  @connected_apps = StytchB2B::Organizations::Members::ConnectedApps.new(@connection)
end

Instance Attribute Details

#connected_apps ⇒ Object (readonly)

Returns the value of attribute connected_apps.

# File 'lib/stytch/b2b_organizations.rb', line 960

def connected_apps
  @connected_apps
end

#oauth_providers ⇒ Object (readonly)

Returns the value of attribute oauth_providers.

# File 'lib/stytch/b2b_organizations.rb', line 960

def oauth_providers
  @oauth_providers
end

Instance Method Details

#create(organization_id:, email_address:, name: nil, trusted_metadata: nil, untrusted_metadata: nil, create_member_as_pending: nil, is_breakglass: nil, mfa_phone_number: nil, mfa_enrolled: nil, roles: nil, external_id: nil, method_options: nil) ⇒ Object

Creates a Member. An ‘organization_id` and `email_address` are required.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

email_address

The email address of the Member. The type of this field is String.

name

The name of the Member. The type of this field is nilable String.

trusted_metadata

An arbitrary JSON object for storing application-specific data or identity-provider-specific data. The type of this field is nilable object.

untrusted_metadata

An arbitrary JSON object of application-specific data. These fields can be edited directly by the frontend SDK, and should not be used to store critical information. See the [Metadata resource](stytch.com/docs/b2b/api/metadata) for complete field behavior details. The type of this field is nilable object.

create_member_as_pending

Flag for whether or not to save a Member as ‘pending` or `active` in Stytch. It defaults to false. If true, new Members will be created with status `pending` in Stytch’s backend. Their status will remain ‘pending` and they will continue to receive signup email templates for every Email Magic Link until that Member authenticates and becomes `active`. If false, new Members will be created with status `active`. The type of this field is nilable Boolean.

is_breakglass

Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization’s settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](stytch.com/docs/b2b/api/organization-object) and its ‘auth_methods` and `allowed_auth_methods` fields for more details. The type of this field is nilable Boolean.

mfa_phone_number

The Member’s phone number. A Member may only have one phone number. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX). The type of this field is nilable String.

mfa_enrolled

Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization’s MFA policy is set to ‘REQUIRED_FOR_ALL`. The type of this field is nilable Boolean.

roles

Roles to explicitly assign to this Member. See the [RBAC guide](stytch.com/docs/b2b/guides/rbac/role-assignment)

for more information about role assignment.

The type of this field is nilable list of String.

external_id

An identifier that can be used in most API calls where a ‘member_id` is expected. This is a string consisting of alphanumeric, `.`, `_`, `-`, or `|` characters with a maximum length of 128 characters. External IDs must be unique within an organization, but may be reused across different organizations in the same project. The type of this field is nilable String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The type of this field is String.

member

The [Member object](stytch.com/docs/b2b/api/member-object) The type of this field is Member (object).

organization

The [Organization object](stytch.com/docs/b2b/api/organization-object). The type of this field is Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::Members::CreateRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 1706

def create(
  organization_id:,
  email_address:,
  name: nil,
  trusted_metadata: nil,
  untrusted_metadata: nil,
  create_member_as_pending: nil,
  is_breakglass: nil,
  mfa_phone_number: nil,
  mfa_enrolled: nil,
  roles: nil,
  external_id: nil,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  request = {
    email_address: email_address
  }
  request[:name] = name unless name.nil?
  request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
  request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil?
  request[:create_member_as_pending] = create_member_as_pending unless create_member_as_pending.nil?
  request[:is_breakglass] = is_breakglass unless is_breakglass.nil?
  request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil?
  request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil?
  request[:roles] = roles unless roles.nil?
  request[:external_id] = external_id unless external_id.nil?

  post_request("/v1/b2b/organizations/#{organization_id}/members", request, headers)
end

#dangerously_get(member_id:, include_deleted: nil) ⇒ Object

Get a Member by ‘member_id`. This endpoint does not require an `organization_id`, enabling you to get members across organizations. This is a dangerous operation. Incorrect use may open you up to indirect object reference (IDOR) attacks. We recommend using the [Get Member](stytch.com/docs/b2b/api/get-member) API instead.

Parameters:

member_id

Globally unique UUID that identifies a specific Member. The ‘member_id` is critical to perform operations on a Member, so be sure to preserve this value. The type of this field is String.

include_deleted

Whether to include deleted Members in the response. Defaults to false. The type of this field is nilable Boolean.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The type of this field is String.

member

The [Member object](stytch.com/docs/b2b/api/member-object) The type of this field is Member (object).

organization

The [Organization object](stytch.com/docs/b2b/api/organization-object). The type of this field is Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

# File 'lib/stytch/b2b_organizations.rb', line 1399

def dangerously_get(
  member_id:,
  include_deleted: nil
)
  headers = {}
  query_params = {
    include_deleted: include_deleted
  }
  request = request_with_query_params("/v1/b2b/organizations/members/dangerously_get/#{member_id}", query_params)
  get_request(request, headers)
end

#delete(organization_id:, member_id:, method_options: nil) ⇒ Object

Deletes a Member specified by ‘organization_id` and `member_id`.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The ‘member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member. The type of this field is String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The type of this field is String.

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::Members::DeleteRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 1126

def delete(
  organization_id:,
  member_id:,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", headers)
end

#delete_mfa_phone_number(organization_id:, member_id:, method_options: nil) ⇒ Object

Delete a Member’s MFA phone number.

To change a Member’s phone number, you must first call this endpoint to delete the existing phone number.

Existing Member Sessions that include a phone number authentication factor will not be revoked if the phone number is deleted, and MFA will not be enforced until the Member logs in again. If you wish to enforce MFA immediately after a phone number is deleted, you can do so by prompting the Member to enter a new phone number and calling the [OTP SMS send](stytch.com/docs/b2b/api/otp-sms-send) endpoint, then calling the [OTP SMS Authenticate](stytch.com/docs/b2b/api/authenticate-otp-sms) endpoint.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The ‘member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member. The type of this field is String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The type of this field is String.

member

The [Member object](stytch.com/docs/b2b/api/member-object) The type of this field is Member (object).

organization

The [Organization object](stytch.com/docs/b2b/api/organization-object). The type of this field is Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::Members::DeleteMFAPhoneNumberRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 1216

def delete_mfa_phone_number(
  organization_id:,
  member_id:,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  delete_request("/v1/b2b/organizations/#{organization_id}/members/mfa_phone_numbers/#{member_id}", headers)
end

#delete_password(organization_id:, member_password_id:, method_options: nil) ⇒ Object

Delete a Member’s password.

This endpoint only works for Organization-scoped passwords. For cross-org password Projects, use [Require Password Reset By Email](stytch.com/docs/b2b/api/passwords-require-reset-by-email) instead.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

member_password_id

Globally unique UUID that identifies a Member’s password. The type of this field is String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The type of this field is String.

member

The [Member object](stytch.com/docs/b2b/api/member-object) The type of this field is Member (object).

organization

The [Organization object](stytch.com/docs/b2b/api/organization-object). The type of this field is Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::Members::DeletePasswordRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 1362

def delete_password(
  organization_id:,
  member_password_id:,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  delete_request("/v1/b2b/organizations/#{organization_id}/members/passwords/#{member_password_id}", headers)
end

#delete_totp(organization_id:, member_id:, method_options: nil) ⇒ Object

Delete a Member’s MFA TOTP registration.

To mint a new registration for a Member, you must first call this endpoint to delete the existing registration.

Existing Member Sessions that include the TOTP authentication factor will not be revoked if the registration is deleted, and MFA will not be enforced until the Member logs in again.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The ‘member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member. The type of this field is String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The type of this field is String.

member

The [Member object](stytch.com/docs/b2b/api/member-object) The type of this field is Member (object).

organization

The [Organization object](stytch.com/docs/b2b/api/organization-object). The type of this field is Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::Members::DeleteTOTPRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 1260

def delete_totp(
  organization_id:,
  member_id:,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/totp", headers)
end

#get(organization_id:, member_id: nil, email_address: nil) ⇒ Object

Get a Member by ‘member_id` or `email_address`.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The ‘member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member. The type of this field is nilable String.

email_address

The email address of the Member. The type of this field is nilable String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The type of this field is String.

member

The [Member object](stytch.com/docs/b2b/api/member-object) The type of this field is Member (object).

organization

The [Organization object](stytch.com/docs/b2b/api/organization-object). The type of this field is Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

# File 'lib/stytch/b2b_organizations.rb', line 1768

def get(
  organization_id:,
  member_id: nil,
  email_address: nil
)
  headers = {}
  query_params = {
    member_id: member_id,
    email_address: email_address
  }
  request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/member", query_params)
  get_request(request, headers)
end

#get_connected_apps(organization_id:, member_id:, method_options: nil) ⇒ Object

Member Get Connected Apps retrieves a list of Connected Apps with which the Member has successfully completed an authorization flow. If the Member revokes a Connected App’s access (e.g. via the Revoke Connected App endpoint) then the Connected App will no longer be returned in the response. A Connected App’s access may also be revoked if the Organization’s allowed Connected App policy changes.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The ‘member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member. The type of this field is String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

connected_apps

An array of Connected Apps with which the Member has successfully completed an authorization flow. The type of this field is list of MemberConnectedApp (object).

status_code

(no documentation yet) The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::Members::GetConnectedAppsRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 1634

def get_connected_apps(
  organization_id:,
  member_id:,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  query_params = {}
  request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/connected_apps", query_params)
  get_request(request, headers)
end

#oidc_providers(organization_id:, member_id:, include_refresh_token: nil) ⇒ Object

Retrieve the saved OIDC access tokens and ID tokens for a member. After a successful OIDC login, Stytch will save the issued access token and ID token from the identity provider. If a refresh token has been issued, Stytch will refresh the access token automatically.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The ‘member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member. The type of this field is String.

include_refresh_token

Whether to return the refresh token Stytch has stored for the OAuth Provider. Defaults to false. Important: If your application exchanges the refresh token, Stytch may not be able to automatically refresh access tokens in the future. The type of this field is nilable Boolean.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

registrations

A list of tokens the member is registered with. The type of this field is list of OIDCProviderInfo (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

# File 'lib/stytch/b2b_organizations.rb', line 1437

def oidc_providers(
  organization_id:,
  member_id:,
  include_refresh_token: nil
)
  headers = {}
  query_params = {
    include_refresh_token: include_refresh_token
  }
  request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/oidc_providers", query_params)
  get_request(request, headers)
end

#reactivate(organization_id:, member_id:, method_options: nil) ⇒ Object

Reactivates a deleted Member’s status and its associated email status (if applicable) to active, specified by ‘organization_id` and `member_id`. This endpoint will only work for Members with at least one verified email where their `email_address_verified` is `true`.

Note that this endpoint does not accept an ‘external_id`. The Stytch `member_id` must be provided.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The ‘member_id` is critical to perform operations on a Member, so be sure to preserve this value. The type of this field is String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The type of this field is String.

member

The [Member object](stytch.com/docs/b2b/api/member-object) The type of this field is Member (object).

organization

The [Organization object](stytch.com/docs/b2b/api/organization-object). The type of this field is Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::Members::ReactivateRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 1168

def reactivate(
  organization_id:,
  member_id:,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  request = {}

  put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/reactivate", request, headers)
end

#search(organization_ids:, cursor: nil, limit: nil, query: nil, method_options: nil) ⇒ Object

Warning: This endpoint is not recommended for use in login flows. Scaling issues may occur, as search performance may vary from ~150 milliseconds to 9 seconds depending on query complexity and rate limits are set to 100 requests/minute.

Search for Members within specified Organizations. An array with at least one ‘organization_id` is required. Submitting an empty `query` returns all non-deleted Members within the specified Organizations.

All fuzzy search filters require a minimum of three characters.

Parameters:

organization_ids

An array of organization_ids. At least one value is required. The type of this field is list of String.

cursor

The ‘cursor` field allows you to paginate through your results. Each result array is limited to 1000 results. If your query returns more than 1000 results, you will need to paginate the responses using the `cursor`. If you receive a response that includes a non-null `next_cursor` in the `results_metadata` object, repeat the search call with the `next_cursor` value set to the `cursor` field to retrieve the next page of results. Continue to make search calls until the `next_cursor` in the response is null. The type of this field is nilable String.

limit

The number of search results to return per page. The default limit is 100. A maximum of 1000 results can be returned by a single search request. If the total size of your result set is greater than one page size, you must paginate the response. See the ‘cursor` field. The type of this field is nilable Integer.

query

The optional query object contains the operator, i.e. ‘AND` or `OR`, and the operands that will filter your results. Only an operator is required. If you include no operands, no filtering will be applied. If you include no query object, it will return all Members with no filtering applied. The type of this field is nilable SearchQuery (object).

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

members

An array of [Member objects](stytch.com/docs/b2b/api/member-object). The type of this field is list of Member (object).

results_metadata

The search ‘results_metadata` object contains metadata relevant to your specific query like `total` and `next_cursor`. The type of this field is ResultsMetadata (object).

organizations

A map from ‘organization_id` to [Organization object](stytch.com/docs/b2b/api/organization-object). The map only contains the Organizations that the Members belongs to. The type of this field is map of String to Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::Members::SearchRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 1311

def search(
  organization_ids:,
  cursor: nil,
  limit: nil,
  query: nil,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  request = {
    organization_ids: organization_ids
  }
  request[:cursor] = cursor unless cursor.nil?
  request[:limit] = limit unless limit.nil?
  request[:query] = query unless query.nil?

  post_request('/v1/b2b/organizations/members/search', request, headers)
end

#start_email_update(organization_id:, member_id:, email_address:, login_redirect_url: nil, locale: nil, login_template_id: nil, delivery_method: nil, method_options: nil) ⇒ Object

Starts a self-serve email update for a Member specified by their ‘organization_id` and `member_id`. To perform a self-serve update, members must be active and have an active, verified email address.

The new email address must meet the following requirements:

• Must not be in use by another member (retired emails count as used until they are [unlinked](stytch.com/docs/b2b/api/unlink-retired-member-email))

• Must not be updating for another member (i.e. two members cannot attempt to update to the same email at once)

The member will receive an Email Magic Link (or Email OTP Code, if ‘EMAIL_OTP` is specified as the delivery method) that expires in 5 minutes. If they do not verify their new email address in that timeframe, the email will be freed up for other members to use.

If using Email Magic Links, the magic link will redirect to your ‘login_redirect_url` (or the configured default if one isn’t provided), and you should invoke the [Authenticate Magic Link](stytch.com/docs/b2b/api/authenticate-magic-link) endpoint as normal to complete the flow.

If using Email OTP Codes, you should invoke the [Authenticate Email OTP Code](stytch.com/docs/b2b/api/authenticate-email-otp) endpoint as normal to complete the flow. Make sure to pass the new email address to the endpoint.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The ‘member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member. The type of this field is String.

email_address

The new email address for the Member. The type of this field is String.

login_redirect_url

The URL that the Member clicks from the login Email Magic Link. This URL should be an endpoint in the backend server that verifies the request by querying Stytch’s authenticate endpoint and finishes the login. If this value is not passed, the default login redirect URL that you set in your Dashboard is used. If you have not set a default login redirect URL, an error is returned. The type of this field is nilable String.

locale

Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](www.w3.org/International/articles/language-tags/), e.g. ‘“en”`.

Currently supported languages are English (‘“en”`), Spanish (`“es”`), French (`“fr”`) and Brazilian Portuguese (`“pt-br”`); if no value is provided, the copy defaults to English.

Request support for additional languages [here](docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link“)!

The type of this field is nilable +StartEmailUpdateRequestLocale+ (string enum).

login_template_id

Use a custom template for login emails. By default, it will use your default email template. The template must be from Stytch’s

built-in customizations or a custom HTML email for Magic Links - Login.

The type of this field is nilable +String+.

delivery_method

The method that should be used to verify a member’s new email address. The options are ‘EMAIL_MAGIC_LINK` or `EMAIL_OTP`. This field is optional, if no value is provided, `EMAIL_MAGIC_LINK` will be used. The type of this field is nilable StartEmailUpdateRequestDeliveryMethod (string enum).

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The type of this field is String.

member

The [Member object](stytch.com/docs/b2b/api/member-object) The type of this field is Member (object).

organization

The [Organization object](stytch.com/docs/b2b/api/organization-object). The type of this field is Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::Members::StartEmailUpdateRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 1583

def start_email_update(
  organization_id:,
  member_id:,
  email_address:,
  login_redirect_url: nil,
  locale: nil,
  login_template_id: nil,
  delivery_method: nil,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  request = {
    email_address: email_address
  }
  request[:login_redirect_url] = login_redirect_url unless login_redirect_url.nil?
  request[:locale] = locale unless locale.nil?
  request[:login_template_id] = login_template_id unless login_template_id.nil?
  request[:delivery_method] = delivery_method unless delivery_method.nil?

  post_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/start_email_update", request, headers)
end

#unlink_retired_email(organization_id:, member_id:, email_id: nil, email_address: nil, method_options: nil) ⇒ Object

Unlinks a retired email address from a Member specified by their ‘organization_id` and `member_id`. The email address to be retired can be identified in the request body by either its `email_id`, its `email_address`, or both. If using both identifiers they must refer to the same email.

A previously active email address can be marked as retired in one of two ways:

• It’s replaced with a new primary email address during an explicit Member update.

• A new email address is surfaced by an OAuth, SAML or OIDC provider. In this case the new email address becomes the Member’s primary email address and the old primary email address is retired.

A retired email address cannot be used by other Members in the same Organization. However, unlinking retired email addresses allows them to be subsequently re-used by other Organization Members. Retired email addresses can be viewed on the [Member object](stytch.com/docs/b2b/api/member-object).

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The ‘member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member. The type of this field is String.

email_id

The globally unique UUID of a Member’s email. The type of this field is nilable String.

email_address

The email address of the Member. The type of this field is nilable String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The type of this field is String.

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. The type of this field is String.

member

The [Member object](stytch.com/docs/b2b/api/member-object) The type of this field is Member (object).

organization

The [Organization object](stytch.com/docs/b2b/api/organization-object). The type of this field is Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::Members::UnlinkRetiredEmailRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 1501

def unlink_retired_email(
  organization_id:,
  member_id:,
  email_id: nil,
  email_address: nil,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  request = {}
  request[:email_id] = email_id unless email_id.nil?
  request[:email_address] = email_address unless email_address.nil?

  post_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/unlink_retired_email", request, headers)
end

#update(organization_id:, member_id:, name: nil, trusted_metadata: nil, untrusted_metadata: nil, is_breakglass: nil, mfa_phone_number: nil, mfa_enrolled: nil, roles: nil, preserve_existing_sessions: nil, default_mfa_method: nil, email_address: nil, external_id: nil, unlink_email: nil, method_options: nil) ⇒ Object

Updates a Member specified by ‘organization_id` and `member_id`.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The ‘member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member. The type of this field is String.

name

The name of the Member.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.info.name` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.name` action on the `stytch.self` Resource.

The type of this field is nilable +String+.

trusted_metadata

An arbitrary JSON object for storing application-specific data or identity-provider-specific data.

If a session header is passed into the request, this field may **not** be passed into the request. You cannot
update trusted metadata when acting as a Member.

The type of this field is nilable object.

untrusted_metadata

An arbitrary JSON object of application-specific data. These fields can be edited directly by the frontend SDK, and should not be used to store critical information. See the [Metadata resource](stytch.com/docs/b2b/api/metadata) for complete field behavior details.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.info.untrusted-metadata` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.untrusted-metadata` action on the `stytch.self` Resource.

The type of this field is nilable +object+.

is_breakglass

Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization’s settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](stytch.com/docs/b2b/api/organization-object) and its ‘auth_methods` and `allowed_auth_methods` fields for more details.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.is-breakglass` action on the `stytch.member` Resource.

The type of this field is nilable +Boolean+.

mfa_phone_number

Sets the Member’s phone number. Throws an error if the Member already has a phone number. To change the Member’s phone number, use the [Delete member phone number endpoint](stytch.com/docs/b2b/api/delete-member-mfa-phone-number) to delete the Member’s existing phone number first.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.info.mfa-phone` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.mfa-phone` action on the `stytch.self` Resource.

The type of this field is nilable +String+.

mfa_enrolled

Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization’s MFA policy is set to ‘REQUIRED_FOR_ALL`.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.mfa-enrolled` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.mfa-enrolled` action on the `stytch.self` Resource.

The type of this field is nilable +Boolean+.

roles

Roles to explicitly assign to this Member.

Will completely replace any existing explicitly assigned roles. See the
[RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.

  If a Role is removed from a Member, and the Member is also implicitly assigned this Role from an SSO connection
  or an SSO group, we will by default revoke any existing sessions for the Member that contain any SSO
  authentication factors with the affected connection ID. You can preserve these sessions by passing in the
  `preserve_existing_sessions` parameter with a value of `true`.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.roles` action on the `stytch.member` Resource.

The type of this field is nilable list of +String+.

preserve_existing_sessions

Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned by SSO connection or SSO group. Defaults to ‘false` - that is, existing Member Sessions that contain SSO authentication factors with the affected SSO connection IDs will be revoked. The type of this field is nilable Boolean.

default_mfa_method

The Member’s default MFA method. This value is used to determine which secondary MFA method to use in the case of multiple methods registered for a Member. The current possible values are ‘sms_otp` and `totp`.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.default-mfa-method` action on the `stytch.member` Resource. Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.default-mfa-method` action on the `stytch.self` Resource.

The type of this field is nilable +String+.

email_address

Updates the Member’s ‘email_address`, if provided. This will clear any existing passwords and require re-verification of the new email address.

If a Member's email address is changed, other Members in the same Organization cannot use the old email address, although the Member may update back to their old email address.
A Member's email address can only be useable again by other Members if the Member is deleted.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.info.email` action on the `stytch.member` Resource. Members cannot update their own email address.

The type of this field is nilable +String+.

external_id

An identifier that can be used in most API calls where a ‘member_id` is expected. This is a string consisting of alphanumeric, `.`, `_`, `-`, or `|` characters with a maximum length of 128 characters. External IDs must be unique within an organization, but may be reused across different organizations in the same project. The type of this field is nilable String.

unlink_email

If ‘unlink_email` is `true` and an `email_address` is provided, the Member’s previous email will be deleted instead of retired. Defaults to ‘false`. The type of this field is nilable Boolean.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

member_id

Globally unique UUID that identifies a specific Member. The type of this field is String.

member

The [Member object](stytch.com/docs/b2b/api/member-object) The type of this field is Member (object).

organization

The [Organization object](stytch.com/docs/b2b/api/organization-object). The type of this field is Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::Members::UpdateRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 1066

def update(
  organization_id:,
  member_id:,
  name: nil,
  trusted_metadata: nil,
  untrusted_metadata: nil,
  is_breakglass: nil,
  mfa_phone_number: nil,
  mfa_enrolled: nil,
  roles: nil,
  preserve_existing_sessions: nil,
  default_mfa_method: nil,
  email_address: nil,
  external_id: nil,
  unlink_email: nil,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  request = {}
  request[:name] = name unless name.nil?
  request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
  request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil?
  request[:is_breakglass] = is_breakglass unless is_breakglass.nil?
  request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil?
  request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil?
  request[:roles] = roles unless roles.nil?
  request[:preserve_existing_sessions] = preserve_existing_sessions unless preserve_existing_sessions.nil?
  request[:default_mfa_method] = default_mfa_method unless default_mfa_method.nil?
  request[:email_address] = email_address unless email_address.nil?
  request[:external_id] = external_id unless external_id.nil?
  request[:unlink_email] = unlink_email unless unlink_email.nil?

  put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", request, headers)
end