Add DFP verdict reason override endpoints (#266)

Co-authored-by: Stytch Codegen Bot <[email protected]>

Author: ci-stytch

stytch/b2b/api/organizations.py

@@ -149,10 +149,24 @@ def create(
 
           - allowed_oauth_tenants: A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack", "hubspot", and "github".
           - claimed_email_domains: A list of email domains that are claimed by the Organization.
-          - first_party_connected_apps_allowed_type: (no documentation yet)
-          - allowed_first_party_connected_apps: (no documentation yet)
-          - third_party_connected_apps_allowed_type: (no documentation yet)
-          - allowed_third_party_connected_apps: (no documentation yet)
+          - first_party_connected_apps_allowed_type: The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are:
+
+          `ALL_ALLOWED` – any first party Connected App in the Project is permitted for use by Members.
+
+          `RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+
+          `NOT_ALLOWED` – no first party Connected Apps are permitted.
+
+          - allowed_first_party_connected_apps: An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization's `first_party_connected_apps_allowed_type` is `RESTRICTED`.
+          - third_party_connected_apps_allowed_type: The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are:
+
+          `ALL_ALLOWED` – any third party Connected App in the Project is permitted for use by Members.
+
+          `RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+
+          `NOT_ALLOWED` – no third party Connected Apps are permitted.
+
+          - allowed_third_party_connected_apps: An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization's `third_party_connected_apps_allowed_type` is `RESTRICTED`.
         """  # noqa
         headers: Dict[str, str] = {}
         data: Dict[str, Any] = {
@@ -317,10 +331,24 @@ async def create_async(
 
           - allowed_oauth_tenants: A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack", "hubspot", and "github".
           - claimed_email_domains: A list of email domains that are claimed by the Organization.
-          - first_party_connected_apps_allowed_type: (no documentation yet)
-          - allowed_first_party_connected_apps: (no documentation yet)
-          - third_party_connected_apps_allowed_type: (no documentation yet)
-          - allowed_third_party_connected_apps: (no documentation yet)
+          - first_party_connected_apps_allowed_type: The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are:
+
+          `ALL_ALLOWED` – any first party Connected App in the Project is permitted for use by Members.
+
+          `RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+
+          `NOT_ALLOWED` – no first party Connected Apps are permitted.
+
+          - allowed_first_party_connected_apps: An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization's `first_party_connected_apps_allowed_type` is `RESTRICTED`.
+          - third_party_connected_apps_allowed_type: The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are:
+
+          `ALL_ALLOWED` – any third party Connected App in the Project is permitted for use by Members.
+
+          `RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+
+          `NOT_ALLOWED` – no third party Connected Apps are permitted.
+
+          - allowed_third_party_connected_apps: An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization's `third_party_connected_apps_allowed_type` is `RESTRICTED`.
         """  # noqa
         headers: Dict[str, str] = {}
         data: Dict[str, Any] = {
@@ -563,10 +591,24 @@ def update(
 
         If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-oauth-tenants` action on the `stytch.organization` Resource.
           - claimed_email_domains: A list of email domains that are claimed by the Organization.
-          - first_party_connected_apps_allowed_type: (no documentation yet)
-          - allowed_first_party_connected_apps: (no documentation yet)
-          - third_party_connected_apps_allowed_type: (no documentation yet)
-          - allowed_third_party_connected_apps: (no documentation yet)
+          - first_party_connected_apps_allowed_type: The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are:
+
+          `ALL_ALLOWED` – any first party Connected App in the Project is permitted for use by Members.
+
+          `RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+
+          `NOT_ALLOWED` – no first party Connected Apps are permitted.
+
+          - allowed_first_party_connected_apps: An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization's `first_party_connected_apps_allowed_type` is `RESTRICTED`.
+          - third_party_connected_apps_allowed_type: The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are:
+
+          `ALL_ALLOWED` – any third party Connected App in the Project is permitted for use by Members.
+
+          `RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+
+          `NOT_ALLOWED` – no third party Connected Apps are permitted.
+
+          - allowed_third_party_connected_apps: An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization's `third_party_connected_apps_allowed_type` is `RESTRICTED`.
         """  # noqa
         headers: Dict[str, str] = {}
         if method_options is not None:
@@ -783,10 +825,24 @@ async def update_async(
 
         If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-oauth-tenants` action on the `stytch.organization` Resource.
           - claimed_email_domains: A list of email domains that are claimed by the Organization.
-          - first_party_connected_apps_allowed_type: (no documentation yet)
-          - allowed_first_party_connected_apps: (no documentation yet)
-          - third_party_connected_apps_allowed_type: (no documentation yet)
-          - allowed_third_party_connected_apps: (no documentation yet)
+          - first_party_connected_apps_allowed_type: The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are:
+
+          `ALL_ALLOWED` – any first party Connected App in the Project is permitted for use by Members.
+
+          `RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+
+          `NOT_ALLOWED` – no first party Connected Apps are permitted.
+
+          - allowed_first_party_connected_apps: An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization's `first_party_connected_apps_allowed_type` is `RESTRICTED`.
+          - third_party_connected_apps_allowed_type: The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are:
+
+          `ALL_ALLOWED` – any third party Connected App in the Project is permitted for use by Members.
+
+          `RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.
+
+          `NOT_ALLOWED` – no third party Connected Apps are permitted.
+
+          - allowed_third_party_connected_apps: An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization's `third_party_connected_apps_allowed_type` is `RESTRICTED`.
         """  # noqa
         headers: Dict[str, str] = {}
         if method_options is not None:

stytch/b2b/api/passwords_discovery_email.py

@@ -52,7 +52,7 @@ def reset_start(
           verifies the request by querying Stytch's discovery authenticate endpoint and continues the flow. If this value is not passed, the default
           discovery redirect URL that you set in your Dashboard is used. If you have not set a default discovery redirect URL, an error is returned.
           - reset_password_template_id: Use a custom template for reset password emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Reset Password.
-          - reset_password_expiration_minutes: Sets a time limit after which the email link to reset the member's password will no longer be valid.
+          - reset_password_expiration_minutes: Sets a time limit after which the email link to reset the member's password will no longer be valid. The minimum allowed expiration is 5 minutes and the maximum is 10080 minutes (7 days). By default, the expiration is 30 minutes.
           - pkce_code_challenge: (no documentation yet)
           - locale: Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
 
@@ -118,7 +118,7 @@ async def reset_start_async(
           verifies the request by querying Stytch's discovery authenticate endpoint and continues the flow. If this value is not passed, the default
           discovery redirect URL that you set in your Dashboard is used. If you have not set a default discovery redirect URL, an error is returned.
           - reset_password_template_id: Use a custom template for reset password emails. By default, it will use your default email template. The template must be a template using our built-in customizations or a custom HTML email for Passwords - Reset Password.
-          - reset_password_expiration_minutes: Sets a time limit after which the email link to reset the member's password will no longer be valid.
+          - reset_password_expiration_minutes: Sets a time limit after which the email link to reset the member's password will no longer be valid. The minimum allowed expiration is 5 minutes and the maximum is 10080 minutes (7 days). By default, the expiration is 30 minutes.
           - pkce_code_challenge: (no documentation yet)
           - locale: Used to determine which language to use when sending the user this delivery method. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`.
 

stytch/b2b/api/passwords_email.py

@@ -54,7 +54,7 @@ def reset_start(
           - reset_password_redirect_url: The URL that the Member clicks from the reset password link. This URL should be an endpoint in the backend server that verifies the request by querying
           Stytch's authenticate endpoint and finishes the reset password flow. If this value is not passed, the default `reset_password_redirect_url` that you set in your Dashboard is used.
           If you have not set a default `reset_password_redirect_url`, an error is returned.
-          - reset_password_expiration_minutes: Sets a time limit after which the email link to reset the member's password will no longer be valid.
+          - reset_password_expiration_minutes: Sets a time limit after which the email link to reset the member's password will no longer be valid. The minimum allowed expiration is 5 minutes and the maximum is 10080 minutes (7 days). By default, the expiration is 30 minutes.
           - code_challenge: A base64url encoded SHA256 hash of a one time secret used to validate that the request starts and ends on the same device.
           - login_redirect_url: The URL that the member clicks from the reset without password link. This URL should be an endpoint in the backend server
               that verifies the request by querying Stytch's authenticate endpoint and finishes the magic link flow. If this value is not passed, the
@@ -122,7 +122,7 @@ async def reset_start_async(
           - reset_password_redirect_url: The URL that the Member clicks from the reset password link. This URL should be an endpoint in the backend server that verifies the request by querying
           Stytch's authenticate endpoint and finishes the reset password flow. If this value is not passed, the default `reset_password_redirect_url` that you set in your Dashboard is used.
           If you have not set a default `reset_password_redirect_url`, an error is returned.
-          - reset_password_expiration_minutes: Sets a time limit after which the email link to reset the member's password will no longer be valid.
+          - reset_password_expiration_minutes: Sets a time limit after which the email link to reset the member's password will no longer be valid. The minimum allowed expiration is 5 minutes and the maximum is 10080 minutes (7 days). By default, the expiration is 30 minutes.
           - code_challenge: A base64url encoded SHA256 hash of a one time secret used to validate that the request starts and ends on the same device.
           - login_redirect_url: The URL that the member clicks from the reset without password link. This URL should be an endpoint in the backend server
               that verifies the request by querying Stytch's authenticate endpoint and finishes the magic link flow. If this value is not passed, the

stytch/consumer/api/fraud.py

@@ -8,6 +8,7 @@
 
 from stytch.consumer.api.fraud_fingerprint import Fingerprint
 from stytch.consumer.api.fraud_rules import Rules
+from stytch.consumer.api.fraud_verdict_reasons import VerdictReasons
 from stytch.core.api_base import ApiBase
 from stytch.core.http.client import AsyncClient, SyncClient
 
@@ -29,3 +30,8 @@ def __init__(
             sync_client=self.sync_client,
             async_client=self.async_client,
         )
+        self.verdict_reasons = VerdictReasons(
+            api_base=self.api_base,
+            sync_client=self.sync_client,
+            async_client=self.async_client,
+        )