import { Authorization } from "../shared/method_options"; import { DeviceInfo } from "../b2c/device_history"; import { fetchConfig } from "../shared"; import { Member, Organization } from "./organizations"; import { MemberSession, PrimaryRequired } from "./sessions"; import { MfaRequired } from "./mfa"; export interface B2BPasswordsEmailRequireResetRequestOptions { /** * Optional authorization object. * Pass in an active Stytch Member session token or session JWT and the request * will be run using that member's permissions. */ authorization?: Authorization; } export interface B2BPasswordsEmailRequireResetRequest { email_address: string; /** * Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to * perform operations on an Organization, so be sure to preserve this value. You may also use the * organization_slug or organization_external_id here as a convenience. */ organization_id?: string; /** * Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform * operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set * for the member. */ member_id?: string; } export interface B2BPasswordsEmailRequireResetResponse { /** * Globally unique UUID that is returned with every API call. This value is important to log for debugging * purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. */ request_id: string; /** * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. */ status_code: number; member_id?: string; member?: Member; organization?: Organization; } export interface B2BPasswordsEmailResetRequest { password_reset_token: string; /** * The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. * spaces, emojis, non-English characters, etc. */ password: string; /** * Reuse an existing session instead of creating a new one. If you provide a `session_token`, Stytch will * update the session. * If the `session_token` and `magic_links_token` belong to different Members, the `session_token` * will be ignored. This endpoint will error if * both `session_token` and `session_jwt` are provided. */ session_token?: string; /** * Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't * already exist, * returning both an opaque `session_token` and `session_jwt` for this session. Remember that the * `session_jwt` will have a fixed lifetime of * five minutes regardless of the underlying session duration, and will need to be refreshed over time. * * This value must be a minimum of 5 and a maximum of 527040 minutes (366 days). * * If a `session_token` or `session_jwt` is provided then a successful authentication will continue to * extend the session this many minutes. * * If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a * 60 minute duration. If you don't want * to use the Stytch session product, you can ignore the session fields in the response. */ session_duration_minutes?: number; /** * Reuse an existing session instead of creating a new one. If you provide a `session_jwt`, Stytch will * update the session. If the `session_jwt` * and `magic_links_token` belong to different Members, the `session_jwt` will be ignored. This * endpoint will error if both `session_token` and `session_jwt` * are provided. */ session_jwt?: string; code_verifier?: string; /** * Add a custom claims map to the Session being authenticated. Claims are only created if a Session is * initialized by providing a value in * `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a * key in an existing Session, supply a new value. To * delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, * `exp`, `nbf`, `iat`, `jti`) will be ignored. * Total custom claims size cannot exceed four kilobytes. */ session_custom_claims?: Record; /** * If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will * pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be * used to determine which language to use when sending the passcode. * * Parameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), * e.g. `"en"`. * * Currently supported languages are English (`"en"`), Spanish (`"es"`), and Brazilian Portuguese * (`"pt-br"`); if no value is provided, the copy defaults to English. * * Request support for additional languages * [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! * */ locale?: "en" | "es" | "pt-br" | "fr" | string; /** * Adds this primary authentication factor to the intermediate session token. If the resulting set of * factors satisfies the organization's primary authentication requirements and MFA requirements, the * intermediate session token will be consumed and converted to a member session. If not, the same * intermediate session token will be returned. */ intermediate_session_token?: string; /** * If the `telemetry_id` is passed, as part of this request, Stytch will call the * [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated * fingerprints and IPGEO information for the Member. Your workspace must be enabled for Device * Fingerprinting to use this feature. */ telemetry_id?: string; } export interface B2BPasswordsEmailResetResponse { /** * Globally unique UUID that is returned with every API call. This value is important to log for debugging * purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. */ request_id: string; member_id: string; member_email_id: string; /** * Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to * perform operations on an Organization, so be sure to preserve this value. */ organization_id: string; member: Member; session_token: string; session_jwt: string; organization: Organization; /** * The returned Intermediate Session Token contains a password factor associated with the Member. If this * value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The * token can be used with the * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), * [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or * [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an * MFA flow and log in to the Organization. The token has a default expiry of 10 minutes. Password factors * are not transferable between Organizations, so the intermediate session token is not valid for use with * discovery endpoints. */ intermediate_session_token: string; /** * Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step * to log in to the Organization. */ member_authenticated: boolean; /** * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. */ status_code: number; member_session?: MemberSession; mfa_required?: MfaRequired; primary_required?: PrimaryRequired; /** * If a valid `telemetry_id` was passed in the request and the * [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the * `member_device` response field will contain information about the member's device attributes. */ member_device?: DeviceInfo; } export interface B2BPasswordsEmailResetStartRequest { /** * Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to * perform operations on an Organization, so be sure to preserve this value. You may also use the * organization_slug or organization_external_id here as a convenience. */ organization_id: string; email_address: string; /** * The URL that the Member is redirected to from the reset password magic link. This URL should display * your application's reset password page. * Before rendering the reset page, extract the `token` from the query parameters. On the reset page, * collect the new password and complete the flow by calling the corresponding Password Reset by Email * endpoint. * If this parameter is not specified, the default Reset Password redirect URL configured in the * Dashboard will be used. If you have not set a default Reset Password redirect URL, an error is returned. */ reset_password_redirect_url?: string; /** * Sets a time limit after which the email link to reset the member's password will no longer be valid. The * minimum allowed expiration is 5 minutes and the maximum is 10080 minutes (7 days). By default, the * expiration is 30 minutes. */ reset_password_expiration_minutes?: number; /** * A base64url encoded SHA256 hash of a one time secret used to validate that the request starts and ends * on the same device. */ code_challenge?: string; /** * The URL that Members are redirected to upon clicking the "Log in without password" button in password * reset emails. * * After Members are redirected to the login redirect URL, your application should retrieve the * `token` value from the URL parameters and call the * [Magic Link Authenticate endpoint](https://stytch.com/docs/api/authenticate-magic-link) to log the * Member in without requiring a password reset. If this value is not provided, your project's default * login redirect URL will be used. If you have not set a default login redirect URL, an error will be * returned. */ login_redirect_url?: string; /** * Used to determine which language to use when sending the user this delivery method. Parameter is an * [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. * * Currently supported languages are English (`"en"`), Spanish (`"es"`), French (`"fr"`) and Brazilian * Portuguese (`"pt-br"`); if no value is provided, the copy defaults to English. * * Request support for additional languages * [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link")! * */ locale?: "en" | "es" | "pt-br" | "fr" | string; /** * Use a custom template for reset password emails. By default, it will use your default email template. * Templates can be added in the [Stytch dashboard](https://stytch.com/dashboard/templates) using our * built-in customization options or custom HTML templates with type “Passwords - Reset Password”. */ reset_password_template_id?: string; /** * Use a custom template for verification emails sent during password reset flows. When cross-organization * passwords are enabled for your Project, this template will be used the first time a user sets a password * via a * password reset flow. By default, it will use your default email template. Templates can be added in * the [Stytch dashboard](https://stytch.com/dashboard/templates) using our built-in customization options * or custom HTML templates with type “Passwords - Email Verification”. */ verify_email_template_id?: string; } export interface B2BPasswordsEmailResetStartResponse { /** * Globally unique UUID that is returned with every API call. This value is important to log for debugging * purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. */ request_id: string; member_id: string; member_email_id: string; member: Member; /** * The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. * 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. */ status_code: number; } export declare class Email { private fetchConfig; constructor(fetchConfig: fetchConfig); /** * Initiates a password reset for the email address provided. This will trigger an email to be sent to the * address, containing a magic link that will allow them to set a new password and authenticate. * * This endpoint adapts to your Project's password strength configuration. * If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your * passwords are considered valid * if the strength score is >= 3. If you're using * [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are * considered valid if they meet the requirements that you've set with Stytch. * You may update your password strength configuration on the * [Passwords Policy page](https://stytch.com/dashboard/password-strength-config) in the Stytch Dashboard. * @param data {@link B2BPasswordsEmailResetStartRequest} * @returns {@link B2BPasswordsEmailResetStartResponse} * @async * @throws A {@link StytchError} on a non-2xx response from the Stytch API * @throws A {@link RequestError} when the Stytch API cannot be reached */ resetStart(data: B2BPasswordsEmailResetStartRequest): Promise; /** * Reset the Member's password and authenticate them. This endpoint checks that the password reset token is * valid, hasn’t expired, or already been used. * * The provided password needs to meet our password strength requirements, which can be checked in advance * with the password strength endpoint. If the token and password are accepted, the password is securely * stored for future authentication and the user is authenticated. * * If the Member is required to complete MFA to log in to the Organization, the returned value of * `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. * The `intermediate_session_token` can be passed into the * [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the * MFA step and acquire a full member session. * The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. * * If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an * MFA step. * * Note that a successful password reset by email will revoke all active sessions for the `member_id`. * @param data {@link B2BPasswordsEmailResetRequest} * @returns {@link B2BPasswordsEmailResetResponse} * @async * @throws A {@link StytchError} on a non-2xx response from the Stytch API * @throws A {@link RequestError} when the Stytch API cannot be reached */ reset(data: B2BPasswordsEmailResetRequest): Promise; /** * Require a password be reset by the associated email address. This endpoint is only functional for * cross-org password use cases. * * If there are is only one active Member using the associated email address in the Project, the password * will be deleted. * @param data {@link B2BPasswordsEmailRequireResetRequest} * @param options {@link B2BPasswordsEmailRequireResetRequestOptions} * @returns {@link B2BPasswordsEmailRequireResetResponse} * @async * @throws A {@link StytchError} on a non-2xx response from the Stytch API * @throws A {@link RequestError} when the Stytch API cannot be reached */ requireReset(data: B2BPasswordsEmailRequireResetRequest, options?: B2BPasswordsEmailRequireResetRequestOptions): Promise; }