Stytch · Schema
api_b2b_session_v1_AuthenticateRequest
Request type
AuthenticationIdentityPasswordlessSecurityB2BConnected AppsMCPAI AgentsDeveloper Tools
Properties
| Name | Type | Description |
|---|---|---|
| session_token | string | A secret token for a given Stytch Session. |
| session_duration_minutes | integer | Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, returning both an opaque `session_token` and `session_jwt` for this session. Reme |
| session_jwt | string | The JSON Web Token (JWT) for a given Stytch Session. |
| session_custom_claims | object | Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Sessi |
| authorization_check | object | If an `authorization_check` object is passed in, this endpoint will also check if the Member is authorized to perform the given action on the given Resource in the specified Organization. A Member is |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/api_b2b_session_v1_AuthenticateRequest",
"title": "api_b2b_session_v1_AuthenticateRequest",
"type": "object",
"properties": {
"session_token": {
"type": "string",
"description": "A secret token for a given Stytch Session."
},
"session_duration_minutes": {
"type": "integer",
"format": "int32",
"description": "Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,\n returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of\n five minutes regardless of the underlying session duration, and will need to be refreshed over time.\n\n This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).\n\n If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.\n\n If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want\n to use the Stytch session product, you can ignore the session fields in the response."
},
"session_jwt": {
"type": "string",
"description": "The JSON Web Token (JWT) for a given Stytch Session."
},
"session_custom_claims": {
"type": "object",
"additionalProperties": true,
"description": "Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in\n `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To\n delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.\n Total custom claims size cannot exceed four kilobytes."
},
"authorization_check": {
"$ref": "#/components/schemas/api_b2b_session_v1_AuthorizationCheck",
"description": "If an `authorization_check` object is passed in, this endpoint will also check if the Member is\n authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if\n their Member Session contains a Role, assigned\n [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions.\n In addition, the `organization_id` passed in the authorization check must match the Member's Organization.\n\n The Roles on the Member Session may differ from the Roles you see on the Member object - Roles that are implicitly\n assigned by SSO connection or SSO group will only be valid for a Member Session if there is at least one authentication\n factor on the Member Session from the specified SSO connection.\n\n If the Member is not authorized to perform the specified action on the specified Resource, or if the\n `organization_id` does not match the Member's Organization, a 403 error will be thrown.\n Otherwise, the response will contain a list of Roles that satisfied the authorization check."
}
},
"description": "Request type"
}