> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Migrate Session

> Migrate a session from an external OIDC compliant endpoint.

Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](https://stytch.com/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing user and create a Stytch Session. You will need to create the user before using this endpoint.


## OpenAPI

````yaml POST /v1/sessions/migrate
openapi: 3.0.3
info:
  title: Stytch API
  description: The Stytch API provides endpoints for authentication and user management.
  version: 2.1.1
  contact:
    name: Stytch Support
    url: https://stytch.com/docs
    email: support@stytch.com
servers:
  - url: https://api.stytch.com
    description: Production server
  - url: https://test.stytch.com
    description: Test server
security:
  - basicAuth: []
paths:
  /v1/sessions/migrate:
    post:
      tags:
        - Session
      summary: Migrate
      description: >-
        Migrate a session from an external OIDC compliant endpoint. Stytch will
        call the external UserInfo endpoint defined in your Stytch Project
        settings in the [Dashboard](https://stytch.com/dashboard), and then
        perform a lookup using the `session_token`. If the response contains a
        valid email address, Stytch will attempt to match that email address
        with an existing User and create a Stytch Session. You will need to
        create the user before using this endpoint.
      operationId: api_session_v1_Migrate
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/api_session_v1_MigrateRequest'
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/api_session_v1_MigrateResponse'
        '400':
          description: Bad request
        '401':
          description: Unauthorized
          content:
            application/json:
              example:
                status_code: 401
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: unauthorized_credentials
                error_message: Unauthorized credentials.
                error_url: https://stytch.com/docs/api/errors/401
        '429':
          description: Too Many Requests
          content:
            application/json:
              example:
                status_code: 429
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: too_many_requests
                error_message: Too many requests have been made.
                error_url: https://stytch.com/docs/api/errors/429
        '500':
          description: Internal server error
          content:
            application/json:
              example:
                status_code: 500
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: internal_server_error
                error_message: >-
                  Oops, something seems to have gone wrong, please reach out to
                  support@stytch.com to let us know what went wrong.
                error_url: https://stytch.com/docs/api/errors/500
      x-code-samples:
        - lang: csharp
          label: C#
          source: |-
            // POST /v1/sessions/migrate
            const stytch = require('stytch');

            const client = new stytch.Client({
              project_id: '${projectId}',
              secret: '${secret}',
            });

            const params = {
              session_token: "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
            };

            client.Sessions.Migrate(params)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: go
          label: Go
          source: "// POST /v1/sessions/migrate\npackage main\n\nimport (\n\t\"context\"\n\t\"log\"\n\n\t\"github.com/stytchauth/stytch-go/v18/stytch/consumer/sessions\"\n\t\"github.com/stytchauth/stytch-go/v18/stytch/consumer/stytchapi\"\n)\n\nfunc main() {\n\tclient, err := stytchapi.NewClient(\n\t\t\"${projectId}\",\n\t\t\"${secret}\",\n\t)\n\tif err != nil {\n\t\tlog.Fatalf(\"error instantiating client: %v\", err)\n\t}\n\n\tparams := &sessions.MigrateParams{\n\t\tSessionToken: \"mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q\",\n\t}\n\n\tresp, err := client.Sessions.Migrate(context.Background(), params)\n\tif err != nil {\n\t\tlog.Fatalf(\"error in method call: %v\", err)\n\t}\n\n\tlog.Println(resp)\n}\n"
        - lang: java
          label: Java
          source: |-
            // POST /v1/sessions/migrate
            package com.example;

            import com.stytch.java.common.StytchResult;
            import com.stytch.java.consumer.models.sessions.MigrateRequest;
            import com.stytch.java.consumer.StytchClient;

            public class Main {
                public static void main(String[] args) {
                    StytchClient.configure("${projectId}", "${secret}");

                    MigrateRequest params = new MigrateRequest();
                    params.setSessionToken("mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q");

                    Object result = StytchClient.getSessions().migrate(params);
                    if (result instanceof StytchResult.Success) {
                      System.out.println(((StytchResult.Success) result).getValue());
                    } else {
                      System.out.println(((StytchResult.Error) result).getException());
                    }
                }
            }
        - lang: kotlin
          label: Kotlin
          source: |
            // POST /v1/sessions/migrate
            package com.example

            import com.stytch.java.consumer.StytchClient
            import com.stytch.java.consumer.models.sessions.MigrateRequest

            fun main() {
                StytchClient.configure(
                    projectId = "${projectId}",
                    secret = "${secret}",
                )

                when (
                    val result =
                        StytchClient.sessions.migrate(
                            MigrateRequest(
                                sessionToken = "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
                            ),
                        )
                ) {
                    is StytchResult.Success -> println(result.value)
                    is StytchResult.Error -> println(result.exception)
                }
            }
        - lang: javascript
          label: Node.js
          source: |-
            // POST /v1/sessions/migrate
            const stytch = require('stytch');

            const client = new stytch.Client({
              project_id: '${projectId}',
              secret: '${secret}',
            });

            const params = {
              session_token: "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
            };

            client.sessions.migrate(params)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: php
          label: PHP
          source: |-
            $response = $client->sessions->migrate([
                'session_token' => 'mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q',
            ]);
        - lang: python
          label: Python
          source: |
            # POST /v1/sessions/migrate
            from stytch import Client

            client = Client(
                project_id="${projectId}",
                secret="${secret}",
            )

            resp = client.sessions.migrate(
                session_token="mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
            )

            print(resp)
        - lang: ruby
          label: Ruby
          source: |-
            # frozen_string_literal: true

            # POST /v1/sessions/migrate
            require 'stytch'

            client = Stytch::Client.new(
              project_id: "${projectId}",
              secret: "${secret}"
            )

            resp = client.sessions.migrate(
              session_token: "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q"
              
            )

            puts resp
        - lang: rust
          label: Rust
          source: |-
            // POST /v1/sessions/migrate
            use stytch::consumer::client::Client;
            use stytch::consumer::sessions::MigrateRequest;

            fn main() {
                let client = Client::new("${projectId}", "${secret}").unwrap();
                let resp = client.sessions.migrate(
                    MigrateRequest{
                        session_token: "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
                        ..Default::default()
                    }
                ).await;
                println!("The response is {:?}", resp);
            }
        - lang: bash
          label: cURL
          source: |-
            # POST /v1/sessions/migrate
            curl --request POST \
              --url https://test.stytch.com/v1/sessions/migrate \
              -u '${projectId}:${secret}' \
              -H 'Content-Type: application/json' \
              -d '{
                "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q"
              }'
components:
  schemas:
    api_session_v1_MigrateRequest:
      type: object
      properties:
        session_token:
          type: string
          description: >-
            The authorization token Stytch will pass in to the external userinfo
            endpoint.
        session_duration_minutes:
          type: integer
          format: int32
          description: >-
            Set the session lifetime to be this many minutes from now. This will
            start a new session if one doesn't already exist,
              returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of
              five minutes regardless of the underlying session duration, and will need to be refreshed over time.

              This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).

              If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.

              If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created.
        session_custom_claims:
          type: object
          additionalProperties: true
          description: >-
            Add a custom claims map to the Session being authenticated. Claims
            are only created if a Session is initialized by providing a value in
            `session_duration_minutes`. Claims will be included on the Session
            object and in the JWT. To update a key in an existing Session,
            supply a new value. To delete a key, supply a null value.

              Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes.
        telemetry_id:
          type: string
          description: >-
            If the `telemetry_id` is passed, as part of this request, Stytch
            will call the [Fingerprint Lookup
            API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store
            the associated fingerprints and IPGEO information for the User. Your
            workspace must be enabled for Device Fingerprinting to use this
            feature.
      description: Request type
      required:
        - session_token
    api_session_v1_MigrateResponse:
      type: object
      properties:
        request_id:
          type: string
          description: >-
            Globally unique UUID that is returned with every API call. This
            value is important to log for debugging purposes; we may ask for
            this value to help identify a specific API call when helping you
            debug an issue.
        user_id:
          type: string
          description: The unique ID of the affected User.
        session_token:
          type: string
          description: A secret token for a given Stytch Session.
        session_jwt:
          type: string
          description: The JSON Web Token (JWT) for a given Stytch Session.
        user:
          $ref: '#/components/schemas/api_user_v1_User'
          description: >-
            The `user` object affected by this API call. See the [Get user
            endpoint](https://stytch.com/docs/api/get-user) for complete
            response field details.
        status_code:
          type: integer
          format: int32
        session:
          $ref: '#/components/schemas/api_session_v1_Session'
          description: >-
            If you initiate a Session, by including `session_duration_minutes`
            in your authenticate call, you'll receive a full Session object in
            the response.

              See [Session object](https://stytch.com/docs/api/session-object) for complete response fields.
              
        user_device:
          $ref: '#/components/schemas/api_device_history_v1_DeviceInfo'
          description: >-
            If a valid `telemetry_id` was passed in the request and the
            [Fingerprint Lookup
            API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned
            results, the `user_device` response field will contain information
            about the user's device attributes.
      required:
        - request_id
        - user_id
        - session_token
        - session_jwt
        - user
        - status_code
    api_user_v1_User:
      type: object
      properties:
        user_id:
          type: string
          description: The unique ID of the affected User.
        emails:
          type: array
          items:
            $ref: '#/components/schemas/api_user_v1_Email'
          description: An array of email objects for the User.
        status:
          type: string
          description: >-
            The status of the User. The possible values are `pending` and
            `active`.
        phone_numbers:
          type: array
          items:
            $ref: '#/components/schemas/api_user_v1_PhoneNumber'
          description: An array of phone number objects linked to the User.
        webauthn_registrations:
          type: array
          items:
            $ref: '#/components/schemas/api_user_v1_WebAuthnRegistration'
          description: >-
            An array that contains a list of all Passkey or WebAuthn
            registrations for a given User in the Stytch API.
        providers:
          type: array
          items:
            $ref: '#/components/schemas/api_user_v1_OAuthProvider'
          description: An array of OAuth `provider` objects linked to the User.
        totps:
          type: array
          items:
            $ref: '#/components/schemas/api_user_v1_TOTP'
          description: >-
            An array containing a list of all TOTP instances for a given User in
            the Stytch API.
        crypto_wallets:
          type: array
          items:
            $ref: '#/components/schemas/api_user_v1_CryptoWallet'
          description: >-
            An array contains a list of all crypto wallets for a given User in
            the Stytch API.
        biometric_registrations:
          type: array
          items:
            $ref: '#/components/schemas/api_user_v1_BiometricRegistration'
          description: >-
            An array that contains a list of all biometric registrations for a
            given User in the Stytch API.
        is_locked:
          type: boolean
          description: >-
            Whether the User is temporarily locked due to too many failed
            authentication attempts. See the [User Locking
            Guide](https://stytch.com/docs/resources/platform/user-locks) for
            more information.
        roles:
          type: array
          items:
            type: string
          description: |-
            Roles assigned to this User.
               See the [RBAC guide](https://stytch.com/docs/guides/rbac/role-assignment) for more information about role assignment.
        name:
          $ref: '#/components/schemas/api_user_v1_Name'
          description: The name of the User. Each field in the `name` object is optional.
        created_at:
          type: string
          description: >-
            The timestamp of the User's creation. Values conform to the RFC 3339
            standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
        password:
          $ref: '#/components/schemas/api_user_v1_Password'
          description: The password object is returned for users with a password.
        trusted_metadata:
          type: object
          additionalProperties: true
          description: >-
            The `trusted_metadata` field contains an arbitrary JSON object of
            application-specific data. See the
            [Metadata](https://stytch.com/docs/api/metadata) reference for
            complete field behavior details.
        untrusted_metadata:
          type: object
          additionalProperties: true
          description: >-
            The `untrusted_metadata` field contains an arbitrary JSON object of
            application-specific data. Untrusted metadata can be edited by end
            users directly via the SDK, and **cannot be used to store critical
            information.** See the
            [Metadata](https://stytch.com/docs/api/metadata) reference for
            complete field behavior details.
        external_id:
          type: string
          description: >-
            An identifier that can be used in most API calls where a `member_id`
            is expected. This is a string consisting of alphanumeric, `.`, `_`,
            `-`, or `|` characters with a maximum length of 128 characters.
            External IDs must be unique within the project.
        lock_created_at:
          type: string
          description: >-
            When the user lock was created, if there is one. Values conform to
            the RFC 3339 standard and are expressed in UTC, e.g.
            `2021-12-29T12:33:09Z`.
        lock_expires_at:
          type: string
          description: >-
            When the user lock expires, if there is one. Values conform to the
            RFC 3339 standard and are expressed in UTC, e.g.
            `2021-12-29T12:33:09Z`.
      required:
        - user_id
        - emails
        - status
        - phone_numbers
        - webauthn_registrations
        - providers
        - totps
        - crypto_wallets
        - biometric_registrations
        - is_locked
        - roles
    api_session_v1_Session:
      type: object
      properties:
        session_id:
          type: string
          description: A unique identifier for a specific Session.
        user_id:
          type: string
          description: The unique ID of the affected User.
        authentication_factors:
          type: array
          items:
            $ref: '#/components/schemas/api_session_v1_AuthenticationFactor'
          description: >-
            An array of different authentication factors that comprise a
            Session.
        roles:
          type: array
          items:
            type: string
        started_at:
          type: string
          description: >-
            The timestamp when the Session was created. Values conform to the
            RFC 3339 standard and are expressed in UTC, e.g.
            `2021-12-29T12:33:09Z`.
        last_accessed_at:
          type: string
          description: >-
            The timestamp when the Session was last accessed. Values conform to
            the RFC 3339 standard and are expressed in UTC, e.g.
            `2021-12-29T12:33:09Z`.
        expires_at:
          type: string
          description: >-
            The timestamp when the Session expires. Values conform to the RFC
            3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
        attributes:
          $ref: '#/components/schemas/api_attribute_v1_Attributes'
          description: Provided attributes help with fraud detection.
        custom_claims:
          type: object
          additionalProperties: true
          description: >-
            The custom claims map for a Session. Claims can be added to a
            session during a Sessions authenticate call.
      required:
        - session_id
        - user_id
        - authentication_factors
        - roles
    api_device_history_v1_DeviceInfo:
      type: object
      properties:
        visitor_id:
          type: string
          description: >-
            The `visitor_id` (a unique identifier) of the user's device. See the
            [Device Fingerprinting
            documentation](https://stytch.com/docs/fraud/guides/device-fingerprinting/fingerprints)
            for more details on the `visitor_id`.
        visitor_id_details:
          $ref: '#/components/schemas/api_device_history_v1_DeviceAttributeDetails'
          description: Information about the `visitor_id`.
        ip_address:
          type: string
          description: The IP address of the user's device.
        ip_address_details:
          $ref: '#/components/schemas/api_device_history_v1_DeviceAttributeDetails'
          description: Information about the `ip_address`.
        ip_geo_city:
          type: string
          description: The city where the IP address is located.
        ip_geo_region:
          type: string
          description: The region where the IP address is located.
        ip_geo_country:
          type: string
          description: The country code where the IP address is located.
        ip_geo_country_details:
          $ref: '#/components/schemas/api_device_history_v1_DeviceAttributeDetails'
          description: Information about the `ip_geo_country`.
      required:
        - visitor_id
    api_user_v1_Email:
      type: object
      properties:
        email_id:
          type: string
          description: The unique ID of a specific email address.
        email:
          type: string
          description: The email address.
        verified:
          type: boolean
          description: >-
            The verified boolean denotes whether or not this send method, e.g.
            phone number, email address, etc., has been successfully
            authenticated by the User.
      required:
        - email_id
        - email
        - verified
    api_user_v1_PhoneNumber:
      type: object
      properties:
        phone_id:
          type: string
          description: The unique ID for the phone number.
        phone_number:
          type: string
          description: The phone number.
        verified:
          type: boolean
          description: >-
            The verified boolean denotes whether or not this send method, e.g.
            phone number, email address, etc., has been successfully
            authenticated by the User.
      required:
        - phone_id
        - phone_number
        - verified
    api_user_v1_WebAuthnRegistration:
      type: object
      properties:
        webauthn_registration_id:
          type: string
          description: The unique ID for the Passkey or WebAuthn registration.
        domain:
          type: string
          description: >-
            The `domain` on which Passkey or WebAuthn registration was started.
            This will be the domain of your app.
        user_agent:
          type: string
          description: The user agent of the User.
        verified:
          type: boolean
          description: >-
            The verified boolean denotes whether or not this send method, e.g.
            phone number, email address, etc., has been successfully
            authenticated by the User.
        authenticator_type:
          type: string
          description: >-
            The `authenticator_type` string displays the requested authenticator
            type of the Passkey or WebAuthn device. The two valid types are
            "platform" and "cross-platform". If no value is present, the Passkey
            or WebAuthn device was created without an authenticator type
            preference.
        name:
          type: string
          description: The `name` of the Passkey or WebAuthn registration.
      required:
        - webauthn_registration_id
        - domain
        - user_agent
        - verified
        - authenticator_type
        - name
    api_user_v1_OAuthProvider:
      type: object
      properties:
        provider_type:
          type: string
          description: >-
            Denotes the OAuth identity provider that the user has authenticated
            with, e.g. Google, Facebook, GitHub etc.
        provider_subject:
          type: string
          description: >-
            The unique identifier for the User within a given OAuth provider.
            Also commonly called the "sub" or "Subject field" in OAuth
            protocols.
        profile_picture_url:
          type: string
          description: >-
            If available, the `profile_picture_url` is a url of the User's
            profile picture set in OAuth identity the provider that the User has
            authenticated with, e.g. Facebook profile picture.
        locale:
          type: string
          description: >-
            If available, the `locale` is the User's locale set in the OAuth
            identity provider that the user has authenticated with.
        oauth_user_registration_id:
          type: string
          description: The unique ID for an OAuth registration.
      required:
        - provider_type
        - provider_subject
        - profile_picture_url
        - locale
        - oauth_user_registration_id
    api_user_v1_TOTP:
      type: object
      properties:
        totp_id:
          type: string
          description: The unique ID for a TOTP instance.
        verified:
          type: boolean
          description: >-
            The verified boolean denotes whether or not this send method, e.g.
            phone number, email address, etc., has been successfully
            authenticated by the User.
      required:
        - totp_id
        - verified
    api_user_v1_CryptoWallet:
      type: object
      properties:
        crypto_wallet_id:
          type: string
          description: The unique ID for a crypto wallet
        crypto_wallet_address:
          type: string
          description: The actual blockchain address of the User's crypto wallet.
        crypto_wallet_type:
          type: string
          description: >-
            The blockchain that the User's crypto wallet operates on, e.g.
            Ethereum, Solana, etc.
        verified:
          type: boolean
          description: >-
            The verified boolean denotes whether or not this send method, e.g.
            phone number, email address, etc., has been successfully
            authenticated by the User.
      required:
        - crypto_wallet_id
        - crypto_wallet_address
        - crypto_wallet_type
        - verified
    api_user_v1_BiometricRegistration:
      type: object
      properties:
        biometric_registration_id:
          type: string
          description: The unique ID for a biometric registration.
        verified:
          type: boolean
          description: >-
            The verified boolean denotes whether or not this send method, e.g.
            phone number, email address, etc., has been successfully
            authenticated by the User.
      required:
        - biometric_registration_id
        - verified
    api_user_v1_Name:
      type: object
      properties:
        first_name:
          type: string
          description: The first name of the user.
        middle_name:
          type: string
          description: The middle name(s) of the user.
        last_name:
          type: string
          description: The last name of the user.
    api_user_v1_Password:
      type: object
      properties:
        password_id:
          type: string
          description: The unique ID of a specific password
        requires_reset:
          type: boolean
          description: Indicates whether this password requires a password reset
      required:
        - password_id
        - requires_reset
    api_session_v1_AuthenticationFactor:
      type: object
      properties:
        type:
          $ref: >-
            #/components/schemas/api_session_v1_sessions_AuthenticationFactorType
          description: >-
            The type of authentication factor. The possible values are:
            `email_otp`, `impersonated`, `imported`,
                   `magic_link`, `oauth`, `otp`, `password`, `recovery_codes`, `sso`, `trusted_auth_token`, or `totp`.
        delivery_method:
          $ref: >-
            #/components/schemas/api_session_v1_sessions_AuthenticationFactorDeliveryMethod
          description: >-
            The method that was used to deliver the authentication factor. The
            possible values depend on the `type`:
                 
                  `email_otp` – Only `email`.
                 
                  `impersonated` – Only `impersonation`.
                  
                  `imported` – Only `imported_auth0`.
                 
                  `magic_link` – Only `email`.
                 
                  `oauth` – The delivery method is determined by the specific OAuth provider used. The possible values are `oauth_google`, `oauth_microsoft`, `oauth_hubspot`, `oauth_slack`, or `oauth_github`.
                  
                    In addition, you may see an 'exchange' delivery method when a non-email-verifying OAuth factor originally authenticated in one organization is exchanged for a factor in another organization.
                    This can happen during authentication flows such as [session exchange](https://stytch.com/docs/b2b/api/exchange-session).
                    The non-email-verifying OAuth providers are Hubspot, Slack, and Github.
                    Google is also considered non-email-verifying when the HD claim is empty.
                    The possible exchange values are `oauth_exchange_google`, `oauth_exchange_hubspot`, `oauth_exchange_slack`, or `oauth_exchange_github`.
                   
                    The final possible value is `oauth_access_token_exchange`, if this factor came from an [access token exchange flow](https://stytch.com/docs/b2b/api/connected-app-access-token-exchange).
                 
                  `otp` –  Only `sms`.
                 
                  `password` – Only `knowledge`.
                 
                  `recovery_codes` – Only `recovery_code`.
                 
                  `sso` – Either `sso_saml` or `sso_oidc`.
                 
                  `trusted_auth_token` – Only `trusted_token_exchange`.
                 
                  `totp` – Only `authenticator_app`.
                  
        last_authenticated_at:
          type: string
          description: The timestamp when the factor was last authenticated.
        created_at:
          type: string
          description: The timestamp when the factor was initially authenticated.
        updated_at:
          type: string
          description: The timestamp when the factor was last updated.
        email_factor:
          $ref: '#/components/schemas/api_session_v1_EmailFactor'
          description: Information about the email factor, if one is present.
        phone_number_factor:
          $ref: '#/components/schemas/api_session_v1_PhoneNumberFactor'
          description: Information about the phone number factor, if one is present.
        google_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_GoogleOAuthFactor'
          description: Information about the Google OAuth factor, if one is present.
        microsoft_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_MicrosoftOAuthFactor'
          description: Information about the Microsoft OAuth factor, if one is present.
        apple_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_AppleOAuthFactor'
        webauthn_factor:
          $ref: '#/components/schemas/api_session_v1_WebAuthnFactor'
        authenticator_app_factor:
          $ref: '#/components/schemas/api_session_v1_AuthenticatorAppFactor'
          description: >-
            Information about the TOTP-backed Authenticator App factor, if one
            is present.
        github_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_GithubOAuthFactor'
          description: Information about the Github OAuth factor, if one is present.
        recovery_code_factor:
          $ref: '#/components/schemas/api_session_v1_RecoveryCodeFactor'
        facebook_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_FacebookOAuthFactor'
        crypto_wallet_factor:
          $ref: '#/components/schemas/api_session_v1_CryptoWalletFactor'
        amazon_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_AmazonOAuthFactor'
        bitbucket_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_BitbucketOAuthFactor'
        coinbase_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_CoinbaseOAuthFactor'
        discord_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_DiscordOAuthFactor'
        figma_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_FigmaOAuthFactor'
        git_lab_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_GitLabOAuthFactor'
        instagram_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_InstagramOAuthFactor'
        linked_in_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_LinkedInOAuthFactor'
        shopify_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_ShopifyOAuthFactor'
        slack_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_SlackOAuthFactor'
          description: Information about the Slack OAuth factor, if one is present.
        snapchat_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_SnapchatOAuthFactor'
        spotify_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_SpotifyOAuthFactor'
        steam_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_SteamOAuthFactor'
        tik_tok_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_TikTokOAuthFactor'
        twitch_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_TwitchOAuthFactor'
        twitter_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_TwitterOAuthFactor'
        embeddable_magic_link_factor:
          $ref: '#/components/schemas/api_session_v1_EmbeddableMagicLinkFactor'
        biometric_factor:
          $ref: '#/components/schemas/api_session_v1_BiometricFactor'
        saml_sso_factor:
          $ref: '#/components/schemas/api_session_v1_SAMLSSOFactor'
          description: Information about the SAML SSO factor, if one is present.
        oidc_sso_factor:
          $ref: '#/components/schemas/api_session_v1_OIDCSSOFactor'
          description: Information about the OIDC SSO factor, if one is present.
        salesforce_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_SalesforceOAuthFactor'
        yahoo_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_YahooOAuthFactor'
        hubspot_oauth_factor:
          $ref: '#/components/schemas/api_session_v1_HubspotOAuthFactor'
          description: Information about the Hubspot OAuth factor, if one is present.
        slack_oauth_exchange_factor:
          $ref: '#/components/schemas/api_session_v1_SlackOAuthExchangeFactor'
          description: >-
            Information about the Slack OAuth Exchange factor, if one is
            present.
        hubspot_oauth_exchange_factor:
          $ref: '#/components/schemas/api_session_v1_HubspotOAuthExchangeFactor'
          description: >-
            Information about the Hubspot OAuth Exchange factor, if one is
            present.
        github_oauth_exchange_factor:
          $ref: '#/components/schemas/api_session_v1_GithubOAuthExchangeFactor'
          description: >-
            Information about the Github OAuth Exchange factor, if one is
            present.
        google_oauth_exchange_factor:
          $ref: '#/components/schemas/api_session_v1_GoogleOAuthExchangeFactor'
          description: >-
            Information about the Google OAuth Exchange factor, if one is
            present.
        impersonated_factor:
          $ref: '#/components/schemas/api_session_v1_ImpersonatedFactor'
          description: Information about the impersonated factor, if one is present.
        oauth_access_token_exchange_factor:
          $ref: '#/components/schemas/api_session_v1_OAuthAccessTokenExchangeFactor'
          description: >-
            Information about the access token exchange factor, if one is
            present.
        trusted_auth_token_factor:
          $ref: '#/components/schemas/api_session_v1_TrustedAuthTokenFactor'
          description: Information about the trusted auth token factor, if one is present.
      required:
        - type
        - delivery_method
    api_attribute_v1_Attributes:
      type: object
      properties:
        ip_address:
          type: string
          description: The IP address of the user.
        user_agent:
          type: string
          description: The user agent of the User.
    api_device_history_v1_DeviceAttributeDetails:
      type: object
      properties:
        is_new:
          type: boolean
          description: Whether this `ip_geo_country` has been seen before for this user.
        first_seen_at:
          type: string
          description: >-
            When this `ip_geo_country` was first seen for this user. Values
            conform to the RFC 3339 standard and are expressed in UTC, e.g.
            `2021-12-29T12:33:09Z`.
        last_seen_at:
          type: string
          description: >-
            When this `ip_geo_country` was last seen for this user. Values
            conform to the RFC 3339 standard and are expressed in UTC, e.g.
            `2021-12-29T12:33:09Z`.
      required:
        - is_new
    api_session_v1_sessions_AuthenticationFactorType:
      type: string
      enum:
        - magic_link
        - otp
        - oauth
        - webauthn
        - totp
        - crypto
        - password
        - signature_challenge
        - sso
        - imported
        - recovery_codes
        - email_otp
        - impersonated
        - trusted_auth_token
    api_session_v1_sessions_AuthenticationFactorDeliveryMethod:
      type: string
      enum:
        - email
        - sms
        - whatsapp
        - embedded
        - oauth_google
        - oauth_microsoft
        - oauth_apple
        - webauthn_registration
        - authenticator_app
        - oauth_github
        - recovery_code
        - oauth_facebook
        - crypto_wallet
        - oauth_amazon
        - oauth_bitbucket
        - oauth_coinbase
        - oauth_discord
        - oauth_figma
        - oauth_gitlab
        - oauth_instagram
        - oauth_linkedin
        - oauth_shopify
        - oauth_slack
        - oauth_snapchat
        - oauth_spotify
        - oauth_steam
        - oauth_tiktok
        - oauth_twitch
        - oauth_twitter
        - knowledge
        - biometric
        - sso_saml
        - sso_oidc
        - oauth_salesforce
        - oauth_yahoo
        - oauth_hubspot
        - imported_auth0
        - oauth_exchange_slack
        - oauth_exchange_hubspot
        - oauth_exchange_github
        - oauth_exchange_google
        - impersonation
        - oauth_access_token_exchange
        - trusted_token_exchange
    api_session_v1_EmailFactor:
      type: object
      properties:
        email_id:
          type: string
          description: The globally unique UUID of the Member's email.
        email_address:
          type: string
          description: The email address of the Member.
      required:
        - email_id
        - email_address
    api_session_v1_PhoneNumberFactor:
      type: object
      properties:
        phone_id:
          type: string
          description: The globally unique UUID of the Member's phone number.
        phone_number:
          type: string
          description: The phone number of the Member.
      required:
        - phone_id
        - phone_number
    api_session_v1_GoogleOAuthFactor:
      type: object
      properties:
        id:
          type: string
          description: The unique ID of an OAuth registration.
        provider_subject:
          type: string
          description: >-
            The unique identifier for the User within a given OAuth provider.
            Also commonly called the `sub` or "Subject field" in OAuth
            protocols.
        email_id:
          type: string
          description: The globally unique UUID of the Member's email.
      required:
        - id
        - provider_subject
    api_session_v1_MicrosoftOAuthFactor:
      type: object
      properties:
        id:
          type: string
          description: The unique ID of an OAuth registration.
        provider_subject:
          type: string
          description: >-
            The unique identifier for the User within a given OAuth provider.
            Also commonly called the `sub` or "Subject field" in OAuth
            protocols.
        email_id:
          type: string
          description: The globally unique UUID of the Member's email.
      required:
        - id
        - provider_subject
    api_session_v1_AppleOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_WebAuthnFactor:
      type: object
      properties:
        webauthn_registration_id:
          type: string
        domain:
          type: string
        user_agent:
          type: string
      required:
        - webauthn_registration_id
        - domain
    api_session_v1_AuthenticatorAppFactor:
      type: object
      properties:
        totp_id:
          type: string
          description: Globally unique UUID that identifies a TOTP instance.
      required:
        - totp_id
    api_session_v1_GithubOAuthFactor:
      type: object
      properties:
        id:
          type: string
          description: The unique ID of an OAuth registration.
        provider_subject:
          type: string
          description: >-
            The unique identifier for the User within a given OAuth provider.
            Also commonly called the `sub` or "Subject field" in OAuth
            protocols.
        email_id:
          type: string
          description: The globally unique UUID of the Member's email.
      required:
        - id
        - provider_subject
    api_session_v1_RecoveryCodeFactor:
      type: object
      properties:
        totp_recovery_code_id:
          type: string
      required:
        - totp_recovery_code_id
    api_session_v1_FacebookOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_CryptoWalletFactor:
      type: object
      properties:
        crypto_wallet_id:
          type: string
        crypto_wallet_address:
          type: string
        crypto_wallet_type:
          type: string
      required:
        - crypto_wallet_id
        - crypto_wallet_address
        - crypto_wallet_type
    api_session_v1_AmazonOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_BitbucketOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_CoinbaseOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_DiscordOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_FigmaOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_GitLabOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_InstagramOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_LinkedInOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_ShopifyOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_SlackOAuthFactor:
      type: object
      properties:
        id:
          type: string
          description: The unique ID of an OAuth registration.
        provider_subject:
          type: string
          description: >-
            The unique identifier for the User within a given OAuth provider.
            Also commonly called the `sub` or "Subject field" in OAuth
            protocols.
        email_id:
          type: string
          description: The globally unique UUID of the Member's email.
      required:
        - id
        - provider_subject
    api_session_v1_SnapchatOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_SpotifyOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_SteamOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_TikTokOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_TwitchOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_TwitterOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_EmbeddableMagicLinkFactor:
      type: object
      properties:
        embedded_id:
          type: string
      required:
        - embedded_id
    api_session_v1_BiometricFactor:
      type: object
      properties:
        biometric_registration_id:
          type: string
      required:
        - biometric_registration_id
    api_session_v1_SAMLSSOFactor:
      type: object
      properties:
        id:
          type: string
          description: The unique ID of an SSO Registration.
        provider_id:
          type: string
          description: Globally unique UUID that identifies a specific SAML Connection.
        external_id:
          type: string
          description: The ID of the member given by the identity provider.
      required:
        - id
        - provider_id
        - external_id
    api_session_v1_OIDCSSOFactor:
      type: object
      properties:
        id:
          type: string
          description: The unique ID of an SSO Registration.
        provider_id:
          type: string
          description: Globally unique UUID that identifies a specific OIDC Connection.
        external_id:
          type: string
          description: The ID of the member given by the identity provider.
      required:
        - id
        - provider_id
        - external_id
    api_session_v1_SalesforceOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_YahooOAuthFactor:
      type: object
      properties:
        id:
          type: string
        provider_subject:
          type: string
        email_id:
          type: string
      required:
        - id
        - provider_subject
    api_session_v1_HubspotOAuthFactor:
      type: object
      properties:
        id:
          type: string
          description: The unique ID of an OAuth registration.
        provider_subject:
          type: string
          description: >-
            The unique identifier for the User within a given OAuth provider.
            Also commonly called the `sub` or "Subject field" in OAuth
            protocols.
        email_id:
          type: string
          description: The globally unique UUID of the Member's email.
      required:
        - id
        - provider_subject
    api_session_v1_SlackOAuthExchangeFactor:
      type: object
      properties:
        email_id:
          type: string
          description: The globally unique UUID of the Member's email.
      required:
        - email_id
    api_session_v1_HubspotOAuthExchangeFactor:
      type: object
      properties:
        email_id:
          type: string
          description: The globally unique UUID of the Member's email.
      required:
        - email_id
    api_session_v1_GithubOAuthExchangeFactor:
      type: object
      properties:
        email_id:
          type: string
          description: The globally unique UUID of the Member's email.
      required:
        - email_id
    api_session_v1_GoogleOAuthExchangeFactor:
      type: object
      properties:
        email_id:
          type: string
          description: The globally unique UUID of the Member's email.
      required:
        - email_id
    api_session_v1_ImpersonatedFactor:
      type: object
      properties:
        impersonator_id:
          type: string
          description: >-
            For impersonated sessions initiated via the Stytch Dashboard, the
            `impersonator_id` will be the impersonator's Stytch Dashboard
            `member_id`.
        impersonator_email_address:
          type: string
          description: The email address of the impersonator.
      required:
        - impersonator_id
        - impersonator_email_address
    api_session_v1_OAuthAccessTokenExchangeFactor:
      type: object
      properties:
        client_id:
          type: string
          description: The ID of the Connected App client.
      required:
        - client_id
    api_session_v1_TrustedAuthTokenFactor:
      type: object
      properties:
        token_id:
          type: string
          description: The ID of the trusted auth token.
      required:
        - token_id
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic

````