Completes a SCIM token rotation. This will complete the current token rotation process and update the active token to be the new token supplied in the start SCIM token rotation response.
RBAC Enforced API
When a Member Session is passed in the Authorization headers, Stytch will enforce that the Member has permission to take the update Action on the stytch.scim Resource prior to honoring the request.
To learn more, see our RBAC guide.
Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.
The ID of the SCIM connection.
The secret token for a Member Session that should be used to perform an authorization check for this endpoint. If neither session header is passed, no authorization check will be performed. If one is passed, we will check that the Member Session contains a Role that satisfies the permission needed to call this endpoint. If it does not, or if the Member's Organization does not match the organization_id passed in the request, a 403 error will be thrown. Otherwise, the request will proceed as normal.
The JSON Web Token (JWT) for a Member Session that should be used to perform an authorization check for this endpoint. If neither session header is passed, no authorization check will be performed. If one is passed, we will check that the Member Session contains a Role that satisfies the permission needed to call this endpoint. If it does not, or if the Member's Organization does not match the organization_id passed in the request, a 403 error will be thrown. Otherwise, the request will proceed as normal.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.
The ID of the SCIM connection.
The status of the connection. The possible values are deleted or active.
A human-readable display name for the connection.
Name of the IdP. Enum with possible values: okta, microsoft-entra, cyberark, jumpcloud, onelogin, pingfederate, rippling or generic.
Specifying a known provider allows Stytch to handle any provider-specific logic, such as automatically appending ?aadOptscim062020 to the returned BaseURL for microsoft-entra SCIM Connections to enable the SCIM 2.0 compliant flag.
The URL supplied to the Identity Provider (IdP) alongside the bearer token enabling access to Stytch's SCIM API endpoints
The token supplied to the Identity Provider (IdP) alongside the base URL that grants access to Stytch's SCIM API endpoints. It should be included in HTTP authorization headers. This field is supplied only on creation of the SCIM connection.
The bearer token expiry time.
The last four digits of the bearer token. If you've lost access to your bearer_token and need to generate a new one, use the SCIM rotate token start endpoint.
This field is supplied only during token rotation. This token should be used as the new bearer token for the SCIM connection after token rotation has been completed using the SCIM rotate token complete endpoint.
This field is supplied only during token rotation. The next bearer token expiry time.
An array of SCIM group implicit role assignments. Each object in the array must contain a group_id and a role_id.
The ID of the group.
The ID of the role.
const stytch = require('stytch');
const client = new stytch.B2BClient({
project_id: 'PROJECT_ID',
secret: 'SECRET',
});
const params = {
organization_id: "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
connection_id: "scim-connection-test-cdd5415a-c470-42be-8369-5c90cf7762dc",
};
const options = {
authorization: {
session_token: 'mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q',
},
};
client.scim.connection.rotateComplete(params, options)
.then(resp => { console.log(resp) })
.catch(err => { console.log(err) });{
"connection": {
"organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931"
"connection_id": "scim-connection-test-cdd5415a-c470-42be-8369-5c90cf7762dc"
"status": "active",
"display_name": "My SCIM Connection"
"identity_provider": "okta"
"base_url": "https://test.stytch.com/v1/b2b/scim/scim-connection-test-cdd5415a-c470-42be-8369-5c90cf7762dc"
"bearer_token_expires_at": "2029-03-20T21:28:28Z"
"bearer_token_last_four": "sdko"
},
}{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_credentials",
"error_message": "Unauthorized credentials.",
"error_url": "https://stytch.com/docs/api/errors/401"
}{
"status_code": 429,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "too_many_requests",
"error_message": "Too many requests have been made.",
"error_url": "https://stytch.com/docs/api/errors/429"
}{
"status_code": 500,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "internal_server_error",
"error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
"error_url": "https://stytch.com/docs/api/errors/500"
}