Stytch · Arazzo Workflow

Stytch B2B Organization Magic Link Login

Version 1.0.0

Send an organization-scoped email magic link and authenticate the clicked token.

1 workflow 1 source API 1 provider
View Spec View on GitHub AuthenticationIdentityPasswordlessSecurityB2BConnected AppsMCPAI AgentsDeveloper ToolsArazzoWorkflows

Provider

stytch

Workflows

magic-link-org-login
Email an org-scoped magic link, authenticate the token, and validate the session.
Sends a login-or-signup email magic link scoped to an organization, exchanges the clicked token for a member session, then validates that session token.
3 steps inputs: email_address, login_redirect_url, magic_links_token, organization_id, session_duration_minutes, signup_redirect_url outputs: memberId, organizationId, sessionToken
1
sendMagicLink
api_b2b_magic_v1_b2b_magic_links_email_LoginOrSignup
Send a login-or-signup email magic link scoped to the organization so the member can authenticate by clicking through.
2
authenticateMagicLink
api_b2b_magic_v1_Authenticate
Authenticate the magic link token captured from the clicked link to mint a member session.
3
authenticateSession
api_b2b_session_v1_Authenticate
Validate the member session token to confirm the session is active and resolve the member and organization.

Source API Descriptions

openapi
stytchB2bApi https://raw.githubusercontent.com/api-evangelist/stytch/refs/heads/main/openapi/stytch-b2b-openapi.yml

Arazzo Workflow Specification

stytch-b2b-magic-link-org-login-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Stytch B2B Organization Magic Link Login
  summary: Send an organization-scoped email magic link and authenticate the clicked token.
  description: >-
    A direct organization login flow for B2B apps where the member already knows
    which tenant they belong to. The workflow sends a login-or-signup email magic
    link scoped to a specific organization, then authenticates the token from the
    clicked link to mint a member session and validate it. Every step spells out
    its request inline so the flow can be read and executed without opening the
    underlying OpenAPI description. All calls authenticate with HTTP Basic auth
    using your Stytch project_id as the username and secret as the password.
  version: 1.0.0
sourceDescriptions:
- name: stytchB2bApi
  url: ../openapi/stytch-b2b-openapi.yml
  type: openapi
workflows:
- workflowId: magic-link-org-login
  summary: Email an org-scoped magic link, authenticate the token, and validate the session.
  description: >-
    Sends a login-or-signup email magic link scoped to an organization,
    exchanges the clicked token for a member session, then validates that
    session token.
  inputs:
    type: object
    required:
    - organization_id
    - email_address
    - login_redirect_url
    - magic_links_token
    properties:
      organization_id:
        type: string
        description: The id of the organization the member is logging into.
      email_address:
        type: string
        description: The member's email address to send the magic link to.
      login_redirect_url:
        type: string
        description: The URL the member is redirected to after clicking the login link.
      signup_redirect_url:
        type: string
        description: Optional URL the member is redirected to after clicking a signup link.
      magic_links_token:
        type: string
        description: The magic link token captured from the clicked link.
      session_duration_minutes:
        type: integer
        description: Optional session lifetime in minutes for the member session.
  steps:
  - stepId: sendMagicLink
    description: >-
      Send a login-or-signup email magic link scoped to the organization so the
      member can authenticate by clicking through.
    operationId: api_b2b_magic_v1_b2b_magic_links_email_LoginOrSignup
    requestBody:
      contentType: application/json
      payload:
        organization_id: $inputs.organization_id
        email_address: $inputs.email_address
        login_redirect_url: $inputs.login_redirect_url
        signup_redirect_url: $inputs.signup_redirect_url
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      memberId: $response.body#/member_id
      memberCreated: $response.body#/member_created
  - stepId: authenticateMagicLink
    description: >-
      Authenticate the magic link token captured from the clicked link to mint a
      member session.
    operationId: api_b2b_magic_v1_Authenticate
    requestBody:
      contentType: application/json
      payload:
        magic_links_token: $inputs.magic_links_token
        session_duration_minutes: $inputs.session_duration_minutes
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      memberId: $response.body#/member_id
      organizationId: $response.body#/organization_id
      sessionToken: $response.body#/session_token
  - stepId: authenticateSession
    description: >-
      Validate the member session token to confirm the session is active and
      resolve the member and organization.
    operationId: api_b2b_session_v1_Authenticate
    requestBody:
      contentType: application/json
      payload:
        session_token: $steps.authenticateMagicLink.outputs.sessionToken
        session_duration_minutes: $inputs.session_duration_minutes
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      memberId: $response.body#/member/member_id
      organizationId: $response.body#/organization/organization_id
  outputs:
    memberId: $steps.authenticateMagicLink.outputs.memberId
    organizationId: $steps.authenticateMagicLink.outputs.organizationId
    sessionToken: $steps.authenticateMagicLink.outputs.sessionToken