feat(auth): add save_credentials support

stainless-app[bot] · stainless-app[bot] · commit be702dc9f39f · 2026-02-11T10:57:25.000Z
diff --git a/.stats.yml b/.stats.yml
@@ -1,4 +1,4 @@
 configured_endpoints: 100
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel%2Fkernel-92e99f12ad95d7c00047c3f8226cd705174c68c555b42f137f3051768fdf76ae.yml
-openapi_spec_hash: 886e96ba621aecde2a3920825771f260
-config_hash: 82f0a04081a3ab7111d3a9c68cd3ff2b
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel%2Fkernel-82fd51be8dc9b6ad425425f9eb747dd337df494a030d03d37f101e2236c85548.yml
+openapi_spec_hash: ab396816e2b7da9938d42ec5a41cc8e1
+config_hash: 27c0ea01aeb797a1767af139851c5b66
diff --git a/api.md b/api.md
@@ -242,7 +242,6 @@ Types:
 
 ```python
 from kernel.types.auth import (
-    LoginRequest,
     LoginResponse,
     ManagedAuth,
     ManagedAuthCreateRequest,
diff --git a/src/kernel/resources/auth/connections.py b/src/kernel/resources/auth/connections.py
@@ -63,6 +63,7 @@ def create(
         health_check_interval: int | Omit = omit,
         login_url: str | Omit = omit,
         proxy: connection_create_params.Proxy | Omit = omit,
+        save_credentials: bool | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -116,6 +117,9 @@ def create(
           proxy: Proxy selection. Provide either id or name. The proxy must belong to the
               caller's org.
 
+          save_credentials: Whether to save credentials after every successful login. Defaults to true.
+              One-time codes (TOTP, SMS, etc.) are not saved.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -135,6 +139,7 @@ def create(
                     "health_check_interval": health_check_interval,
                     "login_url": login_url,
                     "proxy": proxy,
+                    "save_credentials": save_credentials,
                 },
                 connection_create_params.ConnectionCreateParams,
             ),
@@ -318,7 +323,6 @@ def login(
         id: str,
         *,
         proxy: connection_login_params.Proxy | Omit = omit,
-        save_credential_as: str | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -336,8 +340,6 @@ def login(
           proxy: Proxy selection. Provide either id or name. The proxy must belong to the
               caller's org.
 
-          save_credential_as: If provided, saves credentials under this name upon successful login
-
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -350,13 +352,7 @@ def login(
             raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
         return self._post(
             f"/auth/connections/{id}/login",
-            body=maybe_transform(
-                {
-                    "proxy": proxy,
-                    "save_credential_as": save_credential_as,
-                },
-                connection_login_params.ConnectionLoginParams,
-            ),
+            body=maybe_transform({"proxy": proxy}, connection_login_params.ConnectionLoginParams),
             options=make_request_options(
                 extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
             ),
@@ -367,7 +363,7 @@ def submit(
         self,
         id: str,
         *,
-        fields: Dict[str, str],
+        fields: Dict[str, str] | Omit = omit,
         mfa_option_id: str | Omit = omit,
         sso_button_selector: str | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
@@ -446,6 +442,7 @@ async def create(
         health_check_interval: int | Omit = omit,
         login_url: str | Omit = omit,
         proxy: connection_create_params.Proxy | Omit = omit,
+        save_credentials: bool | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -499,6 +496,9 @@ async def create(
           proxy: Proxy selection. Provide either id or name. The proxy must belong to the
               caller's org.
 
+          save_credentials: Whether to save credentials after every successful login. Defaults to true.
+              One-time codes (TOTP, SMS, etc.) are not saved.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -518,6 +518,7 @@ async def create(
                     "health_check_interval": health_check_interval,
                     "login_url": login_url,
                     "proxy": proxy,
+                    "save_credentials": save_credentials,
                 },
                 connection_create_params.ConnectionCreateParams,
             ),
@@ -701,7 +702,6 @@ async def login(
         id: str,
         *,
         proxy: connection_login_params.Proxy | Omit = omit,
-        save_credential_as: str | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -719,8 +719,6 @@ async def login(
           proxy: Proxy selection. Provide either id or name. The proxy must belong to the
               caller's org.
 
-          save_credential_as: If provided, saves credentials under this name upon successful login
-
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -733,13 +731,7 @@ async def login(
             raise ValueError(f"Expected a non-empty value for `id` but received {id!r}")
         return await self._post(
             f"/auth/connections/{id}/login",
-            body=await async_maybe_transform(
-                {
-                    "proxy": proxy,
-                    "save_credential_as": save_credential_as,
-                },
-                connection_login_params.ConnectionLoginParams,
-            ),
+            body=await async_maybe_transform({"proxy": proxy}, connection_login_params.ConnectionLoginParams),
             options=make_request_options(
                 extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
             ),
@@ -750,7 +742,7 @@ async def submit(
         self,
         id: str,
         *,
-        fields: Dict[str, str],
+        fields: Dict[str, str] | Omit = omit,
         mfa_option_id: str | Omit = omit,
         sso_button_selector: str | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
diff --git a/src/kernel/types/auth/connection_create_params.py b/src/kernel/types/auth/connection_create_params.py
@@ -63,6 +63,12 @@ class ConnectionCreateParams(TypedDict, total=False):
     Provide either id or name. The proxy must belong to the caller's org.
     """
 
+    save_credentials: bool
+    """Whether to save credentials after every successful login.
+
+    Defaults to true. One-time codes (TOTP, SMS, etc.) are not saved.
+    """
+
 
 class Credential(TypedDict, total=False):
     """Reference to credentials for the auth connection.
diff --git a/src/kernel/types/auth/connection_login_params.py b/src/kernel/types/auth/connection_login_params.py
@@ -14,9 +14,6 @@ class ConnectionLoginParams(TypedDict, total=False):
     Provide either id or name. The proxy must belong to the caller's org.
     """
 
-    save_credential_as: str
-    """If provided, saves credentials under this name upon successful login"""
-
 
 class Proxy(TypedDict, total=False):
     """Proxy selection.
diff --git a/src/kernel/types/auth/connection_submit_params.py b/src/kernel/types/auth/connection_submit_params.py
@@ -3,13 +3,13 @@
 from __future__ import annotations
 
 from typing import Dict
-from typing_extensions import Required, TypedDict
+from typing_extensions import TypedDict
 
 __all__ = ["ConnectionSubmitParams"]
 
 
 class ConnectionSubmitParams(TypedDict, total=False):
-    fields: Required[Dict[str, str]]
+    fields: Dict[str, str]
     """Map of field name to value"""
 
     mfa_option_id: str
diff --git a/src/kernel/types/auth/managed_auth.py b/src/kernel/types/auth/managed_auth.py
@@ -105,6 +105,12 @@ class ManagedAuth(BaseModel):
     profile_name: str
     """Name of the profile associated with this auth connection"""
 
+    save_credentials: bool
+    """Whether credentials are saved after every successful login.
+
+    One-time codes (TOTP, SMS, etc.) are not saved.
+    """
+
     status: Literal["AUTHENTICATED", "NEEDS_AUTH"]
     """Current authentication status of the managed profile"""
 
@@ -202,6 +208,9 @@ class ManagedAuth(BaseModel):
     post_login_url: Optional[str] = None
     """URL where the browser landed after successful login"""
 
+    proxy_id: Optional[str] = None
+    """ID of the proxy associated with this connection, if any."""
+
     sso_provider: Optional[str] = None
     """SSO provider being used (e.g., google, github, microsoft)"""
 
diff --git a/src/kernel/types/credential.py b/src/kernel/types/credential.py
@@ -29,6 +29,9 @@ class Credential(BaseModel):
     has_totp_secret: Optional[bool] = None
     """Whether this credential has a TOTP secret configured for automatic 2FA"""
 
+    has_values: Optional[bool] = None
+    """Whether this credential has stored values (email, password, etc.)"""
+
     sso_provider: Optional[str] = None
     """
     If set, indicates this credential should be used with the specified SSO provider
diff --git a/tests/api_resources/auth/test_connections.py b/tests/api_resources/auth/test_connections.py
@@ -50,6 +50,7 @@ def test_method_create_with_all_params(self, client: Kernel) -> None:
                 "id": "id",
                 "name": "name",
             },
+            save_credentials=True,
         )
         assert_matches_type(ManagedAuth, connection, path=["response"])
 
@@ -262,7 +263,6 @@ def test_method_login_with_all_params(self, client: Kernel) -> None:
                 "id": "id",
                 "name": "name",
             },
-            save_credential_as="my-netflix-login",
         )
         assert_matches_type(LoginResponse, connection, path=["response"])
 
@@ -305,10 +305,6 @@ def test_path_params_login(self, client: Kernel) -> None:
     def test_method_submit(self, client: Kernel) -> None:
         connection = client.auth.connections.submit(
             id="id",
-            fields={
-                "email": "user@example.com",
-                "password": "secret",
-            },
         )
         assert_matches_type(SubmitFieldsResponse, connection, path=["response"])
 
@@ -331,10 +327,6 @@ def test_method_submit_with_all_params(self, client: Kernel) -> None:
     def test_raw_response_submit(self, client: Kernel) -> None:
         response = client.auth.connections.with_raw_response.submit(
             id="id",
-            fields={
-                "email": "user@example.com",
-                "password": "secret",
-            },
         )
 
         assert response.is_closed is True
@@ -347,10 +339,6 @@ def test_raw_response_submit(self, client: Kernel) -> None:
     def test_streaming_response_submit(self, client: Kernel) -> None:
         with client.auth.connections.with_streaming_response.submit(
             id="id",
-            fields={
-                "email": "user@example.com",
-                "password": "secret",
-            },
         ) as response:
             assert not response.is_closed
             assert response.http_request.headers.get("X-Stainless-Lang") == "python"
@@ -366,10 +354,6 @@ def test_path_params_submit(self, client: Kernel) -> None:
         with pytest.raises(ValueError, match=r"Expected a non-empty value for `id` but received ''"):
             client.auth.connections.with_raw_response.submit(
                 id="",
-                fields={
-                    "email": "user@example.com",
-                    "password": "secret",
-                },
             )
 
 
@@ -406,6 +390,7 @@ async def test_method_create_with_all_params(self, async_client: AsyncKernel) ->
                 "id": "id",
                 "name": "name",
             },
+            save_credentials=True,
         )
         assert_matches_type(ManagedAuth, connection, path=["response"])
 
@@ -618,7 +603,6 @@ async def test_method_login_with_all_params(self, async_client: AsyncKernel) ->
                 "id": "id",
                 "name": "name",
             },
-            save_credential_as="my-netflix-login",
         )
         assert_matches_type(LoginResponse, connection, path=["response"])
 
@@ -661,10 +645,6 @@ async def test_path_params_login(self, async_client: AsyncKernel) -> None:
     async def test_method_submit(self, async_client: AsyncKernel) -> None:
         connection = await async_client.auth.connections.submit(
             id="id",
-            fields={
-                "email": "user@example.com",
-                "password": "secret",
-            },
         )
         assert_matches_type(SubmitFieldsResponse, connection, path=["response"])
 
@@ -687,10 +667,6 @@ async def test_method_submit_with_all_params(self, async_client: AsyncKernel) ->
     async def test_raw_response_submit(self, async_client: AsyncKernel) -> None:
         response = await async_client.auth.connections.with_raw_response.submit(
             id="id",
-            fields={
-                "email": "user@example.com",
-                "password": "secret",
-            },
         )
 
         assert response.is_closed is True
@@ -703,10 +679,6 @@ async def test_raw_response_submit(self, async_client: AsyncKernel) -> None:
     async def test_streaming_response_submit(self, async_client: AsyncKernel) -> None:
         async with async_client.auth.connections.with_streaming_response.submit(
             id="id",
-            fields={
-                "email": "user@example.com",
-                "password": "secret",
-            },
         ) as response:
             assert not response.is_closed
             assert response.http_request.headers.get("X-Stainless-Lang") == "python"
@@ -722,8 +694,4 @@ async def test_path_params_submit(self, async_client: AsyncKernel) -> None:
         with pytest.raises(ValueError, match=r"Expected a non-empty value for `id` but received ''"):
             await async_client.auth.connections.with_raw_response.submit(
                 id="",
-                fields={
-                    "email": "user@example.com",
-                    "password": "secret",
-                },
             )
