@ory/client

/** * Ory APIs * # Introduction Documentation for all public and administrative Ory APIs. Administrative APIs can only be accessed with a valid Personal Access Token. Public APIs are mostly used in browsers. ## SDKs This document describes the APIs available in the Ory Network. The APIs are available as SDKs for the following languages: | Language | Download SDK | Documentation | | -------------- | ---------------------------------------------------------------- | ------------------------------------------------------------------------------------ | | Dart | [pub.dev](https://pub.dev/packages/ory_client) | [README](https://github.com/ory/sdk/blob/master/clients/client/dart/README.md) | | .NET | [nuget.org](https://www.nuget.org/packages/Ory.Client/) | [README](https://github.com/ory/sdk/blob/master/clients/client/dotnet/README.md) | | Elixir | [hex.pm](https://hex.pm/packages/ory_client) | [README](https://github.com/ory/sdk/blob/master/clients/client/elixir/README.md) | | Go | [github.com](https://github.com/ory/client-go) | [README](https://github.com/ory/sdk/blob/master/clients/client/go/README.md) | | Java | [maven.org](https://search.maven.org/artifact/sh.ory/ory-client) | [README](https://github.com/ory/sdk/blob/master/clients/client/java/README.md) | | JavaScript | [npmjs.com](https://www.npmjs.com/package/@ory/client) | [README](https://github.com/ory/sdk/blob/master/clients/client/typescript/README.md) | | JavaScript (With fetch) | [npmjs.com](https://www.npmjs.com/package/@ory/client-fetch) | [README](https://github.com/ory/sdk/blob/master/clients/client/typescript-fetch/README.md) | | PHP | [packagist.org](https://packagist.org/packages/ory/client) | [README](https://github.com/ory/sdk/blob/master/clients/client/php/README.md) | | Python | [pypi.org](https://pypi.org/project/ory-client/) | [README](https://github.com/ory/sdk/blob/master/clients/client/python/README.md) | | Ruby | [rubygems.org](https://rubygems.org/gems/ory-client) | [README](https://github.com/ory/sdk/blob/master/clients/client/ruby/README.md) | | Rust | [crates.io](https://crates.io/crates/ory-client) | [README](https://github.com/ory/sdk/blob/master/clients/client/rust/README.md) | * * The version of the OpenAPI document: v1.22.37 * Contact: support@ory.sh * * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). * https://openapi-generator.tech * Do not edit the class manually. */ import type { Configuration } from './configuration'; import type { AxiosPromise, AxiosInstance, RawAxiosRequestConfig } from 'axios'; import type { RequestArgs } from './base'; import { BaseAPI } from './base'; /** * Contains information on an device verification */ export interface AcceptDeviceUserCodeRequest { 'user_code'?: string; } export interface AcceptOAuth2ConsentRequest { 'context'?: object; /** * GrantedAudience sets the audience the user authorized the client to use. Should be a subset of `requested_access_token_audience`. */ 'grant_access_token_audience'?: Array<string>; /** * GrantScope sets the scope the user authorized the client to use. Should be a subset of `requested_scope`. */ 'grant_scope'?: Array<string>; /** * Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same client asks the same user for the same, or a subset of, scope. */ 'remember'?: boolean; /** * RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the authorization will be remembered indefinitely. */ 'remember_for'?: number; 'session'?: AcceptOAuth2ConsentRequestSession; } export interface AcceptOAuth2ConsentRequestSession { /** * AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the refresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection. If only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties can access that endpoint as well, sensitive data from the session might be exposed to them. Use with care! */ 'access_token'?: any; /** * IDToken sets session data for the OpenID Connect ID token. Keep in mind that the session\'id payloads are readable by anyone that has access to the ID Challenge. Use with care! */ 'id_token'?: any; } export interface AcceptOAuth2LoginRequest { /** * ACR sets the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it to express that, for example, a user authenticated using two-factor authentication. */ 'acr'?: string; /** * AMR sets the Authentication Methods References value for this authentication session. You can use it to specify the method a user used to authenticate. For example, if the acr indicates a user used two-factor authentication, the amr can express they used a software-secured key. */ 'amr'?: Array<string>; 'context'?: object; /** * Extend OAuth2 authentication session lifespan If set to `true`, the OAuth2 authentication cookie lifespan is extended. This is for example useful if you want the user to be able to use `prompt=none` continuously. This value can only be set to `true` if the user has an authentication, which is the case if the `skip` value is `true`. */ 'extend_session_lifespan'?: boolean; /** * ForceSubjectIdentifier forces the \"pairwise\" user ID of the end-user that authenticated. The \"pairwise\" user ID refers to the (Pairwise Identifier Algorithm)[http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg] of the OpenID Connect specification. It allows you to set an obfuscated subject (\"user\") identifier that is unique to the client. Please note that this changes the user ID on endpoint /userinfo and sub claim of the ID Token. It does not change the sub claim in the OAuth 2.0 Introspection. Per default, ORY Hydra handles this value with its own algorithm. In case you want to set this yourself you can use this field. Please note that setting this field has no effect if `pairwise` is not configured in ORY Hydra or the OAuth 2.0 Client does not expect a pairwise identifier (set via `subject_type` key in the client\'s configuration). Please also be aware that ORY Hydra is unable to properly compute this value during authentication. This implies that you have to compute this value on every authentication process (probably depending on the client ID or some other unique value). If you fail to compute the proper value, then authentication processes which have id_token_hint set might fail. */ 'force_subject_identifier'?: string; /** * IdentityProviderSessionID is the session ID of the end-user that authenticated. If specified, we will use this value to propagate the logout. */ 'identity_provider_session_id'?: string; /** * Remember, if set to true, tells Ory Hydra to remember this user by telling the user agent (browser) to store a cookie with authentication data. If the same user performs another OAuth 2.0 Authorization Request, they will not be asked to log in again. */ 'remember'?: boolean; /** * RememberFor sets how long the authentication should be remembered for in seconds. If set to `0`, the authorization will be remembered for the duration of the browser session (using a session cookie). */ 'remember_for'?: number; /** * Subject is the user ID of the end-user that authenticated. */ 'subject': string; } export interface AccountExperienceColors { 'ax_background_default'?: string; 'brand_100'?: string; 'brand_200'?: string; 'brand_300'?: string; 'brand_400'?: string; 'brand_50'?: string; 'brand_500'?: string; 'brand_600'?: string; 'brand_700'?: string; 'brand_800'?: string; 'brand_900'?: string; 'brand_950'?: string; 'button_identifier_background_default'?: string; 'button_identifier_background_hover'?: string; 'button_identifier_border_border_default'?: string; 'button_identifier_border_border_hover'?: string; 'button_identifier_foreground_default'?: string; 'button_identifier_foreground_hover'?: string; 'button_link_brand_brand'?: string; 'button_link_brand_brand_hover'?: string; 'button_link_default_primary'?: string; 'button_link_default_primary_hover'?: string; 'button_link_default_secondary'?: string; 'button_link_default_secondary_hover'?: string; 'button_link_disabled_disabled'?: string; 'button_primary_background_default'?: string; 'button_primary_background_disabled'?: string; 'button_primary_background_hover'?: string; 'button_primary_border_default'?: string; 'button_primary_border_disabled'?: string; 'button_primary_border_hover'?: string; 'button_primary_foreground_default'?: string; 'button_primary_foreground_disabled'?: string; 'button_primary_foreground_hover'?: string; 'button_secondary_background_default'?: string; 'button_secondary_background_disabled'?: string; 'button_secondary_background_hover'?: string; 'button_secondary_border_default'?: string; 'button_secondary_border_disabled'?: string; 'button_secondary_border_hover'?: string; 'button_secondary_foreground_default'?: string; 'button_secondary_foreground_disabled'?: string; 'button_secondary_foreground_hover'?: string; 'button_social_background_default'?: string; 'button_social_background_disabled'?: string; 'button_social_background_generic_provider'?: string; 'button_social_background_hover'?: string; 'button_social_border_default'?: string; 'button_social_border_disabled'?: string; 'button_social_border_generic_provider'?: string; 'button_social_border_hover'?: string; 'button_social_foreground_default'?: string; 'button_social_foreground_disabled'?: string; 'button_social_foreground_generic_provider'?: string; 'button_social_foreground_hover'?: string; 'checkbox_background_checked'?: string; 'checkbox_background_default'?: string; 'checkbox_border_checkbox_border_checked'?: string; 'checkbox_border_checkbox_border_default'?: string; 'checkbox_foreground_checked'?: string; 'checkbox_foreground_default'?: string; 'form_background_default'?: string; 'form_border_default'?: string; 'input_background_default'?: string; 'input_background_disabled'?: string; 'input_background_hover'?: string; 'input_border_default'?: string; 'input_border_disabled'?: string; 'input_border_focus'?: string; 'input_border_hover'?: string; 'input_foreground_disabled'?: string; 'input_foreground_primary'?: string; 'input_foreground_secondary'?: string; 'input_foreground_tertiary'?: string; 'interface_background_brand_primary'?: string; 'interface_background_brand_primary_hover'?: string; 'interface_background_brand_secondary'?: string; 'interface_background_brand_secondary_hover'?: string; 'interface_background_default_inverted'?: string; 'interface_background_default_inverted_hover'?: string; 'interface_background_default_none'?: string; 'interface_background_default_primary'?: string; 'interface_background_default_primary_hover'?: string; 'interface_background_default_secondary'?: string; 'interface_background_default_secondary_hover'?: string; 'interface_background_default_tertiary'?: string; 'interface_background_default_tertiary_hover'?: string; 'interface_background_disabled_disabled'?: string; 'interface_background_validation_danger'?: string; 'interface_background_validation_success'?: string; 'interface_background_validation_warning'?: string; 'interface_border_brand_brand'?: string; 'interface_border_default_inverted'?: string; 'interface_border_default_none'?: string; 'interface_border_default_primary'?: string; 'interface_border_disabled_disabled'?: string; 'interface_border_validation_danger'?: string; 'interface_border_validation_success'?: string; 'interface_border_validation_warning'?: string; 'interface_foreground_brand_on_primary'?: string; 'interface_foreground_brand_on_secondary'?: string; 'interface_foreground_brand_primary'?: string; 'interface_foreground_brand_secondary'?: string; 'interface_foreground_default_inverted'?: string; 'interface_foreground_default_primary'?: string; 'interface_foreground_default_secondary'?: string; 'interface_foreground_default_tertiary'?: string; 'interface_foreground_disabled_disabled'?: string; 'interface_foreground_disabled_on_disabled'?: string; 'interface_foreground_validation_danger'?: string; 'interface_foreground_validation_success'?: string; 'interface_foreground_validation_warning'?: string; 'ory_background_default'?: string; 'ory_border_default'?: string; 'ory_foreground_default'?: string; 'radio_background_checked'?: string; 'radio_background_default'?: string; 'radio_border_checked'?: string; 'radio_border_default'?: string; 'radio_foreground_checked'?: string; 'radio_foreground_default'?: string; 'toggle_background_checked'?: string; 'toggle_background_default'?: string; 'toggle_border_checked'?: string; 'toggle_border_default'?: string; 'toggle_foreground_checked'?: string; 'toggle_foreground_default'?: string; 'ui_100'?: string; 'ui_200'?: string; 'ui_300'?: string; 'ui_400'?: string; 'ui_50'?: string; 'ui_500'?: string; 'ui_600'?: string; 'ui_700'?: string; 'ui_800'?: string; 'ui_900'?: string; 'ui_950'?: string; 'ui_black'?: string; 'ui_danger'?: string; 'ui_success'?: string; 'ui_transparent'?: string; 'ui_warning'?: string; 'ui_white'?: string; } export interface AccountExperienceConfiguration { 'default_locale': string; 'default_redirect_url': string; 'enabled_locales': Array<string>; 'error_ui_url': string; 'favicon_dark_url'?: string; 'favicon_light_url'?: string; /** * force_default AccountExperienceLocaleBehaviorForceDefault respect_accept_language AccountExperienceLocaleBehaviorRespectAcceptLanguage */ 'locale_behavior': AccountExperienceConfigurationLocaleBehaviorEnum; 'login_ui_url': string; 'logo_dark_url'?: string; 'logo_light_url'?: string; 'name': string; 'recovery_enabled': boolean; 'recovery_ui_url': string; 'registration_enabled': boolean; 'registration_ui_url': string; 'settings_ui_url': string; 'stylesheet'?: string; 'translations': Array<RevisionAccountExperienceCustomTranslation>; 'verification_enabled': boolean; 'verification_ui_url': string; } export declare const AccountExperienceConfigurationLocaleBehaviorEnum: { readonly ForceDefault: "force_default"; readonly RespectAcceptLanguage: "respect_accept_language"; readonly UnknownDefaultOpenApi: "11184809"; }; export type AccountExperienceConfigurationLocaleBehaviorEnum = typeof AccountExperienceConfigurationLocaleBehaviorEnum[keyof typeof AccountExperienceConfigurationLocaleBehaviorEnum]; export interface AddProjectToWorkspaceBody { /** * The environment of the project in the workspace. Can be one of \"prod\" or \"dev\". Note that the number of projects in the \"prod\" environment is limited depending on the subscription. prod Production stage Staging dev Development */ 'environment': AddProjectToWorkspaceBodyEnvironmentEnum; /** * The action to take with the project subscription. Can be one of \"migrate\", and \"ignore\". \"migrate\" will migrate the project subscription to the workspace. \"ignore\" will ignore the project subscription. migrate ProjectSubscriptionActionMigrate ProjectSubscriptionActionMigrate will migrate the project subscription to the workspace. ignore ProjectSubscriptionActionIgnore ProjectSubscriptionActionIgnore will ignore the project subscription. */ 'project_subscription': AddProjectToWorkspaceBodyProjectSubscriptionEnum; } export declare const AddProjectToWorkspaceBodyEnvironmentEnum: { readonly Prod: "prod"; readonly Stage: "stage"; readonly Dev: "dev"; readonly UnknownDefaultOpenApi: "11184809"; }; export type AddProjectToWorkspaceBodyEnvironmentEnum = typeof AddProjectToWorkspaceBodyEnvironmentEnum[keyof typeof AddProjectToWorkspaceBodyEnvironmentEnum]; export declare const AddProjectToWorkspaceBodyProjectSubscriptionEnum: { readonly Migrate: "migrate"; readonly Ignore: "ignore"; readonly UnknownDefaultOpenApi: "11184809"; }; export type AddProjectToWorkspaceBodyProjectSubscriptionEnum = typeof AddProjectToWorkspaceBodyProjectSubscriptionEnum[keyof typeof AddProjectToWorkspaceBodyProjectSubscriptionEnum]; /** * Create Identity and Import Lookup Secret Credentials */ export interface AdminIdentityImportCredentialsLookupSecret { 'config'?: AdminIdentityImportCredentialsLookupSecretConfig; } /** * Create Identity and Import Lookup Secret Credentials Configuration */ export interface AdminIdentityImportCredentialsLookupSecretConfig { /** * Codes is a list of \"lookup secret\" codes configured for the user. */ 'codes'?: Array<IdentityCredentialsLookupSecretCode>; } export interface Attribute { 'key'?: string; 'value'?: string; } export interface AttributeFilter { 'attribute'?: string; 'condition'?: AttributeFilterConditionEnum; 'value'?: string; } export declare const AttributeFilterConditionEnum: { readonly Equals: "equals"; readonly NotEquals: "not_equals"; readonly Contains: "contains"; readonly NotContains: "not_contains"; readonly Regex: "regex"; readonly NotRegex: "not_regex"; readonly Set: "set"; readonly NotSet: "not_set"; readonly UnknownDefaultOpenApi: "11184809"; }; export type AttributeFilterConditionEnum = typeof AttributeFilterConditionEnum[keyof typeof AttributeFilterConditionEnum]; export interface AttributesCountDatapoint { /** * Count of the attribute value for given key */ 'count': number; /** * Name of the attribute value for given key */ 'name': string; } /** * The authenticator assurance level can be one of \"aal1\", \"aal2\", or \"aal3\". A higher number means that it is harder for an attacker to compromise the account. Generally, \"aal1\" implies that one authentication factor was used while AAL2 implies that two factors (e.g. password + TOTP) have been used. To learn more about these levels please head over to: https://www.ory.com/kratos/docs/concepts/credentials */ export declare const AuthenticatorAssuranceLevel: { readonly Aal0: "aal0"; readonly Aal1: "aal1"; readonly Aal2: "aal2"; readonly Aal3: "aal3"; readonly UnknownDefaultOpenApi: "11184809"; }; export type AuthenticatorAssuranceLevel = typeof AuthenticatorAssuranceLevel[keyof typeof AuthenticatorAssuranceLevel]; export interface BasicOrganization { /** * The list of organization\'s domains. */ 'domains': Array<string>; /** * The organization\'s ID. */ 'id': string; /** * The organization\'s human-readable label. */ 'label': string; } /** * Batch Check Permission Body */ export interface BatchCheckPermissionBody { 'tuples'?: Array<Relationship>; } /** * Batch Check Permission Result */ export interface BatchCheckPermissionResult { /** * An array of check results. The order aligns with the input order. */ 'results': Array<CheckPermissionResultWithError>; } /** * Patch identities response */ export interface BatchPatchIdentitiesResponse { /** * The patch responses for the individual identities. */ 'identities'?: Array<IdentityPatchResponse>; } export interface BillingPeriodBucket { 'base_invoices'?: Array<Invoice>; 'billing_period'?: TimeInterval; 'usage_invoice'?: Invoice; } export interface CheckOplSyntaxResult { /** * The list of syntax errors */ 'errors'?: Array<ParseError>; } /** * The content of the allowed field is mirrored in the HTTP status code. */ export interface CheckPermissionResult { /** * whether the relation tuple is allowed */ 'allowed': boolean; } /** * Check Permission Result With Error */ export interface CheckPermissionResultWithError { /** * whether the relation tuple is allowed */ 'allowed': boolean; /** * any error generated while checking the relation tuple */ 'error'?: string; } export interface CloudAccount { /** * BreakGlass is true when the identity\'s recovery address has break-glass recovery enabled for the identity\'s current organization. */ 'break_glass'?: boolean; 'email': string; 'email_verified': boolean; 'id': string; 'name': string; 'organization_id'?: string | null; } /** * Control API consistency guarantees */ export interface ConsistencyRequestParameters { /** * Read Consistency Level (preview) The read consistency level determines the consistency guarantee for reads: strong (slow): The read is guaranteed to return the most recent data committed at the start of the read. eventual (very fast): The result will return data that is about 4.8 seconds old. The default consistency guarantee can be changed in the Ory Network Console or using the Ory CLI with `ory patch project --replace \'/previews/default_read_consistency_level=\"strong\"\'`. Setting the default consistency level to `eventual` may cause regressions in the future as we add consistency controls to more APIs. Currently, the following APIs will be affected by this setting: `GET /admin/identities` This feature is in preview and only available in Ory Network. ConsistencyLevelUnset ConsistencyLevelUnset is the unset / default consistency level. strong ConsistencyLevelStrong ConsistencyLevelStrong is the strong consistency level. eventual ConsistencyLevelEventual ConsistencyLevelEventual is the eventual consistency level using follower read timestamps. */ 'consistency'?: ConsistencyRequestParametersConsistencyEnum; } export declare const ConsistencyRequestParametersConsistencyEnum: { readonly Empty: ""; readonly Strong: "strong"; readonly Eventual: "eventual"; readonly UnknownDefaultOpenApi: "11184809"; }; export type ConsistencyRequestParametersConsistencyEnum = typeof ConsistencyRequestParametersConsistencyEnum[keyof typeof ConsistencyRequestParametersConsistencyEnum]; /** * @type ContinueWith */ export type ContinueWith = { action: 'redirect_browser_to'; } & ContinueWithRedirectBrowserTo | { action: 'set_ory_session_token'; } & ContinueWithSetOrySessionToken | { action: 'show_recovery_ui'; } & ContinueWithRecoveryUi | { action: 'show_settings_ui'; } & ContinueWithSettingsUi | { action: 'show_verification_ui'; } & ContinueWithVerificationUi; /** * Indicates, that the UI flow could be continued by showing a recovery ui */ export interface ContinueWithRecoveryUi { /** * Action will always be `show_recovery_ui` show_recovery_ui ContinueWithActionShowRecoveryUIString */ 'action': ContinueWithRecoveryUiActionEnum; 'flow': ContinueWithRecoveryUiFlow; } export declare const ContinueWithRecoveryUiActionEnum: { readonly ShowRecoveryUi: "show_recovery_ui"; readonly UnknownDefaultOpenApi: "11184809"; }; export type ContinueWithRecoveryUiActionEnum = typeof ContinueWithRecoveryUiActionEnum[keyof typeof ContinueWithRecoveryUiActionEnum]; export interface ContinueWithRecoveryUiFlow { /** * The ID of the recovery flow */ 'id': string; /** * The URL of the recovery flow If this value is set, redirect the user\'s browser to this URL. This value is typically unset for native clients / API flows. */ 'url'?: string; } /** * Indicates, that the UI flow could be continued by showing a recovery ui */ export interface ContinueWithRedirectBrowserTo { /** * Action will always be `redirect_browser_to` redirect_browser_to ContinueWithActionRedirectBrowserToString */ 'action': ContinueWithRedirectBrowserToActionEnum; /** * The URL to redirect the browser to */ 'redirect_browser_to': string; } export declare const ContinueWithRedirectBrowserToActionEnum: { readonly RedirectBrowserTo: "redirect_browser_to"; readonly UnknownDefaultOpenApi: "11184809"; }; export type ContinueWithRedirectBrowserToActionEnum = typeof ContinueWithRedirectBrowserToActionEnum[keyof typeof ContinueWithRedirectBrowserToActionEnum]; /** * Indicates that a session was issued, and the application should use this token for authenticated requests */ export interface ContinueWithSetOrySessionToken { /** * Action will always be `set_ory_session_token` set_ory_session_token ContinueWithActionSetOrySessionTokenString */ 'action': ContinueWithSetOrySessionTokenActionEnum; /** * Token is the token of the session */ 'ory_session_token': string; } export declare const ContinueWithSetOrySessionTokenActionEnum: { readonly SetOrySessionToken: "set_ory_session_token"; readonly UnknownDefaultOpenApi: "11184809"; }; export type ContinueWithSetOrySessionTokenActionEnum = typeof ContinueWithSetOrySessionTokenActionEnum[keyof typeof ContinueWithSetOrySessionTokenActionEnum]; /** * Indicates, that the UI flow could be continued by showing a settings ui */ export interface ContinueWithSettingsUi { /** * Action will always be `show_settings_ui` show_settings_ui ContinueWithActionShowSettingsUIString */ 'action': ContinueWithSettingsUiActionEnum; 'flow': ContinueWithSettingsUiFlow; } export declare const ContinueWithSettingsUiActionEnum: { readonly ShowSettingsUi: "show_settings_ui"; readonly UnknownDefaultOpenApi: "11184809"; }; export type ContinueWithSettingsUiActionEnum = typeof ContinueWithSettingsUiActionEnum[keyof typeof ContinueWithSettingsUiActionEnum]; export interface ContinueWithSettingsUiFlow { /** * The ID of the settings flow */ 'id': string; /** * The URL of the settings flow If this value is set, redirect the user\'s browser to this URL. This value is typically unset for native clients / API flows. */ 'url'?: string; } /** * Indicates, that the UI flow could be continued by showing a verification ui */ export interface ContinueWithVerificationUi { /** * Action will always be `show_verification_ui` show_verification_ui ContinueWithActionShowVerificationUIString */ 'action': ContinueWithVerificationUiActionEnum; 'flow': ContinueWithVerificationUiFlow; } export declare const ContinueWithVerificationUiActionEnum: { readonly ShowVerificationUi: "show_verification_ui"; readonly UnknownDefaultOpenApi: "11184809"; }; export type ContinueWithVerificationUiActionEnum = typeof ContinueWithVerificationUiActionEnum[keyof typeof ContinueWithVerificationUiActionEnum]; export interface ContinueWithVerificationUiFlow { /** * The ID of the verification flow */ 'id': string; /** * The URL of the verification flow If this value is set, redirect the user\'s browser to this URL. This value is typically unset for native clients / API flows. */ 'url'?: string; /** * The address that should be verified in this flow */ 'verifiable_address': string; } /** * A Message\'s Status */ export declare const CourierMessageStatus: { readonly Queued: "queued"; readonly Sent: "sent"; readonly Processing: "processing"; readonly Abandoned: "abandoned"; readonly UnknownDefaultOpenApi: "11184809"; }; export type CourierMessageStatus = typeof CourierMessageStatus[keyof typeof CourierMessageStatus]; /** * It can either be `email` or `phone` */ export declare const CourierMessageType: { readonly Email: "email"; readonly Phone: "phone"; readonly UnknownDefaultOpenApi: "11184809"; }; export type CourierMessageType = typeof CourierMessageType[keyof typeof CourierMessageType]; /** * Create Custom Hostname Request Body */ export interface CreateCustomDomainBody { /** * The domain where cookies will be set. Has to be a parent domain of the custom hostname to work. */ 'cookie_domain'?: string; /** * CORS Allowed origins for the custom hostname. */ 'cors_allowed_origins'?: Array<string>; /** * CORS Enabled for the custom hostname. */ 'cors_enabled'?: boolean; /** * The base URL where the custom user interface will be exposed. */ 'custom_ui_base_url'?: string; /** * The custom hostname where the API will be exposed. */ 'hostname'?: string; } /** * Create Event Stream Request Body */ export interface CreateEventStreamBody { /** * The HTTPS endpoint URL to send events to. Required if type is https. */ 'https_endpoint'?: string; /** * The AWS IAM role ARN to assume when publishing to the SNS topic. Required if type is sns. */ 'role_arn'?: string; /** * The AWS SNS topic ARN. Required if type is sns. */ 'topic_arn'?: string; /** * The type of the event stream (AWS SNS or HTTPS webhook). */ 'type': CreateEventStreamBodyTypeEnum; } export declare const CreateEventStreamBodyTypeEnum: { readonly Sns: "sns"; readonly Https: "https"; readonly UnknownDefaultOpenApi: "11184809"; }; export type CreateEventStreamBodyTypeEnum = typeof CreateEventStreamBodyTypeEnum[keyof typeof CreateEventStreamBodyTypeEnum]; /** * Contains a list of all available FedCM providers. */ export interface CreateFedcmFlowResponse { 'csrf_token'?: string; 'providers'?: Array<Provider>; } /** * Create Identity Body */ export interface CreateIdentityBody { 'credentials'?: IdentityWithCredentials; /** * ExternalID is an optional external ID of the identity. This is used to link the identity to an external system. If set, the external ID must be unique across all identities. */ 'external_id'?: string; /** * Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/<id>`. */ 'metadata_admin'?: any; /** * Store metadata about the identity which the identity itself can see when calling for example the session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. */ 'metadata_public'?: any; 'organization_id'?: string | null; /** * RecoveryAddresses contains all the addresses that can be used to recover an identity. Use this structure to import recovery addresses for an identity. Please keep in mind that the address needs to be represented in the Identity Schema or this field will be overwritten on the next identity update. */ 'recovery_addresses'?: Array<RecoveryIdentityAddress>; /** * SchemaID is the ID of the JSON Schema to be used for validating the identity\'s traits. */ 'schema_id': string; /** * State is the identity\'s state. active StateActive inactive StateInactive */ 'state'?: CreateIdentityBodyStateEnum; /** * Traits represent an identity\'s traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_url`. */ 'traits': object; /** * VerifiableAddresses contains all the addresses that can be verified by the user. Use this structure to import verified addresses for an identity. Please keep in mind that the address needs to be represented in the Identity Schema or this field will be overwritten on the next identity update. */ 'verifiable_addresses'?: Array<VerifiableIdentityAddress>; } export declare const CreateIdentityBodyStateEnum: { readonly Active: "active"; readonly Inactive: "inactive"; readonly UnknownDefaultOpenApi: "11184809"; }; export type CreateIdentityBodyStateEnum = typeof CreateIdentityBodyStateEnum[keyof typeof CreateIdentityBodyStateEnum]; export interface CreateInviteResponse { /** * A list of all invites for this resource */ 'all_invites': Array<MemberInvite>; 'created_invite': MemberInvite; } /** * Create JSON Web Key Set Request Body */ export interface CreateJsonWebKeySet { /** * JSON Web Key Algorithm The algorithm to be used for creating the key. Supports `RS256`, `ES256`, `ES512`, `HS512`, and `HS256`. */ 'alg': string; /** * JSON Web Key ID The Key ID of the key to be created. */ 'kid': string; /** * JSON Web Key Use The \"use\" (public key use) parameter identifies the intended use of the public key. The \"use\" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Valid values are \"enc\" and \"sig\". */ 'use': string; } export interface CreateOnboardingLinkResponse { /** * The onboarding to redirect the user to for organization setup. */ 'onboarding_portal_token': string; } export interface CreateOrganizationOnboardingPortalLinkBody { /** * AppleMapper specifies the JSONNet code snippet which uses Apple\'s profile information to hydrate the identity\'s data. */ 'apple_mapper_url'?: string; /** * Auth0Mapper specifies the JSONNet code snippet which uses Auth0\'s profile information to hydrate the identity\'s data. */ 'auth0_mapper_url'?: string; 'custom_hostname_id'?: string | null; /** * Feature flag to enable SCIM configuration */ 'enable_scim': boolean; /** * Feature flag to enable SSO configuration */ 'enable_sso': boolean; 'expires_at'?: string; /** * FacebookMapper specifies the JSONNet code snippet which uses Facebook\'s profile information to hydrate the identity\'s data. */ 'facebook_mapper_url'?: string; /** * GenericOIDCMapper specifies the JSONNet code snippet which uses the OIDC Provider\'s profile information to hydrate the identity\'s data. */ 'generic_oidc_mapper_url'?: string; /** * GithubMapper specifies the JSONNet code snippet which uses GitHub\'s profile information to hydrate the identity\'s data. */ 'github_mapper_url'?: string; /** * GitLabMapper specifies the JSONNet code snippet which uses GitLab\'s profile information to hydrate the identity\'s data. */ 'gitlab_mapper_url'?: string; /** * GoogleMapper specifies the JSONNet code snippet which uses Google\'s profile information to hydrate the identity\'s data. */ 'google_mapper_url'?: string; /** * MicrosoftMapper specifies the JSONNet code snippet which uses Microsoft\'s profile information to hydrate the identity\'s data. */ 'microsoft_mapper_url'?: string; /** * NetIDMapper specifies the JSONNet code snippet which uses NetID\'s profile information to hydrate the identity\'s data. */ 'netid_mapper_url'?: string; /** * Proxy ACS URL if overriding with a customer-controlled URL */ 'proxy_acs_url'?: string; /** * Proxy OIDC Redirect URL if overriding with a customer-controlled URL */ 'proxy_oidc_redirect_url'?: string; /** * SAML Audience Override if overriding with a customer-controlled one */ 'proxy_saml_audience_override'?: string; /** * Proxy SCIM Server URL if overriding with a customer-controlled URL */ 'proxy_scim_server_url'?: string; /** * SAMLMapper specifies the JSONNet code snippet which uses the SAML Provider\'s profile information to hydrate the identity\'s data. */ 'saml_mapper_url'?: string; /** * SCIMMapper specifies the JSONNet code snippet which uses the SCIM Provider\'s profile information to hydrate the identity\'s data. */ 'scim_mapper_url'?: string; } export interface CreateProjectApiKeyRequest { 'expires_at'?: string; /** * The Token Name A descriptive name for the token. in: body */ 'name': string; } /** * Create Project Request Body */ export interface CreateProjectBody { /** * The environment of the project. prod Production stage Staging dev Development */ 'environment': CreateProjectBodyEnvironmentEnum; /** * Home Region The home region of the project. This is the region where the project will be created. eu-central EUCentral asia-northeast AsiaNorthEast us-east USEast us-west USWest us US global Global */ 'home_region'?: CreateProjectBodyHomeRegionEnum; /** * The name of the project to be created */ 'name': string; /** * The workspace to create the project in. */ 'workspace_id'?: string; } export declare const CreateProjectBodyEnvironmentEnum: { readonly Prod: "prod"; readonly Stage: "stage"; readonly Dev: "dev"; readonly UnknownDefaultOpenApi: "11184809"; }; export type CreateProjectBodyEnvironmentEnum = typeof CreateProjectBodyEnvironmentEnum[keyof typeof CreateProjectBodyEnvironmentEnum]; export declare const CreateProjectBodyHomeRegionEnum: { readonly EuCentral: "eu-central"; readonly AsiaNortheast: "asia-northeast"; readonly UsEast: "us-east"; readonly UsWest: "us-west"; readonly Us: "us"; readonly Global: "global"; readonly UnknownDefaultOpenApi: "11184809"; }; export type CreateProjectBodyHomeRegionEnum = typeof CreateProjectBodyHomeRegionEnum[keyof typeof CreateProjectBodyHomeRegionEnum]; /** * Create a Project Branding */ export interface CreateProjectBranding { 'favicon_type'?: string; 'favicon_url'?: string; 'logo_type'?: string; 'logo_url'?: string; 'name'?: string; 'theme'?: ProjectBrandingColors; } /** * Create Project MemberInvite Request Body */ export interface CreateProjectMemberInviteBody { /** * A email to invite */ 'invitee_email'?: string; } /** * Create project (normalized) request payload */ export interface CreateProjectNormalizedPayload { /** * The Account Experience\'s Custom Translations Contains all Custom Translations for this project. */ 'account_experience_custom_translations'?: Array<RevisionAccountExperienceCustomTranslation>; /** * Holds the default locale for the account experience. This governs the \"default_locale\" setting. */ 'account_experience_default_locale'?: string; /** * The Account Experience\'s Enabled Locales This governs the locales that are available in the account experience. This governs the \"enabled_locales\" setting. */ 'account_experience_enabled_locales'?: Array<string>; /** * Holds the URL to the account experience\'s dark theme favicon (currently unused). This governs the \"favicon_dark\" setting. */ 'account_experience_favicon_dark'?: string; /** * Holds the URL to the account experience\'s favicon. This governs the \"favicon_light\" setting. */ 'account_experience_favicon_light'?: string; /** * Holds the URL to the account experience\'s language behavior. Can be one of: `respect_accept_language`: Respect the `Accept-Language` header. `force_default`: Force the default language. This governs the \"locale_behavior\" setting. */ 'account_experience_locale_behavior'?: string; /** * Holds the URL to the account experience\'s dark theme logo (currently unused). This governs the \"logo_dark\" setting. */ 'account_experience_logo_dark'?: string; /** * Holds the URL to the account experience\'s logo. This governs the \"logo_light\" setting. */ 'account_experience_logo_light'?: string; /** * Holds the URL to the account experience\'s dark theme variables. This governs the \"theme_variables_dark\" setting. */ 'account_experience_theme_variables_dark'?: string; /** * Holds the URL to the account experience\'s light theme variables. This governs the \"theme_variables_light\" setting. */ 'account_experience_theme_variables_light'?: string; /** * The Project\'s Revision Creation Date */ 'created_at'?: string; /** * Whether to disable the account experience welcome screen, which is hosted under `/ui/welcome`. This governs the \"disable_welcome_screen\" setting. */ 'disable_account_experience_welcome_screen'?: boolean; /** * Whether the new account experience is enabled and reachable. This governs the \"enable_ax_v2\" setting. */ 'enable_ax_v2'?: boolean; /** * prod Production stage Staging dev Development */ 'environment': CreateProjectNormalizedPayloadEnvironmentEnum; /** * eu-central EUCentral asia-northeast AsiaNorthEast us-east USEast us-west USWest us US global Global */ 'home_region'?: CreateProjectNormalizedPayloadHomeRegionEnum; /** * A list of custom claims which are allowed to be added top level to the Access Token. They cannot override reserved claims. This governs the \"oauth2.allowed_top_level_claims\" setting. */ 'hydra_oauth2_allowed_top_level_claims'?: Array<string>; /** * Automatically grant authorized OAuth2 Scope in OAuth2 Client Credentials Flow. Each OAuth2 Client is allowed to request a predefined OAuth2 Scope (for example `read write`). If this option is enabled, the full scope is automatically granted when performing the OAuth2 Client Credentials flow. If disabled, the OAuth2 Client has to request the scope in the OAuth2 request by providing the `scope` query parameter. Setting this option to true is common if you need compatibility with MITREid. This governs the \"oauth2.client_credentials.default_grant_allowed_scope\" setting. */ 'hydra_oauth2_client_credentials_default_grant_allowed_scope'?: boolean; /** * Set to true if you want to exclude claim `nbf (not before)` part of access token. This governs the \"oauth2.exclude_not_before_claim\" setting. */ 'hydra_oauth2_exclude_not_before_claim'?: boolean; /** * Configures if the issued at (`iat`) claim is required in the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC7523). If set to `false`, the `iat` claim is required. Set this value to `true` only after careful consideration. This governs the \"oauth2.grant.jwt.iat_optional\" setting. */ 'hydra_oauth2_grant_jwt_iat_optional'?: boolean; /** * Configures if the JSON Web Token ID (`jti`) claim is required in the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC7523). If set to `false`, the `jti` claim is required. Set this value to `true` only after careful consideration. This governs the \"oauth2.grant.jwt.jti_optional\" setting. */ 'hydra_oauth2_grant_jwt_jti_optional'?: boolean; /** * Configures what the maximum age of a JWT assertion used in the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC7523) can be. This feature uses the `exp` claim and `iat` claim to calculate assertion age. Assertions exceeding the max age will be denied. Useful as a safety measure and recommended to keep below 720h. This governs the \"oauth2.grant.jwt.max_ttl\" setting. */ 'hydra_oauth2_grant_jwt_max_ttl'?: string; /** * Configures the OAuth2 Grant Refresh Token Rotation Grace Period If set to `null` or `\"0s\"`, the graceful refresh token rotation is disabled. This governs the \"oauth2.grant.refresh_token_rotation_grace_period\" setting. */ 'hydra_oauth2_grant_refresh_token_rotation_grace_period'?: string; /** * Set to false if you don\'t want to mirror custom claims under \'ext\'. This governs the \"oauth2.mirror_top_level_claims\" setting. */ 'hydra_oauth2_mirror_top_level_claims'?: boolean; /** * Configures whether PKCE should be enforced for all OAuth2 Clients. This governs the \"oauth2.pkce.enforced\" setting. */ 'hydra_oauth2_pkce_enforced'?: boolean; /** * Configures whether PKCE should be enforced for OAuth2 Clients without a client secret (public clients). This governs the \"oauth2.pkce.enforced_for_public_clients\" setting. */ 'hydra_oauth2_pkce_enforced_for_public_clients'?: boolean; /** * Set to true to keep custom claims that are not promoted to the top level in the \'ext\' claim. Only applies when mirror_top_level_claims is false. This governs the \"oauth2.preserve_ext_claims\" setting. */ 'hydra_oauth2_preserve_ext_claims'?: boolean; /** * Sets the Refresh Token Hook Endpoint. If set this endpoint will be called during the OAuth2 Token Refresh grant update the OAuth2 Access Token claims. This governs the \"oauth2.refresh_token_hook\" setting. */ 'hydra_oauth2_refresh_token_hook'?: string; /** * Sets the token hook endpoint for all grant types. If set it will be called while providing token to customize claims. This governs the \"oauth2.token_hook.url\" setting. */ 'hydra_oauth2_token_hook'?: string; /** * The OpenID Connect Dynamic Client Registration specification has no concept of whitelisting OAuth 2.0 Scope. If you want to expose Dynamic Client Registration, you should set the default scope enabled for newly registered clients. Keep in mind that users can overwrite this default by setting the \"scope\" key in the registration payload, effectively disabling the concept of whitelisted scopes. This governs the \"oidc.dynamic_client_registration.default_scope\" setting. */ 'hydra_oidc_dynamic_client_registration_default_scope'?: Array<string>; /** * Configures OpenID Connect Dynamic Client Registration. This governs the \"oidc.dynamic_client_registration.enabled\" setting. */ 'hydra_oidc_dynamic_client_registration_enabled'?: boolean; /** * Configures OpenID Connect Discovery and overwrites the pairwise algorithm This governs the \"oidc.subject_identifiers.pairwise_salt\" setting. */ 'hydra_oidc_subject_identifiers_pairwise_salt'?: string; /** * Configures OpenID Connect Discovery and overwrites the list of Subject Identifier Algorithms to enable. This governs the \"oidc.subject_identifiers.supported_types\" setting. */ 'hydra_oidc_subject_identifiers_supported_types'?: Array<string>; /** * Configures the Ory Hydra Cookie Secret This governs the \"secrets.cookie\" setting. */ 'hydra_secrets_cookie'?: Array<string>; /** * Configures the Ory Hydra Pagination Secret This governs the \"secrets.pagination\" setting. */ 'hydra_secrets_pagination'?: Array<string>; /** * Configures the Ory Hydra System Secret This governs the \"secrets.system\" setting. */ 'hydra_secrets_system'?: Array<string>; /** * Configures the Ory Hydra Cookie Same Site Legacy Workaround This governs the \"serve.cookies.same_site_legacy_workaround\" setting. */ 'hydra_serve_cookies_same_site_legacy_workaround'?: boolean; /** * Configures the Ory Hydra Cookie Same Site Mode This governs the \"serve.cookies.same_site_mode\" setting. */ 'hydra_serve_cookies_same_site_mode'?: string; /** * Defines access token type This governs the \"strategies.access_token\" setting. opaque Oauth2AccessTokenStrategyOpaque jwt Oauth2AccessTokenStrategyJwt */ 'hydra_strategies_access_token'?: CreateProjectNormalizedPayloadHydraStrategiesAccessTokenEnum; /** * Define the claim to use as the scope in the access token. This governs the \"strategies.jwt.scope_claim\" setting. list: The scope claim is an array of strings named `scope`: `{ \"scope\": [\"read\", \"write\"] }` string: The scope claim is a space delimited list of strings named `scp`: `{ \"scp\": \"read write\" }` both: The scope claim is both a space delimited list and an array of strings named `scope` and `scp`: `{ \"scope\": [\"read\", \"write\"], \"scp\": \"read write\" }` list OAuth2JWTScopeClaimList string OAuth2JWTScopeClaimString both OAuth2JWTScopeClaimBoth */ 'hydra_strategies_jwt_scope_claim'?: CreateProjectNormalizedPayloadHydraStrategiesJwtScopeClaimEnum; /** * Defines how scopes are matched. For more details have a look at https://github.com/ory/fosite#scopes This governs the \"strategies.scope\" setting. exact Oauth2ScopeStrategyExact wildcard Oauth2ScopeStrategyWildcard */ 'hydra_strategies_scope'?: CreateProjectNormalizedPayloadHydraStrategiesScopeEnum; /** * This governs the \"ttl.access_token\" setting. */ 'hydra_ttl_access_token'?: string; /** * Configures how long refresh tokens are valid. Set to -1 for refresh tokens to never expire. This is not recommended! This governs the \"ttl.auth_code\" setting. */ 'hydra_ttl_auth_code'?: string; /** * This governs the \"ttl.id_token\" setting. */ 'hydra_ttl_id_token'?: string; /** * Configures how long a user login and consent flow may take. This governs the \"ttl.login_consent_request\" setting. */ 'hydra_ttl_login_consent_reque