@pake/hydra-client

/** * ORY Hydra * Welcome to the ORY Hydra HTTP API documentation. You will find documentation for all HTTP APIs here. * * The version of the OpenAPI document: v1.9.1 * * * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). * https://openapi-generator.tech * Do not edit the class manually. */ import { Configuration } from './configuration'; import { AxiosPromise, AxiosInstance } from 'axios'; import { RequestArgs, BaseAPI } from './base'; /** * * @export * @interface AcceptConsentRequest */ export interface AcceptConsentRequest { /** * * @type {Array<string>} * @memberof AcceptConsentRequest */ grant_access_token_audience?: Array<string>; /** * * @type {Array<string>} * @memberof AcceptConsentRequest */ grant_scope?: Array<string>; /** * * @type {string} * @memberof AcceptConsentRequest */ handled_at?: string; /** * Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same client asks the same user for the same, or a subset of, scope. * @type {boolean} * @memberof AcceptConsentRequest */ remember?: boolean; /** * RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the authorization will be remembered indefinitely. * @type {number} * @memberof AcceptConsentRequest */ remember_for?: number; /** * * @type {ConsentRequestSession} * @memberof AcceptConsentRequest */ session?: ConsentRequestSession; } /** * * @export * @interface AcceptLoginRequest */ export interface AcceptLoginRequest { /** * ACR sets the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it to express that, for example, a user authenticated using two factor authentication. * @type {string} * @memberof AcceptLoginRequest */ acr?: string; /** * * @type {object} * @memberof AcceptLoginRequest */ context?: object; /** * ForceSubjectIdentifier forces the \"pairwise\" user ID of the end-user that authenticated. The \"pairwise\" user ID refers to the (Pairwise Identifier Algorithm)[http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg] of the OpenID Connect specification. It allows you to set an obfuscated subject (\"user\") identifier that is unique to the client. Please note that this changes the user ID on endpoint /userinfo and sub claim of the ID Token. It does not change the sub claim in the OAuth 2.0 Introspection. Per default, ORY Hydra handles this value with its own algorithm. In case you want to set this yourself you can use this field. Please note that setting this field has no effect if `pairwise` is not configured in ORY Hydra or the OAuth 2.0 Client does not expect a pairwise identifier (set via `subject_type` key in the client\'s configuration). Please also be aware that ORY Hydra is unable to properly compute this value during authentication. This implies that you have to compute this value on every authentication process (probably depending on the client ID or some other unique value). If you fail to compute the proper value, then authentication processes which have id_token_hint set might fail. * @type {string} * @memberof AcceptLoginRequest */ force_subject_identifier?: string; /** * Remember, if set to true, tells ORY Hydra to remember this user by telling the user agent (browser) to store a cookie with authentication data. If the same user performs another OAuth 2.0 Authorization Request, he/she will not be asked to log in again. * @type {boolean} * @memberof AcceptLoginRequest */ remember?: boolean; /** * RememberFor sets how long the authentication should be remembered for in seconds. If set to `0`, the authorization will be remembered for the duration of the browser session (using a session cookie). * @type {number} * @memberof AcceptLoginRequest */ remember_for?: number; /** * Subject is the user ID of the end-user that authenticated. * @type {string} * @memberof AcceptLoginRequest */ subject: string; } /** * * @export * @interface CompletedRequest */ export interface CompletedRequest { /** * RedirectURL is the URL which you should redirect the user to once the authentication process is completed. * @type {string} * @memberof CompletedRequest */ redirect_to: string; } /** * * @export * @interface ConsentRequest */ export interface ConsentRequest { /** * ACR represents the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it to express that, for example, a user authenticated using two factor authentication. * @type {string} * @memberof ConsentRequest */ acr?: string; /** * ID is the identifier (\"authorization challenge\") of the consent authorization request. It is used to identify the session. * @type {string} * @memberof ConsentRequest */ challenge: string; /** * * @type {OAuth2Client} * @memberof ConsentRequest */ client?: OAuth2Client; /** * * @type {object} * @memberof ConsentRequest */ context?: object; /** * LoginChallenge is the login challenge this consent challenge belongs to. It can be used to associate a login and consent request in the login & consent app. * @type {string} * @memberof ConsentRequest */ login_challenge?: string; /** * LoginSessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag) this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false) this will be a new random value. This value is used as the \"sid\" parameter in the ID Token and in OIDC Front-/Back- channel logout. It\'s value can generally be used to associate consecutive login requests by a certain user. * @type {string} * @memberof ConsentRequest */ login_session_id?: string; /** * * @type {OpenIDConnectContext} * @memberof ConsentRequest */ oidc_context?: OpenIDConnectContext; /** * RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but might come in handy if you want to deal with additional request parameters. * @type {string} * @memberof ConsentRequest */ request_url?: string; /** * * @type {Array<string>} * @memberof ConsentRequest */ requested_access_token_audience?: Array<string>; /** * * @type {Array<string>} * @memberof ConsentRequest */ requested_scope?: Array<string>; /** * Skip, if true, implies that the client has requested the same scopes from the same user previously. If true, you must not ask the user to grant the requested scopes. You must however either allow or deny the consent request using the usual API call. * @type {boolean} * @memberof ConsentRequest */ skip?: boolean; /** * Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope requested by the OAuth 2.0 client. * @type {string} * @memberof ConsentRequest */ subject?: string; } /** * * @export * @interface ConsentRequestSession */ export interface ConsentRequestSession { /** * AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the refresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection. If only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties can access that endpoint as well, sensitive data from the session might be exposed to them. Use with care! * @type {object} * @memberof ConsentRequestSession */ access_token?: object; /** * IDToken sets session data for the OpenID Connect ID token. Keep in mind that the session\'id payloads are readable by anyone that has access to the ID Challenge. Use with care! * @type {object} * @memberof ConsentRequestSession */ id_token?: object; } /** * ContainerWaitOKBodyError container waiting error, if any * @export * @interface ContainerWaitOKBodyError */ export interface ContainerWaitOKBodyError { /** * Details of an error * @type {string} * @memberof ContainerWaitOKBodyError */ Message?: string; } /** * * @export * @interface FlushInactiveOAuth2TokensRequest */ export interface FlushInactiveOAuth2TokensRequest { /** * NotAfter sets after which point tokens should not be flushed. This is useful when you want to keep a history of recently issued tokens for auditing. * @type {string} * @memberof FlushInactiveOAuth2TokensRequest */ notAfter?: string; } /** * Error responses are sent when an error (e.g. unauthorized, bad request, ...) occurred. * @export * @interface GenericError */ export interface GenericError { /** * Debug contains debug information. This is usually not available and has to be enabled. * @type {string} * @memberof GenericError */ debug?: string; /** * Name is the error name. * @type {string} * @memberof GenericError */ error: string; /** * Description contains further information on the nature of the error. * @type {string} * @memberof GenericError */ error_description?: string; /** * Code represents the error status code (404, 403, 401, ...). * @type {number} * @memberof GenericError */ status_code?: number; } /** * * @export * @interface HealthNotReadyStatus */ export interface HealthNotReadyStatus { /** * Errors contains a list of errors that caused the not ready status. * @type {{ [key: string]: string; }} * @memberof HealthNotReadyStatus */ errors?: { [key: string]: string; }; } /** * * @export * @interface HealthStatus */ export interface HealthStatus { /** * Status always contains \"ok\". * @type {string} * @memberof HealthStatus */ status?: string; } /** * It is important that this model object is named JSONWebKey for \"swagger generate spec\" to generate only on definition of a JSONWebKey. * @export * @interface JSONWebKey */ export interface JSONWebKey { /** * The \"alg\" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA \"JSON Web Signature and Encryption Algorithms\" registry established by [JWA] or be a value that contains a Collision- Resistant Name. * @type {string} * @memberof JSONWebKey */ alg: string; /** * * @type {string} * @memberof JSONWebKey */ crv?: string; /** * * @type {string} * @memberof JSONWebKey */ d?: string; /** * * @type {string} * @memberof JSONWebKey */ dp?: string; /** * * @type {string} * @memberof JSONWebKey */ dq?: string; /** * * @type {string} * @memberof JSONWebKey */ e?: string; /** * * @type {string} * @memberof JSONWebKey */ k?: string; /** * The \"kid\" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the \"kid\" value is unspecified. When \"kid\" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct \"kid\" values. (One example in which different keys might use the same \"kid\" value is if they have different \"kty\" (key type) values but are considered to be equivalent alternatives by the application using them.) The \"kid\" value is a case-sensitive string. * @type {string} * @memberof JSONWebKey */ kid: string; /** * The \"kty\" (key type) parameter identifies the cryptographic algorithm family used with the key, such as \"RSA\" or \"EC\". \"kty\" values should either be registered in the IANA \"JSON Web Key Types\" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The \"kty\" value is a case-sensitive string. * @type {string} * @memberof JSONWebKey */ kty: string; /** * * @type {string} * @memberof JSONWebKey */ n?: string; /** * * @type {string} * @memberof JSONWebKey */ p?: string; /** * * @type {string} * @memberof JSONWebKey */ q?: string; /** * * @type {string} * @memberof JSONWebKey */ qi?: string; /** * Use (\"public key use\") identifies the intended use of the public key. The \"use\" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly \"sig\" (signature) or \"enc\" (encryption). * @type {string} * @memberof JSONWebKey */ use: string; /** * * @type {string} * @memberof JSONWebKey */ x?: string; /** * The \"x5c\" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. * @type {Array<string>} * @memberof JSONWebKey */ x5c?: Array<string>; /** * * @type {string} * @memberof JSONWebKey */ y?: string; } /** * It is important that this model object is named JSONWebKeySet for \"swagger generate spec\" to generate only on definition of a JSONWebKeySet. Since one with the same name is previously defined as client.Client.JSONWebKeys and this one is last, this one will be effectively written in the swagger spec. * @export * @interface JSONWebKeySet */ export interface JSONWebKeySet { /** * The value of the \"keys\" parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. * @type {Array<JSONWebKey>} * @memberof JSONWebKeySet */ keys?: Array<JSONWebKey>; } /** * * @export * @interface JsonWebKeySetGeneratorRequest */ export interface JsonWebKeySetGeneratorRequest { /** * The algorithm to be used for creating the key. Supports \"RS256\", \"ES512\", \"HS512\", and \"HS256\" * @type {string} * @memberof JsonWebKeySetGeneratorRequest */ alg: string; /** * The kid of the key to be created * @type {string} * @memberof JsonWebKeySetGeneratorRequest */ kid: string; /** * The \"use\" (public key use) parameter identifies the intended use of the public key. The \"use\" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Valid values are \"enc\" and \"sig\". * @type {string} * @memberof JsonWebKeySetGeneratorRequest */ use: string; } /** * * @export * @interface LoginRequest */ export interface LoginRequest { /** * ID is the identifier (\"login challenge\") of the login request. It is used to identify the session. * @type {string} * @memberof LoginRequest */ challenge: string; /** * * @type {OAuth2Client} * @memberof LoginRequest */ client: OAuth2Client; /** * * @type {OpenIDConnectContext} * @memberof LoginRequest */ oidc_context?: OpenIDConnectContext; /** * RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but might come in handy if you want to deal with additional request parameters. * @type {string} * @memberof LoginRequest */ request_url: string; /** * * @type {Array<string>} * @memberof LoginRequest */ requested_access_token_audience: Array<string>; /** * * @type {Array<string>} * @memberof LoginRequest */ requested_scope: Array<string>; /** * SessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag) this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false) this will be a new random value. This value is used as the \"sid\" parameter in the ID Token and in OIDC Front-/Back- channel logout. It\'s value can generally be used to associate consecutive login requests by a certain user. * @type {string} * @memberof LoginRequest */ session_id?: string; /** * Skip, if true, implies that the client has requested the same scopes from the same user previously. If true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL. This feature allows you to update / set session information. * @type {boolean} * @memberof LoginRequest */ skip: boolean; /** * Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope requested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type when accepting the login request, or the request will fail. * @type {string} * @memberof LoginRequest */ subject: string; } /** * * @export * @interface LogoutRequest */ export interface LogoutRequest { /** * RequestURL is the original Logout URL requested. * @type {string} * @memberof LogoutRequest */ request_url?: string; /** * RPInitiated is set to true if the request was initiated by a Relying Party (RP), also known as an OAuth 2.0 Client. * @type {boolean} * @memberof LogoutRequest */ rp_initiated?: boolean; /** * SessionID is the login session ID that was requested to log out. * @type {string} * @memberof LogoutRequest */ sid?: string; /** * Subject is the user for whom the logout was request. * @type {string} * @memberof LogoutRequest */ subject?: string; } /** * * @export * @interface OAuth2Client */ export interface OAuth2Client { /** * * @type {Array<string>} * @memberof OAuth2Client */ allowed_cors_origins?: Array<string>; /** * * @type {Array<string>} * @memberof OAuth2Client */ audience?: Array<string>; /** * Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used. If omitted, the default value is false. * @type {boolean} * @memberof OAuth2Client */ backchannel_logout_session_required?: boolean; /** * RP URL that will cause the RP to log itself out when sent a Logout Token by the OP. * @type {string} * @memberof OAuth2Client */ backchannel_logout_uri?: string; /** * ID is the id for this client. * @type {string} * @memberof OAuth2Client */ client_id?: string; /** * Name is the human-readable string name of the client to be presented to the end-user during authorization. * @type {string} * @memberof OAuth2Client */ client_name?: string; /** * Secret is the client\'s secret. The secret will be included in the create request as cleartext, and then never again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users that they need to write the secret down as it will not be made available again. * @type {string} * @memberof OAuth2Client */ client_secret?: string; /** * SecretExpiresAt is an integer holding the time at which the client secret will expire or 0 if it will not expire. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration. This feature is currently not supported and it\'s value will always be set to 0. * @type {number} * @memberof OAuth2Client */ client_secret_expires_at?: number; /** * ClientURI is an URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion. * @type {string} * @memberof OAuth2Client */ client_uri?: string; /** * * @type {Array<string>} * @memberof OAuth2Client */ contacts?: Array<string>; /** * CreatedAt returns the timestamp of the client\'s creation. * @type {string} * @memberof OAuth2Client */ created_at?: string; /** * Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be included to identify the RP session with the OP when the frontchannel_logout_uri is used. If omitted, the default value is false. * @type {boolean} * @memberof OAuth2Client */ frontchannel_logout_session_required?: boolean; /** * RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the request and to determine which of the potentially multiple sessions is to be logged out; if either is included, both MUST be. * @type {string} * @memberof OAuth2Client */ frontchannel_logout_uri?: string; /** * * @type {Array<string>} * @memberof OAuth2Client */ grant_types?: Array<string>; /** * * @type {object} * @memberof OAuth2Client */ jwks?: object; /** * URL for the Client\'s JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client\'s encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key\'s intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. * @type {string} * @memberof OAuth2Client */ jwks_uri?: string; /** * LogoURI is an URL string that references a logo for the client. * @type {string} * @memberof OAuth2Client */ logo_uri?: string; /** * * @type {object} * @memberof OAuth2Client */ metadata?: object; /** * Owner is a string identifying the owner of the OAuth 2.0 Client. * @type {string} * @memberof OAuth2Client */ owner?: string; /** * PolicyURI is a URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data. * @type {string} * @memberof OAuth2Client */ policy_uri?: string; /** * * @type {Array<string>} * @memberof OAuth2Client */ post_logout_redirect_uris?: Array<string>; /** * * @type {Array<string>} * @memberof OAuth2Client */ redirect_uris?: Array<string>; /** * JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects from this Client MUST be rejected, if not signed with this algorithm. * @type {string} * @memberof OAuth2Client */ request_object_signing_alg?: string; /** * * @type {Array<string>} * @memberof OAuth2Client */ request_uris?: Array<string>; /** * * @type {Array<string>} * @memberof OAuth2Client */ response_types?: Array<string>; /** * Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens. * @type {string} * @memberof OAuth2Client */ scope?: string; /** * URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a file with a single JSON array of redirect_uri values. * @type {string} * @memberof OAuth2Client */ sector_identifier_uri?: string; /** * SubjectType requested for responses to this Client. The subject_types_supported Discovery parameter contains a list of the supported subject_type values for this server. Valid types include `pairwise` and `public`. * @type {string} * @memberof OAuth2Client */ subject_type?: string; /** * Requested Client Authentication method for the Token Endpoint. The options are client_secret_post, client_secret_basic, private_key_jwt, and none. * @type {string} * @memberof OAuth2Client */ token_endpoint_auth_method?: string; /** * Requested Client Authentication signing algorithm for the Token Endpoint. * @type {string} * @memberof OAuth2Client */ token_endpoint_auth_signing_alg?: string; /** * TermsOfServiceURI is a URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client. * @type {string} * @memberof OAuth2Client */ tos_uri?: string; /** * UpdatedAt returns the timestamp of the last update. * @type {string} * @memberof OAuth2Client */ updated_at?: string; /** * JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims as a UTF-8 encoded JSON object using the application/json content-type. * @type {string} * @memberof OAuth2Client */ userinfo_signed_response_alg?: string; } /** * https://tools.ietf.org/html/rfc7662 * @export * @interface OAuth2TokenIntrospection */ export interface OAuth2TokenIntrospection { /** * Active is a boolean indicator of whether or not the presented token is currently active. The specifics of a token\'s \"active\" state will vary depending on the implementation of the authorization server and the information it keeps about its tokens, but a \"true\" value return for the \"active\" property will generally indicate that a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity (e.g., after its issuance time and before its expiration time). * @type {boolean} * @memberof OAuth2TokenIntrospection */ active: boolean; /** * Audience contains a list of the token\'s intended audiences. * @type {Array<string>} * @memberof OAuth2TokenIntrospection */ aud?: Array<string>; /** * ID is aclient identifier for the OAuth 2.0 client that requested this token. * @type {string} * @memberof OAuth2TokenIntrospection */ client_id?: string; /** * Expires at is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token will expire. * @type {number} * @memberof OAuth2TokenIntrospection */ exp?: number; /** * Extra is arbitrary data set by the session. * @type {object} * @memberof OAuth2TokenIntrospection */ ext?: object; /** * Issued at is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token was originally issued. * @type {number} * @memberof OAuth2TokenIntrospection */ iat?: number; /** * IssuerURL is a string representing the issuer of this token * @type {string} * @memberof OAuth2TokenIntrospection */ iss?: string; /** * NotBefore is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token is not to be used before. * @type {number} * @memberof OAuth2TokenIntrospection */ nbf?: number; /** * ObfuscatedSubject is set when the subject identifier algorithm was set to \"pairwise\" during authorization. It is the `sub` value of the ID Token that was issued. * @type {string} * @memberof OAuth2TokenIntrospection */ obfuscated_subject?: string; /** * Scope is a JSON string containing a space-separated list of scopes associated with this token. * @type {string} * @memberof OAuth2TokenIntrospection */ scope?: string; /** * Subject of the token, as defined in JWT [RFC7519]. Usually a machine-readable identifier of the resource owner who authorized this token. * @type {string} * @memberof OAuth2TokenIntrospection */ sub?: string; /** * TokenType is the introspected token\'s type, typically `Bearer`. * @type {string} * @memberof OAuth2TokenIntrospection */ token_type?: string; /** * TokenUse is the introspected token\'s use, for example `access_token` or `refresh_token`. * @type {string} * @memberof OAuth2TokenIntrospection */ token_use?: string; /** * Username is a human-readable identifier for the resource owner who authorized this token. * @type {string} * @memberof OAuth2TokenIntrospection */ username?: string; } /** * The Access Token Response * @export * @interface Oauth2TokenResponse */ export interface Oauth2TokenResponse { /** * * @type {string} * @memberof Oauth2TokenResponse */ access_token?: string; /** * * @type {number} * @memberof Oauth2TokenResponse */ expires_in?: number; /** * * @type {string} * @memberof Oauth2TokenResponse */ id_token?: string; /** * * @type {string} * @memberof Oauth2TokenResponse */ refresh_token?: string; /** * * @type {string} * @memberof Oauth2TokenResponse */ scope?: string; /** * * @type {string} * @memberof Oauth2TokenResponse */ token_type?: string; } /** * * @export * @interface OpenIDConnectContext */ export interface OpenIDConnectContext { /** * ACRValues is the Authentication AuthorizationContext Class Reference requested in the OAuth 2.0 Authorization request. It is a parameter defined by OpenID Connect and expresses which level of authentication (e.g. 2FA) is required. OpenID Connect defines it as follows: > Requested Authentication AuthorizationContext Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication AuthorizationContext Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter. * @type {Array<string>} * @memberof OpenIDConnectContext */ acr_values?: Array<string>; /** * Display is a string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. The defined values are: page: The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. popup: The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. touch: The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. wap: The Authorization Server SHOULD display the authentication and consent UI consistent with a \"feature phone\" type display. The Authorization Server MAY also attempt to detect the capabilities of the User Agent and present an appropriate display. * @type {string} * @memberof OpenIDConnectContext */ display?: string; /** * IDTokenHintClaims are the claims of the ID Token previously issued by the Authorization Server being passed as a hint about the End-User\'s current or past authenticated session with the Client. * @type {object} * @memberof OpenIDConnectContext */ id_token_hint_claims?: object; /** * LoginHint hints about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. This value MAY also be a phone number in the format specified for the phone_number Claim. The use of this parameter is optional. * @type {string} * @memberof OpenIDConnectContext */ login_hint?: string; /** * UILocales is the End-User\'id preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value \"fr-CA fr en\" represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider. * @type {Array<string>} * @memberof OpenIDConnectContext */ ui_locales?: Array<string>; } /** * * @export * @interface PluginConfig */ export interface PluginConfig { /** * * @type {PluginConfigArgs} * @memberof PluginConfig */ Args: PluginConfigArgs; /** * description * @type {string} * @memberof PluginConfig */ Description: string; /** * Docker Version used to create the plugin * @type {string} * @memberof PluginConfig */ DockerVersion?: string; /** * documentation * @type {string} * @memberof PluginConfig */ Documentation: string; /** * entrypoint * @type {Array<string>} * @memberof PluginConfig */ Entrypoint: Array<string>; /** * env * @type {Array<PluginEnv>} * @memberof PluginConfig */ Env: Array<PluginEnv>; /** * * @type {PluginConfigInterface} * @memberof PluginConfig */ Interface: PluginConfigInterface; /** * ipc host * @type {boolean} * @memberof PluginConfig */ IpcHost: boolean; /** * * @type {PluginConfigLinux} * @memberof PluginConfig */ Linux: PluginConfigLinux; /** * mounts * @type {Array<PluginMount>} * @memberof PluginConfig */ Mounts: Array<PluginMount>; /** * * @type {PluginConfigNetwork} * @memberof PluginConfig */ Network: PluginConfigNetwork; /** * pid host * @type {boolean} * @memberof PluginConfig */ PidHost: boolean; /** * propagated mount * @type {string} * @memberof PluginConfig */ PropagatedMount: string; /** * * @type {PluginConfigUser} * @memberof PluginConfig */ User?: PluginConfigUser; /** * work dir * @type {string} * @memberof PluginConfig */ WorkDir: string; /** * * @type {PluginConfigRootfs} * @memberof PluginConfig */ rootfs?: PluginConfigRootfs; } /** * PluginConfigArgs plugin config args * @export * @interface PluginConfigArgs */ export interface PluginConfigArgs { /** * description * @type {string} * @memberof PluginConfigArgs */ Description: string; /** * name * @type {string} * @memberof PluginConfigArgs */ Name: string; /** * settable * @type {Array<string>} * @memberof PluginConfigArgs */ Settable: Array<string>; /** * value * @type {Array<string>} * @memberof PluginConfigArgs */ Value: Array<string>; } /** * PluginConfigInterface The interface between Docker and the plugin * @export * @interface PluginConfigInterface */ export interface PluginConfigInterface { /** * socket * @type {string} * @memberof PluginConfigInterface */ Socket: string; /** * types * @type {Array<PluginInterfaceType>} * @memberof PluginConfigInterface */ Types: Array<PluginInterfaceType>; } /** * PluginConfigLinux plugin config linux * @export * @interface PluginConfigLinux */ export interface PluginConfigLinux { /** * allow all devices * @type {boolean} * @memberof PluginConfigLinux */ AllowAllDevices: boolean; /** * capabilities * @type {Array<string>} * @memberof PluginConfigLinux */ Capabilities: Array<string>; /** * devices * @type {Array<PluginDevice>} * @memberof PluginConfigLinux */ Devices: Array<PluginDevice>; } /** * PluginConfigNetwork plugin config network * @export * @interface PluginConfigNetwork */ export interface PluginConfigNetwork { /** * type * @type {string} * @memberof PluginConfigNetwork */ Type: string; } /** * PluginConfigRootfs plugin config rootfs * @export * @interface PluginConfigRootfs */ export interface PluginConfigRootfs { /** * diff ids * @type {Array<string>} * @memberof PluginConfigRootfs */ diff_ids?: Array<string>; /** * type * @type {string} * @memberof PluginConfigRootfs */ type?: string; } /** * PluginConfigUser plugin config user * @export * @interface PluginConfigUser */ export interface PluginConfigUser { /** * g ID * @type {number} * @memberof PluginConfigUser */ GID?: number; /** * UID * @type {number} * @memberof PluginConfigUser */ UID?: number; } /** * PluginDevice plugin device * @export * @interface PluginDevice */ export interface PluginDevice { /** * description * @type {string} * @memberof PluginDevice */ Description: string; /** * name * @type {string} * @memberof PluginDevice */ Name: string; /** * path * @type {string} * @memberof PluginDevice */ Path: string; /** * settable * @type {Array<string>} * @memberof PluginDevice */ Settable: Array<string>; } /** * PluginEnv plugin env * @export * @interface PluginEnv */ export interface PluginEnv { /** * description * @type {string} * @memberof PluginEnv */ Description: string; /** * name * @type {string} * @memberof PluginEnv */ Name: string; /** * settable * @type {Array<string>} * @memberof PluginEnv */ Settable: Array<string>; /** * value * @type {string} * @memberof PluginEnv */ Value: string; } /** * PluginInterfaceType plugin interface type * @export * @interface PluginInterfaceType */ export interface PluginInterfaceType { /** * capability * @type {string} * @memberof PluginInterfaceType */ Capability: string; /** * prefix * @type {string} * @memberof PluginInterfaceType */ Prefix: string; /** * version * @type {string} * @memberof PluginInterfaceType */ Version: string; } /** * PluginMount plugin mount * @export * @interface PluginMount */ export interface PluginMount { /** * description * @type {string} * @memberof PluginMount */ Description: string; /** * destination * @type {string} * @memberof PluginMount */ Destination: string; /** * name * @type {string} * @memberof PluginMount */ Name: string; /** * options * @type {Array<string>} * @memberof PluginMount */ Options: Array<string>; /** * settable * @type {Array<string>} * @memberof PluginMount */ Settable: Array<string>; /** * source * @type {string} * @memberof PluginMount */ Source: string; /** * type * @type {string} * @memberof PluginMount */ Type: string; } /** * * @export * @interface PluginSettings */ export interface PluginSettings { /** * args * @type {Array<string>} * @memberof PluginSettings */ Args: Array<string>; /** * devices * @type {Array<PluginDevice>} * @memberof PluginSettings */ Devices: Array<PluginDevice>; /** * env * @type {Array<string>} * @memberof PluginSettings */ Env: Array<string>; /** * mounts * @type {Array<PluginMount>} * @memberof PluginSettings */ Mounts: Array<PluginMount>; } /** * The response used to return used consent requests same as HandledLoginRequest, just with consent_request exposed as json * @export * @interface PreviousConsentSession */ export interface PreviousConsentSession { /** * * @type {ConsentRequest} * @memberof PreviousConsentSession */ consent_request?: ConsentRequest; /** * * @type {Array<string>} * @memberof PreviousConsentSession */ grant_access_token_audience?: Array<string>; /** * * @type {Array<string>} * @memberof PreviousConsentSession */ grant_scope?: Array<string>; /** * * @type {string} * @memberof PreviousConsentSession */ handled_at?: string; /** * Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same client asks the same user for the same, or a subset of, scope. * @type {boolean} * @memberof PreviousConsentSession */ remember?: boolean; /** * RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the authorization will be remembered indefinitely. * @type {number} * @memberof PreviousConsentSession */ remember_for?: number; /** * * @type {ConsentRequestSession} * @memberof PreviousConsentSession */ session?: ConsentRequestSession; } /** * * @export * @interface RejectRequest */ export interface RejectRequest { /** * The error should follow the OAuth2 error format (e.g. `invalid_request`, `login_required`). Defaults to `request_denied`. * @type {string} * @memberof RejectRequest */ error?: string; /** * Debug contains information to help resolve the problem as a developer. Usually not exposed to the public but only in the server logs. * @type {string} * @memberof RejectRequest */ error_debug?: string; /** * Description of the error in a human readable format. * @type {string} * @memberof RejectRequest */ error_description?: string; /** * Hint to help resolve the error. * @type {string} * @memberof RejectRequest */ error_hint?: string; /** * Represents the HTTP status code of the error (e.g. 401 or 403) Defaults to 400 * @type {number} * @memberof RejectRequest */ status_code?: number; } /** * The userinfo response * @export * @interface UserinfoResponse */ export interface UserinfoResponse { /** * End-User\'s birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed. Note that depending on the underlying platform\'s date related function, providing just year can result in varying month and day, so the implementers need to take this factor into account to correctly process the dates. * @type {string} * @memberof UserinfoResponse */ birthdate?: string; /** * End-User\'s preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. The RP MUST NOT rely upon this value being unique, as discussed in Section 5.7. * @type {string} * @memberof UserinfoResponse */ email?: string; /** * True if the End-User\'s e-mail address has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this e-mail address was controlled by the End-User at the time the verification was performed. The means by which an e-mail address is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating. * @type {boolean} * @memberof UserinfoResponse */ email_verified?: boolean; /** * Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters. * @type {string} * @memberof UserinfoResponse */ family_name?: string; /** * End-User\'s gender. Values defined by this specification are female and male. Other values MAY be used when neither of the defined values are applicable. * @type {string} * @memberof UserinfoResponse */ gender?: string; /** * Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters. * @type {string} * @memberof UserinfoResponse */ given_name?: string; /** * End-User\'s locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well. * @type {string} * @memberof UserinfoResponse */ locale?: string; /** * Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used. * @type {string} * @memberof UserinfoResponse */ middle_name?: string; /** * End-User\'s full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User\'s locale and preferences. * @type {string} * @memberof UserinfoResponse */ name?: string; /** * Ca