auth0

import * as core from "../../core/index.js"; import * as Management from "../index.js"; /** * @example * { * triggerId: "triggerId", * actionName: "actionName", * deployed: true, * page: 1, * per_page: 1, * installed: true * } */ export interface ListActionsRequestParameters { /** An actions extensibility point. */ triggerId?: Management.ActionTriggerTypeEnum | null; /** The name of the action to retrieve. */ actionName?: string | null; /** Optional filter to only retrieve actions that are deployed. */ deployed?: boolean | null; /** Use this field to request a specific page of the list results. */ page?: number | null; /** The maximum number of results to be returned by the server in single response. 20 by default */ per_page?: number | null; /** Optional. When true, return only installed actions. When false, return only custom actions. Returns all actions by default. */ installed?: boolean | null; } /** * @example * { * name: "name", * supported_triggers: [{ * id: "id" * }] * } */ export interface CreateActionRequestContent { /** The name of an action. */ name: string; /** The list of triggers that this action supports. At this time, an action can only target a single trigger at a time. */ supported_triggers: Management.ActionTrigger[]; /** The source code of the action. */ code?: string; /** The list of third party npm modules, and their versions, that this action depends on. */ dependencies?: Management.ActionVersionDependency[]; /** The Node runtime. For example: `node22`, defaults to `node22` */ runtime?: string; /** The list of secrets that are included in an action or a version of an action. */ secrets?: Management.ActionSecretRequest[]; /** True if the action should be deployed after creation. */ deploy?: boolean; } /** * @example * { * force: true * } */ export interface DeleteActionRequestParameters { /** Force action deletion detaching bindings */ force?: boolean | null; } /** * @example * {} */ export interface UpdateActionRequestContent { /** The name of an action. */ name?: string; /** The list of triggers that this action supports. At this time, an action can only target a single trigger at a time. */ supported_triggers?: Management.ActionTrigger[]; /** The source code of the action. */ code?: string; /** The list of third party npm modules, and their versions, that this action depends on. */ dependencies?: Management.ActionVersionDependency[]; /** The Node runtime. For example: `node22`, defaults to `node22` */ runtime?: string; /** The list of secrets that are included in an action or a version of an action. */ secrets?: Management.ActionSecretRequest[]; } /** * @example * { * payload: { * "key": "value" * } * } */ export interface TestActionRequestContent { payload: Management.TestActionPayload; } /** * @example * {} */ export interface UpdateBrandingRequestContent { colors?: Management.UpdateBrandingColors | null; /** URL for the favicon. Must use HTTPS. */ favicon_url?: string | null; /** URL for the logo. Must use HTTPS. */ logo_url?: string | null; font?: Management.UpdateBrandingFont | null; } /** * @example * { * from: "from", * take: 1, * audience: "audience", * client_id: "client_id", * allow_any_organization: true, * subject_type: "client" * } */ export interface ListClientGrantsRequestParameters { /** Optional Id from which to start selection. */ from?: string | null; /** Number of results per page. Defaults to 50. */ take?: number | null; /** Optional filter on audience. */ audience?: string | null; /** Optional filter on client_id. */ client_id?: string | null; /** Optional filter on allow_any_organization. */ allow_any_organization?: Management.ClientGrantAllowAnyOrganizationEnum | null; /** The type of application access the client grant allows. Use of this field is subject to the applicable Free Trial terms in Okta’s <a href="https://www.okta.com/legal/"> Master Subscription Agreement.</a> */ subject_type?: Management.ClientGrantSubjectTypeEnum | null; } /** * @example * { * client_id: "client_id", * audience: "audience" * } */ export interface CreateClientGrantRequestContent { /** ID of the client. */ client_id: string; /** The audience (API identifier) of this client grant */ audience: string; organization_usage?: Management.ClientGrantOrganizationUsageEnum; /** If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations. */ allow_any_organization?: boolean; /** Scopes allowed for this client grant. */ scope?: string[]; subject_type?: Management.ClientGrantSubjectTypeEnum; /** Types of authorization_details allowed for this client grant. Use of this field is subject to the applicable Free Trial terms in Okta’s <a href= "https://www.okta.com/legal/"> Master Subscription Agreement.</a> */ authorization_details_types?: string[]; } /** * @example * {} */ export interface UpdateClientGrantRequestContent { /** Scopes allowed for this client grant. */ scope?: string[]; organization_usage?: Management.ClientGrantOrganizationNullableUsageEnum | null; /** Controls allowing any organization to be used with this grant */ allow_any_organization?: boolean | null; /** Types of authorization_details allowed for this client grant. Use of this field is subject to the applicable Free Trial terms in Okta’s <a href= "https://www.okta.com/legal/"> Master Subscription Agreement.</a> */ authorization_details_types?: string[]; } /** * @example * { * fields: "fields", * include_fields: true, * page: 1, * per_page: 1, * include_totals: true, * is_global: true, * is_first_party: true, * app_type: "app_type", * q: "q" * } */ export interface ListClientsRequestParameters { /** Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. */ fields?: string | null; /** Whether specified fields are to be included (true) or excluded (false). */ include_fields?: boolean | null; /** Page index of the results to return. First page is 0. */ page?: number | null; /** Number of results per page. Default value is 50, maximum value is 100 */ per_page?: number | null; /** Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). */ include_totals?: boolean | null; /** Optional filter on the global client parameter. */ is_global?: boolean | null; /** Optional filter on whether or not a client is a first-party client. */ is_first_party?: boolean | null; /** Optional filter by a comma-separated list of application types. */ app_type?: string | null; /** Advanced Query in <a href="http://www.lucenetutorial.com/lucene-query-syntax.html">Lucene</a> syntax. Permitted Queries: <ul><li>client_grant.organization_id:{organization_id}</li><li>client_grant.allow_any_organization:true</li></ul>Additional Restrictions: <ul><li>Cannot be used in combination with other filters</li><li>Requires use of the from and take paging parameters (checkpoint paginatinon)</li><li>Reduced rate limits apply. See <a href="https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations/enterprise-public">Rate Limit Configurations</a></li></ul>Note: Recent updates may not be immediately reflected in query results */ q?: string | null; } /** * @example * { * name: "name" * } */ export interface CreateClientRequestContent { /** Name of this client (min length: 1 character, does not allow `<` or `>`). */ name: string; /** Free text description of this client (max length: 140 characters). */ description?: string; /** URL of the logo to display for this client. Recommended size is 150x150 pixels. */ logo_uri?: string; /** Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication. */ callbacks?: string[]; oidc_logout?: Management.ClientOidcBackchannelLogoutSettings; oidc_backchannel_logout?: Management.ClientOidcBackchannelLogoutSettings; session_transfer?: Management.ClientSessionTransferConfiguration | null; /** Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs. */ allowed_origins?: string[]; /** Comma-separated list of allowed origins for use with <a href='https://auth0.com/docs/cross-origin-authentication'>Cross-Origin Authentication</a>, <a href='https://auth0.com/docs/flows/concepts/device-auth'>Device Flow</a>, and <a href='https://auth0.com/docs/protocols/oauth2#how-response-mode-works'>web message response mode</a>. */ web_origins?: string[]; /** List of audiences/realms for SAML protocol. Used by the wsfed addon. */ client_aliases?: string[]; /** List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed. */ allowed_clients?: string[]; /** Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains. */ allowed_logout_urls?: string[]; /** List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`. */ grant_types?: string[]; token_endpoint_auth_method?: Management.ClientTokenEndpointAuthMethodEnum; /** If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint. */ is_token_endpoint_ip_header_trusted?: boolean; app_type?: Management.ClientAppTypeEnum; /** Whether this client a first party client or not */ is_first_party?: boolean; /** Whether this client conforms to <a href='https://auth0.com/docs/api-auth/tutorials/adoption'>strict OIDC specifications</a> (true) or uses legacy features (false). */ oidc_conformant?: boolean; jwt_configuration?: Management.ClientJwtConfiguration; encryption_key?: Management.ClientEncryptionKey | null; /** Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false). */ sso?: boolean; /** Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). */ cross_origin_authentication?: boolean; /** URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page. */ cross_origin_loc?: string; /** <code>true</code> to disable Single Sign On, <code>false</code> otherwise (default: <code>false</code>) */ sso_disabled?: boolean; /** <code>true</code> if the custom login page is to be used, <code>false</code> otherwise. Defaults to <code>true</code> */ custom_login_page_on?: boolean; /** The content (HTML, CSS, JS) of the custom login page. */ custom_login_page?: string; /** The content (HTML, CSS, JS) of the custom login page. (Used on Previews) */ custom_login_page_preview?: string; /** HTML form template to be used for WS-Federation. */ form_template?: string; addons?: Management.ClientAddons; client_metadata?: Management.ClientMetadata; mobile?: Management.ClientMobile; /** Initiate login uri, must be https */ initiate_login_uri?: string; native_social_login?: Management.NativeSocialLogin; refresh_token?: Management.ClientRefreshTokenConfiguration | null; default_organization?: Management.ClientDefaultOrganization | null; organization_usage?: Management.ClientOrganizationUsageEnum; organization_require_behavior?: Management.ClientOrganizationRequireBehaviorEnum; /** Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both. */ organization_discovery_methods?: Management.ClientOrganizationDiscoveryEnum[]; client_authentication_methods?: Management.ClientCreateAuthenticationMethod; /** Makes the use of Pushed Authorization Requests mandatory for this client */ require_pushed_authorization_requests?: boolean; /** Makes the use of Proof-of-Possession mandatory for this client */ require_proof_of_possession?: boolean; signed_request_object?: Management.ClientSignedRequestObjectWithPublicKey; compliance_level?: Management.ClientComplianceLevelEnum | null; /** * Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). * If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. * See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information. */ skip_non_verifiable_callback_uri_confirmation_prompt?: boolean; token_exchange?: Management.ClientTokenExchangeConfiguration; /** Specifies how long, in seconds, a Pushed Authorization Request URI remains valid */ par_request_expiry?: number | null; token_quota?: Management.CreateTokenQuota; /** The identifier of the resource server that this client is linked to. */ resource_server_identifier?: string; express_configuration?: Management.ExpressConfiguration; async_approval_notification_channels?: Management.ClientAsyncApprovalNotificationsChannelsApiPostConfiguration; } /** * @example * { * fields: "fields", * include_fields: true * } */ export interface GetClientRequestParameters { /** Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. */ fields?: string | null; /** Whether specified fields are to be included (true) or excluded (false). */ include_fields?: boolean | null; } /** * @example * {} */ export interface UpdateClientRequestContent { /** The name of the client. Must contain at least one character. Does not allow '<' or '>'. */ name?: string; /** Free text description of the purpose of the Client. (Max character length: <code>140</code>) */ description?: string; /** The secret used to sign tokens for the client */ client_secret?: string; /** The URL of the client logo (recommended size: 150x150) */ logo_uri?: string; /** A set of URLs that are valid to call back from Auth0 when authenticating users */ callbacks?: string[]; oidc_logout?: Management.ClientOidcBackchannelLogoutSettings; oidc_backchannel_logout?: Management.ClientOidcBackchannelLogoutSettings; session_transfer?: Management.ClientSessionTransferConfiguration | null; /** A set of URLs that represents valid origins for CORS */ allowed_origins?: string[]; /** A set of URLs that represents valid web origins for use with web message response mode */ web_origins?: string[]; /** A set of grant types that the client is authorized to use. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, `urn:openid:params:grant-type:ciba`, `urn:ietf:params:oauth:grant-type:device_code`, and `urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token`. */ grant_types?: string[]; /** List of audiences for SAML protocol */ client_aliases?: string[]; /** Ids of clients that will be allowed to perform delegation requests. Clients that will be allowed to make delegation request. By default, all your clients will be allowed. This field allows you to specify specific clients */ allowed_clients?: string[]; /** URLs that are valid to redirect to after logout from Auth0. */ allowed_logout_urls?: string[]; jwt_configuration?: Management.ClientJwtConfiguration; encryption_key?: Management.ClientEncryptionKey | null; /** <code>true</code> to use Auth0 instead of the IdP to do Single Sign On, <code>false</code> otherwise (default: <code>false</code>) */ sso?: boolean; /** <code>true</code> if this client can be used to make cross-origin authentication requests, <code>false</code> otherwise if cross origin is disabled */ cross_origin_authentication?: boolean; /** URL for the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page. */ cross_origin_loc?: string | null; /** <code>true</code> to disable Single Sign On, <code>false</code> otherwise (default: <code>false</code>) */ sso_disabled?: boolean; /** <code>true</code> if the custom login page is to be used, <code>false</code> otherwise. */ custom_login_page_on?: boolean; token_endpoint_auth_method?: Management.ClientTokenEndpointAuthMethodOrNullEnum | null; /** If true, trust that the IP specified in the `auth0-forwarded-for` header is the end-user's IP for brute-force-protection on token endpoint. */ is_token_endpoint_ip_header_trusted?: boolean; app_type?: Management.ClientAppTypeEnum; /** Whether this client a first party client or not */ is_first_party?: boolean; /** Whether this client will conform to strict OIDC specifications */ oidc_conformant?: boolean; /** The content (HTML, CSS, JS) of the custom login page */ custom_login_page?: string; custom_login_page_preview?: string; token_quota?: Management.UpdateTokenQuota | null; /** Form template for WS-Federation protocol */ form_template?: string; addons?: Management.ClientAddons; client_metadata?: Management.ClientMetadata; mobile?: Management.ClientMobile; /** Initiate login uri, must be https */ initiate_login_uri?: string; native_social_login?: Management.NativeSocialLogin; refresh_token?: Management.ClientRefreshTokenConfiguration | null; default_organization?: Management.ClientDefaultOrganization | null; organization_usage?: Management.ClientOrganizationUsagePatchEnum | null; organization_require_behavior?: Management.ClientOrganizationRequireBehaviorPatchEnum | null; /** Defines the available methods for organization discovery during the `pre_login_prompt`. Users can discover their organization either by `email`, `organization_name` or both. */ organization_discovery_methods?: Management.ClientOrganizationDiscoveryEnum[]; client_authentication_methods?: Management.ClientAuthenticationMethod | null; /** Makes the use of Pushed Authorization Requests mandatory for this client */ require_pushed_authorization_requests?: boolean; /** Makes the use of Proof-of-Possession mandatory for this client */ require_proof_of_possession?: boolean; signed_request_object?: Management.ClientSignedRequestObjectWithCredentialId; compliance_level?: Management.ClientComplianceLevelEnum | null; /** * Controls whether a confirmation prompt is shown during login flows when the redirect URI uses non-verifiable callback URIs (for example, a custom URI schema such as `myapp://`, or `localhost`). * If set to true, a confirmation prompt will not be shown. We recommend that this is set to false for improved protection from malicious apps. * See https://auth0.com/docs/secure/security-guidance/measures-against-app-impersonation for more information. */ skip_non_verifiable_callback_uri_confirmation_prompt?: boolean | null; token_exchange?: Management.ClientTokenExchangeConfigurationOrNull | null; /** Specifies how long, in seconds, a Pushed Authorization Request URI remains valid */ par_request_expiry?: number | null; express_configuration?: Management.ExpressConfigurationOrNull | null; async_approval_notification_channels?: Management.ClientAsyncApprovalNotificationsChannelsApiPatchConfiguration; } /** * @example * { * from: "from", * take: 1 * } */ export interface ListConnectionProfileRequestParameters { /** Optional Id from which to start selection. */ from?: string | null; /** Number of results per page. Defaults to 5. */ take?: number | null; } /** * @example * { * name: "name" * } */ export interface CreateConnectionProfileRequestContent { name: Management.ConnectionProfileName; organization?: Management.ConnectionProfileOrganization; connection_name_prefix_template?: Management.ConnectionNamePrefixTemplate; enabled_features?: Management.ConnectionProfileEnabledFeatures; connection_config?: Management.ConnectionProfileConfig; strategy_overrides?: Management.ConnectionProfileStrategyOverrides; } /** * @example * {} */ export interface UpdateConnectionProfileRequestContent { name?: Management.ConnectionProfileName; organization?: Management.ConnectionProfileOrganization; connection_name_prefix_template?: Management.ConnectionNamePrefixTemplate; enabled_features?: Management.ConnectionProfileEnabledFeatures; connection_config?: Management.ConnectionProfileConfig; strategy_overrides?: Management.ConnectionProfileStrategyOverrides; } /** * @example * { * from: "from", * take: 1, * name: "name", * fields: "fields", * include_fields: true * } */ export interface ListConnectionsQueryParameters { /** Optional Id from which to start selection. */ from?: string | null; /** Number of results per page. Defaults to 50. */ take?: number | null; /** Provide strategies to only retrieve connections with such strategies */ strategy?: (Management.ConnectionStrategyEnum | null) | (Management.ConnectionStrategyEnum | null)[]; /** Provide the name of the connection to retrieve */ name?: string | null; /** A comma separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields */ fields?: string | null; /** <code>true</code> if the fields specified are to be included in the result, <code>false</code> otherwise (defaults to <code>true</code>) */ include_fields?: boolean | null; } /** * @example * { * name: "name", * strategy: "ad" * } */ export interface CreateConnectionRequestContent { /** The name of the connection. Must start and end with an alphanumeric character and can only contain alphanumeric characters and '-'. Max length 128 */ name: string; /** Connection name used in the new universal login experience */ display_name?: string; strategy: Management.ConnectionIdentityProviderEnum; options?: Management.ConnectionPropertiesOptions; /** DEPRECATED property. Use the PATCH /v2/connections/{id}/clients endpoint to enable the connection for a set of clients. */ enabled_clients?: string[]; /** <code>true</code> promotes to a domain-level connection so that third-party applications can use it. <code>false</code> does not promote the connection, so only first-party applications with the connection enabled can use it. (Defaults to <code>false</code>.) */ is_domain_connection?: boolean; /** Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. (Defaults to <code>false</code>.) */ show_as_button?: boolean; /** Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm. */ realms?: string[]; metadata?: Management.ConnectionsMetadata; authentication?: Management.ConnectionAuthenticationPurpose; connected_accounts?: Management.ConnectionConnectedAccountsPurpose; } /** * @example * { * fields: "fields", * include_fields: true * } */ export interface GetConnectionRequestParameters { /** A comma separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields */ fields?: string | null; /** <code>true</code> if the fields specified are to be included in the result, <code>false</code> otherwise (defaults to <code>true</code>) */ include_fields?: boolean | null; } /** * @example * {} */ export interface UpdateConnectionRequestContent { /** The connection name used in the new universal login experience. If display_name is not included in the request, the field will be overwritten with the name value. */ display_name?: string; options?: Management.UpdateConnectionOptions | null; /** DEPRECATED property. Use the PATCH /v2/connections/{id}/clients endpoint to enable or disable the connection for any clients. */ enabled_clients?: string[]; /** <code>true</code> promotes to a domain-level connection so that third-party applications can use it. <code>false</code> does not promote the connection, so only first-party applications with the connection enabled can use it. (Defaults to <code>false</code>.) */ is_domain_connection?: boolean; /** Enables showing a button for the connection in the login page (new experience only). If false, it will be usable only by HRD. (Defaults to <code>false</code>.) */ show_as_button?: boolean; /** Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm. */ realms?: string[]; metadata?: Management.ConnectionsMetadata; authentication?: Management.ConnectionAuthenticationPurpose; connected_accounts?: Management.ConnectionConnectedAccountsPurpose; } /** * @example * { * q: "q", * fields: "fields", * include_fields: true, * sort: "sort" * } */ export interface ListCustomDomainsRequestParameters { /** Query in <a href ="http://www.lucenetutorial.com/lucene-query-syntax.html">Lucene query string syntax</a>. */ q?: string | null; /** Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. */ fields?: string | null; /** Whether specified fields are to be included (true) or excluded (false). */ include_fields?: boolean | null; /** Field to sort by. Only <code>domain:1</code> (ascending order by domain) is supported at this time. */ sort?: string | null; } /** * @example * { * domain: "domain", * type: "auth0_managed_certs" * } */ export interface CreateCustomDomainRequestContent { /** Domain name. */ domain: string; type: Management.CustomDomainProvisioningTypeEnum; verification_method?: Management.CustomDomainVerificationMethodEnum; tls_policy?: Management.CustomDomainTlsPolicyEnum; custom_client_ip_header?: Management.CustomDomainCustomClientIpHeader | undefined; domain_metadata?: Management.DomainMetadata; } /** * @example * {} */ export interface UpdateCustomDomainRequestContent { tls_policy?: Management.CustomDomainTlsPolicyEnum; custom_client_ip_header?: Management.CustomDomainCustomClientIpHeader | undefined; domain_metadata?: Management.DomainMetadata; } /** * @example * { * page: 1, * per_page: 1, * include_totals: true, * fields: "fields", * include_fields: true, * user_id: "user_id", * client_id: "client_id", * type: "public_key" * } */ export interface ListDeviceCredentialsRequestParameters { /** Page index of the results to return. First page is 0. */ page?: number | null; /** Number of results per page. There is a maximum of 1000 results allowed from this endpoint. */ per_page?: number | null; /** Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). */ include_totals?: boolean | null; /** Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields. */ fields?: string | null; /** Whether specified fields are to be included (true) or excluded (false). */ include_fields?: boolean | null; /** user_id of the devices to retrieve. */ user_id?: string | null; /** client_id of the devices to retrieve. */ client_id?: string | null; /** Type of credentials to retrieve. Must be `public_key`, `refresh_token` or `rotating_refresh_token`. The property will default to `refresh_token` when paging is requested */ type?: Management.DeviceCredentialTypeEnum | null; } /** * @example * { * device_name: "device_name", * value: "value", * device_id: "device_id" * } */ export interface CreatePublicKeyDeviceCredentialRequestContent { /** Name for this device easily recognized by owner. */ device_name: string; /** Base64 encoded string containing the credential. */ value: string; /** Unique identifier for the device. Recommend using <a href="http://developer.android.com/reference/android/provider/Settings.Secure.html#ANDROID_ID">Android_ID</a> on Android and <a href="https://developer.apple.com/library/ios/documentation/UIKit/Reference/UIDevice_Class/index.html#//apple_ref/occ/instp/UIDevice/identifierForVendor">identifierForVendor</a>. */ device_id: string; /** client_id of the client (application) this credential is for. */ client_id?: string; } /** * @example * { * template: "verify_email" * } */ export interface CreateEmailTemplateRequestContent { template: Management.EmailTemplateNameEnum; /** Body of the email template. */ body?: string | null; /** Senders `from` email address. */ from?: string | null; /** URL to redirect the user to after a successful action. */ resultUrl?: string | null; /** Subject line of the email. */ subject?: string | null; /** Syntax of the template body. */ syntax?: string | null; /** Lifetime in seconds that the link within the email will be valid for. */ urlLifetimeInSeconds?: number | null; /** Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true. */ includeEmailInRedirect?: boolean; /** Whether the template is enabled (true) or disabled (false). */ enabled?: boolean | null; } /** * @example * { * template: "verify_email" * } */ export interface SetEmailTemplateRequestContent { template: Management.EmailTemplateNameEnum; /** Body of the email template. */ body?: string | null; /** Senders `from` email address. */ from?: string | null; /** URL to redirect the user to after a successful action. */ resultUrl?: string | null; /** Subject line of the email. */ subject?: string | null; /** Syntax of the template body. */ syntax?: string | null; /** Lifetime in seconds that the link within the email will be valid for. */ urlLifetimeInSeconds?: number | null; /** Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true. */ includeEmailInRedirect?: boolean; /** Whether the template is enabled (true) or disabled (false). */ enabled?: boolean | null; } /** * @example * {} */ export interface UpdateEmailTemplateRequestContent { template?: Management.EmailTemplateNameEnum; /** Body of the email template. */ body?: string | null; /** Senders `from` email address. */ from?: string | null; /** URL to redirect the user to after a successful action. */ resultUrl?: string | null; /** Subject line of the email. */ subject?: string | null; /** Syntax of the template body. */ syntax?: string | null; /** Lifetime in seconds that the link within the email will be valid for. */ urlLifetimeInSeconds?: number | null; /** Whether the `reset_email` and `verify_email` templates should include the user's email address as the `email` parameter in the returnUrl (true) or whether no email address should be included in the redirect (false). Defaults to true. */ includeEmailInRedirect?: boolean; /** Whether the template is enabled (true) or disabled (false). */ enabled?: boolean | null; } /** * @example * { * from: "from", * take: 1 * } */ export interface ListEventStreamsRequestParameters { /** Optional Id from which to start selection. */ from?: string | null; /** Number of results per page. Defaults to 50. */ take?: number | null; } /** * @example * {} */ export interface UpdateEventStreamRequestContent { /** Name of the event stream. */ name?: string; /** List of event types subscribed to in this stream. */ subscriptions?: Management.EventStreamSubscription[]; destination?: Management.EventStreamDestinationPatch; status?: Management.EventStreamStatusEnum; } /** * @example * { * event_type: "user.created" * } */ export interface CreateEventStreamTestEventRequestContent { event_type: Management.EventStreamTestEventTypeEnum; data?: Management.TestEventDataContent; } /** * @example * { * page: 1, * per_page: 1, * include_totals: true, * synchronous: true * } */ export interface FlowsListRequest { /** Page index of the results to return. First page is 0. */ page?: number | null; /** Number of results per page. Defaults to 50. */ per_page?: number | null; /** Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). */ include_totals?: boolean | null; /** hydration param */ hydrate?: ("form_count" | null) | ("form_count" | null)[]; /** flag to filter by sync/async flows */ synchronous?: boolean | null; } /** * @example * { * name: "name" * } */ export interface CreateFlowRequestContent { name: string; actions?: Management.FlowAction[]; } /** * @example * {} */ export interface GetFlowRequestParameters { /** hydration param */ hydrate?: (Management.GetFlowRequestParametersHydrateEnum | null) | (Management.GetFlowRequestParametersHydrateEnum | null)[]; } /** * @example * {} */ export interface UpdateFlowRequestContent { name?: string; actions?: Management.FlowAction[]; } /** * @example * { * page: 1, * per_page: 1, * include_totals: true * } */ export interface ListFormsRequestParameters { /** Page index of the results to return. First page is 0. */ page?: number | null; /** Number of results per page. Defaults to 50. */ per_page?: number | null; /** Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). */ include_totals?: boolean | null; /** Query parameter to hydrate the response with additional data */ hydrate?: (Management.FormsRequestParametersHydrateEnum | null) | (Management.FormsRequestParametersHydrateEnum | null)[]; } /** * @example * { * name: "name" * } */ export interface CreateFormRequestContent { name: string; messages?: Management.FormMessages; languages?: Management.FormLanguages; translations?: Management.FormTranslations; nodes?: Management.FormNodeList; start?: Management.FormStartNode; ending?: Management.FormEndingNode; style?: Management.FormStyle; } /** * @example * {} */ export interface GetFormRequestParameters { /** Query parameter to hydrate the response with additional data */ hydrate?: (Management.FormsRequestParametersHydrateEnum | null) | (Management.FormsRequestParametersHydrateEnum | null)[]; } /** * @example * {} */ export interface UpdateFormRequestContent { name?: string; messages?: Management.FormMessagesNullable | undefined; languages?: Management.FormLanguagesNullable | undefined; translations?: Management.FormTranslationsNullable | undefined; nodes?: Management.FormNodeListNullable | undefined; start?: Management.FormStartNodeNullable | undefined; ending?: Management.FormEndingNodeNullable | undefined; style?: Management.FormStyleNullable | undefined; } /** * @example * { * per_page: 1, * page: 1, * include_totals: true, * user_id: "user_id", * client_id: "client_id", * audience: "audience" * } */ export interface ListUserGrantsRequestParameters { /** Number of results per page. */ per_page?: number | null; /** Page index of the results to return. First page is 0. */ page?: number | null; /** Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). */ include_totals?: boolean | null; /** user_id of the grants to retrieve. */ user_id?: string | null; /** client_id of the grants to retrieve. */ client_id?: string | null; /** audience of the grants to retrieve. */ audience?: string | null; } /** * @example * { * user_id: "user_id" * } */ export interface DeleteUserGrantByUserIdRequestParameters { /** user_id of the grant to delete. */ user_id: string; } /** * @example * { * page: 1, * per_page: 1, * include_totals: true, * enabled: true, * fields: "fields", * triggerId: "credentials-exchange" * } */ export interface ListHooksRequestParameters { /** Page index of the results to return. First page is 0. */ page?: number | null; /** Number of results per page. */ per_page?: number | null; /** Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). */ include_totals?: boolean | null; /** Optional filter on whether a hook is enabled (true) or disabled (false). */ enabled?: boolean | null; /** Comma-separated list of fields to include in the result. Leave empty to retrieve all fields. */ fields?: string | null; /** Retrieves hooks that match the trigger */ triggerId?: Management.HookTriggerIdEnum | null; } /** * @example * { * name: "name", * script: "script", * triggerId: "credentials-exchange" * } */ export interface CreateHookRequestContent { /** Name of this hook. */ name: string; /** Code to be executed when this hook runs. */ script: string; /** Whether this hook will be executed (true) or ignored (false). */ enabled?: boolean; dependencies?: Management.HookDependencies; triggerId: Management.HookTriggerIdEnum; } /** * @example * { * fields: "fields" * } */ export interface GetHookRequestParameters { /** Comma-separated list of fields to include in the result. Leave empty to retrieve all fields. */ fields?: string | null; } /** * @example * {} */ export interface UpdateHookRequestContent { /** Name of this hook. */ name?: string; /** Code to be executed when this hook runs. */ script?: string; /** Whether this hook will be executed (true) or ignored (false). */ enabled?: boolean; dependencies?: Management.HookDependencies; } /** * @example * {} */ export interface UpdateLogStreamRequestContent { /** log stream name */ name?: string; status?: Management.LogStreamStatusEnum; /** True for priority log streams, false for non-priority */ isPriority?: boolean; /** Only logs events matching these filters will be delivered by the stream. If omitted or empty, all events will be delivered. */ filters?: Management.LogStreamFilter[]; pii_config?: Management.LogStreamPiiConfig; sink?: Management.LogStreamSinkPatch; } /** * @example * { * page: 1, * per_page: 1, * sort: "sort", * fields: "fields", * include_fields: true, * include_totals: true, * search: "search" * } */ export interface ListLogsRequestParameters { /** Page index of the results to return. First page is 0. */ page?: number | null; /** Number of results per page. Paging is disabled if parameter not sent. Default: <code>50</code>. Max value: <code>100</code> */ per_page?: number | null; /** Field to use for sorting appended with <code>:1</code> for ascending and <code>:-1</code> for descending. e.g. <code>date:-1</code> */ sort?: string | null; /** Comma-separated list of fields to include or exclude (based on value provided for <code>include_fields</code>) in the result. Leave empty to retrieve all fields. */ fields?: string | null; /** Whether specified fields are to be included (<code>true</code>) or excluded (<code>false</code>) */ include_fields?: boolean | null; /** Return results as an array when false (default). Return results inside an object that also contains a total result count when true. */ include_totals?: boolean | null; /** * Retrieves logs that match the specified search criteria. This parameter can be combined with all the others in the /api/logs endpoint but is specified separately for clarity. * If no fields are provided a case insensitive 'starts with' search is performed on all of the following fields: client_name, connection, user_name. Otherwise, you can specify multiple fields and specify the search using the %field%:%search%, for example: application:node user:"John@contoso.com". * Values specified without quotes are matched using a case insensitive 'starts with' search. If quotes are used a case insensitve exact search is used. If multiple fields are used, the AND operator is used to join the clauses. */ search?: string | null; } /** * @example * { * page: 1, * per_page: 1, * include_totals: true * } */ export interface ListNetworkAclsRequestParameters { /** Use this field to request a specific page of the list results. */ page?: number | null; /** The amount of results per page. */ per_page?: number | null; /** Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). */ include_totals?: boolean | null; } /** * @example * { * description: "description", * active: true, * priority: 1.1, * rule: { * action: {}, * scope: "management" * } * } */ export interface CreateNetworkAclRequestContent { description: string; /** Indicates whether or not this access control list is actively being used */ active: boolean; /** Indicates the order in which the ACL will be evaluated relative to other ACL rules. */ priority: number; rule: Management.NetworkAclRule; } /** * @example * { * description: "description", * active: true, * priority: 1.1, * rule: { * action: {}, * scope: "management" * } * } */ export interface SetNetworkAclRequestContent { description: string; /** Indicates whether or not this access control list is actively being used */ active: boolean; /** Indicates the order in which the ACL will be evaluated relative to other ACL rules. */ priority: number; rule: Management.NetworkAclRule; } /** * @example * {} */ export interface UpdateNetworkAclRequestContent { description?: string; /** Indicates whether or not this access control list is actively being used */ active?: boolean; /** Indicates the order in which the ACL will be evaluated relative to other ACL rules. */ priority?: number; rule?: Management.NetworkAclRule; } /** * @example * { * from: "from", * take: 1, * sort: "sort" * } */ export interface ListOrganizationsRequestParameters { /** Optional Id from which to start selection. */ from?: string | null; /** Number of results per page. Defaults to 50. */ take?: number | null; /** Field to sort by. Use <code>field:order</code> where order is <code>1</code> for ascending and <code>-1</code> for descending. e.g. <code>created_at:1</code>. We currently support sorting by the following fields: <code>name</code>, <code>display_name</code> and <code>created_at</code>. */ sort?: string | null; } /** * @example * { * name: "name" * } */ export interface CreateOrganizationRequestContent { /** The name of this organization. */ name: string; /** Friendly name of this organization. */ display_name?: string; branding?: Management.OrganizationBranding; metadata?: Management.OrganizationMetadata; /** Connections that will be enabled for this organization. See POST enabled_connections endpoint for the object format. (Max of 10 connections allowed) */ enabled_connections?: Management.ConnectionForOrganization[]; token_quota?: Management.CreateTokenQuota; } /** * @example * {} */ export interface UpdateOrganizationRequestContent { /** Friendly name of this organization. */ display_name?: string; /** The name of this organization. */ name?: string; branding?: Management.OrganizationBranding; metadata?: Management.OrganizationMetadata; token_quota?: Management.UpdateTokenQuota | null; } /** * @example * {} */ export interface UpdateSettingsRequestContent { universal_login_experience?: Management.UniversalLoginExperienceEnum; /** Whether identifier first is enabled or not */ identifier_first?: boolean | null; /** Use WebAuthn with Device Biometrics as the first authentication factor */ webauthn_platform_first_factor?: boolean | null; } /** * @example * { * page: 1, * per_page: 1, * include_totals: true, * include_fields: true * } */ export interface ListResourceServerRequestParameters { /** An optional filter on the resource server identifier. Must be URL encoded and may be specified multiple times (max 10). e.g. ../resource-servers?identifiers=id1&identifiers=id2 */ identifiers?: (string | null) | (string | null)[]; /** Page index of the results to return. First page is 0. */ page?: number | null; /** Number of results per page. */ per_page?: number | null; /** Return results inside an object that contains the total result count (true) or as a direct array of results (false, default). */ include_totals?: boolean | null; /** Whether specified fields are to be included (true) or excluded (false). */ include_fields?: boolean | null; } /** * @example * { * identifier: "identifier" * } */ export interface CreateResourceServerRequestContent { /** Friendly name for this resource server. Can not contain `<` or `>` characters. */ name?: string; /** Unique identifier for the API used as the audience parameter on authorization calls. Can not be changed once set. */ identifier: string; /** List of permissions (scopes) that this API uses. */ scopes?: Management.ResourceServerScope[]; signing_alg?: Management.SigningAlgorithmEnum; /** Secret used to sign tokens when using symmetric algorithms (HS256). */ signing_secret?: string; /** Whether refresh tokens can be issued for this API (true) or not (false). */ allow_offline_access?: boolean; /** Expiration value (in seconds) for access tokens issued for this API from the token endpoint. */ token_lifetime?: number; token_dialect?: