authentik-api 2026.2.3 → 2026.5.0.rc2

data/lib/authentik/api/api/policies_api.rb

@@ -1592,7 +1592,7 @@ module Authentik::Api
 
     # Event Matcher Policy Viewset
     # @param [Hash] opts the optional parameters
-    # @option opts [String] :action Match created events with this action type. When left empty, all action types will be matched.  
+    # @option opts [EventActions] :action 
     # @option opts [String] :app 
     # @option opts [String] :client_ip 
     # @option opts [Time] :created 
@@ -1604,6 +1604,7 @@ module Authentik::Api
     # @option opts [Integer] :page A page number within the paginated result set.
     # @option opts [Integer] :page_size Number of results to return per page.
     # @option opts [String] :policy_uuid 
+    # @option opts [String] :query 
     # @option opts [String] :search A search term.
     # @return [PaginatedEventMatcherPolicyList]
     def policies_event_matcher_list(opts = {})
@@ -1613,7 +1614,7 @@ module Authentik::Api
 
     # Event Matcher Policy Viewset
     # @param [Hash] opts the optional parameters
-    # @option opts [String] :action Match created events with this action type. When left empty, all action types will be matched.  
+    # @option opts [EventActions] :action 
     # @option opts [String] :app 
     # @option opts [String] :client_ip 
     # @option opts [Time] :created 
@@ -1625,16 +1626,13 @@ module Authentik::Api
     # @option opts [Integer] :page A page number within the paginated result set.
     # @option opts [Integer] :page_size Number of results to return per page.
     # @option opts [String] :policy_uuid 
+    # @option opts [String] :query 
     # @option opts [String] :search A search term.
     # @return [Array<(PaginatedEventMatcherPolicyList, Integer, Hash)>] PaginatedEventMatcherPolicyList data, response status code and response headers
     def policies_event_matcher_list_with_http_info(opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: PoliciesApi.policies_event_matcher_list ...'
       end
-      allowable_values = ["authorize_application", "configuration_error", "configuration_warning", "custom_", "email_sent", "export_ready", "flow_execution", "impersonation_ended", "impersonation_started", "invitation_used", "login", "login_failed", "logout", "model_created", "model_deleted", "model_updated", "password_set", "policy_exception", "policy_execution", "property_mapping_exception", "review_attested", "review_completed", "review_initiated", "review_overdue", "secret_rotate", "secret_view", "source_linked", "suspicious_request", "system_exception", "system_task_exception", "system_task_execution", "update_available", "user_write"]
-      if @api_client.config.client_side_validation && opts[:'action'] && !allowable_values.include?(opts[:'action'])
-        fail ArgumentError, "invalid value for \"action\", must be one of #{allowable_values}"
-      end
       # resource path
       local_var_path = '/policies/event_matcher/'
 
@@ -1652,6 +1650,7 @@ module Authentik::Api
       query_params[:'page'] = opts[:'page'] if !opts[:'page'].nil?
       query_params[:'page_size'] = opts[:'page_size'] if !opts[:'page_size'].nil?
       query_params[:'policy_uuid'] = opts[:'policy_uuid'] if !opts[:'policy_uuid'].nil?
+      query_params[:'query'] = opts[:'query'] if !opts[:'query'].nil?
       query_params[:'search'] = opts[:'search'] if !opts[:'search'].nil?
 
       # header parameters

data/lib/authentik/api/api/providers_api.rb

@@ -3440,9 +3440,9 @@ module Authentik::Api
     # @option opts [String] :application 
     # @option opts [String] :authorization_flow 
     # @option opts [String] :client_id 
-    # @option opts [String] :client_type Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable  
+    # @option opts [ClientTypeEnum] :client_type 
     # @option opts [Boolean] :include_claims_in_id_token 
-    # @option opts [String] :issuer_mode Configure how the issuer field of the ID Token should be filled.  
+    # @option opts [IssuerModeEnum] :issuer_mode 
     # @option opts [String] :name 
     # @option opts [String] :ordering Which field to use when ordering the results.
     # @option opts [Integer] :page A page number within the paginated result set.
@@ -3451,7 +3451,7 @@ module Authentik::Api
     # @option opts [String] :refresh_token_validity 
     # @option opts [String] :search A search term.
     # @option opts [String] :signing_key 
-    # @option opts [String] :sub_mode Configure what data should be used as unique User Identifier. For most cases, the default should be fine.  
+    # @option opts [SubModeEnum] :sub_mode 
     # @return [PaginatedOAuth2ProviderList]
     def providers_oauth2_list(opts = {})
       data, _status_code, _headers = providers_oauth2_list_with_http_info(opts)
@@ -3465,9 +3465,9 @@ module Authentik::Api
     # @option opts [String] :application 
     # @option opts [String] :authorization_flow 
     # @option opts [String] :client_id 
-    # @option opts [String] :client_type Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable  
+    # @option opts [ClientTypeEnum] :client_type 
     # @option opts [Boolean] :include_claims_in_id_token 
-    # @option opts [String] :issuer_mode Configure how the issuer field of the ID Token should be filled.  
+    # @option opts [IssuerModeEnum] :issuer_mode 
     # @option opts [String] :name 
     # @option opts [String] :ordering Which field to use when ordering the results.
     # @option opts [Integer] :page A page number within the paginated result set.
@@ -3476,24 +3476,12 @@ module Authentik::Api
     # @option opts [String] :refresh_token_validity 
     # @option opts [String] :search A search term.
     # @option opts [String] :signing_key 
-    # @option opts [String] :sub_mode Configure what data should be used as unique User Identifier. For most cases, the default should be fine.  
+    # @option opts [SubModeEnum] :sub_mode 
     # @return [Array<(PaginatedOAuth2ProviderList, Integer, Hash)>] PaginatedOAuth2ProviderList data, response status code and response headers
     def providers_oauth2_list_with_http_info(opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProvidersApi.providers_oauth2_list ...'
       end
-      allowable_values = ["confidential", "public"]
-      if @api_client.config.client_side_validation && opts[:'client_type'] && !allowable_values.include?(opts[:'client_type'])
-        fail ArgumentError, "invalid value for \"client_type\", must be one of #{allowable_values}"
-      end
-      allowable_values = ["global", "per_provider"]
-      if @api_client.config.client_side_validation && opts[:'issuer_mode'] && !allowable_values.include?(opts[:'issuer_mode'])
-        fail ArgumentError, "invalid value for \"issuer_mode\", must be one of #{allowable_values}"
-      end
-      allowable_values = ["hashed_user_id", "user_email", "user_id", "user_upn", "user_username", "user_uuid"]
-      if @api_client.config.client_side_validation && opts[:'sub_mode'] && !allowable_values.include?(opts[:'sub_mode'])
-        fail ArgumentError, "invalid value for \"sub_mode\", must be one of #{allowable_values}"
-      end
       # resource path
       local_var_path = '/providers/oauth2/'
 
@@ -5598,14 +5586,14 @@ module Authentik::Api
     # @option opts [String] :authn_context_class_ref_mapping 
     # @option opts [String] :authorization_flow 
     # @option opts [String] :backchannel_application 
-    # @option opts [String] :default_name_id_policy 
+    # @option opts [SAMLNameIDPolicyEnum] :default_name_id_policy 
     # @option opts [String] :default_relay_state 
-    # @option opts [String] :digest_algorithm 
+    # @option opts [DigestAlgorithmEnum] :digest_algorithm 
     # @option opts [String] :encryption_kp 
     # @option opts [String] :invalidation_flow 
     # @option opts [Boolean] :is_backchannel 
-    # @option opts [String] :issuer 
-    # @option opts [String] :logout_method Method to use for logout. Front-channel iframe loads all logout URLs simultaneously in hidden iframes. Front-channel native uses your active browser tab to send post requests and redirect to providers. Back-channel sends logout requests directly from the server without user interaction (requires POST SLS binding).  
+    # @option opts [String] :issuer_override 
+    # @option opts [SAMLLogoutMethods] :logout_method 
     # @option opts [String] :name 
     # @option opts [String] :name_id_mapping 
     # @option opts [String] :ordering Which field to use when ordering the results.
@@ -5616,12 +5604,13 @@ module Authentik::Api
     # @option opts [String] :session_valid_not_on_or_after 
     # @option opts [Boolean] :sign_assertion 
     # @option opts [Boolean] :sign_logout_request 
+    # @option opts [Boolean] :sign_logout_response 
     # @option opts [Boolean] :sign_response 
-    # @option opts [String] :signature_algorithm 
+    # @option opts [SignatureAlgorithmEnum] :signature_algorithm 
     # @option opts [String] :signing_kp 
-    # @option opts [String] :sls_binding This determines how authentik sends the logout response back to the Service Provider.  
+    # @option opts [SAMLBindingsEnum] :sls_binding 
     # @option opts [String] :sls_url 
-    # @option opts [String] :sp_binding This determines how authentik sends the response back to the Service Provider.  
+    # @option opts [SAMLBindingsEnum] :sp_binding 
     # @option opts [String] :verification_kp 
     # @return [PaginatedSAMLProviderList]
     def providers_saml_list(opts = {})
@@ -5639,14 +5628,14 @@ module Authentik::Api
     # @option opts [String] :authn_context_class_ref_mapping 
     # @option opts [String] :authorization_flow 
     # @option opts [String] :backchannel_application 
-    # @option opts [String] :default_name_id_policy 
+    # @option opts [SAMLNameIDPolicyEnum] :default_name_id_policy 
     # @option opts [String] :default_relay_state 
-    # @option opts [String] :digest_algorithm 
+    # @option opts [DigestAlgorithmEnum] :digest_algorithm 
     # @option opts [String] :encryption_kp 
     # @option opts [String] :invalidation_flow 
     # @option opts [Boolean] :is_backchannel 
-    # @option opts [String] :issuer 
-    # @option opts [String] :logout_method Method to use for logout. Front-channel iframe loads all logout URLs simultaneously in hidden iframes. Front-channel native uses your active browser tab to send post requests and redirect to providers. Back-channel sends logout requests directly from the server without user interaction (requires POST SLS binding).  
+    # @option opts [String] :issuer_override 
+    # @option opts [SAMLLogoutMethods] :logout_method 
     # @option opts [String] :name 
     # @option opts [String] :name_id_mapping 
     # @option opts [String] :ordering Which field to use when ordering the results.
@@ -5657,42 +5646,19 @@ module Authentik::Api
     # @option opts [String] :session_valid_not_on_or_after 
     # @option opts [Boolean] :sign_assertion 
     # @option opts [Boolean] :sign_logout_request 
+    # @option opts [Boolean] :sign_logout_response 
     # @option opts [Boolean] :sign_response 
-    # @option opts [String] :signature_algorithm 
+    # @option opts [SignatureAlgorithmEnum] :signature_algorithm 
     # @option opts [String] :signing_kp 
-    # @option opts [String] :sls_binding This determines how authentik sends the logout response back to the Service Provider.  
+    # @option opts [SAMLBindingsEnum] :sls_binding 
     # @option opts [String] :sls_url 
-    # @option opts [String] :sp_binding This determines how authentik sends the response back to the Service Provider.  
+    # @option opts [SAMLBindingsEnum] :sp_binding 
     # @option opts [String] :verification_kp 
     # @return [Array<(PaginatedSAMLProviderList, Integer, Hash)>] PaginatedSAMLProviderList data, response status code and response headers
     def providers_saml_list_with_http_info(opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProvidersApi.providers_saml_list ...'
       end
-      allowable_values = ["urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"]
-      if @api_client.config.client_side_validation && opts[:'default_name_id_policy'] && !allowable_values.include?(opts[:'default_name_id_policy'])
-        fail ArgumentError, "invalid value for \"default_name_id_policy\", must be one of #{allowable_values}"
-      end
-      allowable_values = ["http://www.w3.org/2000/09/xmldsig#sha1", "http://www.w3.org/2001/04/xmldsig-more#sha384", "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmlenc#sha512"]
-      if @api_client.config.client_side_validation && opts[:'digest_algorithm'] && !allowable_values.include?(opts[:'digest_algorithm'])
-        fail ArgumentError, "invalid value for \"digest_algorithm\", must be one of #{allowable_values}"
-      end
-      allowable_values = ["backchannel", "frontchannel_iframe", "frontchannel_native"]
-      if @api_client.config.client_side_validation && opts[:'logout_method'] && !allowable_values.include?(opts[:'logout_method'])
-        fail ArgumentError, "invalid value for \"logout_method\", must be one of #{allowable_values}"
-      end
-      allowable_values = ["http://www.w3.org/2000/09/xmldsig#dsa-sha1", "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"]
-      if @api_client.config.client_side_validation && opts[:'signature_algorithm'] && !allowable_values.include?(opts[:'signature_algorithm'])
-        fail ArgumentError, "invalid value for \"signature_algorithm\", must be one of #{allowable_values}"
-      end
-      allowable_values = ["post", "redirect"]
-      if @api_client.config.client_side_validation && opts[:'sls_binding'] && !allowable_values.include?(opts[:'sls_binding'])
-        fail ArgumentError, "invalid value for \"sls_binding\", must be one of #{allowable_values}"
-      end
-      allowable_values = ["post", "redirect"]
-      if @api_client.config.client_side_validation && opts[:'sp_binding'] && !allowable_values.include?(opts[:'sp_binding'])
-        fail ArgumentError, "invalid value for \"sp_binding\", must be one of #{allowable_values}"
-      end
       # resource path
       local_var_path = '/providers/saml/'
 
@@ -5712,7 +5678,7 @@ module Authentik::Api
       query_params[:'encryption_kp'] = opts[:'encryption_kp'] if !opts[:'encryption_kp'].nil?
       query_params[:'invalidation_flow'] = opts[:'invalidation_flow'] if !opts[:'invalidation_flow'].nil?
       query_params[:'is_backchannel'] = opts[:'is_backchannel'] if !opts[:'is_backchannel'].nil?
-      query_params[:'issuer'] = opts[:'issuer'] if !opts[:'issuer'].nil?
+      query_params[:'issuer_override'] = opts[:'issuer_override'] if !opts[:'issuer_override'].nil?
       query_params[:'logout_method'] = opts[:'logout_method'] if !opts[:'logout_method'].nil?
       query_params[:'name'] = opts[:'name'] if !opts[:'name'].nil?
       query_params[:'name_id_mapping'] = opts[:'name_id_mapping'] if !opts[:'name_id_mapping'].nil?
@@ -5724,6 +5690,7 @@ module Authentik::Api
       query_params[:'session_valid_not_on_or_after'] = opts[:'session_valid_not_on_or_after'] if !opts[:'session_valid_not_on_or_after'].nil?
       query_params[:'sign_assertion'] = opts[:'sign_assertion'] if !opts[:'sign_assertion'].nil?
       query_params[:'sign_logout_request'] = opts[:'sign_logout_request'] if !opts[:'sign_logout_request'].nil?
+      query_params[:'sign_logout_response'] = opts[:'sign_logout_response'] if !opts[:'sign_logout_response'].nil?
       query_params[:'sign_response'] = opts[:'sign_response'] if !opts[:'sign_response'].nil?
       query_params[:'signature_algorithm'] = opts[:'signature_algorithm'] if !opts[:'signature_algorithm'].nil?
       query_params[:'signing_kp'] = opts[:'signing_kp'] if !opts[:'signing_kp'].nil?
@@ -5770,7 +5737,7 @@ module Authentik::Api
     # @param id [Integer] A unique integer value identifying this SAML Provider.
     # @param [Hash] opts the optional parameters
     # @option opts [Boolean] :download 
-    # @option opts [String] :force_binding Optionally force the metadata to only include one binding.
+    # @option opts [ForceBindingEnum] :force_binding 
     # @return [SAMLMetadata]
     def providers_saml_metadata_retrieve(id, opts = {})
       data, _status_code, _headers = providers_saml_metadata_retrieve_with_http_info(id, opts)
@@ -5781,7 +5748,7 @@ module Authentik::Api
     # @param id [Integer] A unique integer value identifying this SAML Provider.
     # @param [Hash] opts the optional parameters
     # @option opts [Boolean] :download 
-    # @option opts [String] :force_binding Optionally force the metadata to only include one binding.
+    # @option opts [ForceBindingEnum] :force_binding 
     # @return [Array<(SAMLMetadata, Integer, Hash)>] SAMLMetadata data, response status code and response headers
     def providers_saml_metadata_retrieve_with_http_info(id, opts = {})
       if @api_client.config.debugging
@@ -5791,10 +5758,6 @@ module Authentik::Api
       if @api_client.config.client_side_validation && id.nil?
         fail ArgumentError, "Missing the required parameter 'id' when calling ProvidersApi.providers_saml_metadata_retrieve"
       end
-      allowable_values = ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"]
-      if @api_client.config.client_side_validation && opts[:'force_binding'] && !allowable_values.include?(opts[:'force_binding'])
-        fail ArgumentError, "invalid value for \"force_binding\", must be one of #{allowable_values}"
-      end
       # resource path
       local_var_path = '/providers/saml/{id}/metadata/'.sub('{id}', CGI.escape(id.to_s))
 
@@ -8013,14 +7976,14 @@ module Authentik::Api
     # @option opts [String] :authn_context_class_ref_mapping 
     # @option opts [String] :authorization_flow 
     # @option opts [String] :backchannel_application 
-    # @option opts [String] :default_name_id_policy 
+    # @option opts [SAMLNameIDPolicyEnum] :default_name_id_policy 
     # @option opts [String] :default_relay_state 
-    # @option opts [String] :digest_algorithm 
+    # @option opts [DigestAlgorithmEnum] :digest_algorithm 
     # @option opts [String] :encryption_kp 
     # @option opts [String] :invalidation_flow 
     # @option opts [Boolean] :is_backchannel 
-    # @option opts [String] :issuer 
-    # @option opts [String] :logout_method Method to use for logout. Front-channel iframe loads all logout URLs simultaneously in hidden iframes. Front-channel native uses your active browser tab to send post requests and redirect to providers. Back-channel sends logout requests directly from the server without user interaction (requires POST SLS binding).  
+    # @option opts [String] :issuer_override 
+    # @option opts [SAMLLogoutMethods] :logout_method 
     # @option opts [String] :name 
     # @option opts [String] :name_id_mapping 
     # @option opts [String] :ordering Which field to use when ordering the results.
@@ -8031,12 +7994,13 @@ module Authentik::Api
     # @option opts [String] :session_valid_not_on_or_after 
     # @option opts [Boolean] :sign_assertion 
     # @option opts [Boolean] :sign_logout_request 
+    # @option opts [Boolean] :sign_logout_response 
     # @option opts [Boolean] :sign_response 
-    # @option opts [String] :signature_algorithm 
+    # @option opts [SignatureAlgorithmEnum] :signature_algorithm 
     # @option opts [String] :signing_kp 
-    # @option opts [String] :sls_binding This determines how authentik sends the logout response back to the Service Provider.  
+    # @option opts [SAMLBindingsEnum] :sls_binding 
     # @option opts [String] :sls_url 
-    # @option opts [String] :sp_binding This determines how authentik sends the response back to the Service Provider.  
+    # @option opts [SAMLBindingsEnum] :sp_binding 
     # @option opts [String] :verification_kp 
     # @return [PaginatedWSFederationProviderList]
     def providers_wsfed_list(opts = {})
@@ -8054,14 +8018,14 @@ module Authentik::Api
     # @option opts [String] :authn_context_class_ref_mapping 
     # @option opts [String] :authorization_flow 
     # @option opts [String] :backchannel_application 
-    # @option opts [String] :default_name_id_policy 
+    # @option opts [SAMLNameIDPolicyEnum] :default_name_id_policy 
     # @option opts [String] :default_relay_state 
-    # @option opts [String] :digest_algorithm 
+    # @option opts [DigestAlgorithmEnum] :digest_algorithm 
     # @option opts [String] :encryption_kp 
     # @option opts [String] :invalidation_flow 
     # @option opts [Boolean] :is_backchannel 
-    # @option opts [String] :issuer 
-    # @option opts [String] :logout_method Method to use for logout. Front-channel iframe loads all logout URLs simultaneously in hidden iframes. Front-channel native uses your active browser tab to send post requests and redirect to providers. Back-channel sends logout requests directly from the server without user interaction (requires POST SLS binding).  
+    # @option opts [String] :issuer_override 
+    # @option opts [SAMLLogoutMethods] :logout_method 
     # @option opts [String] :name 
     # @option opts [String] :name_id_mapping 
     # @option opts [String] :ordering Which field to use when ordering the results.
@@ -8072,42 +8036,19 @@ module Authentik::Api
     # @option opts [String] :session_valid_not_on_or_after 
     # @option opts [Boolean] :sign_assertion 
     # @option opts [Boolean] :sign_logout_request 
+    # @option opts [Boolean] :sign_logout_response 
     # @option opts [Boolean] :sign_response 
-    # @option opts [String] :signature_algorithm 
+    # @option opts [SignatureAlgorithmEnum] :signature_algorithm 
     # @option opts [String] :signing_kp 
-    # @option opts [String] :sls_binding This determines how authentik sends the logout response back to the Service Provider.  
+    # @option opts [SAMLBindingsEnum] :sls_binding 
     # @option opts [String] :sls_url 
-    # @option opts [String] :sp_binding This determines how authentik sends the response back to the Service Provider.  
+    # @option opts [SAMLBindingsEnum] :sp_binding 
     # @option opts [String] :verification_kp 
     # @return [Array<(PaginatedWSFederationProviderList, Integer, Hash)>] PaginatedWSFederationProviderList data, response status code and response headers
     def providers_wsfed_list_with_http_info(opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProvidersApi.providers_wsfed_list ...'
       end
-      allowable_values = ["urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"]
-      if @api_client.config.client_side_validation && opts[:'default_name_id_policy'] && !allowable_values.include?(opts[:'default_name_id_policy'])
-        fail ArgumentError, "invalid value for \"default_name_id_policy\", must be one of #{allowable_values}"
-      end
-      allowable_values = ["http://www.w3.org/2000/09/xmldsig#sha1", "http://www.w3.org/2001/04/xmldsig-more#sha384", "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmlenc#sha512"]
-      if @api_client.config.client_side_validation && opts[:'digest_algorithm'] && !allowable_values.include?(opts[:'digest_algorithm'])
-        fail ArgumentError, "invalid value for \"digest_algorithm\", must be one of #{allowable_values}"
-      end
-      allowable_values = ["backchannel", "frontchannel_iframe", "frontchannel_native"]
-      if @api_client.config.client_side_validation && opts[:'logout_method'] && !allowable_values.include?(opts[:'logout_method'])
-        fail ArgumentError, "invalid value for \"logout_method\", must be one of #{allowable_values}"
-      end
-      allowable_values = ["http://www.w3.org/2000/09/xmldsig#dsa-sha1", "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"]
-      if @api_client.config.client_side_validation && opts[:'signature_algorithm'] && !allowable_values.include?(opts[:'signature_algorithm'])
-        fail ArgumentError, "invalid value for \"signature_algorithm\", must be one of #{allowable_values}"
-      end
-      allowable_values = ["post", "redirect"]
-      if @api_client.config.client_side_validation && opts[:'sls_binding'] && !allowable_values.include?(opts[:'sls_binding'])
-        fail ArgumentError, "invalid value for \"sls_binding\", must be one of #{allowable_values}"
-      end
-      allowable_values = ["post", "redirect"]
-      if @api_client.config.client_side_validation && opts[:'sp_binding'] && !allowable_values.include?(opts[:'sp_binding'])
-        fail ArgumentError, "invalid value for \"sp_binding\", must be one of #{allowable_values}"
-      end
       # resource path
       local_var_path = '/providers/wsfed/'
 
@@ -8127,7 +8068,7 @@ module Authentik::Api
       query_params[:'encryption_kp'] = opts[:'encryption_kp'] if !opts[:'encryption_kp'].nil?
       query_params[:'invalidation_flow'] = opts[:'invalidation_flow'] if !opts[:'invalidation_flow'].nil?
       query_params[:'is_backchannel'] = opts[:'is_backchannel'] if !opts[:'is_backchannel'].nil?
-      query_params[:'issuer'] = opts[:'issuer'] if !opts[:'issuer'].nil?
+      query_params[:'issuer_override'] = opts[:'issuer_override'] if !opts[:'issuer_override'].nil?
       query_params[:'logout_method'] = opts[:'logout_method'] if !opts[:'logout_method'].nil?
       query_params[:'name'] = opts[:'name'] if !opts[:'name'].nil?
       query_params[:'name_id_mapping'] = opts[:'name_id_mapping'] if !opts[:'name_id_mapping'].nil?
@@ -8139,6 +8080,7 @@ module Authentik::Api
       query_params[:'session_valid_not_on_or_after'] = opts[:'session_valid_not_on_or_after'] if !opts[:'session_valid_not_on_or_after'].nil?
       query_params[:'sign_assertion'] = opts[:'sign_assertion'] if !opts[:'sign_assertion'].nil?
       query_params[:'sign_logout_request'] = opts[:'sign_logout_request'] if !opts[:'sign_logout_request'].nil?
+      query_params[:'sign_logout_response'] = opts[:'sign_logout_response'] if !opts[:'sign_logout_response'].nil?
       query_params[:'sign_response'] = opts[:'sign_response'] if !opts[:'sign_response'].nil?
       query_params[:'signature_algorithm'] = opts[:'signature_algorithm'] if !opts[:'signature_algorithm'].nil?
       query_params[:'signing_kp'] = opts[:'signing_kp'] if !opts[:'signing_kp'].nil?
@@ -8185,7 +8127,7 @@ module Authentik::Api
     # @param id [Integer] A unique integer value identifying this WS-Federation Provider.
     # @param [Hash] opts the optional parameters
     # @option opts [Boolean] :download 
-    # @option opts [String] :force_binding Optionally force the metadata to only include one binding.
+    # @option opts [ForceBindingEnum] :force_binding 
     # @return [SAMLMetadata]
     def providers_wsfed_metadata_retrieve(id, opts = {})
       data, _status_code, _headers = providers_wsfed_metadata_retrieve_with_http_info(id, opts)
@@ -8196,7 +8138,7 @@ module Authentik::Api
     # @param id [Integer] A unique integer value identifying this WS-Federation Provider.
     # @param [Hash] opts the optional parameters
     # @option opts [Boolean] :download 
-    # @option opts [String] :force_binding Optionally force the metadata to only include one binding.
+    # @option opts [ForceBindingEnum] :force_binding 
     # @return [Array<(SAMLMetadata, Integer, Hash)>] SAMLMetadata data, response status code and response headers
     def providers_wsfed_metadata_retrieve_with_http_info(id, opts = {})
       if @api_client.config.debugging
@@ -8206,10 +8148,6 @@ module Authentik::Api
       if @api_client.config.client_side_validation && id.nil?
         fail ArgumentError, "Missing the required parameter 'id' when calling ProvidersApi.providers_wsfed_metadata_retrieve"
       end
-      allowable_values = ["urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"]
-      if @api_client.config.client_side_validation && opts[:'force_binding'] && !allowable_values.include?(opts[:'force_binding'])
-        fail ArgumentError, "invalid value for \"force_binding\", must be one of #{allowable_values}"
-      end
       # resource path
       local_var_path = '/providers/wsfed/{id}/metadata/'.sub('{id}', CGI.escape(id.to_s))
 

data/lib/authentik/api/api/rbac_api.rb

@@ -575,11 +575,6 @@ module Authentik::Api
       if @api_client.config.client_side_validation && model.nil?
         fail ArgumentError, "Missing the required parameter 'model' when calling RbacApi.rbac_permissions_assigned_by_roles_list"
       end
-      # verify enum value
-      allowable_values = ["authentik_blueprints.blueprintinstance", "authentik_brands.brand", "authentik_core.application", "authentik_core.applicationentitlement", "authentik_core.group", "authentik_core.token", "authentik_core.user", "authentik_crypto.certificatekeypair", "authentik_endpoints.deviceaccessgroup", "authentik_endpoints.deviceuserbinding", "authentik_endpoints.endpointstage", "authentik_endpoints_connectors_agent.agentconnector", "authentik_endpoints_connectors_agent.agentdeviceuserbinding", "authentik_endpoints_connectors_agent.enrollmenttoken", "authentik_endpoints_connectors_fleet.fleetconnector", "authentik_enterprise.license", "authentik_events.event", "authentik_events.notification", "authentik_events.notificationrule", "authentik_events.notificationtransport", "authentik_events.notificationwebhookmapping", "authentik_flows.flow", "authentik_flows.flowstagebinding", "authentik_lifecycle.lifecycleiteration", "authentik_lifecycle.lifecyclerule", "authentik_lifecycle.review", "authentik_outposts.dockerserviceconnection", "authentik_outposts.kubernetesserviceconnection", "authentik_outposts.outpost", "authentik_policies.policybinding", "authentik_policies_dummy.dummypolicy", "authentik_policies_event_matcher.eventmatcherpolicy", "authentik_policies_expiry.passwordexpirypolicy", "authentik_policies_expression.expressionpolicy", "authentik_policies_geoip.geoippolicy", "authentik_policies_password.passwordpolicy", "authentik_policies_reputation.reputationpolicy", "authentik_policies_unique_password.uniquepasswordpolicy", "authentik_providers_google_workspace.googleworkspaceprovider", "authentik_providers_google_workspace.googleworkspaceprovidermapping", "authentik_providers_ldap.ldapprovider", "authentik_providers_microsoft_entra.microsoftentraprovider", "authentik_providers_microsoft_entra.microsoftentraprovidermapping", "authentik_providers_oauth2.oauth2provider", "authentik_providers_oauth2.scopemapping", "authentik_providers_proxy.proxyprovider", "authentik_providers_rac.endpoint", "authentik_providers_rac.racpropertymapping", "authentik_providers_rac.racprovider", "authentik_providers_radius.radiusprovider", "authentik_providers_radius.radiusproviderpropertymapping", "authentik_providers_saml.samlpropertymapping", "authentik_providers_saml.samlprovider", "authentik_providers_scim.scimmapping", "authentik_providers_scim.scimprovider", "authentik_providers_ssf.ssfprovider", "authentik_providers_ws_federation.wsfederationprovider", "authentik_rbac.initialpermissions", "authentik_rbac.role", "authentik_reports.dataexport", "authentik_sources_kerberos.groupkerberossourceconnection", "authentik_sources_kerberos.kerberossource", "authentik_sources_kerberos.kerberossourcepropertymapping", "authentik_sources_kerberos.userkerberossourceconnection", "authentik_sources_ldap.groupldapsourceconnection", "authentik_sources_ldap.ldapsource", "authentik_sources_ldap.ldapsourcepropertymapping", "authentik_sources_ldap.userldapsourceconnection", "authentik_sources_oauth.groupoauthsourceconnection", "authentik_sources_oauth.oauthsource", "authentik_sources_oauth.oauthsourcepropertymapping", "authentik_sources_oauth.useroauthsourceconnection", "authentik_sources_plex.groupplexsourceconnection", "authentik_sources_plex.plexsource", "authentik_sources_plex.plexsourcepropertymapping", "authentik_sources_plex.userplexsourceconnection", "authentik_sources_saml.groupsamlsourceconnection", "authentik_sources_saml.samlsource", "authentik_sources_saml.samlsourcepropertymapping", "authentik_sources_saml.usersamlsourceconnection", "authentik_sources_scim.scimsource", "authentik_sources_scim.scimsourcepropertymapping", "authentik_sources_telegram.grouptelegramsourceconnection", "authentik_sources_telegram.telegramsource", "authentik_sources_telegram.telegramsourcepropertymapping", "authentik_sources_telegram.usertelegramsourceconnection", "authentik_stages_authenticator_duo.authenticatorduostage", "authentik_stages_authenticator_duo.duodevice", "authentik_stages_authenticator_email.authenticatoremailstage", "authentik_stages_authenticator_email.emaildevice", "authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage", "authentik_stages_authenticator_sms.authenticatorsmsstage", "authentik_stages_authenticator_sms.smsdevice", "authentik_stages_authenticator_static.authenticatorstaticstage", "authentik_stages_authenticator_static.staticdevice", "authentik_stages_authenticator_totp.authenticatortotpstage", "authentik_stages_authenticator_totp.totpdevice", "authentik_stages_authenticator_validate.authenticatorvalidatestage", "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage", "authentik_stages_authenticator_webauthn.webauthndevice", "authentik_stages_captcha.captchastage", "authentik_stages_consent.consentstage", "authentik_stages_deny.denystage", "authentik_stages_dummy.dummystage", "authentik_stages_email.emailstage", "authentik_stages_identification.identificationstage", "authentik_stages_invitation.invitation", "authentik_stages_invitation.invitationstage", "authentik_stages_mtls.mutualtlsstage", "authentik_stages_password.passwordstage", "authentik_stages_prompt.prompt", "authentik_stages_prompt.promptstage", "authentik_stages_redirect.redirectstage", "authentik_stages_source.sourcestage", "authentik_stages_user_delete.userdeletestage", "authentik_stages_user_login.userloginstage", "authentik_stages_user_logout.userlogoutstage", "authentik_stages_user_write.userwritestage", "authentik_tasks_schedules.schedule", "authentik_tenants.domain"]
-      if @api_client.config.client_side_validation && !allowable_values.include?(model)
-        fail ArgumentError, "invalid value for \"model\", must be one of #{allowable_values}"
-      end
       # resource path
       local_var_path = '/rbac/permissions/assigned_by_roles/'
 

data/lib/authentik/api/api/schema_api.rb

@@ -15,8 +15,8 @@ module Authentik::Api
     end
     # OpenApi3 schema for this API. Format can be selected via content negotiation.  - YAML: application/vnd.oai.openapi - JSON: application/vnd.oai.openapi+json
     # @param [Hash] opts the optional parameters
-    # @option opts [String] :format 
-    # @option opts [String] :lang 
+    # @option opts [FormatEnum] :format 
+    # @option opts [LangEnum] :lang 
     # @return [Hash<String, Object>]
     def schema_retrieve(opts = {})
       data, _status_code, _headers = schema_retrieve_with_http_info(opts)
@@ -25,21 +25,13 @@ module Authentik::Api
 
     # OpenApi3 schema for this API. Format can be selected via content negotiation.  - YAML: application/vnd.oai.openapi - JSON: application/vnd.oai.openapi+json
     # @param [Hash] opts the optional parameters
-    # @option opts [String] :format 
-    # @option opts [String] :lang 
+    # @option opts [FormatEnum] :format 
+    # @option opts [LangEnum] :lang 
     # @return [Array<(Hash<String, Object>, Integer, Hash)>] Hash<String, Object> data, response status code and response headers
     def schema_retrieve_with_http_info(opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: SchemaApi.schema_retrieve ...'
       end
-      allowable_values = ["json", "yaml"]
-      if @api_client.config.client_side_validation && opts[:'format'] && !allowable_values.include?(opts[:'format'])
-        fail ArgumentError, "invalid value for \"format\", must be one of #{allowable_values}"
-      end
-      allowable_values = ["af", "ar", "ar-dz", "ast", "az", "be", "bg", "bn", "br", "bs", "ca", "ckb", "cs", "cy", "da", "de", "dsb", "el", "en", "en-au", "en-gb", "eo", "es", "es-ar", "es-co", "es-mx", "es-ni", "es-ve", "et", "eu", "fa", "fi", "fr", "fy", "ga", "gd", "gl", "he", "hi", "hr", "hsb", "hu", "hy", "ia", "id", "ig", "io", "is", "it", "ja", "ka", "kab", "kk", "km", "kn", "ko", "ky", "lb", "lt", "lv", "mk", "ml", "mn", "mr", "ms", "my", "nb", "ne", "nl", "nn", "os", "pa", "pl", "pt", "pt-br", "ro", "ru", "sk", "sl", "sq", "sr", "sr-latn", "sv", "sw", "ta", "te", "tg", "th", "tk", "tr", "tt", "udm", "ug", "uk", "ur", "uz", "vi", "zh-hans", "zh-hant"]
-      if @api_client.config.client_side_validation && opts[:'lang'] && !allowable_values.include?(opts[:'lang'])
-        fail ArgumentError, "invalid value for \"lang\", must be one of #{allowable_values}"
-      end
       # resource path
       local_var_path = '/schema/'