RubyGems - authlete_ruby_sdk - Versions diffs - 0.0.2.beta → 0.0.5.pre.beta - Mend

authlete_ruby_sdk 0.0.2.beta → 0.0.5.pre.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (817) hide show

data/lib/authlete/models/components/token_response.rb CHANGED Viewed

@@ -7,7 +7,6 @@
 module Authlete
   module Models
     module Components
       class TokenResponse
         extend T::Sig
@@ -18,35 +17,35 @@ module Authlete
         # A short message which explains the result of the API call.
         field :result_message, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('resultMessage') } }
         # The next action that the authorization server implementation should take.
-        field :action, Crystalline::Nilable.new(Models::Components::TokenResponseAction), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('action'), 'decoder': Utils.enum_from_string(Models::Components::TokenResponseAction, true) } }
+        field :action, Crystalline::Nilable.new(Models::Components::TokenResponseAction), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('action'), 'decoder': ::Authlete::Utils.enum_from_string(Models::Components::TokenResponseAction, true) } }
         # The content that the authorization server implementation is to return to the client application.
         # Its format varies depending on the value of `action` parameter.
-        #
+        #
         field :response_content, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('responseContent') } }
         # The value of `username` request parameter in the token request.
         # The client application must specify username when it uses [Resource Owner Password Grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.3).
         # In other words, when the value of `grant_type` request parameter is `password`, `username` request parameter must come along.
-        #
+        #
         # This parameter has a value only if the value of `grant_type` request parameter is `password` and the token request is valid.
-        #
+        #
         field :username, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('username') } }
         # The value of `password` request parameter in the token request.
         # The client application must specify password when it uses [Resource Owner Password Grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.3).
         # In other words, when the value of `grant_type` request parameter is `password`, `password` request parameter must come along.
-        #
+        #
         # This parameter has a value only if the value of `grant_type` request parameter is `password` and the token request is valid.
-        #
+        #
         field :password, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('password') } }
         # The ticket which is necessary to call Authlete's `/auth/token/fail` API or `/auth/token/issue` API.
-        #
+        #
         # This parameter has a value only if the value of `grant_type` request parameter is `password` and the token request is valid.
-        #
+        #
         field :ticket, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('ticket') } }
         # The newly issued access token.
         field :access_token, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessToken') } }
         # The datetime at which the newly issued access token will expire.
         # The value is represented in milliseconds since the Unix epoch (1970-01-01).
-        #
+        #
         field :access_token_expires_at, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessTokenExpiresAt') } }
         # The duration of the newly issued access token in seconds.
         field :access_token_duration, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessTokenDuration') } }
@@ -54,13 +53,13 @@ module Authlete
         field :refresh_token, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('refreshToken') } }
         # The datetime at which the newly issued refresh token will expire.
         # The value is represented in milliseconds since the Unix epoch (1970-01-01).
-        #
+        #
         field :refresh_token_expires_at, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('refreshTokenExpiresAt') } }
         # The duration of the newly issued refresh token in seconds.
         field :refresh_token_duration, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('refreshTokenDuration') } }
         # The newly issued ID token. Note that an ID token is issued from a token endpoint only when the `response_type` request parameter
         # of the authorization request to an authorization endpoint has contained `code` and the `scope` request parameter has contained `openid`.
-        #
+        #
         field :id_token, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('idToken') } }
         # The grant type of the token request.
         field :grant_type, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('grantType') } }
@@ -68,154 +67,145 @@ module Authlete
         field :client_id, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientId') } }
         # The client ID alias when the token request was made. If the client did not have an alias, this parameter is `null`.
         # Also, if the token request was invalid and it failed to identify a client, this parameter is `null`.
-        #
+        #
         field :client_id_alias, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientIdAlias') } }
         # The flag which indicates whether the client ID alias was used when the token request was made.
         # `true` if the client ID alias was used when the token request was made.
-        #
+        #
         field :client_id_alias_used, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientIdAliasUsed') } }
         # The subject (= resource owner's ID) of the access token.
         # Even if an access token has been issued by the call of `/api/auth/token` API, this parameter is `null` if the flow of the token request was
         # [Client Credentials Flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4) (`grant_type=client_credentials`) because it means the access token
         # is not associated with any specific end-user.
-        #
+        #
         field :subject, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('subject') } }
         # The scopes covered by the access token.
         field :scopes, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('scopes') } }
         # The extra properties associated with the access token.
         # This parameter is `null` when no extra property is associated with the issued access token.
-        #
+        #
         field :properties, Crystalline::Nilable.new(Crystalline::Array.new(Models::Components::Property)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('properties') } }
         # The newly issued access token in JWT format. If the authorization server is configured
         # to issue JWT-based access tokens (= if the service's `accessTokenSignAlg` value is a
         # non-null value), a JWT-based access token is issued along with the original random-string
         # one.
-        #
+        #
         field :jwt_access_token, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('jwtAccessToken') } }
         # The resources specified by the `resource` request parameters in the token request.
         # See "Resource Indicators for OAuth 2.0" for details.
-        #
+        #
         field :resources, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('resources') } }
         # The target resources of the access token being issued. See "Resource Indicators for OAuth 2.0" for details.
-        #
+        #
         field :access_token_resources, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessTokenResources') } }
         # The authorization details. This represents the value of the `authorization_details`
         # request parameter in the preceding device authorization request which is defined in
         # "OAuth 2.0 Rich Authorization Requests".
-        #
+        #
         field :authorization_details, Crystalline::Nilable.new(Models::Components::AuthzDetails), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('authorizationDetails') } }
+        # Additional claims to be embedded in an ID token.
+        #
+        field :additional_claims, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('additionalClaims') } }
         # The attributes of this service that the client application belongs to.
-        #
+        #
         field :service_attributes, Crystalline::Nilable.new(Crystalline::Array.new(Models::Components::Pair)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('serviceAttributes') } }
         # The attributes of the client.
-        #
+        #
         field :client_attributes, Crystalline::Nilable.new(Crystalline::Array.new(Models::Components::Pair)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientAttributes') } }
         # The client authentication method that was performed at the token endpoint.
-        #
+        #
         field :client_auth_method, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientAuthMethod') } }
         # the value of the `grant_id` request parameter of the device authorization request.
-        #
+        #
         # The `grant_id` request parameter is defined in
         # [Grant Management for OAuth 2.0](https://openid.net/specs/fapi-grant-management.html)
         # , which is supported by Authlete 2.3 and newer versions.
-        #
+        #
         field :grant_id, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('grantId') } }
         # The audiences on the token exchange request
-        #
+        #
         field :audiences, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('audiences') } }
         # The token type identifier used in OAuth 2.0 Token Exchange (RFC 8693).
         # The API returns short codes (enum constant names) in response fields.
-        #
-        field :requested_token_type, Crystalline::Nilable.new(Models::Components::TokenType), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('requestedTokenType'), 'decoder': Utils.enum_from_string(Models::Components::TokenType, true) } }
+        #
+        field :requested_token_type, Crystalline::Nilable.new(Models::Components::TokenType), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('requestedTokenType'), 'decoder': ::Authlete::Utils.enum_from_string(Models::Components::TokenType, true) } }
         field :subject_token, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('subjectToken') } }
         # The token type identifier used in OAuth 2.0 Token Exchange (RFC 8693).
         # The API returns short codes (enum constant names) in response fields.
-        #
-        field :subject_token_type, Crystalline::Nilable.new(Models::Components::TokenType), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('subjectTokenType'), 'decoder': Utils.enum_from_string(Models::Components::TokenType, true) } }
+        #
+        field :subject_token_type, Crystalline::Nilable.new(Models::Components::TokenType), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('subjectTokenType'), 'decoder': ::Authlete::Utils.enum_from_string(Models::Components::TokenType, true) } }
         field :subject_token_info, Crystalline::Nilable.new(Models::Components::TokenInfo), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('subjectTokenInfo') } }
         field :actor_token, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('actorToken') } }
         # The token type identifier used in OAuth 2.0 Token Exchange (RFC 8693).
         # The API returns short codes (enum constant names) in response fields.
-        #
-        field :actor_token_type, Crystalline::Nilable.new(Models::Components::TokenType), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('actorTokenType'), 'decoder': Utils.enum_from_string(Models::Components::TokenType, true) } }
+        #
+        field :actor_token_type, Crystalline::Nilable.new(Models::Components::TokenType), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('actorTokenType'), 'decoder': ::Authlete::Utils.enum_from_string(Models::Components::TokenType, true) } }
         field :actor_token_info, Crystalline::Nilable.new(Models::Components::TokenInfo), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('actorTokenInfo') } }
         # For RFC 7523 JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
-        #
+        #
         field :assertion, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('assertion') } }
         # Indicate whether the previous refresh token that had been kept in the database for a short time was used
-        #
+        #
         field :previous_refresh_token_used, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('previousRefreshTokenUsed') } }
         # The entity ID of the client.
-        #
+        #
         field :client_entity_id, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientEntityId') } }
         # Flag which indicates whether the entity ID of the client was used when the request for the access token was made.
-        #
+        #
         field :client_entity_id_used, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientEntityIdUsed') } }
         # Duration of the `c_nonce` in seconds.
-        #
+        #
         field :cnonce_duration, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('cnonceDuration') } }
         # Get the expected nonce value for DPoP proof JWT, which should be used
         # as the value of the `DPoP-Nonce` HTTP header.
-        #
+        #
         field :dpop_nonce, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('dpopNonce') } }
         # Get the `c_nonce`.
-        #
+        #
         field :cnonce, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('cnonce') } }
         # Get the time at which the `c_nonce` expires in milliseconds since
         # the Unix epoch (1970-01-01).
-        #
+        #
         field :cnonce_expires_at, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('cnonceExpiresAt') } }
         # Get the names of the claims that the authorization request (which resulted
         # in generation of the access token) requested to be embedded in ID tokens.
-        #
+        #
         field :requested_id_token_claims, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('requestedIdTokenClaims') } }
         # Scopes associated with the refresh token.
-        #
+        #
         field :refresh_token_scopes, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('refreshTokenScopes') } }
         # The session ID, which is the ID of the user's authentication session, associated with a newly
         # created access token.
-        #
+        #
         field :session_id, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('sessionId') } }
         # If the response from the `/auth/token` API contains the `deviceSecret` parameter, its value should
         # be used as the value of this `deviceSecret` request parameter to the `/nativesso` API. The authorization
         # server may choose to issue a new device secret; in that case, it is free to generate a new device
         # secret and specify the new value.
-        #
-        # If the response from the `/auth/token` API does not contain the `deviceSecret` parameter, or
-        # if its value is invalid, the authorization server must generate a new device secret and specify
-        # it in the deviceSecret parameter to the `/nativesso` API.
-        #
-        # The specified value is used as the value of the `device_secret` property in the token response.
-        #
+        #
         field :device_secret, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('deviceSecret') } }
         # The authorization server should compute the hash value of the device secret based on its own logic
         # and specify the computed hash as the value of this `deviceSecretHash` request parameter to the
         # `/nativesso` API.
-        #
-        # When the `deviceSecretHash` parameter is omitted, the implementation of the `/nativesso` API
-        # generates the device secret hash by computing the SHA-256 hash of the device secret and encoding
-        # it with base64url. Note that this hash computation logic is not a rule defined in the Native SSO
-        # specification; rather, it is Authlete-specific fallback logic used when the `deviceSecretHash`
-        # parameter is omitted.
-        #
+        #
         field :device_secret_hash, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('deviceSecretHash') } }
         # The location of the client's metadata document that was used to resolve client metadata.
-        #
+        #
         # This property is set when client metadata was retrieved via the [OAuth Client ID Metadata Document](https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/) (CIMD) mechanism.
-        #
+        #
         field :metadata_document_location, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('metadataDocumentLocation') } }
         # Flag indicating whether a metadata document was used to resolve client metadata for this request.
-        #
+        #
         # When `true`, the client metadata was retrieved via the CIMD mechanism rather than from the Authlete database.
-        #
+        #
         field :metadata_document_used, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('metadataDocumentUsed') } }
-        sig { params(result_code: T.nilable(::String), result_message: T.nilable(::String), action: T.nilable(Models::Components::TokenResponseAction), response_content: T.nilable(::String), username: T.nilable(::String), password: T.nilable(::String), ticket: T.nilable(::String), access_token: T.nilable(::String), access_token_expires_at: T.nilable(::Integer), access_token_duration: T.nilable(::Integer), refresh_token: T.nilable(::String), refresh_token_expires_at: T.nilable(::Integer), refresh_token_duration: T.nilable(::Integer), id_token: T.nilable(::String), grant_type: T.nilable(::String), client_id: T.nilable(::Integer), client_id_alias: T.nilable(::String), client_id_alias_used: T.nilable(T::Boolean), subject: T.nilable(::String), scopes: T.nilable(T::Array[::String]), properties: T.nilable(T::Array[Models::Components::Property]), jwt_access_token: T.nilable(::String), resources: T.nilable(T::Array[::String]), access_token_resources: T.nilable(T::Array[::String]), authorization_details: T.nilable(Models::Components::AuthzDetails), service_attributes: T.nilable(T::Array[Models::Components::Pair]), client_attributes: T.nilable(T::Array[Models::Components::Pair]), client_auth_method: T.nilable(::String), grant_id: T.nilable(::String), audiences: T.nilable(T::Array[::String]), requested_token_type: T.nilable(Models::Components::TokenType), subject_token: T.nilable(::String), subject_token_type: T.nilable(Models::Components::TokenType), subject_token_info: T.nilable(Models::Components::TokenInfo), actor_token: T.nilable(::String), actor_token_type: T.nilable(Models::Components::TokenType), actor_token_info: T.nilable(Models::Components::TokenInfo), assertion: T.nilable(::String), previous_refresh_token_used: T.nilable(T::Boolean), client_entity_id: T.nilable(::String), client_entity_id_used: T.nilable(T::Boolean), cnonce_duration: T.nilable(::Integer), dpop_nonce: T.nilable(::String), cnonce: T.nilable(::String), cnonce_expires_at: T.nilable(::Integer), requested_id_token_claims: T.nilable(T::Array[::String]), refresh_token_scopes: T.nilable(T::Array[::String]), session_id: T.nilable(::String), device_secret: T.nilable(::String), device_secret_hash: T.nilable(::String), metadata_document_location: T.nilable(::String), metadata_document_used: T.nilable(T::Boolean)).void }
-        def initialize(result_code: nil, result_message: nil, action: nil, response_content: nil, username: nil, password: nil, ticket: nil, access_token: nil, access_token_expires_at: nil, access_token_duration: nil, refresh_token: nil, refresh_token_expires_at: nil, refresh_token_duration: nil, id_token: nil, grant_type: nil, client_id: nil, client_id_alias: nil, client_id_alias_used: nil, subject: nil, scopes: nil, properties: nil, jwt_access_token: nil, resources: nil, access_token_resources: nil, authorization_details: nil, service_attributes: nil, client_attributes: nil, client_auth_method: nil, grant_id: nil, audiences: nil, requested_token_type: nil, subject_token: nil, subject_token_type: nil, subject_token_info: nil, actor_token: nil, actor_token_type: nil, actor_token_info: nil, assertion: nil, previous_refresh_token_used: nil, client_entity_id: nil, client_entity_id_used: nil, cnonce_duration: nil, dpop_nonce: nil, cnonce: nil, cnonce_expires_at: nil, requested_id_token_claims: nil, refresh_token_scopes: nil, session_id: nil, device_secret: nil, device_secret_hash: nil, metadata_document_location: nil, metadata_document_used: nil)
+        sig { params(result_code: T.nilable(::String), result_message: T.nilable(::String), action: T.nilable(Models::Components::TokenResponseAction), response_content: T.nilable(::String), username: T.nilable(::String), password: T.nilable(::String), ticket: T.nilable(::String), access_token: T.nilable(::String), access_token_expires_at: T.nilable(::Integer), access_token_duration: T.nilable(::Integer), refresh_token: T.nilable(::String), refresh_token_expires_at: T.nilable(::Integer), refresh_token_duration: T.nilable(::Integer), id_token: T.nilable(::String), grant_type: T.nilable(::String), client_id: T.nilable(::Integer), client_id_alias: T.nilable(::String), client_id_alias_used: T.nilable(T::Boolean), subject: T.nilable(::String), scopes: T.nilable(T::Array[::String]), properties: T.nilable(T::Array[Models::Components::Property]), jwt_access_token: T.nilable(::String), resources: T.nilable(T::Array[::String]), access_token_resources: T.nilable(T::Array[::String]), authorization_details: T.nilable(Models::Components::AuthzDetails), additional_claims: T.nilable(::String), service_attributes: T.nilable(T::Array[Models::Components::Pair]), client_attributes: T.nilable(T::Array[Models::Components::Pair]), client_auth_method: T.nilable(::String), grant_id: T.nilable(::String), audiences: T.nilable(T::Array[::String]), requested_token_type: T.nilable(Models::Components::TokenType), subject_token: T.nilable(::String), subject_token_type: T.nilable(Models::Components::TokenType), subject_token_info: T.nilable(Models::Components::TokenInfo), actor_token: T.nilable(::String), actor_token_type: T.nilable(Models::Components::TokenType), actor_token_info: T.nilable(Models::Components::TokenInfo), assertion: T.nilable(::String), previous_refresh_token_used: T.nilable(T::Boolean), client_entity_id: T.nilable(::String), client_entity_id_used: T.nilable(T::Boolean), cnonce_duration: T.nilable(::Integer), dpop_nonce: T.nilable(::String), cnonce: T.nilable(::String), cnonce_expires_at: T.nilable(::Integer), requested_id_token_claims: T.nilable(T::Array[::String]), refresh_token_scopes: T.nilable(T::Array[::String]), session_id: T.nilable(::String), device_secret: T.nilable(::String), device_secret_hash: T.nilable(::String), metadata_document_location: T.nilable(::String), metadata_document_used: T.nilable(T::Boolean)).void }
+        def initialize(result_code: nil, result_message: nil, action: nil, response_content: nil, username: nil, password: nil, ticket: nil, access_token: nil, access_token_expires_at: nil, access_token_duration: nil, refresh_token: nil, refresh_token_expires_at: nil, refresh_token_duration: nil, id_token: nil, grant_type: nil, client_id: nil, client_id_alias: nil, client_id_alias_used: nil, subject: nil, scopes: nil, properties: nil, jwt_access_token: nil, resources: nil, access_token_resources: nil, authorization_details: nil, additional_claims: nil, service_attributes: nil, client_attributes: nil, client_auth_method: nil, grant_id: nil, audiences: nil, requested_token_type: nil, subject_token: nil, subject_token_type: nil, subject_token_info: nil, actor_token: nil, actor_token_type: nil, actor_token_info: nil, assertion: nil, previous_refresh_token_used: nil, client_entity_id: nil, client_entity_id_used: nil, cnonce_duration: nil, dpop_nonce: nil, cnonce: nil, cnonce_expires_at: nil, requested_id_token_claims: nil, refresh_token_scopes: nil, session_id: nil, device_secret: nil, device_secret_hash: nil, metadata_document_location: nil, metadata_document_used: nil)
           @result_code = result_code
           @result_message = result_message
           @action = action
@@ -241,6 +231,7 @@ module Authlete
           @resources = resources
           @access_token_resources = access_token_resources
           @authorization_details = authorization_details
+          @additional_claims = additional_claims
           @service_attributes = service_attributes
           @client_attributes = client_attributes
           @client_auth_method = client_auth_method
@@ -298,6 +289,7 @@ module Authlete
           return false unless @resources == other.resources
           return false unless @access_token_resources == other.access_token_resources
           return false unless @authorization_details == other.authorization_details
+          return false unless @additional_claims == other.additional_claims
           return false unless @service_attributes == other.service_attributes
           return false unless @client_attributes == other.client_attributes
           return false unless @client_auth_method == other.client_auth_method

data/lib/authlete/models/components/token_response.rbi CHANGED Viewed

@@ -58,6 +58,8 @@ class Authlete::Models::Components::TokenResponse
   def access_token_resources=(str_); end
   def authorization_details(); end
   def authorization_details=(str_); end
+  def additional_claims(); end
+  def additional_claims=(str_); end
   def service_attributes(); end
   def service_attributes=(str_); end
   def client_attributes(); end
@@ -112,4 +114,4 @@ class Authlete::Models::Components::TokenResponse
   def metadata_document_location=(str_); end
   def metadata_document_used(); end
   def metadata_document_used=(str_); end
-end
+end

data/lib/authlete/models/components/token_response_action.rb CHANGED Viewed

@@ -7,11 +7,8 @@
 module Authlete
   module Models
     module Components
       # TokenResponseAction - The next action that the authorization server implementation should take.
       class TokenResponseAction < T::Enum
         enums do
           INTERNAL_SERVER_ERROR = new('INTERNAL_SERVER_ERROR')
           INVALID_CLIENT = new('INVALID_CLIENT')
@@ -20,6 +17,8 @@ module Authlete
           OK = new('OK')
           TOKEN_EXCHANGE = new('TOKEN_EXCHANGE')
           JWT_BEARER = new('JWT_BEARER')
+          NATIVE_SSO = new('NATIVE_SSO')
+          ID_TOKEN_REISSUABLE = new('ID_TOKEN_REISSUABLE')
         end
       end
     end

data/lib/authlete/models/components/token_response_action.rbi CHANGED Viewed

@@ -8,4 +8,4 @@ end
 class Authlete::Models::Components::TokenResponseAction
-end
+end

data/lib/authlete/models/components/token_revoke_request.rb CHANGED Viewed

@@ -7,30 +7,29 @@
 module Authlete
   module Models
     module Components
       class TokenRevokeRequest
         extend T::Sig
         include Crystalline::MetadataFields
         # The identifier of an access token to revoke
-        #
+        #
         # The hash of an access token is recognized as an identifier as well as the access token itself.
-        #
+        #
         field :access_token_identifier, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessTokenIdentifier') }, 'form': { 'field_name': 'accessTokenIdentifier' } }
         # The identifier of a refresh token to revoke.
-        #
+        #
         # The hash of a refresh token is recognized as an identifier as well as the refresh token itself.
-        #
+        #
         field :refresh_token_identifier, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('refreshTokenIdentifier') }, 'form': { 'field_name': 'refreshTokenIdentifier' } }
         # The client ID of the access token to be revoked.
-        #
+        #
         # Both the numeric client ID and the alias are recognized as an identifier
         # of a client.
-        #
+        #
         field :client_identifier, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientIdentifier') }, 'form': { 'field_name': 'clientIdentifier' } }
         # The subject of a resource owner.
-        #
+        #
         field :subject, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('subject') }, 'form': { 'field_name': 'subject' } }
         sig { params(access_token_identifier: T.nilable(::String), refresh_token_identifier: T.nilable(::String), client_identifier: T.nilable(::String), subject: T.nilable(::String)).void }

data/lib/authlete/models/components/token_revoke_request.rbi CHANGED Viewed

@@ -16,4 +16,4 @@ class Authlete::Models::Components::TokenRevokeRequest
   def client_identifier=(str_); end
   def subject(); end
   def subject=(str_); end
-end
+end

data/lib/authlete/models/components/token_revoke_response.rb CHANGED Viewed

@@ -7,7 +7,6 @@
 module Authlete
   module Models
     module Components
       class TokenRevokeResponse
         extend T::Sig

data/lib/authlete/models/components/token_revoke_response.rbi CHANGED Viewed

@@ -14,4 +14,4 @@ class Authlete::Models::Components::TokenRevokeResponse
   def result_message=(str_); end
   def count(); end
   def count=(str_); end
-end
+end

data/lib/authlete/models/components/token_type.rb CHANGED Viewed

@@ -7,13 +7,10 @@
 module Authlete
   module Models
     module Components
       # TokenType - The token type identifier used in OAuth 2.0 Token Exchange (RFC 8693).
       # The API returns short codes (enum constant names) in response fields.
-      #
+      #
       class TokenType < T::Enum
         enums do
           JWT = new('JWT')
           ACCESS_TOKEN = new('ACCESS_TOKEN')

data/lib/authlete/models/components/token_type.rbi CHANGED Viewed

@@ -8,4 +8,4 @@ end
 class Authlete::Models::Components::TokenType
-end
+end

data/lib/authlete/models/components/token_update_request.rb CHANGED Viewed

@@ -7,19 +7,18 @@
 module Authlete
   module Models
     module Components
       class TokenUpdateRequest
         extend T::Sig
         include Crystalline::MetadataFields
         # An access token.
-        #
-        field :access_token, ::String, { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessToken'), required: true }, 'form': { 'field_name': 'accessToken' } }
+        #
+        field :access_token, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessToken') }, 'form': { 'field_name': 'accessToken' } }
         # A new date at which the access token will expire in milliseconds since the Unix epoch (1970-01-01).
         # If the `accessTokenExpiresAt` request parameter is not included in a request or its value is 0
         # (or negative), the expiration date of the access token is not changed.
-        #
+        #
         field :access_token_expires_at, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessTokenExpiresAt') }, 'form': { 'field_name': 'accessTokenExpiresAt' } }
         # A new set of scopes assigned to the access token. Scopes that are not supported by the service
         # and those that the client application associated with the access token is not allowed to request
@@ -27,69 +26,69 @@ module Authlete
         # its value is `null`, the scopes of the access token are not changed. Note that `properties` parameter
         # is accepted only when `Content-Type` of the request is `application/json`, so don't use `application/x-www-form-urlencoded`
         # if you want to specify `properties`.
-        #
+        #
         field :scopes, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('scopes') }, 'form': { 'field_name': 'scopes' } }
         # A new set of properties assigned to the access token. If the `properties` request parameter is
         # not included in a request or its value is null, the properties of the access token are not changed.
-        #
+        #
         field :properties, Crystalline::Nilable.new(Crystalline::Array.new(Models::Components::Property)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('properties') }, 'form': { 'field_name': 'properties', 'json': true } }
         # A boolean request parameter which indicates whether the API attempts to update the expiration
         # date of the access token when the scopes linked to the access token are changed by this request.
-        #
+        #
         field :access_token_expires_at_updated_on_scope_update, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessTokenExpiresAtUpdatedOnScopeUpdate') }, 'form': { 'field_name': 'accessTokenExpiresAtUpdatedOnScopeUpdate' } }
         # The hash of the access token value. Used when the hash of the token is known (perhaps from lookup)
         # but the value of the token itself is not. The value of the `accessToken` parameter takes precedence.
-        #
+        #
         field :access_token_hash, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessTokenHash') }, 'form': { 'field_name': 'accessTokenHash' } }
         # A boolean request parameter which indicates whether to update the value of the access token in
         # the data store. If this parameter is set to `true` then a new access token value is generated
         # by the server and returned in the response.
-        #
+        #
         field :access_token_value_updated, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessTokenValueUpdated') }, 'form': { 'field_name': 'accessTokenValueUpdated' } }
         # The flag which indicates whether the access token expires or not. By default, all access tokens
         # expire after a period of time determined by their service. If this request parameter is `true`
         # then the access token will not automatically expire and must be revoked or deleted manually at
         # the service.
-        #
+        #
         # If this request parameter is `true`, the `accessTokenExpiresAt` request parameter is ignored.
         # If this request parameter is `false`, the `accessTokenExpiresAt` request parameter is processed
         # normally.
-        #
+        #
         field :access_token_persistent, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessTokenPersistent') }, 'form': { 'field_name': 'accessTokenPersistent' } }
         # The thumbprint of the MTLS certificate bound to this token. If this property is set, a certificate
         # with the corresponding value MUST be presented with the access token when it is used by a client.
         # The value of this property must be a SHA256 certificate thumbprint, base64url encoded.
-        #
+        #
         field :certificate_thumbprint, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('certificateThumbprint') }, 'form': { 'field_name': 'certificateThumbprint' } }
         # The thumbprint of the public key used for DPoP presentation of this token. If this property is
         # set, a DPoP proof signed with the corresponding private key MUST be presented with the access
         # token when it is used by a client. Additionally, the token's `token_type` will be set to 'DPoP'.
-        #
+        #
         field :dpop_key_thumbprint, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('dpopKeyThumbprint') }, 'form': { 'field_name': 'dpopKeyThumbprint' } }
         # The authorization details. This represents the value of the `authorization_details`
         # request parameter in the preceding device authorization request which is defined in
         # "OAuth 2.0 Rich Authorization Requests".
-        #
+        #
         field :authorization_details, Crystalline::Nilable.new(Models::Components::AuthzDetails), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('authorizationDetails') }, 'form': { 'field_name': 'authorizationDetails', 'json': true } }
         # the flag which indicates whether the access token is for an external
         # attachment.
-        #
+        #
         field :for_external_attachment, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('forExternalAttachment') }, 'form': { 'field_name': 'forExternalAttachment' } }
         # A new date at which the access token will expire in milliseconds since the Unix epoch (1970-01-01).
         # If the `refreshTokenExpiresAt` request parameter is not included in a request or its value is 0
         # (or negative), the expiration date of the refresh token is not changed.
-        #
+        #
         field :refresh_token_expires_at, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('refreshTokenExpiresAt') }, 'form': { 'field_name': 'refreshTokenExpiresAt' } }
         # A boolean request parameter which indicates whether the API attempts to update the expiration
         # date of the refresh token when the scopes linked to the refresh token are changed by this request.
-        #
+        #
         field :refresh_token_expires_at_updated_on_scope_update, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('refreshTokenExpiresAtUpdatedOnScopeUpdate') }, 'form': { 'field_name': 'refreshTokenExpiresAtUpdatedOnScopeUpdate' } }
         # The token identifier.
-        #
+        #
         field :token_id, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('tokenId') }, 'form': { 'field_name': 'tokenId' } }
-        sig { params(access_token: ::String, access_token_expires_at: T.nilable(::Integer), scopes: T.nilable(T::Array[::String]), properties: T.nilable(T::Array[Models::Components::Property]), access_token_expires_at_updated_on_scope_update: T.nilable(T::Boolean), access_token_hash: T.nilable(::String), access_token_value_updated: T.nilable(T::Boolean), access_token_persistent: T.nilable(T::Boolean), certificate_thumbprint: T.nilable(::String), dpop_key_thumbprint: T.nilable(::String), authorization_details: T.nilable(Models::Components::AuthzDetails), for_external_attachment: T.nilable(T::Boolean), refresh_token_expires_at: T.nilable(::Integer), refresh_token_expires_at_updated_on_scope_update: T.nilable(T::Boolean), token_id: T.nilable(::String)).void }
-        def initialize(access_token:, access_token_expires_at: nil, scopes: nil, properties: nil, access_token_expires_at_updated_on_scope_update: nil, access_token_hash: nil, access_token_value_updated: nil, access_token_persistent: nil, certificate_thumbprint: nil, dpop_key_thumbprint: nil, authorization_details: nil, for_external_attachment: nil, refresh_token_expires_at: nil, refresh_token_expires_at_updated_on_scope_update: nil, token_id: nil)
+        sig { params(access_token: T.nilable(::String), access_token_expires_at: T.nilable(::Integer), scopes: T.nilable(T::Array[::String]), properties: T.nilable(T::Array[Models::Components::Property]), access_token_expires_at_updated_on_scope_update: T.nilable(T::Boolean), access_token_hash: T.nilable(::String), access_token_value_updated: T.nilable(T::Boolean), access_token_persistent: T.nilable(T::Boolean), certificate_thumbprint: T.nilable(::String), dpop_key_thumbprint: T.nilable(::String), authorization_details: T.nilable(Models::Components::AuthzDetails), for_external_attachment: T.nilable(T::Boolean), refresh_token_expires_at: T.nilable(::Integer), refresh_token_expires_at_updated_on_scope_update: T.nilable(T::Boolean), token_id: T.nilable(::String)).void }
+        def initialize(access_token: nil, access_token_expires_at: nil, scopes: nil, properties: nil, access_token_expires_at_updated_on_scope_update: nil, access_token_hash: nil, access_token_value_updated: nil, access_token_persistent: nil, certificate_thumbprint: nil, dpop_key_thumbprint: nil, authorization_details: nil, for_external_attachment: nil, refresh_token_expires_at: nil, refresh_token_expires_at_updated_on_scope_update: nil, token_id: nil)
           @access_token = access_token
           @access_token_expires_at = access_token_expires_at
           @scopes = scopes

data/lib/authlete/models/components/token_update_request.rbi CHANGED Viewed

@@ -38,4 +38,4 @@ class Authlete::Models::Components::TokenUpdateRequest
   def refresh_token_expires_at_updated_on_scope_update=(str_); end
   def token_id(); end
   def token_id=(str_); end
-end
+end

data/lib/authlete/models/components/token_update_response.rb CHANGED Viewed

@@ -7,7 +7,6 @@
 module Authlete
   module Models
     module Components
       class TokenUpdateResponse
         extend T::Sig
@@ -18,36 +17,36 @@ module Authlete
         # A short message which explains the result of the API call.
         field :result_message, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('resultMessage') } }
         # The next action that the authorization server implementation should take.
-        field :action, Crystalline::Nilable.new(Models::Components::TokenUpdateResponseAction), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('action'), 'decoder': Utils.enum_from_string(Models::Components::TokenUpdateResponseAction, true) } }
+        field :action, Crystalline::Nilable.new(Models::Components::TokenUpdateResponseAction), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('action'), 'decoder': ::Authlete::Utils.enum_from_string(Models::Components::TokenUpdateResponseAction, true) } }
         # The access token which has been specified by the request.
         field :access_token, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessToken') } }
         # The date at which the access token will expire.
-        #
+        #
         field :access_token_expires_at, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('accessTokenExpiresAt') } }
         # The extra properties associated with the access token.
-        #
+        #
         field :properties, Crystalline::Nilable.new(Crystalline::Array.new(Models::Components::Property)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('properties') } }
         # The scopes associated with the access token.
-        #
+        #
         field :scopes, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('scopes') } }
         # The authorization details. This represents the value of the `authorization_details`
         # request parameter in the preceding device authorization request which is defined in
         # "OAuth 2.0 Rich Authorization Requests".
-        #
+        #
         field :authorization_details, Crystalline::Nilable.new(Models::Components::AuthzDetails), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('authorizationDetails') } }
         # The token type associated with the access token.
-        #
+        #
         field :token_type, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('tokenType') } }
         # the flag which indicates whether the access token is for an external
         # attachment.
-        #
+        #
         field :for_external_attachment, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('forExternalAttachment') } }
         # Set the unique token identifier.
-        #
+        #
         field :token_id, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('tokenId') } }
         # The datetime at which the newly issued refresh token will expire.
         # The value is represented in milliseconds since the Unix epoch (1970-01-01).
-        #
+        #
         field :refresh_token_expires_at, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('refreshTokenExpiresAt') } }
         sig { params(result_code: T.nilable(::String), result_message: T.nilable(::String), action: T.nilable(Models::Components::TokenUpdateResponseAction), access_token: T.nilable(::String), access_token_expires_at: T.nilable(::Integer), properties: T.nilable(T::Array[Models::Components::Property]), scopes: T.nilable(T::Array[::String]), authorization_details: T.nilable(Models::Components::AuthzDetails), token_type: T.nilable(::String), for_external_attachment: T.nilable(T::Boolean), token_id: T.nilable(::String), refresh_token_expires_at: T.nilable(::Integer)).void }

data/lib/authlete/models/components/token_update_response.rbi CHANGED Viewed

@@ -32,4 +32,4 @@ class Authlete::Models::Components::TokenUpdateResponse
   def token_id=(str_); end
   def refresh_token_expires_at(); end
   def refresh_token_expires_at=(str_); end
-end
+end