authlete_ruby_test 0.0.1.beta

data/lib/authlete/models/components/authorization_response.rb

@@ -0,0 +1,485 @@
+# Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+
+# typed: true
+# frozen_string_literal: true
+
+
+module Authlete
+  module Models
+    module Components
+    
+
+      class AuthorizationResponse
+        extend T::Sig
+        include Crystalline::MetadataFields
+
+        # The code which represents the result of the API call.
+        field :result_code, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('resultCode') } }
+        # A short message which explains the result of the API call.
+        field :result_message, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('resultMessage') } }
+        # The next action that the authorization server implementation should take.
+        field :action, Crystalline::Nilable.new(Models::Components::AuthorizationResponseAction), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('action'), 'decoder': Utils.enum_from_string(Models::Components::AuthorizationResponseAction, true) } }
+
+        field :client, Crystalline::Nilable.new(Models::Components::ClientLimitedAuthorization), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('client') } }
+        # The display mode which the client application requests by `display` request parameter.
+        # When the authorization request does not have `display` request parameter, `PAGE` is set as the default value.
+        # 
+        # It is ensured that the value of `display` is one of the supported display modes which are specified
+        # by `supportedDisplays` configuration parameter of the service. If the display mode specified by the
+        # authorization request is not supported, an error is raised.
+        # 
+        # Values for this property correspond to the values listed in
+        # "[OpenID Connect Core 1.0, 3.1.2.1. Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest), display".
+        # 
+        field :display, Crystalline::Nilable.new(Models::Components::Display), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('display'), 'decoder': Utils.enum_from_string(Models::Components::Display, true) } }
+        # The maximum authentication age. This value comes from `max_age` request parameter, or `defaultMaxAge` configuration parameter
+        # of the client application when the authorization request does not contain `max_age` request parameter.
+        # 
+        # See "[OpenID Connect Core 1.0, 3.1.2.1. Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest), max_age"
+        # for `max_age` request parameter, and see "[OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata), default_max_age"
+        # for `defaultMaxAge` configuration parameter.
+        # 
+        field :max_age, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('maxAge') } }
+
+        field :service, Crystalline::Nilable.new(Models::Components::Service), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('service') } }
+        # The scopes that the client application requests. This value comes from `scope` request parameter.
+        # If the request does not contain `scope` parameter, this parameter is a list of scopes which are registered as default.
+        # If the authorization request does not have `scope` request parameter and the service has not registered any default scope,
+        # the value of this parameter is `null`.
+        # It is ensured that scopes listed by this parameters are contained in the list of supported scopes which are specified
+        # by `supportedScopes` configuration parameter of the service. Unsupported scopes in the authorization request do not cause
+        # an error and are just ignored.
+        # OpenID Connect defines some scope names which need to be treated specially. The table below lists the special scope names.
+        # | Name | Description |
+        # | --- | --- |
+        # | `openid` | This scope must be contained in `scope` request parameter to promote an OAuth 2.0 authorization request to an OpenID Connect request. It is described in "[OpenID Connect Core 1.0, 3.1.2.1. Authentication Request](https://openid.net/specs/openid-connect-core-1\_0.html#AuthRequest), scope". |
+        # | `profile` | This scope is used to request some claims to be embedded in the ID token. The claims are `name`, `family\_name`, `given\_name`, `middle\_name`, `nickname`, `preferred\_username`, `profile`, `picture`, `website`, `gender`, `birthdate`, `zoneinfo`, `locale`, and `updated\_at`. It is described in [OpenID Connect Core 1.0, 5.4. Requesting Claims using Scope Values](https://openid.net/specs/openid-connect-core-1\_0.html#ScopeClaims). |
+        # | `email` | This scope is used to request some claims to be embedded in the ID token. The claims are `email` and `email\_verified`. It is described in [OpenID Connect Core 1.0, 5.4. Requesting Claims using Scope Values](https://openid.net/specs/openid-connect-core-1\_0.html#ScopeClaims). |
+        # | `address` | This scope is used to request `address` claim to be embedded in the ID token. It is described in [OpenID Connect Core 1.0, 5.4. Requesting Claims using Scope Values](https://openid.net/specs/openid-connect-core-1\_0.html#ScopeClaims).
+        #  The format of `address` claim is not a simple string. It is described in [OpenID Connect Core 1.0, 5.1.1. Address Claim](https://openid.net/specs/openid-connect-core-1\_0.html#AddressClaim). |
+        # | `phone` | This scope is used to request some claims to be embedded in the ID token. The claims are `phone\_number` and `phone\_number\_verified`. It is described in [OpenID Connect Core 1.0, 5.4. Requesting Claims using Scope Values](https://openid.net/specs/openid-connect-core-1\_0.html#ScopeClaims). |
+        # | `offline\_access` | The following is an excerpt about this scope from [OpenID Connect Core 1.0, 11. Offline Access](https://openid.net/specs/openid-connect-core-1\_0.html#OfflineAccess).
+        # > This scope value requests that an OAuth 2.0 Refresh Token be issued that can be used to obtain an Access Token that grants access to the end-user's userinfo endpoint even when the end-user is not present (not logged in).
+        # |
+        # Note that, if `response\_type` request parameter does not contain code, `offline\_acccess` scope is removed from this list even
+        # when scope request parameter contains `offline\_access`. This behavior is a requirement written in
+        # [OpenID Connect Core 1.0, 11. Offline Access](https://openid.net/specs/openid-connect-core-1\_0.html#OfflineAccess).
+        # 
+        field :scopes, Crystalline::Nilable.new(Crystalline::Array.new(Models::Components::Scope)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('scopes') } }
+        # The locales that the client application presented as candidates to be used for UI.
+        # This value comes from `ui_locales` request parameter. The format of `ui_locales` is a space-separated list of language tag values
+        # defined in [RFC5646](https://datatracker.ietf.org/doc/html/rfc5646).
+        # See "[OpenID Connect Core 1.0, 3.1.2.1. Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest), ui_locales" for details.
+        # 
+        # It is ensured that locales listed by this parameters are contained in the list of supported UI locales which are specified
+        # by `supportedUiLocales` configuration parameter of the service. Unsupported UI locales in the authorization request do not
+        # cause an error and are just ignored.
+        # 
+        field :ui_locales, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('uiLocales') } }
+        # End-user's preferred languages and scripts for claims. This value comes from `claims_locales` request parameter.
+        # The format of `claims_locales` is a space-separated list of language tag values defined in [RFC5646](https://datatracker.ietf.org/doc/html/rfc5646).
+        # See "[OpenID Connect Core 1.0, 5.2. Claims Languages and Scripts](https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts)" for details.
+        # 
+        # It is ensured that locales listed by this parameters are contained in the list of supported claim locales
+        # which are specified by `supportedClaimsLocales` configuration parameter of the service.
+        # Unsupported claim locales in the authorization request do not cause an error and are just ignored.
+        # 
+        field :claims_locales, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('claimsLocales') } }
+        # The list of claims that the client application requests to be embedded in the ID token.
+        # The value comes from (1) `id_token` in `claims` request parameter [1] and/or (2) special scopes (`profile`, `email`, `address` and `phone`)
+        # which are expanded to claims.
+        # 
+        # See [OpenID Connect Core 1.0, 5.5. Requesting Claims using the "claims" Request Parameter](https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter)
+        # for `claims` request parameter, and see [OpenID Connect Core 1.0, 5.4. Requesting Claims using Scope Values](https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims)
+        # for the special scopes.
+        # 
+        field :claims, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('claims') } }
+        # This boolean value indicates whether the authentication of the end-user must be one of the ACRs (Authentication Context Class References) listed in `acrs` parameter.
+        # This parameter becomes `true` only when (1) the authorization request contains `claims` request parameter and (2) `acr` claim is in it, and (3) `essential` property of
+        # the `acr` claim is `true`. See [OpenID Connect Core 1.0, 5.5.1.1. Requesting the "acr" Claim](https://openid.net/specs/openid-connect-core-1_0.html#acrSemantics) for details.
+        # 
+        field :acr_essential, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('acrEssential') } }
+        # `true` if the value of the `client_id` request parameter included in the authorization request is the client ID alias.
+        # `false` if the value is the original numeric client ID.
+        # 
+        field :client_id_alias_used, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientIdAliasUsed') } }
+        # The list of ACRs (Authentication Context Class References) one of which the client application requests to be satisfied for the authentication of the end-user.
+        # This value comes from `acr_values` request parameter or `defaultAcrs` configuration parameter of the client application.
+        # 
+        # See "[OpenID Connect Core 1.0, 3.1.2.1. Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest), acr_values" for `acr_values`
+        # request parameter, and see "[OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata),
+        # default_acr_values" for `defaultAcrs` configuration parameter.
+        # 
+        field :acrs, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('acrs') } }
+        # The subject (= unique user ID managed by the authorization server implementation) that the client application expects to grant authorization.
+        # The value comes from `sub` claim in `claims` request parameter.
+        # 
+        field :subject, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('subject') } }
+        # A hint about the login identifier of the end-user. The value comes from `login_hint` request parameter.
+        field :login_hint, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('loginHint') } }
+        # The list of values of prompt request parameter. See "[OpenID Connect Core 1.0, 3.1.2.1. Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest), prompt" for prompt request parameter.
+        field :prompts, Crystalline::Nilable.new(Crystalline::Array.new(Models::Components::Prompt)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('prompts') } }
+        # The prompt that the UI displayed to the end-user must satisfy as the minimum level. This value comes from `prompt` request parameter.
+        # 
+        # When the authorization request does not contain `prompt` request parameter, `CONSENT` is used as the default value.
+        # 
+        # See "[OpenID Connect Core 1.0, 3.1.2.1. Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest), prompt" for `prompt` request parameter.
+        # 
+        field :lowest_prompt, Crystalline::Nilable.new(Models::Components::Prompt), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('lowestPrompt'), 'decoder': Utils.enum_from_string(Models::Components::Prompt, true) } }
+        # The payload part of the request object. The value of this proprty is `null` if the authorization request does not include a request object.
+        # 
+        field :request_object_payload, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('requestObjectPayload') } }
+        # The value of the `id_token` property in the claims request parameter or in the claims property in a request object.
+        # 
+        # A client application may request certain claims be embedded in an ID token or in a response from the userInfo endpoint.
+        # There are several ways. Including the `claims` request parameter and including the `claims` property in a request object are such examples.
+        # In both the cases, the value of the `claims` parameter/property is JSON. Its format is described in [5.5. Requesting Claims using the "claims"
+        # Request Parameter](https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter).
+        # 
+        # The following is an excerpt from the specification.
+        # You can find `userinfo` and `id_token` are top-level properties.
+        # 
+        # ```json
+        # {
+        #   "userinfo":
+        #   {
+        #     "given_name": { "essential": true },
+        #     "nickname": null,
+        #     "email": { "essential": true },
+        #     "email_verified": { "essential": true },
+        #     "picture": null,
+        #     "http://example.info/claims/groups": null
+        #   },
+        #   "id_token":
+        #   {
+        #     "auth_time": { "essential": true },
+        #     "acr": { "values": [ "urn:mace:incommon:iap:silver" ] }
+        #   }
+        # }
+        # ```
+        # 
+        # This value of this property is the value of the `id_token` property in JSON format.
+        # For example, if the JSON above is included in an authorization request, this property holds JSON equivalent to the following.
+        # 
+        # ```json
+        # {
+        #   "auth_time": { "essential": true },
+        #   "acr": { "values": [ "urn:mace:incommon:iap:silver" ] }
+        # }
+        # ```
+        # 
+        # Note that if a request object is given and it contains the `claims` property and if the `claims` request parameter is also given,
+        # this property holds the former value.
+        # 
+        field :id_token_claims, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('idTokenClaims') } }
+        # The value of the `userinfo` property in the `claims` request parameter or in the `claims` property in a request object.
+        # 
+        # A client application may request certain claims be embedded in an ID token or in a response from the userInfo endpoint.
+        # There are several ways. Including the `claims` request parameter and including the `claims` property in a request object are such examples.
+        # In both the cases, the value of the `claims` parameter/property is JSON. Its format is described in [5.5. Requesting Claims using the "claims"
+        # Request Parameter](https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter).
+        # 
+        # The following is an excerpt from the specification. You can find `userinfo` and `id_token` are top-level properties.
+        # 
+        # ```json
+        # {
+        #   "userinfo":
+        #   {
+        #     "given_name": { "essential": true },
+        #     "nickname": null,
+        #     "email": { "essential": true },
+        #     "email_verified": { "essential": true },
+        #     "picture": null,
+        #     "http://example.info/claims/groups": null
+        #   },
+        #   "id_token":
+        #   {
+        #     "auth_time": { "essential": true },
+        #     "acr": { "values": [ "urn:mace:incommon:iap:silver" ] }
+        #   }
+        # }
+        # ````
+        # 
+        # The value of this property is the value of the `userinfo` property in JSON format.
+        # For example, if the JSON above is included in an authorization request, this property holds JSON equivalent to the following.
+        # 
+        # ```json
+        # {
+        #   "given_name": { "essential": true },
+        #   "nickname": null,
+        #   "email": { "essential": true },
+        #   "email_verified": { "essential": true },
+        #   "picture": null,
+        #   "http://example.info/claims/groups": null
+        # }
+        # ```
+        # 
+        # Note that if a request object is given and it contains the `claims` property and if the `claims` request parameter is also given,
+        # the value of this property holds the former value.
+        # 
+        field :user_info_claims, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('userInfoClaims') } }
+        # The resources specified by the `resource` request parameters or by the `resource` property in the request object.
+        # If both are given, the values in the request object should be set. See "Resource Indicators for OAuth 2.0" for details.
+        # 
+        field :resources, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('resources') } }
+        # The authorization details. This represents the value of the `authorization_details`
+        # request parameter in the preceding device authorization request which is defined in
+        # "OAuth 2.0 Rich Authorization Requests".
+        # 
+        field :authorization_details, Crystalline::Nilable.new(Models::Components::AuthzDetails), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('authorizationDetails') } }
+        # The `purpose` request parameter is defined in [9. Transaction-specific Purpose](https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html#name-transaction-specific-purpos)
+        # of [OpenID Connect for Identity Assurance 1.0](https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html) as follows:
+        # 
+        # > purpose: OPTIONAL. String describing the purpose for obtaining certain user data from the OP. The purpose MUST NOT be shorter than 3 characters and MUST NOT be longer than 300 characters.
+        # If these rules are violated, the authentication request MUST fail and the OP returns an error invalid_request to the RP.
+        # 
+        field :purpose, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('purpose') } }
+        # The content that the authorization server implementation is to return to the client application.
+        # Its format varies depending on the value of `action` parameter.
+        # 
+        field :response_content, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('responseContent') } }
+        # A ticket issued by Authlete to the service implementation. This is needed when the service
+        # implementation calls either `/auth/authorization/fail` API or `/auth/authorization/issue`
+        # API.
+        # 
+        field :ticket, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('ticket') } }
+        # The dynamic scopes which the client application requested by the scope request parameter.
+        # 
+        field :dynamic_scopes, Crystalline::Nilable.new(Crystalline::Array.new(Models::Components::DynamicScope)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('dynamicScopes') } }
+        # The grant management action of the device authorization request.
+        # 
+        # The `grant_management_action` request parameter is defined in
+        # [Grant Management for OAuth 2.0](https://openid.net/specs/fapi-grant-management.html).
+        # 
+        field :gm_action, Crystalline::Nilable.new(Models::Components::GrantManagementAction), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('gmAction'), 'decoder': Utils.enum_from_string(Models::Components::GrantManagementAction, true) } }
+        # the value of the `grant_id` request parameter of the device authorization request.
+        # 
+        # The `grant_id` request parameter is defined in
+        # [Grant Management for OAuth 2.0](https://openid.net/specs/fapi-grant-management.html)
+        # , which is supported by Authlete 2.3 and newer versions.
+        # 
+        field :grant_id, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('grantId') } }
+
+        field :grant, Crystalline::Nilable.new(Models::Components::Grant), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('grant') } }
+        # The subject identifying the user who has given the grant identified
+        # by the `grant\_id` request parameter of the device authorization
+        # request.
+        # Authlete 2.3 and newer versions support [Grant Management
+        # for OAuth 2.0](https://openid.net/specs/fapi-grant-management.html). An authorization request may contain a `grant\_id`
+        # request parameter which is defined in the specification. If the value of
+        # the request parameter is valid, {@link #getGrantSubject()} will return
+        # the subject of the user who has given the grant to the client application.
+        # Authorization server implementations may use the value returned from
+        # {@link #getGrantSubject()} in order to determine the user to authenticate.
+        # The user your system will authenticate during the authorization process
+        # (or has already authenticated) may be different from the user of the
+        # grant. The first implementer's draft of "Grant Management for OAuth 2.0"
+        # does not mention anything about the case, so the behavior in the case is
+        # left to implementations. Authlete will not perform the grant management
+        # action when the `subject` passed to Authlete does not match the
+        # user of the grant.
+        # 
+        field :grant_subject, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('grantSubject') } }
+        # Names of claims that are requested indirectly by *"transformed
+        # claims"*.
+        # A client application can request *"transformed claims"* by adding
+        # names of transformed claims in the `claims` request parameter.
+        # The following is an example of the `claims` request parameter
+        # that requests a predefined transformed claim named `18\_or\_over`
+        # and a transformed claim named `nationality\_usa` to be embedded
+        # in the response from the userinfo endpoint.
+        # ```json
+        # {
+        # "transformed\_claims": {
+        # "nationality\_usa": {
+        # "claim": "nationalities",
+        # "fn": [
+        # [ "eq", "USA" ],
+        # "any"
+        # ]
+        # }
+        # },
+        # "userinfo": {
+        # "::18\_or\_over": null,
+        # ":nationality\_usa": null
+        # }
+        # }
+        # ```
+        # The example above assumes that a transformed claim named `18\_or\_over`
+        # is predefined by the authorization server like below.
+        # ```json
+        # {
+        # "18\_or\_over": {
+        # "claim": "birthdate",
+        # "fn": [
+        # "years\_ago",
+        # [ "gte", 18 ]
+        # ]
+        # }
+        # }
+        # ```
+        # In the example, the `nationalities` claim is requested indirectly
+        # by the `nationality\_usa` transformed claim. Likewise, the
+        # `birthdate` claim is requested indirectly by the `18\_or\_over`
+        # transformed claim.
+        # When the `claims` request parameter of an authorization request is
+        # like the example above, this `requestedClaimsForTx` property will
+        # hold the following value.
+        # ```json
+        # [ "birthdate", "nationalities" ]
+        # ```
+        # It is expected that the authorization server implementation prepares values
+        # of the listed claims and passes them as the value of the `claimsForTx`
+        # request parameter when it calls the `/api/auth/userinfo/issue` API. The following
+        # is an example of the value of the `claimsForTx` request parameter.
+        # ```json
+        # {
+        # "birthdate": "1970-01-23",
+        # "nationalities": [ "DEU", "USA" ]
+        # }
+        # ```
+        # 
+        field :requested_claims_for_tx, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('requestedClaimsForTx') } }
+        # Names of verified claims that will be referenced when transformed claims are computed.
+        # 
+        field :requested_verified_claims_for_tx, Crystalline::Nilable.new(Crystalline::Array.new(Crystalline::Array.new(::String))), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('requestedVerifiedClaimsForTx') } }
+        # the value of the `transformed_claims` property in the `claims` request
+        # parameter of an authorization request or in the `claims` property in a
+        # request object.
+        # 
+        field :transformed_claims, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('transformedClaims') } }
+        # Flag which indicates whether the entity ID of the client was used when the request for the access token was made.
+        # 
+        field :client_entity_id_used, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientEntityIdUsed') } }
+        # The list of claims that the client application requests to be
+        # embedded in userinfo responses. The value comes from the `"scope"`
+        # and `"claims"` request parameters of the original authorization
+        # request.
+        # 
+        field :claims_at_user_info, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('claimsAtUserInfo') } }
+
+        field :credential_offer_info, Crystalline::Nilable.new(Models::Components::CredentialOfferInfo), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('credentialOfferInfo') } }
+        # The information about the **issuable credentials** that can
+        # be obtained by presenting the access token that will be issued as a
+        # result of the authorization request.
+        # 
+        field :issuable_credentials, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('issuableCredentials') } }
+        # Flag which indicates whether [Native SSO](https://openid.net/specs/openid-connect-native-sso-1_0.html)
+        # is requested. This property should be set to `true` when all the following conditions are satisfied:
+        # 
+        # - The service supports Native SSO (see `nativeSsoSupported` property of Service).
+        # - The service supports the `openid` and `device_sso` scopes.
+        # - The client is allowed to request the `openid` and `device_sso` scopes.
+        # - The authorization request includes the `openid` and `device_sso` scopes.
+        # - The authorization request's `response_type` includes `code`.
+        # 
+        # NOTE: If this property is set to `true`, the `sessionId` request parameter must be provided
+        # to the `/auth/authorization/issue` API.
+        # 
+        field :native_sso_requested, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('nativeSsoRequested') } }
+        # The location of the client's metadata document that was used to resolve client metadata.
+        # 
+        # This property is set when client metadata was retrieved via the [OAuth Client ID Metadata Document](https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/) (CIMD) mechanism.
+        # 
+        field :metadata_document_location, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('metadataDocumentLocation') } }
+        # Flag indicating whether a metadata document was used to resolve client metadata for this request.
+        # 
+        # When `true`, the client metadata was retrieved via the CIMD mechanism rather than from the Authlete database.
+        # 
+        field :metadata_document_used, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('metadataDocumentUsed') } }
+
+        sig { params(result_code: T.nilable(::String), result_message: T.nilable(::String), action: T.nilable(Models::Components::AuthorizationResponseAction), client: T.nilable(Models::Components::ClientLimitedAuthorization), display: T.nilable(Models::Components::Display), max_age: T.nilable(::Integer), service: T.nilable(Models::Components::Service), scopes: T.nilable(T::Array[Models::Components::Scope]), ui_locales: T.nilable(T::Array[::String]), claims_locales: T.nilable(T::Array[::String]), claims: T.nilable(T::Array[::String]), acr_essential: T.nilable(T::Boolean), client_id_alias_used: T.nilable(T::Boolean), acrs: T.nilable(T::Array[::String]), subject: T.nilable(::String), login_hint: T.nilable(::String), prompts: T.nilable(T::Array[Models::Components::Prompt]), lowest_prompt: T.nilable(Models::Components::Prompt), request_object_payload: T.nilable(::String), id_token_claims: T.nilable(::String), user_info_claims: T.nilable(::String), resources: T.nilable(T::Array[::String]), authorization_details: T.nilable(Models::Components::AuthzDetails), purpose: T.nilable(::String), response_content: T.nilable(::String), ticket: T.nilable(::String), dynamic_scopes: T.nilable(T::Array[Models::Components::DynamicScope]), gm_action: T.nilable(Models::Components::GrantManagementAction), grant_id: T.nilable(::String), grant: T.nilable(Models::Components::Grant), grant_subject: T.nilable(::String), requested_claims_for_tx: T.nilable(T::Array[::String]), requested_verified_claims_for_tx: T.nilable(T::Array[T::Array[::String]]), transformed_claims: T.nilable(::String), client_entity_id_used: T.nilable(T::Boolean), claims_at_user_info: T.nilable(T::Array[::String]), credential_offer_info: T.nilable(Models::Components::CredentialOfferInfo), issuable_credentials: T.nilable(::String), native_sso_requested: T.nilable(T::Boolean), metadata_document_location: T.nilable(::String), metadata_document_used: T.nilable(T::Boolean)).void }
+        def initialize(result_code: nil, result_message: nil, action: nil, client: nil, display: nil, max_age: nil, service: nil, scopes: nil, ui_locales: nil, claims_locales: nil, claims: nil, acr_essential: nil, client_id_alias_used: nil, acrs: nil, subject: nil, login_hint: nil, prompts: nil, lowest_prompt: nil, request_object_payload: nil, id_token_claims: nil, user_info_claims: nil, resources: nil, authorization_details: nil, purpose: nil, response_content: nil, ticket: nil, dynamic_scopes: nil, gm_action: nil, grant_id: nil, grant: nil, grant_subject: nil, requested_claims_for_tx: nil, requested_verified_claims_for_tx: nil, transformed_claims: nil, client_entity_id_used: nil, claims_at_user_info: nil, credential_offer_info: nil, issuable_credentials: nil, native_sso_requested: nil, metadata_document_location: nil, metadata_document_used: nil)
+          @result_code = result_code
+          @result_message = result_message
+          @action = action
+          @client = client
+          @display = display
+          @max_age = max_age
+          @service = service
+          @scopes = scopes
+          @ui_locales = ui_locales
+          @claims_locales = claims_locales
+          @claims = claims
+          @acr_essential = acr_essential
+          @client_id_alias_used = client_id_alias_used
+          @acrs = acrs
+          @subject = subject
+          @login_hint = login_hint
+          @prompts = prompts
+          @lowest_prompt = lowest_prompt
+          @request_object_payload = request_object_payload
+          @id_token_claims = id_token_claims
+          @user_info_claims = user_info_claims
+          @resources = resources
+          @authorization_details = authorization_details
+          @purpose = purpose
+          @response_content = response_content
+          @ticket = ticket
+          @dynamic_scopes = dynamic_scopes
+          @gm_action = gm_action
+          @grant_id = grant_id
+          @grant = grant
+          @grant_subject = grant_subject
+          @requested_claims_for_tx = requested_claims_for_tx
+          @requested_verified_claims_for_tx = requested_verified_claims_for_tx
+          @transformed_claims = transformed_claims
+          @client_entity_id_used = client_entity_id_used
+          @claims_at_user_info = claims_at_user_info
+          @credential_offer_info = credential_offer_info
+          @issuable_credentials = issuable_credentials
+          @native_sso_requested = native_sso_requested
+          @metadata_document_location = metadata_document_location
+          @metadata_document_used = metadata_document_used
+        end
+
+        sig { params(other: T.untyped).returns(T::Boolean) }
+        def ==(other)
+          return false unless other.is_a? self.class
+          return false unless @result_code == other.result_code
+          return false unless @result_message == other.result_message
+          return false unless @action == other.action
+          return false unless @client == other.client
+          return false unless @display == other.display
+          return false unless @max_age == other.max_age
+          return false unless @service == other.service
+          return false unless @scopes == other.scopes
+          return false unless @ui_locales == other.ui_locales
+          return false unless @claims_locales == other.claims_locales
+          return false unless @claims == other.claims
+          return false unless @acr_essential == other.acr_essential
+          return false unless @client_id_alias_used == other.client_id_alias_used
+          return false unless @acrs == other.acrs
+          return false unless @subject == other.subject
+          return false unless @login_hint == other.login_hint
+          return false unless @prompts == other.prompts
+          return false unless @lowest_prompt == other.lowest_prompt
+          return false unless @request_object_payload == other.request_object_payload
+          return false unless @id_token_claims == other.id_token_claims
+          return false unless @user_info_claims == other.user_info_claims
+          return false unless @resources == other.resources
+          return false unless @authorization_details == other.authorization_details
+          return false unless @purpose == other.purpose
+          return false unless @response_content == other.response_content
+          return false unless @ticket == other.ticket
+          return false unless @dynamic_scopes == other.dynamic_scopes
+          return false unless @gm_action == other.gm_action
+          return false unless @grant_id == other.grant_id
+          return false unless @grant == other.grant
+          return false unless @grant_subject == other.grant_subject
+          return false unless @requested_claims_for_tx == other.requested_claims_for_tx
+          return false unless @requested_verified_claims_for_tx == other.requested_verified_claims_for_tx
+          return false unless @transformed_claims == other.transformed_claims
+          return false unless @client_entity_id_used == other.client_entity_id_used
+          return false unless @claims_at_user_info == other.claims_at_user_info
+          return false unless @credential_offer_info == other.credential_offer_info
+          return false unless @issuable_credentials == other.issuable_credentials
+          return false unless @native_sso_requested == other.native_sso_requested
+          return false unless @metadata_document_location == other.metadata_document_location
+          return false unless @metadata_document_used == other.metadata_document_used
+          true
+        end
+      end
+    end
+  end
+end

data/lib/authlete/models/components/authorization_response.rbi

@@ -0,0 +1,93 @@
+# typed: true
+# frozen_string_literal: true
+
+
+class Authlete::Models::Components::AuthorizationResponse
+  extend ::Crystalline::MetadataFields::ClassMethods
+end
+
+
+class Authlete::Models::Components::AuthorizationResponse
+  def result_code(); end
+  def result_code=(str_); end
+  def result_message(); end
+  def result_message=(str_); end
+  def action(); end
+  def action=(str_); end
+  def client(); end
+  def client=(str_); end
+  def display(); end
+  def display=(str_); end
+  def max_age(); end
+  def max_age=(str_); end
+  def service(); end
+  def service=(str_); end
+  def scopes(); end
+  def scopes=(str_); end
+  def ui_locales(); end
+  def ui_locales=(str_); end
+  def claims_locales(); end
+  def claims_locales=(str_); end
+  def claims(); end
+  def claims=(str_); end
+  def acr_essential(); end
+  def acr_essential=(str_); end
+  def client_id_alias_used(); end
+  def client_id_alias_used=(str_); end
+  def acrs(); end
+  def acrs=(str_); end
+  def subject(); end
+  def subject=(str_); end
+  def login_hint(); end
+  def login_hint=(str_); end
+  def prompts(); end
+  def prompts=(str_); end
+  def lowest_prompt(); end
+  def lowest_prompt=(str_); end
+  def request_object_payload(); end
+  def request_object_payload=(str_); end
+  def id_token_claims(); end
+  def id_token_claims=(str_); end
+  def user_info_claims(); end
+  def user_info_claims=(str_); end
+  def resources(); end
+  def resources=(str_); end
+  def authorization_details(); end
+  def authorization_details=(str_); end
+  def purpose(); end
+  def purpose=(str_); end
+  def response_content(); end
+  def response_content=(str_); end
+  def ticket(); end
+  def ticket=(str_); end
+  def dynamic_scopes(); end
+  def dynamic_scopes=(str_); end
+  def gm_action(); end
+  def gm_action=(str_); end
+  def grant_id(); end
+  def grant_id=(str_); end
+  def grant(); end
+  def grant=(str_); end
+  def grant_subject(); end
+  def grant_subject=(str_); end
+  def requested_claims_for_tx(); end
+  def requested_claims_for_tx=(str_); end
+  def requested_verified_claims_for_tx(); end
+  def requested_verified_claims_for_tx=(str_); end
+  def transformed_claims(); end
+  def transformed_claims=(str_); end
+  def client_entity_id_used(); end
+  def client_entity_id_used=(str_); end
+  def claims_at_user_info(); end
+  def claims_at_user_info=(str_); end
+  def credential_offer_info(); end
+  def credential_offer_info=(str_); end
+  def issuable_credentials(); end
+  def issuable_credentials=(str_); end
+  def native_sso_requested(); end
+  def native_sso_requested=(str_); end
+  def metadata_document_location(); end
+  def metadata_document_location=(str_); end
+  def metadata_document_used(); end
+  def metadata_document_used=(str_); end
+end

data/lib/authlete/models/components/authorization_response_action.rb

@@ -0,0 +1,26 @@
+# Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+
+# typed: true
+# frozen_string_literal: true
+
+
+module Authlete
+  module Models
+    module Components
+    
+      # AuthorizationResponseAction - The next action that the authorization server implementation should take.
+      class AuthorizationResponseAction < T::Enum
+
+
+        enums do
+          INTERNAL_SERVER_ERROR = new('INTERNAL_SERVER_ERROR')
+          BAD_REQUEST = new('BAD_REQUEST')
+          LOCATION = new('LOCATION')
+          FORM = new('FORM')
+          NO_INTERACTION = new('NO_INTERACTION')
+          INTERACTION = new('INTERACTION')
+        end
+      end
+    end
+  end
+end

data/lib/authlete/models/components/authorization_response_action.rbi

@@ -0,0 +1,11 @@
+# typed: true
+# frozen_string_literal: true
+
+
+class Authlete::Models::Components::AuthorizationResponseAction
+  extend ::Crystalline::MetadataFields::ClassMethods
+end
+
+
+class Authlete::Models::Components::AuthorizationResponseAction
+end