authlete_ruby_test 0.0.1.beta

data/lib/authlete/models/components/backchannel_authentication_issue_response_action.rb

@@ -0,0 +1,23 @@
+# Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+
+# typed: true
+# frozen_string_literal: true
+
+
+module Authlete
+  module Models
+    module Components
+    
+      # BackchannelAuthenticationIssueResponseAction - The next action that the authorization server implementation should take.
+      class BackchannelAuthenticationIssueResponseAction < T::Enum
+
+
+        enums do
+          INTERNAL_SERVER_ERROR = new('INTERNAL_SERVER_ERROR')
+          INVALID_TICKET = new('INVALID_TICKET')
+          OK = new('OK')
+        end
+      end
+    end
+  end
+end

data/lib/authlete/models/components/backchannel_authentication_issue_response_action.rbi

@@ -0,0 +1,11 @@
+# typed: true
+# frozen_string_literal: true
+
+
+class Authlete::Models::Components::BackchannelAuthenticationIssueResponseAction
+  extend ::Crystalline::MetadataFields::ClassMethods
+end
+
+
+class Authlete::Models::Components::BackchannelAuthenticationIssueResponseAction
+end

data/lib/authlete/models/components/backchannel_authentication_request.rb

@@ -0,0 +1,91 @@
+# Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+
+# typed: true
+# frozen_string_literal: true
+
+
+module Authlete
+  module Models
+    module Components
+    
+
+      class BackchannelAuthenticationRequest
+        extend T::Sig
+        include Crystalline::MetadataFields
+
+        # Parameters of a backchannel authentication request which are the request parameters that the
+        # backchannel authentication endpoint of the OpenID provider implementation received from the client
+        # application.
+        # 
+        # The value of `parameters` is the entire entity body (which is formatted in `application/x-www-form-urlencoded`)
+        # of the request from the client application.
+        # 
+        field :parameters, ::String, { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('parameters'), required: true }, 'form': { 'field_name': 'parameters' } }
+        # The client ID extracted from Authorization header of the backchannel authentication request from
+        # the client application.
+        # 
+        # If the backchannel authentication endpoint of the OpenID provider implementation supports Basic
+        # Authentication as a means of client authentication, and the request from the client application
+        # contained its client ID in Authorization header, the value should be extracted and set to this parameter.
+        # 
+        field :client_id, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientId') }, 'form': { 'field_name': 'clientId' } }
+        # The client secret extracted from Authorization header of the backchannel authentication request
+        # from the client application.
+        # 
+        # If the backchannel authentication endpoint of the OpenID provider implementation supports Basic
+        # Authentication as a means of client authentication, and the request from the client application
+        # contained its client secret in Authorization header, the value should be extracted and set to
+        # this parameter.
+        # 
+        field :client_secret, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientSecret') }, 'form': { 'field_name': 'clientSecret' } }
+        # The client certification used in the TLS connection between the client application and the
+        # backchannel authentication endpoint of the OpenID provider.
+        # 
+        field :client_certificate, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientCertificate') }, 'form': { 'field_name': 'clientCertificate' } }
+        # The client certificate path presented by the client during client authentication. Each element
+        # is a string in PEM format.
+        # 
+        field :client_certificate_path, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientCertificatePath') }, 'form': { 'field_name': 'clientCertificatePath' } }
+        # The value of the `OAuth-Client-Attestation` HTTP header, which is defined in the specification
+        # of [OAuth 2.0 Attestation-Based Client Authentication](https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/).
+        # 
+        field :oauth_client_attestation, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('oauthClientAttestation') }, 'form': { 'field_name': 'oauthClientAttestation' } }
+        # The value of the `OAuth-Client-Attestation-PoP` HTTP header, which is defined in the specification
+        # of [OAuth 2.0 Attestation-Based Client Authentication](https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/).
+        # 
+        field :oauth_client_attestation_pop, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('oauthClientAttestationPop') }, 'form': { 'field_name': 'oauthClientAttestationPop' } }
+        # Options for [OAuth Client ID Metadata Document](https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/) (CIMD).
+        # 
+        # These options allow per-request control over CIMD behavior, taking precedence over service-level configuration when provided.
+        # 
+        field :cimd_options, Crystalline::Nilable.new(Models::Components::CimdOptions), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('cimdOptions') }, 'form': { 'field_name': 'cimdOptions', 'json': true } }
+
+        sig { params(parameters: ::String, client_id: T.nilable(::String), client_secret: T.nilable(::String), client_certificate: T.nilable(::String), client_certificate_path: T.nilable(T::Array[::String]), oauth_client_attestation: T.nilable(::String), oauth_client_attestation_pop: T.nilable(::String), cimd_options: T.nilable(Models::Components::CimdOptions)).void }
+        def initialize(parameters:, client_id: nil, client_secret: nil, client_certificate: nil, client_certificate_path: nil, oauth_client_attestation: nil, oauth_client_attestation_pop: nil, cimd_options: nil)
+          @parameters = parameters
+          @client_id = client_id
+          @client_secret = client_secret
+          @client_certificate = client_certificate
+          @client_certificate_path = client_certificate_path
+          @oauth_client_attestation = oauth_client_attestation
+          @oauth_client_attestation_pop = oauth_client_attestation_pop
+          @cimd_options = cimd_options
+        end
+
+        sig { params(other: T.untyped).returns(T::Boolean) }
+        def ==(other)
+          return false unless other.is_a? self.class
+          return false unless @parameters == other.parameters
+          return false unless @client_id == other.client_id
+          return false unless @client_secret == other.client_secret
+          return false unless @client_certificate == other.client_certificate
+          return false unless @client_certificate_path == other.client_certificate_path
+          return false unless @oauth_client_attestation == other.oauth_client_attestation
+          return false unless @oauth_client_attestation_pop == other.oauth_client_attestation_pop
+          return false unless @cimd_options == other.cimd_options
+          true
+        end
+      end
+    end
+  end
+end

data/lib/authlete/models/components/backchannel_authentication_request.rbi

@@ -0,0 +1,27 @@
+# typed: true
+# frozen_string_literal: true
+
+
+class Authlete::Models::Components::BackchannelAuthenticationRequest
+  extend ::Crystalline::MetadataFields::ClassMethods
+end
+
+
+class Authlete::Models::Components::BackchannelAuthenticationRequest
+  def parameters(); end
+  def parameters=(str_); end
+  def client_id(); end
+  def client_id=(str_); end
+  def client_secret(); end
+  def client_secret=(str_); end
+  def client_certificate(); end
+  def client_certificate=(str_); end
+  def client_certificate_path(); end
+  def client_certificate_path=(str_); end
+  def oauth_client_attestation(); end
+  def oauth_client_attestation=(str_); end
+  def oauth_client_attestation_pop(); end
+  def oauth_client_attestation_pop=(str_); end
+  def cimd_options(); end
+  def cimd_options=(str_); end
+end

data/lib/authlete/models/components/backchannel_authentication_response.rb

@@ -0,0 +1,272 @@
+# Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+
+# typed: true
+# frozen_string_literal: true
+
+
+module Authlete
+  module Models
+    module Components
+    
+
+      class BackchannelAuthenticationResponse
+        extend T::Sig
+        include Crystalline::MetadataFields
+
+        # The code which represents the result of the API call.
+        field :result_code, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('resultCode') } }
+        # A short message which explains the result of the API call.
+        field :result_message, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('resultMessage') } }
+        # The next action that the authorization server implementation should take.
+        field :action, Crystalline::Nilable.new(Models::Components::BackchannelAuthenticationResponseAction), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('action'), 'decoder': Utils.enum_from_string(Models::Components::BackchannelAuthenticationResponseAction, true) } }
+        # The content that the authorization server implementation is to return to the client
+        # application. Its format varies depending on the value of `action` parameter.
+        # 
+        field :response_content, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('responseContent') } }
+        # The client ID of the client application that has made the backchannel authentication
+        # request.
+        # 
+        field :client_id, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientId') } }
+        # The client ID alias of the client application that has made the backchannel authentication
+        # request.
+        # 
+        field :client_id_alias, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientIdAlias') } }
+        # `true` if the value of the client_id request parameter included in the backchannel
+        # authentication request is the client ID alias. `false` if the value is the original
+        # numeric client ID.
+        # 
+        field :client_id_alias_used, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientIdAliasUsed') } }
+        # The name of the client application which has made the backchannel authentication request.
+        # 
+        field :client_name, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientName') } }
+        # The scopes requested by the backchannel authentication request.
+        # 
+        # Basically, this property holds the value of the `scope` request parameter in the backchannel
+        # authentication request. However, because unregistered scopes are dropped on Authlete side,
+        # if the `scope` request parameter contains unknown scopes, the list returned by this
+        # property becomes different from the value of the `scope` request parameter.
+        # 
+        # Note that `description` property and `descriptions` property of each `scope` object
+        # in the array contained in this property is always null even if descriptions of the scopes
+        # are registered.
+        # 
+        field :scopes, Crystalline::Nilable.new(Crystalline::Array.new(Models::Components::Scope)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('scopes') } }
+        # The names of the claims which were requested indirectly via some special scopes.
+        # See [5.4. Requesting Claims using Scope Values](https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims)
+        # in OpenID Connect Core 1.0 for details.
+        # 
+        field :claim_names, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('claimNames') } }
+        # The client notification token included in the backchannel authentication request.
+        # 
+        field :client_notification_token, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientNotificationToken') } }
+        # The list of ACR values requested by the backchannel authentication request.
+        # 
+        # Basically, this property holds the value of the `acr_values` request parameter in the
+        # backchannel authentication request. However, because unsupported ACR values are dropped
+        # on Authlete side, if the `acr_values` request parameter contains unrecognized ACR values,
+        # the list returned by this property becomes different from the value of the `acr_values`
+        # request parameter.
+        # 
+        field :acrs, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('acrs') } }
+        # The type of the hint for end-user identification which was included in the backchannel authentication request.
+        # 
+        field :hint_type, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('hintType') } }
+        # The value of the hint for end-user identification.
+        # 
+        field :hint, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('hint') } }
+        # The value of the `sub` claim contained in the ID token hint included in the backchannel authentication request.
+        # 
+        field :sub, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('sub') } }
+        # The binding message included in the backchannel authentication request.
+        # 
+        field :binding_message, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('bindingMessage') } }
+        # The binding message included in the backchannel authentication request.
+        # 
+        field :user_code, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('userCode') } }
+        # The flag which indicates whether a user code is required.
+        # 
+        # `true` when both the `backchannel_user_code_parameter` metadata of the client (= Client's
+        # `bcUserCodeRequired` property) and the `backchannel_user_code_parameter_supported`
+        # metadata of the service (= Service's `backchannelUserCodeParameterSupported` property)
+        # are `true`.
+        # 
+        field :user_code_required, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('userCodeRequired') } }
+        # The requested expiry for the authentication request ID (`auth_req_id`).
+        # 
+        field :requested_expiry, Crystalline::Nilable.new(::Integer), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('requestedExpiry') } }
+        # The request context of the backchannel authentication request.
+        # 
+        # It is the value of the request_context claim in the signed authentication request and
+        # its format is JSON. request_context is a new claim added by the FAPI-CIBA profile.
+        # 
+        field :request_context, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('requestContext') } }
+        # The warnings raised during processing the backchannel authentication request.
+        # 
+        field :warnings, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('warnings') } }
+        # The ticket which is necessary to call Authlete's `/auth/token/fail` API or `/auth/token/issue` API.
+        # 
+        # This parameter has a value only if the value of `grant_type` request parameter is `password` and the token request is valid.
+        # 
+        field :ticket, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('ticket') } }
+        # The resources specified by the `resource` request parameters or by the `resource` property
+        # in the request object. If both are given, the values in the request object should be
+        # set. See "Resource Indicators for OAuth 2.0" for details.
+        # 
+        field :resources, Crystalline::Nilable.new(Crystalline::Array.new(::String)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('resources') } }
+        # The authorization details. This represents the value of the `authorization_details`
+        # request parameter in the preceding device authorization request which is defined in
+        # "OAuth 2.0 Rich Authorization Requests".
+        # 
+        field :authorization_details, Crystalline::Nilable.new(Models::Components::AuthzDetails), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('authorizationDetails') } }
+        # The attributes of this service that the client application belongs to.
+        # 
+        field :service_attributes, Crystalline::Nilable.new(Crystalline::Array.new(Models::Components::Pair)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('serviceAttributes') } }
+        # The attributes of the client.
+        # 
+        field :client_attributes, Crystalline::Nilable.new(Crystalline::Array.new(Models::Components::Pair)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientAttributes') } }
+        # The dynamic scopes which the client application requested by the scope request parameter.
+        # 
+        field :dynamic_scopes, Crystalline::Nilable.new(Crystalline::Array.new(Models::Components::DynamicScope)), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('dynamicScopes') } }
+
+        field :delivery_mode, Crystalline::Nilable.new(Models::Components::DeliveryMode), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('deliveryMode'), 'decoder': Utils.enum_from_string(Models::Components::DeliveryMode, true) } }
+        # The client authentication method that was performed.
+        # 
+        field :client_auth_method, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientAuthMethod') } }
+        # The grant management action of the device authorization request.
+        # 
+        # The `grant_management_action` request parameter is defined in
+        # [Grant Management for OAuth 2.0](https://openid.net/specs/fapi-grant-management.html).
+        # 
+        field :gm_action, Crystalline::Nilable.new(Models::Components::GrantManagementAction), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('gmAction'), 'decoder': Utils.enum_from_string(Models::Components::GrantManagementAction, true) } }
+        # the value of the `grant_id` request parameter of the device authorization request.
+        # 
+        # The `grant_id` request parameter is defined in
+        # [Grant Management for OAuth 2.0](https://openid.net/specs/fapi-grant-management.html)
+        # , which is supported by Authlete 2.3 and newer versions.
+        # 
+        field :grant_id, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('grantId') } }
+
+        field :grant, Crystalline::Nilable.new(Models::Components::Grant), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('grant') } }
+        # The subject identifying the user who has given the grant identified
+        # by the `grant\_id` request parameter of the device authorization
+        # request.
+        # Authlete 2.3 and newer versions support [Grant Management
+        # for OAuth 2.0](https://openid.net/specs/fapi-grant-management.html). An authorization request may contain a `grant\_id`
+        # request parameter which is defined in the specification. If the value of
+        # the request parameter is valid, {@link #getGrantSubject()} will return
+        # the subject of the user who has given the grant to the client application.
+        # Authorization server implementations may use the value returned from
+        # {@link #getGrantSubject()} in order to determine the user to authenticate.
+        # The user your system will authenticate during the authorization process
+        # (or has already authenticated) may be different from the user of the
+        # grant. The first implementer's draft of "Grant Management for OAuth 2.0"
+        # does not mention anything about the case, so the behavior in the case is
+        # left to implementations. Authlete will not perform the grant management
+        # action when the `subject` passed to Authlete does not match the
+        # user of the grant.
+        # 
+        field :grant_subject, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('grantSubject') } }
+        # The entity ID of the client.
+        # 
+        field :client_entity_id, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientEntityId') } }
+        # Flag which indicates whether the entity ID of the client was used when the request for the access token was made.
+        # 
+        field :client_entity_id_used, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('clientEntityIdUsed') } }
+        # The location of the client's metadata document that was used to resolve client metadata.
+        # 
+        # This property is set when client metadata was retrieved via the [OAuth Client ID Metadata Document](https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/) (CIMD) mechanism.
+        # 
+        field :metadata_document_location, Crystalline::Nilable.new(::String), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('metadataDocumentLocation') } }
+        # Flag indicating whether a metadata document was used to resolve client metadata for this request.
+        # 
+        # When `true`, the client metadata was retrieved via the CIMD mechanism rather than from the Authlete database.
+        # 
+        field :metadata_document_used, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('metadataDocumentUsed') } }
+
+        sig { params(result_code: T.nilable(::String), result_message: T.nilable(::String), action: T.nilable(Models::Components::BackchannelAuthenticationResponseAction), response_content: T.nilable(::String), client_id: T.nilable(::Integer), client_id_alias: T.nilable(::String), client_id_alias_used: T.nilable(T::Boolean), client_name: T.nilable(::String), scopes: T.nilable(T::Array[Models::Components::Scope]), claim_names: T.nilable(T::Array[::String]), client_notification_token: T.nilable(::String), acrs: T.nilable(T::Array[::String]), hint_type: T.nilable(::String), hint: T.nilable(::String), sub: T.nilable(::String), binding_message: T.nilable(::String), user_code: T.nilable(::String), user_code_required: T.nilable(T::Boolean), requested_expiry: T.nilable(::Integer), request_context: T.nilable(::String), warnings: T.nilable(T::Array[::String]), ticket: T.nilable(::String), resources: T.nilable(T::Array[::String]), authorization_details: T.nilable(Models::Components::AuthzDetails), service_attributes: T.nilable(T::Array[Models::Components::Pair]), client_attributes: T.nilable(T::Array[Models::Components::Pair]), dynamic_scopes: T.nilable(T::Array[Models::Components::DynamicScope]), delivery_mode: T.nilable(Models::Components::DeliveryMode), client_auth_method: T.nilable(::String), gm_action: T.nilable(Models::Components::GrantManagementAction), grant_id: T.nilable(::String), grant: T.nilable(Models::Components::Grant), grant_subject: T.nilable(::String), client_entity_id: T.nilable(::String), client_entity_id_used: T.nilable(T::Boolean), metadata_document_location: T.nilable(::String), metadata_document_used: T.nilable(T::Boolean)).void }
+        def initialize(result_code: nil, result_message: nil, action: nil, response_content: nil, client_id: nil, client_id_alias: nil, client_id_alias_used: nil, client_name: nil, scopes: nil, claim_names: nil, client_notification_token: nil, acrs: nil, hint_type: nil, hint: nil, sub: nil, binding_message: nil, user_code: nil, user_code_required: nil, requested_expiry: nil, request_context: nil, warnings: nil, ticket: nil, resources: nil, authorization_details: nil, service_attributes: nil, client_attributes: nil, dynamic_scopes: nil, delivery_mode: nil, client_auth_method: nil, gm_action: nil, grant_id: nil, grant: nil, grant_subject: nil, client_entity_id: nil, client_entity_id_used: nil, metadata_document_location: nil, metadata_document_used: nil)
+          @result_code = result_code
+          @result_message = result_message
+          @action = action
+          @response_content = response_content
+          @client_id = client_id
+          @client_id_alias = client_id_alias
+          @client_id_alias_used = client_id_alias_used
+          @client_name = client_name
+          @scopes = scopes
+          @claim_names = claim_names
+          @client_notification_token = client_notification_token
+          @acrs = acrs
+          @hint_type = hint_type
+          @hint = hint
+          @sub = sub
+          @binding_message = binding_message
+          @user_code = user_code
+          @user_code_required = user_code_required
+          @requested_expiry = requested_expiry
+          @request_context = request_context
+          @warnings = warnings
+          @ticket = ticket
+          @resources = resources
+          @authorization_details = authorization_details
+          @service_attributes = service_attributes
+          @client_attributes = client_attributes
+          @dynamic_scopes = dynamic_scopes
+          @delivery_mode = delivery_mode
+          @client_auth_method = client_auth_method
+          @gm_action = gm_action
+          @grant_id = grant_id
+          @grant = grant
+          @grant_subject = grant_subject
+          @client_entity_id = client_entity_id
+          @client_entity_id_used = client_entity_id_used
+          @metadata_document_location = metadata_document_location
+          @metadata_document_used = metadata_document_used
+        end
+
+        sig { params(other: T.untyped).returns(T::Boolean) }
+        def ==(other)
+          return false unless other.is_a? self.class
+          return false unless @result_code == other.result_code
+          return false unless @result_message == other.result_message
+          return false unless @action == other.action
+          return false unless @response_content == other.response_content
+          return false unless @client_id == other.client_id
+          return false unless @client_id_alias == other.client_id_alias
+          return false unless @client_id_alias_used == other.client_id_alias_used
+          return false unless @client_name == other.client_name
+          return false unless @scopes == other.scopes
+          return false unless @claim_names == other.claim_names
+          return false unless @client_notification_token == other.client_notification_token
+          return false unless @acrs == other.acrs
+          return false unless @hint_type == other.hint_type
+          return false unless @hint == other.hint
+          return false unless @sub == other.sub
+          return false unless @binding_message == other.binding_message
+          return false unless @user_code == other.user_code
+          return false unless @user_code_required == other.user_code_required
+          return false unless @requested_expiry == other.requested_expiry
+          return false unless @request_context == other.request_context
+          return false unless @warnings == other.warnings
+          return false unless @ticket == other.ticket
+          return false unless @resources == other.resources
+          return false unless @authorization_details == other.authorization_details
+          return false unless @service_attributes == other.service_attributes
+          return false unless @client_attributes == other.client_attributes
+          return false unless @dynamic_scopes == other.dynamic_scopes
+          return false unless @delivery_mode == other.delivery_mode
+          return false unless @client_auth_method == other.client_auth_method
+          return false unless @gm_action == other.gm_action
+          return false unless @grant_id == other.grant_id
+          return false unless @grant == other.grant
+          return false unless @grant_subject == other.grant_subject
+          return false unless @client_entity_id == other.client_entity_id
+          return false unless @client_entity_id_used == other.client_entity_id_used
+          return false unless @metadata_document_location == other.metadata_document_location
+          return false unless @metadata_document_used == other.metadata_document_used
+          true
+        end
+      end
+    end
+  end
+end

data/lib/authlete/models/components/backchannel_authentication_response.rbi

@@ -0,0 +1,85 @@
+# typed: true
+# frozen_string_literal: true
+
+
+class Authlete::Models::Components::BackchannelAuthenticationResponse
+  extend ::Crystalline::MetadataFields::ClassMethods
+end
+
+
+class Authlete::Models::Components::BackchannelAuthenticationResponse
+  def result_code(); end
+  def result_code=(str_); end
+  def result_message(); end
+  def result_message=(str_); end
+  def action(); end
+  def action=(str_); end
+  def response_content(); end
+  def response_content=(str_); end
+  def client_id(); end
+  def client_id=(str_); end
+  def client_id_alias(); end
+  def client_id_alias=(str_); end
+  def client_id_alias_used(); end
+  def client_id_alias_used=(str_); end
+  def client_name(); end
+  def client_name=(str_); end
+  def scopes(); end
+  def scopes=(str_); end
+  def claim_names(); end
+  def claim_names=(str_); end
+  def client_notification_token(); end
+  def client_notification_token=(str_); end
+  def acrs(); end
+  def acrs=(str_); end
+  def hint_type(); end
+  def hint_type=(str_); end
+  def hint(); end
+  def hint=(str_); end
+  def sub(); end
+  def sub=(str_); end
+  def binding_message(); end
+  def binding_message=(str_); end
+  def user_code(); end
+  def user_code=(str_); end
+  def user_code_required(); end
+  def user_code_required=(str_); end
+  def requested_expiry(); end
+  def requested_expiry=(str_); end
+  def request_context(); end
+  def request_context=(str_); end
+  def warnings(); end
+  def warnings=(str_); end
+  def ticket(); end
+  def ticket=(str_); end
+  def resources(); end
+  def resources=(str_); end
+  def authorization_details(); end
+  def authorization_details=(str_); end
+  def service_attributes(); end
+  def service_attributes=(str_); end
+  def client_attributes(); end
+  def client_attributes=(str_); end
+  def dynamic_scopes(); end
+  def dynamic_scopes=(str_); end
+  def delivery_mode(); end
+  def delivery_mode=(str_); end
+  def client_auth_method(); end
+  def client_auth_method=(str_); end
+  def gm_action(); end
+  def gm_action=(str_); end
+  def grant_id(); end
+  def grant_id=(str_); end
+  def grant(); end
+  def grant=(str_); end
+  def grant_subject(); end
+  def grant_subject=(str_); end
+  def client_entity_id(); end
+  def client_entity_id=(str_); end
+  def client_entity_id_used(); end
+  def client_entity_id_used=(str_); end
+  def metadata_document_location(); end
+  def metadata_document_location=(str_); end
+  def metadata_document_used(); end
+  def metadata_document_used=(str_); end
+end

data/lib/authlete/models/components/backchannel_authentication_response_action.rb

@@ -0,0 +1,24 @@
+# Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+
+# typed: true
+# frozen_string_literal: true
+
+
+module Authlete
+  module Models
+    module Components
+    
+      # BackchannelAuthenticationResponseAction - The next action that the authorization server implementation should take.
+      class BackchannelAuthenticationResponseAction < T::Enum
+
+
+        enums do
+          INTERNAL_SERVER_ERROR = new('INTERNAL_SERVER_ERROR')
+          BAD_REQUEST = new('BAD_REQUEST')
+          UNAUTHORIZED = new('UNAUTHORIZED')
+          USER_IDENTIFICATION = new('USER_IDENTIFICATION')
+        end
+      end
+    end
+  end
+end

data/lib/authlete/models/components/backchannel_authentication_response_action.rbi

@@ -0,0 +1,11 @@
+# typed: true
+# frozen_string_literal: true
+
+
+class Authlete::Models::Components::BackchannelAuthenticationResponseAction
+  extend ::Crystalline::MetadataFields::ClassMethods
+end
+
+
+class Authlete::Models::Components::BackchannelAuthenticationResponseAction
+end

data/lib/authlete/models/components/cimd_options.rb

@@ -0,0 +1,67 @@
+# Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+
+# typed: true
+# frozen_string_literal: true
+
+
+module Authlete
+  module Models
+    module Components
+    
+      # Options for [OAuth Client ID Metadata Document](https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/) (CIMD).
+      # 
+      # These options allow per-request control over CIMD behavior, taking precedence over service-level configuration when provided.
+      # 
+      class CimdOptions
+        extend T::Sig
+        include Crystalline::MetadataFields
+
+        # Whether to always retrieve client metadata in the CIMD context regardless of the cache's validity.
+        # 
+        # Under normal circumstances, client metadata retrieved from the location referenced by the client ID is stored in the database with an expiration time calculated using HTTP caching mechanisms (see [RFC 9111 HTTP Caching](https://www.rfc-editor.org/rfc/rfc9111.html)). Until that expiration time is reached, Authlete does not attempt to retrieve the client metadata again.
+        # 
+        # When this flag is set to `true`, Authlete retrieves the client metadata regardless of the cache's validity.
+        # 
+        # If this flag is included in an Authlete API call and its value is `true`, it takes precedence over the corresponding service configuration (see `Service.cimdAlwaysRetrieved`).
+        # 
+        # This flag is effective only when the service supports CIMD (see `Service.clientIdMetadataDocumentSupported`) and CIMD is actually used to resolve client metadata. For example, if the client ID in a request does not appear to be a valid URI, CIMD will not be used even if the service is configured to support it. In such cases, this flag has no effect.
+        # 
+        # Client metadata retrieval is performed only in the initiating request of an authorization flow, and not in any subsequent requests. For example, in the authorization code flow, metadata may be retrieved during the authorization request, but not during the subsequent token request. In contrast, in the client credentials flow, metadata retrieval may occur because the token request itself is the initiating request in the flow.
+        # 
+        field :always_retrieved, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('alwaysRetrieved') } }
+        # Whether to allow the `http` scheme in client IDs in the CIMD context.
+        # 
+        # The specification requires the `https` scheme, but if this flag is set to `true`, Authlete also allows the `http` scheme. The main purpose of this option is to make development easier for developers who run CIMD-enabled servers and a web server publishing client metadata on their local machines without TLS.
+        # 
+        # Given this purpose, it is not recommended to enable this option in production environments unless an allowlist is used (see `Service.cimdAllowlistEnabled`).
+        # 
+        # If this flag is included in an Authlete API call and its value is `true`, it takes precedence over the corresponding service configuration (see `Service.cimdHttpPermitted`).
+        # 
+        field :http_permitted, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('httpPermitted') } }
+        # Whether to allow a query component in client IDs in the CIMD context.
+        # 
+        # Although the specification states that a client ID "SHOULD NOT include a query string component," it does technically allow it. However, query components are prone to misuse. Therefore, Authlete does not allow them by default. Setting this flag to `true` relaxes that restriction.
+        # 
+        # If this flag is included in an Authlete API call and its value is `true`, it takes precedence over the corresponding service configuration (see `Service.cimdQueryPermitted`).
+        # 
+        field :query_permitted, Crystalline::Nilable.new(Crystalline::Boolean.new), { 'format_json': { 'letter_case': ::Authlete::Utils.field_name('queryPermitted') } }
+
+        sig { params(always_retrieved: T.nilable(T::Boolean), http_permitted: T.nilable(T::Boolean), query_permitted: T.nilable(T::Boolean)).void }
+        def initialize(always_retrieved: nil, http_permitted: nil, query_permitted: nil)
+          @always_retrieved = always_retrieved
+          @http_permitted = http_permitted
+          @query_permitted = query_permitted
+        end
+
+        sig { params(other: T.untyped).returns(T::Boolean) }
+        def ==(other)
+          return false unless other.is_a? self.class
+          return false unless @always_retrieved == other.always_retrieved
+          return false unless @http_permitted == other.http_permitted
+          return false unless @query_permitted == other.query_permitted
+          true
+        end
+      end
+    end
+  end
+end

data/lib/authlete/models/components/cimd_options.rbi

@@ -0,0 +1,17 @@
+# typed: true
+# frozen_string_literal: true
+
+
+class Authlete::Models::Components::CimdOptions
+  extend ::Crystalline::MetadataFields::ClassMethods
+end
+
+
+class Authlete::Models::Components::CimdOptions
+  def always_retrieved(); end
+  def always_retrieved=(str_); end
+  def http_permitted(); end
+  def http_permitted=(str_); end
+  def query_permitted(); end
+  def query_permitted=(str_); end
+end