ory-client 0.2.0.alpha4 → 0.2.0.alpha14

data/docs/IDTokenClaims.md

@@ -0,0 +1,44 @@
+# OryClient::IDTokenClaims
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **acr** | **String** |  | [optional] |
+| **amr** | **Array<String>** |  | [optional] |
+| **at_hash** | **String** |  | [optional] |
+| **aud** | **Array<String>** |  | [optional] |
+| **auth_time** | **Time** |  | [optional] |
+| **c_hash** | **String** |  | [optional] |
+| **exp** | **Time** |  | [optional] |
+| **ext** | **Hash<String, Object>** |  | [optional] |
+| **iat** | **Time** |  | [optional] |
+| **iss** | **String** |  | [optional] |
+| **jti** | **String** |  | [optional] |
+| **nonce** | **String** |  | [optional] |
+| **rat** | **Time** |  | [optional] |
+| **sub** | **String** |  | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::IDTokenClaims.new(
+  acr: null,
+  amr: null,
+  at_hash: null,
+  aud: null,
+  auth_time: null,
+  c_hash: null,
+  exp: null,
+  ext: null,
+  iat: null,
+  iss: null,
+  jti: null,
+  nonce: null,
+  rat: null,
+  sub: null
+)
+```
+

data/docs/IdentitySchemaContainer.md

@@ -5,7 +5,7 @@
 | Name | Type | Description | Notes |
 | ---- | ---- | ----------- | ----- |
 | **id** | **String** | The ID of the Identity JSON Schema | [optional] |
-| **schema** | [**IdentitySchema**](IdentitySchema.md) |  | [optional] |
+| **schema** | **Object** | Raw JSON Schema | [optional] |
 
 ## Example
 

data/docs/IntrospectedOAuth2Token.md

@@ -0,0 +1,44 @@
+# OryClient::IntrospectedOAuth2Token
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **active** | **Boolean** | Active is a boolean indicator of whether or not the presented token is currently active.  The specifics of a token's \"active\" state will vary depending on the implementation of the authorization server and the information it keeps about its tokens, but a \"true\" value return for the \"active\" property will generally indicate that a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity (e.g., after its issuance time and before its expiration time). |  |
+| **aud** | **Array<String>** | Audience contains a list of the token's intended audiences. | [optional] |
+| **client_id** | **String** | ID is aclient identifier for the OAuth 2.0 client that requested this token. | [optional] |
+| **exp** | **Integer** | Expires at is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token will expire. | [optional] |
+| **ext** | **Hash<String, Object>** | Extra is arbitrary data set by the session. | [optional] |
+| **iat** | **Integer** | Issued at is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token was originally issued. | [optional] |
+| **iss** | **String** | IssuerURL is a string representing the issuer of this token | [optional] |
+| **nbf** | **Integer** | NotBefore is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token is not to be used before. | [optional] |
+| **obfuscated_subject** | **String** | ObfuscatedSubject is set when the subject identifier algorithm was set to \"pairwise\" during authorization. It is the `sub` value of the ID Token that was issued. | [optional] |
+| **scope** | **String** | Scope is a JSON string containing a space-separated list of scopes associated with this token. | [optional] |
+| **sub** | **String** | Subject of the token, as defined in JWT [RFC7519]. Usually a machine-readable identifier of the resource owner who authorized this token. | [optional] |
+| **token_type** | **String** | TokenType is the introspected token's type, typically `Bearer`. | [optional] |
+| **token_use** | **String** | TokenUse is the introspected token's use, for example `access_token` or `refresh_token`. | [optional] |
+| **username** | **String** | Username is a human-readable identifier for the resource owner who authorized this token. | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::IntrospectedOAuth2Token.new(
+  active: null,
+  aud: null,
+  client_id: null,
+  exp: null,
+  ext: null,
+  iat: null,
+  iss: null,
+  nbf: null,
+  obfuscated_subject: null,
+  scope: null,
+  sub: null,
+  token_type: null,
+  token_use: null,
+  username: null
+)
+```
+

data/docs/{IsAlive200Response.md → IsReady200Response.md}

@@ -1,4 +1,4 @@
-# OryClient::IsAlive200Response
+# OryClient::IsReady200Response
 
 ## Properties
 
@@ -11,7 +11,7 @@
 ```ruby
 require 'ory-client'
 
-instance = OryClient::IsAlive200Response.new(
+instance = OryClient::IsReady200Response.new(
   status: null
 )
 ```

data/docs/JsonWebKey.md

@@ -0,0 +1,50 @@
+# OryClient::JsonWebKey
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **alg** | **String** | The \"alg\" (algorithm) parameter identifies the algorithm intended for use with the key.  The values used should either be registered in the IANA \"JSON Web Signature and Encryption Algorithms\" registry established by [JWA] or be a value that contains a Collision- Resistant Name. |  |
+| **crv** | **String** |  | [optional] |
+| **d** | **String** |  | [optional] |
+| **dp** | **String** |  | [optional] |
+| **dq** | **String** |  | [optional] |
+| **e** | **String** |  | [optional] |
+| **k** | **String** |  | [optional] |
+| **kid** | **String** | The \"kid\" (key ID) parameter is used to match a specific key.  This is used, for instance, to choose among a set of keys within a JWK Set during key rollover.  The structure of the \"kid\" value is unspecified.  When \"kid\" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct \"kid\" values.  (One example in which different keys might use the same \"kid\" value is if they have different \"kty\" (key type) values but are considered to be equivalent alternatives by the application using them.)  The \"kid\" value is a case-sensitive string. |  |
+| **kty** | **String** | The \"kty\" (key type) parameter identifies the cryptographic algorithm family used with the key, such as \"RSA\" or \"EC\". \"kty\" values should either be registered in the IANA \"JSON Web Key Types\" registry established by [JWA] or be a value that contains a Collision- Resistant Name.  The \"kty\" value is a case-sensitive string. |  |
+| **n** | **String** |  | [optional] |
+| **p** | **String** |  | [optional] |
+| **q** | **String** |  | [optional] |
+| **qi** | **String** |  | [optional] |
+| **use** | **String** | Use (\"public key use\") identifies the intended use of the public key. The \"use\" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly \"sig\" (signature) or \"enc\" (encryption). |  |
+| **x** | **String** |  | [optional] |
+| **x5c** | **Array<String>** | The \"x5c\" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280].  The certificate chain is represented as a JSON array of certificate value strings.  Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. | [optional] |
+| **y** | **String** |  | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::JsonWebKey.new(
+  alg: RS256,
+  crv: P-256,
+  d: T_N8I-6He3M8a7X1vWt6TGIx4xB_GP3Mb4SsZSA4v-orvJzzRiQhLlRR81naWYxfQAYt5isDI6_C2L9bdWo4FFPjGQFvNoRX-_sBJyBI_rl-TBgsZYoUlAj3J92WmY2inbA-PwyJfsaIIDceYBC-eX-xiCu6qMqkZi3MwQAFL6bMdPEM0z4JBcwFT3VdiWAIRUuACWQwrXMq672x7fMuaIaHi7XDGgt1ith23CLfaREmJku9PQcchbt_uEY-hqrFY6ntTtS4paWWQj86xLL94S-Tf6v6xkL918PfLSOTq6XCzxvlFwzBJqApnAhbwqLjpPhgUG04EDRrqrSBc5Y1BLevn6Ip5h1AhessBp3wLkQgz_roeckt-ybvzKTjESMuagnpqLvOT7Y9veIug2MwPJZI2VjczRc1vzMs25XrFQ8DpUy-bNdp89TmvAXwctUMiJdgHloJw23Cv03gIUAkDnsTqZmkpbIf-crpgNKFmQP_EDKoe8p_PXZZgfbRri3NoEVGP7Mk6yEu8LjJhClhZaBNjuWw2-KlBfOA3g79mhfBnkInee5KO9mGR50qPk1V-MorUYNTFMZIm0kFE6eYVWFBwJHLKYhHU34DoiK1VP-svZpC2uAMFNA_UJEwM9CQ2b8qe4-5e9aywMvwcuArRkAB5mBIfOaOJao3mfukKAE,
+  dp: G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0,
+  dq: s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk,
+  e: AQAB,
+  k: GawgguFyGrWKav7AX4VKUg,
+  kid: 1603dfe0af8f4596,
+  kty: RSA,
+  n: vTqrxUyQPl_20aqf5kXHwDZrel-KovIp8s7ewJod2EXHl8tWlRB3_Rem34KwBfqlKQGp1nqah-51H4Jzruqe0cFP58hPEIt6WqrvnmJCXxnNuIB53iX_uUUXXHDHBeaPCSRoNJzNysjoJ30TIUsKBiirhBa7f235PXbKiHducLevV6PcKxJ5cY8zO286qJLBWSPm-OIevwqsIsSIH44Qtm9sioFikhkbLwoqwWORGAY0nl6XvVOlhADdLjBSqSAeT1FPuCDCnXwzCDR8N9IFB_IjdStFkC-rVt2K5BYfPd0c3yFp_vHR15eRd0zJ8XQ7woBC8Vnsac6Et1pKS59pX6256DPWu8UDdEOolKAPgcd_g2NpA76cAaF_jcT80j9KrEzw8Tv0nJBGesuCjPNjGs_KzdkWTUXt23Hn9QJsdc1MZuaW0iqXBepHYfYoqNelzVte117t4BwVp0kUM6we0IqyXClaZgOI8S-WDBw2_Ovdm8e5NmhYAblEVoygcX8Y46oH6bKiaCQfKCFDMcRgChme7AoE1yZZYsPbaG_3IjPrC4LBMHQw8rM9dWjJ8ImjicvZ1pAm0dx-KHCP3y5PVKrxBDf1zSOsBRkOSjB8TPODnJMz6-jd5hTtZxpZPwPoIdCanTZ3ZD6uRBpTmDwtpRGm63UQs1m5FWPwb0T2IF0,
+  p: 6NbkXwDWUhi-eR55Cgbf27FkQDDWIamOaDr0rj1q0f1fFEz1W5A_09YvG09Fiv1AO2-D8Rl8gS1Vkz2i0zCSqnyy8A025XOcRviOMK7nIxE4OH_PEsko8dtIrb3TmE2hUXvCkmzw9EsTF1LQBOGC6iusLTXepIC1x9ukCKFZQvdgtEObQ5kzd9Nhq-cdqmSeMVLoxPLd1blviVT9Vm8-y12CtYpeJHOaIDtVPLlBhJiBoPKWg3vxSm4XxIliNOefqegIlsmTIa3MpS6WWlCK3yHhat0Q-rRxDxdyiVdG_wzJvp0Iw_2wms7pe-PgNPYvUWH9JphWP5K38YqEBiJFXQ,
+  q: 0A1FmpOWR91_RAWpqreWSavNaZb9nXeKiBo0DQGBz32DbqKqQ8S4aBJmbRhJcctjCLjain-ivut477tAUMmzJwVJDDq2MZFwC9Q-4VYZmFU4HJityQuSzHYe64RjN-E_NQ02TWhG3QGW6roq6c57c99rrUsETwJJiwS8M5p15Miuz53DaOjv-uqqFAFfywN5WkxHbraBcjHtMiQuyQbQqkCFh-oanHkwYNeytsNhTu2mQmwR5DR2roZ2nPiFjC6nsdk-A7E3S3wMzYYFw7jvbWWoYWo9vB40_MY2Y0FYQSqcDzcBIcq_0tnnasf3VW4Fdx6m80RzOb2Fsnln7vKXAQ,
+  qi: GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU,
+  use: sig,
+  x: f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU,
+  x5c: null,
+  y: x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0
+)
+```
+

data/docs/JsonWebKeySet.md

@@ -0,0 +1,18 @@
+# OryClient::JsonWebKeySet
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **keys** | [**Array<JsonWebKey>**](JsonWebKey.md) | The value of the \"keys\" parameter is an array of JSON Web Key (JWK) values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::JsonWebKeySet.new(
+  keys: null
+)
+```
+

data/docs/{IdentitySchema.md → ManagedIdentitySchema.md}

@@ -1,4 +1,4 @@
-# OryClient::IdentitySchema
+# OryClient::ManagedIdentitySchema
 
 ## Properties
 
@@ -17,7 +17,7 @@
 ```ruby
 require 'ory-client'
 
-instance = OryClient::IdentitySchema.new(
+instance = OryClient::ManagedIdentitySchema.new(
   blob_name: null,
   blob_url: null,
   content_hash: null,

data/docs/{IdentitySchemaValidationResult.md → ManagedIdentitySchemaValidationResult.md}

@@ -1,4 +1,4 @@
-# OryClient::IdentitySchemaValidationResult
+# OryClient::ManagedIdentitySchemaValidationResult
 
 ## Properties
 
@@ -12,7 +12,7 @@
 ```ruby
 require 'ory-client'
 
-instance = OryClient::IdentitySchemaValidationResult.new(
+instance = OryClient::ManagedIdentitySchemaValidationResult.new(
   message: null,
   valid: null
 )

data/docs/MetadataApi.md

@@ -77,7 +77,7 @@ This endpoint does not need any parameter.
 
 ## is_alive
 
-> <IsAlive200Response> is_alive
+> <HealthStatus> is_alive
 
 Check HTTP Server Status
 
@@ -109,7 +109,7 @@ end
 
 This returns an Array which contains the response data, status code and headers.
 
-> <Array(<IsAlive200Response>, Integer, Hash)> is_alive_with_http_info
+> <Array(<HealthStatus>, Integer, Hash)> is_alive_with_http_info
 
 ```ruby
 begin
@@ -117,7 +117,7 @@ begin
   data, status_code, headers = api_instance.is_alive_with_http_info
   p status_code # => 2xx
   p headers # => { ... }
-  p data # => <IsAlive200Response>
+  p data # => <HealthStatus>
 rescue OryClient::ApiError => e
   puts "Error when calling MetadataApi->is_alive_with_http_info: #{e}"
 end
@@ -129,7 +129,7 @@ This endpoint does not need any parameter.
 
 ### Return type
 
-[**IsAlive200Response**](IsAlive200Response.md)
+[**HealthStatus**](HealthStatus.md)
 
 ### Authorization
 
@@ -143,7 +143,7 @@ This endpoint does not need any parameter.
 
 ## is_ready
 
-> <IsAlive200Response> is_ready
+> <IsReady200Response> is_ready
 
 Check HTTP Server and Database Status
 
@@ -175,7 +175,7 @@ end
 
 This returns an Array which contains the response data, status code and headers.
 
-> <Array(<IsAlive200Response>, Integer, Hash)> is_ready_with_http_info
+> <Array(<IsReady200Response>, Integer, Hash)> is_ready_with_http_info
 
 ```ruby
 begin
@@ -183,7 +183,7 @@ begin
   data, status_code, headers = api_instance.is_ready_with_http_info
   p status_code # => 2xx
   p headers # => { ... }
-  p data # => <IsAlive200Response>
+  p data # => <IsReady200Response>
 rescue OryClient::ApiError => e
   puts "Error when calling MetadataApi->is_ready_with_http_info: #{e}"
 end
@@ -195,7 +195,7 @@ This endpoint does not need any parameter.
 
 ### Return type
 
-[**IsAlive200Response**](IsAlive200Response.md)
+[**IsReady200Response**](IsReady200Response.md)
 
 ### Authorization
 

data/docs/NormalizedProjectRevision.md

@@ -5,6 +5,46 @@
 | Name | Type | Description | Notes |
 | ---- | ---- | ----------- | ----- |
 | **created_at** | **Time** | The Project's Revision Creation Date | [optional][readonly] |
+| **hydra_oauth2_client_credentials_default_grant_allowed_scope** | **Boolean** | Automatically grant authorized OAuth2 Scope in OAuth2 Client Credentials Flow.  Each OAuth2 Client is allowed to request a predefined OAuth2 Scope (for example `read write`). If this option is enabled, the full scope is automatically granted when performing the OAuth2 Client Credentials flow.  If disabled, the OAuth2 Client has to request the scope in the OAuth2 request by providing the `scope` query parameter.  Setting this option to true is common if you need compatibility with MITREid.  This governs the \"oauth2.client_credentials.default_grant_allowed_scope\" setting. | [optional] |
+| **hydra_oauth2_grant_jwt_iat_optional** | **Boolean** | Configures if the issued at (`iat`) claim is required in the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC7523).  If set to `false`, the `iat` claim is required. Set this value to `true` only after careful consideration.  This governs the \"oauth2.grant.jwt.iat_optional\" setting. | [optional] |
+| **hydra_oauth2_grant_jwt_jti_optional** | **Boolean** | Configures if the JSON Web Token ID (`jti`) claim is required in the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC7523).  If set to `false`, the `jti` claim is required. Set this value to `true` only after careful consideration.  This governs the \"oauth2.grant.jwt.jti_optional\" setting. | [optional] |
+| **hydra_oauth2_grant_jwt_max_ttl** | **String** |  | [optional] |
+| **hydra_oauth2_pkce_enforced** | **Boolean** | Configures whether PKCE should be enforced for all OAuth2 Clients.  This governs the \"oauth2.pkce.enforced\" setting. | [optional] |
+| **hydra_oauth2_pkce_enforced_for_public_clients** | **Boolean** | Configures whether PKCE should be enforced for OAuth2 Clients without a client secret (public clients).  This governs the \"oauth2.pkce.enforced_for_public_clients\" setting. | [optional] |
+| **hydra_oauth2_refresh_token_hook** | **String** | Sets the Refresh Token Hook Endpoint. If set this endpoint will be called during the OAuth2 Token Refresh grant update the OAuth2 Access Token claims.  This governs the \"oauth2.refresh_token_hook\" setting. | [optional] |
+| **hydra_oidc_dynamic_client_registration_default_scope** | **Array<String>** |  | [optional] |
+| **hydra_oidc_dynamic_client_registration_enabled** | **Boolean** | Configures OpenID Connect Dynamic Client Registration.  This governs the \"oidc.dynamic_client_registration.enabled\" setting. | [optional] |
+| **hydra_oidc_subject_identifiers_pairwise_salt** | **String** | Configures OpenID Connect Discovery and overwrites the pairwise algorithm  This governs the \"oidc.subject_identifiers.pairwise_salt\" setting. | [optional] |
+| **hydra_oidc_subject_identifiers_supported_types** | **Array<String>** |  | [optional] |
+| **hydra_secrets_cookie** | **Array<String>** |  | [optional] |
+| **hydra_secrets_system** | **Array<String>** |  | [optional] |
+| **hydra_serve_admin_cors_allowed_origins** | **Array<String>** |  | [optional] |
+| **hydra_serve_admin_cors_enabled** | **Boolean** | Configures the Ory Hydra CORS Settings  This governs the \"serve.admin.cors.enabled\" setting. | [optional] |
+| **hydra_serve_cookies_same_site_legacy_workaround** | **Boolean** | Configures the Ory Hydra Cookie Same Site Legacy Workaround  This governs the \"serve.cookies.same_site_legacy_workaround\" setting. | [optional] |
+| **hydra_serve_cookies_same_site_mode** | **String** | Configures the Ory Hydra Cookie Same Site Mode  This governs the \"serve.cookies.same_site_mode\" setting. | [optional] |
+| **hydra_serve_public_cors_allowed_origins** | **Array<String>** |  | [optional] |
+| **hydra_serve_public_cors_enabled** | **Boolean** | Configures the Ory Hydra CORS Settings  This governs the \"serve.public.cors.enabled\" setting. | [optional] |
+| **hydra_strategies_access_token** | **Object** | Defines access token type. jwt is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens  This governs the \"strategies.access_token\" setting. | [optional] |
+| **hydra_strategies_scope** | **Object** | Defines how scopes are matched. For more details have a look at https://github.com/ory/fosite#scopes  This governs the \"strategies.scope\" setting. | [optional] |
+| **hydra_ttl_access_token** | **String** |  | [optional] |
+| **hydra_ttl_auth_code** | **String** |  | [optional] |
+| **hydra_ttl_id_token** | **String** |  | [optional] |
+| **hydra_ttl_login_consent_request** | **String** |  | [optional] |
+| **hydra_ttl_refresh_token** | **String** |  | [optional] |
+| **hydra_urls_consent** | **String** | Sets the OAuth2 Consent Endpoint URL of the OAuth2 User Login & Consent flow.  Defaults to Ory Cloud's Managed UI if left empty.  This governs the \"urls.consent\" setting. | [optional] |
+| **hydra_urls_error** | **String** | Sets the OAuth2 Error URL of the OAuth2 User Login & Consent flow.  Defaults to Ory Cloud's Managed UI if left empty.  This governs the \"urls.error\" setting. | [optional] |
+| **hydra_urls_login** | **String** | Sets the OAuth2 Login Endpoint URL of the OAuth2 User Login & Consent flow.  Defaults to Ory Cloud's Managed UI if left empty.  This governs the \"urls.login\" setting. | [optional] |
+| **hydra_urls_logout** | **String** | Sets the logout endpoint.  Defaults to Ory Cloud's Managed UI if left empty.  This governs the \"urls.logout\" setting. | [optional] |
+| **hydra_urls_post_logout_redirect** | **String** | When an OAuth2-related user agent requests to log out, they will be redirected to this url afterwards per default.  Defaults to Ory Cloud's Managed UI in development and your application in production mode when a custom domain is connected.  This governs the \"urls.post_logout_redirect\" setting. | [optional] |
+| **hydra_urls_self_issuer** | **String** | This value will be used as the issuer in access and ID tokens. It must be specified and using HTTPS protocol, unless the development mode is enabled.  In Ory Cloud it will be very rare that you want to modify this value. If left empty, it will default to the correct value for Ory Cloud.  This governs the \"urls.self.issuer\" setting. | [optional] |
+| **hydra_webfinger_jwks_broadcast_keys** | **Array<String>** |  | [optional] |
+| **hydra_webfinger_oidc_discovery_auth_url** | **String** | Configures OpenID Connect Discovery and overwrites the OAuth2 Authorization URL.  This governs the \"webfinger.oidc.discovery.auth_url\" setting. | [optional] |
+| **hydra_webfinger_oidc_discovery_client_registration_url** | **String** | Configures OpenID Connect Discovery and overwrites the OpenID Connect Dynamic Client Registration Endpoint.  This governs the \"webfinger.oidc.discovery.client_registration_url\" setting. | [optional] |
+| **hydra_webfinger_oidc_discovery_jwks_url** | **String** | Configures OpenID Connect Discovery and overwrites the JWKS URL.  This governs the \"webfinger.oidc.discovery.jwks_url\" setting. | [optional] |
+| **hydra_webfinger_oidc_discovery_supported_claims** | **Array<String>** |  | [optional] |
+| **hydra_webfinger_oidc_discovery_supported_scope** | **Array<String>** |  | [optional] |
+| **hydra_webfinger_oidc_discovery_token_url** | **String** | Configures OpenID Connect Discovery and overwrites the OAuth2 Token URL.  This governs the \"webfinger.oidc.discovery.token_url\" setting. | [optional] |
+| **hydra_webfinger_oidc_discovery_userinfo_url** | **String** | Configures OpenID Connect Discovery and overwrites userinfo endpoint to be advertised at the OpenID Connect Discovery endpoint /.well-known/openid-configuration. Defaults to Ory Hydra's userinfo endpoint at /userinfo. Set this value if you want to handle this endpoint yourself.  This governs the \"webfinger.oidc.discovery.userinfo_url\" setting. | [optional] |
 | **id** | **String** |  | [optional] |
 | **keto_namespaces** | [**Array<KetoNamespace>**](KetoNamespace.md) |  | [optional] |
 | **keto_read_max_depth** | **Integer** |  | [optional] |
@@ -89,6 +129,7 @@
 | **kratos_session_lifespan** | **String** | Configures the Ory Kratos Session Lifespan  This governs the \"session.lifespan\" setting. | [optional] |
 | **kratos_session_whoami_required_aal** | **String** | Configures the Ory Kratos Session Whoami AAL requirement  This governs the \"session.whoami.required_aal\" setting. | [optional] |
 | **name** | **String** | The project's name. |  |
+| **production** | **Boolean** | Whether this project is in production mode or not.  In development mode, a low-security profile is used making it easier to develop against your, for example, local environment. | [optional] |
 | **project_id** | **String** |  | [optional] |
 | **updated_at** | **Time** | Last Time Project's Revision was Updated | [optional][readonly] |
 
@@ -99,6 +140,46 @@ require 'ory-client'
 
 instance = OryClient::NormalizedProjectRevision.new(
   created_at: null,
+  hydra_oauth2_client_credentials_default_grant_allowed_scope: null,
+  hydra_oauth2_grant_jwt_iat_optional: null,
+  hydra_oauth2_grant_jwt_jti_optional: null,
+  hydra_oauth2_grant_jwt_max_ttl: null,
+  hydra_oauth2_pkce_enforced: null,
+  hydra_oauth2_pkce_enforced_for_public_clients: null,
+  hydra_oauth2_refresh_token_hook: null,
+  hydra_oidc_dynamic_client_registration_default_scope: null,
+  hydra_oidc_dynamic_client_registration_enabled: null,
+  hydra_oidc_subject_identifiers_pairwise_salt: null,
+  hydra_oidc_subject_identifiers_supported_types: null,
+  hydra_secrets_cookie: null,
+  hydra_secrets_system: null,
+  hydra_serve_admin_cors_allowed_origins: null,
+  hydra_serve_admin_cors_enabled: null,
+  hydra_serve_cookies_same_site_legacy_workaround: null,
+  hydra_serve_cookies_same_site_mode: null,
+  hydra_serve_public_cors_allowed_origins: null,
+  hydra_serve_public_cors_enabled: null,
+  hydra_strategies_access_token: null,
+  hydra_strategies_scope: null,
+  hydra_ttl_access_token: null,
+  hydra_ttl_auth_code: null,
+  hydra_ttl_id_token: null,
+  hydra_ttl_login_consent_request: null,
+  hydra_ttl_refresh_token: null,
+  hydra_urls_consent: null,
+  hydra_urls_error: null,
+  hydra_urls_login: null,
+  hydra_urls_logout: null,
+  hydra_urls_post_logout_redirect: null,
+  hydra_urls_self_issuer: null,
+  hydra_webfinger_jwks_broadcast_keys: null,
+  hydra_webfinger_oidc_discovery_auth_url: null,
+  hydra_webfinger_oidc_discovery_client_registration_url: null,
+  hydra_webfinger_oidc_discovery_jwks_url: null,
+  hydra_webfinger_oidc_discovery_supported_claims: null,
+  hydra_webfinger_oidc_discovery_supported_scope: null,
+  hydra_webfinger_oidc_discovery_token_url: null,
+  hydra_webfinger_oidc_discovery_userinfo_url: null,
   id: null,
   keto_namespaces: null,
   keto_read_max_depth: null,
@@ -183,6 +264,7 @@ instance = OryClient::NormalizedProjectRevision.new(
   kratos_session_lifespan: null,
   kratos_session_whoami_required_aal: null,
   name: null,
+  production: null,
   project_id: null,
   updated_at: null
 )

data/docs/NormalizedProjectRevisionIdentitySchema.md

@@ -6,7 +6,7 @@
 | ---- | ---- | ----------- | ----- |
 | **created_at** | **Time** | The Project's Revision Creation Date | [optional][readonly] |
 | **id** | **String** |  | [optional] |
-| **identity_schema** | [**IdentitySchema**](IdentitySchema.md) |  | [optional] |
+| **identity_schema** | [**ManagedIdentitySchema**](ManagedIdentitySchema.md) |  | [optional] |
 | **identity_schema_id** | **String** |  | [optional] |
 | **import_id** | **String** | The imported (named) ID of the Identity Schema referenced in the Ory Kratos config. | [optional] |
 | **import_url** | **String** | The ImportURL can be used to import an Identity Schema from a bse64 encoded string. In the future, this key also support HTTPS and other sources!  If you import an Ory Kratos configuration, this would be akin to the `identity.schemas.#.url` key.  The configuration will always return the import URL when you fetch it from the API. | [optional] |

data/docs/OAuth2AccessRequest.md

@@ -0,0 +1,24 @@
+# OryClient::OAuth2AccessRequest
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **client_id** | **String** | ClientID is the identifier of the OAuth 2.0 client. | [optional] |
+| **grant_types** | **Array<String>** | GrantTypes is the requests grant types. | [optional] |
+| **granted_audience** | **Array<String>** | GrantedAudience is the list of audiences granted to the OAuth 2.0 client. | [optional] |
+| **granted_scopes** | **Array<String>** | GrantedScopes is the list of scopes granted to the OAuth 2.0 client. | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::OAuth2AccessRequest.new(
+  client_id: null,
+  grant_types: null,
+  granted_audience: null,
+  granted_scopes: null
+)
+```
+

data/docs/OAuth2ApiError.md

@@ -0,0 +1,24 @@
+# OryClient::OAuth2ApiError
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **error** | **String** | Name is the error name. | [optional] |
+| **error_debug** | **String** | Debug contains debug information. This is usually not available and has to be enabled. | [optional] |
+| **error_description** | **String** | Description contains further information on the nature of the error. | [optional] |
+| **status_code** | **Integer** | Code represents the error status code (404, 403, 401, ...). | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::OAuth2ApiError.new(
+  error: The requested resource could not be found,
+  error_debug: The database adapter was unable to find the element,
+  error_description: Object with ID 12345 does not exist,
+  status_code: 404
+)
+```
+

data/docs/OAuth2Client.md

@@ -0,0 +1,110 @@
+# OryClient::OAuth2Client
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **allowed_cors_origins** | **Array<String>** |  | [optional] |
+| **audience** | **Array<String>** |  | [optional] |
+| **authorization_code_grant_access_token_lifespan** | **String** |  | [optional] |
+| **authorization_code_grant_id_token_lifespan** | **String** |  | [optional] |
+| **authorization_code_grant_refresh_token_lifespan** | **String** |  | [optional] |
+| **backchannel_logout_session_required** | **Boolean** | Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used. If omitted, the default value is false. | [optional] |
+| **backchannel_logout_uri** | **String** | RP URL that will cause the RP to log itself out when sent a Logout Token by the OP. | [optional] |
+| **client_credentials_grant_access_token_lifespan** | **String** |  | [optional] |
+| **client_id** | **String** | ID is the id for this client.  The ID is autogenerated and immutable. | [optional] |
+| **client_name** | **String** | Name is the human-readable string name of the client to be presented to the end-user during authorization. | [optional] |
+| **client_secret** | **String** | Secret is the client's secret. The secret will be included in the create request as cleartext, and then never again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users that they need to write the secret down as it will not be made available again. | [optional] |
+| **client_secret_expires_at** | **Integer** | SecretExpiresAt is an integer holding the time at which the client secret will expire or 0 if it will not expire. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration.  This feature is currently not supported and it's value will always be set to 0. | [optional] |
+| **client_uri** | **String** | ClientURI is an URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion. | [optional] |
+| **contacts** | **Array<String>** |  | [optional] |
+| **created_at** | **Time** | CreatedAt returns the timestamp of the client's creation. | [optional] |
+| **frontchannel_logout_session_required** | **Boolean** | Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be included to identify the RP session with the OP when the frontchannel_logout_uri is used. If omitted, the default value is false. | [optional] |
+| **frontchannel_logout_uri** | **String** | RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the request and to determine which of the potentially multiple sessions is to be logged out; if either is included, both MUST be. | [optional] |
+| **grant_types** | **Array<String>** |  | [optional] |
+| **implicit_grant_access_token_lifespan** | **String** |  | [optional] |
+| **implicit_grant_id_token_lifespan** | **String** |  | [optional] |
+| **jwks** | **Object** |  | [optional] |
+| **jwks_uri** | **String** | URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. | [optional] |
+| **jwt_bearer_grant_access_token_lifespan** | **String** |  | [optional] |
+| **logo_uri** | **String** | LogoURI is an URL string that references a logo for the client. | [optional] |
+| **metadata** | **Object** |  | [optional] |
+| **owner** | **String** | Owner is a string identifying the owner of the OAuth 2.0 Client. | [optional] |
+| **password_grant_access_token_lifespan** | **String** |  | [optional] |
+| **password_grant_refresh_token_lifespan** | **String** |  | [optional] |
+| **policy_uri** | **String** | PolicyURI is a URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data. | [optional] |
+| **post_logout_redirect_uris** | **Array<String>** |  | [optional] |
+| **redirect_uris** | **Array<String>** |  | [optional] |
+| **refresh_token_grant_access_token_lifespan** | **String** |  | [optional] |
+| **refresh_token_grant_id_token_lifespan** | **String** |  | [optional] |
+| **refresh_token_grant_refresh_token_lifespan** | **String** |  | [optional] |
+| **registration_access_token** | **String** | RegistrationAccessToken can be used to update, get, or delete the OAuth2 Client. | [optional] |
+| **registration_client_uri** | **String** | RegistrationClientURI is the URL used to update, get, or delete the OAuth2 Client. | [optional] |
+| **request_object_signing_alg** | **String** | JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects from this Client MUST be rejected, if not signed with this algorithm. | [optional] |
+| **request_uris** | **Array<String>** |  | [optional] |
+| **response_types** | **Array<String>** |  | [optional] |
+| **scope** | **String** | Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens. | [optional] |
+| **sector_identifier_uri** | **String** | URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a file with a single JSON array of redirect_uri values. | [optional] |
+| **subject_type** | **String** | SubjectType requested for responses to this Client. The subject_types_supported Discovery parameter contains a list of the supported subject_type values for this server. Valid types include `pairwise` and `public`. | [optional] |
+| **token_endpoint_auth_method** | **String** | Requested Client Authentication method for the Token Endpoint. The options are client_secret_post, client_secret_basic, private_key_jwt, and none. | [optional] |
+| **token_endpoint_auth_signing_alg** | **String** | Requested Client Authentication signing algorithm for the Token Endpoint. | [optional] |
+| **tos_uri** | **String** | TermsOfServiceURI is a URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client. | [optional] |
+| **updated_at** | **Time** | UpdatedAt returns the timestamp of the last update. | [optional] |
+| **userinfo_signed_response_alg** | **String** | JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims as a UTF-8 encoded JSON object using the application/json content-type. | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::OAuth2Client.new(
+  allowed_cors_origins: null,
+  audience: null,
+  authorization_code_grant_access_token_lifespan: null,
+  authorization_code_grant_id_token_lifespan: null,
+  authorization_code_grant_refresh_token_lifespan: null,
+  backchannel_logout_session_required: null,
+  backchannel_logout_uri: null,
+  client_credentials_grant_access_token_lifespan: null,
+  client_id: null,
+  client_name: null,
+  client_secret: null,
+  client_secret_expires_at: null,
+  client_uri: null,
+  contacts: null,
+  created_at: null,
+  frontchannel_logout_session_required: null,
+  frontchannel_logout_uri: null,
+  grant_types: null,
+  implicit_grant_access_token_lifespan: null,
+  implicit_grant_id_token_lifespan: null,
+  jwks: null,
+  jwks_uri: null,
+  jwt_bearer_grant_access_token_lifespan: null,
+  logo_uri: null,
+  metadata: null,
+  owner: null,
+  password_grant_access_token_lifespan: null,
+  password_grant_refresh_token_lifespan: null,
+  policy_uri: null,
+  post_logout_redirect_uris: null,
+  redirect_uris: null,
+  refresh_token_grant_access_token_lifespan: null,
+  refresh_token_grant_id_token_lifespan: null,
+  refresh_token_grant_refresh_token_lifespan: null,
+  registration_access_token: null,
+  registration_client_uri: null,
+  request_object_signing_alg: null,
+  request_uris: null,
+  response_types: null,
+  scope: scope1 scope-2 scope.3 scope:4,
+  sector_identifier_uri: null,
+  subject_type: null,
+  token_endpoint_auth_method: null,
+  token_endpoint_auth_signing_alg: null,
+  tos_uri: null,
+  updated_at: null,
+  userinfo_signed_response_alg: null
+)
+```
+

data/docs/OAuth2ConsentRequest.md

@@ -0,0 +1,42 @@
+# OryClient::OAuth2ConsentRequest
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **acr** | **String** | ACR represents the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it to express that, for example, a user authenticated using two factor authentication. | [optional] |
+| **amr** | **Array<String>** |  | [optional] |
+| **challenge** | **String** | ID is the identifier (\"authorization challenge\") of the consent authorization request. It is used to identify the session. |  |
+| **client** | [**OAuth2Client**](OAuth2Client.md) |  | [optional] |
+| **context** | **Object** |  | [optional] |
+| **login_challenge** | **String** | LoginChallenge is the login challenge this consent challenge belongs to. It can be used to associate a login and consent request in the login & consent app. | [optional] |
+| **login_session_id** | **String** | LoginSessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag) this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false) this will be a new random value. This value is used as the \"sid\" parameter in the ID Token and in OIDC Front-/Back- channel logout. It's value can generally be used to associate consecutive login requests by a certain user. | [optional] |
+| **oidc_context** | [**OAuth2ConsentRequestOpenIDConnectContext**](OAuth2ConsentRequestOpenIDConnectContext.md) |  | [optional] |
+| **request_url** | **String** | RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but might come in handy if you want to deal with additional request parameters. | [optional] |
+| **requested_access_token_audience** | **Array<String>** |  | [optional] |
+| **requested_scope** | **Array<String>** |  | [optional] |
+| **skip** | **Boolean** | Skip, if true, implies that the client has requested the same scopes from the same user previously. If true, you must not ask the user to grant the requested scopes. You must however either allow or deny the consent request using the usual API call. | [optional] |
+| **subject** | **String** | Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope requested by the OAuth 2.0 client. | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::OAuth2ConsentRequest.new(
+  acr: null,
+  amr: null,
+  challenge: null,
+  client: null,
+  context: null,
+  login_challenge: null,
+  login_session_id: null,
+  oidc_context: null,
+  request_url: null,
+  requested_access_token_audience: null,
+  requested_scope: null,
+  skip: null,
+  subject: null
+)
+```
+