RubyGems - ory-client - Versions diffs - 1.22.34 → 1.22.36 - Mend

ory-client 1.22.34 → 1.22.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (723) hide show

data/lib/ory-client/models/create_project_normalized_payload.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 ## Introduction Documentation for all public and administrative Ory APIs. Administrative APIs can only be accessed with a valid Personal Access Token. Public APIs are mostly used in browsers.  ## SDKs This document describes the APIs available in the Ory Network. The APIs are available as SDKs for the following languages:  | Language       | Download SDK                                                     | Documentation                                                                        | | -------------- | ---------------------------------------------------------------- | ------------------------------------------------------------------------------------ | | Dart           | [pub.dev](https://pub.dev/packages/ory_client)                   | [README](https://github.com/ory/sdk/blob/master/clients/client/dart/README.md)       | | .NET           | [nuget.org](https://www.nuget.org/packages/Ory.Client/)          | [README](https://github.com/ory/sdk/blob/master/clients/client/dotnet/README.md)     | | Elixir         | [hex.pm](https://hex.pm/packages/ory_client)                     | [README](https://github.com/ory/sdk/blob/master/clients/client/elixir/README.md)     | | Go             | [github.com](https://github.com/ory/client-go)                   | [README](https://github.com/ory/sdk/blob/master/clients/client/go/README.md)         | | Java           | [maven.org](https://search.maven.org/artifact/sh.ory/ory-client) | [README](https://github.com/ory/sdk/blob/master/clients/client/java/README.md)       | | JavaScript     | [npmjs.com](https://www.npmjs.com/package/@ory/client)           | [README](https://github.com/ory/sdk/blob/master/clients/client/typescript/README.md) | | JavaScript (With fetch) | [npmjs.com](https://www.npmjs.com/package/@ory/client-fetch)           | [README](https://github.com/ory/sdk/blob/master/clients/client/typescript-fetch/README.md) |  | PHP            | [packagist.org](https://packagist.org/packages/ory/client)       | [README](https://github.com/ory/sdk/blob/master/clients/client/php/README.md)        | | Python         | [pypi.org](https://pypi.org/project/ory-client/)                 | [README](https://github.com/ory/sdk/blob/master/clients/client/python/README.md)     | | Ruby           | [rubygems.org](https://rubygems.org/gems/ory-client)             | [README](https://github.com/ory/sdk/blob/master/clients/client/ruby/README.md)       | | Rust           | [crates.io](https://crates.io/crates/ory-client)                 | [README](https://github.com/ory/sdk/blob/master/clients/client/rust/README.md)       |
-The version of the OpenAPI document: v1.22.34
+The version of the OpenAPI document: v1.22.36
 Contact: support@ory.sh
 Generated by: https://openapi-generator.tech
 Generator version: 7.17.0
@@ -19,39 +19,40 @@ module OryClient
     # The Account Experience's Custom Translations  Contains all Custom Translations for this project.
     attr_accessor :account_experience_custom_translations
-    # Holds the default locale for the account experience.
+    # Holds the default locale for the account experience. This governs the \"default_locale\" setting.
     attr_accessor :account_experience_default_locale
+    # The Account Experience's Enabled Locales  This governs the locales that are available in the account experience. This governs the \"enabled_locales\" setting.
     attr_accessor :account_experience_enabled_locales
-    # Holds the URL to the account experience's dark theme favicon (currently unused).
+    # Holds the URL to the account experience's dark theme favicon (currently unused). This governs the \"favicon_dark\" setting.
     attr_accessor :account_experience_favicon_dark
-    # Holds the URL to the account experience's favicon.
+    # Holds the URL to the account experience's favicon. This governs the \"favicon_light\" setting.
     attr_accessor :account_experience_favicon_light
-    # Holds the URL to the account experience's language behavior.  Can be one of: `respect_accept_language`: Respect the `Accept-Language` header. `force_default`: Force the default language.
+    # Holds the URL to the account experience's language behavior.  Can be one of: `respect_accept_language`: Respect the `Accept-Language` header. `force_default`: Force the default language. This governs the \"locale_behavior\" setting.
     attr_accessor :account_experience_locale_behavior
-    # Holds the URL to the account experience's dark theme logo (currently unused).
+    # Holds the URL to the account experience's dark theme logo (currently unused). This governs the \"logo_dark\" setting.
     attr_accessor :account_experience_logo_dark
-    # Holds the URL to the account experience's logo.
+    # Holds the URL to the account experience's logo. This governs the \"logo_light\" setting.
     attr_accessor :account_experience_logo_light
-    # Holds the URL to the account experience's dark theme variables.
+    # Holds the URL to the account experience's dark theme variables. This governs the \"theme_variables_dark\" setting.
     attr_accessor :account_experience_theme_variables_dark
-    # Holds the URL to the account experience's light theme variables.
+    # Holds the URL to the account experience's light theme variables. This governs the \"theme_variables_light\" setting.
     attr_accessor :account_experience_theme_variables_light
     # The Project's Revision Creation Date
     attr_accessor :created_at
-    # Whether to disable the account experience welcome screen, which is hosted under `/ui/welcome`.
+    # Whether to disable the account experience welcome screen, which is hosted under `/ui/welcome`. This governs the \"disable_welcome_screen\" setting.
     attr_accessor :disable_account_experience_welcome_screen
-    # Whether the new account experience is enabled and reachable.
+    # Whether the new account experience is enabled and reachable. This governs the \"enable_ax_v2\" setting.
     attr_accessor :enable_ax_v2
     #  prod Production stage Staging dev Development
@@ -60,6 +61,7 @@ module OryClient
     #  eu-central EUCentral asia-northeast AsiaNorthEast us-east USEast us-west USWest us US global Global
     attr_accessor :home_region
+    # A list of custom claims which are allowed to be added top level to the Access Token. They cannot override reserved claims.  This governs the \"oauth2.allowed_top_level_claims\" setting.
     attr_accessor :hydra_oauth2_allowed_top_level_claims
     # Automatically grant authorized OAuth2 Scope in OAuth2 Client Credentials Flow.  Each OAuth2 Client is allowed to request a predefined OAuth2 Scope (for example `read write`). If this option is enabled, the full scope is automatically granted when performing the OAuth2 Client Credentials flow.  If disabled, the OAuth2 Client has to request the scope in the OAuth2 request by providing the `scope` query parameter.  Setting this option to true is common if you need compatibility with MITREid.  This governs the \"oauth2.client_credentials.default_grant_allowed_scope\" setting.
@@ -89,12 +91,16 @@ module OryClient
     # Configures whether PKCE should be enforced for OAuth2 Clients without a client secret (public clients).  This governs the \"oauth2.pkce.enforced_for_public_clients\" setting.
     attr_accessor :hydra_oauth2_pkce_enforced_for_public_clients
+    # Set to true to keep custom claims that are not promoted to the top level in the 'ext' claim. Only applies when mirror_top_level_claims is false.  This governs the \"oauth2.preserve_ext_claims\" setting.
+    attr_accessor :hydra_oauth2_preserve_ext_claims
     # Sets the Refresh Token Hook Endpoint. If set this endpoint will be called during the OAuth2 Token Refresh grant update the OAuth2 Access Token claims.  This governs the \"oauth2.refresh_token_hook\" setting.
     attr_accessor :hydra_oauth2_refresh_token_hook
     # Sets the token hook endpoint for all grant types. If set it will be called while providing token to customize claims.  This governs the \"oauth2.token_hook.url\" setting.
     attr_accessor :hydra_oauth2_token_hook
+    # The OpenID Connect Dynamic Client Registration specification has no concept of whitelisting OAuth 2.0 Scope. If you want to expose Dynamic Client Registration, you should set the default scope enabled for newly registered clients. Keep in mind that users can overwrite this default by setting the \"scope\" key in the registration payload, effectively disabling the concept of whitelisted scopes.  This governs the \"oidc.dynamic_client_registration.default_scope\" setting.
     attr_accessor :hydra_oidc_dynamic_client_registration_default_scope
     # Configures OpenID Connect Dynamic Client Registration.  This governs the \"oidc.dynamic_client_registration.enabled\" setting.
@@ -103,12 +109,16 @@ module OryClient
     # Configures OpenID Connect Discovery and overwrites the pairwise algorithm  This governs the \"oidc.subject_identifiers.pairwise_salt\" setting.
     attr_accessor :hydra_oidc_subject_identifiers_pairwise_salt
+    # Configures OpenID Connect Discovery and overwrites the list of Subject Identifier Algorithms to enable.  This governs the \"oidc.subject_identifiers.supported_types\" setting.
     attr_accessor :hydra_oidc_subject_identifiers_supported_types
+    # Configures the Ory Hydra Cookie Secret  This governs the \"secrets.cookie\" setting.
     attr_accessor :hydra_secrets_cookie
+    # Configures the Ory Hydra Pagination Secret  This governs the \"secrets.pagination\" setting.
     attr_accessor :hydra_secrets_pagination
+    # Configures the Ory Hydra System Secret  This governs the \"secrets.system\" setting.
     attr_accessor :hydra_secrets_system
     # Configures the Ory Hydra Cookie Same Site Legacy Workaround  This governs the \"serve.cookies.same_site_legacy_workaround\" setting.
@@ -120,7 +130,7 @@ module OryClient
     # Defines access token type  This governs the \"strategies.access_token\" setting. opaque Oauth2AccessTokenStrategyOpaque jwt Oauth2AccessTokenStrategyJwt
     attr_accessor :hydra_strategies_access_token
-    # Define the claim to use as the scope in the access token.  This governs the \"strategies.jwt.scope_claim\" setting:  list: The scope claim is an array of strings named `scope`: `{ \"scope\": [\"read\", \"write\"] }` string: The scope claim is a space delimited list of strings named `scp`: `{ \"scp\": \"read write\" }` both: The scope claim is both a space delimited list and an array of strings named `scope` and `scp`: `{ \"scope\": [\"read\", \"write\"], \"scp\": \"read write\" }` list OAuth2JWTScopeClaimList string OAuth2JWTScopeClaimString both OAuth2JWTScopeClaimBoth
+    # Define the claim to use as the scope in the access token.  This governs the \"strategies.jwt.scope_claim\" setting.  list: The scope claim is an array of strings named `scope`: `{ \"scope\": [\"read\", \"write\"] }` string: The scope claim is a space delimited list of strings named `scp`: `{ \"scp\": \"read write\" }` both: The scope claim is both a space delimited list and an array of strings named `scope` and `scp`: `{ \"scope\": [\"read\", \"write\"], \"scp\": \"read write\" }` list OAuth2JWTScopeClaimList string OAuth2JWTScopeClaimString both OAuth2JWTScopeClaimBoth
     attr_accessor :hydra_strategies_jwt_scope_claim
     # Defines how scopes are matched. For more details have a look at https://github.com/ory/fosite#scopes  This governs the \"strategies.scope\" setting. exact Oauth2ScopeStrategyExact wildcard Oauth2ScopeStrategyWildcard
@@ -162,35 +172,39 @@ module OryClient
     # This value will be used as the issuer in access and ID tokens. It must be specified and using HTTPS protocol, unless the development mode is enabled.  On the Ory Network it will be very rare that you want to modify this value. If left empty, it will default to the correct value for the Ory Network.  This governs the \"urls.self.issuer\" setting.
     attr_accessor :hydra_urls_self_issuer
+    # A list of JSON Web Keys that should be exposed at that endpoint. This is usually the public key for verifying OpenID Connect ID Tokens. However, you might want to add additional keys here as well.  This governs the \"webfinger.jwks.broadcast_keys\" setting.
     attr_accessor :hydra_webfinger_jwks_broadcast_keys
-    # Configures OpenID Connect Discovery and overwrites the OAuth2 Authorization URL.  This governs the \"webfinger.oidc.discovery.auth_url\" setting.
+    # Configures OpenID Connect Discovery and overwrites the OAuth2 Authorization URL.  This governs the \"webfinger.oidc_discovery.auth_url\" setting.
     attr_accessor :hydra_webfinger_oidc_discovery_auth_url
-    # Configures OpenID Connect Discovery and overwrites the OpenID Connect Dynamic Client Registration Endpoint.  This governs the \"webfinger.oidc.discovery.client_registration_url\" setting.
+    # Configures OpenID Connect Discovery and overwrites the OpenID Connect Dynamic Client Registration Endpoint.  This governs the \"webfinger.oidc_discovery.client_registration_url\" setting.
     attr_accessor :hydra_webfinger_oidc_discovery_client_registration_url
-    # Configures OpenID Connect Discovery and overwrites the JWKS URL.  This governs the \"webfinger.oidc.discovery.jwks_url\" setting.
+    # Configures OpenID Connect Discovery and overwrites the JWKS URL.  This governs the \"webfinger.oidc_discovery.jwks_url\" setting.
     attr_accessor :hydra_webfinger_oidc_discovery_jwks_url
+    # Configures OpenID Connect Discovery and overwrites a list of supported claims to be broadcasted. Claim \"sub\" is always included.  This governs the \"webfinger.oidc_discovery.supported_claims\" setting.
     attr_accessor :hydra_webfinger_oidc_discovery_supported_claims
+    # Configures OpenID Connect Discovery and overwrites the scope OAuth 2.0 Clients may request. Scope `offline`, `offline_access`, and `openid` are always included.  This governs the \"webfinger.oidc_discovery.supported_scope\" setting.
     attr_accessor :hydra_webfinger_oidc_discovery_supported_scope
-    # Configures OpenID Connect Discovery and overwrites the OAuth2 Token URL.  This governs the \"webfinger.oidc.discovery.token_url\" setting.
+    # Configures OpenID Connect Discovery and overwrites the OAuth2 Token URL.  This governs the \"webfinger.oidc_discovery.token_url\" setting.
     attr_accessor :hydra_webfinger_oidc_discovery_token_url
-    # Configures OpenID Connect Discovery and overwrites userinfo endpoint to be advertised at the OpenID Connect Discovery endpoint /.well-known/openid-configuration. Defaults to Ory Hydra's userinfo endpoint at /userinfo. Set this value if you want to handle this endpoint yourself.  This governs the \"webfinger.oidc.discovery.userinfo_url\" setting.
+    # Configures OpenID Connect Discovery and overwrites userinfo endpoint to be advertised at the OpenID Connect Discovery endpoint /.well-known/openid-configuration. Defaults to Ory Hydra's userinfo endpoint at /userinfo. Set this value if you want to handle this endpoint yourself.  This governs the \"webfinger.oidc_discovery.userinfo_url\" setting.
     attr_accessor :hydra_webfinger_oidc_discovery_userinfo_url
     # The revision ID.
     attr_accessor :id
-    # The Revisions' Keto Namespace Configuration  The string is a URL pointing to an OPL file with the configuration.
+    # The Revisions' Keto Namespace Configuration  The string is a URL pointing to an OPL file with the configuration.  This governs the \"namespaces.location\" setting.
     attr_accessor :keto_namespace_configuration
     attr_accessor :keto_namespaces
+    # Configures Keto's pagination secrets.  This governs the \"secrets.pagination\" setting.
     attr_accessor :keto_secrets_pagination
     # Configures the Ory Kratos Cookie SameSite Attribute  This governs the \"cookies.same_site\" setting.
@@ -198,37 +212,37 @@ module OryClient
     attr_accessor :kratos_courier_channels
-    # The delivery strategy to use when sending emails  `smtp`: Use SMTP server `http`: Use the built in HTTP client to send the email to some remote service
+    # The delivery strategy to use when sending emails  This governs the \"courier.delivery_strategy\" setting.  `smtp`: Use SMTP server `http`: Use the built in HTTP client to send the email to some remote service
     attr_accessor :kratos_courier_delivery_strategy
-    # The location of the API key to use in the HTTP email sending service's authentication  `header`: Send the key value pair as a header `cookie`: Send the key value pair as a cookie This governs the \"courier.http.auth.config.in\" setting
+    # The location of the API key to use in the HTTP email sending service's authentication  `header`: Send the key value pair as a header `cookie`: Send the key value pair as a cookie This governs the \"courier.http.request_config.auth.config.in\" setting.
     attr_accessor :kratos_courier_http_request_config_auth_api_key_in
-    # The name of the API key to use in the HTTP email sending service's authentication  This governs the \"courier.http.auth.config.name\" setting
+    # The name of the API key to use in the HTTP email sending service's authentication  This governs the \"courier.http.request_config.auth.config.name\" setting.
     attr_accessor :kratos_courier_http_request_config_auth_api_key_name
-    # The value of the API key to use in the HTTP email sending service's authentication  This governs the \"courier.http.auth.config.value\" setting
+    # The value of the API key to use in the HTTP email sending service's authentication  This governs the \"courier.http.request_config.auth.config.value\" setting.
     attr_accessor :kratos_courier_http_request_config_auth_api_key_value
-    # The password to use for basic auth in the HTTP email sending service's authentication  This governs the \"courier.http.auth.config.password\" setting
+    # The password to use for basic auth in the HTTP email sending service's authentication  This governs the \"courier.http.request_config.auth.config.password\" setting.
     attr_accessor :kratos_courier_http_request_config_auth_basic_auth_password
-    # The user to use for basic auth in the HTTP email sending service's authentication  This governs the \"courier.http.auth.config.user\" setting
+    # The user to use for basic auth in the HTTP email sending service's authentication  This governs the \"courier.http.request_config.auth.config.user\" setting.
     attr_accessor :kratos_courier_http_request_config_auth_basic_auth_user
-    # The authentication type to use while contacting the remote HTTP email sending service  `basic_auth`: Use Basic Authentication `api_key`: Use API Key Authentication in a header or cookie
+    # The authentication type to use while contacting the remote HTTP email sending service  This governs the \"courier.http.request_config.auth.type\" setting.  `basic_auth`: Use Basic Authentication `api_key`: Use API Key Authentication in a header or cookie
     attr_accessor :kratos_courier_http_request_config_auth_type
-    # The Jsonnet template to generate the body to send to the remote HTTP email sending service  Should be valid Jsonnet and base64 encoded  This governs the \"courier.http.body\" setting
+    # The Jsonnet template to generate the body to send to the remote HTTP email sending service  Should be valid Jsonnet and base64 encoded  This governs the \"courier.http.request_config.body\" setting.
     attr_accessor :kratos_courier_http_request_config_body
-    # NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-
+    # Any additional headers to send to the remote HTTP email sending service  This governs the \"courier.http.request_config.headers\" setting.
     attr_accessor :kratos_courier_http_request_config_headers
-    # The http METHOD to use when calling the remote HTTP email sending service
+    # The http METHOD to use when calling the remote HTTP email sending service  This governs the \"courier.http.request_config.method\" setting.
     attr_accessor :kratos_courier_http_request_config_method
-    # The URL of the remote HTTP email sending service  This governs the \"courier.http.url\" setting
+    # The URL of the remote HTTP email sending service  This governs the \"courier.http.request_config.url\" setting.
     attr_accessor :kratos_courier_http_request_config_url
     # Configures the Ory Kratos SMTP Connection URI  This governs the \"courier.smtp.connection_uri\" setting.
@@ -240,109 +254,109 @@ module OryClient
     # Configures the Ory Kratos SMTP From Name  This governs the \"courier.smtp.from_name\" setting.
     attr_accessor :kratos_courier_smtp_from_name
-    # NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-
+    # Configures the Ory Kratos SMTP Connection Headers  This governs the \"courier.smtp.headers\" setting.
     attr_accessor :kratos_courier_smtp_headers
     # Configures the local_name to use in SMTP connections  This governs the \"courier.smtp.local_name\" setting.
     attr_accessor :kratos_courier_smtp_local_name
-    # Configures the Ory Kratos Valid Login via Code Email Body HTML Template  This governs the \"courier.smtp.templates.login_code.valid.email.body.html\" setting.
+    # Configures the Ory Kratos Valid Login via Code Email Body HTML Template  This governs the \"courier.templates.login_code.valid.email.body.html\" setting.
     attr_accessor :kratos_courier_templates_login_code_valid_email_body_html
-    # Configures the Ory Kratos Valid Login via Code Email Body Plaintext Template  This governs the \"courier.smtp.templates.login_code.valid.email.body.plaintext\" setting.
+    # Configures the Ory Kratos Valid Login via Code Email Body Plaintext Template  This governs the \"courier.templates.login_code.valid.email.body.plaintext\" setting.
     attr_accessor :kratos_courier_templates_login_code_valid_email_body_plaintext
-    # Configures the Ory Kratos Valid Login via Code Email Subject Template  This governs the \"courier.smtp.templates.login_code.valid.email.subject\" setting.
+    # Configures the Ory Kratos Valid Login via Code Email Subject Template  This governs the \"courier.templates.login_code.valid.email.subject\" setting.
     attr_accessor :kratos_courier_templates_login_code_valid_email_subject
-    # Configures the Ory Kratos Valid Login via Code SMS plain text body  This governs the \"courier.smtp.templates.login_code.valid.sms.plaintext\" setting.
+    # Configures the Ory Kratos Valid Login via Code SMS plain text body  This governs the \"courier.templates.login_code.valid.sms.body.plaintext\" setting.
     attr_accessor :kratos_courier_templates_login_code_valid_sms_body_plaintext
-    # Configures the Ory Kratos Invalid Recovery via Code Email Body HTML Template  This governs the \"courier.smtp.templates.recovery_code.invalid.email.body.html\" setting.
+    # Configures the Ory Kratos Invalid Recovery via Code Email Body HTML Template  This governs the \"courier.templates.recovery_code.invalid.email.body.html\" setting.
     attr_accessor :kratos_courier_templates_recovery_code_invalid_email_body_html
-    # Configures the Ory Kratos Invalid Recovery via Code Email Body Plaintext Template  This governs the \"courier.smtp.templates.recovery_code.invalid.email.body.plaintext\" setting.
+    # Configures the Ory Kratos Invalid Recovery via Code Email Body Plaintext Template  This governs the \"courier.templates.recovery_code.invalid.email.body.plaintext\" setting.
     attr_accessor :kratos_courier_templates_recovery_code_invalid_email_body_plaintext
-    # Configures the Ory Kratos Invalid Recovery via Code Email Subject Template  This governs the \"courier.smtp.templates.recovery_code.invalid.email.body.html\" setting.
+    # Configures the Ory Kratos Invalid Recovery via Code Email Subject Template  This governs the \"courier.templates.recovery_code.invalid.email.subject\" setting.
     attr_accessor :kratos_courier_templates_recovery_code_invalid_email_subject
-    # Configures the Ory Kratos Valid Recovery via Code Email Body HTML Template  This governs the \"courier.smtp.templates.recovery_code.valid.email.body.html\" setting.
+    # Configures the Ory Kratos Valid Recovery via Code Email Body HTML Template  This governs the \"courier.templates.recovery_code.valid.email.body.html\" setting.
     attr_accessor :kratos_courier_templates_recovery_code_valid_email_body_html
-    # Configures the Ory Kratos Valid Recovery via Code Email Body Plaintext Template  This governs the \"courier.smtp.templates.recovery_code.valid.email.body.plaintext\" setting.
+    # Configures the Ory Kratos Valid Recovery via Code Email Body Plaintext Template  This governs the \"courier.templates.recovery_code.valid.email.body.plaintext\" setting.
     attr_accessor :kratos_courier_templates_recovery_code_valid_email_body_plaintext
-    # Configures the Ory Kratos Valid Recovery via Code Email Subject Template  This governs the \"courier.smtp.templates.recovery_code.valid.email.subject\" setting.
+    # Configures the Ory Kratos Valid Recovery via Code Email Subject Template  This governs the \"courier.templates.recovery_code.valid.email.subject\" setting.
     attr_accessor :kratos_courier_templates_recovery_code_valid_email_subject
-    # Configures the Ory Kratos Invalid Recovery Email Body HTML Template  This governs the \"courier.smtp.templates.recovery.invalid.email.body.html\" setting.
+    # Configures the Ory Kratos Invalid Recovery Email Body HTML Template  This governs the \"courier.templates.recovery.invalid.email.body.html\" setting.
     attr_accessor :kratos_courier_templates_recovery_invalid_email_body_html
-    # Configures the Ory Kratos Invalid Recovery Email Body Plaintext Template  This governs the \"courier.smtp.templates.recovery.invalid.email.body.plaintext\" setting.
+    # Configures the Ory Kratos Invalid Recovery Email Body Plaintext Template  This governs the \"courier.templates.recovery.invalid.email.body.plaintext\" setting.
     attr_accessor :kratos_courier_templates_recovery_invalid_email_body_plaintext
-    # Configures the Ory Kratos Invalid Recovery Email Subject Template  This governs the \"courier.smtp.templates.recovery.invalid.email.body.html\" setting.
+    # Configures the Ory Kratos Invalid Recovery Email Subject Template  This governs the \"courier.templates.recovery.invalid.email.subject\" setting.
     attr_accessor :kratos_courier_templates_recovery_invalid_email_subject
-    # Configures the Ory Kratos Valid Recovery Email Body HTML Template  This governs the \"courier.smtp.templates.recovery.valid.email.body.html\" setting.
+    # Configures the Ory Kratos Valid Recovery Email Body HTML Template  This governs the \"courier.templates.recovery.valid.email.body.html\" setting.
     attr_accessor :kratos_courier_templates_recovery_valid_email_body_html
-    # Configures the Ory Kratos Valid Recovery Email Body Plaintext Template  This governs the \"courier.smtp.templates.recovery.valid.email.body.plaintext\" setting.
+    # Configures the Ory Kratos Valid Recovery Email Body Plaintext Template  This governs the \"courier.templates.recovery.valid.email.body.plaintext\" setting.
     attr_accessor :kratos_courier_templates_recovery_valid_email_body_plaintext
-    # Configures the Ory Kratos Valid Recovery Email Subject Template  This governs the \"courier.smtp.templates.recovery.valid.email.subject\" setting.
+    # Configures the Ory Kratos Valid Recovery Email Subject Template  This governs the \"courier.templates.recovery.valid.email.subject\" setting.
     attr_accessor :kratos_courier_templates_recovery_valid_email_subject
-    # Configures the Ory Kratos Valid Registration via Code Email Body HTML Template  This governs the \"courier.smtp.templates.registration_code.valid.email.body.html\" setting.
+    # Configures the Ory Kratos Valid Registration via Code Email Body HTML Template  This governs the \"courier.templates.registration_code.valid.email.body.html\" setting.
     attr_accessor :kratos_courier_templates_registration_code_valid_email_body_html
-    # Configures the Ory Kratos Valid Registration via Code Email Body Plaintext Template  This governs the \"courier.smtp.templates.registration_code.valid.email.body.plaintext\" setting.
+    # Configures the Ory Kratos Valid Registration via Code Email Body Plaintext Template  This governs the \"courier.templates.registration_code.valid.email.body.plaintext\" setting.
     attr_accessor :kratos_courier_templates_registration_code_valid_email_body_plaintext
-    # Configures the Ory Kratos Valid Registration via Code Email Subject Template  This governs the \"courier.smtp.templates.registration_code.valid.email.subject\" setting.
+    # Configures the Ory Kratos Valid Registration via Code Email Subject Template  This governs the \"courier.templates.registration_code.valid.email.subject\" setting.
     attr_accessor :kratos_courier_templates_registration_code_valid_email_subject
-    # Configures the Ory Kratos Valid Registration via Code Email Subject Template  This governs the \"courier.smtp.templates.registration_code.valid.sms.body.plaintext\" setting.
+    # Configures the Ory Kratos Valid Registration via Code SMS Body Plaintext Template  This governs the \"courier.templates.registration_code.valid.sms.body.plaintext\" setting.
     attr_accessor :kratos_courier_templates_registration_code_valid_sms_body_plaintext
-    # Configures the Ory Kratos Invalid Verification via Code Email Body HTML Template  This governs the \"courier.smtp.templates.verification_code.invalid.email.body.html\" setting.
+    # Configures the Ory Kratos Invalid Verification via Code Email Body HTML Template  This governs the \"courier.templates.verification_code.invalid.email.body.html\" setting.
     attr_accessor :kratos_courier_templates_verification_code_invalid_email_body_html
-    # Configures the Ory Kratos Invalid Verification via Code Email Body Plaintext Template  This governs the \"courier.smtp.templates.verification_code.invalid.email.body.plaintext\" setting.
+    # Configures the Ory Kratos Invalid Verification via Code Email Body Plaintext Template  This governs the \"courier.templates.verification_code.invalid.email.body.plaintext\" setting.
     attr_accessor :kratos_courier_templates_verification_code_invalid_email_body_plaintext
-    # Configures the Ory Kratos Invalid Verification via Code Email Subject Template  This governs the \"courier.smtp.templates.verification_code.invalid.email.subject\" setting.
+    # Configures the Ory Kratos Invalid Verification via Code Email Subject Template  This governs the \"courier.templates.verification_code.invalid.email.subject\" setting.
     attr_accessor :kratos_courier_templates_verification_code_invalid_email_subject
-    # Configures the Ory Kratos Valid Verification via Code Email Body HTML Template  This governs the \"courier.smtp.templates.verification_code.valid.email.body.html\" setting.
+    # Configures the Ory Kratos Valid Verification via Code Email Body HTML Template  This governs the \"courier.templates.verification_code.valid.email.body.html\" setting.
     attr_accessor :kratos_courier_templates_verification_code_valid_email_body_html
-    # Configures the Ory Kratos Valid Verification via Code Email Body Plaintext Template  This governs the \"courier.smtp.templates.verification_code.valid.email.body.plaintext\" setting.
+    # Configures the Ory Kratos Valid Verification via Code Email Body Plaintext Template  This governs the \"courier.templates.verification_code.valid.email.body.plaintext\" setting.
     attr_accessor :kratos_courier_templates_verification_code_valid_email_body_plaintext
-    # Configures the Ory Kratos Valid Verification via Code Email Subject Template  This governs the \"courier.smtp.templates.verification_code.valid.email.subject\" setting.
+    # Configures the Ory Kratos Valid Verification via Code Email Subject Template  This governs the \"courier.templates.verification_code.valid.email.subject\" setting.
     attr_accessor :kratos_courier_templates_verification_code_valid_email_subject
-    # Configures the Ory Kratos Valid Verification via Code SMS Body Plaintext  This governs the \"courier.smtp.templates.verification_code.valid.sms.body.plaintext\" setting.
+    # Configures the Ory Kratos Valid Verification via Code SMS Body Plaintext  This governs the \"courier.templates.verification_code.valid.sms.body.plaintext\" setting.
     attr_accessor :kratos_courier_templates_verification_code_valid_sms_body_plaintext
-    # Configures the Ory Kratos Invalid Verification Email Body HTML Template  This governs the \"courier.smtp.templates.verification.invalid.email.body.html\" setting.
+    # Configures the Ory Kratos Invalid Verification Email Body HTML Template  This governs the \"courier.templates.verification.invalid.email.body.html\" setting.
     attr_accessor :kratos_courier_templates_verification_invalid_email_body_html
-    # Configures the Ory Kratos Invalid Verification Email Body Plaintext Template  This governs the \"courier.smtp.templates.verification.invalid.email.body.plaintext\" setting.
+    # Configures the Ory Kratos Invalid Verification Email Body Plaintext Template  This governs the \"courier.templates.verification.invalid.email.body.plaintext\" setting.
     attr_accessor :kratos_courier_templates_verification_invalid_email_body_plaintext
-    # Configures the Ory Kratos Invalid Verification Email Subject Template  This governs the \"courier.smtp.templates.verification.invalid.email.subject\" setting.
+    # Configures the Ory Kratos Invalid Verification Email Subject Template  This governs the \"courier.templates.verification.invalid.email.subject\" setting.
     attr_accessor :kratos_courier_templates_verification_invalid_email_subject
-    # Configures the Ory Kratos Valid Verification Email Body HTML Template  This governs the \"courier.smtp.templates.verification.valid.email.body.html\" setting.
+    # Configures the Ory Kratos Valid Verification Email Body HTML Template  This governs the \"courier.templates.verification.valid.email.body.html\" setting.
     attr_accessor :kratos_courier_templates_verification_valid_email_body_html
-    # Configures the Ory Kratos Valid Verification Email Body Plaintext Template  This governs the \"courier.smtp.templates.verification.valid.email.body.plaintext\" setting.
+    # Configures the Ory Kratos Valid Verification Email Body Plaintext Template  This governs the \"courier.templates.verification.valid.email.body.plaintext\" setting.
     attr_accessor :kratos_courier_templates_verification_valid_email_body_plaintext
-    # Configures the Ory Kratos Valid Verification Email Subject Template  This governs the \"courier.smtp.templates.verification.valid.email.subject\" setting.
+    # Configures the Ory Kratos Valid Verification Email Subject Template  This governs the \"courier.templates.verification.valid.email.subject\" setting.
     attr_accessor :kratos_courier_templates_verification_valid_email_subject
     # Configures the Ory Kratos Session caching feature flag  This governs the \"feature_flags.cacheable_sessions\" setting.
@@ -366,7 +380,7 @@ module OryClient
     # Return a form error if the login identifier is not verified  If true, the login flow will return a form error if the login identifier is not verified, which restores legacy behavior. If this value is false, the `continue_with` array will contain a `show_verification_ui` hook instead.  This flag is deprecated and will be removed in the future.  This governs the \"feature_flags.legacy_require_verified_login_error\" setting.
     attr_accessor :kratos_feature_flags_legacy_require_verified_login_error
-    # Configures the group for the password method in the registration flow.  If true, it sets the password method group value to \"password\" if it is the only method available. This is the legacy behavior. If false is, it sets the password method group value to \"default\".
+    # Configures the group for the password method in the registration flow.  If true, it sets the password method group value to \"password\" if it is the only method available. This is the legacy behavior. If false is, it sets the password method group value to \"default\".  This governs the \"feature_flags.password_profile_registration_node_group\" setting.
     attr_accessor :kratos_feature_flags_password_profile_registration_node_group
     # Configures the Ory Kratos Session use_continue_with_transitions flag  This governs the \"feature_flags.use_continue_with_transitions\" setting.
@@ -374,44 +388,49 @@ module OryClient
     attr_accessor :kratos_identity_schemas
-    # NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-
+    # Configures the OAuth2 Provider Integration HTTP Headers  This governs the \"oauth2_provider.headers\" setting.
     attr_accessor :kratos_oauth2_provider_headers
-    # Kratos OAuth2 Provider Override Return To  Enabling this allows Kratos to set the return_to parameter automatically to the OAuth2 request URL on the login flow, allowing complex flows such as recovery to continue to the initial OAuth2 flow.
+    # Kratos OAuth2 Provider Override Return To  Enabling this allows Kratos to set the return_to parameter automatically to the OAuth2 request URL on the login flow, allowing complex flows such as recovery to continue to the initial OAuth2 flow.  This governs the \"oauth2_provider.override_return_to\" setting.
     attr_accessor :kratos_oauth2_provider_override_return_to
     # The Revisions' OAuth2 Provider Integration URL  This governs the \"oauth2_provider.url\" setting.
     attr_accessor :kratos_oauth2_provider_url
-    # Configures the default read consistency level for identity APIs  This governs the `preview.default_read_consistency_level` setting.  The read consistency level determines the consistency guarantee for reads:  strong (slow): The read is guaranteed to return the most recent data committed at the start of the read. eventual (very fast): The result will return data that is about 4.8 seconds old.  Setting the default consistency level to `eventual` may cause regressions in the future as we add consistency controls to more APIs. Currently, the following APIs will be affected by this setting:  `GET /admin/identities`  Defaults to \"strong\" for new and existing projects. This feature is in preview. Use with caution.
+    # Configures the default read consistency level for identity APIs  The read consistency level determines the consistency guarantee for reads:  strong (slow): The read is guaranteed to return the most recent data committed at the start of the read. eventual (very fast): The result will return data that is about 4.8 seconds old.  Setting the default consistency level to `eventual` may cause regressions in the future as we add consistency controls to more APIs. Currently, the following APIs will be affected by this setting:  `GET /admin/identities`  Defaults to \"strong\" for new and existing projects. This feature is in preview. Use with caution. This governs the \"preview.default_read_consistency_level\" setting.
     attr_accessor :kratos_preview_default_read_consistency_level
+    # Configures the Ory Kratos Cipher Secret  This governs the \"secrets.cipher\" setting.
     attr_accessor :kratos_secrets_cipher
+    # Configures the Ory Kratos Cookie Secret  This governs the \"secrets.cookie\" setting.
     attr_accessor :kratos_secrets_cookie
+    # Configures the Ory Kratos Default Secret  This governs the \"secrets.default\" setting.
     attr_accessor :kratos_secrets_default
+    # Configures the Ory Kratos Pagination Secret  This governs the \"secrets.pagination\" setting.
     attr_accessor :kratos_secrets_pagination
-    # Configures if account enumeration should be mitigated when using identifier first login.
+    # Configures if account enumeration should be mitigated when using identifier first login.  This governs the \"security.account_enumeration.mitigate\" setting.
     attr_accessor :kratos_security_account_enumeration_mitigate
+    # Configures the Ory Kratos Allowed Return URLs  This governs the \"selfservice.allowed_return_urls\" setting.
     attr_accessor :kratos_selfservice_allowed_return_urls
-    # Configures the Ory Kratos Default Return URL  This governs the \"selfservice.allowed_return_urls\" setting.
+    # Configures the Ory Kratos Default Return URL  This governs the \"selfservice.default_browser_return_url\" setting.
     attr_accessor :kratos_selfservice_default_browser_return_url
     # Configures the Ory Kratos Error UI URL  This governs the \"selfservice.flows.error.ui_url\" setting.
     attr_accessor :kratos_selfservice_flows_error_ui_url
-    # Configures the Ory Kratos Login After Password Default Return URL  This governs the \"selfservice.flows.code.after.password.default_browser_return_url\" setting.
+    # Configures the Ory Kratos Login After Code Default Return URL  This governs the \"selfservice.flows.login.after.code.default_browser_return_url\" setting.
     attr_accessor :kratos_selfservice_flows_login_after_code_default_browser_return_url
     # Configures the Ory Kratos Login Default Return URL  This governs the \"selfservice.flows.login.after.default_browser_return_url\" setting.
     attr_accessor :kratos_selfservice_flows_login_after_default_browser_return_url
-    # Configures the Ory Kratos Login After Password Default Return URL  This governs the \"selfservice.flows.lookup_secret.after.password.default_browser_return_url\" setting.
+    # Configures the Ory Kratos Login After Lookup Secret Default Return URL  This governs the \"selfservice.flows.login.after.lookup_secret.default_browser_return_url\" setting.
     attr_accessor :kratos_selfservice_flows_login_after_lookup_secret_default_browser_return_url
     # Configures the Ory Kratos Login After OIDC Default Return URL  This governs the \"selfservice.flows.login.after.oidc.default_browser_return_url\" setting.
@@ -423,7 +442,7 @@ module OryClient
     # Configures the Ory Kratos Login After Password Default Return URL  This governs the \"selfservice.flows.login.after.password.default_browser_return_url\" setting.
     attr_accessor :kratos_selfservice_flows_login_after_password_default_browser_return_url
-    # Configures the Ory Kratos Login After Password Default Return URL  This governs the \"selfservice.flows.totp.after.password.default_browser_return_url\" setting.
+    # Configures the Ory Kratos Login After TOTP Default Return URL  This governs the \"selfservice.flows.login.after.totp.default_browser_return_url\" setting.
     attr_accessor :kratos_selfservice_flows_login_after_totp_default_browser_return_url
     # Configures the Ory Kratos Login After WebAuthn Default Return URL  This governs the \"selfservice.flows.login.after.webauthn.default_browser_return_url\" setting.
@@ -468,7 +487,7 @@ module OryClient
     # Configures the Ory Kratos Registration After OIDC Default Return URL  This governs the \"selfservice.flows.registration.after.oidc.default_browser_return_url\" setting.
     attr_accessor :kratos_selfservice_flows_registration_after_oidc_default_browser_return_url
-    # Configures the Ory Kratos Registration After Passkey Default Return URL  This governs the \"selfservice.flows.registration.after.password.default_browser_return_url\" setting.
+    # Configures the Ory Kratos Registration After Passkey Default Return URL  This governs the \"selfservice.flows.registration.after.passkey.default_browser_return_url\" setting.
     attr_accessor :kratos_selfservice_flows_registration_after_passkey_default_browser_return_url
     # Configures the Ory Kratos Registration After Password Default Return URL  This governs the \"selfservice.flows.registration.after.password.default_browser_return_url\" setting.
@@ -546,32 +565,34 @@ module OryClient
     # Configures the Ory Kratos Strategy to use for Verification  This governs the \"selfservice.flows.verification.use\" setting. link SelfServiceMessageVerificationStrategyLink code SelfServiceMessageVerificationStrategyCode
     attr_accessor :kratos_selfservice_flows_verification_use
+    # Configures the CAPTCHA allowed domains list  This governs the \"selfservice.methods.captcha.config.allowed_domains\" setting.
     attr_accessor :kratos_selfservice_methods_captcha_config_allowed_domains
-    # Configures whether to use BYO or managed widget  Reach out to your account manager to enable this feature.
+    # Configures whether to use BYO or managed widget  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.config.byo\" setting.
     attr_accessor :kratos_selfservice_methods_captcha_config_byo
-    # Configures the Cloudflare Turnstile site secret for Ory BYO CAPTCHA protection  The site secret is private and will be never be shared with the client. This key is write only and the value will not be returned in response to a read request.  Reach out to your account manager to enable this feature.
+    # Configures the Cloudflare Turnstile site secret for Ory BYO CAPTCHA protection  The site secret is private and will be never be shared with the client. This key is write only and the value will not be returned in response to a read request.  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.config.cf_turnstile.secret\" setting.
     attr_accessor :kratos_selfservice_methods_captcha_config_cf_turnstile_byo_secret
-    # Configures the Cloudflare Turnstile site key for Ory BYO CAPTCHA protection  The site key is public and will be shared with the client.  Reach out to your account manager to enable this feature.
+    # Configures the Cloudflare Turnstile site key for Ory BYO CAPTCHA protection  The site key is public and will be shared with the client.  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.config.cf_turnstile.sitekey\" setting.
     attr_accessor :kratos_selfservice_methods_captcha_config_cf_turnstile_byo_sitekey
-    # Configures the Cloudflare Turnstile site secret for managed CAPTCHA protection  The site secret is private and will be never be shared with the client. This key is write only and the value will not be returned in response to a read request.  Reach out to your account manager to enable this feature.
+    # Configures the Cloudflare Turnstile site secret for managed CAPTCHA protection  The site secret is private and will be never be shared with the client. This key is write only and the value will not be returned in response to a read request.  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.config.cf_turnstile.secret\" setting.
     attr_accessor :kratos_selfservice_methods_captcha_config_cf_turnstile_secret
-    # Configures the Cloudflare Turnstile site key for managed CAPTCHA protection  The site key is public and will be shared with the client.  Reach out to your account manager to enable this feature.
+    # Configures the Cloudflare Turnstile site key for managed CAPTCHA protection  The site key is public and will be shared with the client.  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.config.cf_turnstile.sitekey\" setting.
     attr_accessor :kratos_selfservice_methods_captcha_config_cf_turnstile_sitekey
-    # Configures the Ory Kratos Self-Service Methods' Captcha Enabled Setting  Reach out to your account manager to enable this feature.
+    # Configures legacy CAPTCHA node injection behavior  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.config.legacy_inject_node\" setting.
     attr_accessor :kratos_selfservice_methods_captcha_config_legacy_inject_node
-    # Configures the Ory Kratos Self-Service Methods' Captcha Enabled Setting  Reach out to your account manager to enable this feature.
+    # Configures the Ory Kratos Self-Service Methods' Captcha Enabled Setting  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.enabled\" setting.
     attr_accessor :kratos_selfservice_methods_captcha_enabled
     # Configures the Ory Kratos Code Method's lifespan  This governs the \"selfservice.methods.code.config.lifespan\" setting.
     attr_accessor :kratos_selfservice_methods_code_config_lifespan
+    # Configures the maximum number of attempts to submit a one-time code in kratos.  This governs the \"selfservice.methods.code.max_submissions\" setting.
     attr_accessor :kratos_selfservice_methods_code_config_max_submissions
     # Enables a fallback method required in certain legacy use cases.  This governs the \"selfservice.methods.code.config.missing_credential_fallback_enabled\" setting.
@@ -618,6 +639,7 @@ module OryClient
     # Configures the Ory Kratos Passkey RP ID  This governs the \"selfservice.methods.passkey.config.rp.id\" setting.
     attr_accessor :kratos_selfservice_methods_passkey_config_rp_id
+    # Configures the Ory Kratos Passkey RP Origins  This governs the \"selfservice.methods.passkey.config.rp.origins\" setting.
     attr_accessor :kratos_selfservice_methods_passkey_config_rp_origins
     # Configures whether Ory Kratos Passkey authentication is enabled  This governs the \"selfservice.methods.passkey.enabled\" setting.
@@ -667,6 +689,7 @@ module OryClient
     # Configures the Ory Kratos Webauthn RP ID  This governs the \"selfservice.methods.webauthn.config.rp.id\" setting.
     attr_accessor :kratos_selfservice_methods_webauthn_config_rp_id
+    # Configures the Ory Kratos Webauthn RP Origins  This governs the \"selfservice.methods.webauthn.config.rp.origins\" setting.
     attr_accessor :kratos_selfservice_methods_webauthn_config_rp_origins
     # Configures whether Ory Kratos Webauthn is enabled  This governs the \"selfservice.methods.webauthn.enabled\" setting.
@@ -698,11 +721,13 @@ module OryClient
     attr_accessor :scim_clients
+    # Configures the CORS Allowed Origins on admin APIs  This governs the \"serve.admin.cors.allowed_origins\" setting.
     attr_accessor :serve_admin_cors_allowed_origins
     # Enable CORS headers on all admin APIs  This governs the \"serve.admin.cors.enabled\" setting.
     attr_accessor :serve_admin_cors_enabled
+    # Configures the CORS Allowed Origins on public APIs  This governs the \"serve.public.cors.allowed_origins\" setting.
     attr_accessor :serve_public_cors_allowed_origins
     # Enable CORS headers on all public APIs  This governs the \"serve.public.cors.enabled\" setting.
@@ -766,6 +791,7 @@ module OryClient
         :'hydra_oauth2_mirror_top_level_claims' => :'hydra_oauth2_mirror_top_level_claims',
         :'hydra_oauth2_pkce_enforced' => :'hydra_oauth2_pkce_enforced',
         :'hydra_oauth2_pkce_enforced_for_public_clients' => :'hydra_oauth2_pkce_enforced_for_public_clients',
+        :'hydra_oauth2_preserve_ext_claims' => :'hydra_oauth2_preserve_ext_claims',
         :'hydra_oauth2_refresh_token_hook' => :'hydra_oauth2_refresh_token_hook',
         :'hydra_oauth2_token_hook' => :'hydra_oauth2_token_hook',
         :'hydra_oidc_dynamic_client_registration_default_scope' => :'hydra_oidc_dynamic_client_registration_default_scope',
@@ -1026,6 +1052,7 @@ module OryClient
         :'hydra_oauth2_mirror_top_level_claims' => :'Boolean',
         :'hydra_oauth2_pkce_enforced' => :'Boolean',
         :'hydra_oauth2_pkce_enforced_for_public_clients' => :'Boolean',
+        :'hydra_oauth2_preserve_ext_claims' => :'Boolean',
         :'hydra_oauth2_refresh_token_hook' => :'String',
         :'hydra_oauth2_token_hook' => :'String',
         :'hydra_oidc_dynamic_client_registration_default_scope' => :'Array<String>',
@@ -1251,10 +1278,6 @@ module OryClient
     # List of attributes with nullable: true
     def self.openapi_nullable
       Set.new([
-        :'kratos_courier_http_request_config_headers',
-        :'kratos_courier_smtp_headers',
-        :'kratos_oauth2_provider_headers',
-        :'kratos_selfservice_methods_code_config_max_submissions',
       ])
     end
@@ -1384,6 +1407,10 @@ module OryClient
         self.hydra_oauth2_pkce_enforced_for_public_clients = attributes[:'hydra_oauth2_pkce_enforced_for_public_clients']
       end
+      if attributes.key?(:'hydra_oauth2_preserve_ext_claims')
+        self.hydra_oauth2_preserve_ext_claims = attributes[:'hydra_oauth2_preserve_ext_claims']
+      end
       if attributes.key?(:'hydra_oauth2_refresh_token_hook')
         self.hydra_oauth2_refresh_token_hook = attributes[:'hydra_oauth2_refresh_token_hook']
       end
@@ -2616,6 +2643,7 @@ module OryClient
           hydra_oauth2_mirror_top_level_claims == o.hydra_oauth2_mirror_top_level_claims &&
           hydra_oauth2_pkce_enforced == o.hydra_oauth2_pkce_enforced &&
           hydra_oauth2_pkce_enforced_for_public_clients == o.hydra_oauth2_pkce_enforced_for_public_clients &&
+          hydra_oauth2_preserve_ext_claims == o.hydra_oauth2_preserve_ext_claims &&
           hydra_oauth2_refresh_token_hook == o.hydra_oauth2_refresh_token_hook &&
           hydra_oauth2_token_hook == o.hydra_oauth2_token_hook &&
           hydra_oidc_dynamic_client_registration_default_scope == o.hydra_oidc_dynamic_client_registration_default_scope &&
@@ -2846,7 +2874,7 @@ module OryClient
     # Calculates hash code according to all attributes.
     # @return [Integer] Hash code
     def hash
-      [account_experience_custom_translations, account_experience_default_locale, account_experience_enabled_locales, account_experience_favicon_dark, account_experience_favicon_light, account_experience_locale_behavior, account_experience_logo_dark, account_experience_logo_light, account_experience_theme_variables_dark, account_experience_theme_variables_light, created_at, disable_account_experience_welcome_screen, enable_ax_v2, environment, home_region, hydra_oauth2_allowed_top_level_claims, hydra_oauth2_client_credentials_default_grant_allowed_scope, hydra_oauth2_exclude_not_before_claim, hydra_oauth2_grant_jwt_iat_optional, hydra_oauth2_grant_jwt_jti_optional, hydra_oauth2_grant_jwt_max_ttl, hydra_oauth2_grant_refresh_token_rotation_grace_period, hydra_oauth2_mirror_top_level_claims, hydra_oauth2_pkce_enforced, hydra_oauth2_pkce_enforced_for_public_clients, hydra_oauth2_refresh_token_hook, hydra_oauth2_token_hook, hydra_oidc_dynamic_client_registration_default_scope, hydra_oidc_dynamic_client_registration_enabled, hydra_oidc_subject_identifiers_pairwise_salt, hydra_oidc_subject_identifiers_supported_types, hydra_secrets_cookie, hydra_secrets_pagination, hydra_secrets_system, hydra_serve_cookies_same_site_legacy_workaround, hydra_serve_cookies_same_site_mode, hydra_strategies_access_token, hydra_strategies_jwt_scope_claim, hydra_strategies_scope, hydra_ttl_access_token, hydra_ttl_auth_code, hydra_ttl_id_token, hydra_ttl_login_consent_request, hydra_ttl_refresh_token, hydra_urls_consent, hydra_urls_error, hydra_urls_login, hydra_urls_logout, hydra_urls_post_logout_redirect, hydra_urls_registration, hydra_urls_self_issuer, hydra_webfinger_jwks_broadcast_keys, hydra_webfinger_oidc_discovery_auth_url, hydra_webfinger_oidc_discovery_client_registration_url, hydra_webfinger_oidc_discovery_jwks_url, hydra_webfinger_oidc_discovery_supported_claims, hydra_webfinger_oidc_discovery_supported_scope, hydra_webfinger_oidc_discovery_token_url, hydra_webfinger_oidc_discovery_userinfo_url, id, keto_namespace_configuration, keto_namespaces, keto_secrets_pagination, kratos_cookies_same_site, kratos_courier_channels, kratos_courier_delivery_strategy, kratos_courier_http_request_config_auth_api_key_in, kratos_courier_http_request_config_auth_api_key_name, kratos_courier_http_request_config_auth_api_key_value, kratos_courier_http_request_config_auth_basic_auth_password, kratos_courier_http_request_config_auth_basic_auth_user, kratos_courier_http_request_config_auth_type, kratos_courier_http_request_config_body, kratos_courier_http_request_config_headers, kratos_courier_http_request_config_method, kratos_courier_http_request_config_url, kratos_courier_smtp_connection_uri, kratos_courier_smtp_from_address, kratos_courier_smtp_from_name, kratos_courier_smtp_headers, kratos_courier_smtp_local_name, kratos_courier_templates_login_code_valid_email_body_html, kratos_courier_templates_login_code_valid_email_body_plaintext, kratos_courier_templates_login_code_valid_email_subject, kratos_courier_templates_login_code_valid_sms_body_plaintext, kratos_courier_templates_recovery_code_invalid_email_body_html, kratos_courier_templates_recovery_code_invalid_email_body_plaintext, kratos_courier_templates_recovery_code_invalid_email_subject, kratos_courier_templates_recovery_code_valid_email_body_html, kratos_courier_templates_recovery_code_valid_email_body_plaintext, kratos_courier_templates_recovery_code_valid_email_subject, kratos_courier_templates_recovery_invalid_email_body_html, kratos_courier_templates_recovery_invalid_email_body_plaintext, kratos_courier_templates_recovery_invalid_email_subject, kratos_courier_templates_recovery_valid_email_body_html, kratos_courier_templates_recovery_valid_email_body_plaintext, kratos_courier_templates_recovery_valid_email_subject, kratos_courier_templates_registration_code_valid_email_body_html, kratos_courier_templates_registration_code_valid_email_body_plaintext, kratos_courier_templates_registration_code_valid_email_subject, kratos_courier_templates_registration_code_valid_sms_body_plaintext, kratos_courier_templates_verification_code_invalid_email_body_html, kratos_courier_templates_verification_code_invalid_email_body_plaintext, kratos_courier_templates_verification_code_invalid_email_subject, kratos_courier_templates_verification_code_valid_email_body_html, kratos_courier_templates_verification_code_valid_email_body_plaintext, kratos_courier_templates_verification_code_valid_email_subject, kratos_courier_templates_verification_code_valid_sms_body_plaintext, kratos_courier_templates_verification_invalid_email_body_html, kratos_courier_templates_verification_invalid_email_body_plaintext, kratos_courier_templates_verification_invalid_email_subject, kratos_courier_templates_verification_valid_email_body_html, kratos_courier_templates_verification_valid_email_body_plaintext, kratos_courier_templates_verification_valid_email_subject, kratos_feature_flags_cacheable_sessions, kratos_feature_flags_cacheable_sessions_max_age, kratos_feature_flags_choose_recovery_address, kratos_feature_flags_faster_session_extend, kratos_feature_flags_legacy_continue_with_verification_ui, kratos_feature_flags_legacy_oidc_registration_node_group, kratos_feature_flags_legacy_require_verified_login_error, kratos_feature_flags_password_profile_registration_node_group, kratos_feature_flags_use_continue_with_transitions, kratos_identity_schemas, kratos_oauth2_provider_headers, kratos_oauth2_provider_override_return_to, kratos_oauth2_provider_url, kratos_preview_default_read_consistency_level, kratos_secrets_cipher, kratos_secrets_cookie, kratos_secrets_default, kratos_secrets_pagination, kratos_security_account_enumeration_mitigate, kratos_selfservice_allowed_return_urls, kratos_selfservice_default_browser_return_url, kratos_selfservice_flows_error_ui_url, kratos_selfservice_flows_login_after_code_default_browser_return_url, kratos_selfservice_flows_login_after_default_browser_return_url, kratos_selfservice_flows_login_after_lookup_secret_default_browser_return_url, kratos_selfservice_flows_login_after_oidc_default_browser_return_url, kratos_selfservice_flows_login_after_passkey_default_browser_return_url, kratos_selfservice_flows_login_after_password_default_browser_return_url, kratos_selfservice_flows_login_after_totp_default_browser_return_url, kratos_selfservice_flows_login_after_webauthn_default_browser_return_url, kratos_selfservice_flows_login_lifespan, kratos_selfservice_flows_login_style, kratos_selfservice_flows_login_ui_url, kratos_selfservice_flows_logout_after_default_browser_return_url, kratos_selfservice_flows_recovery_after_default_browser_return_url, kratos_selfservice_flows_recovery_enabled, kratos_selfservice_flows_recovery_lifespan, kratos_selfservice_flows_recovery_notify_unknown_recipients, kratos_selfservice_flows_recovery_ui_url, kratos_selfservice_flows_recovery_use, kratos_selfservice_flows_registration_after_code_default_browser_return_url, kratos_selfservice_flows_registration_after_default_browser_return_url, kratos_selfservice_flows_registration_after_oidc_default_browser_return_url, kratos_selfservice_flows_registration_after_passkey_default_browser_return_url, kratos_selfservice_flows_registration_after_password_default_browser_return_url, kratos_selfservice_flows_registration_after_webauthn_default_browser_return_url, kratos_selfservice_flows_registration_enable_legacy_one_step, kratos_selfservice_flows_registration_enabled, kratos_selfservice_flows_registration_lifespan, kratos_selfservice_flows_registration_login_hints, kratos_selfservice_flows_registration_ui_url, kratos_selfservice_flows_settings_after_default_browser_return_url, kratos_selfservice_flows_settings_after_lookup_secret_default_browser_return_url, kratos_selfservice_flows_settings_after_oidc_default_browser_return_url, kratos_selfservice_flows_settings_after_passkey_default_browser_return_url, kratos_selfservice_flows_settings_after_password_default_browser_return_url, kratos_selfservice_flows_settings_after_profile_default_browser_return_url, kratos_selfservice_flows_settings_after_totp_default_browser_return_url, kratos_selfservice_flows_settings_after_webauthn_default_browser_return_url, kratos_selfservice_flows_settings_lifespan, kratos_selfservice_flows_settings_privileged_session_max_age, kratos_selfservice_flows_settings_required_aal, kratos_selfservice_flows_settings_ui_url, kratos_selfservice_flows_verification_after_default_browser_return_url, kratos_selfservice_flows_verification_enabled, kratos_selfservice_flows_verification_lifespan, kratos_selfservice_flows_verification_notify_unknown_recipients, kratos_selfservice_flows_verification_ui_url, kratos_selfservice_flows_verification_use, kratos_selfservice_methods_captcha_config_allowed_domains, kratos_selfservice_methods_captcha_config_byo, kratos_selfservice_methods_captcha_config_cf_turnstile_byo_secret, kratos_selfservice_methods_captcha_config_cf_turnstile_byo_sitekey, kratos_selfservice_methods_captcha_config_cf_turnstile_secret, kratos_selfservice_methods_captcha_config_cf_turnstile_sitekey, kratos_selfservice_methods_captcha_config_legacy_inject_node, kratos_selfservice_methods_captcha_enabled, kratos_selfservice_methods_code_config_lifespan, kratos_selfservice_methods_code_config_max_submissions, kratos_selfservice_methods_code_config_missing_credential_fallback_enabled, kratos_selfservice_methods_code_enabled, kratos_selfservice_methods_code_mfa_enabled, kratos_selfservice_methods_code_passwordless_enabled, kratos_selfservice_methods_code_passwordless_login_fallback_enabled, kratos_selfservice_methods_link_config_base_url, kratos_selfservice_methods_link_config_lifespan, kratos_selfservice_methods_link_enabled, kratos_selfservice_methods_lookup_secret_enabled, kratos_selfservice_methods_oidc_config_base_redirect_uri, kratos_selfservice_methods_oidc_config_providers, kratos_selfservice_methods_oidc_enable_auto_link_policy, kratos_selfservice_methods_oidc_enabled, kratos_selfservice_methods_passkey_config_rp_display_name, kratos_selfservice_methods_passkey_config_rp_id, kratos_selfservice_methods_passkey_config_rp_origins, kratos_selfservice_methods_passkey_enabled, kratos_selfservice_methods_password_config_haveibeenpwned_enabled, kratos_selfservice_methods_password_config_identifier_similarity_check_enabled, kratos_selfservice_methods_password_config_ignore_network_errors, kratos_selfservice_methods_password_config_max_breaches, kratos_selfservice_methods_password_config_min_password_length, kratos_selfservice_methods_password_enabled, kratos_selfservice_methods_profile_enabled, kratos_selfservice_methods_saml_config_providers, kratos_selfservice_methods_saml_enabled, kratos_selfservice_methods_totp_config_issuer, kratos_selfservice_methods_totp_enabled, kratos_selfservice_methods_webauthn_config_passwordless, kratos_selfservice_methods_webauthn_config_rp_display_name, kratos_selfservice_methods_webauthn_config_rp_icon, kratos_selfservice_methods_webauthn_config_rp_id, kratos_selfservice_methods_webauthn_config_rp_origins, kratos_selfservice_methods_webauthn_enabled, kratos_session_cookie_persistent, kratos_session_cookie_same_site, kratos_session_lifespan, kratos_session_whoami_required_aal, kratos_session_whoami_tokenizer_templates, name, organizations, project_id, project_revision_hooks, scim_clients, serve_admin_cors_allowed_origins, serve_admin_cors_enabled, serve_public_cors_allowed_origins, serve_public_cors_enabled, strict_security, updated_at, workspace_id].hash
+      [account_experience_custom_translations, account_experience_default_locale, account_experience_enabled_locales, account_experience_favicon_dark, account_experience_favicon_light, account_experience_locale_behavior, account_experience_logo_dark, account_experience_logo_light, account_experience_theme_variables_dark, account_experience_theme_variables_light, created_at, disable_account_experience_welcome_screen, enable_ax_v2, environment, home_region, hydra_oauth2_allowed_top_level_claims, hydra_oauth2_client_credentials_default_grant_allowed_scope, hydra_oauth2_exclude_not_before_claim, hydra_oauth2_grant_jwt_iat_optional, hydra_oauth2_grant_jwt_jti_optional, hydra_oauth2_grant_jwt_max_ttl, hydra_oauth2_grant_refresh_token_rotation_grace_period, hydra_oauth2_mirror_top_level_claims, hydra_oauth2_pkce_enforced, hydra_oauth2_pkce_enforced_for_public_clients, hydra_oauth2_preserve_ext_claims, hydra_oauth2_refresh_token_hook, hydra_oauth2_token_hook, hydra_oidc_dynamic_client_registration_default_scope, hydra_oidc_dynamic_client_registration_enabled, hydra_oidc_subject_identifiers_pairwise_salt, hydra_oidc_subject_identifiers_supported_types, hydra_secrets_cookie, hydra_secrets_pagination, hydra_secrets_system, hydra_serve_cookies_same_site_legacy_workaround, hydra_serve_cookies_same_site_mode, hydra_strategies_access_token, hydra_strategies_jwt_scope_claim, hydra_strategies_scope, hydra_ttl_access_token, hydra_ttl_auth_code, hydra_ttl_id_token, hydra_ttl_login_consent_request, hydra_ttl_refresh_token, hydra_urls_consent, hydra_urls_error, hydra_urls_login, hydra_urls_logout, hydra_urls_post_logout_redirect, hydra_urls_registration, hydra_urls_self_issuer, hydra_webfinger_jwks_broadcast_keys, hydra_webfinger_oidc_discovery_auth_url, hydra_webfinger_oidc_discovery_client_registration_url, hydra_webfinger_oidc_discovery_jwks_url, hydra_webfinger_oidc_discovery_supported_claims, hydra_webfinger_oidc_discovery_supported_scope, hydra_webfinger_oidc_discovery_token_url, hydra_webfinger_oidc_discovery_userinfo_url, id, keto_namespace_configuration, keto_namespaces, keto_secrets_pagination, kratos_cookies_same_site, kratos_courier_channels, kratos_courier_delivery_strategy, kratos_courier_http_request_config_auth_api_key_in, kratos_courier_http_request_config_auth_api_key_name, kratos_courier_http_request_config_auth_api_key_value, kratos_courier_http_request_config_auth_basic_auth_password, kratos_courier_http_request_config_auth_basic_auth_user, kratos_courier_http_request_config_auth_type, kratos_courier_http_request_config_body, kratos_courier_http_request_config_headers, kratos_courier_http_request_config_method, kratos_courier_http_request_config_url, kratos_courier_smtp_connection_uri, kratos_courier_smtp_from_address, kratos_courier_smtp_from_name, kratos_courier_smtp_headers, kratos_courier_smtp_local_name, kratos_courier_templates_login_code_valid_email_body_html, kratos_courier_templates_login_code_valid_email_body_plaintext, kratos_courier_templates_login_code_valid_email_subject, kratos_courier_templates_login_code_valid_sms_body_plaintext, kratos_courier_templates_recovery_code_invalid_email_body_html, kratos_courier_templates_recovery_code_invalid_email_body_plaintext, kratos_courier_templates_recovery_code_invalid_email_subject, kratos_courier_templates_recovery_code_valid_email_body_html, kratos_courier_templates_recovery_code_valid_email_body_plaintext, kratos_courier_templates_recovery_code_valid_email_subject, kratos_courier_templates_recovery_invalid_email_body_html, kratos_courier_templates_recovery_invalid_email_body_plaintext, kratos_courier_templates_recovery_invalid_email_subject, kratos_courier_templates_recovery_valid_email_body_html, kratos_courier_templates_recovery_valid_email_body_plaintext, kratos_courier_templates_recovery_valid_email_subject, kratos_courier_templates_registration_code_valid_email_body_html, kratos_courier_templates_registration_code_valid_email_body_plaintext, kratos_courier_templates_registration_code_valid_email_subject, kratos_courier_templates_registration_code_valid_sms_body_plaintext, kratos_courier_templates_verification_code_invalid_email_body_html, kratos_courier_templates_verification_code_invalid_email_body_plaintext, kratos_courier_templates_verification_code_invalid_email_subject, kratos_courier_templates_verification_code_valid_email_body_html, kratos_courier_templates_verification_code_valid_email_body_plaintext, kratos_courier_templates_verification_code_valid_email_subject, kratos_courier_templates_verification_code_valid_sms_body_plaintext, kratos_courier_templates_verification_invalid_email_body_html, kratos_courier_templates_verification_invalid_email_body_plaintext, kratos_courier_templates_verification_invalid_email_subject, kratos_courier_templates_verification_valid_email_body_html, kratos_courier_templates_verification_valid_email_body_plaintext, kratos_courier_templates_verification_valid_email_subject, kratos_feature_flags_cacheable_sessions, kratos_feature_flags_cacheable_sessions_max_age, kratos_feature_flags_choose_recovery_address, kratos_feature_flags_faster_session_extend, kratos_feature_flags_legacy_continue_with_verification_ui, kratos_feature_flags_legacy_oidc_registration_node_group, kratos_feature_flags_legacy_require_verified_login_error, kratos_feature_flags_password_profile_registration_node_group, kratos_feature_flags_use_continue_with_transitions, kratos_identity_schemas, kratos_oauth2_provider_headers, kratos_oauth2_provider_override_return_to, kratos_oauth2_provider_url, kratos_preview_default_read_consistency_level, kratos_secrets_cipher, kratos_secrets_cookie, kratos_secrets_default, kratos_secrets_pagination, kratos_security_account_enumeration_mitigate, kratos_selfservice_allowed_return_urls, kratos_selfservice_default_browser_return_url, kratos_selfservice_flows_error_ui_url, kratos_selfservice_flows_login_after_code_default_browser_return_url, kratos_selfservice_flows_login_after_default_browser_return_url, kratos_selfservice_flows_login_after_lookup_secret_default_browser_return_url, kratos_selfservice_flows_login_after_oidc_default_browser_return_url, kratos_selfservice_flows_login_after_passkey_default_browser_return_url, kratos_selfservice_flows_login_after_password_default_browser_return_url, kratos_selfservice_flows_login_after_totp_default_browser_return_url, kratos_selfservice_flows_login_after_webauthn_default_browser_return_url, kratos_selfservice_flows_login_lifespan, kratos_selfservice_flows_login_style, kratos_selfservice_flows_login_ui_url, kratos_selfservice_flows_logout_after_default_browser_return_url, kratos_selfservice_flows_recovery_after_default_browser_return_url, kratos_selfservice_flows_recovery_enabled, kratos_selfservice_flows_recovery_lifespan, kratos_selfservice_flows_recovery_notify_unknown_recipients, kratos_selfservice_flows_recovery_ui_url, kratos_selfservice_flows_recovery_use, kratos_selfservice_flows_registration_after_code_default_browser_return_url, kratos_selfservice_flows_registration_after_default_browser_return_url, kratos_selfservice_flows_registration_after_oidc_default_browser_return_url, kratos_selfservice_flows_registration_after_passkey_default_browser_return_url, kratos_selfservice_flows_registration_after_password_default_browser_return_url, kratos_selfservice_flows_registration_after_webauthn_default_browser_return_url, kratos_selfservice_flows_registration_enable_legacy_one_step, kratos_selfservice_flows_registration_enabled, kratos_selfservice_flows_registration_lifespan, kratos_selfservice_flows_registration_login_hints, kratos_selfservice_flows_registration_ui_url, kratos_selfservice_flows_settings_after_default_browser_return_url, kratos_selfservice_flows_settings_after_lookup_secret_default_browser_return_url, kratos_selfservice_flows_settings_after_oidc_default_browser_return_url, kratos_selfservice_flows_settings_after_passkey_default_browser_return_url, kratos_selfservice_flows_settings_after_password_default_browser_return_url, kratos_selfservice_flows_settings_after_profile_default_browser_return_url, kratos_selfservice_flows_settings_after_totp_default_browser_return_url, kratos_selfservice_flows_settings_after_webauthn_default_browser_return_url, kratos_selfservice_flows_settings_lifespan, kratos_selfservice_flows_settings_privileged_session_max_age, kratos_selfservice_flows_settings_required_aal, kratos_selfservice_flows_settings_ui_url, kratos_selfservice_flows_verification_after_default_browser_return_url, kratos_selfservice_flows_verification_enabled, kratos_selfservice_flows_verification_lifespan, kratos_selfservice_flows_verification_notify_unknown_recipients, kratos_selfservice_flows_verification_ui_url, kratos_selfservice_flows_verification_use, kratos_selfservice_methods_captcha_config_allowed_domains, kratos_selfservice_methods_captcha_config_byo, kratos_selfservice_methods_captcha_config_cf_turnstile_byo_secret, kratos_selfservice_methods_captcha_config_cf_turnstile_byo_sitekey, kratos_selfservice_methods_captcha_config_cf_turnstile_secret, kratos_selfservice_methods_captcha_config_cf_turnstile_sitekey, kratos_selfservice_methods_captcha_config_legacy_inject_node, kratos_selfservice_methods_captcha_enabled, kratos_selfservice_methods_code_config_lifespan, kratos_selfservice_methods_code_config_max_submissions, kratos_selfservice_methods_code_config_missing_credential_fallback_enabled, kratos_selfservice_methods_code_enabled, kratos_selfservice_methods_code_mfa_enabled, kratos_selfservice_methods_code_passwordless_enabled, kratos_selfservice_methods_code_passwordless_login_fallback_enabled, kratos_selfservice_methods_link_config_base_url, kratos_selfservice_methods_link_config_lifespan, kratos_selfservice_methods_link_enabled, kratos_selfservice_methods_lookup_secret_enabled, kratos_selfservice_methods_oidc_config_base_redirect_uri, kratos_selfservice_methods_oidc_config_providers, kratos_selfservice_methods_oidc_enable_auto_link_policy, kratos_selfservice_methods_oidc_enabled, kratos_selfservice_methods_passkey_config_rp_display_name, kratos_selfservice_methods_passkey_config_rp_id, kratos_selfservice_methods_passkey_config_rp_origins, kratos_selfservice_methods_passkey_enabled, kratos_selfservice_methods_password_config_haveibeenpwned_enabled, kratos_selfservice_methods_password_config_identifier_similarity_check_enabled, kratos_selfservice_methods_password_config_ignore_network_errors, kratos_selfservice_methods_password_config_max_breaches, kratos_selfservice_methods_password_config_min_password_length, kratos_selfservice_methods_password_enabled, kratos_selfservice_methods_profile_enabled, kratos_selfservice_methods_saml_config_providers, kratos_selfservice_methods_saml_enabled, kratos_selfservice_methods_totp_config_issuer, kratos_selfservice_methods_totp_enabled, kratos_selfservice_methods_webauthn_config_passwordless, kratos_selfservice_methods_webauthn_config_rp_display_name, kratos_selfservice_methods_webauthn_config_rp_icon, kratos_selfservice_methods_webauthn_config_rp_id, kratos_selfservice_methods_webauthn_config_rp_origins, kratos_selfservice_methods_webauthn_enabled, kratos_session_cookie_persistent, kratos_session_cookie_same_site, kratos_session_lifespan, kratos_session_whoami_required_aal, kratos_session_whoami_tokenizer_templates, name, organizations, project_id, project_revision_hooks, scim_clients, serve_admin_cors_allowed_origins, serve_admin_cors_enabled, serve_public_cors_allowed_origins, serve_public_cors_enabled, strict_security, updated_at, workspace_id].hash
     end
     # Builds the object from hash