ory-client 1.22.34 → 1.22.36

data/docs/CreateProjectNormalizedPayload.md

@@ -5,21 +5,21 @@
 | Name | Type | Description | Notes |
 | ---- | ---- | ----------- | ----- |
 | **account_experience_custom_translations** | [**Array<RevisionAccountExperienceCustomTranslation>**](RevisionAccountExperienceCustomTranslation.md) | The Account Experience's Custom Translations  Contains all Custom Translations for this project. | [optional] |
-| **account_experience_default_locale** | **String** | Holds the default locale for the account experience. | [optional] |
-| **account_experience_enabled_locales** | **Array<String>** |  | [optional] |
-| **account_experience_favicon_dark** | **String** | Holds the URL to the account experience's dark theme favicon (currently unused). | [optional] |
-| **account_experience_favicon_light** | **String** | Holds the URL to the account experience's favicon. | [optional] |
-| **account_experience_locale_behavior** | **String** | Holds the URL to the account experience's language behavior.  Can be one of: `respect_accept_language`: Respect the `Accept-Language` header. `force_default`: Force the default language. | [optional] |
-| **account_experience_logo_dark** | **String** | Holds the URL to the account experience's dark theme logo (currently unused). | [optional] |
-| **account_experience_logo_light** | **String** | Holds the URL to the account experience's logo. | [optional] |
-| **account_experience_theme_variables_dark** | **String** | Holds the URL to the account experience's dark theme variables. | [optional] |
-| **account_experience_theme_variables_light** | **String** | Holds the URL to the account experience's light theme variables. | [optional] |
+| **account_experience_default_locale** | **String** | Holds the default locale for the account experience. This governs the \"default_locale\" setting. | [optional] |
+| **account_experience_enabled_locales** | **Array<String>** | The Account Experience's Enabled Locales  This governs the locales that are available in the account experience. This governs the \"enabled_locales\" setting. | [optional] |
+| **account_experience_favicon_dark** | **String** | Holds the URL to the account experience's dark theme favicon (currently unused). This governs the \"favicon_dark\" setting. | [optional] |
+| **account_experience_favicon_light** | **String** | Holds the URL to the account experience's favicon. This governs the \"favicon_light\" setting. | [optional] |
+| **account_experience_locale_behavior** | **String** | Holds the URL to the account experience's language behavior.  Can be one of: `respect_accept_language`: Respect the `Accept-Language` header. `force_default`: Force the default language. This governs the \"locale_behavior\" setting. | [optional] |
+| **account_experience_logo_dark** | **String** | Holds the URL to the account experience's dark theme logo (currently unused). This governs the \"logo_dark\" setting. | [optional] |
+| **account_experience_logo_light** | **String** | Holds the URL to the account experience's logo. This governs the \"logo_light\" setting. | [optional] |
+| **account_experience_theme_variables_dark** | **String** | Holds the URL to the account experience's dark theme variables. This governs the \"theme_variables_dark\" setting. | [optional] |
+| **account_experience_theme_variables_light** | **String** | Holds the URL to the account experience's light theme variables. This governs the \"theme_variables_light\" setting. | [optional] |
 | **created_at** | **Time** | The Project's Revision Creation Date | [optional][readonly] |
-| **disable_account_experience_welcome_screen** | **Boolean** | Whether to disable the account experience welcome screen, which is hosted under `/ui/welcome`. | [optional] |
-| **enable_ax_v2** | **Boolean** | Whether the new account experience is enabled and reachable. | [optional] |
+| **disable_account_experience_welcome_screen** | **Boolean** | Whether to disable the account experience welcome screen, which is hosted under `/ui/welcome`. This governs the \"disable_welcome_screen\" setting. | [optional] |
+| **enable_ax_v2** | **Boolean** | Whether the new account experience is enabled and reachable. This governs the \"enable_ax_v2\" setting. | [optional] |
 | **environment** | **String** |  prod Production stage Staging dev Development |  |
 | **home_region** | **String** |  eu-central EUCentral asia-northeast AsiaNorthEast us-east USEast us-west USWest us US global Global | [optional] |
-| **hydra_oauth2_allowed_top_level_claims** | **Array<String>** |  | [optional] |
+| **hydra_oauth2_allowed_top_level_claims** | **Array<String>** | A list of custom claims which are allowed to be added top level to the Access Token. They cannot override reserved claims.  This governs the \"oauth2.allowed_top_level_claims\" setting. | [optional] |
 | **hydra_oauth2_client_credentials_default_grant_allowed_scope** | **Boolean** | Automatically grant authorized OAuth2 Scope in OAuth2 Client Credentials Flow.  Each OAuth2 Client is allowed to request a predefined OAuth2 Scope (for example `read write`). If this option is enabled, the full scope is automatically granted when performing the OAuth2 Client Credentials flow.  If disabled, the OAuth2 Client has to request the scope in the OAuth2 request by providing the `scope` query parameter.  Setting this option to true is common if you need compatibility with MITREid.  This governs the \"oauth2.client_credentials.default_grant_allowed_scope\" setting. | [optional] |
 | **hydra_oauth2_exclude_not_before_claim** | **Boolean** | Set to true if you want to exclude claim `nbf (not before)` part of access token.  This governs the \"oauth2.exclude_not_before_claim\" setting. | [optional] |
 | **hydra_oauth2_grant_jwt_iat_optional** | **Boolean** | Configures if the issued at (`iat`) claim is required in the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC7523).  If set to `false`, the `iat` claim is required. Set this value to `true` only after careful consideration.  This governs the \"oauth2.grant.jwt.iat_optional\" setting. | [optional] |
@@ -29,19 +29,20 @@
 | **hydra_oauth2_mirror_top_level_claims** | **Boolean** | Set to false if you don't want to mirror custom claims under 'ext'.  This governs the \"oauth2.mirror_top_level_claims\" setting. | [optional] |
 | **hydra_oauth2_pkce_enforced** | **Boolean** | Configures whether PKCE should be enforced for all OAuth2 Clients.  This governs the \"oauth2.pkce.enforced\" setting. | [optional] |
 | **hydra_oauth2_pkce_enforced_for_public_clients** | **Boolean** | Configures whether PKCE should be enforced for OAuth2 Clients without a client secret (public clients).  This governs the \"oauth2.pkce.enforced_for_public_clients\" setting. | [optional] |
+| **hydra_oauth2_preserve_ext_claims** | **Boolean** | Set to true to keep custom claims that are not promoted to the top level in the 'ext' claim. Only applies when mirror_top_level_claims is false.  This governs the \"oauth2.preserve_ext_claims\" setting. | [optional] |
 | **hydra_oauth2_refresh_token_hook** | **String** | Sets the Refresh Token Hook Endpoint. If set this endpoint will be called during the OAuth2 Token Refresh grant update the OAuth2 Access Token claims.  This governs the \"oauth2.refresh_token_hook\" setting. | [optional] |
 | **hydra_oauth2_token_hook** | **String** | Sets the token hook endpoint for all grant types. If set it will be called while providing token to customize claims.  This governs the \"oauth2.token_hook.url\" setting. | [optional] |
-| **hydra_oidc_dynamic_client_registration_default_scope** | **Array<String>** |  | [optional] |
+| **hydra_oidc_dynamic_client_registration_default_scope** | **Array<String>** | The OpenID Connect Dynamic Client Registration specification has no concept of whitelisting OAuth 2.0 Scope. If you want to expose Dynamic Client Registration, you should set the default scope enabled for newly registered clients. Keep in mind that users can overwrite this default by setting the \"scope\" key in the registration payload, effectively disabling the concept of whitelisted scopes.  This governs the \"oidc.dynamic_client_registration.default_scope\" setting. | [optional] |
 | **hydra_oidc_dynamic_client_registration_enabled** | **Boolean** | Configures OpenID Connect Dynamic Client Registration.  This governs the \"oidc.dynamic_client_registration.enabled\" setting. | [optional] |
 | **hydra_oidc_subject_identifiers_pairwise_salt** | **String** | Configures OpenID Connect Discovery and overwrites the pairwise algorithm  This governs the \"oidc.subject_identifiers.pairwise_salt\" setting. | [optional] |
-| **hydra_oidc_subject_identifiers_supported_types** | **Array<String>** |  | [optional] |
-| **hydra_secrets_cookie** | **Array<String>** |  | [optional] |
-| **hydra_secrets_pagination** | **Array<String>** |  | [optional] |
-| **hydra_secrets_system** | **Array<String>** |  | [optional] |
+| **hydra_oidc_subject_identifiers_supported_types** | **Array<String>** | Configures OpenID Connect Discovery and overwrites the list of Subject Identifier Algorithms to enable.  This governs the \"oidc.subject_identifiers.supported_types\" setting. | [optional] |
+| **hydra_secrets_cookie** | **Array<String>** | Configures the Ory Hydra Cookie Secret  This governs the \"secrets.cookie\" setting. | [optional] |
+| **hydra_secrets_pagination** | **Array<String>** | Configures the Ory Hydra Pagination Secret  This governs the \"secrets.pagination\" setting. | [optional] |
+| **hydra_secrets_system** | **Array<String>** | Configures the Ory Hydra System Secret  This governs the \"secrets.system\" setting. | [optional] |
 | **hydra_serve_cookies_same_site_legacy_workaround** | **Boolean** | Configures the Ory Hydra Cookie Same Site Legacy Workaround  This governs the \"serve.cookies.same_site_legacy_workaround\" setting. | [optional] |
 | **hydra_serve_cookies_same_site_mode** | **String** | Configures the Ory Hydra Cookie Same Site Mode  This governs the \"serve.cookies.same_site_mode\" setting. | [optional] |
 | **hydra_strategies_access_token** | **String** | Defines access token type  This governs the \"strategies.access_token\" setting. opaque Oauth2AccessTokenStrategyOpaque jwt Oauth2AccessTokenStrategyJwt | [optional][default to 'opaque'] |
-| **hydra_strategies_jwt_scope_claim** | **String** | Define the claim to use as the scope in the access token.  This governs the \"strategies.jwt.scope_claim\" setting:  list: The scope claim is an array of strings named `scope`: `{ \"scope\": [\"read\", \"write\"] }` string: The scope claim is a space delimited list of strings named `scp`: `{ \"scp\": \"read write\" }` both: The scope claim is both a space delimited list and an array of strings named `scope` and `scp`: `{ \"scope\": [\"read\", \"write\"], \"scp\": \"read write\" }` list OAuth2JWTScopeClaimList string OAuth2JWTScopeClaimString both OAuth2JWTScopeClaimBoth | [optional][default to 'list'] |
+| **hydra_strategies_jwt_scope_claim** | **String** | Define the claim to use as the scope in the access token.  This governs the \"strategies.jwt.scope_claim\" setting.  list: The scope claim is an array of strings named `scope`: `{ \"scope\": [\"read\", \"write\"] }` string: The scope claim is a space delimited list of strings named `scp`: `{ \"scp\": \"read write\" }` both: The scope claim is both a space delimited list and an array of strings named `scope` and `scp`: `{ \"scope\": [\"read\", \"write\"], \"scp\": \"read write\" }` list OAuth2JWTScopeClaimList string OAuth2JWTScopeClaimString both OAuth2JWTScopeClaimBoth | [optional][default to 'list'] |
 | **hydra_strategies_scope** | **String** | Defines how scopes are matched. For more details have a look at https://github.com/ory/fosite#scopes  This governs the \"strategies.scope\" setting. exact Oauth2ScopeStrategyExact wildcard Oauth2ScopeStrategyWildcard | [optional][default to 'wildcard'] |
 | **hydra_ttl_access_token** | **String** | This governs the \"ttl.access_token\" setting. | [optional][default to '30m'] |
 | **hydra_ttl_auth_code** | **String** | Configures how long refresh tokens are valid.  Set to -1 for refresh tokens to never expire. This is not recommended!  This governs the \"ttl.auth_code\" setting. | [optional][default to '720h'] |
@@ -55,69 +56,69 @@
 | **hydra_urls_post_logout_redirect** | **String** | When an OAuth2-related user agent requests to log out, they will be redirected to this url afterwards per default.  Defaults to the Ory Account Experience in development and your application in production mode when a custom domain is connected.  This governs the \"urls.post_logout_redirect\" setting. | [optional] |
 | **hydra_urls_registration** | **String** | Sets the OAuth2 Registration Endpoint URL of the OAuth2 User Login & Consent flow.  Defaults to the Ory Account Experience if left empty.  This governs the \"urls.registration\" setting. | [optional] |
 | **hydra_urls_self_issuer** | **String** | This value will be used as the issuer in access and ID tokens. It must be specified and using HTTPS protocol, unless the development mode is enabled.  On the Ory Network it will be very rare that you want to modify this value. If left empty, it will default to the correct value for the Ory Network.  This governs the \"urls.self.issuer\" setting. | [optional] |
-| **hydra_webfinger_jwks_broadcast_keys** | **Array<String>** |  | [optional] |
-| **hydra_webfinger_oidc_discovery_auth_url** | **String** | Configures OpenID Connect Discovery and overwrites the OAuth2 Authorization URL.  This governs the \"webfinger.oidc.discovery.auth_url\" setting. | [optional] |
-| **hydra_webfinger_oidc_discovery_client_registration_url** | **String** | Configures OpenID Connect Discovery and overwrites the OpenID Connect Dynamic Client Registration Endpoint.  This governs the \"webfinger.oidc.discovery.client_registration_url\" setting. | [optional] |
-| **hydra_webfinger_oidc_discovery_jwks_url** | **String** | Configures OpenID Connect Discovery and overwrites the JWKS URL.  This governs the \"webfinger.oidc.discovery.jwks_url\" setting. | [optional] |
-| **hydra_webfinger_oidc_discovery_supported_claims** | **Array<String>** |  | [optional] |
-| **hydra_webfinger_oidc_discovery_supported_scope** | **Array<String>** |  | [optional] |
-| **hydra_webfinger_oidc_discovery_token_url** | **String** | Configures OpenID Connect Discovery and overwrites the OAuth2 Token URL.  This governs the \"webfinger.oidc.discovery.token_url\" setting. | [optional] |
-| **hydra_webfinger_oidc_discovery_userinfo_url** | **String** | Configures OpenID Connect Discovery and overwrites userinfo endpoint to be advertised at the OpenID Connect Discovery endpoint /.well-known/openid-configuration. Defaults to Ory Hydra's userinfo endpoint at /userinfo. Set this value if you want to handle this endpoint yourself.  This governs the \"webfinger.oidc.discovery.userinfo_url\" setting. | [optional] |
+| **hydra_webfinger_jwks_broadcast_keys** | **Array<String>** | A list of JSON Web Keys that should be exposed at that endpoint. This is usually the public key for verifying OpenID Connect ID Tokens. However, you might want to add additional keys here as well.  This governs the \"webfinger.jwks.broadcast_keys\" setting. | [optional] |
+| **hydra_webfinger_oidc_discovery_auth_url** | **String** | Configures OpenID Connect Discovery and overwrites the OAuth2 Authorization URL.  This governs the \"webfinger.oidc_discovery.auth_url\" setting. | [optional] |
+| **hydra_webfinger_oidc_discovery_client_registration_url** | **String** | Configures OpenID Connect Discovery and overwrites the OpenID Connect Dynamic Client Registration Endpoint.  This governs the \"webfinger.oidc_discovery.client_registration_url\" setting. | [optional] |
+| **hydra_webfinger_oidc_discovery_jwks_url** | **String** | Configures OpenID Connect Discovery and overwrites the JWKS URL.  This governs the \"webfinger.oidc_discovery.jwks_url\" setting. | [optional] |
+| **hydra_webfinger_oidc_discovery_supported_claims** | **Array<String>** | Configures OpenID Connect Discovery and overwrites a list of supported claims to be broadcasted. Claim \"sub\" is always included.  This governs the \"webfinger.oidc_discovery.supported_claims\" setting. | [optional] |
+| **hydra_webfinger_oidc_discovery_supported_scope** | **Array<String>** | Configures OpenID Connect Discovery and overwrites the scope OAuth 2.0 Clients may request. Scope `offline`, `offline_access`, and `openid` are always included.  This governs the \"webfinger.oidc_discovery.supported_scope\" setting. | [optional] |
+| **hydra_webfinger_oidc_discovery_token_url** | **String** | Configures OpenID Connect Discovery and overwrites the OAuth2 Token URL.  This governs the \"webfinger.oidc_discovery.token_url\" setting. | [optional] |
+| **hydra_webfinger_oidc_discovery_userinfo_url** | **String** | Configures OpenID Connect Discovery and overwrites userinfo endpoint to be advertised at the OpenID Connect Discovery endpoint /.well-known/openid-configuration. Defaults to Ory Hydra's userinfo endpoint at /userinfo. Set this value if you want to handle this endpoint yourself.  This governs the \"webfinger.oidc_discovery.userinfo_url\" setting. | [optional] |
 | **id** | **String** | The revision ID. | [optional][readonly] |
-| **keto_namespace_configuration** | **String** | The Revisions' Keto Namespace Configuration  The string is a URL pointing to an OPL file with the configuration. | [optional] |
+| **keto_namespace_configuration** | **String** | The Revisions' Keto Namespace Configuration  The string is a URL pointing to an OPL file with the configuration.  This governs the \"namespaces.location\" setting. | [optional] |
 | **keto_namespaces** | [**Array<KetoNamespace>**](KetoNamespace.md) |  | [optional] |
-| **keto_secrets_pagination** | **Array<String>** |  | [optional] |
+| **keto_secrets_pagination** | **Array<String>** | Configures Keto's pagination secrets.  This governs the \"secrets.pagination\" setting. | [optional] |
 | **kratos_cookies_same_site** | **String** | Configures the Ory Kratos Cookie SameSite Attribute  This governs the \"cookies.same_site\" setting. | [optional] |
 | **kratos_courier_channels** | [**Array<NormalizedProjectRevisionCourierChannel>**](NormalizedProjectRevisionCourierChannel.md) |  | [optional] |
-| **kratos_courier_delivery_strategy** | **String** | The delivery strategy to use when sending emails  `smtp`: Use SMTP server `http`: Use the built in HTTP client to send the email to some remote service | [optional][default to 'smtp'] |
-| **kratos_courier_http_request_config_auth_api_key_in** | **String** | The location of the API key to use in the HTTP email sending service's authentication  `header`: Send the key value pair as a header `cookie`: Send the key value pair as a cookie This governs the \"courier.http.auth.config.in\" setting | [optional] |
-| **kratos_courier_http_request_config_auth_api_key_name** | **String** | The name of the API key to use in the HTTP email sending service's authentication  This governs the \"courier.http.auth.config.name\" setting | [optional] |
-| **kratos_courier_http_request_config_auth_api_key_value** | **String** | The value of the API key to use in the HTTP email sending service's authentication  This governs the \"courier.http.auth.config.value\" setting | [optional] |
-| **kratos_courier_http_request_config_auth_basic_auth_password** | **String** | The password to use for basic auth in the HTTP email sending service's authentication  This governs the \"courier.http.auth.config.password\" setting | [optional] |
-| **kratos_courier_http_request_config_auth_basic_auth_user** | **String** | The user to use for basic auth in the HTTP email sending service's authentication  This governs the \"courier.http.auth.config.user\" setting | [optional] |
-| **kratos_courier_http_request_config_auth_type** | **String** | The authentication type to use while contacting the remote HTTP email sending service  `basic_auth`: Use Basic Authentication `api_key`: Use API Key Authentication in a header or cookie | [optional][default to 'empty (no authentication)'] |
-| **kratos_courier_http_request_config_body** | **String** | The Jsonnet template to generate the body to send to the remote HTTP email sending service  Should be valid Jsonnet and base64 encoded  This governs the \"courier.http.body\" setting | [optional] |
-| **kratos_courier_http_request_config_headers** | **Object** | NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable- | [optional] |
-| **kratos_courier_http_request_config_method** | **String** | The http METHOD to use when calling the remote HTTP email sending service | [optional][default to 'POST'] |
-| **kratos_courier_http_request_config_url** | **String** | The URL of the remote HTTP email sending service  This governs the \"courier.http.url\" setting | [optional] |
+| **kratos_courier_delivery_strategy** | **String** | The delivery strategy to use when sending emails  This governs the \"courier.delivery_strategy\" setting.  `smtp`: Use SMTP server `http`: Use the built in HTTP client to send the email to some remote service | [optional][default to 'smtp'] |
+| **kratos_courier_http_request_config_auth_api_key_in** | **String** | The location of the API key to use in the HTTP email sending service's authentication  `header`: Send the key value pair as a header `cookie`: Send the key value pair as a cookie This governs the \"courier.http.request_config.auth.config.in\" setting. | [optional] |
+| **kratos_courier_http_request_config_auth_api_key_name** | **String** | The name of the API key to use in the HTTP email sending service's authentication  This governs the \"courier.http.request_config.auth.config.name\" setting. | [optional] |
+| **kratos_courier_http_request_config_auth_api_key_value** | **String** | The value of the API key to use in the HTTP email sending service's authentication  This governs the \"courier.http.request_config.auth.config.value\" setting. | [optional] |
+| **kratos_courier_http_request_config_auth_basic_auth_password** | **String** | The password to use for basic auth in the HTTP email sending service's authentication  This governs the \"courier.http.request_config.auth.config.password\" setting. | [optional] |
+| **kratos_courier_http_request_config_auth_basic_auth_user** | **String** | The user to use for basic auth in the HTTP email sending service's authentication  This governs the \"courier.http.request_config.auth.config.user\" setting. | [optional] |
+| **kratos_courier_http_request_config_auth_type** | **String** | The authentication type to use while contacting the remote HTTP email sending service  This governs the \"courier.http.request_config.auth.type\" setting.  `basic_auth`: Use Basic Authentication `api_key`: Use API Key Authentication in a header or cookie | [optional][default to 'empty (no authentication)'] |
+| **kratos_courier_http_request_config_body** | **String** | The Jsonnet template to generate the body to send to the remote HTTP email sending service  Should be valid Jsonnet and base64 encoded  This governs the \"courier.http.request_config.body\" setting. | [optional] |
+| **kratos_courier_http_request_config_headers** | **Object** | Any additional headers to send to the remote HTTP email sending service  This governs the \"courier.http.request_config.headers\" setting. | [optional] |
+| **kratos_courier_http_request_config_method** | **String** | The http METHOD to use when calling the remote HTTP email sending service  This governs the \"courier.http.request_config.method\" setting. | [optional][default to 'POST'] |
+| **kratos_courier_http_request_config_url** | **String** | The URL of the remote HTTP email sending service  This governs the \"courier.http.request_config.url\" setting. | [optional] |
 | **kratos_courier_smtp_connection_uri** | **String** | Configures the Ory Kratos SMTP Connection URI  This governs the \"courier.smtp.connection_uri\" setting. | [optional] |
 | **kratos_courier_smtp_from_address** | **String** | Configures the Ory Kratos SMTP From Address  This governs the \"courier.smtp.from_address\" setting. | [optional] |
 | **kratos_courier_smtp_from_name** | **String** | Configures the Ory Kratos SMTP From Name  This governs the \"courier.smtp.from_name\" setting. | [optional] |
-| **kratos_courier_smtp_headers** | **Object** | NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable- | [optional] |
+| **kratos_courier_smtp_headers** | **Object** | Configures the Ory Kratos SMTP Connection Headers  This governs the \"courier.smtp.headers\" setting. | [optional] |
 | **kratos_courier_smtp_local_name** | **String** | Configures the local_name to use in SMTP connections  This governs the \"courier.smtp.local_name\" setting. | [optional] |
-| **kratos_courier_templates_login_code_valid_email_body_html** | **String** | Configures the Ory Kratos Valid Login via Code Email Body HTML Template  This governs the \"courier.smtp.templates.login_code.valid.email.body.html\" setting. | [optional] |
-| **kratos_courier_templates_login_code_valid_email_body_plaintext** | **String** | Configures the Ory Kratos Valid Login via Code Email Body Plaintext Template  This governs the \"courier.smtp.templates.login_code.valid.email.body.plaintext\" setting. | [optional] |
-| **kratos_courier_templates_login_code_valid_email_subject** | **String** | Configures the Ory Kratos Valid Login via Code Email Subject Template  This governs the \"courier.smtp.templates.login_code.valid.email.subject\" setting. | [optional] |
-| **kratos_courier_templates_login_code_valid_sms_body_plaintext** | **String** | Configures the Ory Kratos Valid Login via Code SMS plain text body  This governs the \"courier.smtp.templates.login_code.valid.sms.plaintext\" setting. | [optional] |
-| **kratos_courier_templates_recovery_code_invalid_email_body_html** | **String** | Configures the Ory Kratos Invalid Recovery via Code Email Body HTML Template  This governs the \"courier.smtp.templates.recovery_code.invalid.email.body.html\" setting. | [optional] |
-| **kratos_courier_templates_recovery_code_invalid_email_body_plaintext** | **String** | Configures the Ory Kratos Invalid Recovery via Code Email Body Plaintext Template  This governs the \"courier.smtp.templates.recovery_code.invalid.email.body.plaintext\" setting. | [optional] |
-| **kratos_courier_templates_recovery_code_invalid_email_subject** | **String** | Configures the Ory Kratos Invalid Recovery via Code Email Subject Template  This governs the \"courier.smtp.templates.recovery_code.invalid.email.body.html\" setting. | [optional] |
-| **kratos_courier_templates_recovery_code_valid_email_body_html** | **String** | Configures the Ory Kratos Valid Recovery via Code Email Body HTML Template  This governs the \"courier.smtp.templates.recovery_code.valid.email.body.html\" setting. | [optional] |
-| **kratos_courier_templates_recovery_code_valid_email_body_plaintext** | **String** | Configures the Ory Kratos Valid Recovery via Code Email Body Plaintext Template  This governs the \"courier.smtp.templates.recovery_code.valid.email.body.plaintext\" setting. | [optional] |
-| **kratos_courier_templates_recovery_code_valid_email_subject** | **String** | Configures the Ory Kratos Valid Recovery via Code Email Subject Template  This governs the \"courier.smtp.templates.recovery_code.valid.email.subject\" setting. | [optional] |
-| **kratos_courier_templates_recovery_invalid_email_body_html** | **String** | Configures the Ory Kratos Invalid Recovery Email Body HTML Template  This governs the \"courier.smtp.templates.recovery.invalid.email.body.html\" setting. | [optional] |
-| **kratos_courier_templates_recovery_invalid_email_body_plaintext** | **String** | Configures the Ory Kratos Invalid Recovery Email Body Plaintext Template  This governs the \"courier.smtp.templates.recovery.invalid.email.body.plaintext\" setting. | [optional] |
-| **kratos_courier_templates_recovery_invalid_email_subject** | **String** | Configures the Ory Kratos Invalid Recovery Email Subject Template  This governs the \"courier.smtp.templates.recovery.invalid.email.body.html\" setting. | [optional] |
-| **kratos_courier_templates_recovery_valid_email_body_html** | **String** | Configures the Ory Kratos Valid Recovery Email Body HTML Template  This governs the \"courier.smtp.templates.recovery.valid.email.body.html\" setting. | [optional] |
-| **kratos_courier_templates_recovery_valid_email_body_plaintext** | **String** | Configures the Ory Kratos Valid Recovery Email Body Plaintext Template  This governs the \"courier.smtp.templates.recovery.valid.email.body.plaintext\" setting. | [optional] |
-| **kratos_courier_templates_recovery_valid_email_subject** | **String** | Configures the Ory Kratos Valid Recovery Email Subject Template  This governs the \"courier.smtp.templates.recovery.valid.email.subject\" setting. | [optional] |
-| **kratos_courier_templates_registration_code_valid_email_body_html** | **String** | Configures the Ory Kratos Valid Registration via Code Email Body HTML Template  This governs the \"courier.smtp.templates.registration_code.valid.email.body.html\" setting. | [optional] |
-| **kratos_courier_templates_registration_code_valid_email_body_plaintext** | **String** | Configures the Ory Kratos Valid Registration via Code Email Body Plaintext Template  This governs the \"courier.smtp.templates.registration_code.valid.email.body.plaintext\" setting. | [optional] |
-| **kratos_courier_templates_registration_code_valid_email_subject** | **String** | Configures the Ory Kratos Valid Registration via Code Email Subject Template  This governs the \"courier.smtp.templates.registration_code.valid.email.subject\" setting. | [optional] |
-| **kratos_courier_templates_registration_code_valid_sms_body_plaintext** | **String** | Configures the Ory Kratos Valid Registration via Code Email Subject Template  This governs the \"courier.smtp.templates.registration_code.valid.sms.body.plaintext\" setting. | [optional] |
-| **kratos_courier_templates_verification_code_invalid_email_body_html** | **String** | Configures the Ory Kratos Invalid Verification via Code Email Body HTML Template  This governs the \"courier.smtp.templates.verification_code.invalid.email.body.html\" setting. | [optional] |
-| **kratos_courier_templates_verification_code_invalid_email_body_plaintext** | **String** | Configures the Ory Kratos Invalid Verification via Code Email Body Plaintext Template  This governs the \"courier.smtp.templates.verification_code.invalid.email.body.plaintext\" setting. | [optional] |
-| **kratos_courier_templates_verification_code_invalid_email_subject** | **String** | Configures the Ory Kratos Invalid Verification via Code Email Subject Template  This governs the \"courier.smtp.templates.verification_code.invalid.email.subject\" setting. | [optional] |
-| **kratos_courier_templates_verification_code_valid_email_body_html** | **String** | Configures the Ory Kratos Valid Verification via Code Email Body HTML Template  This governs the \"courier.smtp.templates.verification_code.valid.email.body.html\" setting. | [optional] |
-| **kratos_courier_templates_verification_code_valid_email_body_plaintext** | **String** | Configures the Ory Kratos Valid Verification via Code Email Body Plaintext Template  This governs the \"courier.smtp.templates.verification_code.valid.email.body.plaintext\" setting. | [optional] |
-| **kratos_courier_templates_verification_code_valid_email_subject** | **String** | Configures the Ory Kratos Valid Verification via Code Email Subject Template  This governs the \"courier.smtp.templates.verification_code.valid.email.subject\" setting. | [optional] |
-| **kratos_courier_templates_verification_code_valid_sms_body_plaintext** | **String** | Configures the Ory Kratos Valid Verification via Code SMS Body Plaintext  This governs the \"courier.smtp.templates.verification_code.valid.sms.body.plaintext\" setting. | [optional] |
-| **kratos_courier_templates_verification_invalid_email_body_html** | **String** | Configures the Ory Kratos Invalid Verification Email Body HTML Template  This governs the \"courier.smtp.templates.verification.invalid.email.body.html\" setting. | [optional] |
-| **kratos_courier_templates_verification_invalid_email_body_plaintext** | **String** | Configures the Ory Kratos Invalid Verification Email Body Plaintext Template  This governs the \"courier.smtp.templates.verification.invalid.email.body.plaintext\" setting. | [optional] |
-| **kratos_courier_templates_verification_invalid_email_subject** | **String** | Configures the Ory Kratos Invalid Verification Email Subject Template  This governs the \"courier.smtp.templates.verification.invalid.email.subject\" setting. | [optional] |
-| **kratos_courier_templates_verification_valid_email_body_html** | **String** | Configures the Ory Kratos Valid Verification Email Body HTML Template  This governs the \"courier.smtp.templates.verification.valid.email.body.html\" setting. | [optional] |
-| **kratos_courier_templates_verification_valid_email_body_plaintext** | **String** | Configures the Ory Kratos Valid Verification Email Body Plaintext Template  This governs the \"courier.smtp.templates.verification.valid.email.body.plaintext\" setting. | [optional] |
-| **kratos_courier_templates_verification_valid_email_subject** | **String** | Configures the Ory Kratos Valid Verification Email Subject Template  This governs the \"courier.smtp.templates.verification.valid.email.subject\" setting. | [optional] |
+| **kratos_courier_templates_login_code_valid_email_body_html** | **String** | Configures the Ory Kratos Valid Login via Code Email Body HTML Template  This governs the \"courier.templates.login_code.valid.email.body.html\" setting. | [optional] |
+| **kratos_courier_templates_login_code_valid_email_body_plaintext** | **String** | Configures the Ory Kratos Valid Login via Code Email Body Plaintext Template  This governs the \"courier.templates.login_code.valid.email.body.plaintext\" setting. | [optional] |
+| **kratos_courier_templates_login_code_valid_email_subject** | **String** | Configures the Ory Kratos Valid Login via Code Email Subject Template  This governs the \"courier.templates.login_code.valid.email.subject\" setting. | [optional] |
+| **kratos_courier_templates_login_code_valid_sms_body_plaintext** | **String** | Configures the Ory Kratos Valid Login via Code SMS plain text body  This governs the \"courier.templates.login_code.valid.sms.body.plaintext\" setting. | [optional] |
+| **kratos_courier_templates_recovery_code_invalid_email_body_html** | **String** | Configures the Ory Kratos Invalid Recovery via Code Email Body HTML Template  This governs the \"courier.templates.recovery_code.invalid.email.body.html\" setting. | [optional] |
+| **kratos_courier_templates_recovery_code_invalid_email_body_plaintext** | **String** | Configures the Ory Kratos Invalid Recovery via Code Email Body Plaintext Template  This governs the \"courier.templates.recovery_code.invalid.email.body.plaintext\" setting. | [optional] |
+| **kratos_courier_templates_recovery_code_invalid_email_subject** | **String** | Configures the Ory Kratos Invalid Recovery via Code Email Subject Template  This governs the \"courier.templates.recovery_code.invalid.email.subject\" setting. | [optional] |
+| **kratos_courier_templates_recovery_code_valid_email_body_html** | **String** | Configures the Ory Kratos Valid Recovery via Code Email Body HTML Template  This governs the \"courier.templates.recovery_code.valid.email.body.html\" setting. | [optional] |
+| **kratos_courier_templates_recovery_code_valid_email_body_plaintext** | **String** | Configures the Ory Kratos Valid Recovery via Code Email Body Plaintext Template  This governs the \"courier.templates.recovery_code.valid.email.body.plaintext\" setting. | [optional] |
+| **kratos_courier_templates_recovery_code_valid_email_subject** | **String** | Configures the Ory Kratos Valid Recovery via Code Email Subject Template  This governs the \"courier.templates.recovery_code.valid.email.subject\" setting. | [optional] |
+| **kratos_courier_templates_recovery_invalid_email_body_html** | **String** | Configures the Ory Kratos Invalid Recovery Email Body HTML Template  This governs the \"courier.templates.recovery.invalid.email.body.html\" setting. | [optional] |
+| **kratos_courier_templates_recovery_invalid_email_body_plaintext** | **String** | Configures the Ory Kratos Invalid Recovery Email Body Plaintext Template  This governs the \"courier.templates.recovery.invalid.email.body.plaintext\" setting. | [optional] |
+| **kratos_courier_templates_recovery_invalid_email_subject** | **String** | Configures the Ory Kratos Invalid Recovery Email Subject Template  This governs the \"courier.templates.recovery.invalid.email.subject\" setting. | [optional] |
+| **kratos_courier_templates_recovery_valid_email_body_html** | **String** | Configures the Ory Kratos Valid Recovery Email Body HTML Template  This governs the \"courier.templates.recovery.valid.email.body.html\" setting. | [optional] |
+| **kratos_courier_templates_recovery_valid_email_body_plaintext** | **String** | Configures the Ory Kratos Valid Recovery Email Body Plaintext Template  This governs the \"courier.templates.recovery.valid.email.body.plaintext\" setting. | [optional] |
+| **kratos_courier_templates_recovery_valid_email_subject** | **String** | Configures the Ory Kratos Valid Recovery Email Subject Template  This governs the \"courier.templates.recovery.valid.email.subject\" setting. | [optional] |
+| **kratos_courier_templates_registration_code_valid_email_body_html** | **String** | Configures the Ory Kratos Valid Registration via Code Email Body HTML Template  This governs the \"courier.templates.registration_code.valid.email.body.html\" setting. | [optional] |
+| **kratos_courier_templates_registration_code_valid_email_body_plaintext** | **String** | Configures the Ory Kratos Valid Registration via Code Email Body Plaintext Template  This governs the \"courier.templates.registration_code.valid.email.body.plaintext\" setting. | [optional] |
+| **kratos_courier_templates_registration_code_valid_email_subject** | **String** | Configures the Ory Kratos Valid Registration via Code Email Subject Template  This governs the \"courier.templates.registration_code.valid.email.subject\" setting. | [optional] |
+| **kratos_courier_templates_registration_code_valid_sms_body_plaintext** | **String** | Configures the Ory Kratos Valid Registration via Code SMS Body Plaintext Template  This governs the \"courier.templates.registration_code.valid.sms.body.plaintext\" setting. | [optional] |
+| **kratos_courier_templates_verification_code_invalid_email_body_html** | **String** | Configures the Ory Kratos Invalid Verification via Code Email Body HTML Template  This governs the \"courier.templates.verification_code.invalid.email.body.html\" setting. | [optional] |
+| **kratos_courier_templates_verification_code_invalid_email_body_plaintext** | **String** | Configures the Ory Kratos Invalid Verification via Code Email Body Plaintext Template  This governs the \"courier.templates.verification_code.invalid.email.body.plaintext\" setting. | [optional] |
+| **kratos_courier_templates_verification_code_invalid_email_subject** | **String** | Configures the Ory Kratos Invalid Verification via Code Email Subject Template  This governs the \"courier.templates.verification_code.invalid.email.subject\" setting. | [optional] |
+| **kratos_courier_templates_verification_code_valid_email_body_html** | **String** | Configures the Ory Kratos Valid Verification via Code Email Body HTML Template  This governs the \"courier.templates.verification_code.valid.email.body.html\" setting. | [optional] |
+| **kratos_courier_templates_verification_code_valid_email_body_plaintext** | **String** | Configures the Ory Kratos Valid Verification via Code Email Body Plaintext Template  This governs the \"courier.templates.verification_code.valid.email.body.plaintext\" setting. | [optional] |
+| **kratos_courier_templates_verification_code_valid_email_subject** | **String** | Configures the Ory Kratos Valid Verification via Code Email Subject Template  This governs the \"courier.templates.verification_code.valid.email.subject\" setting. | [optional] |
+| **kratos_courier_templates_verification_code_valid_sms_body_plaintext** | **String** | Configures the Ory Kratos Valid Verification via Code SMS Body Plaintext  This governs the \"courier.templates.verification_code.valid.sms.body.plaintext\" setting. | [optional] |
+| **kratos_courier_templates_verification_invalid_email_body_html** | **String** | Configures the Ory Kratos Invalid Verification Email Body HTML Template  This governs the \"courier.templates.verification.invalid.email.body.html\" setting. | [optional] |
+| **kratos_courier_templates_verification_invalid_email_body_plaintext** | **String** | Configures the Ory Kratos Invalid Verification Email Body Plaintext Template  This governs the \"courier.templates.verification.invalid.email.body.plaintext\" setting. | [optional] |
+| **kratos_courier_templates_verification_invalid_email_subject** | **String** | Configures the Ory Kratos Invalid Verification Email Subject Template  This governs the \"courier.templates.verification.invalid.email.subject\" setting. | [optional] |
+| **kratos_courier_templates_verification_valid_email_body_html** | **String** | Configures the Ory Kratos Valid Verification Email Body HTML Template  This governs the \"courier.templates.verification.valid.email.body.html\" setting. | [optional] |
+| **kratos_courier_templates_verification_valid_email_body_plaintext** | **String** | Configures the Ory Kratos Valid Verification Email Body Plaintext Template  This governs the \"courier.templates.verification.valid.email.body.plaintext\" setting. | [optional] |
+| **kratos_courier_templates_verification_valid_email_subject** | **String** | Configures the Ory Kratos Valid Verification Email Subject Template  This governs the \"courier.templates.verification.valid.email.subject\" setting. | [optional] |
 | **kratos_feature_flags_cacheable_sessions** | **Boolean** | Configures the Ory Kratos Session caching feature flag  This governs the \"feature_flags.cacheable_sessions\" setting. | [optional] |
 | **kratos_feature_flags_cacheable_sessions_max_age** | **String** | Configures the Ory Kratos Session caching max-age feature flag  This governs the \"feature_flags.cacheable_sessions_max_age\" setting. | [optional] |
 | **kratos_feature_flags_choose_recovery_address** | **Boolean** | This governs the \"feature_flags.choose_recovery_address\" setting. | [optional] |
@@ -125,28 +126,28 @@
 | **kratos_feature_flags_legacy_continue_with_verification_ui** | **Boolean** | Always include show_verification_ui in continue_with  If true, restores the legacy behavior of always including `show_verification_ui` in the registration flow's `continue_with` when verification is enabled. If set to false, `show_verification_ui` is only set in `continue_with` if the `show_verification_ui` hook is used. This flag will be removed in the future.  This governs the \"feature_flags.legacy_continue_with_verification_ui\" setting. | [optional] |
 | **kratos_feature_flags_legacy_oidc_registration_node_group** | **Boolean** | Controls whether the UI nodes in an OIDC registration flow have group \"oidc\" in case required fields are not returned by the OIDC provider.  If set to true, the UI nodes will have group \"oidc\" and the flow will be considered successful if the user completes the flow. This is the legacy behavior.  This governs the \"feature_flags.legacy_oidc_registration_node_group\" setting. | [optional] |
 | **kratos_feature_flags_legacy_require_verified_login_error** | **Boolean** | Return a form error if the login identifier is not verified  If true, the login flow will return a form error if the login identifier is not verified, which restores legacy behavior. If this value is false, the `continue_with` array will contain a `show_verification_ui` hook instead.  This flag is deprecated and will be removed in the future.  This governs the \"feature_flags.legacy_require_verified_login_error\" setting. | [optional] |
-| **kratos_feature_flags_password_profile_registration_node_group** | **Boolean** | Configures the group for the password method in the registration flow.  If true, it sets the password method group value to \"password\" if it is the only method available. This is the legacy behavior. If false is, it sets the password method group value to \"default\". | [optional] |
+| **kratos_feature_flags_password_profile_registration_node_group** | **Boolean** | Configures the group for the password method in the registration flow.  If true, it sets the password method group value to \"password\" if it is the only method available. This is the legacy behavior. If false is, it sets the password method group value to \"default\".  This governs the \"feature_flags.password_profile_registration_node_group\" setting. | [optional] |
 | **kratos_feature_flags_use_continue_with_transitions** | **Boolean** | Configures the Ory Kratos Session use_continue_with_transitions flag  This governs the \"feature_flags.use_continue_with_transitions\" setting. | [optional] |
 | **kratos_identity_schemas** | [**Array<NormalizedProjectRevisionIdentitySchema>**](NormalizedProjectRevisionIdentitySchema.md) |  | [optional] |
-| **kratos_oauth2_provider_headers** | **Object** | NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable- | [optional] |
-| **kratos_oauth2_provider_override_return_to** | **Boolean** | Kratos OAuth2 Provider Override Return To  Enabling this allows Kratos to set the return_to parameter automatically to the OAuth2 request URL on the login flow, allowing complex flows such as recovery to continue to the initial OAuth2 flow. | [optional] |
+| **kratos_oauth2_provider_headers** | **Object** | Configures the OAuth2 Provider Integration HTTP Headers  This governs the \"oauth2_provider.headers\" setting. | [optional] |
+| **kratos_oauth2_provider_override_return_to** | **Boolean** | Kratos OAuth2 Provider Override Return To  Enabling this allows Kratos to set the return_to parameter automatically to the OAuth2 request URL on the login flow, allowing complex flows such as recovery to continue to the initial OAuth2 flow.  This governs the \"oauth2_provider.override_return_to\" setting. | [optional] |
 | **kratos_oauth2_provider_url** | **String** | The Revisions' OAuth2 Provider Integration URL  This governs the \"oauth2_provider.url\" setting. | [optional] |
-| **kratos_preview_default_read_consistency_level** | **String** | Configures the default read consistency level for identity APIs  This governs the `preview.default_read_consistency_level` setting.  The read consistency level determines the consistency guarantee for reads:  strong (slow): The read is guaranteed to return the most recent data committed at the start of the read. eventual (very fast): The result will return data that is about 4.8 seconds old.  Setting the default consistency level to `eventual` may cause regressions in the future as we add consistency controls to more APIs. Currently, the following APIs will be affected by this setting:  `GET /admin/identities`  Defaults to \"strong\" for new and existing projects. This feature is in preview. Use with caution. | [optional] |
-| **kratos_secrets_cipher** | **Array<String>** |  | [optional] |
-| **kratos_secrets_cookie** | **Array<String>** |  | [optional] |
-| **kratos_secrets_default** | **Array<String>** |  | [optional] |
-| **kratos_secrets_pagination** | **Array<String>** |  | [optional] |
-| **kratos_security_account_enumeration_mitigate** | **Boolean** | Configures if account enumeration should be mitigated when using identifier first login. | [optional] |
-| **kratos_selfservice_allowed_return_urls** | **Array<String>** |  | [optional] |
-| **kratos_selfservice_default_browser_return_url** | **String** | Configures the Ory Kratos Default Return URL  This governs the \"selfservice.allowed_return_urls\" setting. | [optional] |
+| **kratos_preview_default_read_consistency_level** | **String** | Configures the default read consistency level for identity APIs  The read consistency level determines the consistency guarantee for reads:  strong (slow): The read is guaranteed to return the most recent data committed at the start of the read. eventual (very fast): The result will return data that is about 4.8 seconds old.  Setting the default consistency level to `eventual` may cause regressions in the future as we add consistency controls to more APIs. Currently, the following APIs will be affected by this setting:  `GET /admin/identities`  Defaults to \"strong\" for new and existing projects. This feature is in preview. Use with caution. This governs the \"preview.default_read_consistency_level\" setting. | [optional] |
+| **kratos_secrets_cipher** | **Array<String>** | Configures the Ory Kratos Cipher Secret  This governs the \"secrets.cipher\" setting. | [optional] |
+| **kratos_secrets_cookie** | **Array<String>** | Configures the Ory Kratos Cookie Secret  This governs the \"secrets.cookie\" setting. | [optional] |
+| **kratos_secrets_default** | **Array<String>** | Configures the Ory Kratos Default Secret  This governs the \"secrets.default\" setting. | [optional] |
+| **kratos_secrets_pagination** | **Array<String>** | Configures the Ory Kratos Pagination Secret  This governs the \"secrets.pagination\" setting. | [optional] |
+| **kratos_security_account_enumeration_mitigate** | **Boolean** | Configures if account enumeration should be mitigated when using identifier first login.  This governs the \"security.account_enumeration.mitigate\" setting. | [optional] |
+| **kratos_selfservice_allowed_return_urls** | **Array<String>** | Configures the Ory Kratos Allowed Return URLs  This governs the \"selfservice.allowed_return_urls\" setting. | [optional] |
+| **kratos_selfservice_default_browser_return_url** | **String** | Configures the Ory Kratos Default Return URL  This governs the \"selfservice.default_browser_return_url\" setting. | [optional] |
 | **kratos_selfservice_flows_error_ui_url** | **String** | Configures the Ory Kratos Error UI URL  This governs the \"selfservice.flows.error.ui_url\" setting. | [optional] |
-| **kratos_selfservice_flows_login_after_code_default_browser_return_url** | **String** | Configures the Ory Kratos Login After Password Default Return URL  This governs the \"selfservice.flows.code.after.password.default_browser_return_url\" setting. | [optional] |
+| **kratos_selfservice_flows_login_after_code_default_browser_return_url** | **String** | Configures the Ory Kratos Login After Code Default Return URL  This governs the \"selfservice.flows.login.after.code.default_browser_return_url\" setting. | [optional] |
 | **kratos_selfservice_flows_login_after_default_browser_return_url** | **String** | Configures the Ory Kratos Login Default Return URL  This governs the \"selfservice.flows.login.after.default_browser_return_url\" setting. | [optional] |
-| **kratos_selfservice_flows_login_after_lookup_secret_default_browser_return_url** | **String** | Configures the Ory Kratos Login After Password Default Return URL  This governs the \"selfservice.flows.lookup_secret.after.password.default_browser_return_url\" setting. | [optional] |
+| **kratos_selfservice_flows_login_after_lookup_secret_default_browser_return_url** | **String** | Configures the Ory Kratos Login After Lookup Secret Default Return URL  This governs the \"selfservice.flows.login.after.lookup_secret.default_browser_return_url\" setting. | [optional] |
 | **kratos_selfservice_flows_login_after_oidc_default_browser_return_url** | **String** | Configures the Ory Kratos Login After OIDC Default Return URL  This governs the \"selfservice.flows.login.after.oidc.default_browser_return_url\" setting. | [optional] |
 | **kratos_selfservice_flows_login_after_passkey_default_browser_return_url** | **String** | Configures the Ory Kratos Login After Passkey Default Return URL  This governs the \"selfservice.flows.login.after.passkey.default_browser_return_url\" setting. | [optional] |
 | **kratos_selfservice_flows_login_after_password_default_browser_return_url** | **String** | Configures the Ory Kratos Login After Password Default Return URL  This governs the \"selfservice.flows.login.after.password.default_browser_return_url\" setting. | [optional] |
-| **kratos_selfservice_flows_login_after_totp_default_browser_return_url** | **String** | Configures the Ory Kratos Login After Password Default Return URL  This governs the \"selfservice.flows.totp.after.password.default_browser_return_url\" setting. | [optional] |
+| **kratos_selfservice_flows_login_after_totp_default_browser_return_url** | **String** | Configures the Ory Kratos Login After TOTP Default Return URL  This governs the \"selfservice.flows.login.after.totp.default_browser_return_url\" setting. | [optional] |
 | **kratos_selfservice_flows_login_after_webauthn_default_browser_return_url** | **String** | Configures the Ory Kratos Login After WebAuthn Default Return URL  This governs the \"selfservice.flows.login.after.webauthn.default_browser_return_url\" setting. | [optional] |
 | **kratos_selfservice_flows_login_lifespan** | **String** | Configures the Ory Kratos Login Lifespan  This governs the \"selfservice.flows.login.lifespan\" setting. | [optional] |
 | **kratos_selfservice_flows_login_style** | **String** | Configures the Ory Kratos Login Flow Style  This governs the \"selfservice.flows.login.style\" setting. Possible values are \"unified\" and \"identifier_first\". | [optional] |
@@ -161,7 +162,7 @@
 | **kratos_selfservice_flows_registration_after_code_default_browser_return_url** | **String** | Configures the Ory Kratos Registration After Code Default Return URL  This governs the \"selfservice.flows.registration.after.code.default_browser_return_url\" setting. | [optional] |
 | **kratos_selfservice_flows_registration_after_default_browser_return_url** | **String** | Configures the Ory Kratos Registration Default Return URL  This governs the \"selfservice.flows.registration.after.default_browser_return_url\" setting. | [optional] |
 | **kratos_selfservice_flows_registration_after_oidc_default_browser_return_url** | **String** | Configures the Ory Kratos Registration After OIDC Default Return URL  This governs the \"selfservice.flows.registration.after.oidc.default_browser_return_url\" setting. | [optional] |
-| **kratos_selfservice_flows_registration_after_passkey_default_browser_return_url** | **String** | Configures the Ory Kratos Registration After Passkey Default Return URL  This governs the \"selfservice.flows.registration.after.password.default_browser_return_url\" setting. | [optional] |
+| **kratos_selfservice_flows_registration_after_passkey_default_browser_return_url** | **String** | Configures the Ory Kratos Registration After Passkey Default Return URL  This governs the \"selfservice.flows.registration.after.passkey.default_browser_return_url\" setting. | [optional] |
 | **kratos_selfservice_flows_registration_after_password_default_browser_return_url** | **String** | Configures the Ory Kratos Registration After Password Default Return URL  This governs the \"selfservice.flows.registration.after.password.default_browser_return_url\" setting. | [optional] |
 | **kratos_selfservice_flows_registration_after_webauthn_default_browser_return_url** | **String** | Configures the Ory Kratos Registration After Webauthn Default Return URL  This governs the \"selfservice.flows.registration.after.webauthn.default_browser_return_url\" setting. | [optional] |
 | **kratos_selfservice_flows_registration_enable_legacy_one_step** | **Boolean** | Disable two-step registration  Two-step registration is a significantly improved sign up flow and recommended when using more than one sign up methods. To revert to one-step registration, set this to `true`.  This governs the \"selfservice.flows.registration.enable_legacy_one_step\" setting. | [optional] |
@@ -187,16 +188,16 @@
 | **kratos_selfservice_flows_verification_notify_unknown_recipients** | **Boolean** | Configures whether to notify unknown recipients of a Ory Kratos verification flow  This governs the \"selfservice.flows.verification.notify_unknown_recipients\" setting. | [optional] |
 | **kratos_selfservice_flows_verification_ui_url** | **String** | Configures the Ory Kratos Verification UI URL  This governs the \"selfservice.flows.verification.ui_url\" setting. | [optional] |
 | **kratos_selfservice_flows_verification_use** | **String** | Configures the Ory Kratos Strategy to use for Verification  This governs the \"selfservice.flows.verification.use\" setting. link SelfServiceMessageVerificationStrategyLink code SelfServiceMessageVerificationStrategyCode | [optional] |
-| **kratos_selfservice_methods_captcha_config_allowed_domains** | **Array<String>** |  | [optional] |
-| **kratos_selfservice_methods_captcha_config_byo** | **Boolean** | Configures whether to use BYO or managed widget  Reach out to your account manager to enable this feature. | [optional] |
-| **kratos_selfservice_methods_captcha_config_cf_turnstile_byo_secret** | **String** | Configures the Cloudflare Turnstile site secret for Ory BYO CAPTCHA protection  The site secret is private and will be never be shared with the client. This key is write only and the value will not be returned in response to a read request.  Reach out to your account manager to enable this feature. | [optional] |
-| **kratos_selfservice_methods_captcha_config_cf_turnstile_byo_sitekey** | **String** | Configures the Cloudflare Turnstile site key for Ory BYO CAPTCHA protection  The site key is public and will be shared with the client.  Reach out to your account manager to enable this feature. | [optional] |
-| **kratos_selfservice_methods_captcha_config_cf_turnstile_secret** | **String** | Configures the Cloudflare Turnstile site secret for managed CAPTCHA protection  The site secret is private and will be never be shared with the client. This key is write only and the value will not be returned in response to a read request.  Reach out to your account manager to enable this feature. | [optional] |
-| **kratos_selfservice_methods_captcha_config_cf_turnstile_sitekey** | **String** | Configures the Cloudflare Turnstile site key for managed CAPTCHA protection  The site key is public and will be shared with the client.  Reach out to your account manager to enable this feature. | [optional] |
-| **kratos_selfservice_methods_captcha_config_legacy_inject_node** | **Boolean** | Configures the Ory Kratos Self-Service Methods' Captcha Enabled Setting  Reach out to your account manager to enable this feature. | [optional] |
-| **kratos_selfservice_methods_captcha_enabled** | **Boolean** | Configures the Ory Kratos Self-Service Methods' Captcha Enabled Setting  Reach out to your account manager to enable this feature. | [optional] |
+| **kratos_selfservice_methods_captcha_config_allowed_domains** | **Array<String>** | Configures the CAPTCHA allowed domains list  This governs the \"selfservice.methods.captcha.config.allowed_domains\" setting. | [optional] |
+| **kratos_selfservice_methods_captcha_config_byo** | **Boolean** | Configures whether to use BYO or managed widget  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.config.byo\" setting. | [optional] |
+| **kratos_selfservice_methods_captcha_config_cf_turnstile_byo_secret** | **String** | Configures the Cloudflare Turnstile site secret for Ory BYO CAPTCHA protection  The site secret is private and will be never be shared with the client. This key is write only and the value will not be returned in response to a read request.  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.config.cf_turnstile.secret\" setting. | [optional] |
+| **kratos_selfservice_methods_captcha_config_cf_turnstile_byo_sitekey** | **String** | Configures the Cloudflare Turnstile site key for Ory BYO CAPTCHA protection  The site key is public and will be shared with the client.  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.config.cf_turnstile.sitekey\" setting. | [optional] |
+| **kratos_selfservice_methods_captcha_config_cf_turnstile_secret** | **String** | Configures the Cloudflare Turnstile site secret for managed CAPTCHA protection  The site secret is private and will be never be shared with the client. This key is write only and the value will not be returned in response to a read request.  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.config.cf_turnstile.secret\" setting. | [optional] |
+| **kratos_selfservice_methods_captcha_config_cf_turnstile_sitekey** | **String** | Configures the Cloudflare Turnstile site key for managed CAPTCHA protection  The site key is public and will be shared with the client.  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.config.cf_turnstile.sitekey\" setting. | [optional] |
+| **kratos_selfservice_methods_captcha_config_legacy_inject_node** | **Boolean** | Configures legacy CAPTCHA node injection behavior  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.config.legacy_inject_node\" setting. | [optional] |
+| **kratos_selfservice_methods_captcha_enabled** | **Boolean** | Configures the Ory Kratos Self-Service Methods' Captcha Enabled Setting  Reach out to your account manager to enable this feature.  This governs the \"selfservice.methods.captcha.enabled\" setting. | [optional] |
 | **kratos_selfservice_methods_code_config_lifespan** | **String** | Configures the Ory Kratos Code Method's lifespan  This governs the \"selfservice.methods.code.config.lifespan\" setting. | [optional] |
-| **kratos_selfservice_methods_code_config_max_submissions** | **Integer** |  | [optional] |
+| **kratos_selfservice_methods_code_config_max_submissions** | **Integer** | Configures the maximum number of attempts to submit a one-time code in kratos.  This governs the \"selfservice.methods.code.max_submissions\" setting. | [optional] |
 | **kratos_selfservice_methods_code_config_missing_credential_fallback_enabled** | **Boolean** | Enables a fallback method required in certain legacy use cases.  This governs the \"selfservice.methods.code.config.missing_credential_fallback_enabled\" setting. | [optional] |
 | **kratos_selfservice_methods_code_enabled** | **Boolean** | Configures whether Ory Kratos Code Method is enabled  This governs the \"selfservice.methods.code.enabled\" setting. | [optional] |
 | **kratos_selfservice_methods_code_mfa_enabled** | **Boolean** | Configures whether the code method can be used to fulfil MFA flows  This governs the \"selfservice.methods.code.mfa_enabled\" setting. | [optional] |
@@ -212,7 +213,7 @@
 | **kratos_selfservice_methods_oidc_enabled** | **Boolean** | Configures whether Ory Kratos Third Party / OpenID Connect Login is enabled  This governs the \"selfservice.methods.oidc.enabled\" setting. | [optional] |
 | **kratos_selfservice_methods_passkey_config_rp_display_name** | **String** | Configures the Ory Kratos Passkey RP Display Name  This governs the \"selfservice.methods.passkey.config.rp.display_name\" setting. | [optional] |
 | **kratos_selfservice_methods_passkey_config_rp_id** | **String** | Configures the Ory Kratos Passkey RP ID  This governs the \"selfservice.methods.passkey.config.rp.id\" setting. | [optional] |
-| **kratos_selfservice_methods_passkey_config_rp_origins** | **Array<String>** |  | [optional] |
+| **kratos_selfservice_methods_passkey_config_rp_origins** | **Array<String>** | Configures the Ory Kratos Passkey RP Origins  This governs the \"selfservice.methods.passkey.config.rp.origins\" setting. | [optional] |
 | **kratos_selfservice_methods_passkey_enabled** | **Boolean** | Configures whether Ory Kratos Passkey authentication is enabled  This governs the \"selfservice.methods.passkey.enabled\" setting. | [optional] |
 | **kratos_selfservice_methods_password_config_haveibeenpwned_enabled** | **Boolean** | Configures whether Ory Kratos Password HIBP Checks is enabled  This governs the \"selfservice.methods.password.config.haveibeenpwned_enabled\" setting. | [optional] |
 | **kratos_selfservice_methods_password_config_identifier_similarity_check_enabled** | **Boolean** | Configures whether Ory Kratos Password should disable the similarity policy.  This governs the \"selfservice.methods.password.config.identifier_similarity_check_enabled\" setting. | [optional] |
@@ -229,7 +230,7 @@
 | **kratos_selfservice_methods_webauthn_config_rp_display_name** | **String** | Configures the Ory Kratos Webauthn RP Display Name  This governs the \"selfservice.methods.webauthn.config.rp.display_name\" setting. | [optional] |
 | **kratos_selfservice_methods_webauthn_config_rp_icon** | **String** | Configures the Ory Kratos Webauthn RP Icon  This governs the \"selfservice.methods.webauthn.config.rp.icon\" setting. Deprecated: This value will be ignored due to security considerations. | [optional] |
 | **kratos_selfservice_methods_webauthn_config_rp_id** | **String** | Configures the Ory Kratos Webauthn RP ID  This governs the \"selfservice.methods.webauthn.config.rp.id\" setting. | [optional] |
-| **kratos_selfservice_methods_webauthn_config_rp_origins** | **Array<String>** |  | [optional] |
+| **kratos_selfservice_methods_webauthn_config_rp_origins** | **Array<String>** | Configures the Ory Kratos Webauthn RP Origins  This governs the \"selfservice.methods.webauthn.config.rp.origins\" setting. | [optional] |
 | **kratos_selfservice_methods_webauthn_enabled** | **Boolean** | Configures whether Ory Kratos Webauthn is enabled  This governs the \"selfservice.methods.webauthn.enabled\" setting. | [optional] |
 | **kratos_session_cookie_persistent** | **Boolean** | Configures the Ory Kratos Session Cookie Persistent Attribute  This governs the \"session.cookie.persistent\" setting. | [optional] |
 | **kratos_session_cookie_same_site** | **String** | Configures the Ory Kratos Session Cookie SameSite Attribute  This governs the \"session.cookie.same_site\" setting. | [optional] |
@@ -241,9 +242,9 @@
 | **project_id** | **String** | The Revision's Project ID | [optional] |
 | **project_revision_hooks** | [**Array<NormalizedProjectRevisionHook>**](NormalizedProjectRevisionHook.md) |  | [optional] |
 | **scim_clients** | [**Array<NormalizedProjectRevisionScimClient>**](NormalizedProjectRevisionScimClient.md) |  | [optional] |
-| **serve_admin_cors_allowed_origins** | **Array<String>** |  | [optional] |
+| **serve_admin_cors_allowed_origins** | **Array<String>** | Configures the CORS Allowed Origins on admin APIs  This governs the \"serve.admin.cors.allowed_origins\" setting. | [optional] |
 | **serve_admin_cors_enabled** | **Boolean** | Enable CORS headers on all admin APIs  This governs the \"serve.admin.cors.enabled\" setting. | [optional] |
-| **serve_public_cors_allowed_origins** | **Array<String>** |  | [optional] |
+| **serve_public_cors_allowed_origins** | **Array<String>** | Configures the CORS Allowed Origins on public APIs  This governs the \"serve.public.cors.allowed_origins\" setting. | [optional] |
 | **serve_public_cors_enabled** | **Boolean** | Enable CORS headers on all public APIs  This governs the \"serve.public.cors.enabled\" setting. | [optional] |
 | **strict_security** | **Boolean** | Whether the project should employ strict security measures. Setting this to true is recommended for going into production. | [optional] |
 | **updated_at** | **Time** | Last Time Project's Revision was Updated | [optional][readonly] |
@@ -280,6 +281,7 @@ instance = OryClient::CreateProjectNormalizedPayload.new(
   hydra_oauth2_mirror_top_level_claims: null,
   hydra_oauth2_pkce_enforced: null,
   hydra_oauth2_pkce_enforced_for_public_clients: null,
+  hydra_oauth2_preserve_ext_claims: null,
   hydra_oauth2_refresh_token_hook: null,
   hydra_oauth2_token_hook: null,
   hydra_oidc_dynamic_client_registration_default_scope: null,

data/docs/DeviceUserAuthRequest.md

@@ -8,8 +8,8 @@
 | **client** | [**OAuth2Client**](OAuth2Client.md) |  | [optional] |
 | **handled_at** | **Time** |  | [optional] |
 | **request_url** | **String** | RequestURL is the original Device Authorization URL requested. | [optional] |
-| **requested_access_token_audience** | **Array<String>** |  | [optional] |
-| **requested_scope** | **Array<String>** |  | [optional] |
+| **requested_access_token_audience** | **Array<String>** | RequestedAudience contains the access token audience as requested by the OAuth 2.0 Client. | [optional] |
+| **requested_scope** | **Array<String>** | RequestedScope contains the OAuth 2.0 Scope requested by the OAuth 2.0 Client. | [optional] |
 
 ## Example