ory-client 1.22.38 → 1.22.40

data/docs/IdentityApi.md

@@ -8,6 +8,7 @@ All URIs are relative to *https://playground.projects.oryapis.com*
 | [**create_identity**](IdentityApi.md#create_identity) | **POST** /admin/identities | Create an Identity |
 | [**create_recovery_code_for_identity**](IdentityApi.md#create_recovery_code_for_identity) | **POST** /admin/recovery/code | Create a Recovery Code |
 | [**create_recovery_link_for_identity**](IdentityApi.md#create_recovery_link_for_identity) | **POST** /admin/recovery/link | Create a Recovery Link |
+| [**create_test_login_flow**](IdentityApi.md#create_test_login_flow) | **POST** /admin/test-login-flows | Create a test OIDC login flow |
 | [**delete_identity**](IdentityApi.md#delete_identity) | **DELETE** /admin/identities/{id} | Delete an Identity |
 | [**delete_identity_credentials**](IdentityApi.md#delete_identity_credentials) | **DELETE** /admin/identities/{id}/credentials/{type} | Delete a credential for a specific identity |
 | [**delete_identity_sessions**](IdentityApi.md#delete_identity_sessions) | **DELETE** /admin/identities/{id}/sessions | Delete & Invalidate an Identity's Sessions |
@@ -21,6 +22,7 @@ All URIs are relative to *https://playground.projects.oryapis.com*
 | [**list_identity_schemas**](IdentityApi.md#list_identity_schemas) | **GET** /schemas | Get all Identity Schemas |
 | [**list_identity_sessions**](IdentityApi.md#list_identity_sessions) | **GET** /admin/identities/{id}/sessions | List an Identity's Sessions |
 | [**list_sessions**](IdentityApi.md#list_sessions) | **GET** /admin/sessions | List All Sessions |
+| [**manage_sessions**](IdentityApi.md#manage_sessions) | **POST** /admin/sessions | Manage sessions in bulk |
 | [**patch_identity**](IdentityApi.md#patch_identity) | **PATCH** /admin/identities/{id} | Patch an Identity |
 | [**update_identity**](IdentityApi.md#update_identity) | **PUT** /admin/identities/{id} | Update an Identity |
 
@@ -311,6 +313,75 @@ end
 - **Accept**: application/json
 
 
+## create_test_login_flow
+
+> <LoginFlow> create_test_login_flow(create_test_login_flow_body)
+
+Create a test OIDC login flow
+
+Creates a dry-run OIDC test login flow pre-scoped to one provider. The returned flow carries a single-submit UI and a CSRF bearer token. No identity is persisted and no session is issued when the flow completes; the captured debug data is returned in the flow's test_context.
+
+### Examples
+
+```ruby
+require 'time'
+require 'ory-client'
+# setup authorization
+OryClient.configure do |config|
+  # Configure Bearer authorization: oryAccessToken
+  config.access_token = 'YOUR_BEARER_TOKEN'
+end
+
+api_instance = OryClient::IdentityApi.new
+create_test_login_flow_body = OryClient::CreateTestLoginFlowBody.new({provider_id: 'provider_id_example'}) # CreateTestLoginFlowBody | 
+
+begin
+  # Create a test OIDC login flow
+  result = api_instance.create_test_login_flow(create_test_login_flow_body)
+  p result
+rescue OryClient::ApiError => e
+  puts "Error when calling IdentityApi->create_test_login_flow: #{e}"
+end
+```
+
+#### Using the create_test_login_flow_with_http_info variant
+
+This returns an Array which contains the response data, status code and headers.
+
+> <Array(<LoginFlow>, Integer, Hash)> create_test_login_flow_with_http_info(create_test_login_flow_body)
+
+```ruby
+begin
+  # Create a test OIDC login flow
+  data, status_code, headers = api_instance.create_test_login_flow_with_http_info(create_test_login_flow_body)
+  p status_code # => 2xx
+  p headers # => { ... }
+  p data # => <LoginFlow>
+rescue OryClient::ApiError => e
+  puts "Error when calling IdentityApi->create_test_login_flow_with_http_info: #{e}"
+end
+```
+
+### Parameters
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **create_test_login_flow_body** | [**CreateTestLoginFlowBody**](CreateTestLoginFlowBody.md) |  |  |
+
+### Return type
+
+[**LoginFlow**](LoginFlow.md)
+
+### Authorization
+
+[oryAccessToken](../README.md#oryAccessToken)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+
 ## delete_identity
 
 > delete_identity(id)
@@ -400,7 +471,7 @@ end
 
 api_instance = OryClient::IdentityApi.new
 id = 'id_example' # String | ID is the identity's ID.
-type = 'password' # String | Type is the type of credentials to delete. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode
+type = 'password' # String | Type is the type of credentials to delete. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn identifier_first CredentialsTypeIdentifierFirst link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode
 opts = {
   identifier: 'identifier_example' # String | Identifier is the identifier of the OIDC/SAML credential to delete. Find the identifier by calling the `GET /admin/identities/{id}?include_credential={oidc,saml}` endpoint.
 }
@@ -436,7 +507,7 @@ end
 | Name | Type | Description | Notes |
 | ---- | ---- | ----------- | ----- |
 | **id** | **String** | ID is the identity&#39;s ID. |  |
-| **type** | **String** | Type is the type of credentials to delete. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode |  |
+| **type** | **String** | Type is the type of credentials to delete. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn identifier_first CredentialsTypeIdentifierFirst link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode |  |
 | **identifier** | **String** | Identifier is the identifier of the OIDC/SAML credential to delete. Find the identifier by calling the &#x60;GET /admin/identities/{id}?include_credential&#x3D;{oidc,saml}&#x60; endpoint. | [optional] |
 
 ### Return type
@@ -1260,6 +1331,75 @@ end
 - **Accept**: application/json
 
 
+## manage_sessions
+
+> <ManageSessionsResponse> manage_sessions(manage_sessions_body)
+
+Manage sessions in bulk
+
+Disable or delete sessions for a list of identities or a list of sessions in a single call. The `action` field selects the operation:  `disable` — deactivate matching sessions (sets `active = false`, preserves audit data). `delete` — permanently delete matching sessions.  Exactly one of `identities` or `sessions` must be provided. To scope the operation to every session in the network, pass `identities: [\"*\"]`; the wildcard is not accepted in the `sessions` field. Up to 500 explicit IDs are accepted per call.  All requests return `200 OK` with `{processed, more}`. `processed` reports how many rows the call affected; for `disable` it counts only sessions that were active before the call. `more` is `true` only when a wildcard request reached the per-call batch limit and additional rows may remain; callers drain the network by re-issuing the same request while `more` is `true`. Explicit-IDs requests always return `more: false`.
+
+### Examples
+
+```ruby
+require 'time'
+require 'ory-client'
+# setup authorization
+OryClient.configure do |config|
+  # Configure Bearer authorization: oryAccessToken
+  config.access_token = 'YOUR_BEARER_TOKEN'
+end
+
+api_instance = OryClient::IdentityApi.new
+manage_sessions_body = OryClient::ManageSessionsBody.new({action: 'disable'}) # ManageSessionsBody | 
+
+begin
+  # Manage sessions in bulk
+  result = api_instance.manage_sessions(manage_sessions_body)
+  p result
+rescue OryClient::ApiError => e
+  puts "Error when calling IdentityApi->manage_sessions: #{e}"
+end
+```
+
+#### Using the manage_sessions_with_http_info variant
+
+This returns an Array which contains the response data, status code and headers.
+
+> <Array(<ManageSessionsResponse>, Integer, Hash)> manage_sessions_with_http_info(manage_sessions_body)
+
+```ruby
+begin
+  # Manage sessions in bulk
+  data, status_code, headers = api_instance.manage_sessions_with_http_info(manage_sessions_body)
+  p status_code # => 2xx
+  p headers # => { ... }
+  p data # => <ManageSessionsResponse>
+rescue OryClient::ApiError => e
+  puts "Error when calling IdentityApi->manage_sessions_with_http_info: #{e}"
+end
+```
+
+### Parameters
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **manage_sessions_body** | [**ManageSessionsBody**](ManageSessionsBody.md) |  |  |
+
+### Return type
+
+[**ManageSessionsResponse**](ManageSessionsResponse.md)
+
+### Authorization
+
+[oryAccessToken](../README.md#oryAccessToken)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+
 ## patch_identity
 
 > <Identity> patch_identity(id, opts)

data/docs/IdentityCredentials.md

@@ -7,7 +7,7 @@
 | **config** | **Object** |  | [optional] |
 | **created_at** | **Time** | CreatedAt is a helper struct field for gobuffalo.pop. | [optional] |
 | **identifiers** | **Array<String>** | Identifiers represent a list of unique identifiers this credential type matches. | [optional] |
-| **type** | **String** | Type discriminates between different types of credentials. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | [optional] |
+| **type** | **String** | Type discriminates between different types of credentials. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn identifier_first CredentialsTypeIdentifierFirst link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | [optional] |
 | **updated_at** | **Time** | UpdatedAt is a helper struct field for gobuffalo.pop. | [optional] |
 | **version** | **Integer** | Version refers to the version of the credential. Useful when changing the config schema. | [optional] |
 

data/docs/ImportAPIKeyRequest.md

@@ -0,0 +1,36 @@
+# OryClient::ImportAPIKeyRequest
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **actor_id** | **String** | actor_id is the identifier of the entity that owns this imported key. Required so every imported key is traceable to an actor for revocation and audit queries. | [optional] |
+| **ip_restriction** | [**IPRestriction**](IPRestriction.md) |  | [optional] |
+| **metadata** | **Object** | metadata is a free-form JSON object for caller-defined attributes (e.g., source, environment, tags). Values may be strings, numbers, booleans, arrays, objects, or null. Total serialized size is capped at 4KB. AIP-148 metadata field. | [optional] |
+| **name** | **String** |  | [optional] |
+| **rate_limit_policy** | [**RateLimitPolicy**](RateLimitPolicy.md) |  | [optional] |
+| **raw_key** | **String** |  | [optional] |
+| **request_id** | **String** |  | [optional] |
+| **scopes** | **Array<String>** |  | [optional] |
+| **ttl** | **String** | ttl sets the expiry as a duration from now. Encoded as a google.protobuf.Duration (string ending in \"s\", e.g. \"3600s\"). Accepted bounds: 1s to 315360000s (~10 years). If unset or zero, the project default TTL applies. For convenience, the server also accepts Go-style duration strings (\"24h\", \"30m\", \"1h30m\") and an extended unit set (\"1d\", \"1w\", \"1mo\", \"1y\"; approximations: 1mo = 30d, 1y = 365d). Clients should prefer the standard Duration encoding for portability. | [optional] |
+| **visibility** | [**KeyVisibility**](KeyVisibility.md) |  | [optional][default to 'KEY_VISIBILITY_UNSPECIFIED'] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::ImportAPIKeyRequest.new(
+  actor_id: null,
+  ip_restriction: null,
+  metadata: null,
+  name: null,
+  rate_limit_policy: null,
+  raw_key: null,
+  request_id: null,
+  scopes: null,
+  ttl: null,
+  visibility: null
+)
+```
+

data/docs/ImportedAPIKey.md

@@ -0,0 +1,46 @@
+# OryClient::ImportedAPIKey
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **actor_id** | **String** |  | [optional] |
+| **create_time** | **Time** |  | [optional] |
+| **expire_time** | **Time** |  | [optional] |
+| **ip_restriction** | [**IPRestriction**](IPRestriction.md) |  | [optional] |
+| **key_id** | **String** |  | [optional] |
+| **last_used_time** | **Time** |  | [optional] |
+| **metadata** | **Object** | metadata is a free-form JSON object for caller-defined attributes (e.g., source, environment, tags). Values may be strings, numbers, booleans, arrays, objects, or null. Total serialized size is capped at 4KB. AIP-148 metadata field. | [optional] |
+| **name** | **String** |  | [optional] |
+| **rate_limit_policy** | [**RateLimitPolicy**](RateLimitPolicy.md) |  | [optional] |
+| **revocation_description** | **String** | revocation_description provides free-form context for a revocation. Only set when revocation_reason is PRIVILEGE_WITHDRAWN. JSON API change: field was formerly revocation_reason_text. Field number 13 is unchanged so the change is wire-compatible for binary proto encoding. | [optional] |
+| **revocation_reason** | [**RevocationReason**](RevocationReason.md) |  | [optional][default to 'REVOCATION_REASON_UNSPECIFIED'] |
+| **scopes** | **Array<String>** |  | [optional] |
+| **status** | [**KeyStatus**](KeyStatus.md) |  | [optional][default to 'KEY_STATUS_UNSPECIFIED'] |
+| **update_time** | **Time** |  | [optional] |
+| **visibility** | [**KeyVisibility**](KeyVisibility.md) |  | [optional][default to 'KEY_VISIBILITY_UNSPECIFIED'] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::ImportedAPIKey.new(
+  actor_id: null,
+  create_time: null,
+  expire_time: null,
+  ip_restriction: null,
+  key_id: null,
+  last_used_time: null,
+  metadata: null,
+  name: null,
+  rate_limit_policy: null,
+  revocation_description: null,
+  revocation_reason: null,
+  scopes: null,
+  status: null,
+  update_time: null,
+  visibility: null
+)
+```
+

data/docs/IssueAPIKeyRequest.md

@@ -0,0 +1,34 @@
+# OryClient::IssueAPIKeyRequest
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **actor_id** | **String** |  | [optional] |
+| **ip_restriction** | [**IPRestriction**](IPRestriction.md) |  | [optional] |
+| **metadata** | **Object** | metadata is a free-form JSON object for caller-defined attributes (e.g., source, environment, tags). Values may be strings, numbers, booleans, arrays, objects, or null. Total serialized size is capped at 4KB. AIP-148 metadata field. | [optional] |
+| **name** | **String** |  | [optional] |
+| **rate_limit_policy** | [**RateLimitPolicy**](RateLimitPolicy.md) |  | [optional] |
+| **request_id** | **String** |  | [optional] |
+| **scopes** | **Array<String>** |  | [optional] |
+| **ttl** | **String** | ttl sets the expiry as a duration from now. Encoded as a google.protobuf.Duration (string ending in \"s\", e.g. \"3600s\"). Accepted bounds: 1s to 315360000s (~10 years). If unset or zero, the project default TTL applies. For convenience, the server also accepts Go-style duration strings (\"24h\", \"30m\", \"1h30m\") and an extended unit set (\"1d\", \"1w\", \"1mo\", \"1y\"; approximations: 1mo = 30d, 1y = 365d). Clients should prefer the standard Duration encoding for portability. | [optional] |
+| **visibility** | [**KeyVisibility**](KeyVisibility.md) |  | [optional][default to 'KEY_VISIBILITY_UNSPECIFIED'] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::IssueAPIKeyRequest.new(
+  actor_id: null,
+  ip_restriction: null,
+  metadata: null,
+  name: null,
+  rate_limit_policy: null,
+  request_id: null,
+  scopes: null,
+  ttl: null,
+  visibility: null
+)
+```
+

data/docs/IssueAPIKeyResponse.md

@@ -0,0 +1,20 @@
+# OryClient::IssueAPIKeyResponse
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **issued_api_key** | [**IssuedAPIKey**](IssuedAPIKey.md) |  | [optional] |
+| **secret** | **String** |  | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::IssueAPIKeyResponse.new(
+  issued_api_key: null,
+  secret: null
+)
+```
+

data/docs/IssuedAPIKey.md

@@ -0,0 +1,46 @@
+# OryClient::IssuedAPIKey
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **actor_id** | **String** |  | [optional] |
+| **create_time** | **Time** |  | [optional] |
+| **expire_time** | **Time** |  | [optional] |
+| **ip_restriction** | [**IPRestriction**](IPRestriction.md) |  | [optional] |
+| **key_id** | **String** |  | [optional] |
+| **last_used_time** | **Time** |  | [optional] |
+| **metadata** | **Object** | metadata is a free-form JSON object for caller-defined attributes (e.g., source, environment, tags). Values may be strings, numbers, booleans, arrays, objects, or null. Total serialized size is capped at 4KB. AIP-148 metadata field. | [optional] |
+| **name** | **String** |  | [optional] |
+| **rate_limit_policy** | [**RateLimitPolicy**](RateLimitPolicy.md) |  | [optional] |
+| **revocation_description** | **String** | revocation_description provides free-form context for a revocation. Only set when revocation_reason is PRIVILEGE_WITHDRAWN. JSON API change: field was formerly revocation_reason_text. Field number 13 is unchanged so the change is wire-compatible for binary proto encoding. | [optional] |
+| **revocation_reason** | [**RevocationReason**](RevocationReason.md) |  | [optional][default to 'REVOCATION_REASON_UNSPECIFIED'] |
+| **scopes** | **Array<String>** |  | [optional] |
+| **status** | [**KeyStatus**](KeyStatus.md) |  | [optional][default to 'KEY_STATUS_UNSPECIFIED'] |
+| **update_time** | **Time** |  | [optional] |
+| **visibility** | [**KeyVisibility**](KeyVisibility.md) |  | [optional][default to 'KEY_VISIBILITY_UNSPECIFIED'] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::IssuedAPIKey.new(
+  actor_id: null,
+  create_time: null,
+  expire_time: null,
+  ip_restriction: null,
+  key_id: null,
+  last_used_time: null,
+  metadata: null,
+  name: null,
+  rate_limit_policy: null,
+  revocation_description: null,
+  revocation_reason: null,
+  scopes: null,
+  status: null,
+  update_time: null,
+  visibility: null
+)
+```
+

data/docs/KeyStatus.md

@@ -0,0 +1,15 @@
+# OryClient::KeyStatus
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::KeyStatus.new()
+```
+

data/docs/KeyVisibility.md

@@ -0,0 +1,15 @@
+# OryClient::KeyVisibility
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::KeyVisibility.new()
+```
+

data/docs/ListImportedAPIKeysResponse.md

@@ -0,0 +1,20 @@
+# OryClient::ListImportedAPIKeysResponse
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **imported_api_keys** | [**Array<ImportedAPIKey>**](ImportedAPIKey.md) |  | [optional] |
+| **next_page_token** | **String** |  | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::ListImportedAPIKeysResponse.new(
+  imported_api_keys: null,
+  next_page_token: null
+)
+```
+

data/docs/ListIssuedAPIKeysResponse.md

@@ -0,0 +1,20 @@
+# OryClient::ListIssuedAPIKeysResponse
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **issued_api_keys** | [**Array<IssuedAPIKey>**](IssuedAPIKey.md) |  | [optional] |
+| **next_page_token** | **String** |  | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::ListIssuedAPIKeysResponse.new(
+  issued_api_keys: null,
+  next_page_token: null
+)
+```
+

data/docs/LoginFlow.md

@@ -4,7 +4,7 @@
 
 | Name | Type | Description | Notes |
 | ---- | ---- | ----------- | ----- |
-| **active** | **String** | The active login method  If set contains the login method used. If the flow is new, it is unset. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | [optional] |
+| **active** | **String** | The active login method  If set contains the login method used. If the flow is new, it is unset. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn identifier_first CredentialsTypeIdentifierFirst link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | [optional] |
 | **created_at** | **Time** | CreatedAt is a helper struct field for gobuffalo.pop. | [optional] |
 | **expires_at** | **Time** | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated. |  |
 | **id** | **String** | ID represents the flow's unique ID. When performing the login flow, this represents the id in the login UI's query parameter: http://<selfservice.flows.login.ui_url>/?flow=<flow_id> |  |
@@ -19,6 +19,7 @@
 | **return_to** | **String** | ReturnTo contains the requested return_to URL. | [optional] |
 | **session_token_exchange_code** | **String** | SessionTokenExchangeCode holds the secret code that the client can use to retrieve a session token after the login flow has been completed. This is only set if the client has requested a session token exchange code, and if the flow is of type \"api\", and only on creating the login flow. | [optional] |
 | **state** | **Object** | State represents the state of this request:  choose_method: ask the user to choose a method to sign in with sent_email: the email has been sent to the user passed_challenge: the request was successful and the login challenge was passed. |  |
+| **test_context** | [**LoginFlowTestContext**](LoginFlowTestContext.md) |  | [optional] |
 | **transient_payload** | **Object** | TransientPayload is used to pass data from the login to hooks and email templates | [optional] |
 | **type** | **String** | The flow type can either be `api` or `browser`. |  |
 | **ui** | [**UiContainer**](UiContainer.md) |  |  |
@@ -45,6 +46,7 @@ instance = OryClient::LoginFlow.new(
   return_to: null,
   session_token_exchange_code: null,
   state: null,
+  test_context: null,
   transient_payload: null,
   type: null,
   ui: null,

data/docs/LoginFlowTestContext.md

@@ -0,0 +1,20 @@
+# OryClient::LoginFlowTestContext
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **debug_payload** | [**LoginFlowTestDebugPayload**](LoginFlowTestDebugPayload.md) |  | [optional] |
+| **provider_id** | **String** | The ID of the OIDC provider this test flow targets. |  |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::LoginFlowTestContext.new(
+  debug_payload: null,
+  provider_id: null
+)
+```
+

data/docs/LoginFlowTestDebugPayload.md

@@ -0,0 +1,32 @@
+# OryClient::LoginFlowTestDebugPayload
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **error** | [**LoginFlowTestStepError**](LoginFlowTestStepError.md) |  | [optional] |
+| **id_token_claims** | **Hash<String, Object>** | Claims extracted from the ID token. | [optional] |
+| **jsonnet_input** | **Hash<String, Object>** | Input JSON that was fed into the Jsonnet mapper. | [optional] |
+| **jsonnet_mapper_url** | **String** | URL of the Jsonnet mapper that was executed on the claims. | [optional] |
+| **jsonnet_output** | **Hash<String, Object>** | Output JSON returned by the Jsonnet mapper. | [optional] |
+| **jsonnet_stderr** | **String** | Anything the Jsonnet mapper wrote to standard error. | [optional] |
+| **schema_validation_errors** | [**Array<LoginFlowTestSchemaValidationError>**](LoginFlowTestSchemaValidationError.md) | Identity-schema validation errors produced from the mapped traits. | [optional] |
+| **userinfo** | **Hash<String, Object>** | Claims returned from the provider's userinfo endpoint, if any. | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::LoginFlowTestDebugPayload.new(
+  error: null,
+  id_token_claims: null,
+  jsonnet_input: null,
+  jsonnet_mapper_url: null,
+  jsonnet_output: null,
+  jsonnet_stderr: null,
+  schema_validation_errors: null,
+  userinfo: null
+)
+```
+

data/docs/LoginFlowTestSchemaValidationError.md

@@ -0,0 +1,20 @@
+# OryClient::LoginFlowTestSchemaValidationError
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **message** | **String** | Human-readable description of the validation failure. | [optional] |
+| **path** | **String** | JSON pointer to the field that failed validation. | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::LoginFlowTestSchemaValidationError.new(
+  message: null,
+  path: null
+)
+```
+

data/docs/LoginFlowTestStepError.md

@@ -0,0 +1,22 @@
+# OryClient::LoginFlowTestStepError
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **message** | **String** | Human-readable message describing the failure. | [optional] |
+| **reason** | **String** | Short classification of the failure cause (for example, \"access_denied\" or \"traits_invalid\"). | [optional] |
+| **step** | **String** | Machine-readable identifier of the failed step (for example, \"token_exchange\" or \"schema_validate\"). | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::LoginFlowTestStepError.new(
+  message: null,
+  reason: null,
+  step: null
+)
+```
+

data/docs/ManageSessionsBody.md

@@ -0,0 +1,22 @@
+# OryClient::ManageSessionsBody
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **action** | **String** | Action to perform on the matching sessions. disable ManageSessionsActionDisable delete ManageSessionsActionDelete |  |
+| **identities** | **Array<String>** | Identity IDs whose sessions should be disabled or deleted, or `[\"*\"]` to operate on every session in the network. Mutually exclusive with `sessions`. | [optional] |
+| **sessions** | **Array<String>** | Session IDs to disable or delete. Mutually exclusive with `identities`. The wildcard `[\"*\"]` is not accepted in this field — pass `identities: [\"*\"]` to scope the operation to every session in the network. | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::ManageSessionsBody.new(
+  action: null,
+  identities: null,
+  sessions: null
+)
+```
+

data/docs/ManageSessionsResponse.md

@@ -0,0 +1,20 @@
+# OryClient::ManageSessionsResponse
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **more** | **Boolean** | True when the call reached the per-call batch limit and additional matching rows may remain. Always false for explicit-IDs requests. | [optional] |
+| **processed** | **Integer** | Number of sessions processed in this call. For `disable`, counts only sessions that were active before the call (already-inactive sessions are skipped). For `delete`, counts every matching row removed. | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::ManageSessionsResponse.new(
+  more: null,
+  processed: null
+)
+```
+

data/docs/Message.md

@@ -13,7 +13,7 @@
 | **send_count** | **Integer** |  |  |
 | **status** | [**CourierMessageStatus**](CourierMessageStatus.md) |  |  |
 | **subject** | **String** |  |  |
-| **template_type** | **String** |  recovery_invalid TypeRecoveryInvalid recovery_valid TypeRecoveryValid recovery_code_invalid TypeRecoveryCodeInvalid recovery_code_valid TypeRecoveryCodeValid verification_invalid TypeVerificationInvalid verification_valid TypeVerificationValid verification_code_invalid TypeVerificationCodeInvalid verification_code_valid TypeVerificationCodeValid stub TypeTestStub login_code_valid TypeLoginCodeValid registration_code_valid TypeRegistrationCodeValid |  |
+| **template_type** | **String** |  recovery_invalid TypeRecoveryInvalid recovery_valid TypeRecoveryValid recovery_code_invalid TypeRecoveryCodeInvalid recovery_code_valid TypeRecoveryCodeValid verification_invalid TypeVerificationInvalid verification_valid TypeVerificationValid verification_code_invalid TypeVerificationCodeInvalid verification_code_valid TypeVerificationCodeValid stub TypeTestStub login_code_valid TypeLoginCodeValid registration_code_valid TypeRegistrationCodeValid verifiable_address_changed TypeVerifiableAddressChanged |  |
 | **type** | [**CourierMessageType**](CourierMessageType.md) |  |  |
 | **updated_at** | **Time** | UpdatedAt is a helper struct field for gobuffalo.pop. |  |
 

data/docs/NullValue.md

@@ -0,0 +1,15 @@
+# OryClient::NullValue
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::NullValue.new()
+```
+