ory-client 1.1.41 → 1.1.44

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4ada72253955719713ffdb9af795e0c573e4abac0d0bb03818ab43d4247417ab
-  data.tar.gz: d978757138c8454eb1c4f9db164bac8e3be7fbbd93add437cf5eb9cfaa975591
+  metadata.gz: 5b1ed0870f68e1f745c110feeef11b5513906e92b83e376eaaafb174130496da
+  data.tar.gz: 6eafd0d5456b774c26026e5c098ba99d5016cdb7ef2c49ba0f48e50bc5e41b7e
 SHA512:
-  metadata.gz: 55726df317556c499b345c9f0c72301d79df09cbf21a1049d08e0ef8903a06c830641abb07e537bf00211b2ed94d3e50a38b1eb4fcc06a354076526d0d5e7868
-  data.tar.gz: 5ec77fe6970c6790105c8b7070b030e9228d8511fdcaae6a1003717efb4dd86cbae4c2397312eecd74505e3cdf4669908de6c3ed8410b159732a0b68f5cdbb77
+  metadata.gz: 0eb0de005cb51ecf27e489af6898cd2dafb7fde96976a7e22710a2b036c39994af4a969b45e348d2818e8131bf40e8a8ef5efff1ea7a382fe9000dd775b0231c
+  data.tar.gz: 4f0063dd5a7eab2238a24fb2d4fc35eb1deb51163235dc8f869af9b014a33e8a83e0546df1a35250b2264af286daae14f373478a510a146962d856d94df7f0d2

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    ory-client (1.1.41)
+    ory-client (1.1.44)
       typhoeus (~> 1.0, >= 1.0.1)
 
 GEM
@@ -40,7 +40,7 @@ GEM
     rspec-expectations (3.12.3)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.5)
+    rspec-mocks (3.12.6)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
     rspec-support (3.12.1)

data/README.md

@@ -8,8 +8,8 @@ with a valid Personal Access Token. Public APIs are mostly used in browsers.
 
 This SDK is automatically generated by the [OpenAPI Generator](https://openapi-generator.tech) project:
 
-- API version: v1.1.41
-- Package version: v1.1.41
+- API version: v1.1.44
+- Package version: v1.1.44
 - Build package: org.openapitools.codegen.languages.RubyClientCodegen
 
 ## Installation
@@ -25,16 +25,16 @@ gem build ory-client.gemspec
 Then either install the gem locally:
 
 ```shell
-gem install ./ory-client-v1.1.41.gem
+gem install ./ory-client-v1.1.44.gem
 ```
 
-(for development, run `gem install --dev ./ory-client-v1.1.41.gem` to install the development dependencies)
+(for development, run `gem install --dev ./ory-client-v1.1.44.gem` to install the development dependencies)
 
 or publish the gem to a gem hosting service, e.g. [RubyGems](https://rubygems.org/).
 
 Finally add this to the Gemfile:
 
-    gem 'ory-client', '~> v1.1.41'
+    gem 'ory-client', '~> v1.1.44'
 
 ### Install from Git
 
@@ -172,6 +172,7 @@ Class | Method | HTTP request | Description
 *OryClient::OAuth2Api* | [**set_o_auth2_client_lifespans**](docs/OAuth2Api.md#set_o_auth2_client_lifespans) | **PUT** /admin/clients/{id}/lifespans | Set OAuth2 Client Token Lifespans
 *OryClient::OAuth2Api* | [**trust_o_auth2_jwt_grant_issuer**](docs/OAuth2Api.md#trust_o_auth2_jwt_grant_issuer) | **POST** /admin/trust/grants/jwt-bearer/issuers | Trust OAuth2 JWT Bearer Grant Type Issuer
 *OryClient::OidcApi* | [**create_oidc_dynamic_client**](docs/OidcApi.md#create_oidc_dynamic_client) | **POST** /oauth2/register | Register OAuth2 Client using OpenID Dynamic Client Registration
+*OryClient::OidcApi* | [**create_verifiable_credential**](docs/OidcApi.md#create_verifiable_credential) | **POST** /credentials | Issues a Verifiable Credential
 *OryClient::OidcApi* | [**delete_oidc_dynamic_client**](docs/OidcApi.md#delete_oidc_dynamic_client) | **DELETE** /oauth2/register/{id} | Delete OAuth 2.0 Client using the OpenID Dynamic Client Registration Management Protocol
 *OryClient::OidcApi* | [**discover_oidc_configuration**](docs/OidcApi.md#discover_oidc_configuration) | **GET** /.well-known/openid-configuration | OpenID Connect Discovery
 *OryClient::OidcApi* | [**get_oidc_dynamic_client**](docs/OidcApi.md#get_oidc_dynamic_client) | **GET** /oauth2/register/{id} | Get OAuth2 Client using OpenID Dynamic Client Registration
@@ -188,13 +189,13 @@ Class | Method | HTTP request | Description
 *OryClient::ProjectApi* | [**delete_project_api_key**](docs/ProjectApi.md#delete_project_api_key) | **DELETE** /projects/{project}/tokens/{token_id} | Delete project API token
 *OryClient::ProjectApi* | [**get_active_project_in_console**](docs/ProjectApi.md#get_active_project_in_console) | **GET** /console/active/project | Returns the Ory Network Project selected in the Ory Network Console
 *OryClient::ProjectApi* | [**get_project**](docs/ProjectApi.md#get_project) | **GET** /projects/{project_id} | Get a Project
-*OryClient::ProjectApi* | [**get_project_members**](docs/ProjectApi.md#get_project_members) | **GET** /projects/{project_id}/members | Get all members associated with this project
+*OryClient::ProjectApi* | [**get_project_members**](docs/ProjectApi.md#get_project_members) | **GET** /projects/{project}/members | Get all members associated with this project
 *OryClient::ProjectApi* | [**get_project_metrics**](docs/ProjectApi.md#get_project_metrics) | **GET** /projects/{project_id}/metrics | 
 *OryClient::ProjectApi* | [**list_project_api_keys**](docs/ProjectApi.md#list_project_api_keys) | **GET** /projects/{project}/tokens | List a project's API Tokens
 *OryClient::ProjectApi* | [**list_projects**](docs/ProjectApi.md#list_projects) | **GET** /projects | List All Projects
 *OryClient::ProjectApi* | [**patch_project**](docs/ProjectApi.md#patch_project) | **PATCH** /projects/{project_id} | Patch an Ory Network Project Configuration
 *OryClient::ProjectApi* | [**purge_project**](docs/ProjectApi.md#purge_project) | **DELETE** /projects/{project_id} | Irrecoverably purge a project
-*OryClient::ProjectApi* | [**remove_project_member**](docs/ProjectApi.md#remove_project_member) | **DELETE** /projects/{project_id}/members/{member_id} | Remove a member associated with this project
+*OryClient::ProjectApi* | [**remove_project_member**](docs/ProjectApi.md#remove_project_member) | **DELETE** /projects/{project}/members/{member} | Remove a member associated with this project
 *OryClient::ProjectApi* | [**set_active_project_in_console**](docs/ProjectApi.md#set_active_project_in_console) | **PUT** /console/active/project | Sets the Ory Network Project active in the Ory Network Console
 *OryClient::ProjectApi* | [**set_project**](docs/ProjectApi.md#set_project) | **PUT** /projects/{project_id} | Update an Ory Network Project Configuration
 *OryClient::RelationshipApi* | [**check_opl_syntax**](docs/RelationshipApi.md#check_opl_syntax) | **POST** /opl/syntax/check | Check the syntax of an OPL file
@@ -214,6 +215,7 @@ Class | Method | HTTP request | Description
  - [OryClient::ActiveProjectInConsole](docs/ActiveProjectInConsole.md)
  - [OryClient::AuthenticatorAssuranceLevel](docs/AuthenticatorAssuranceLevel.md)
  - [OryClient::BatchPatchIdentitiesResponse](docs/BatchPatchIdentitiesResponse.md)
+ - [OryClient::CORS](docs/CORS.md)
  - [OryClient::CheckOplSyntaxResult](docs/CheckOplSyntaxResult.md)
  - [OryClient::CheckPermissionResult](docs/CheckPermissionResult.md)
  - [OryClient::CloudAccount](docs/CloudAccount.md)
@@ -225,18 +227,22 @@ Class | Method | HTTP request | Description
  - [OryClient::CourierMessageType](docs/CourierMessageType.md)
  - [OryClient::CreateCustomDomainBody](docs/CreateCustomDomainBody.md)
  - [OryClient::CreateIdentityBody](docs/CreateIdentityBody.md)
+ - [OryClient::CreateInviteResponse](docs/CreateInviteResponse.md)
  - [OryClient::CreateJsonWebKeySet](docs/CreateJsonWebKeySet.md)
  - [OryClient::CreateProjectApiKeyRequest](docs/CreateProjectApiKeyRequest.md)
  - [OryClient::CreateProjectBody](docs/CreateProjectBody.md)
  - [OryClient::CreateProjectBranding](docs/CreateProjectBranding.md)
- - [OryClient::CreateProjectInvite](docs/CreateProjectInvite.md)
- - [OryClient::CreateProjectInvitesResponse](docs/CreateProjectInvitesResponse.md)
+ - [OryClient::CreateProjectMemberInviteBody](docs/CreateProjectMemberInviteBody.md)
  - [OryClient::CreateRecoveryCodeForIdentityBody](docs/CreateRecoveryCodeForIdentityBody.md)
  - [OryClient::CreateRecoveryLinkForIdentityBody](docs/CreateRecoveryLinkForIdentityBody.md)
  - [OryClient::CreateRelationshipBody](docs/CreateRelationshipBody.md)
  - [OryClient::CreateSubscriptionBody](docs/CreateSubscriptionBody.md)
+ - [OryClient::CreateVerifiableCredentialRequestBody](docs/CreateVerifiableCredentialRequestBody.md)
+ - [OryClient::CredentialSupportedDraft00](docs/CredentialSupportedDraft00.md)
  - [OryClient::CustomDomain](docs/CustomDomain.md)
  - [OryClient::DeleteMySessionsCount](docs/DeleteMySessionsCount.md)
+ - [OryClient::EmailTemplateData](docs/EmailTemplateData.md)
+ - [OryClient::EmailTemplateDataBody](docs/EmailTemplateDataBody.md)
  - [OryClient::ErrorAuthenticatorAssuranceLevelNotSatisfied](docs/ErrorAuthenticatorAssuranceLevelNotSatisfied.md)
  - [OryClient::ErrorBrowserLocationChangeRequired](docs/ErrorBrowserLocationChangeRequired.md)
  - [OryClient::ErrorFlowReplaced](docs/ErrorFlowReplaced.md)
@@ -270,6 +276,7 @@ Class | Method | HTTP request | Description
  - [OryClient::IdentityWithCredentialsPassword](docs/IdentityWithCredentialsPassword.md)
  - [OryClient::IdentityWithCredentialsPasswordConfig](docs/IdentityWithCredentialsPasswordConfig.md)
  - [OryClient::InternalGetProjectBrandingBody](docs/InternalGetProjectBrandingBody.md)
+ - [OryClient::InternalIsAXWelcomeScreenEnabledForProjectBody](docs/InternalIsAXWelcomeScreenEnabledForProjectBody.md)
  - [OryClient::InternalIsOwnerForProjectBySlugBody](docs/InternalIsOwnerForProjectBySlugBody.md)
  - [OryClient::InternalIsOwnerForProjectBySlugResponse](docs/InternalIsOwnerForProjectBySlugResponse.md)
  - [OryClient::InternalProvisionMockSubscription](docs/InternalProvisionMockSubscription.md)
@@ -285,6 +292,7 @@ Class | Method | HTTP request | Description
  - [OryClient::LogoutFlow](docs/LogoutFlow.md)
  - [OryClient::ManagedIdentitySchema](docs/ManagedIdentitySchema.md)
  - [OryClient::ManagedIdentitySchemaValidationResult](docs/ManagedIdentitySchemaValidationResult.md)
+ - [OryClient::MemberInvite](docs/MemberInvite.md)
  - [OryClient::Message](docs/Message.md)
  - [OryClient::MessageDispatch](docs/MessageDispatch.md)
  - [OryClient::MetricsDatapoint](docs/MetricsDatapoint.md)
@@ -322,13 +330,13 @@ Class | Method | HTTP request | Description
  - [OryClient::ProjectBrandingColors](docs/ProjectBrandingColors.md)
  - [OryClient::ProjectBrandingTheme](docs/ProjectBrandingTheme.md)
  - [OryClient::ProjectHost](docs/ProjectHost.md)
- - [OryClient::ProjectInvite](docs/ProjectInvite.md)
  - [OryClient::ProjectMetadata](docs/ProjectMetadata.md)
  - [OryClient::ProjectServiceIdentity](docs/ProjectServiceIdentity.md)
  - [OryClient::ProjectServiceOAuth2](docs/ProjectServiceOAuth2.md)
  - [OryClient::ProjectServicePermission](docs/ProjectServicePermission.md)
  - [OryClient::ProjectServices](docs/ProjectServices.md)
  - [OryClient::QuotaUsage](docs/QuotaUsage.md)
+ - [OryClient::RFC6749ErrorJson](docs/RFC6749ErrorJson.md)
  - [OryClient::RecoveryCodeForIdentity](docs/RecoveryCodeForIdentity.md)
  - [OryClient::RecoveryFlow](docs/RecoveryFlow.md)
  - [OryClient::RecoveryFlowState](docs/RecoveryFlowState.md)
@@ -403,6 +411,9 @@ Class | Method | HTTP request | Description
  - [OryClient::UpdateVerificationFlowWithCodeMethod](docs/UpdateVerificationFlowWithCodeMethod.md)
  - [OryClient::UpdateVerificationFlowWithLinkMethod](docs/UpdateVerificationFlowWithLinkMethod.md)
  - [OryClient::Usage](docs/Usage.md)
+ - [OryClient::VerifiableCredentialPrimingResponse](docs/VerifiableCredentialPrimingResponse.md)
+ - [OryClient::VerifiableCredentialProof](docs/VerifiableCredentialProof.md)
+ - [OryClient::VerifiableCredentialResponse](docs/VerifiableCredentialResponse.md)
  - [OryClient::VerifiableIdentityAddress](docs/VerifiableIdentityAddress.md)
  - [OryClient::VerificationFlow](docs/VerificationFlow.md)
  - [OryClient::VerificationFlowState](docs/VerificationFlowState.md)

data/docs/CORS.md

@@ -0,0 +1,20 @@
+# OryClient::CORS
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **enabled** | **Boolean** | Whether CORS is enabled for this endpoint. |  |
+| **origins** | **Array<String>** | The allowed origins. Use `*` to allow all origins. A wildcard can also be used in the subdomain, i.e. `https://*.example.com` will allow all origins on all subdomains of `example.com`. |  |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::CORS.new(
+  enabled: null,
+  origins: null
+)
+```
+

data/docs/CreateInviteResponse.md

@@ -0,0 +1,20 @@
+# OryClient::CreateInviteResponse
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **all_invites** | [**Array<MemberInvite>**](MemberInvite.md) | A list of all invites for this resource |  |
+| **created_invite** | [**MemberInvite**](MemberInvite.md) |  |  |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::CreateInviteResponse.new(
+  all_invites: null,
+  created_invite: null
+)
+```
+

data/docs/CreateProjectMemberInviteBody.md

@@ -0,0 +1,18 @@
+# OryClient::CreateProjectMemberInviteBody
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **invitee_email** | **String** | A email to invite | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::CreateProjectMemberInviteBody.new(
+  invitee_email: null
+)
+```
+

data/docs/CreateVerifiableCredentialRequestBody.md

@@ -0,0 +1,22 @@
+# OryClient::CreateVerifiableCredentialRequestBody
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **format** | **String** |  | [optional] |
+| **proof** | [**VerifiableCredentialProof**](VerifiableCredentialProof.md) |  | [optional] |
+| **types** | **Array<String>** |  | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::CreateVerifiableCredentialRequestBody.new(
+  format: null,
+  proof: null,
+  types: null
+)
+```
+

data/docs/CredentialSupportedDraft00.md

@@ -0,0 +1,24 @@
+# OryClient::CredentialSupportedDraft00
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **cryptographic_binding_methods_supported** | **Array<String>** | OpenID Connect Verifiable Credentials Cryptographic Binding Methods Supported  Contains a list of cryptographic binding methods supported for signing the proof. | [optional] |
+| **cryptographic_suites_supported** | **Array<String>** | OpenID Connect Verifiable Credentials Cryptographic Suites Supported  Contains a list of cryptographic suites methods supported for signing the proof. | [optional] |
+| **format** | **String** | OpenID Connect Verifiable Credentials Format  Contains the format that is supported by this authorization server. | [optional] |
+| **types** | **Array<String>** | OpenID Connect Verifiable Credentials Types  Contains the types of verifiable credentials supported. | [optional] |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::CredentialSupportedDraft00.new(
+  cryptographic_binding_methods_supported: null,
+  cryptographic_suites_supported: null,
+  format: null,
+  types: null
+)
+```
+

data/docs/EmailTemplateData.md

@@ -0,0 +1,20 @@
+# OryClient::EmailTemplateData
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **body** | [**EmailTemplateDataBody**](EmailTemplateDataBody.md) |  |  |
+| **subject** | **String** |  |  |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::EmailTemplateData.new(
+  body: null,
+  subject: null
+)
+```
+

data/docs/EmailTemplateDataBody.md

@@ -0,0 +1,20 @@
+# OryClient::EmailTemplateDataBody
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **html** | **String** |  |  |
+| **plaintext** | **String** |  |  |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::EmailTemplateDataBody.new(
+  html: null,
+  plaintext: null
+)
+```
+

data/docs/FrontendApi.md

@@ -250,7 +250,7 @@ No authorization required
 
 Create Registration Flow for Browsers
 
-This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows.  :::info  This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.  :::  If this endpoint is opened as a link in the browser, it will be redirected to `selfservice.flows.registration.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists already, the browser will be redirected to `urls.default_redirect_url`.  If this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the case of an error, the `error.id` of the JSON response body can be one of:  `session_already_available`: The user is already signed in. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!  If this endpoint is called via an AJAX request, the response contains the registration flow without a redirect.  This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.  More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
+This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows.  If this endpoint is opened as a link in the browser, it will be redirected to `selfservice.flows.registration.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists already, the browser will be redirected to `urls.default_redirect_url`.  If this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the case of an error, the `error.id` of the JSON response body can be one of:  `session_already_available`: The user is already signed in. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!  If this endpoint is called via an AJAX request, the response contains the registration flow without a redirect.  This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.  More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
 
 ### Examples
 
@@ -1587,7 +1587,7 @@ No authorization required
 
 Check Who the Current HTTP Session Belongs To
 
-Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. When the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response.  If you call this endpoint from a server-side application, you must forward the HTTP Cookie Header to this endpoint:  ```js pseudo-code example router.get('/protected-endpoint', async function (req, res) { const session = await client.toSession(undefined, req.header('cookie'))  console.log(session) }) ```  When calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token:  ```js pseudo-code example ... const session = await client.toSession(\"the-session-token\")  console.log(session) ```  Depending on your configuration this endpoint might return a 403 status code if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user to sign in with the second factor or change the configuration.  This endpoint is useful for:  AJAX calls. Remember to send credentials and set up CORS correctly! Reverse proxies and API Gateways Server-side calls - use the `X-Session-Token` header!  This endpoint authenticates users by checking:  if the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie; if the `Authorization: bearer <ory-session-token>` HTTP header was set with a valid Ory Kratos Session Token; if the `X-Session-Token` HTTP header was set with a valid Ory Kratos Session Token.  If none of these headers are set or the cooke or token are invalid, the endpoint returns a HTTP 401 status code.  As explained above, this request may fail due to several reasons. The `error.id` can be one of:  `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.
+Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. When the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response.  If you call this endpoint from a server-side application, you must forward the HTTP Cookie Header to this endpoint:  ```js pseudo-code example router.get('/protected-endpoint', async function (req, res) { const session = await client.toSession(undefined, req.header('cookie'))  console.log(session) }) ```  When calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token:  ```js pseudo-code example ... const session = await client.toSession(\"the-session-token\")  console.log(session) ```  Depending on your configuration this endpoint might return a 403 status code if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user to sign in with the second factor or change the configuration.  This endpoint is useful for:  AJAX calls. Remember to send credentials and set up CORS correctly! Reverse proxies and API Gateways Server-side calls - use the `X-Session-Token` header!  This endpoint authenticates users by checking:  if the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie; if the `Authorization: bearer <ory-session-token>` HTTP header was set with a valid Ory Kratos Session Token; if the `X-Session-Token` HTTP header was set with a valid Ory Kratos Session Token.  If none of these headers are set or the cookie or token are invalid, the endpoint returns a HTTP 401 status code.  As explained above, this request may fail due to several reasons. The `error.id` can be one of:  `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.
 
 ### Examples
 
@@ -1655,7 +1655,7 @@ No authorization required
 
 Submit a Login Flow
 
-:::info  This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.  :::  Use this endpoint to complete a login flow. This endpoint behaves differently for API and browser flows.  API flows expect `application/json` to be sent in the body and responds with HTTP 200 and a application/json body with the session token on success; HTTP 410 if the original flow expired with the appropriate error messages set and optionally a `use_flow_id` parameter in the body; HTTP 400 on form validation errors.  Browser flows expect a Content-Type of `application/x-www-form-urlencoded` or `application/json` to be sent in the body and respond with a HTTP 303 redirect to the post/after login URL or the `return_to` value if it was set and if the login succeeded; a HTTP 303 redirect to the login UI URL with the flow ID containing the validation errors otherwise.  Browser flows with an accept header of `application/json` will not redirect but instead respond with HTTP 200 and a application/json body with the signed in identity and a `Set-Cookie` header on success; HTTP 303 redirect to a fresh login flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors.  If this endpoint is called with `Accept: application/json` in the header, the response contains the flow without a redirect. In the case of an error, the `error.id` of the JSON response body can be one of:  `session_already_available`: The user is already signed in. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. Most likely used in Social Sign In flows.  More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
+Use this endpoint to complete a login flow. This endpoint behaves differently for API and browser flows.  API flows expect `application/json` to be sent in the body and responds with HTTP 200 and a application/json body with the session token on success; HTTP 410 if the original flow expired with the appropriate error messages set and optionally a `use_flow_id` parameter in the body; HTTP 400 on form validation errors.  Browser flows expect a Content-Type of `application/x-www-form-urlencoded` or `application/json` to be sent in the body and respond with a HTTP 303 redirect to the post/after login URL or the `return_to` value if it was set and if the login succeeded; a HTTP 303 redirect to the login UI URL with the flow ID containing the validation errors otherwise.  Browser flows with an accept header of `application/json` will not redirect but instead respond with HTTP 200 and a application/json body with the signed in identity and a `Set-Cookie` header on success; HTTP 303 redirect to a fresh login flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors.  If this endpoint is called with `Accept: application/json` in the header, the response contains the flow without a redirect. In the case of an error, the `error.id` of the JSON response body can be one of:  `session_already_available`: The user is already signed in. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. Most likely used in Social Sign In flows.  More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).
 
 ### Examples
 

data/docs/InternalIsAXWelcomeScreenEnabledForProjectBody.md

@@ -0,0 +1,20 @@
+# OryClient::InternalIsAXWelcomeScreenEnabledForProjectBody
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **path** | **String** | Path is the path of the request. |  |
+| **project_slug** | **String** | ProjectSlug is the project's slug. |  |
+
+## Example
+
+```ruby
+require 'ory-client'
+
+instance = OryClient::InternalIsAXWelcomeScreenEnabledForProjectBody.new(
+  path: null,
+  project_slug: null
+)
+```
+

data/docs/{ProjectInvite.md → MemberInvite.md}

@@ -1,4 +1,4 @@
-# OryClient::ProjectInvite
+# OryClient::MemberInvite
 
 ## Properties
 
@@ -19,7 +19,7 @@
 ```ruby
 require 'ory-client'
 
-instance = OryClient::ProjectInvite.new(
+instance = OryClient::MemberInvite.new(
   created_at: null,
   id: null,
   invitee_email: null,

data/docs/NormalizedProjectRevision.md

@@ -5,6 +5,7 @@
 | Name | Type | Description | Notes |
 | ---- | ---- | ----------- | ----- |
 | **created_at** | **Time** | The Project's Revision Creation Date | [optional][readonly] |
+| **disable_account_experience_welcome_screen** | **Boolean** | Whether to disable the account experience welcome screen, which is hosted under `/ui/welcome`. | [optional] |
 | **hydra_oauth2_allowed_top_level_claims** | **Array<String>** |  | [optional] |
 | **hydra_oauth2_client_credentials_default_grant_allowed_scope** | **Boolean** | Automatically grant authorized OAuth2 Scope in OAuth2 Client Credentials Flow.  Each OAuth2 Client is allowed to request a predefined OAuth2 Scope (for example `read write`). If this option is enabled, the full scope is automatically granted when performing the OAuth2 Client Credentials flow.  If disabled, the OAuth2 Client has to request the scope in the OAuth2 request by providing the `scope` query parameter.  Setting this option to true is common if you need compatibility with MITREid.  This governs the \"oauth2.client_credentials.default_grant_allowed_scope\" setting. | [optional] |
 | **hydra_oauth2_exclude_not_before_claim** | **Boolean** | Set to true if you want to exclude claim `nbf (not before)` part of access token.  This governs the \"oauth2.exclude_not_before_claim\" setting. | [optional] |
@@ -14,6 +15,7 @@
 | **hydra_oauth2_pkce_enforced** | **Boolean** | Configures whether PKCE should be enforced for all OAuth2 Clients.  This governs the \"oauth2.pkce.enforced\" setting. | [optional] |
 | **hydra_oauth2_pkce_enforced_for_public_clients** | **Boolean** | Configures whether PKCE should be enforced for OAuth2 Clients without a client secret (public clients).  This governs the \"oauth2.pkce.enforced_for_public_clients\" setting. | [optional] |
 | **hydra_oauth2_refresh_token_hook** | **String** | Sets the Refresh Token Hook Endpoint. If set this endpoint will be called during the OAuth2 Token Refresh grant update the OAuth2 Access Token claims.  This governs the \"oauth2.refresh_token_hook\" setting. | [optional] |
+| **hydra_oauth2_token_hook** | **String** | Sets the token hook endpoint for all grant types. If set it will be called while providing token to customize claims.  This governs the \"oauth2.token_hook\" setting. | [optional] |
 | **hydra_oidc_dynamic_client_registration_default_scope** | **Array<String>** |  | [optional] |
 | **hydra_oidc_dynamic_client_registration_enabled** | **Boolean** | Configures OpenID Connect Dynamic Client Registration.  This governs the \"oidc.dynamic_client_registration.enabled\" setting. | [optional] |
 | **hydra_oidc_subject_identifiers_pairwise_salt** | **String** | Configures OpenID Connect Discovery and overwrites the pairwise algorithm  This governs the \"oidc.subject_identifiers.pairwise_salt\" setting. | [optional] |
@@ -141,9 +143,9 @@
 | **kratos_selfservice_methods_totp_enabled** | **Boolean** | Configures whether Ory Kratos TOTP Method is enabled  This governs the \"selfservice.methods.totp.enabled\" setting. | [optional] |
 | **kratos_selfservice_methods_webauthn_config_passwordless** | **Boolean** | Configures whether Ory Kratos Webauthn is used for passwordless flows  This governs the \"selfservice.methods.webauthn.config.passwordless\" setting. | [optional] |
 | **kratos_selfservice_methods_webauthn_config_rp_display_name** | **String** | Configures the Ory Kratos Webauthn RP Display Name  This governs the \"selfservice.methods.webauthn.config.rp.display_name\" setting. | [optional] |
-| **kratos_selfservice_methods_webauthn_config_rp_icon** | **String** | Configures the Ory Kratos Webauthn RP Icon  This governs the \"selfservice.methods.webauthn.config.rp.icon\" setting. | [optional] |
+| **kratos_selfservice_methods_webauthn_config_rp_icon** | **String** | Configures the Ory Kratos Webauthn RP Icon  This governs the \"selfservice.methods.webauthn.config.rp.icon\" setting. Deprecated: This value will be ignored due to security considerations. | [optional] |
 | **kratos_selfservice_methods_webauthn_config_rp_id** | **String** | Configures the Ory Kratos Webauthn RP ID  This governs the \"selfservice.methods.webauthn.config.rp.id\" setting. | [optional] |
-| **kratos_selfservice_methods_webauthn_config_rp_origin** | **String** | Configures the Ory Kratos Webauthn RP Origin  This governs the \"selfservice.methods.webauthn.config.rp.origin\" setting. | [optional] |
+| **kratos_selfservice_methods_webauthn_config_rp_origins** | **Array<String>** |  | [optional] |
 | **kratos_selfservice_methods_webauthn_enabled** | **Boolean** | Configures whether Ory Kratos Webauthn is enabled  This governs the \"selfservice.methods.webauthn.enabled\" setting. | [optional] |
 | **kratos_session_cookie_persistent** | **Boolean** | Configures the Ory Kratos Session Cookie Persistent Attribute  This governs the \"session.cookie.persistent\" setting. | [optional] |
 | **kratos_session_cookie_same_site** | **String** | Configures the Ory Kratos Session Cookie SameSite Attribute  This governs the \"session.cookie.same_site\" setting. | [optional] |
@@ -165,6 +167,7 @@ require 'ory-client'
 
 instance = OryClient::NormalizedProjectRevision.new(
   created_at: null,
+  disable_account_experience_welcome_screen: null,
   hydra_oauth2_allowed_top_level_claims: null,
   hydra_oauth2_client_credentials_default_grant_allowed_scope: null,
   hydra_oauth2_exclude_not_before_claim: null,
@@ -174,6 +177,7 @@ instance = OryClient::NormalizedProjectRevision.new(
   hydra_oauth2_pkce_enforced: null,
   hydra_oauth2_pkce_enforced_for_public_clients: null,
   hydra_oauth2_refresh_token_hook: null,
+  hydra_oauth2_token_hook: null,
   hydra_oidc_dynamic_client_registration_default_scope: null,
   hydra_oidc_dynamic_client_registration_enabled: null,
   hydra_oidc_subject_identifiers_pairwise_salt: null,
@@ -303,7 +307,7 @@ instance = OryClient::NormalizedProjectRevision.new(
   kratos_selfservice_methods_webauthn_config_rp_display_name: null,
   kratos_selfservice_methods_webauthn_config_rp_icon: null,
   kratos_selfservice_methods_webauthn_config_rp_id: null,
-  kratos_selfservice_methods_webauthn_config_rp_origin: null,
+  kratos_selfservice_methods_webauthn_config_rp_origins: null,
   kratos_selfservice_methods_webauthn_enabled: null,
   kratos_session_cookie_persistent: null,
   kratos_session_cookie_same_site: null,

data/docs/OidcApi.md

@@ -5,6 +5,7 @@ All URIs are relative to *https://playground.projects.oryapis.com*
 | Method | HTTP request | Description |
 | ------ | ------------ | ----------- |
 | [**create_oidc_dynamic_client**](OidcApi.md#create_oidc_dynamic_client) | **POST** /oauth2/register | Register OAuth2 Client using OpenID Dynamic Client Registration |
+| [**create_verifiable_credential**](OidcApi.md#create_verifiable_credential) | **POST** /credentials | Issues a Verifiable Credential |
 | [**delete_oidc_dynamic_client**](OidcApi.md#delete_oidc_dynamic_client) | **DELETE** /oauth2/register/{id} | Delete OAuth 2.0 Client using the OpenID Dynamic Client Registration Management Protocol |
 | [**discover_oidc_configuration**](OidcApi.md#discover_oidc_configuration) | **GET** /.well-known/openid-configuration | OpenID Connect Discovery |
 | [**get_oidc_dynamic_client**](OidcApi.md#get_oidc_dynamic_client) | **GET** /oauth2/register/{id} | Get OAuth2 Client using OpenID Dynamic Client Registration |
@@ -77,6 +78,72 @@ No authorization required
 - **Accept**: application/json
 
 
+## create_verifiable_credential
+
+> <VerifiableCredentialResponse> create_verifiable_credential(opts)
+
+Issues a Verifiable Credential
+
+This endpoint creates a verifiable credential that attests that the user authenticated with the provided access token owns a certain public/private key pair.  More information can be found at https://openid.net/specs/openid-connect-userinfo-vc-1_0.html.
+
+### Examples
+
+```ruby
+require 'time'
+require 'ory-client'
+
+api_instance = OryClient::OidcApi.new
+opts = {
+  create_verifiable_credential_request_body: OryClient::CreateVerifiableCredentialRequestBody.new # CreateVerifiableCredentialRequestBody | 
+}
+
+begin
+  # Issues a Verifiable Credential
+  result = api_instance.create_verifiable_credential(opts)
+  p result
+rescue OryClient::ApiError => e
+  puts "Error when calling OidcApi->create_verifiable_credential: #{e}"
+end
+```
+
+#### Using the create_verifiable_credential_with_http_info variant
+
+This returns an Array which contains the response data, status code and headers.
+
+> <Array(<VerifiableCredentialResponse>, Integer, Hash)> create_verifiable_credential_with_http_info(opts)
+
+```ruby
+begin
+  # Issues a Verifiable Credential
+  data, status_code, headers = api_instance.create_verifiable_credential_with_http_info(opts)
+  p status_code # => 2xx
+  p headers # => { ... }
+  p data # => <VerifiableCredentialResponse>
+rescue OryClient::ApiError => e
+  puts "Error when calling OidcApi->create_verifiable_credential_with_http_info: #{e}"
+end
+```
+
+### Parameters
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **create_verifiable_credential_request_body** | [**CreateVerifiableCredentialRequestBody**](CreateVerifiableCredentialRequestBody.md) |  | [optional] |
+
+### Return type
+
+[**VerifiableCredentialResponse**](VerifiableCredentialResponse.md)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+
 ## delete_oidc_dynamic_client
 
 > delete_oidc_dynamic_client(id)

data/docs/OidcConfiguration.md

@@ -10,6 +10,8 @@
 | **claims_parameter_supported** | **Boolean** | OpenID Connect Claims Parameter Parameter Supported  Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support. | [optional] |
 | **claims_supported** | **Array<String>** | OpenID Connect Supported Claims  JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list. | [optional] |
 | **code_challenge_methods_supported** | **Array<String>** | OAuth 2.0 PKCE Supported Code Challenge Methods  JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported by this authorization server. | [optional] |
+| **credentials_endpoint_draft_00** | **String** | OpenID Connect Verifiable Credentials Endpoint  Contains the URL of the Verifiable Credentials Endpoint. | [optional] |
+| **credentials_supported_draft_00** | [**Array<CredentialSupportedDraft00>**](CredentialSupportedDraft00.md) | OpenID Connect Verifiable Credentials Supported  JSON array containing a list of the Verifiable Credentials supported by this authorization server. | [optional] |
 | **end_session_endpoint** | **String** | OpenID Connect End-Session Endpoint  URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP. | [optional] |
 | **frontchannel_logout_session_supported** | **Boolean** | OpenID Connect Front-Channel Logout Session Required  Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify the RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also included in ID Tokens issued by the OP. | [optional] |
 | **frontchannel_logout_supported** | **Boolean** | OpenID Connect Front-Channel Logout Supported  Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support. | [optional] |
@@ -46,6 +48,8 @@ instance = OryClient::OidcConfiguration.new(
   claims_parameter_supported: null,
   claims_supported: null,
   code_challenge_methods_supported: null,
+  credentials_endpoint_draft_00: null,
+  credentials_supported_draft_00: null,
   end_session_endpoint: null,
   frontchannel_logout_session_supported: null,
   frontchannel_logout_supported: null,

data/docs/Project.md

@@ -4,6 +4,8 @@
 
 | Name | Type | Description | Notes |
 | ---- | ---- | ----------- | ----- |
+| **cors_admin** | [**CORS**](CORS.md) |  |  |
+| **cors_public** | [**CORS**](CORS.md) |  |  |
 | **id** | **String** | The project's ID. | [readonly] |
 | **name** | **String** | The name of the project. |  |
 | **revision_id** | **String** | The configuration revision ID. | [readonly] |
@@ -17,6 +19,8 @@
 require 'ory-client'
 
 instance = OryClient::Project.new(
+  cors_admin: null,
+  cors_public: null,
   id: null,
   name: null,
   revision_id: null,