RubyGems - ory-kratos-client - Versions diffs - 0.11.1 → 1.0.0 - Mend

ory-kratos-client 0.11.1 → 1.0.0

Files changed (728) hide show

data/docs/FrontendApi.md CHANGED Viewed

@@ -17,6 +17,7 @@ All URIs are relative to *http://localhost*
 | [**create_native_verification_flow**](FrontendApi.md#create_native_verification_flow) | **GET** /self-service/verification/api | Create Verification Flow for Native Apps |
 | [**disable_my_other_sessions**](FrontendApi.md#disable_my_other_sessions) | **DELETE** /sessions | Disable my other sessions |
 | [**disable_my_session**](FrontendApi.md#disable_my_session) | **DELETE** /sessions/{id} | Disable one of my sessions |
+| [**exchange_session_token**](FrontendApi.md#exchange_session_token) | **GET** /sessions/token-exchange | Exchange Session Token |
 | [**get_flow_error**](FrontendApi.md#get_flow_error) | **GET** /self-service/errors | Get User-Flow Errors |
 | [**get_login_flow**](FrontendApi.md#get_login_flow) | **GET** /self-service/login/flows | Get Login Flow |
 | [**get_recovery_flow**](FrontendApi.md#get_recovery_flow) | **GET** /self-service/recovery/flows | Get Recovery Flow |
@@ -125,7 +126,8 @@ require 'ory-kratos-client'
 api_instance = OryKratosClient::FrontendApi.new
 opts = {
-  cookie: 'cookie_example' # String | HTTP Cookies  If you call this endpoint from a backend, please include the original Cookie header in the request.
+  cookie: 'cookie_example', # String | HTTP Cookies  If you call this endpoint from a backend, please include the original Cookie header in the request.
+  return_to: 'return_to_example' # String | Return to URL  The URL to which the browser should be redirected to after the logout has been performed.
 }
 begin
@@ -160,6 +162,7 @@ end
 | Name | Type | Description | Notes |
 | ---- | ---- | ----------- | ----- |
 | **cookie** | **String** | HTTP Cookies  If you call this endpoint from a backend, please include the original Cookie header in the request. | [optional] |
+| **return_to** | **String** | Return to URL  The URL to which the browser should be redirected to after the logout has been performed. | [optional] |
 ### Return type
@@ -258,7 +261,8 @@ require 'ory-kratos-client'
 api_instance = OryKratosClient::FrontendApi.new
 opts = {
   return_to: 'return_to_example', # String | The URL to return the browser to after the flow was completed.
-  login_challenge: 'login_challenge_example' # String | Ory OAuth 2.0 Login Challenge.  If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`).  This feature is compatible with Ory Hydra when not running on the Ory Network.
+  login_challenge: 'login_challenge_example', # String | Ory OAuth 2.0 Login Challenge.  If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.  The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`).  This feature is compatible with Ory Hydra when not running on the Ory Network.
+  after_verification_return_to: 'after_verification_return_to_example' # String | The URL to return the browser to after the verification flow was completed.  After the registration flow is completed, the user will be sent a verification email. Upon completing the verification flow, this URL will be used to override the default `selfservice.flows.verification.after.default_redirect_to` value.
 }
 begin
@@ -294,6 +298,7 @@ end
 | ---- | ---- | ----------- | ----- |
 | **return_to** | **String** | The URL to return the browser to after the flow was completed. | [optional] |
 | **login_challenge** | **String** | Ory OAuth 2.0 Login Challenge.  If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.  The value for this parameter comes from &#x60;login_challenge&#x60; URL Query parameter sent to your application (e.g. &#x60;/registration?login_challenge&#x3D;abcde&#x60;).  This feature is compatible with Ory Hydra when not running on the Ory Network. | [optional] |
+| **after_verification_return_to** | **String** | The URL to return the browser to after the verification flow was completed.  After the registration flow is completed, the user will be sent a verification email. Upon completing the verification flow, this URL will be used to override the default &#x60;selfservice.flows.verification.after.default_redirect_to&#x60; value. | [optional] |
 ### Return type
@@ -383,7 +388,7 @@ No authorization required
 Create Verification Flow for Browser Clients
-This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.  If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects.  This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
+This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.  If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects.  This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).
 ### Examples
@@ -461,7 +466,9 @@ api_instance = OryKratosClient::FrontendApi.new
 opts = {
   refresh: true, # Boolean | Refresh a login session  If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session.
   aal: 'aal_example', # String | Request a Specific AuthenticationMethod Assurance Level  Use this parameter to upgrade an existing session's authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to \"upgrade\" the session's security by asking the user to perform TOTP / WebAuth/ ... you would set this to \"aal2\".
-  x_session_token: 'x_session_token_example' # String | The Session Token of the Identity performing the settings flow.
+  x_session_token: 'x_session_token_example', # String | The Session Token of the Identity performing the settings flow.
+  return_session_token_exchange_code: true, # Boolean | EnableSessionTokenExchangeCode requests the login flow to include a code that can be used to retrieve the session token after the login flow has been completed.
+  return_to: 'return_to_example' # String | The URL to return the browser to after the flow was completed.
 }
 begin
@@ -498,6 +505,8 @@ end
 | **refresh** | **Boolean** | Refresh a login session  If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session. | [optional] |
 | **aal** | **String** | Request a Specific AuthenticationMethod Assurance Level  Use this parameter to upgrade an existing session&#39;s authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to \&quot;upgrade\&quot; the session&#39;s security by asking the user to perform TOTP / WebAuth/ ... you would set this to \&quot;aal2\&quot;. | [optional] |
 | **x_session_token** | **String** | The Session Token of the Identity performing the settings flow. | [optional] |
+| **return_session_token_exchange_code** | **Boolean** | EnableSessionTokenExchangeCode requests the login flow to include a code that can be used to retrieve the session token after the login flow has been completed. | [optional] |
+| **return_to** | **String** | The URL to return the browser to after the flow was completed. | [optional] |
 ### Return type
@@ -576,7 +585,7 @@ No authorization required
 ## create_native_registration_flow
-> <RegistrationFlow> create_native_registration_flow
+> <RegistrationFlow> create_native_registration_flow(opts)
 Create Registration Flow for Native Apps
@@ -589,10 +598,14 @@ require 'time'
 require 'ory-kratos-client'
 api_instance = OryKratosClient::FrontendApi.new
+opts = {
+  return_session_token_exchange_code: true, # Boolean | EnableSessionTokenExchangeCode requests the login flow to include a code that can be used to retrieve the session token after the login flow has been completed.
+  return_to: 'return_to_example' # String | The URL to return the browser to after the flow was completed.
+}
 begin
   # Create Registration Flow for Native Apps
-  result = api_instance.create_native_registration_flow
+  result = api_instance.create_native_registration_flow(opts)
   p result
 rescue OryKratosClient::ApiError => e
   puts "Error when calling FrontendApi->create_native_registration_flow: #{e}"
@@ -603,12 +616,12 @@ end
 This returns an Array which contains the response data, status code and headers.
-> <Array(<RegistrationFlow>, Integer, Hash)> create_native_registration_flow_with_http_info
+> <Array(<RegistrationFlow>, Integer, Hash)> create_native_registration_flow_with_http_info(opts)
 ```ruby
 begin
   # Create Registration Flow for Native Apps
-  data, status_code, headers = api_instance.create_native_registration_flow_with_http_info
+  data, status_code, headers = api_instance.create_native_registration_flow_with_http_info(opts)
   p status_code # => 2xx
   p headers # => { ... }
   p data # => <RegistrationFlow>
@@ -619,7 +632,10 @@ end
 ### Parameters
-This endpoint does not need any parameter.
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **return_session_token_exchange_code** | **Boolean** | EnableSessionTokenExchangeCode requests the login flow to include a code that can be used to retrieve the session token after the login flow has been completed. | [optional] |
+| **return_to** | **String** | The URL to return the browser to after the flow was completed. | [optional] |
 ### Return type
@@ -899,6 +915,70 @@ No authorization required
 - **Accept**: application/json
+## exchange_session_token
+> <SuccessfulNativeLogin> exchange_session_token(init_code, return_to_code)
+Exchange Session Token
+### Examples
+```ruby
+require 'time'
+require 'ory-kratos-client'
+api_instance = OryKratosClient::FrontendApi.new
+init_code = 'init_code_example' # String | The part of the code return when initializing the flow.
+return_to_code = 'return_to_code_example' # String | The part of the code returned by the return_to URL.
+begin
+  # Exchange Session Token
+  result = api_instance.exchange_session_token(init_code, return_to_code)
+  p result
+rescue OryKratosClient::ApiError => e
+  puts "Error when calling FrontendApi->exchange_session_token: #{e}"
+end
+```
+#### Using the exchange_session_token_with_http_info variant
+This returns an Array which contains the response data, status code and headers.
+> <Array(<SuccessfulNativeLogin>, Integer, Hash)> exchange_session_token_with_http_info(init_code, return_to_code)
+```ruby
+begin
+  # Exchange Session Token
+  data, status_code, headers = api_instance.exchange_session_token_with_http_info(init_code, return_to_code)
+  p status_code # => 2xx
+  p headers # => { ... }
+  p data # => <SuccessfulNativeLogin>
+rescue OryKratosClient::ApiError => e
+  puts "Error when calling FrontendApi->exchange_session_token_with_http_info: #{e}"
+end
+```
+### Parameters
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **init_code** | **String** | The part of the code return when initializing the flow. |  |
+| **return_to_code** | **String** | The part of the code returned by the return_to URL. |  |
+### Return type
+[**SuccessfulNativeLogin**](SuccessfulNativeLogin.md)
+### Authorization
+No authorization required
+### HTTP request headers
+- **Content-Type**: Not defined
+- **Accept**: application/json
 ## get_flow_error
 > <FlowError> get_flow_error(id)
@@ -1243,7 +1323,7 @@ No authorization required
 Get Verification Flow
-This endpoint returns a verification flow's context with, for example, error details and other information.  Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail.  If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain and you need to forward the incoming HTTP Cookie header to this endpoint:  ```js pseudo-code example router.get('/recovery', async function (req, res) { const flow = await client.getVerificationFlow(req.header('cookie'), req.query['flow'])  res.render('verification', flow) })  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
+This endpoint returns a verification flow's context with, for example, error details and other information.  Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail.  If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain and you need to forward the incoming HTTP Cookie header to this endpoint:  ```js pseudo-code example router.get('/recovery', async function (req, res) { const flow = await client.getVerificationFlow(req.header('cookie'), req.query['flow'])  res.render('verification', flow) }) ```  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).
 ### Examples
@@ -1507,7 +1587,7 @@ No authorization required
 Check Who the Current HTTP Session Belongs To
-Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. When the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response.  If you call this endpoint from a server-side application, you must forward the HTTP Cookie Header to this endpoint:  ```js pseudo-code example router.get('/protected-endpoint', async function (req, res) { const session = await client.toSession(undefined, req.header('cookie'))  console.log(session) }) ```  When calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token:  ```js pseudo-code example ... const session = await client.toSession(\"the-session-token\")  console.log(session) ```  Depending on your configuration this endpoint might return a 403 status code if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user to sign in with the second factor or change the configuration.  This endpoint is useful for:  AJAX calls. Remember to send credentials and set up CORS correctly! Reverse proxies and API Gateways Server-side calls - use the `X-Session-Token` header!  This endpoint authenticates users by checking:  if the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie; if the `Authorization: bearer <ory-session-token>` HTTP header was set with a valid Ory Kratos Session Token; if the `X-Session-Token` HTTP header was set with a valid Ory Kratos Session Token.  If none of these headers are set or the cooke or token are invalid, the endpoint returns a HTTP 401 status code.  As explained above, this request may fail due to several reasons. The `error.id` can be one of:  `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.
+Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. When the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response.  If you call this endpoint from a server-side application, you must forward the HTTP Cookie Header to this endpoint:  ```js pseudo-code example router.get('/protected-endpoint', async function (req, res) { const session = await client.toSession(undefined, req.header('cookie'))  console.log(session) }) ```  When calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token:  ```js pseudo-code example ... const session = await client.toSession(\"the-session-token\")  console.log(session) ```  Depending on your configuration this endpoint might return a 403 status code if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user to sign in with the second factor or change the configuration.  This endpoint is useful for:  AJAX calls. Remember to send credentials and set up CORS correctly! Reverse proxies and API Gateways Server-side calls - use the `X-Session-Token` header!  This endpoint authenticates users by checking:  if the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie; if the `Authorization: bearer <ory-session-token>` HTTP header was set with a valid Ory Kratos Session Token; if the `X-Session-Token` HTTP header was set with a valid Ory Kratos Session Token.  If none of these headers are set or the cookie or token are invalid, the endpoint returns a HTTP 401 status code.  As explained above, this request may fail due to several reasons. The `error.id` can be one of:  `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.
 ### Examples
@@ -1658,7 +1738,8 @@ require 'ory-kratos-client'
 api_instance = OryKratosClient::FrontendApi.new
 opts = {
   token: 'token_example', # String | A Valid Logout Token  If you do not have a logout token because you only have a session cookie, call `/self-service/logout/browser` to generate a URL for this endpoint.
-  return_to: 'return_to_example' # String | The URL to return to after the logout was completed.
+  return_to: 'return_to_example', # String | The URL to return to after the logout was completed.
+  cookie: 'cookie_example' # String | HTTP Cookies  When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected.
 }
 begin
@@ -1693,6 +1774,7 @@ end
 | ---- | ---- | ----------- | ----- |
 | **token** | **String** | A Valid Logout Token  If you do not have a logout token because you only have a session cookie, call &#x60;/self-service/logout/browser&#x60; to generate a URL for this endpoint. | [optional] |
 | **return_to** | **String** | The URL to return to after the logout was completed. | [optional] |
+| **cookie** | **String** | HTTP Cookies  When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. | [optional] |
 ### Return type
@@ -1724,7 +1806,7 @@ require 'ory-kratos-client'
 api_instance = OryKratosClient::FrontendApi.new
 flow = 'flow_example' # String | The Recovery Flow ID  The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/recovery?flow=abcde`).
-update_recovery_flow_body = OryKratosClient::UpdateRecoveryFlowWithCodeMethod.new({method: 'method_example'}) # UpdateRecoveryFlowBody |
+update_recovery_flow_body = OryKratosClient::UpdateRecoveryFlowWithCodeMethod.new({method: 'link'}) # UpdateRecoveryFlowBody |
 opts = {
   token: 'token_example', # String | Recovery Token  The recovery token which completes the recovery request. If the token is invalid (e.g. expired) an error will be shown to the end-user.  This parameter is usually set in a link and not used by any direct API call.
   cookie: 'cookie_example' # String | HTTP Cookies  When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected.
@@ -1928,7 +2010,7 @@ No authorization required
 Complete Verification Flow
-Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states:  `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent and works with API- and Browser-initiated flows. For API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid and a HTTP 303 See Other redirect with a fresh verification flow if the flow was otherwise invalid (e.g. expired). For Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Verification UI URL with the Verification Flow ID appended. `sent_email` is the success state after `choose_method` when using the `link` method and allows the user to request another verification email. It works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\"sending a verification link\") does not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL (if the link was valid) and instructs the user to update their password, or a redirect to the Verification UI URL with a new Verification Flow ID which contains an error message that the verification link was invalid.  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).
+Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states:  `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent and works with API- and Browser-initiated flows. For API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid and a HTTP 303 See Other redirect with a fresh verification flow if the flow was otherwise invalid (e.g. expired). For Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Verification UI URL with the Verification Flow ID appended. `sent_email` is the success state after `choose_method` when using the `link` method and allows the user to request another verification email. It works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\"sending a verification link\") does not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL (if the link was valid) and instructs the user to update their password, or a redirect to the Verification UI URL with a new Verification Flow ID which contains an error message that the verification link was invalid.  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation).
 ### Examples
@@ -1938,7 +2020,7 @@ require 'ory-kratos-client'
 api_instance = OryKratosClient::FrontendApi.new
 flow = 'flow_example' # String | The Verification Flow ID  The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/verification?flow=abcde`).
-update_verification_flow_body = OryKratosClient::UpdateVerificationFlowWithLinkMethod.new({email: 'email_example', method: 'method_example'}) # UpdateVerificationFlowBody |
+update_verification_flow_body = OryKratosClient::UpdateVerificationFlowWithCodeMethod.new({method: 'link'}) # UpdateVerificationFlowBody |
 opts = {
   token: 'token_example', # String | Verification Token  The verification token which completes the verification request. If the token is invalid (e.g. expired) an error will be shown to the end-user.  This parameter is usually set in a link and not used by any direct API call.
   cookie: 'cookie_example' # String | HTTP Cookies  When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected.

data/docs/IdentityApi.md CHANGED Viewed

@@ -4,10 +4,12 @@ All URIs are relative to *http://localhost*
 | Method | HTTP request | Description |
 | ------ | ------------ | ----------- |
+| [**batch_patch_identities**](IdentityApi.md#batch_patch_identities) | **PATCH** /admin/identities | Create and deletes multiple identities |
 | [**create_identity**](IdentityApi.md#create_identity) | **POST** /admin/identities | Create an Identity |
 | [**create_recovery_code_for_identity**](IdentityApi.md#create_recovery_code_for_identity) | **POST** /admin/recovery/code | Create a Recovery Code |
 | [**create_recovery_link_for_identity**](IdentityApi.md#create_recovery_link_for_identity) | **POST** /admin/recovery/link | Create a Recovery Link |
 | [**delete_identity**](IdentityApi.md#delete_identity) | **DELETE** /admin/identities/{id} | Delete an Identity |
+| [**delete_identity_credentials**](IdentityApi.md#delete_identity_credentials) | **DELETE** /admin/identities/{id}/credentials/{type} | Delete a credential for a specific identity |
 | [**delete_identity_sessions**](IdentityApi.md#delete_identity_sessions) | **DELETE** /admin/identities/{id}/sessions | Delete &amp; Invalidate an Identity&#39;s Sessions |
 | [**disable_session**](IdentityApi.md#disable_session) | **DELETE** /admin/sessions/{id} | Deactivate a Session |
 | [**extend_session**](IdentityApi.md#extend_session) | **PATCH** /admin/sessions/{id}/extend | Extend a Session |
@@ -22,6 +24,79 @@ All URIs are relative to *http://localhost*
 | [**update_identity**](IdentityApi.md#update_identity) | **PUT** /admin/identities/{id} | Update an Identity |
+## batch_patch_identities
+> <BatchPatchIdentitiesResponse> batch_patch_identities(opts)
+Create and deletes multiple identities
+Creates or delete multiple [identities](https://www.ory.sh/docs/kratos/concepts/identity-user-model). This endpoint can also be used to [import credentials](https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities) for instance passwords, social sign in configurations or multifactor methods.
+### Examples
+```ruby
+require 'time'
+require 'ory-kratos-client'
+# setup authorization
+OryKratosClient.configure do |config|
+  # Configure API key authorization: oryAccessToken
+  config.api_key['oryAccessToken'] = 'YOUR API KEY'
+  # Uncomment the following line to set a prefix for the API key, e.g. 'Bearer' (defaults to nil)
+  # config.api_key_prefix['oryAccessToken'] = 'Bearer'
+end
+api_instance = OryKratosClient::IdentityApi.new
+opts = {
+  patch_identities_body: OryKratosClient::PatchIdentitiesBody.new # PatchIdentitiesBody |
+}
+begin
+  # Create and deletes multiple identities
+  result = api_instance.batch_patch_identities(opts)
+  p result
+rescue OryKratosClient::ApiError => e
+  puts "Error when calling IdentityApi->batch_patch_identities: #{e}"
+end
+```
+#### Using the batch_patch_identities_with_http_info variant
+This returns an Array which contains the response data, status code and headers.
+> <Array(<BatchPatchIdentitiesResponse>, Integer, Hash)> batch_patch_identities_with_http_info(opts)
+```ruby
+begin
+  # Create and deletes multiple identities
+  data, status_code, headers = api_instance.batch_patch_identities_with_http_info(opts)
+  p status_code # => 2xx
+  p headers # => { ... }
+  p data # => <BatchPatchIdentitiesResponse>
+rescue OryKratosClient::ApiError => e
+  puts "Error when calling IdentityApi->batch_patch_identities_with_http_info: #{e}"
+end
+```
+### Parameters
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **patch_identities_body** | [**PatchIdentitiesBody**](PatchIdentitiesBody.md) |  | [optional] |
+### Return type
+[**BatchPatchIdentitiesResponse**](BatchPatchIdentitiesResponse.md)
+### Authorization
+[oryAccessToken](../README.md#oryAccessToken)
+### HTTP request headers
+- **Content-Type**: application/json
+- **Accept**: application/json
 ## create_identity
 > <Identity> create_identity(opts)
@@ -311,6 +386,78 @@ nil (empty response body)
 - **Accept**: application/json
+## delete_identity_credentials
+> delete_identity_credentials(id, type)
+Delete a credential for a specific identity
+Delete an [identity](https://www.ory.sh/docs/kratos/concepts/identity-user-model) credential by its type You can only delete second factor (aal2) credentials.
+### Examples
+```ruby
+require 'time'
+require 'ory-kratos-client'
+# setup authorization
+OryKratosClient.configure do |config|
+  # Configure API key authorization: oryAccessToken
+  config.api_key['oryAccessToken'] = 'YOUR API KEY'
+  # Uncomment the following line to set a prefix for the API key, e.g. 'Bearer' (defaults to nil)
+  # config.api_key_prefix['oryAccessToken'] = 'Bearer'
+end
+api_instance = OryKratosClient::IdentityApi.new
+id = 'id_example' # String | ID is the identity's ID.
+type = 'totp' # String | Type is the credential's Type. One of totp, webauthn, lookup
+begin
+  # Delete a credential for a specific identity
+  api_instance.delete_identity_credentials(id, type)
+rescue OryKratosClient::ApiError => e
+  puts "Error when calling IdentityApi->delete_identity_credentials: #{e}"
+end
+```
+#### Using the delete_identity_credentials_with_http_info variant
+This returns an Array which contains the response data (`nil` in this case), status code and headers.
+> <Array(nil, Integer, Hash)> delete_identity_credentials_with_http_info(id, type)
+```ruby
+begin
+  # Delete a credential for a specific identity
+  data, status_code, headers = api_instance.delete_identity_credentials_with_http_info(id, type)
+  p status_code # => 2xx
+  p headers # => { ... }
+  p data # => nil
+rescue OryKratosClient::ApiError => e
+  puts "Error when calling IdentityApi->delete_identity_credentials_with_http_info: #{e}"
+end
+```
+### Parameters
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **id** | **String** | ID is the identity&#39;s ID. |  |
+| **type** | **String** | Type is the credential&#39;s Type. One of totp, webauthn, lookup |  |
+### Return type
+nil (empty response body)
+### Authorization
+[oryAccessToken](../README.md#oryAccessToken)
+### HTTP request headers
+- **Content-Type**: Not defined
+- **Accept**: application/json
 ## delete_identity_sessions
 > delete_identity_sessions(id)
@@ -546,7 +693,7 @@ end
 api_instance = OryKratosClient::IdentityApi.new
 id = 'id_example' # String | ID must be set to the ID of identity you want to get
 opts = {
-  include_credential: ['inner_example'] # Array<String> | Include Credentials in Response  Currently, only `oidc` is supported. This will return the initial OAuth 2.0 Access, Refresh and (optionally) OpenID Connect ID Token.
+  include_credential: ['password'] # Array<String> | Include Credentials in Response  Include any credential, for example `password` or `oidc`, in the response. When set to `oidc`, This will return the initial OAuth 2.0 Access Token, OAuth 2.0 Refresh Token and the OpenID Connect ID Token if available.
 }
 begin
@@ -581,7 +728,7 @@ end
 | Name | Type | Description | Notes |
 | ---- | ---- | ----------- | ----- |
 | **id** | **String** | ID must be set to the ID of identity you want to get |  |
-| **include_credential** | [**Array&lt;String&gt;**](String.md) | Include Credentials in Response  Currently, only &#x60;oidc&#x60; is supported. This will return the initial OAuth 2.0 Access, Refresh and (optionally) OpenID Connect ID Token. | [optional] |
+| **include_credential** | [**Array&lt;String&gt;**](String.md) | Include Credentials in Response  Include any credential, for example &#x60;password&#x60; or &#x60;oidc&#x60;, in the response. When set to &#x60;oidc&#x60;, This will return the initial OAuth 2.0 Access Token, OAuth 2.0 Refresh Token and the OpenID Connect ID Token if available. | [optional] |
 ### Return type
@@ -685,7 +832,7 @@ end
 api_instance = OryKratosClient::IdentityApi.new
 id = 'id_example' # String | ID is the session's ID.
 opts = {
-  expand: ['Devices'] # Array<String> | ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. Example - ?expand=Identity&expand=Devices If no value is provided, the expandable properties are skipped.
+  expand: ['inner_example'] # Array<String> | ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. Example - ?expand=Identity&expand=Devices If no value is provided, the expandable properties are skipped.
 }
 begin
@@ -760,7 +907,8 @@ end
 api_instance = OryKratosClient::IdentityApi.new
 opts = {
   per_page: 789, # Integer | Items per Page  This is the number of items per page.
-  page: 789 # Integer | Pagination Page  This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list.  For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.
+  page: 789, # Integer | Pagination Page  This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list.  For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist.
+  credentials_identifier: 'credentials_identifier_example' # String | CredentialsIdentifier is the identifier (username, email) of the credentials to look up.
 }
 begin
@@ -796,6 +944,7 @@ end
 | ---- | ---- | ----------- | ----- |
 | **per_page** | **Integer** | Items per Page  This is the number of items per page. | [optional][default to 250] |
 | **page** | **Integer** | Pagination Page  This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list.  For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. | [optional][default to 1] |
+| **credentials_identifier** | **String** | CredentialsIdentifier is the identifier (username, email) of the credentials to look up. | [optional] |
 ### Return type
@@ -984,7 +1133,7 @@ opts = {
   page_size: 789, # Integer | Items per Page  This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
   page_token: 'page_token_example', # String | Next Page Token  The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
   active: true, # Boolean | Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned.
-  expand: ['Devices'] # Array<String> | ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. Example - ?expand=Identity&expand=Devices If no value is provided, the expandable properties are skipped.
+  expand: ['inner_example'] # Array<String> | ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. If no value is provided, the expandable properties are skipped.
 }
 begin
@@ -1021,7 +1170,7 @@ end
 | **page_size** | **Integer** | Items per Page  This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). | [optional][default to 250] |
 | **page_token** | **String** | Next Page Token  The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). | [optional] |
 | **active** | **Boolean** | Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned. | [optional] |
-| **expand** | [**Array&lt;String&gt;**](String.md) | ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. Example - ?expand&#x3D;Identity&amp;expand&#x3D;Devices If no value is provided, the expandable properties are skipped. | [optional] |
+| **expand** | [**Array&lt;String&gt;**](String.md) | ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. If no value is provided, the expandable properties are skipped. | [optional] |
 ### Return type

data/docs/IdentityPatch.md ADDED Viewed

@@ -0,0 +1,20 @@
+# OryKratosClient::IdentityPatch
+## Properties
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **create** | [**CreateIdentityBody**](CreateIdentityBody.md) |  | [optional] |
+| **patch_id** | **String** | The ID of this patch.  The patch ID is optional. If specified, the ID will be returned in the response, so consumers of this API can correlate the response with the patch. | [optional] |
+## Example
+```ruby
+require 'ory-kratos-client'
+instance = OryKratosClient::IdentityPatch.new(
+  create: null,
+  patch_id: null
+)
+```

data/docs/IdentityPatchResponse.md ADDED Viewed

@@ -0,0 +1,22 @@
+# OryKratosClient::IdentityPatchResponse
+## Properties
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **action** | **String** | The action for this specific patch create ActionCreate  Create this identity. | [optional] |
+| **identity** | **String** | The identity ID payload of this patch | [optional] |
+| **patch_id** | **String** | The ID of this patch response, if an ID was specified in the patch. | [optional] |
+## Example
+```ruby
+require 'ory-kratos-client'
+instance = OryKratosClient::IdentityPatchResponse.new(
+  action: null,
+  identity: null,
+  patch_id: null
+)
+```

data/docs/IdentitySchemaContainer.md CHANGED Viewed

@@ -5,7 +5,7 @@
 | Name | Type | Description | Notes |
 | ---- | ---- | ----------- | ----- |
 | **id** | **String** | The ID of the Identity JSON Schema | [optional] |
-| **schema** | **Object** | Raw JSON Schema | [optional] |
+| **schema** | **Object** | The actual Identity JSON Schema | [optional] |
 ## Example

data/docs/LoginFlow.md CHANGED Viewed

@@ -9,12 +9,13 @@
 | **expires_at** | **Time** | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated. |  |
 | **id** | **String** | ID represents the flow&#39;s unique ID. When performing the login flow, this represents the id in the login UI&#39;s query parameter: http://&lt;selfservice.flows.login.ui_url&gt;/?flow&#x3D;&lt;flow_id&gt; |  |
 | **issued_at** | **Time** | IssuedAt is the time (UTC) when the flow started. |  |
-| **oauth2_login_challenge** | **String** |  | [optional] |
+| **oauth2_login_challenge** | **String** | Ory OAuth 2.0 Login Challenge.  This value is set using the &#x60;login_challenge&#x60; query parameter of the registration and login endpoints. If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider. | [optional] |
 | **oauth2_login_request** | [**OAuth2LoginRequest**](OAuth2LoginRequest.md) |  | [optional] |
 | **refresh** | **Boolean** | Refresh stores whether this login flow should enforce re-authentication. | [optional] |
 | **request_url** | **String** | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL&#39;s path or query for example. |  |
 | **requested_aal** | [**AuthenticatorAssuranceLevel**](AuthenticatorAssuranceLevel.md) |  | [optional] |
 | **return_to** | **String** | ReturnTo contains the requested return_to URL. | [optional] |
+| **session_token_exchange_code** | **String** | SessionTokenExchangeCode holds the secret code that the client can use to retrieve a session token after the login flow has been completed. This is only set if the client has requested a session token exchange code, and if the flow is of type \&quot;api\&quot;, and only on creating the login flow. | [optional] |
 | **type** | **String** | The flow type can either be &#x60;api&#x60; or &#x60;browser&#x60;. |  |
 | **ui** | [**UiContainer**](UiContainer.md) |  |  |
 | **updated_at** | **Time** | UpdatedAt is a helper struct field for gobuffalo.pop. | [optional] |
@@ -36,6 +37,7 @@ instance = OryKratosClient::LoginFlow.new(
   request_url: null,
   requested_aal: null,
   return_to: null,
+  session_token_exchange_code: null,
   type: null,
   ui: null,
   updated_at: null

data/docs/MetadataApi.md CHANGED Viewed

@@ -128,7 +128,7 @@ No authorization required
 ### HTTP request headers
 - **Content-Type**: Not defined
-- **Accept**: application/json
+- **Accept**: application/json, text/plain
 ## is_ready
@@ -189,5 +189,5 @@ No authorization required
 ### HTTP request headers
 - **Content-Type**: Not defined
-- **Accept**: application/json
+- **Accept**: application/json, text/plain

data/docs/NeedsPrivilegedSessionError.md CHANGED Viewed

@@ -4,15 +4,8 @@
 | Name | Type | Description | Notes |
 | ---- | ---- | ----------- | ----- |
-| **code** | **Integer** | The status code | [optional] |
-| **debug** | **String** | Debug information  This field is often not exposed to protect against leaking sensitive information. | [optional] |
-| **details** | **Hash&lt;String, Object&gt;** | Further error details | [optional] |
-| **id** | **String** | The error ID  Useful when trying to identify various errors in application logic. | [optional] |
-| **message** | **String** | Error message  The error&#39;s message. |  |
-| **reason** | **String** | A human-readable reason for the error | [optional] |
+| **error** | [**GenericError**](GenericError.md) |  | [optional] |
 | **redirect_browser_to** | **String** | Points to where to redirect the user to next. |  |
-| **request** | **String** | The request ID  The request ID is often exposed internally in order to trace errors across service architectures. This is often a UUID. | [optional] |
-| **status** | **String** | The status description | [optional] |
 ## Example
@@ -20,15 +13,8 @@
 require 'ory-kratos-client'
 instance = OryKratosClient::NeedsPrivilegedSessionError.new(
-  code: 404,
-  debug: SQL field &quot;foo&quot; is not a bool.,
-  details: null,
-  id: null,
-  message: The resource could not be found,
-  reason: User with ID 1234 does not exist.,
-  redirect_browser_to: null,
-  request: d7ef54b1-ec15-46e6-bccb-524b82c035e6,
-  status: Not Found
+  error: null,
+  redirect_browser_to: null
 )
 ```