@fusionauth/typescript-client 1.48.0 → 1.50.0

package/build/src/FusionAuthClient.d.ts

@@ -27,21 +27,21 @@ export declare class FusionAuthClient {
      * "actioner". Both user ids are required in the request object.
      *
      * @param {ActionRequest} request The action request that includes all the information about the action being taken including
-     *    the id of the action, any options and the duration (if applicable).
+     *    the Id of the action, any options and the duration (if applicable).
      * @returns {Promise<ClientResponse<ActionResponse>>}
      */
     actionUser(request: ActionRequest): Promise<ClientResponse<ActionResponse>>;
     /**
-     * Activates the FusionAuth Reactor using a license id and optionally a license text (for air-gapped deployments)
+     * Activates the FusionAuth Reactor using a license Id and optionally a license text (for air-gapped deployments)
      *
      * @param {ReactorRequest} request An optional request that contains the license text to activate Reactor (useful for air-gap deployments of FusionAuth).
      * @returns {Promise<ClientResponse<void>>}
      */
     activateReactor(request: ReactorRequest): Promise<ClientResponse<void>>;
     /**
-     * Adds a user to an existing family. The family id must be specified.
+     * Adds a user to an existing family. The family Id must be specified.
      *
-     * @param {UUID} familyId The id of the family.
+     * @param {UUID} familyId The Id of the family.
      * @param {FamilyRequest} request The request object that contains all the information used to determine which user to add to the family.
      * @returns {Promise<ClientResponse<FamilyResponse>>}
      */
@@ -59,7 +59,7 @@ export declare class FusionAuthClient {
     /**
      * Cancels the user action.
      *
-     * @param {UUID} actionId The action id of the action to cancel.
+     * @param {UUID} actionId The action Id of the action to cancel.
      * @param {ActionRequest} request The action request that contains the information about the cancellation.
      * @returns {Promise<ClientResponse<ActionResponse>>}
      */
@@ -77,7 +77,7 @@ export declare class FusionAuthClient {
      */
     changePassword(changePasswordId: string, request: ChangePasswordRequest): Promise<ClientResponse<ChangePasswordResponse>>;
     /**
-     * Changes a user's password using their identity (login id and password). Using a loginId instead of the changePasswordId
+     * Changes a user's password using their identity (loginId and password). Using a loginId instead of the changePasswordId
      * bypasses the email verification and allows a password to be changed directly without first calling the #forgotPassword
      * method.
      *
@@ -133,9 +133,9 @@ export declare class FusionAuthClient {
      * Adds a comment to the user's account.
      *
      * @param {UserCommentRequest} request The request object that contains all the information used to create the user comment.
-     * @returns {Promise<ClientResponse<void>>}
+     * @returns {Promise<ClientResponse<UserCommentResponse>>}
      */
-    commentOnUser(request: UserCommentRequest): Promise<ClientResponse<void>>;
+    commentOnUser(request: UserCommentRequest): Promise<ClientResponse<UserCommentResponse>>;
     /**
      * Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge without logging the user in
      *
@@ -178,7 +178,7 @@ export declare class FusionAuthClient {
      */
     createApplication(applicationId: UUID, request: ApplicationRequest): Promise<ClientResponse<ApplicationResponse>>;
     /**
-     * Creates a new role for an application. You must specify the id of the application you are creating the role for.
+     * Creates a new role for an application. You must specify the Id of the application you are creating the role for.
      * You can optionally specify an Id for the role inside the ApplicationRole object itself, if not provided one will be generated.
      *
      * @param {UUID} applicationId The Id of the application to create the role on.
@@ -237,7 +237,7 @@ export declare class FusionAuthClient {
      */
     createEntityType(entityTypeId: UUID, request: EntityTypeRequest): Promise<ClientResponse<EntityTypeResponse>>;
     /**
-     * Creates a new permission for an entity type. You must specify the id of the entity type you are creating the permission for.
+     * Creates a new permission for an entity type. You must specify the Id of the entity type you are creating the permission for.
      * You can optionally specify an Id for the permission inside the EntityTypePermission object itself, if not provided one will be generated.
      *
      * @param {UUID} entityTypeId The Id of the entity type to create the permission on.
@@ -247,10 +247,10 @@ export declare class FusionAuthClient {
      */
     createEntityTypePermission(entityTypeId: UUID, permissionId: UUID, request: EntityTypeRequest): Promise<ClientResponse<EntityTypeResponse>>;
     /**
-     * Creates a family with the user id in the request as the owner and sole member of the family. You can optionally specify an id for the
+     * Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the
      * family, if not provided one will be generated.
      *
-     * @param {UUID} familyId (Optional) The id for the family. If not provided a secure random UUID will be generated.
+     * @param {UUID} familyId (Optional) The Id for the family. If not provided a secure random UUID will be generated.
      * @param {FamilyRequest} request The request object that contains all the information used to create the family.
      * @returns {Promise<ClientResponse<FamilyResponse>>}
      */
@@ -326,6 +326,16 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<MessengerResponse>>}
      */
     createMessenger(messengerId: UUID, request: MessengerRequest): Promise<ClientResponse<MessengerResponse>>;
+    /**
+     * Creates a new custom OAuth scope for an application. You must specify the Id of the application you are creating the scope for.
+     * You can optionally specify an Id for the OAuth scope on the URL, if not provided one will be generated.
+     *
+     * @param {UUID} applicationId The Id of the application to create the OAuth scope on.
+     * @param {UUID} scopeId (Optional) The Id of the OAuth scope. If not provided a secure random UUID will be generated.
+     * @param {ApplicationOAuthScopeRequest} request The request object that contains all the information used to create the OAuth OAuth scope.
+     * @returns {Promise<ClientResponse<ApplicationOAuthScopeResponse>>}
+     */
+    createOAuthScope(applicationId: UUID, scopeId: UUID, request: ApplicationOAuthScopeRequest): Promise<ClientResponse<ApplicationOAuthScopeResponse>>;
     /**
      * Creates a tenant. You can optionally specify an Id for the tenant, if not provided one will be generated.
      *
@@ -455,7 +465,7 @@ export declare class FusionAuthClient {
      * Hard deletes an application role. This is a dangerous operation and should not be used in most circumstances. This
      * permanently removes the given role from all users that had it.
      *
-     * @param {UUID} applicationId The Id of the application to deactivate.
+     * @param {UUID} applicationId The Id of the application that the role belongs to.
      * @param {UUID} roleId The Id of the role to delete.
      * @returns {Promise<ClientResponse<void>>}
      */
@@ -583,6 +593,15 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<void>>}
      */
     deleteMessenger(messengerId: UUID): Promise<ClientResponse<void>>;
+    /**
+     * Hard deletes a custom OAuth scope.
+     * OAuth workflows that are still requesting the deleted OAuth scope may fail depending on the application's unknown scope policy.
+     *
+     * @param {UUID} applicationId The Id of the application that the OAuth scope belongs to.
+     * @param {UUID} scopeId The Id of the OAuth scope to delete.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    deleteOAuthScope(applicationId: UUID, scopeId: UUID): Promise<ClientResponse<void>>;
     /**
      * Deletes the user registration for the given user and application.
      *
@@ -1026,7 +1045,7 @@ export declare class FusionAuthClient {
      */
     patchApplication(applicationId: UUID, request: ApplicationRequest): Promise<ClientResponse<ApplicationResponse>>;
     /**
-     * Updates, via PATCH, the application role with the given id for the application.
+     * Updates, via PATCH, the application role with the given Id for the application.
      *
      * @param {UUID} applicationId The Id of the application that the role belongs to.
      * @param {UUID} roleId The Id of the role to update.
@@ -1114,7 +1133,16 @@ export declare class FusionAuthClient {
      */
     patchMessenger(messengerId: UUID, request: MessengerRequest): Promise<ClientResponse<MessengerResponse>>;
     /**
-     * Updates, via PATCH, the registration for the user with the given id and the application defined in the request.
+     * Updates, via PATCH, the custom OAuth scope with the given Id for the application.
+     *
+     * @param {UUID} applicationId The Id of the application that the OAuth scope belongs to.
+     * @param {UUID} scopeId The Id of the OAuth scope to update.
+     * @param {ApplicationOAuthScopeRequest} request The request that contains just the new OAuth scope information.
+     * @returns {Promise<ClientResponse<ApplicationOAuthScopeResponse>>}
+     */
+    patchOAuthScope(applicationId: UUID, scopeId: UUID, request: ApplicationOAuthScopeRequest): Promise<ClientResponse<ApplicationOAuthScopeResponse>>;
+    /**
+     * Updates, via PATCH, the registration for the user with the given Id and the application defined in the request.
      *
      * @param {UUID} userId The Id of the user whose registration is going to be updated.
      * @param {RegistrationRequest} request The request that contains just the new registration information.
@@ -1232,7 +1260,7 @@ export declare class FusionAuthClient {
      * Registers a user for an application. If you provide the User and the UserRegistration object on this request, it
      * will create the user as well as register them for the application. This is called a Full Registration. However, if
      * you only provide the UserRegistration object, then the user must already exist and they will be registered for the
-     * application. The user id can also be provided and it will either be used to look up an existing user or it will be
+     * application. The user Id can also be provided and it will either be used to look up an existing user or it will be
      * used for the newly created User.
      *
      * @param {UUID} userId (Optional) The Id of the user being registered for the application and optionally created.
@@ -1254,8 +1282,8 @@ export declare class FusionAuthClient {
     /**
      * Removes a user from the family with the given id.
      *
-     * @param {UUID} familyId The id of the family to remove the user from.
-     * @param {UUID} userId The id of the user to remove from the family.
+     * @param {UUID} familyId The Id of the family to remove the user from.
+     * @param {UUID} userId The Id of the user to remove from the family.
      * @returns {Promise<ClientResponse<void>>}
      */
     removeUserFromFamily(familyId: UUID, userId: UUID): Promise<ClientResponse<void>>;
@@ -1321,7 +1349,7 @@ export declare class FusionAuthClient {
      */
     retrieveActiveActions(userId: UUID): Promise<ClientResponse<ActionResponse>>;
     /**
-     * Retrieves the application for the given id or all the applications if the id is null.
+     * Retrieves the application for the given Id or all the applications if the Id is null.
      *
      * @param {UUID} applicationId (Optional) The application id.
      * @returns {Promise<ClientResponse<ApplicationResponse>>}
@@ -1495,7 +1523,7 @@ export declare class FusionAuthClient {
      */
     retrieveIPAccessControlList(ipAccessControlListId: UUID): Promise<ClientResponse<IPAccessControlListResponse>>;
     /**
-     * Retrieves the identity provider for the given id or all the identity providers if the id is null.
+     * Retrieves the identity provider for the given Id or all the identity providers if the Id is null.
      *
      * @param {UUID} identityProviderId The identity provider Id.
      * @returns {Promise<ClientResponse<IdentityProviderResponse>>}
@@ -1654,6 +1682,14 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<MonthlyActiveUserReportResponse>>}
      */
     retrieveMonthlyActiveReport(applicationId: UUID, start: number, end: number): Promise<ClientResponse<MonthlyActiveUserReportResponse>>;
+    /**
+     * Retrieves a custom OAuth scope.
+     *
+     * @param {UUID} applicationId The Id of the application that the OAuth scope belongs to.
+     * @param {UUID} scopeId The Id of the OAuth scope to retrieve.
+     * @returns {Promise<ClientResponse<ApplicationOAuthScopeResponse>>}
+     */
+    retrieveOAuthScope(applicationId: UUID, scopeId: UUID): Promise<ClientResponse<ApplicationOAuthScopeResponse>>;
     /**
      * Retrieves the Oauth2 configuration for the application for the given Application Id.
      *
@@ -1735,7 +1771,7 @@ export declare class FusionAuthClient {
      */
     retrieveRefreshTokens(userId: UUID): Promise<ClientResponse<RefreshTokenResponse>>;
     /**
-     * Retrieves the user registration for the user with the given id and the given application id.
+     * Retrieves the user registration for the user with the given Id and the given application id.
      *
      * @param {UUID} userId The Id of the user.
      * @param {UUID} applicationId The Id of the application.
@@ -2054,8 +2090,8 @@ export declare class FusionAuthClient {
      *  - revokeRefreshTokensByUserIdForApplication
      *
      * @param {string} token (Optional) The refresh token to delete.
-     * @param {UUID} userId (Optional) The user id whose tokens to delete.
-     * @param {UUID} applicationId (Optional) The application id of the tokens to delete.
+     * @param {UUID} userId (Optional) The user Id whose tokens to delete.
+     * @param {UUID} applicationId (Optional) The application Id of the tokens to delete.
      * @returns {Promise<ClientResponse<void>>}
      */
     revokeRefreshToken(token: string, userId: UUID, applicationId: UUID): Promise<ClientResponse<void>>;
@@ -2146,7 +2182,7 @@ export declare class FusionAuthClient {
      */
     searchEntities(request: EntitySearchRequest): Promise<ClientResponse<EntitySearchResponse>>;
     /**
-     * Retrieves the entities for the given ids. If any id is invalid, it is ignored.
+     * Retrieves the entities for the given ids. If any Id is invalid, it is ignored.
      *
      * @param {Array<string>} ids The entity ids to search for.
      * @returns {Promise<ClientResponse<EntitySearchResponse>>}
@@ -2244,7 +2280,7 @@ export declare class FusionAuthClient {
      */
     searchUserComments(request: UserCommentSearchRequest): Promise<ClientResponse<UserCommentSearchResponse>>;
     /**
-     * Retrieves the users for the given ids. If any id is invalid, it is ignored.
+     * Retrieves the users for the given ids. If any Id is invalid, it is ignored.
      *
      * @param {Array<string>} ids The user ids to search for.
      * @returns {Promise<ClientResponse<SearchResponse>>}
@@ -2253,7 +2289,7 @@ export declare class FusionAuthClient {
      */
     searchUsers(ids: Array<string>): Promise<ClientResponse<SearchResponse>>;
     /**
-     * Retrieves the users for the given ids. If any id is invalid, it is ignored.
+     * Retrieves the users for the given ids. If any Id is invalid, it is ignored.
      *
      * @param {Array<string>} ids The user ids to search for.
      * @returns {Promise<ClientResponse<SearchResponse>>}
@@ -2288,7 +2324,7 @@ export declare class FusionAuthClient {
      * Send an email using an email template id. You can optionally provide <code>requestData</code> to access key value
      * pairs in the email template.
      *
-     * @param {UUID} emailTemplateId The id for the template.
+     * @param {UUID} emailTemplateId The Id for the template.
      * @param {SendRequest} request The send email request that contains all the information used to send the email.
      * @returns {Promise<ClientResponse<SendResponse>>}
      */
@@ -2406,7 +2442,7 @@ export declare class FusionAuthClient {
      */
     updateApplication(applicationId: UUID, request: ApplicationRequest): Promise<ClientResponse<ApplicationResponse>>;
     /**
-     * Updates the application role with the given id for the application.
+     * Updates the application role with the given Id for the application.
      *
      * @param {UUID} applicationId The Id of the application that the role belongs to.
      * @param {UUID} roleId The Id of the role to update.
@@ -2455,7 +2491,7 @@ export declare class FusionAuthClient {
      */
     updateEntityType(entityTypeId: UUID, request: EntityTypeRequest): Promise<ClientResponse<EntityTypeResponse>>;
     /**
-     * Updates the permission with the given id for the entity type.
+     * Updates the permission with the given Id for the entity type.
      *
      * @param {UUID} entityTypeId The Id of the entityType that the permission belongs to.
      * @param {UUID} permissionId The Id of the permission to update.
@@ -2550,7 +2586,16 @@ export declare class FusionAuthClient {
      */
     updateMessenger(messengerId: UUID, request: MessengerRequest): Promise<ClientResponse<MessengerResponse>>;
     /**
-     * Updates the registration for the user with the given id and the application defined in the request.
+     * Updates the OAuth scope with the given Id for the application.
+     *
+     * @param {UUID} applicationId The Id of the application that the OAuth scope belongs to.
+     * @param {UUID} scopeId The Id of the OAuth scope to update.
+     * @param {ApplicationOAuthScopeRequest} request The request that contains all the new OAuth scope information.
+     * @returns {Promise<ClientResponse<ApplicationOAuthScopeResponse>>}
+     */
+    updateOAuthScope(applicationId: UUID, scopeId: UUID, request: ApplicationOAuthScopeRequest): Promise<ClientResponse<ApplicationOAuthScopeResponse>>;
+    /**
+     * Updates the registration for the user with the given Id and the application defined in the request.
      *
      * @param {UUID} userId The Id of the user whose registration is going to be updated.
      * @param {RegistrationRequest} request The request that contains all the new registration information.
@@ -2665,7 +2710,7 @@ export declare class FusionAuthClient {
     /**
      * Confirms a email verification. The Id given is usually from an email sent to the user.
      *
-     * @param {string} verificationId The email verification id sent to the user.
+     * @param {string} verificationId The email verification Id sent to the user.
      * @returns {Promise<ClientResponse<void>>}
      *
      * @deprecated This method has been renamed to verifyEmailAddress and changed to take a JSON request body, use that method instead.
@@ -3003,6 +3048,7 @@ export interface LambdaConfiguration {
     idTokenPopulateId?: UUID;
     samlv2PopulateId?: UUID;
     selfServiceRegistrationValidationId?: UUID;
+    userinfoPopulateId?: UUID;
 }
 /**
  * @author Daniel DeGroff
@@ -3246,7 +3292,7 @@ export interface UserIdentityProviderLinkEvent extends BaseEvent {
  *
  * @author Spencer Witt
  */
-export interface ApplicationSearchResponse {
+export interface ApplicationSearchResponse extends ExpandableResponse {
     applications?: Array<Application>;
     total?: number;
 }
@@ -3342,6 +3388,16 @@ export interface UserUpdateEvent extends BaseEvent {
     original?: User;
     user?: User;
 }
+/**
+ * The application's relationship to the authorization server. First-party applications will be granted implicit permission for requested scopes.
+ * Third-party applications will use the {@link OAuthScopeConsentMode} policy.
+ *
+ * @author Spencer Witt
+ */
+export declare enum OAuthApplicationRelationship {
+    FirstParty = "FirstParty",
+    ThirdParty = "ThirdParty"
+}
 /**
  * The summary of the action that is preventing login to be returned on the login response.
  *
@@ -3757,6 +3813,17 @@ export interface IdentityProviderLinkResponse {
     identityProviderLink?: IdentityProviderLink;
     identityProviderLinks?: Array<IdentityProviderLink>;
 }
+/**
+ * The handling policy for scopes provided by FusionAuth
+ *
+ * @author Spencer Witt
+ */
+export interface ProvidedScopePolicy {
+    address?: Requirable;
+    email?: Requirable;
+    phone?: Requirable;
+    profile?: Requirable;
+}
 export interface HistoryItem {
     actionerUserId?: UUID;
     comment?: string;
@@ -3841,6 +3908,7 @@ export interface SystemConfiguration {
     lastUpdateInstant?: number;
     loginRecordConfiguration?: LoginRecordConfiguration;
     reportTimezone?: string;
+    trustedProxyConfiguration?: SystemTrustedProxyConfiguration;
     uiConfiguration?: UIConfiguration;
 }
 /**
@@ -4145,6 +4213,9 @@ export interface ReactorStatus {
     advancedIdentityProviders?: ReactorFeatureStatus;
     advancedLambdas?: ReactorFeatureStatus;
     advancedMultiFactorAuthentication?: ReactorFeatureStatus;
+    advancedOAuthScopes?: ReactorFeatureStatus;
+    advancedOAuthScopesCustomScopes?: ReactorFeatureStatus;
+    advancedOAuthScopesThirdPartyApplications?: ReactorFeatureStatus;
     advancedRegistration?: ReactorFeatureStatus;
     applicationMultiFactorAuthentication?: ReactorFeatureStatus;
     applicationThemes?: ReactorFeatureStatus;
@@ -4403,7 +4474,8 @@ export declare enum LambdaType {
     SCIMServerGroupResponseConverter = "SCIMServerGroupResponseConverter",
     SCIMServerUserRequestConverter = "SCIMServerUserRequestConverter",
     SCIMServerUserResponseConverter = "SCIMServerUserResponseConverter",
-    SelfServiceRegistrationValidation = "SelfServiceRegistrationValidation"
+    SelfServiceRegistrationValidation = "SelfServiceRegistrationValidation",
+    UserInfoPopulate = "UserInfoPopulate"
 }
 /**
  * @author Daniel DeGroff
@@ -4961,6 +5033,7 @@ export interface Application {
     registrationDeletePolicy?: ApplicationRegistrationDeletePolicy;
     roles?: Array<ApplicationRole>;
     samlv2Configuration?: SAMLv2Configuration;
+    scopes?: Array<ApplicationOAuthScope>;
     state?: ObjectState;
     tenantId?: UUID;
     themeId?: UUID;
@@ -5061,6 +5134,7 @@ export interface OAuth2Configuration {
     clientAuthenticationPolicy?: ClientAuthenticationPolicy;
     clientId?: string;
     clientSecret?: string;
+    consentMode?: OAuthScopeConsentMode;
     debug?: boolean;
     deviceVerificationURL?: string;
     enabledGrants?: Array<GrantType>;
@@ -5068,8 +5142,12 @@ export interface OAuth2Configuration {
     logoutBehavior?: LogoutBehavior;
     logoutURL?: string;
     proofKeyForCodeExchangePolicy?: ProofKeyForCodeExchangePolicy;
+    providedScopePolicy?: ProvidedScopePolicy;
+    relationship?: OAuthApplicationRelationship;
     requireClientAuthentication?: boolean;
     requireRegistration?: boolean;
+    scopeHandlingPolicy?: OAuthScopeHandlingPolicy;
+    unknownScopePolicy?: UnknownScopePolicy;
 }
 /**
  * @author Daniel DeGroff
@@ -5509,6 +5587,7 @@ export interface ExternalIdentifierConfiguration {
     registrationVerificationIdGenerator?: SecureGeneratorConfiguration;
     registrationVerificationIdTimeToLiveInSeconds?: number;
     registrationVerificationOneTimeCodeGenerator?: SecureGeneratorConfiguration;
+    rememberOAuthScopeConsentChoiceTimeToLiveInSeconds?: number;
     samlv2AuthNRequestIdTimeToLiveInSeconds?: number;
     setupPasswordIdGenerator?: SecureGeneratorConfiguration;
     setupPasswordIdTimeToLiveInSeconds?: number;
@@ -5567,7 +5646,9 @@ export interface WebAuthnPublicKeyRegistrationRequest {
  */
 export interface UserResponse {
     emailVerificationId?: string;
+    emailVerificationOneTimeCode?: string;
     registrationVerificationIds?: Record<UUID, string>;
+    registrationVerificationOneTimeCodes?: Record<UUID, string>;
     token?: string;
     tokenExpirationInstant?: number;
     user?: User;
@@ -5951,6 +6032,23 @@ export interface AuditLogConfiguration {
 export interface UserDeleteEvent extends BaseEvent {
     user?: User;
 }
+/**
+ * A custom OAuth scope for a specific application.
+ *
+ * @author Spencer Witt
+ */
+export interface ApplicationOAuthScope {
+    applicationId?: UUID;
+    data?: Record<string, any>;
+    defaultConsentDetail?: string;
+    defaultConsentMessage?: string;
+    description?: string;
+    id?: UUID;
+    insertInstant?: number;
+    lastUpdateInstant?: number;
+    name?: string;
+    required?: boolean;
+}
 /**
  * Registration delete API request object.
  *
@@ -6036,6 +6134,13 @@ export declare enum LambdaEngineType {
     GraalJS = "GraalJS",
     Nashorn = "Nashorn"
 }
+/**
+ * @author Daniel DeGroff
+ */
+export interface SystemTrustedProxyConfiguration {
+    trusted?: Array<string>;
+    trustPolicy?: SystemTrustedProxyConfigurationPolicy;
+}
 /**
  * A log for an action that was taken on a User.
  *
@@ -6102,6 +6207,7 @@ export declare enum OAuthErrorType {
     server_error = "server_error",
     unsupported_grant_type = "unsupported_grant_type",
     unsupported_response_type = "unsupported_response_type",
+    access_denied = "access_denied",
     change_password_required = "change_password_required",
     not_licensed = "not_licensed",
     two_factor_required = "two_factor_required",
@@ -6577,7 +6683,7 @@ export interface TwitchIdentityProvider extends BaseIdentityProvider<TwitchAppli
     scope?: string;
 }
 /**
- * The global view of a User. This object contains all global information about the user including birth date, registration information
+ * The global view of a User. This object contains all global information about the user including birthdate, registration information
  * preferred languages, global attributes, etc.
  *
  * @author Seth Musselman
@@ -6984,6 +7090,7 @@ export interface RegistrationResponse {
     refreshToken?: string;
     registration?: UserRegistration;
     registrationVerificationId?: string;
+    registrationVerificationOneTimeCode?: string;
     token?: string;
     tokenExpirationInstant?: number;
     user?: User;
@@ -7062,6 +7169,14 @@ export interface BaseElasticSearchCriteria extends BaseSearchCriteria {
 export interface IPAccessControlListSearchRequest {
     search?: IPAccessControlListSearchCriteria;
 }
+/**
+ * The Application Scope API request object.
+ *
+ * @author Spencer Witt
+ */
+export interface ApplicationOAuthScopeRequest {
+    scope?: ApplicationOAuthScope;
+}
 export interface LoginConfiguration {
     allowTokenRefresh?: boolean;
     generateRefreshTokens?: boolean;
@@ -7295,14 +7410,6 @@ export interface Enableable {
 export interface EmailTemplateSearchRequest {
     search?: EmailTemplateSearchCriteria;
 }
-/**
- * @author Daniel DeGroff
- */
-export interface ApplicationUnverifiedConfiguration {
-    registration?: UnverifiedBehavior;
-    verificationStrategy?: VerificationStrategy;
-    whenGated?: RegistrationUnverifiedOptions;
-}
 export declare enum EmailSecurityType {
     NONE = "NONE",
     SSL = "SSL",
@@ -7519,6 +7626,7 @@ export interface DeviceUserCodeResponse {
     deviceInfo?: DeviceInfo;
     expires_in?: number;
     pendingIdPLink?: PendingIdPLink;
+    scope?: string;
     tenantId?: UUID;
     user_code?: string;
 }
@@ -7572,6 +7680,13 @@ export interface PreviewResponse {
 export interface KickstartSuccessEvent extends BaseEvent {
     instanceId?: UUID;
 }
+/**
+ * @author Daniel DeGroff
+ */
+export declare enum SystemTrustedProxyConfigurationPolicy {
+    All = "All",
+    OnlyConfigured = "OnlyConfigured"
+}
 /**
  * @author Daniel DeGroff
  */
@@ -7726,6 +7841,7 @@ export interface Templates {
     accountWebAuthnAdd?: string;
     accountWebAuthnDelete?: string;
     accountWebAuthnIndex?: string;
+    confirmationRequired?: string;
     emailComplete?: string;
     emailSend?: string;
     emailSent?: string;
@@ -7738,6 +7854,7 @@ export interface Templates {
     oauth2ChildRegistrationNotAllowed?: string;
     oauth2ChildRegistrationNotAllowedComplete?: string;
     oauth2CompleteRegistration?: string;
+    oauth2Consent?: string;
     oauth2Device?: string;
     oauth2DeviceComplete?: string;
     oauth2Error?: string;
@@ -7853,6 +7970,14 @@ export interface LoginResponse {
     twoFactorTrustId?: string;
     user?: User;
 }
+/**
+ * The Application Scope API response.
+ *
+ * @author Spencer Witt
+ */
+export interface ApplicationOAuthScopeResponse {
+    scope?: ApplicationOAuthScope;
+}
 /**
  * Search API response.
  *
@@ -8040,6 +8165,16 @@ export declare enum RateLimitedRequestType {
 export interface LoginHintConfiguration extends Enableable {
     parameterName?: string;
 }
+/**
+ * Controls the policy for whether OAuth workflows will more strictly adhere to the OAuth and OIDC specification
+ * or run in backwards compatibility mode.
+ *
+ * @author David Charles
+ */
+export declare enum OAuthScopeHandlingPolicy {
+    Compatibility = "Compatibility",
+    Strict = "Strict"
+}
 /**
  * API request for managing families and members.
  *
@@ -8088,7 +8223,7 @@ export interface UserRegistrationCreateEvent extends BaseEvent {
  *
  * @author Spencer Witt
  */
-export interface ApplicationSearchRequest {
+export interface ApplicationSearchRequest extends ExpandableRequest {
     search?: ApplicationSearchCriteria;
 }
 /**
@@ -8257,7 +8392,7 @@ export interface UserPasswordResetSuccessEvent extends BaseEvent {
 }
 /**
  * Something that can be required and thus also optional. This currently extends Enableable because anything that is
- * require/optional is almost always enableable as well.
+ * required/optional is almost always enableable as well.
  *
  * @author Brian Pontarelli
  */
@@ -8322,6 +8457,16 @@ export interface WebhookSearchCriteria extends BaseSearchCriteria {
     tenantId?: UUID;
     url?: string;
 }
+/**
+ * Policy for handling unknown OAuth scopes in the request
+ *
+ * @author Spencer Witt
+ */
+export declare enum UnknownScopePolicy {
+    Allow = "Allow",
+    Remove = "Remove",
+    Reject = "Reject"
+}
 /**
  * Models the User Password Reset Start Event.
  *
@@ -8348,6 +8493,7 @@ export declare enum OAuthErrorReason {
     access_token_unavailable_for_processing = "access_token_unavailable_for_processing",
     access_token_failed_processing = "access_token_failed_processing",
     access_token_invalid = "access_token_invalid",
+    access_token_required = "access_token_required",
     refresh_token_not_found = "refresh_token_not_found",
     refresh_token_type_not_supported = "refresh_token_type_not_supported",
     invalid_client_id = "invalid_client_id",
@@ -8398,7 +8544,10 @@ export declare enum OAuthErrorReason {
     change_password_breached = "change_password_breached",
     change_password_expired = "change_password_expired",
     change_password_validation = "change_password_validation",
-    unknown = "unknown"
+    unknown = "unknown",
+    missing_required_scope = "missing_required_scope",
+    unknown_scope = "unknown_scope",
+    consent_canceled = "consent_canceled"
 }
 /**
  * @author Brett Pontarelli
@@ -8509,6 +8658,17 @@ export interface ReactorRequest {
     license?: string;
     licenseId?: string;
 }
+/**
+ * Controls the policy for requesting user permission to grant access to requested scopes during an OAuth workflow
+ * for a third-party application.
+ *
+ * @author Spencer Witt
+ */
+export declare enum OAuthScopeConsentMode {
+    AlwaysPrompt = "AlwaysPrompt",
+    RememberDecision = "RememberDecision",
+    NeverPrompt = "NeverPrompt"
+}
 /**
  * @author Michael Sleevi
  */