/*!
 * Copyright (c) 2017-present, Okta, Inc. and/or its affiliates. All rights reserved.
 * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
 *
 * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *
 * See the License for the specific language governing permissions and limitations under the License.
 */


/**
 * Okta Admin Management
 * Allows customers to easily access the Okta Management APIs
 *
 * OpenAPI spec version: 5.1.0
 * Contact: devex-public@okta.com
 *
 * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
 * https://openapi-generator.tech
 * Do not edit the class manually.
 */
import { AuthenticationMethodObject } from './../models/AuthenticationMethodObject';
export declare class PossessionConstraint {
  /**
    * This property specifies the precise authenticator and method for authentication. <x-lifecycle class=\"oie\"></x-lifecycle>
    */
  'authenticationMethods'?: Array<AuthenticationMethodObject>;
  /**
    * This property specifies the precise authenticator and method to exclude from authentication. <x-lifecycle class=\"oie\"></x-lifecycle>
    */
  'excludedAuthenticationMethods'?: Array<AuthenticationMethodObject>;
  /**
    * The authenticator methods that are permitted
    */
  'methods'?: Array<PossessionConstraintMethodsEnum>;
  /**
    * The duration after which the user must re-authenticate regardless of user activity. This re-authentication interval overrides the Verification Method object\'s `reauthenticateIn` interval. The supported values use ISO 8601 period format for recurring time intervals (for example, `PT1H`).
    */
  'reauthenticateIn'?: string;
  /**
    * This property indicates whether the knowledge or possession factor is required by the assurance. It\'s optional in the request, but is always returned in the response. By default, this field is `true`. If the knowledge or possession constraint has values for `excludedAuthenticationMethods` the `required` value is false. <x-lifecycle class=\"oie\"></x-lifecycle>
    */
  'required'?: boolean;
  /**
    * The authenticator types that are permitted
    */
  'types'?: Array<PossessionConstraintTypesEnum>;
  /**
    * Indicates if device-bound Factors are required. This property is only set for `POSSESSION` constraints.
    */
  'deviceBound'?: PossessionConstraintDeviceBoundEnum;
  /**
    * Indicates if any secrets or private keys used during authentication must be hardware protected and not exportable. This property is only set for `POSSESSION` constraints.
    */
  'hardwareProtection'?: PossessionConstraintHardwareProtectionEnum;
  /**
    * Indicates if phishing-resistant Factors are required. This property is only set for `POSSESSION` constraints.
    */
  'phishingResistant'?: PossessionConstraintPhishingResistantEnum;
  /**
    * Indicates if the user needs to approve an Okta Verify prompt or provide biometrics (meets NIST AAL2 requirements). This property is only set for `POSSESSION` constraints.
    */
  'userPresence'?: PossessionConstraintUserPresenceEnum;
  /**
    * Indicates the user interaction requirement (PIN or biometrics) to ensure verification of a possession factor
    */
  'userVerification'?: PossessionConstraintUserVerificationEnum;
  /**
    * Indicates which methods can be used for user verification. `userVerificationMethods` can only be used when `userVerification` is `REQUIRED`. `BIOMETRICS` is currently the only supported method.
    */
  'userVerificationMethods'?: Array<PossessionConstraintUserVerificationMethodsEnum>;
  static readonly discriminator: string | undefined;
  static readonly attributeTypeMap: Array<{
        name: string;
        baseName: string;
        type: string;
        format: string;
    }>;
  static getAttributeTypeMap(): {
        name: string;
        baseName: string;
        type: string;
        format: string;
    }[];
  constructor();
}
export type PossessionConstraintMethodsEnum = 'PASSWORD' | 'SECURITY_QUESTION' | 'SMS' | 'VOICE' | 'EMAIL' | 'PUSH' | 'SIGNED_NONCE' | 'OTP' | 'TOTP' | 'WEBAUTHN' | 'DUO' | 'IDP' | 'CERT';
export type PossessionConstraintTypesEnum = 'SECURITY_KEY' | 'PHONE' | 'EMAIL' | 'PASSWORD' | 'SECURITY_QUESTION' | 'APP' | 'FEDERATED';
export type PossessionConstraintDeviceBoundEnum = 'OPTIONAL' | 'REQUIRED';
export type PossessionConstraintHardwareProtectionEnum = 'OPTIONAL' | 'REQUIRED';
export type PossessionConstraintPhishingResistantEnum = 'OPTIONAL' | 'REQUIRED';
export type PossessionConstraintUserPresenceEnum = 'OPTIONAL' | 'REQUIRED';
export type PossessionConstraintUserVerificationEnum = 'OPTIONAL' | 'REQUIRED';
export type PossessionConstraintUserVerificationMethodsEnum = 'BIOMETRICS' | 'PIN';