/** * Ory Identities API * This is the API specification for Ory Identities with features such as registration, login, recovery, account verification, profile settings, password reset, identity management, session management, email and sms delivery, and more. * * The version of the OpenAPI document: v26.2.0 * Contact: office@ory.sh * * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). * https://openapi-generator.tech * Do not edit the class manually. */ import type { Configuration } from './configuration'; import type { AxiosPromise, AxiosInstance, RawAxiosRequestConfig } from 'axios'; import type { RequestArgs } from './base'; import { BaseAPI } from './base'; /** * The authenticator assurance level can be one of \"aal1\", \"aal2\", or \"aal3\". A higher number means that it is harder for an attacker to compromise the account. Generally, \"aal1\" implies that one authentication factor was used while AAL2 implies that two factors (e.g. password + TOTP) have been used. To learn more about these levels please head over to: https://www.ory.sh/kratos/docs/concepts/credentials */ export declare const AuthenticatorAssuranceLevel: { readonly Aal0: "aal0"; readonly Aal1: "aal1"; readonly Aal2: "aal2"; readonly Aal3: "aal3"; readonly UnknownDefaultOpenApi: "11184809"; }; export type AuthenticatorAssuranceLevel = typeof AuthenticatorAssuranceLevel[keyof typeof AuthenticatorAssuranceLevel]; /** * Patch identities response */ export interface BatchPatchIdentitiesResponse { /** * The patch responses for the individual identities. */ 'identities'?: Array; } /** * Control API consistency guarantees */ export interface ConsistencyRequestParameters { /** * Read Consistency Level (preview) The read consistency level determines the consistency guarantee for reads: strong (slow): The read is guaranteed to return the most recent data committed at the start of the read. eventual (very fast): The result will return data that is about 4.8 seconds old. The default consistency guarantee can be changed in the Ory Network Console or using the Ory CLI with `ory patch project --replace \'/previews/default_read_consistency_level=\"strong\"\'`. Setting the default consistency level to `eventual` may cause regressions in the future as we add consistency controls to more APIs. Currently, the following APIs will be affected by this setting: `GET /admin/identities` This feature is in preview and only available in Ory Network. ConsistencyLevelUnset ConsistencyLevelUnset is the unset / default consistency level. strong ConsistencyLevelStrong ConsistencyLevelStrong is the strong consistency level. eventual ConsistencyLevelEventual ConsistencyLevelEventual is the eventual consistency level using follower read timestamps. */ 'consistency'?: ConsistencyRequestParametersConsistencyEnum; } export declare const ConsistencyRequestParametersConsistencyEnum: { readonly Empty: ""; readonly Strong: "strong"; readonly Eventual: "eventual"; readonly UnknownDefaultOpenApi: "11184809"; }; export type ConsistencyRequestParametersConsistencyEnum = typeof ConsistencyRequestParametersConsistencyEnum[keyof typeof ConsistencyRequestParametersConsistencyEnum]; /** * @type ContinueWith */ export type ContinueWith = { action: 'redirect_browser_to'; } & ContinueWithRedirectBrowserTo | { action: 'set_ory_session_token'; } & ContinueWithSetOrySessionToken | { action: 'show_recovery_ui'; } & ContinueWithRecoveryUi | { action: 'show_settings_ui'; } & ContinueWithSettingsUi | { action: 'show_verification_ui'; } & ContinueWithVerificationUi; /** * Indicates, that the UI flow could be continued by showing a recovery ui */ export interface ContinueWithRecoveryUi { /** * Action will always be `show_recovery_ui` show_recovery_ui ContinueWithActionShowRecoveryUIString */ 'action': ContinueWithRecoveryUiActionEnum; 'flow': ContinueWithRecoveryUiFlow; } export declare const ContinueWithRecoveryUiActionEnum: { readonly ShowRecoveryUi: "show_recovery_ui"; readonly UnknownDefaultOpenApi: "11184809"; }; export type ContinueWithRecoveryUiActionEnum = typeof ContinueWithRecoveryUiActionEnum[keyof typeof ContinueWithRecoveryUiActionEnum]; export interface ContinueWithRecoveryUiFlow { /** * The ID of the recovery flow */ 'id': string; /** * The URL of the recovery flow If this value is set, redirect the user\'s browser to this URL. This value is typically unset for native clients / API flows. */ 'url'?: string; } /** * Indicates, that the UI flow could be continued by showing a recovery ui */ export interface ContinueWithRedirectBrowserTo { /** * Action will always be `redirect_browser_to` redirect_browser_to ContinueWithActionRedirectBrowserToString */ 'action': ContinueWithRedirectBrowserToActionEnum; /** * The URL to redirect the browser to */ 'redirect_browser_to': string; } export declare const ContinueWithRedirectBrowserToActionEnum: { readonly RedirectBrowserTo: "redirect_browser_to"; readonly UnknownDefaultOpenApi: "11184809"; }; export type ContinueWithRedirectBrowserToActionEnum = typeof ContinueWithRedirectBrowserToActionEnum[keyof typeof ContinueWithRedirectBrowserToActionEnum]; /** * Indicates that a session was issued, and the application should use this token for authenticated requests */ export interface ContinueWithSetOrySessionToken { /** * Action will always be `set_ory_session_token` set_ory_session_token ContinueWithActionSetOrySessionTokenString */ 'action': ContinueWithSetOrySessionTokenActionEnum; /** * Token is the token of the session */ 'ory_session_token': string; } export declare const ContinueWithSetOrySessionTokenActionEnum: { readonly SetOrySessionToken: "set_ory_session_token"; readonly UnknownDefaultOpenApi: "11184809"; }; export type ContinueWithSetOrySessionTokenActionEnum = typeof ContinueWithSetOrySessionTokenActionEnum[keyof typeof ContinueWithSetOrySessionTokenActionEnum]; /** * Indicates, that the UI flow could be continued by showing a settings ui */ export interface ContinueWithSettingsUi { /** * Action will always be `show_settings_ui` show_settings_ui ContinueWithActionShowSettingsUIString */ 'action': ContinueWithSettingsUiActionEnum; 'flow': ContinueWithSettingsUiFlow; } export declare const ContinueWithSettingsUiActionEnum: { readonly ShowSettingsUi: "show_settings_ui"; readonly UnknownDefaultOpenApi: "11184809"; }; export type ContinueWithSettingsUiActionEnum = typeof ContinueWithSettingsUiActionEnum[keyof typeof ContinueWithSettingsUiActionEnum]; export interface ContinueWithSettingsUiFlow { /** * The ID of the settings flow */ 'id': string; /** * The URL of the settings flow If this value is set, redirect the user\'s browser to this URL. This value is typically unset for native clients / API flows. */ 'url'?: string; } /** * Indicates, that the UI flow could be continued by showing a verification ui */ export interface ContinueWithVerificationUi { /** * Action will always be `show_verification_ui` show_verification_ui ContinueWithActionShowVerificationUIString */ 'action': ContinueWithVerificationUiActionEnum; 'flow': ContinueWithVerificationUiFlow; } export declare const ContinueWithVerificationUiActionEnum: { readonly ShowVerificationUi: "show_verification_ui"; readonly UnknownDefaultOpenApi: "11184809"; }; export type ContinueWithVerificationUiActionEnum = typeof ContinueWithVerificationUiActionEnum[keyof typeof ContinueWithVerificationUiActionEnum]; export interface ContinueWithVerificationUiFlow { /** * The ID of the verification flow */ 'id': string; /** * The URL of the verification flow If this value is set, redirect the user\'s browser to this URL. This value is typically unset for native clients / API flows. */ 'url'?: string; /** * The address that should be verified in this flow */ 'verifiable_address': string; } /** * A Message\'s Status */ export declare const CourierMessageStatus: { readonly Queued: "queued"; readonly Sent: "sent"; readonly Processing: "processing"; readonly Abandoned: "abandoned"; readonly UnknownDefaultOpenApi: "11184809"; }; export type CourierMessageStatus = typeof CourierMessageStatus[keyof typeof CourierMessageStatus]; /** * It can either be `email` or `phone` */ export declare const CourierMessageType: { readonly Email: "email"; readonly Phone: "phone"; readonly UnknownDefaultOpenApi: "11184809"; }; export type CourierMessageType = typeof CourierMessageType[keyof typeof CourierMessageType]; /** * Contains a list of all available FedCM providers. */ export interface CreateFedcmFlowResponse { 'csrf_token'?: string; 'providers'?: Array; } /** * Create Identity Body */ export interface CreateIdentityBody { 'credentials'?: IdentityWithCredentials; /** * ExternalID is an optional external ID of the identity. This is used to link the identity to an external system. If set, the external ID must be unique across all identities. */ 'external_id'?: string; /** * Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`. */ 'metadata_admin'?: any; /** * Store metadata about the identity which the identity itself can see when calling for example the session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. */ 'metadata_public'?: any; 'organization_id'?: string | null; /** * RecoveryAddresses contains all the addresses that can be used to recover an identity. Use this structure to import recovery addresses for an identity. Please keep in mind that the address needs to be represented in the Identity Schema or this field will be overwritten on the next identity update. */ 'recovery_addresses'?: Array; /** * SchemaID is the ID of the JSON Schema to be used for validating the identity\'s traits. */ 'schema_id': string; /** * State is the identity\'s state. active StateActive inactive StateInactive */ 'state'?: CreateIdentityBodyStateEnum; /** * Traits represent an identity\'s traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_url`. */ 'traits': object; /** * VerifiableAddresses contains all the addresses that can be verified by the user. Use this structure to import verified addresses for an identity. Please keep in mind that the address needs to be represented in the Identity Schema or this field will be overwritten on the next identity update. */ 'verifiable_addresses'?: Array; } export declare const CreateIdentityBodyStateEnum: { readonly Active: "active"; readonly Inactive: "inactive"; readonly UnknownDefaultOpenApi: "11184809"; }; export type CreateIdentityBodyStateEnum = typeof CreateIdentityBodyStateEnum[keyof typeof CreateIdentityBodyStateEnum]; /** * Create Recovery Code for Identity Request Body */ export interface CreateRecoveryCodeForIdentityBody { /** * Code Expires In The recovery code will expire after that amount of time has passed. Defaults to the configuration value of `selfservice.methods.code.config.lifespan`. */ 'expires_in'?: string; /** * The flow type can either be `api` or `browser`. */ 'flow_type'?: string; /** * Identity to Recover The identity\'s ID you wish to recover. */ 'identity_id': string; } /** * Create Recovery Link for Identity Request Body */ export interface CreateRecoveryLinkForIdentityBody { /** * Link Expires In The recovery link will expire after that amount of time has passed. Defaults to the configuration value of `selfservice.methods.code.config.lifespan`. */ 'expires_in'?: string; /** * Identity to Recover The identity\'s ID you wish to recover. */ 'identity_id': string; } /** * Deleted Session Count */ export interface DeleteMySessionsCount { /** * The number of sessions that were revoked. */ 'count'?: number; } export interface ErrorAuthenticatorAssuranceLevelNotSatisfied { 'error'?: GenericError; /** * Points to where to redirect the user to next. */ 'redirect_browser_to'?: string; } export interface ErrorBrowserLocationChangeRequired { 'error'?: ErrorGeneric; /** * Points to where to redirect the user to next. */ 'redirect_browser_to'?: string; } /** * Is sent when a flow is replaced by a different flow of the same class */ export interface ErrorFlowReplaced { 'error'?: GenericError; /** * The flow ID that should be used for the new flow as it contains the correct messages. */ 'use_flow_id'?: string; } /** * The standard Ory JSON API error format. */ export interface ErrorGeneric { 'error': GenericError; } export interface FlowError { /** * CreatedAt is a helper struct field for gobuffalo.pop. */ 'created_at'?: string; 'error'?: object; /** * ID of the error container. */ 'id': string; /** * UpdatedAt is a helper struct field for gobuffalo.pop. */ 'updated_at'?: string; } export interface GenericError { /** * The status code */ 'code'?: number; /** * Debug information This field is often not exposed to protect against leaking sensitive information. */ 'debug'?: string; /** * Further error details */ 'details'?: object; /** * The error ID Useful when trying to identify various errors in application logic. */ 'id'?: string; /** * Error message The error\'s message. */ 'message': string; /** * A human-readable reason for the error */ 'reason'?: string; /** * The request ID The request ID is often exposed internally in order to trace errors across service architectures. This is often a UUID. */ 'request'?: string; /** * The status description */ 'status'?: string; } export interface GetVersion200Response { /** * The version of Ory Kratos. */ 'version': string; } export interface HealthNotReadyStatus { /** * Errors contains a list of errors that caused the not ready status. */ 'errors'?: { [key: string]: string; }; } export interface HealthStatus { /** * Status always contains \"ok\". */ 'status'?: string; } /** * An [identity](https://www.ory.sh/docs/kratos/concepts/identity-user-model) represents a (human) user in Ory. */ export interface Identity { /** * CreatedAt is a helper struct field for gobuffalo.pop. */ 'created_at'?: string; /** * Credentials represents all credentials that can be used for authenticating this identity. */ 'credentials'?: { [key: string]: IdentityCredentials; }; /** * ExternalID is an optional external ID of the identity. This is used to link the identity to an external system. If set, the external ID must be unique across all identities. */ 'external_id'?: string; /** * ID is the identity\'s unique identifier. The Identity ID can not be changed and can not be chosen. This ensures future compatibility and optimization for distributed stores such as CockroachDB. */ 'id': string; /** * NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable- */ 'metadata_admin'?: any | null; /** * NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable- */ 'metadata_public'?: any | null; 'organization_id'?: string | null; /** * RecoveryAddresses contains all the addresses that can be used to recover an identity. */ 'recovery_addresses'?: Array; /** * SchemaID is the ID of the JSON Schema to be used for validating the identity\'s traits. */ 'schema_id': string; /** * SchemaURL is the URL of the endpoint where the identity\'s traits schema can be fetched from. format: url */ 'schema_url': string; /** * State is the identity\'s state. This value has currently no effect. active StateActive inactive StateInactive */ 'state'?: IdentityStateEnum; 'state_changed_at'?: string; /** * Traits represent an identity\'s traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_url`. */ 'traits': any; /** * UpdatedAt is a helper struct field for gobuffalo.pop. */ 'updated_at'?: string; /** * VerifiableAddresses contains all the addresses that can be verified by the user. */ 'verifiable_addresses'?: Array; } export declare const IdentityStateEnum: { readonly Active: "active"; readonly Inactive: "inactive"; readonly UnknownDefaultOpenApi: "11184809"; }; export type IdentityStateEnum = typeof IdentityStateEnum[keyof typeof IdentityStateEnum]; /** * Credentials represents a specific credential type */ export interface IdentityCredentials { 'config'?: object; /** * CreatedAt is a helper struct field for gobuffalo.pop. */ 'created_at'?: string; /** * Identifiers represent a list of unique identifiers this credential type matches. */ 'identifiers'?: Array; /** * Type discriminates between different types of credentials. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML link_recovery CredentialsTypeRecoveryLink CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow). It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode */ 'type'?: IdentityCredentialsTypeEnum; /** * UpdatedAt is a helper struct field for gobuffalo.pop. */ 'updated_at'?: string; /** * Version refers to the version of the credential. Useful when changing the config schema. */ 'version'?: number; } export declare const IdentityCredentialsTypeEnum: { readonly Password: "password"; readonly Oidc: "oidc"; readonly Totp: "totp"; readonly LookupSecret: "lookup_secret"; readonly Webauthn: "webauthn"; readonly Code: "code"; readonly Passkey: "passkey"; readonly Profile: "profile"; readonly Saml: "saml"; readonly LinkRecovery: "link_recovery"; readonly CodeRecovery: "code_recovery"; readonly UnknownDefaultOpenApi: "11184809"; }; export type IdentityCredentialsTypeEnum = typeof IdentityCredentialsTypeEnum[keyof typeof IdentityCredentialsTypeEnum]; /** * CredentialsCode represents a one time login/registration code */ export interface IdentityCredentialsCode { 'addresses'?: Array; } export interface IdentityCredentialsCodeAddress { /** * The address for this code */ 'address'?: string; 'channel'?: string; } export interface IdentityCredentialsOidc { 'providers'?: Array; } export interface IdentityCredentialsOidcProvider { 'initial_access_token'?: string; 'initial_id_token'?: string; 'initial_refresh_token'?: string; 'organization'?: string; 'provider'?: string; 'subject'?: string; 'use_auto_link'?: boolean; } export interface IdentityCredentialsPassword { /** * HashedPassword is a hash-representation of the password. */ 'hashed_password'?: string; /** * UsePasswordMigrationHook is set to true if the password should be migrated using the password migration hook. If set, and the HashedPassword is empty, a webhook will be called during login to migrate the password. */ 'use_password_migration_hook'?: boolean; } /** * Payload for patching an identity */ export interface IdentityPatch { 'create'?: CreateIdentityBody; /** * The ID of this patch. The patch ID is optional. If specified, the ID will be returned in the response, so consumers of this API can correlate the response with the patch. */ 'patch_id'?: string; } /** * Response for a single identity patch */ export interface IdentityPatchResponse { /** * The action for this specific patch create ActionCreate Create this identity. error ActionError Error indicates that the patch failed. */ 'action'?: IdentityPatchResponseActionEnum; 'error'?: any; /** * The identity ID payload of this patch */ 'identity'?: string; /** * The ID of this patch response, if an ID was specified in the patch. */ 'patch_id'?: string; } export declare const IdentityPatchResponseActionEnum: { readonly Create: "create"; readonly Error: "error"; readonly UnknownDefaultOpenApi: "11184809"; }; export type IdentityPatchResponseActionEnum = typeof IdentityPatchResponseActionEnum[keyof typeof IdentityPatchResponseActionEnum]; /** * An Identity JSON Schema Container */ export interface IdentitySchemaContainer { /** * The ID of the Identity JSON Schema */ 'id': string; /** * The actual Identity JSON Schema */ 'schema': object; } /** * Create Identity and Import Credentials */ export interface IdentityWithCredentials { 'oidc'?: IdentityWithCredentialsOidc; 'password'?: IdentityWithCredentialsPassword; 'saml'?: IdentityWithCredentialsSaml; } /** * Create Identity and Import Social Sign In Credentials */ export interface IdentityWithCredentialsOidc { 'config'?: IdentityWithCredentialsOidcConfig; } export interface IdentityWithCredentialsOidcConfig { /** * A list of OpenID Connect Providers */ 'providers'?: Array; } /** * Create Identity and Import Social Sign In Credentials Configuration */ export interface IdentityWithCredentialsOidcConfigProvider { 'organization'?: string | null; /** * The OpenID Connect provider to link the subject to. Usually something like `google` or `github`. */ 'provider': string; /** * The subject (`sub`) of the OpenID Connect connection. Usually the `sub` field of the ID Token. */ 'subject': string; /** * If set, this credential allows the user to sign in using the OpenID Connect provider without setting the subject first. */ 'use_auto_link'?: boolean; } /** * Create Identity and Import Password Credentials */ export interface IdentityWithCredentialsPassword { 'config'?: IdentityWithCredentialsPasswordConfig; } /** * Create Identity and Import Password Credentials Configuration */ export interface IdentityWithCredentialsPasswordConfig { /** * The hashed password in [PHC format](https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#hashed-passwords) */ 'hashed_password'?: string; /** * The password in plain text if no hash is available. */ 'password'?: string; /** * If set to true, the password will be migrated using the password migration hook. */ 'use_password_migration_hook'?: boolean; } /** * Payload to import SAML credentials */ export interface IdentityWithCredentialsSaml { 'config'?: IdentityWithCredentialsSamlConfig; } /** * Payload of SAML providers */ export interface IdentityWithCredentialsSamlConfig { /** * A list of SAML Providers */ 'providers'?: Array; } /** * Payload of specific SAML provider */ export interface IdentityWithCredentialsSamlConfigProvider { 'organization'?: string | null; /** * The SAML provider to link the subject to. */ 'provider': string; /** * The unique subject of the SAML connection. This value must be immutable at the source. */ 'subject': string; } export interface IsAlive200Response { /** * Always \"ok\". */ 'status': string; } export interface IsReady503Response { /** * Errors contains a list of errors that caused the not ready status. */ 'errors': { [key: string]: string; }; } /** * A JSONPatch document as defined by RFC 6902 */ export interface JsonPatch { /** * This field is used together with operation \"move\" and uses JSON Pointer notation. Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5). */ 'from'?: string; /** * The operation to be performed. One of \"add\", \"remove\", \"replace\", \"move\", \"copy\", or \"test\". */ 'op': string; /** * The path to the target path. Uses JSON pointer notation. Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5). */ 'path': string; /** * The value to be used within the operations. Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5). */ 'value'?: any; } /** * This object represents a login flow. A login flow is initiated at the \"Initiate Login API / Browser Flow\" endpoint by a client. Once a login flow is completed successfully, a session cookie or session token will be issued. */ export interface LoginFlow { /** * The active login method If set contains the login method used. If the flow is new, it is unset. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML link_recovery CredentialsTypeRecoveryLink CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow). It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode */ 'active'?: LoginFlowActiveEnum; /** * CreatedAt is a helper struct field for gobuffalo.pop. */ 'created_at'?: string; /** * ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated. */ 'expires_at': string; /** * ID represents the flow\'s unique ID. When performing the login flow, this represents the id in the login UI\'s query parameter: http:///?flow= */ 'id': string; /** * IdentitySchema optionally holds the ID of the identity schema that is used for this flow. This value can be set by the user when creating the flow and should be retained when the flow is saved or converted to another flow. */ 'identity_schema'?: string; /** * IssuedAt is the time (UTC) when the flow started. */ 'issued_at': string; /** * Ory OAuth 2.0 Login Challenge. This value is set using the `login_challenge` query parameter of the registration and login endpoints. If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider. */ 'oauth2_login_challenge'?: string; 'oauth2_login_request'?: OAuth2LoginRequest; 'organization_id'?: string | null; /** * Refresh stores whether this login flow should enforce re-authentication. */ 'refresh'?: boolean; /** * RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL\'s path or query for example. */ 'request_url': string; 'requested_aal'?: AuthenticatorAssuranceLevel; /** * ReturnTo contains the requested return_to URL. */ 'return_to'?: string; /** * SessionTokenExchangeCode holds the secret code that the client can use to retrieve a session token after the login flow has been completed. This is only set if the client has requested a session token exchange code, and if the flow is of type \"api\", and only on creating the login flow. */ 'session_token_exchange_code'?: string; /** * State represents the state of this request: choose_method: ask the user to choose a method to sign in with sent_email: the email has been sent to the user passed_challenge: the request was successful and the login challenge was passed. */ 'state': any; /** * TransientPayload is used to pass data from the login to hooks and email templates */ 'transient_payload'?: object; /** * The flow type can either be `api` or `browser`. */ 'type': string; 'ui': UiContainer; /** * UpdatedAt is a helper struct field for gobuffalo.pop. */ 'updated_at'?: string; } export declare const LoginFlowActiveEnum: { readonly Password: "password"; readonly Oidc: "oidc"; readonly Totp: "totp"; readonly LookupSecret: "lookup_secret"; readonly Webauthn: "webauthn"; readonly Code: "code"; readonly Passkey: "passkey"; readonly Profile: "profile"; readonly Saml: "saml"; readonly LinkRecovery: "link_recovery"; readonly CodeRecovery: "code_recovery"; readonly UnknownDefaultOpenApi: "11184809"; }; export type LoginFlowActiveEnum = typeof LoginFlowActiveEnum[keyof typeof LoginFlowActiveEnum]; /** * The experimental state represents the state of a login flow. This field is EXPERIMENTAL and subject to change! */ export declare const LoginFlowState: { readonly ChooseMethod: "choose_method"; readonly SentEmail: "sent_email"; readonly PassedChallenge: "passed_challenge"; readonly UnknownDefaultOpenApi: "11184809"; }; export type LoginFlowState = typeof LoginFlowState[keyof typeof LoginFlowState]; /** * Logout Flow */ export interface LogoutFlow { /** * LogoutToken can be used to perform logout using AJAX. */ 'logout_token': string; /** * LogoutURL can be opened in a browser to sign the user out. format: uri */ 'logout_url': string; } export interface Message { 'body': string; 'channel'?: string; /** * CreatedAt is a helper struct field for gobuffalo.pop. */ 'created_at': string; /** * Dispatches store information about the attempts of delivering a message May contain an error if any happened, or just the `success` state. */ 'dispatches'?: Array; 'id': string; 'recipient': string; 'send_count': number; 'status': CourierMessageStatus; 'subject': string; /** * recovery_invalid TypeRecoveryInvalid recovery_valid TypeRecoveryValid recovery_code_invalid TypeRecoveryCodeInvalid recovery_code_valid TypeRecoveryCodeValid verification_invalid TypeVerificationInvalid verification_valid TypeVerificationValid verification_code_invalid TypeVerificationCodeInvalid verification_code_valid TypeVerificationCodeValid stub TypeTestStub login_code_valid TypeLoginCodeValid registration_code_valid TypeRegistrationCodeValid */ 'template_type': MessageTemplateTypeEnum; 'type': CourierMessageType; /** * UpdatedAt is a helper struct field for gobuffalo.pop. */ 'updated_at': string; } export declare const MessageTemplateTypeEnum: { readonly RecoveryInvalid: "recovery_invalid"; readonly RecoveryValid: "recovery_valid"; readonly RecoveryCodeInvalid: "recovery_code_invalid"; readonly RecoveryCodeValid: "recovery_code_valid"; readonly VerificationInvalid: "verification_invalid"; readonly VerificationValid: "verification_valid"; readonly VerificationCodeInvalid: "verification_code_invalid"; readonly VerificationCodeValid: "verification_code_valid"; readonly Stub: "stub"; readonly LoginCodeValid: "login_code_valid"; readonly RegistrationCodeValid: "registration_code_valid"; readonly UnknownDefaultOpenApi: "11184809"; }; export type MessageTemplateTypeEnum = typeof MessageTemplateTypeEnum[keyof typeof MessageTemplateTypeEnum]; /** * MessageDispatch represents an attempt of sending a courier message It contains the status of the attempt (failed or successful) and the error if any occured */ export interface MessageDispatch { /** * CreatedAt is a helper struct field for gobuffalo.pop. */ 'created_at': string; 'error'?: object; /** * The ID of this message dispatch */ 'id': string; /** * The ID of the message being dispatched */ 'message_id': string; /** * The status of this dispatch Either \"failed\" or \"success\" failed CourierMessageDispatchStatusFailed success CourierMessageDispatchStatusSuccess */ 'status': MessageDispatchStatusEnum; /** * UpdatedAt is a helper struct field for gobuffalo.pop. */ 'updated_at': string; } export declare const MessageDispatchStatusEnum: { readonly Failed: "failed"; readonly Success: "success"; readonly UnknownDefaultOpenApi: "11184809"; }; export type MessageDispatchStatusEnum = typeof MessageDispatchStatusEnum[keyof typeof MessageDispatchStatusEnum]; export interface NeedsPrivilegedSessionError { 'error'?: GenericError; /** * Points to where to redirect the user to next. */ 'redirect_browser_to': string; } export interface OAuth2Client { /** * OAuth 2.0 Access Token Strategy AccessTokenStrategy is the strategy used to generate access tokens. Valid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens Setting the stragegy here overrides the global setting in `strategies.access_token`. */ 'access_token_strategy'?: string; 'allowed_cors_origins'?: Array; 'audience'?: Array; /** * Specify a time duration in milliseconds, seconds, minutes, hours. */ 'authorization_code_grant_access_token_lifespan'?: string; /** * Specify a time duration in milliseconds, seconds, minutes, hours. */ 'authorization_code_grant_id_token_lifespan'?: string; /** * Specify a time duration in milliseconds, seconds, minutes, hours. */ 'authorization_code_grant_refresh_token_lifespan'?: string; /** * OpenID Connect Back-Channel Logout Session Required Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used. If omitted, the default value is false. */ 'backchannel_logout_session_required'?: boolean; /** * OpenID Connect Back-Channel Logout URI RP URL that will cause the RP to log itself out when sent a Logout Token by the OP. */ 'backchannel_logout_uri'?: string; /** * Specify a time duration in milliseconds, seconds, minutes, hours. */ 'client_credentials_grant_access_token_lifespan'?: string; /** * OAuth 2.0 Client ID The ID is immutable. If no ID is provided, a UUID4 will be generated. */ 'client_id'?: string; /** * OAuth 2.0 Client Name The human-readable name of the client to be presented to the end-user during authorization. */ 'client_name'?: string; /** * OAuth 2.0 Client Secret The secret will be included in the create request as cleartext, and then never again. The secret is kept in hashed format and is not recoverable once lost. */ 'client_secret'?: string; /** * OAuth 2.0 Client Secret Expires At The field is currently not supported and its value is always 0. */ 'client_secret_expires_at'?: number; /** * OAuth 2.0 Client URI ClientURI is a URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion. */ 'client_uri'?: string; 'contacts'?: Array; /** * OAuth 2.0 Client Creation Date CreatedAt returns the timestamp of the client\'s creation. */ 'created_at'?: string; /** * OpenID Connect Front-Channel Logout Session Required Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be included to identify the RP session with the OP when the frontchannel_logout_uri is used. If omitted, the default value is false. */ 'frontchannel_logout_session_required'?: boolean; /** * OpenID Connect Front-Channel Logout URI RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the request and to determine which of the potentially multiple sessions is to be logged out; if either is included, both MUST be. */ 'frontchannel_logout_uri'?: string; 'grant_types'?: Array; /** * Specify a time duration in milliseconds, seconds, minutes, hours. */ 'implicit_grant_access_token_lifespan'?: string; /** * Specify a time duration in milliseconds, seconds, minutes, hours. */ 'implicit_grant_id_token_lifespan'?: string; /** * OAuth 2.0 Client JSON Web Key Set Client\'s JSON Web Key Set [JWK] document, passed by value. The semantics of the jwks parameter are the same as the jwks_uri parameter, other than that the JWK Set is passed by value, rather than by reference. This parameter is intended only to be used by Clients that, for some reason, are unable to use the jwks_uri parameter, for instance, by native applications that might not have a location to host the contents of the JWK Set. If a Client can use jwks_uri, it MUST NOT use jwks. One significant downside of jwks is that it does not enable key rotation (which jwks_uri does, as described in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The jwks_uri and jwks parameters MUST NOT be used together. */ 'jwks'?: any; /** * OAuth 2.0 Client JSON Web Key Set URL URL for the Client\'s JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client\'s encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key\'s intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. */ 'jwks_uri'?: string; /** * Specify a time duration in milliseconds, seconds, minutes, hours. */ 'jwt_bearer_grant_access_token_lifespan'?: string; /** * OAuth 2.0 Client Logo URI A URL string referencing the client\'s logo. */ 'logo_uri'?: string; 'metadata'?: any; /** * OAuth 2.0 Client Owner Owner is a string identifying the owner of the OAuth 2.0 Client. */ 'owner'?: string; /** * OAuth 2.0 Client Policy URI PolicyURI is a URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data. */ 'policy_uri'?: string; 'post_logout_redirect_uris'?: Array; 'redirect_uris'?: Array; /** * Specify a time duration in milliseconds, seconds, minutes, hours. */ 'refresh_token_grant_access_token_lifespan'?: string; /** * Specify a time duration in milliseconds, seconds, minutes, hours. */ 'refresh_token_grant_id_token_lifespan'?: string; /** * Specify a time duration in milliseconds, seconds, minutes, hours. */ 'refresh_token_grant_refresh_token_lifespan'?: string; /** * OpenID Connect Dynamic Client Registration Access Token RegistrationAccessToken can be used to update, get, or delete the OAuth2 Client. It is sent when creating a client using Dynamic Client Registration. */ 'registration_access_token'?: string; /** * OpenID Connect Dynamic Client Registration URL RegistrationClientURI is the URL used to update, get, or delete the OAuth2 Client. */ 'registration_client_uri'?: string; /** * OpenID Connect Request Object Signing Algorithm JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects from this Client MUST be rejected, if not signed with this algorithm. */ 'request_object_signing_alg'?: string; 'request_uris'?: Array; 'response_types'?: Array; /** * OAuth 2.0 Client Scope Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens. */ 'scope'?: string; /** * OpenID Connect Sector Identifier URI URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a file with a single JSON array of redirect_uri values. */ 'sector_identifier_uri'?: string; /** * SkipConsent skips the consent screen for this client. This field can only be set from the admin API. */ 'skip_consent'?: boolean; /** * SkipLogoutConsent skips the logout consent screen for this client. This field can only be set from the admin API. */ 'skip_logout_consent'?: boolean; /** * OpenID Connect Subject Type The `subject_types_supported` Discovery parameter contains a list of the supported subject_type values for this server. Valid types include `pairwise` and `public`. */ 'subject_type'?: string; /** * OAuth 2.0 Token Endpoint Authentication Method Requested Client Authentication method for the Token Endpoint. The options are: `client_secret_basic`: (default) Send `client_id` and `client_secret` as `application/x-www-form-urlencoded` encoded in the HTTP Authorization header. `client_secret_post`: Send `client_id` and `client_secret` as `application/x-www-form-urlencoded` in the HTTP body. `private_key_jwt`: Use JSON Web Tokens to authenticate the client. `none`: Used for public clients (native apps, mobile apps) which can not have secrets. */ 'token_endpoint_auth_method'?: string; /** * OAuth 2.0 Token Endpoint Signing Algorithm Requested Client Authentication signing algorithm for the Token Endpoint. */ 'token_endpoint_auth_signing_alg'?: string; /** * OAuth 2.0 Client Terms of Service URI A URL string pointing to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client. */ 'tos_uri'?: string; /** * OAuth 2.0 Client Last Update Date UpdatedAt returns the timestamp of the last update. */ 'updated_at'?: string; /** * OpenID Connect Request Userinfo Signed Response Algorithm JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims as a UTF-8 encoded JSON object using the application/json content-type. */ 'userinfo_signed_response_alg'?: string; } /** * OAuth2ConsentRequestOpenIDConnectContext struct for OAuth2ConsentRequestOpenIDConnectContext */ export interface OAuth2ConsentRequestOpenIDConnectContext { /** * ACRValues is the Authentication AuthorizationContext Class Reference requested in the OAuth 2.0 Authorization request. It is a parameter defined by OpenID Connect and expresses which level of authentication (e.g. 2FA) is required. OpenID Connect defines it as follows: > Requested Authentication AuthorizationContext Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication AuthorizationContext Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter. */ 'acr_values'?: Array; /** * Display is a string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. The defined values are: page: The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. popup: The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. touch: The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. wap: The Authorization Server SHOULD display the authentication and consent UI consistent with a \\\"feature phone\\\" type display. The Authorization Server MAY also attempt to detect the capabilities of the User Agent and present an appropriate display. */ 'display'?: string; /** * IDTokenHintClaims are the claims of the ID Token previously issued by the Authorization Server being passed as a hint about the End-User\'s current or past authenticated session with the Client. */ 'id_token_hint_claims'?: { [key: string]: any; }; /** * LoginHint hints about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. This value MAY also be a phone number in the format specified for the phone_number Claim. The use of this parameter is optional. */ 'login_hint'?: string; /** * UILocales is the End-User\'id preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value \\\"fr-CA fr en\\\" represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider. */ 'ui_locales'?: Array; } /** * OAuth2LoginRequest struct for OAuth2LoginRequest */ export interface OAuth2LoginRequest { /** * ID is the identifier (\\\"login challenge\\\") of the login request. It is used to identify the session. */ 'challenge'?: string; 'client'?: OAuth2Client; 'oidc_context'?: OAuth2ConsentRequestOpenIDConnectContext; /** * RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but might come in handy if you want to deal with additional request parameters. */ 'request_url'?: string; 'requested_access_token_audience'?: Array; 'requested_scope'?: Array; /** * SessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag) this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false) this will be a new random value. This value is used as the \\\"sid\\\" parameter in the ID Token and in OIDC Front-/Back- channel logout. It\'s value can generally be used to associate consecutive login requests by a certain user. */ 'session_id'?: string; /** * Skip, if true, implies that the client has requested the same scopes from the same user previously. If true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL. This feature allows you to update / set session information. */ 'skip'?: boolean; /** * Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope requested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type when accepting the login request, or the request will fail. */ 'subject'?: string; } /** * Patch Identities Body */ export interface PatchIdentitiesBody { /** * Identities holds the list of patches to apply required */ 'identities'?: Array; } /** * Perform Native Logout Request Body */ export interface PerformNativeLogoutBody { /** * The Session Token Invalidate this session token. */ 'session_token': string; } export interface Provider { /** * The RP\'s client identifier, issued by the IdP. */ 'client_id'?: string; /** * A full path of the IdP config file. */ 'config_url'?: string; /** * By specifying one of domain_hints values provided by the accounts endpoints, the FedCM dialog selectively shows the specified account. */ 'domain_hint'?: string; /** * Array of strings that specifies the user information (\"name\", \" email\", \"picture\") that RP needs IdP to share with them. Note: Field API is supported by Chrome 132 and later. */ 'fields'?: Array; /** * By specifying one of login_hints values provided by the accounts endpoints, the FedCM dialog selectively shows the specified account. */ 'login_hint'?: string; /** * A random string to ensure the response is issued for this specific request. Prevents replay attacks. */ 'nonce'?: string; /** * Custom object that allows to specify additional key-value parameters: scope: A string value containing additional permissions that RP needs to request, for example \" drive.readonly calendar.readonly\" nonce: A random string to ensure the response is issued for this specific request. Prevents replay attacks. Other custom key-value parameters. Note: parameters is supported from Chrome 132. */ 'parameters'?: { [key: string]: string; }; } /** * Used when an administrator creates a recovery code for an identity. */ export interface RecoveryCodeForIdentity { /** * Expires At is the timestamp of when the recovery flow expires The timestamp when the recovery code expires. */ 'expires_at'?: string; /** * RecoveryCode is the code that can be used to recover the account */ 'recovery_code': string; /** * RecoveryLink with flow This link opens the recovery UI with an empty `code` field. */ 'recovery_link': string; } /** * This request is used when an identity wants to recover their account. We recommend reading the [Account Recovery Documentation](../self-service/flows/password-reset-account-recovery) */ export interface RecoveryFlow { /** * Active, if set, contains the recovery method that is being used. It is initially not set. */ 'active'?: string; /** * Contains possible actions that could follow this flow */ 'continue_with'?: Array; /** * ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting, a new request has to be initiated. */ 'expires_at': string; /** * ID represents the request\'s unique ID. When performing the recovery flow, this represents the id in the recovery ui\'s query parameter: http://?request= */ 'id': string; /** * IssuedAt is the time (UTC) when the request occurred. */ 'issued_at': string; /** * RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL\'s path or query for example. */ 'request_url': string; /** * ReturnTo contains the requested return_to URL. */ 'return_to'?: string; /** * State represents the state of this request: choose_method: ask the user to choose a method (e.g. recover account via email) sent_email: the email has been sent to the user passed_challenge: the request was successful and the recovery challenge was passed. */ 'state': any; /** * TransientPayload is used to pass data from the recovery flow to hooks and email templates */ 'transient_payload'?: object; /** * The flow type can either be `api` or `browser`. */ 'type': string; 'ui': UiContainer; } /** * The experimental state represents the state of a recovery flow. This field is EXPERIMENTAL and subject to change! */ export declare const RecoveryFlowState: { readonly ChooseMethod: "choose_method"; readonly SentEmail: "sent_email"; readonly PassedChallenge: "passed_challenge"; readonly UnknownDefaultOpenApi: "11184809"; }; export type RecoveryFlowState = typeof RecoveryFlowState[keyof typeof RecoveryFlowState]; export interface RecoveryIdentityAddress { /** * CreatedAt is a helper struct field for gobuffalo.pop. */ 'created_at'?: string; 'id'?: string; /** * UpdatedAt is a helper struct field for gobuffalo.pop. */ 'updated_at'?: string; 'value': string; 'via': string; } /** * Used when an administrator creates a recovery link for an identity. */ export interface RecoveryLinkForIdentity { /** * Recovery Link Expires At The timestamp when the recovery link expires. */ 'expires_at'?: string; /** * Recovery Link This link can be used to recover the account. */ 'recovery_link': string; } export interface RegistrationFlow { /** * Active, if set, contains the registration method that is being used. It is initially not set. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML link_recovery CredentialsTypeRecoveryLink CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow). It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode */ 'active'?: RegistrationFlowActiveEnum; /** * ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated. */ 'expires_at': string; /** * ID represents the flow\'s unique ID. When performing the registration flow, this represents the id in the registration ui\'s query parameter: http:///?flow= */ 'id': string; /** * IdentitySchema optionally holds the ID of the identity schema that is used for this flow. This value can be set by the user when creating the flow and should be retained when the flow is saved or converted to another flow. */ 'identity_schema'?: string; /** * IssuedAt is the time (UTC) when the flow occurred. */ 'issued_at': string; /** * Ory OAuth 2.0 Login Challenge. This value is set using the `login_challenge` query parameter of the registration and login endpoints. If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider. */ 'oauth2_login_challenge'?: string; 'oauth2_login_request'?: OAuth2LoginRequest; 'organization_id'?: string | null; /** * RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL\'s path or query for example. */ 'request_url': string; /** * ReturnTo contains the requested return_to URL. */ 'return_to'?: string; /** * SessionTokenExchangeCode holds the secret code that the client can use to retrieve a session token after the flow has been completed. This is only set if the client has requested a session token exchange code, and if the flow is of type \"api\", and only on creating the flow. */ 'session_token_exchange_code'?: string; /** * State represents the state of this request: choose_method: ask the user to choose a method (e.g. registration with email) sent_email: the email has been sent to the user passed_challenge: the request was successful and the registration challenge was passed. */ 'state': any; /** * TransientPayload is used to pass data from the registration to a webhook */ 'transient_payload'?: object; /** * The flow type can either be `api` or `browser`. */ 'type': string; 'ui': UiContainer; } export declare const RegistrationFlowActiveEnum: { readonly Password: "password"; readonly Oidc: "oidc"; readonly Totp: "totp"; readonly LookupSecret: "lookup_secret"; readonly Webauthn: "webauthn"; readonly Code: "code"; readonly Passkey: "passkey"; readonly Profile: "profile"; readonly Saml: "saml"; readonly LinkRecovery: "link_recovery"; readonly CodeRecovery: "code_recovery"; readonly UnknownDefaultOpenApi: "11184809"; }; export type RegistrationFlowActiveEnum = typeof RegistrationFlowActiveEnum[keyof typeof RegistrationFlowActiveEnum]; /** * The experimental state represents the state of a registration flow. This field is EXPERIMENTAL and subject to change! */ export declare const RegistrationFlowState: { readonly ChooseMethod: "choose_method"; readonly SentEmail: "sent_email"; readonly PassedChallenge: "passed_challenge"; readonly UnknownDefaultOpenApi: "11184809"; }; export type RegistrationFlowState = typeof RegistrationFlowState[keyof typeof RegistrationFlowState]; /** * Is sent when a flow is expired */ export interface SelfServiceFlowExpiredError { 'error'?: GenericError; /** * When the flow has expired */ 'expired_at'?: string; /** * A Duration represents the elapsed time between two instants as an int64 nanosecond count. The representation limits the largest representable duration to approximately 290 years. */ 'since'?: number; /** * The flow ID that should be used for the new flow as it contains the correct messages. */ 'use_flow_id'?: string; } /** * A Session */ export interface Session { /** * Active state. If false the session is no longer active. */ 'active'?: boolean; /** * The Session Authentication Timestamp When this session was authenticated at. If multi-factor authentication was used this is the time when the last factor was authenticated (e.g. the TOTP code challenge was completed). */ 'authenticated_at'?: string; /** * A list of authenticators which were used to authenticate the session. */ 'authentication_methods'?: Array; 'authenticator_assurance_level'?: AuthenticatorAssuranceLevel; /** * Devices has history of all endpoints where the session was used */ 'devices'?: Array; /** * The Session Expiry When this session expires at. */ 'expires_at'?: string; /** * Session ID */ 'id': string; 'identity'?: Identity; /** * The Session Issuance Timestamp When this session was issued at. Usually equal or close to `authenticated_at`. */ 'issued_at'?: string; /** * Tokenized is the tokenized (e.g. JWT) version of the session. It is only set when the `tokenize_as` query parameter was set to a valid tokenize template during calls to `/session/whoami`. */ 'tokenized'?: string; } /** * A singular authenticator used during authentication / login. */ export interface SessionAuthenticationMethod { 'aal'?: AuthenticatorAssuranceLevel; /** * When the authentication challenge was completed. */ 'completed_at'?: string; /** * The method used in this authenticator. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML link_recovery CredentialsTypeRecoveryLink CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow). It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode */ 'method'?: SessionAuthenticationMethodMethodEnum; /** * The Organization id used for authentication */ 'organization'?: string; /** * OIDC or SAML provider id used for authentication */ 'provider'?: string; } export declare const SessionAuthenticationMethodMethodEnum: { readonly Password: "password"; readonly Oidc: "oidc"; readonly Totp: "totp"; readonly LookupSecret: "lookup_secret"; readonly Webauthn: "webauthn"; readonly Code: "code"; readonly Passkey: "passkey"; readonly Profile: "profile"; readonly Saml: "saml"; readonly LinkRecovery: "link_recovery"; readonly CodeRecovery: "code_recovery"; readonly UnknownDefaultOpenApi: "11184809"; }; export type SessionAuthenticationMethodMethodEnum = typeof SessionAuthenticationMethodMethodEnum[keyof typeof SessionAuthenticationMethodMethodEnum]; /** * Device corresponding to a Session */ export interface SessionDevice { /** * Device record ID */ 'id': string; /** * IPAddress of the client */ 'ip_address'?: string; /** * Geo Location corresponding to the IP Address */ 'location'?: string; /** * UserAgent of the client */ 'user_agent'?: string; } /** * This flow is used when an identity wants to update settings (e.g. profile data, passwords, ...) in a selfservice manner. We recommend reading the [User Settings Documentation](../self-service/flows/user-settings) */ export interface SettingsFlow { /** * Active, if set, contains the registration method that is being used. It is initially not set. */ 'active'?: string; /** * Contains a list of actions, that could follow this flow It can, for example, contain a reference to the verification flow, created as part of the user\'s registration. */ 'continue_with'?: Array; /** * ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to update the setting, a new flow has to be initiated. */ 'expires_at': string; /** * ID represents the flow\'s unique ID. When performing the settings flow, this represents the id in the settings ui\'s query parameter: http://?flow= */ 'id': string; 'identity': Identity; /** * IssuedAt is the time (UTC) when the flow occurred. */ 'issued_at': string; /** * RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL\'s path or query for example. */ 'request_url': string; /** * ReturnTo contains the requested return_to URL. */ 'return_to'?: string; /** * State represents the state of this flow. It knows two states: show_form: No user data has been collected, or it is invalid, and thus the form should be shown. success: Indicates that the settings flow has been updated successfully with the provided data. Done will stay true when repeatedly checking. If set to true, done will revert back to false only when a flow with invalid (e.g. \"please use a valid phone number\") data was sent. */ 'state': any; /** * TransientPayload is used to pass data from the settings flow to hooks and email templates */ 'transient_payload'?: object; /** * The flow type can either be `api` or `browser`. */ 'type': string; 'ui': UiContainer; } /** * The experimental state represents the state of a settings flow. This field is EXPERIMENTAL and subject to change! */ export declare const SettingsFlowState: { readonly ShowForm: "show_form"; readonly Success: "success"; readonly UnknownDefaultOpenApi: "11184809"; }; export type SettingsFlowState = typeof SettingsFlowState[keyof typeof SettingsFlowState]; /** * The Response for Registration Flows via API */ export interface SuccessfulCodeExchangeResponse { 'session': Session; /** * The Session Token A session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization Header: Authorization: bearer ${session-token} The session token is only issued for API flows, not for Browser flows! */ 'session_token'?: string; } /** * The Response for Login Flows via API */ export interface SuccessfulNativeLogin { /** * Contains a list of actions, that could follow this flow It can, for example, this will contain a reference to the verification flow, created as part of the user\'s registration or the token of the session. */ 'continue_with'?: Array; 'session': Session; /** * The Session Token A session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization Header: Authorization: bearer ${session-token} The session token is only issued for API flows, not for Browser flows! */ 'session_token'?: string; } /** * The Response for Registration Flows via API */ export interface SuccessfulNativeRegistration { /** * Contains a list of actions, that could follow this flow It can, for example, this will contain a reference to the verification flow, created as part of the user\'s registration or the token of the session. */ 'continue_with'?: Array; 'identity': Identity; 'session'?: Session; /** * The Session Token This field is only set when the session hook is configured as a post-registration hook. A session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization Header: Authorization: bearer ${session-token} The session token is only issued for API flows, not for Browser flows! */ 'session_token'?: string; } export interface TokenPagination { /** * Items per page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). */ 'page_size'?: number; /** * Next Page Token The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). */ 'page_token'?: string; } export interface TokenPaginationHeaders { /** * The link header contains pagination links. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). in: header */ 'link'?: string; /** * The total number of clients. in: header */ 'x-total-count'?: string; } /** * Container represents a HTML Form. The container can work with both HTTP Form and JSON requests */ export interface UiContainer { /** * Action should be used as the form action URL `
`. */ 'action': string; 'messages'?: Array; /** * Method is the form method (e.g. POST) */ 'method': string; 'nodes': Array; } /** * Nodes are represented as HTML elements or their native UI equivalents. For example, a node can be an `` tag, or an `` but also `some plain text`. */ export interface UiNode { 'attributes': UiNodeAttributes; /** * Group specifies which group (e.g. password authenticator) this node belongs to. default DefaultGroup password PasswordGroup oidc OpenIDConnectGroup profile ProfileGroup link LinkGroup code CodeGroup totp TOTPGroup lookup_secret LookupGroup webauthn WebAuthnGroup passkey PasskeyGroup identifier_first IdentifierFirstGroup captcha CaptchaGroup saml SAMLGroup */ 'group': UiNodeGroupEnum; 'messages': Array; 'meta': UiNodeMeta; /** * The node\'s type text Text input Input img Image a Anchor script Script div Division */ 'type': UiNodeTypeEnum; } export declare const UiNodeGroupEnum: { readonly Default: "default"; readonly Password: "password"; readonly Oidc: "oidc"; readonly Profile: "profile"; readonly Link: "link"; readonly Code: "code"; readonly Totp: "totp"; readonly LookupSecret: "lookup_secret"; readonly Webauthn: "webauthn"; readonly Passkey: "passkey"; readonly IdentifierFirst: "identifier_first"; readonly Captcha: "captcha"; readonly Saml: "saml"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UiNodeGroupEnum = typeof UiNodeGroupEnum[keyof typeof UiNodeGroupEnum]; export declare const UiNodeTypeEnum: { readonly Text: "text"; readonly Input: "input"; readonly Img: "img"; readonly A: "a"; readonly Script: "script"; readonly Div: "div"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UiNodeTypeEnum = typeof UiNodeTypeEnum[keyof typeof UiNodeTypeEnum]; export interface UiNodeAnchorAttributes { /** * The link\'s href (destination) URL. format: uri */ 'href': string; /** * A unique identifier */ 'id': string; /** * NodeType represents this node\'s types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"a\". text Text input Input img Image a Anchor script Script div Division */ 'node_type': UiNodeAnchorAttributesNodeTypeEnum; 'title': UiText; } export declare const UiNodeAnchorAttributesNodeTypeEnum: { readonly A: "a"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UiNodeAnchorAttributesNodeTypeEnum = typeof UiNodeAnchorAttributesNodeTypeEnum[keyof typeof UiNodeAnchorAttributesNodeTypeEnum]; /** * @type UiNodeAttributes */ export type UiNodeAttributes = { node_type: 'a'; } & UiNodeAnchorAttributes | { node_type: 'div'; } & UiNodeDivisionAttributes | { node_type: 'img'; } & UiNodeImageAttributes | { node_type: 'input'; } & UiNodeInputAttributes | { node_type: 'script'; } & UiNodeScriptAttributes | { node_type: 'text'; } & UiNodeTextAttributes; /** * Division sections are used for interactive widgets that require a hook in the DOM / view. */ export interface UiNodeDivisionAttributes { /** * A classname that should be rendered into the DOM. */ 'class'?: string; /** * Data is a map of key-value pairs that are passed to the division. They may be used for `data-...` attributes. */ 'data'?: { [key: string]: string; }; /** * A unique identifier */ 'id': string; /** * NodeType represents this node\'s type. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"script\". text Text input Input img Image a Anchor script Script div Division */ 'node_type': UiNodeDivisionAttributesNodeTypeEnum; } export declare const UiNodeDivisionAttributesNodeTypeEnum: { readonly Div: "div"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UiNodeDivisionAttributesNodeTypeEnum = typeof UiNodeDivisionAttributesNodeTypeEnum[keyof typeof UiNodeDivisionAttributesNodeTypeEnum]; export interface UiNodeImageAttributes { /** * Height of the image */ 'height': number; /** * A unique identifier */ 'id': string; /** * NodeType represents this node\'s types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"img\". text Text input Input img Image a Anchor script Script div Division */ 'node_type': UiNodeImageAttributesNodeTypeEnum; /** * The image\'s source URL. format: uri */ 'src': string; /** * Width of the image */ 'width': number; } export declare const UiNodeImageAttributesNodeTypeEnum: { readonly Img: "img"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UiNodeImageAttributesNodeTypeEnum = typeof UiNodeImageAttributesNodeTypeEnum[keyof typeof UiNodeImageAttributesNodeTypeEnum]; /** * InputAttributes represents the attributes of an input node */ export interface UiNodeInputAttributes { /** * The autocomplete attribute for the input. email InputAttributeAutocompleteEmail tel InputAttributeAutocompleteTel url InputAttributeAutocompleteUrl current-password InputAttributeAutocompleteCurrentPassword new-password InputAttributeAutocompleteNewPassword one-time-code InputAttributeAutocompleteOneTimeCode username webauthn InputAttributeAutocompleteUsernameWebauthn */ 'autocomplete'?: UiNodeInputAttributesAutocompleteEnum; /** * Sets the input\'s disabled field to true or false. */ 'disabled': boolean; 'label'?: UiText; /** * MaxLength may contain the input\'s maximum length. */ 'maxlength'?: number; /** * The input\'s element name. */ 'name': string; /** * NodeType represents this node\'s types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"input\". text Text input Input img Image a Anchor script Script div Division */ 'node_type': UiNodeInputAttributesNodeTypeEnum; /** * OnClick may contain javascript which should be executed on click. This is primarily used for WebAuthn. Deprecated: Using OnClick requires the use of eval() which is a security risk. Use OnClickTrigger instead. */ 'onclick'?: string; /** * OnClickTrigger may contain a WebAuthn trigger which should be executed on click. The trigger maps to a JavaScript function provided by Ory, which triggers actions such as PassKey registration or login. oryWebAuthnRegistration WebAuthnTriggersWebAuthnRegistration oryWebAuthnLogin WebAuthnTriggersWebAuthnLogin oryPasskeyLogin WebAuthnTriggersPasskeyLogin oryPasskeyLoginAutocompleteInit WebAuthnTriggersPasskeyLoginAutocompleteInit oryPasskeyRegistration WebAuthnTriggersPasskeyRegistration oryPasskeySettingsRegistration WebAuthnTriggersPasskeySettingsRegistration */ 'onclickTrigger'?: UiNodeInputAttributesOnclickTriggerEnum; /** * OnLoad may contain javascript which should be executed on load. This is primarily used for WebAuthn. Deprecated: Using OnLoad requires the use of eval() which is a security risk. Use OnLoadTrigger instead. */ 'onload'?: string; /** * OnLoadTrigger may contain a WebAuthn trigger which should be executed on load. The trigger maps to a JavaScript function provided by Ory, which triggers actions such as PassKey registration or login. oryWebAuthnRegistration WebAuthnTriggersWebAuthnRegistration oryWebAuthnLogin WebAuthnTriggersWebAuthnLogin oryPasskeyLogin WebAuthnTriggersPasskeyLogin oryPasskeyLoginAutocompleteInit WebAuthnTriggersPasskeyLoginAutocompleteInit oryPasskeyRegistration WebAuthnTriggersPasskeyRegistration oryPasskeySettingsRegistration WebAuthnTriggersPasskeySettingsRegistration */ 'onloadTrigger'?: UiNodeInputAttributesOnloadTriggerEnum; /** * The input\'s pattern. */ 'pattern'?: string; /** * Mark this input field as required. */ 'required'?: boolean; /** * The input\'s element type. text InputAttributeTypeText password InputAttributeTypePassword number InputAttributeTypeNumber checkbox InputAttributeTypeCheckbox hidden InputAttributeTypeHidden email InputAttributeTypeEmail tel InputAttributeTypeTel submit InputAttributeTypeSubmit button InputAttributeTypeButton datetime-local InputAttributeTypeDateTimeLocal date InputAttributeTypeDate url InputAttributeTypeURI */ 'type': UiNodeInputAttributesTypeEnum; /** * The input\'s value. */ 'value'?: any | null; } export declare const UiNodeInputAttributesAutocompleteEnum: { readonly Email: "email"; readonly Tel: "tel"; readonly Url: "url"; readonly CurrentPassword: "current-password"; readonly NewPassword: "new-password"; readonly OneTimeCode: "one-time-code"; readonly UsernameWebauthn: "username webauthn"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UiNodeInputAttributesAutocompleteEnum = typeof UiNodeInputAttributesAutocompleteEnum[keyof typeof UiNodeInputAttributesAutocompleteEnum]; export declare const UiNodeInputAttributesNodeTypeEnum: { readonly Input: "input"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UiNodeInputAttributesNodeTypeEnum = typeof UiNodeInputAttributesNodeTypeEnum[keyof typeof UiNodeInputAttributesNodeTypeEnum]; export declare const UiNodeInputAttributesOnclickTriggerEnum: { readonly OryWebAuthnRegistration: "oryWebAuthnRegistration"; readonly OryWebAuthnLogin: "oryWebAuthnLogin"; readonly OryPasskeyLogin: "oryPasskeyLogin"; readonly OryPasskeyLoginAutocompleteInit: "oryPasskeyLoginAutocompleteInit"; readonly OryPasskeyRegistration: "oryPasskeyRegistration"; readonly OryPasskeySettingsRegistration: "oryPasskeySettingsRegistration"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UiNodeInputAttributesOnclickTriggerEnum = typeof UiNodeInputAttributesOnclickTriggerEnum[keyof typeof UiNodeInputAttributesOnclickTriggerEnum]; export declare const UiNodeInputAttributesOnloadTriggerEnum: { readonly OryWebAuthnRegistration: "oryWebAuthnRegistration"; readonly OryWebAuthnLogin: "oryWebAuthnLogin"; readonly OryPasskeyLogin: "oryPasskeyLogin"; readonly OryPasskeyLoginAutocompleteInit: "oryPasskeyLoginAutocompleteInit"; readonly OryPasskeyRegistration: "oryPasskeyRegistration"; readonly OryPasskeySettingsRegistration: "oryPasskeySettingsRegistration"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UiNodeInputAttributesOnloadTriggerEnum = typeof UiNodeInputAttributesOnloadTriggerEnum[keyof typeof UiNodeInputAttributesOnloadTriggerEnum]; export declare const UiNodeInputAttributesTypeEnum: { readonly Text: "text"; readonly Password: "password"; readonly Number: "number"; readonly Checkbox: "checkbox"; readonly Hidden: "hidden"; readonly Email: "email"; readonly Tel: "tel"; readonly Submit: "submit"; readonly Button: "button"; readonly DatetimeLocal: "datetime-local"; readonly Date: "date"; readonly Url: "url"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UiNodeInputAttributesTypeEnum = typeof UiNodeInputAttributesTypeEnum[keyof typeof UiNodeInputAttributesTypeEnum]; /** * This might include a label and other information that can optionally be used to render UIs. */ export interface UiNodeMeta { 'label'?: UiText; } export interface UiNodeScriptAttributes { /** * The script async type */ 'async': boolean; /** * The script cross origin policy */ 'crossorigin': string; /** * A unique identifier */ 'id': string; /** * The script\'s integrity hash */ 'integrity': string; /** * NodeType represents this node\'s types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"script\". text Text input Input img Image a Anchor script Script div Division */ 'node_type': UiNodeScriptAttributesNodeTypeEnum; /** * Nonce for CSP A nonce you may want to use to improve your Content Security Policy. You do not have to use this value but if you want to improve your CSP policies you may use it. You can also choose to use your own nonce value! */ 'nonce': string; /** * The script referrer policy */ 'referrerpolicy': string; /** * The script source */ 'src': string; /** * The script MIME type */ 'type': string; } export declare const UiNodeScriptAttributesNodeTypeEnum: { readonly Script: "script"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UiNodeScriptAttributesNodeTypeEnum = typeof UiNodeScriptAttributesNodeTypeEnum[keyof typeof UiNodeScriptAttributesNodeTypeEnum]; export interface UiNodeTextAttributes { /** * A unique identifier */ 'id': string; /** * NodeType represents this node\'s types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"text\". text Text input Input img Image a Anchor script Script div Division */ 'node_type': UiNodeTextAttributesNodeTypeEnum; 'text': UiText; } export declare const UiNodeTextAttributesNodeTypeEnum: { readonly Text: "text"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UiNodeTextAttributesNodeTypeEnum = typeof UiNodeTextAttributesNodeTypeEnum[keyof typeof UiNodeTextAttributesNodeTypeEnum]; export interface UiText { /** * The message\'s context. Useful when customizing messages. */ 'context'?: object; 'id': number; /** * The message text. Written in american english. */ 'text': string; /** * The message type. info Info error Error success Success */ 'type': UiTextTypeEnum; } export declare const UiTextTypeEnum: { readonly Info: "info"; readonly Error: "error"; readonly Success: "success"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UiTextTypeEnum = typeof UiTextTypeEnum[keyof typeof UiTextTypeEnum]; export interface UpdateFedcmFlowBody { /** * CSRFToken is the anti-CSRF token. */ 'csrf_token': string; /** * Nonce is the nonce that was used in the `navigator.credentials.get` call. If specified, it must match the `nonce` claim in the token. */ 'nonce'?: string; /** * Token contains the result of `navigator.credentials.get`. */ 'token': string; /** * Transient data to pass along to any webhooks. */ 'transient_payload'?: object; } /** * Update Identity Body */ export interface UpdateIdentityBody { 'credentials'?: IdentityWithCredentials; /** * ExternalID is an optional external ID of the identity. This is used to link the identity to an external system. If set, the external ID must be unique across all identities. */ 'external_id'?: string; /** * Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`. */ 'metadata_admin'?: any; /** * Store metadata about the identity which the identity itself can see when calling for example the session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field. */ 'metadata_public'?: any; /** * SchemaID is the ID of the JSON Schema to be used for validating the identity\'s traits. If set will update the Identity\'s SchemaID. */ 'schema_id': string; /** * State is the identity\'s state. active StateActive inactive StateInactive */ 'state': UpdateIdentityBodyStateEnum; /** * Traits represent an identity\'s traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_id`. */ 'traits': object; } export declare const UpdateIdentityBodyStateEnum: { readonly Active: "active"; readonly Inactive: "inactive"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UpdateIdentityBodyStateEnum = typeof UpdateIdentityBodyStateEnum[keyof typeof UpdateIdentityBodyStateEnum]; /** * @type UpdateLoginFlowBody */ export type UpdateLoginFlowBody = { method: 'code'; } & UpdateLoginFlowWithCodeMethod | { method: 'identifier_first'; } & UpdateLoginFlowWithIdentifierFirstMethod | { method: 'lookup_secret'; } & UpdateLoginFlowWithLookupSecretMethod | { method: 'oidc'; } & UpdateLoginFlowWithOidcMethod | { method: 'passkey'; } & UpdateLoginFlowWithPasskeyMethod | { method: 'password'; } & UpdateLoginFlowWithPasswordMethod | { method: 'saml'; } & UpdateLoginFlowWithSamlMethod | { method: 'totp'; } & UpdateLoginFlowWithTotpMethod | { method: 'webauthn'; } & UpdateLoginFlowWithWebAuthnMethod; /** * Update Login flow using the code method */ export interface UpdateLoginFlowWithCodeMethod { /** * Address is the address to send the code to, in case that there are multiple addresses. This field is only used in two-factor flows and is ineffective for passwordless flows. */ 'address'?: string; /** * Code is the 6 digits code sent to the user */ 'code'?: string; /** * CSRFToken is the anti-CSRF token */ 'csrf_token': string; /** * Identifier is the code identifier The identifier requires that the user has already completed the registration or settings with code flow. */ 'identifier'?: string; /** * Method should be set to \"code\" when logging in using the code strategy. */ 'method': string; /** * Resend is set when the user wants to resend the code */ 'resend'?: string; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } /** * Update Login Flow with Multi-Step Method */ export interface UpdateLoginFlowWithIdentifierFirstMethod { /** * Sending the anti-csrf token is only required for browser login flows. */ 'csrf_token'?: string; /** * Identifier is the email or username of the user trying to log in. */ 'identifier': string; /** * Method should be set to \"password\" when logging in using the identifier and password strategy. */ 'method': string; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } /** * Update Login Flow with Lookup Secret Method */ export interface UpdateLoginFlowWithLookupSecretMethod { /** * Sending the anti-csrf token is only required for browser login flows. */ 'csrf_token'?: string; /** * The lookup secret. */ 'lookup_secret': string; /** * Method should be set to \"lookup_secret\" when logging in using the lookup_secret strategy. */ 'method': string; } /** * Update Login Flow with OpenID Connect Method */ export interface UpdateLoginFlowWithOidcMethod { /** * The CSRF Token */ 'csrf_token'?: string; /** * IDToken is an optional id token provided by an OIDC provider If submitted, it is verified using the OIDC provider\'s public key set and the claims are used to populate the OIDC credentials of the identity. If the OIDC provider does not store additional claims (such as name, etc.) in the IDToken itself, you can use the `traits` field to populate the identity\'s traits. Note, that Apple only includes the users email in the IDToken. Supported providers are Apple Google */ 'id_token'?: string; /** * IDTokenNonce is the nonce, used when generating the IDToken. If the provider supports nonce validation, the nonce will be validated against this value and required. */ 'id_token_nonce'?: string; /** * Method to use This field must be set to `oidc` when using the oidc method. */ 'method': string; /** * The provider to register with */ 'provider': string; /** * The identity traits. This is a placeholder for the registration flow. */ 'traits'?: object; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; /** * UpstreamParameters are the parameters that are passed to the upstream identity provider. These parameters are optional and depend on what the upstream identity provider supports. Supported parameters are: `login_hint` (string): The `login_hint` parameter suppresses the account chooser and either pre-fills the email box on the sign-in form, or selects the proper session. `hd` (string): The `hd` parameter limits the login/registration process to a Google Organization, e.g. `mycollege.edu`. `prompt` (string): The `prompt` specifies whether the Authorization Server prompts the End-User for reauthentication and consent, e.g. `select_account`. `acr_values` (string): The `acr_values` specifies the Authentication Context Class Reference values for the authorization request. */ 'upstream_parameters'?: object; } /** * Update Login Flow with Passkey Method */ export interface UpdateLoginFlowWithPasskeyMethod { /** * Sending the anti-csrf token is only required for browser login flows. */ 'csrf_token'?: string; /** * Method should be set to \"passkey\" when logging in using the Passkey strategy. */ 'method': string; /** * Login a WebAuthn Security Key This must contain the ID of the WebAuthN connection. */ 'passkey_login'?: string; } /** * Update Login Flow with Password Method */ export interface UpdateLoginFlowWithPasswordMethod { /** * Sending the anti-csrf token is only required for browser login flows. */ 'csrf_token'?: string; /** * Identifier is the email or username of the user trying to log in. */ 'identifier': string; /** * Method should be set to \"password\" when logging in using the identifier and password strategy. */ 'method': string; /** * The user\'s password. */ 'password': string; /** * Identifier is the email or username of the user trying to log in. This field is deprecated! */ 'password_identifier'?: string; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } /** * Update login flow using SAML */ export interface UpdateLoginFlowWithSamlMethod { /** * The CSRF Token */ 'csrf_token'?: string; /** * Method to use This field must be set to `saml` when using the saml method. */ 'method': string; /** * The provider to register with */ 'provider': string; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } /** * Update Login Flow with TOTP Method */ export interface UpdateLoginFlowWithTotpMethod { /** * Sending the anti-csrf token is only required for browser login flows. */ 'csrf_token'?: string; /** * Method should be set to \"totp\" when logging in using the TOTP strategy. */ 'method': string; /** * The TOTP code. */ 'totp_code': string; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } /** * Update Login Flow with WebAuthn Method */ export interface UpdateLoginFlowWithWebAuthnMethod { /** * Sending the anti-csrf token is only required for browser login flows. */ 'csrf_token'?: string; /** * Identifier is the email or username of the user trying to log in. */ 'identifier': string; /** * Method should be set to \"webAuthn\" when logging in using the WebAuthn strategy. */ 'method': string; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; /** * Login a WebAuthn Security Key This must contain the ID of the WebAuthN connection. */ 'webauthn_login'?: string; } /** * @type UpdateRecoveryFlowBody * Update Recovery Flow Request Body */ export type UpdateRecoveryFlowBody = { method: 'code'; } & UpdateRecoveryFlowWithCodeMethod | { method: 'link'; } & UpdateRecoveryFlowWithLinkMethod; /** * Update Recovery Flow with Code Method */ export interface UpdateRecoveryFlowWithCodeMethod { /** * Code from the recovery email If you want to submit a code, use this field, but make sure to _not_ include the email field, as well. */ 'code'?: string; /** * Sending the anti-csrf token is only required for browser login flows. */ 'csrf_token'?: string; /** * The email address of the account to recover If the email belongs to a valid account, a recovery email will be sent. If you want to notify the email address if the account does not exist, see the [notify_unknown_recipients flag](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset#attempted-recovery-notifications) If a code was already sent, including this field in the payload will invalidate the sent code and re-send a new code. format: email */ 'email'?: string; /** * Method is the method that should be used for this recovery flow Allowed values are `link` and `code`. link RecoveryStrategyLink code RecoveryStrategyCode */ 'method': UpdateRecoveryFlowWithCodeMethodMethodEnum; /** * A recovery address that is registered for the user. It can be an email, a phone number (to receive the code via SMS), etc. Used in RecoveryV2. */ 'recovery_address'?: string; /** * If there are multiple recovery addresses registered for the user, and the initially provided address is different from the address chosen when the choice (of masked addresses) is presented, then we need to make sure that the user actually knows the full address to avoid information exfiltration, so we ask for the full address. Used in RecoveryV2. */ 'recovery_confirm_address'?: string; /** * If there are multiple addresses registered for the user, a choice is presented and this field stores the result of this choice. Addresses are \'masked\' (never sent in full to the client and shown partially in the UI) since at this point in the recovery flow, the user has not yet proven that it knows the full address and we want to avoid information exfiltration. So for all intents and purposes, the value of this field should be treated as an opaque identifier. Used in RecoveryV2. */ 'recovery_select_address'?: string; /** * Set to \"previous\" to go back in the flow, meaningfully. Used in RecoveryV2. */ 'screen'?: string; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } export declare const UpdateRecoveryFlowWithCodeMethodMethodEnum: { readonly Link: "link"; readonly Code: "code"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UpdateRecoveryFlowWithCodeMethodMethodEnum = typeof UpdateRecoveryFlowWithCodeMethodMethodEnum[keyof typeof UpdateRecoveryFlowWithCodeMethodMethodEnum]; /** * Update Recovery Flow with Link Method */ export interface UpdateRecoveryFlowWithLinkMethod { /** * Sending the anti-csrf token is only required for browser login flows. */ 'csrf_token'?: string; /** * Email to Recover Needs to be set when initiating the flow. If the email is a registered recovery email, a recovery link will be sent. If the email is not known, an email with details on what happened will be sent instead. format: email */ 'email': string; /** * Method is the method that should be used for this recovery flow Allowed values are `link` and `code` link RecoveryStrategyLink code RecoveryStrategyCode */ 'method': UpdateRecoveryFlowWithLinkMethodMethodEnum; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } export declare const UpdateRecoveryFlowWithLinkMethodMethodEnum: { readonly Link: "link"; readonly Code: "code"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UpdateRecoveryFlowWithLinkMethodMethodEnum = typeof UpdateRecoveryFlowWithLinkMethodMethodEnum[keyof typeof UpdateRecoveryFlowWithLinkMethodMethodEnum]; /** * @type UpdateRegistrationFlowBody * Update Registration Request Body */ export type UpdateRegistrationFlowBody = { method: 'code'; } & UpdateRegistrationFlowWithCodeMethod | { method: 'oidc'; } & UpdateRegistrationFlowWithOidcMethod | { method: 'passkey'; } & UpdateRegistrationFlowWithPasskeyMethod | { method: 'password'; } & UpdateRegistrationFlowWithPasswordMethod | { method: 'profile'; } & UpdateRegistrationFlowWithProfileMethod | { method: 'saml'; } & UpdateRegistrationFlowWithSamlMethod | { method: 'webauthn'; } & UpdateRegistrationFlowWithWebAuthnMethod; /** * Update Registration Flow with Code Method */ export interface UpdateRegistrationFlowWithCodeMethod { /** * The OTP Code sent to the user */ 'code'?: string; /** * The CSRF Token */ 'csrf_token'?: string; /** * Method to use This field must be set to `code` when using the code method. */ 'method': string; /** * Resend restarts the flow with a new code */ 'resend'?: string; /** * The identity\'s traits */ 'traits': object; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } /** * Update Registration Flow with OpenID Connect Method */ export interface UpdateRegistrationFlowWithOidcMethod { /** * The CSRF Token */ 'csrf_token'?: string; /** * IDToken is an optional id token provided by an OIDC provider If submitted, it is verified using the OIDC provider\'s public key set and the claims are used to populate the OIDC credentials of the identity. If the OIDC provider does not store additional claims (such as name, etc.) in the IDToken itself, you can use the `traits` field to populate the identity\'s traits. Note, that Apple only includes the users email in the IDToken. Supported providers are Apple Google */ 'id_token'?: string; /** * IDTokenNonce is the nonce, used when generating the IDToken. If the provider supports nonce validation, the nonce will be validated against this value and is required. */ 'id_token_nonce'?: string; /** * Method to use This field must be set to `oidc` when using the oidc method. */ 'method': string; /** * The provider to register with */ 'provider': string; /** * The identity traits */ 'traits'?: object; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; /** * UpstreamParameters are the parameters that are passed to the upstream identity provider. These parameters are optional and depend on what the upstream identity provider supports. Supported parameters are: `login_hint` (string): The `login_hint` parameter suppresses the account chooser and either pre-fills the email box on the sign-in form, or selects the proper session. `hd` (string): The `hd` parameter limits the login/registration process to a Google Organization, e.g. `mycollege.edu`. `prompt` (string): The `prompt` specifies whether the Authorization Server prompts the End-User for reauthentication and consent, e.g. `select_account`. `acr_values` (string): The `acr_values` specifies the Authentication Context Class Reference values for the authorization request. */ 'upstream_parameters'?: object; } /** * Update Registration Flow with Passkey Method */ export interface UpdateRegistrationFlowWithPasskeyMethod { /** * CSRFToken is the anti-CSRF token */ 'csrf_token'?: string; /** * Method Should be set to \"passkey\" when trying to add, update, or remove a Passkey. */ 'method': string; /** * Register a WebAuthn Security Key It is expected that the JSON returned by the WebAuthn registration process is included here. */ 'passkey_register'?: string; /** * The identity\'s traits */ 'traits': object; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } /** * Update Registration Flow with Password Method */ export interface UpdateRegistrationFlowWithPasswordMethod { /** * The CSRF Token */ 'csrf_token'?: string; /** * Method to use This field must be set to `password` when using the password method. */ 'method': string; /** * Password to sign the user up with */ 'password': string; /** * The identity\'s traits */ 'traits': object; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } /** * Update Registration Flow with Profile Method */ export interface UpdateRegistrationFlowWithProfileMethod { /** * The Anti-CSRF Token This token is only required when performing browser flows. */ 'csrf_token'?: string; /** * Method Should be set to profile when trying to update a profile. */ 'method': string; /** * Screen requests navigation to a previous screen. This must be set to credential-selection to go back to the credential selection screen. credential-selection RegistrationScreenCredentialSelection nolint:gosec // not a credential previous RegistrationScreenPrevious */ 'screen'?: UpdateRegistrationFlowWithProfileMethodScreenEnum; /** * Traits The identity\'s traits. */ 'traits': object; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } export declare const UpdateRegistrationFlowWithProfileMethodScreenEnum: { readonly CredentialSelection: "credential-selection"; readonly Previous: "previous"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UpdateRegistrationFlowWithProfileMethodScreenEnum = typeof UpdateRegistrationFlowWithProfileMethodScreenEnum[keyof typeof UpdateRegistrationFlowWithProfileMethodScreenEnum]; /** * Update registration flow using SAML */ export interface UpdateRegistrationFlowWithSamlMethod { /** * The CSRF Token */ 'csrf_token'?: string; /** * Method to use This field must be set to `saml` when using the saml method. */ 'method': string; /** * The provider to register with */ 'provider': string; /** * The identity traits */ 'traits'?: object; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } /** * Update Registration Flow with WebAuthn Method */ export interface UpdateRegistrationFlowWithWebAuthnMethod { /** * CSRFToken is the anti-CSRF token */ 'csrf_token'?: string; /** * Method Should be set to \"webauthn\" when trying to add, update, or remove a webAuthn pairing. */ 'method': string; /** * The identity\'s traits */ 'traits': object; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; /** * Register a WebAuthn Security Key It is expected that the JSON returned by the WebAuthn registration process is included here. */ 'webauthn_register'?: string; /** * Name of the WebAuthn Security Key to be Added A human-readable name for the security key which will be added. */ 'webauthn_register_displayname'?: string; } /** * @type UpdateSettingsFlowBody * Update Settings Flow Request Body */ export type UpdateSettingsFlowBody = { method: 'lookup_secret'; } & UpdateSettingsFlowWithLookupMethod | { method: 'oidc'; } & UpdateSettingsFlowWithOidcMethod | { method: 'passkey'; } & UpdateSettingsFlowWithPasskeyMethod | { method: 'password'; } & UpdateSettingsFlowWithPasswordMethod | { method: 'profile'; } & UpdateSettingsFlowWithProfileMethod | { method: 'saml'; } & UpdateSettingsFlowWithSamlMethod | { method: 'totp'; } & UpdateSettingsFlowWithTotpMethod | { method: 'webauthn'; } & UpdateSettingsFlowWithWebAuthnMethod; /** * Update Settings Flow with Lookup Method */ export interface UpdateSettingsFlowWithLookupMethod { /** * CSRFToken is the anti-CSRF token */ 'csrf_token'?: string; /** * If set to true will save the regenerated lookup secrets */ 'lookup_secret_confirm'?: boolean; /** * Disables this method if true. */ 'lookup_secret_disable'?: boolean; /** * If set to true will regenerate the lookup secrets */ 'lookup_secret_regenerate'?: boolean; /** * If set to true will reveal the lookup secrets */ 'lookup_secret_reveal'?: boolean; /** * Method Should be set to \"lookup\" when trying to add, update, or remove a lookup pairing. */ 'method': string; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } /** * Update Settings Flow with OpenID Connect Method */ export interface UpdateSettingsFlowWithOidcMethod { /** * Flow ID is the flow\'s ID. in: query */ 'flow'?: string; /** * Link this provider Either this or `unlink` must be set. type: string in: body */ 'link'?: string; /** * Method Should be set to profile when trying to update a profile. */ 'method': string; /** * The identity\'s traits in: body */ 'traits'?: object; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; /** * Unlink this provider Either this or `link` must be set. type: string in: body */ 'unlink'?: string; /** * UpstreamParameters are the parameters that are passed to the upstream identity provider. These parameters are optional and depend on what the upstream identity provider supports. Supported parameters are: `login_hint` (string): The `login_hint` parameter suppresses the account chooser and either pre-fills the email box on the sign-in form, or selects the proper session. `hd` (string): The `hd` parameter limits the login/registration process to a Google Organization, e.g. `mycollege.edu`. `prompt` (string): The `prompt` specifies whether the Authorization Server prompts the End-User for reauthentication and consent, e.g. `select_account`. `acr_values` (string): The `acr_values` specifies the Authentication Context Class Reference values for the authorization request. */ 'upstream_parameters'?: object; } /** * Update Settings Flow with Passkey Method */ export interface UpdateSettingsFlowWithPasskeyMethod { /** * CSRFToken is the anti-CSRF token */ 'csrf_token'?: string; /** * Method Should be set to \"passkey\" when trying to add, update, or remove a webAuthn pairing. */ 'method': string; /** * Remove a WebAuthn Security Key This must contain the ID of the WebAuthN connection. */ 'passkey_remove'?: string; /** * Register a WebAuthn Security Key It is expected that the JSON returned by the WebAuthn registration process is included here. */ 'passkey_settings_register'?: string; } /** * Update Settings Flow with Password Method */ export interface UpdateSettingsFlowWithPasswordMethod { /** * CSRFToken is the anti-CSRF token */ 'csrf_token'?: string; /** * Method Should be set to password when trying to update a password. */ 'method': string; /** * Password is the updated password */ 'password': string; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } /** * Update Settings Flow with Profile Method */ export interface UpdateSettingsFlowWithProfileMethod { /** * The Anti-CSRF Token This token is only required when performing browser flows. */ 'csrf_token'?: string; /** * Method Should be set to profile when trying to update a profile. */ 'method': string; /** * Traits The identity\'s traits. */ 'traits': object; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } /** * Update settings flow using SAML */ export interface UpdateSettingsFlowWithSamlMethod { /** * The CSRF Token */ 'csrf_token'?: string; /** * Flow ID is the flow\'s ID. in: query */ 'flow'?: string; /** * Link this provider Either this or `unlink` must be set. type: string in: body */ 'link'?: string; /** * Method Should be set to saml when trying to update a profile. */ 'method': string; /** * The identity\'s traits in: body */ 'traits'?: object; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; /** * Unlink this provider Either this or `link` must be set. type: string in: body */ 'unlink'?: string; } /** * Update Settings Flow with TOTP Method */ export interface UpdateSettingsFlowWithTotpMethod { /** * CSRFToken is the anti-CSRF token */ 'csrf_token'?: string; /** * Method Should be set to \"totp\" when trying to add, update, or remove a totp pairing. */ 'method': string; /** * ValidationTOTP must contain a valid TOTP based on the */ 'totp_code'?: string; /** * UnlinkTOTP if true will remove the TOTP pairing, effectively removing the credential. This can be used to set up a new TOTP device. */ 'totp_unlink'?: boolean; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } /** * Update Settings Flow with WebAuthn Method */ export interface UpdateSettingsFlowWithWebAuthnMethod { /** * CSRFToken is the anti-CSRF token */ 'csrf_token'?: string; /** * Method Should be set to \"webauthn\" when trying to add, update, or remove a webAuthn pairing. */ 'method': string; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; /** * Register a WebAuthn Security Key It is expected that the JSON returned by the WebAuthn registration process is included here. */ 'webauthn_register'?: string; /** * Name of the WebAuthn Security Key to be Added A human-readable name for the security key which will be added. */ 'webauthn_register_displayname'?: string; /** * Remove a WebAuthn Security Key This must contain the ID of the WebAuthN connection. */ 'webauthn_remove'?: string; } /** * @type UpdateVerificationFlowBody * Update Verification Flow Request Body */ export type UpdateVerificationFlowBody = { method: 'code'; } & UpdateVerificationFlowWithCodeMethod | { method: 'link'; } & UpdateVerificationFlowWithLinkMethod; export interface UpdateVerificationFlowWithCodeMethod { /** * Code from the recovery email If you want to submit a code, use this field, but make sure to _not_ include the email field, as well. */ 'code'?: string; /** * Sending the anti-csrf token is only required for browser login flows. */ 'csrf_token'?: string; /** * The email address to verify If the email belongs to a valid account, a verifiation email will be sent. If you want to notify the email address if the account does not exist, see the [notify_unknown_recipients flag](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation#attempted-verification-notifications) If a code was already sent, including this field in the payload will invalidate the sent code and re-send a new code. format: email */ 'email'?: string; /** * Method is the method that should be used for this verification flow Allowed values are `link` and `code`. link VerificationStrategyLink code VerificationStrategyCode */ 'method': UpdateVerificationFlowWithCodeMethodMethodEnum; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } export declare const UpdateVerificationFlowWithCodeMethodMethodEnum: { readonly Link: "link"; readonly Code: "code"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UpdateVerificationFlowWithCodeMethodMethodEnum = typeof UpdateVerificationFlowWithCodeMethodMethodEnum[keyof typeof UpdateVerificationFlowWithCodeMethodMethodEnum]; /** * Update Verification Flow with Link Method */ export interface UpdateVerificationFlowWithLinkMethod { /** * Sending the anti-csrf token is only required for browser login flows. */ 'csrf_token'?: string; /** * Email to Verify Needs to be set when initiating the flow. If the email is a registered verification email, a verification link will be sent. If the email is not known, a email with details on what happened will be sent instead. format: email */ 'email': string; /** * Method is the method that should be used for this verification flow Allowed values are `link` and `code` link VerificationStrategyLink code VerificationStrategyCode */ 'method': UpdateVerificationFlowWithLinkMethodMethodEnum; /** * Transient data to pass along to any webhooks */ 'transient_payload'?: object; } export declare const UpdateVerificationFlowWithLinkMethodMethodEnum: { readonly Link: "link"; readonly Code: "code"; readonly UnknownDefaultOpenApi: "11184809"; }; export type UpdateVerificationFlowWithLinkMethodMethodEnum = typeof UpdateVerificationFlowWithLinkMethodMethodEnum[keyof typeof UpdateVerificationFlowWithLinkMethodMethodEnum]; /** * VerifiableAddress is an identity\'s verifiable address */ export interface VerifiableIdentityAddress { /** * When this entry was created */ 'created_at'?: string; /** * The ID */ 'id'?: string; /** * VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema */ 'status': string; /** * When this entry was last updated */ 'updated_at'?: string; /** * The address value example foo@user.com */ 'value': string; /** * Indicates if the address has already been verified */ 'verified': boolean; 'verified_at'?: string; /** * The delivery method */ 'via': VerifiableIdentityAddressViaEnum; } export declare const VerifiableIdentityAddressViaEnum: { readonly Email: "email"; readonly Sms: "sms"; readonly UnknownDefaultOpenApi: "11184809"; }; export type VerifiableIdentityAddressViaEnum = typeof VerifiableIdentityAddressViaEnum[keyof typeof VerifiableIdentityAddressViaEnum]; /** * Used to verify an out-of-band communication channel such as an email address or a phone number. For more information head over to: https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation */ export interface VerificationFlow { /** * Active, if set, contains the registration method that is being used. It is initially not set. */ 'active'?: string; /** * ExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address, a new request has to be initiated. */ 'expires_at'?: string; /** * ID represents the request\'s unique ID. When performing the verification flow, this represents the id in the verify ui\'s query parameter: http://?request= type: string format: uuid */ 'id': string; /** * IssuedAt is the time (UTC) when the request occurred. */ 'issued_at'?: string; /** * RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL\'s path or query for example. */ 'request_url'?: string; /** * ReturnTo contains the requested return_to URL. */ 'return_to'?: string; /** * State represents the state of this request: choose_method: ask the user to choose a method (e.g. verify your email) sent_email: the email has been sent to the user passed_challenge: the request was successful and the verification challenge was passed. */ 'state': any; /** * TransientPayload is used to pass data from the verification flow to hooks and email templates */ 'transient_payload'?: object; /** * The flow type can either be `api` or `browser`. */ 'type': string; 'ui': UiContainer; } /** * The experimental state represents the state of a verification flow. This field is EXPERIMENTAL and subject to change! */ export declare const VerificationFlowState: { readonly ChooseMethod: "choose_method"; readonly SentEmail: "sent_email"; readonly PassedChallenge: "passed_challenge"; readonly UnknownDefaultOpenApi: "11184809"; }; export type VerificationFlowState = typeof VerificationFlowState[keyof typeof VerificationFlowState]; export interface Version { /** * Version is the service\'s version. */ 'version'?: string; } /** * CourierApi - axios parameter creator */ export declare const CourierApiAxiosParamCreator: (configuration?: Configuration) => { /** * Gets a specific messages by the given ID. * @summary Get a Message * @param {string} id MessageID is the ID of the message. * @param {*} [options] Override http request option. * @throws {RequiredError} */ getCourierMessage: (id: string, options?: RawAxiosRequestConfig) => Promise; /** * Lists all messages by given status and recipient. * @summary List Messages * @param {number} [pageSize] Items per Page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). * @param {string} [pageToken] Next Page Token The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). * @param {CourierMessageStatus} [status] Status filters out messages based on status. If no value is provided, it doesn\'t take effect on filter. * @param {string} [recipient] Recipient filters out messages based on recipient. If no value is provided, it doesn\'t take effect on filter. * @param {*} [options] Override http request option. * @throws {RequiredError} */ listCourierMessages: (pageSize?: number, pageToken?: string, status?: CourierMessageStatus, recipient?: string, options?: RawAxiosRequestConfig) => Promise; }; /** * CourierApi - functional programming interface */ export declare const CourierApiFp: (configuration?: Configuration) => { /** * Gets a specific messages by the given ID. * @summary Get a Message * @param {string} id MessageID is the ID of the message. * @param {*} [options] Override http request option. * @throws {RequiredError} */ getCourierMessage(id: string, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise>; /** * Lists all messages by given status and recipient. * @summary List Messages * @param {number} [pageSize] Items per Page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). * @param {string} [pageToken] Next Page Token The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). * @param {CourierMessageStatus} [status] Status filters out messages based on status. If no value is provided, it doesn\'t take effect on filter. * @param {string} [recipient] Recipient filters out messages based on recipient. If no value is provided, it doesn\'t take effect on filter. * @param {*} [options] Override http request option. * @throws {RequiredError} */ listCourierMessages(pageSize?: number, pageToken?: string, status?: CourierMessageStatus, recipient?: string, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise>>; }; /** * CourierApi - factory interface */ export declare const CourierApiFactory: (configuration?: Configuration, basePath?: string, axios?: AxiosInstance) => { /** * Gets a specific messages by the given ID. * @summary Get a Message * @param {CourierApiGetCourierMessageRequest} requestParameters Request parameters. * @param {*} [options] Override http request option. * @throws {RequiredError} */ getCourierMessage(requestParameters: CourierApiGetCourierMessageRequest, options?: RawAxiosRequestConfig): AxiosPromise; /** * Lists all messages by given status and recipient. * @summary List Messages * @param {CourierApiListCourierMessagesRequest} requestParameters Request parameters. * @param {*} [options] Override http request option. * @throws {RequiredError} */ listCourierMessages(requestParameters?: CourierApiListCourierMessagesRequest, options?: RawAxiosRequestConfig): AxiosPromise>; }; /** * Request parameters for getCourierMessage operation in CourierApi. */ export interface CourierApiGetCourierMessageRequest { /** * MessageID is the ID of the message. */ readonly id: string; } /** * Request parameters for listCourierMessages operation in CourierApi. */ export interface CourierApiListCourierMessagesRequest { /** * Items per Page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). */ readonly pageSize?: number; /** * Next Page Token The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). */ readonly pageToken?: string; /** * Status filters out messages based on status. If no value is provided, it doesn\'t take effect on filter. */ readonly status?: CourierMessageStatus; /** * Recipient filters out messages based on recipient. If no value is provided, it doesn\'t take effect on filter. */ readonly recipient?: string; } /** * CourierApi - object-oriented interface */ export declare class CourierApi extends BaseAPI { /** * Gets a specific messages by the given ID. * @summary Get a Message * @param {CourierApiGetCourierMessageRequest} requestParameters Request parameters. * @param {*} [options] Override http request option. * @throws {RequiredError} */ getCourierMessage(requestParameters: CourierApiGetCourierMessageRequest, options?: RawAxiosRequestConfig): Promise>; /** * Lists all messages by given status and recipient. * @summary List Messages * @param {CourierApiListCourierMessagesRequest} requestParameters Request parameters. * @param {*} [options] Override http request option. * @throws {RequiredError} */ listCourierMessages(requestParameters?: CourierApiListCourierMessagesRequest, options?: RawAxiosRequestConfig): Promise>; } /** * FrontendApi - axios parameter creator */ export declare const FrontendApiAxiosParamCreator: (configuration?: Configuration) => { /** * This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. If this endpoint is opened as a link in the browser, it will be redirected to `selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter `?refresh=true` was set. If this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the case of an error, the `error.id` of the JSON response body can be one of: `session_already_available`: The user is already signed in. `session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! The optional query parameter login_challenge is set when using Kratos with Hydra in an OAuth2 flow. See the oauth2_provider.url configuration option. This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). * @summary Create Login Flow for Browsers * @param {boolean} [refresh] Refresh a login session If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session. * @param {string} [aal] Request a Specific AuthenticationMethod Assurance Level Use this parameter to upgrade an existing session\'s authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to \"upgrade\" the session\'s security by asking the user to perform TOTP / WebAuth/ ... you would set this to \"aal2\". * @param {string} [returnTo] The URL to return the browser to after the flow was completed. * @param {string} [cookie] HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. * @param {string} [loginChallenge] An optional Hydra login challenge. If present, Kratos will cooperate with Ory Hydra to act as an OAuth2 identity provider. The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/login?login_challenge=abcde`). * @param {string} [organization] An optional organization ID that should be used for logging this user in. This parameter is only effective in the Ory Network. * @param {string} [via] Via should contain the identity\'s credential the code should be sent to. Only relevant in aal2 flows. DEPRECATED: This field is deprecated. Please remove it from your requests. The user will now see a choice of MFA credentials to choose from to perform the second factor instead. * @param {string} [identitySchema] An optional identity schema to use for the login flow. * @param {*} [options] Override http request option. * @throws {RequiredError} */ createBrowserLoginFlow: (refresh?: boolean, aal?: string, returnTo?: string, cookie?: string, loginChallenge?: string, organization?: string, via?: string, identitySchema?: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). For API clients you can call the `/self-service/logout/api` URL directly with the Ory Session Token. The URL is only valid for the currently signed in user. If no user is signed in, this endpoint returns a 401 error. When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies. * @summary Create a Logout URL for Browsers * @param {string} [cookie] HTTP Cookies If you call this endpoint from a backend, please include the original Cookie header in the request. * @param {string} [returnTo] Return to URL The URL to which the browser should be redirected to after the logout has been performed. * @param {*} [options] Override http request option. * @throws {RequiredError} */ createBrowserLogoutFlow: (cookie?: string, returnTo?: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects or a 400 bad request error if the user is already authenticated. This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). * @summary Create Recovery Flow for Browsers * @param {string} [returnTo] The URL to return the browser to after the flow was completed. * @param {*} [options] Override http request option. * @throws {RequiredError} */ createBrowserRecoveryFlow: (returnTo?: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows. If this endpoint is opened as a link in the browser, it will be redirected to `selfservice.flows.registration.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists already, the browser will be redirected to `urls.default_redirect_url`. If this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the case of an error, the `error.id` of the JSON response body can be one of: `session_already_available`: The user is already signed in. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! If this endpoint is called via an AJAX request, the response contains the registration flow without a redirect. This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). * @summary Create Registration Flow for Browsers * @param {string} [returnTo] The URL to return the browser to after the flow was completed. * @param {string} [loginChallenge] Ory OAuth 2.0 Login Challenge. If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider. The value for this parameter comes from `login_challenge` URL Query parameter sent to your application (e.g. `/registration?login_challenge=abcde`). This feature is compatible with Ory Hydra when not running on the Ory Network. * @param {string} [afterVerificationReturnTo] The URL to return the browser to after the verification flow was completed. After the registration flow is completed, the user will be sent a verification email. Upon completing the verification flow, this URL will be used to override the default `selfservice.flows.verification.after.default_redirect_to` value. * @param {string} [organization] An optional organization ID that should be used to register this user. This parameter is only effective in the Ory Network. * @param {string} [identitySchema] An optional identity schema to use for the registration flow. * @param {*} [options] Override http request option. * @throws {RequiredError} */ createBrowserRegistrationFlow: (returnTo?: string, loginChallenge?: string, afterVerificationReturnTo?: string, organization?: string, identitySchema?: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. If this endpoint is opened as a link in the browser, it will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid user session was set, the browser will be redirected to the login endpoint. If this endpoint is called via an AJAX request, the response contains the settings flow without any redirects or a 401 forbidden error if no valid session was set. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user to sign in with the second factor (happens automatically for server-side browser flows) or change the configuration. If this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the case of an error, the `error.id` of the JSON response body can be one of: `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `session_inactive`: No Ory Session was found - sign in a user first. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). * @summary Create Settings Flow for Browsers * @param {string} [returnTo] The URL to return the browser to after the flow was completed. * @param {string} [cookie] HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. * @param {*} [options] Override http request option. * @throws {RequiredError} */ createBrowserSettingsFlow: (returnTo?: string, cookie?: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). * @summary Create Verification Flow for Browser Clients * @param {string} [returnTo] The URL to return the browser to after the flow was completed. * @param {*} [options] Override http request option. * @throws {RequiredError} */ createBrowserVerificationFlow: (returnTo?: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint returns a list of all available FedCM providers. It is only supported on the Ory Network. * @summary Get FedCM Parameters * @param {*} [options] Override http request option. * @throws {RequiredError} */ createFedcmFlow: (options?: RawAxiosRequestConfig) => Promise; /** * This endpoint initiates a login flow for native apps that do not use a browser, such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. To fetch an existing login flow call `/self-service/login/flows?flow=`. You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks, including CSRF login attacks. In the case of an error, the `error.id` of the JSON response body can be one of: `session_already_available`: The user is already signed in. `session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). * @summary Create Login Flow for Native Apps * @param {boolean} [refresh] Refresh a login session If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session. * @param {string} [aal] Request a Specific AuthenticationMethod Assurance Level Use this parameter to upgrade an existing session\'s authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to \"upgrade\" the session\'s security by asking the user to perform TOTP / WebAuth/ ... you would set this to \"aal2\". * @param {string} [xSessionToken] The Session Token of the Identity performing the settings flow. * @param {boolean} [returnSessionTokenExchangeCode] EnableSessionTokenExchangeCode requests the login flow to include a code that can be used to retrieve the session token after the login flow has been completed. * @param {string} [returnTo] The URL to return the browser to after the flow was completed. * @param {string} [organization] An optional organization ID that should be used for logging this user in. This parameter is only effective in the Ory Network. * @param {string} [via] Via should contain the identity\'s credential the code should be sent to. Only relevant in aal2 flows. DEPRECATED: This field is deprecated. Please remove it from your requests. The user will now see a choice of MFA credentials to choose from to perform the second factor instead. * @param {string} [identitySchema] An optional identity schema to use for the login flow. * @param {*} [options] Override http request option. * @throws {RequiredError} */ createNativeLoginFlow: (refresh?: boolean, aal?: string, xSessionToken?: string, returnSessionTokenExchangeCode?: boolean, returnTo?: string, organization?: string, via?: string, identitySchema?: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error. On an existing recovery flow, use the `getRecoveryFlow` API endpoint. You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). * @summary Create Recovery Flow for Native Apps * @param {*} [options] Override http request option. * @throws {RequiredError} */ createNativeRecoveryFlow: (options?: RawAxiosRequestConfig) => Promise; /** * This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. To fetch an existing registration flow call `/self-service/registration/flows?flow=`. You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks. In the case of an error, the `error.id` of the JSON response body can be one of: `session_already_available`: The user is already signed in. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). * @summary Create Registration Flow for Native Apps * @param {boolean} [returnSessionTokenExchangeCode] EnableSessionTokenExchangeCode requests the login flow to include a code that can be used to retrieve the session token after the login flow has been completed. * @param {string} [returnTo] The URL to return the browser to after the flow was completed. * @param {string} [organization] An optional organization ID that should be used to register this user. This parameter is only effective in the Ory Network. * @param {string} [identitySchema] An optional identity schema to use for the registration flow. * @param {*} [options] Override http request option. * @throws {RequiredError} */ createNativeRegistrationFlow: (returnSessionTokenExchangeCode?: boolean, returnTo?: string, organization?: string, identitySchema?: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK. To fetch an existing settings flow call `/self-service/settings/flows?flow=`. You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user to sign in with the second factor or change the configuration. In the case of an error, the `error.id` of the JSON response body can be one of: `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `session_inactive`: No Ory Session was found - sign in a user first. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). * @summary Create Settings Flow for Native Apps * @param {string} [xSessionToken] The Session Token of the Identity performing the settings flow. * @param {*} [options] Override http request option. * @throws {RequiredError} */ createNativeSettingsFlow: (xSessionToken?: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. To fetch an existing verification flow call `/self-service/verification/flows?flow=`. You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at [Ory Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). * @summary Create Verification Flow for Native Apps * @param {string} [returnTo] A URL contained in the return_to key of the verification flow. This piece of data has no effect on the actual logic of the flow and is purely informational. * @param {*} [options] Override http request option. * @throws {RequiredError} */ createNativeVerificationFlow: (returnTo?: string, options?: RawAxiosRequestConfig) => Promise; /** * Calling this endpoint invalidates all except the current session that belong to the logged-in user. Session data are not deleted. * @summary Disable my other sessions * @param {string} [xSessionToken] Set the Session Token when calling from non-browser clients. A session token has a format of `MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj`. * @param {string} [cookie] Set the Cookie Header. This is especially useful when calling this endpoint from a server-side application. In that scenario you must include the HTTP Cookie Header which originally was included in the request to your server. An example of a session in the HTTP Cookie Header is: `ory_kratos_session=a19iOVAbdzdgl70Rq1QZmrKmcjDtdsviCTZx7m9a9yHIUS8Wa9T7hvqyGTsLHi6Qifn2WUfpAKx9DWp0SJGleIn9vh2YF4A16id93kXFTgIgmwIOvbVAScyrx7yVl6bPZnCx27ec4WQDtaTewC1CpgudeDV2jQQnSaCP6ny3xa8qLH-QUgYqdQuoA_LF1phxgRCUfIrCLQOkolX5nv3ze_f==`. It is ok if more than one cookie are included here as all other cookies will be ignored. * @param {*} [options] Override http request option. * @throws {RequiredError} */ disableMyOtherSessions: (xSessionToken?: string, cookie?: string, options?: RawAxiosRequestConfig) => Promise; /** * Calling this endpoint invalidates the specified session. The current session cannot be revoked. Session data are not deleted. * @summary Disable one of my sessions * @param {string} id ID is the session\'s ID. * @param {string} [xSessionToken] Set the Session Token when calling from non-browser clients. A session token has a format of `MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj`. * @param {string} [cookie] Set the Cookie Header. This is especially useful when calling this endpoint from a server-side application. In that scenario you must include the HTTP Cookie Header which originally was included in the request to your server. An example of a session in the HTTP Cookie Header is: `ory_kratos_session=a19iOVAbdzdgl70Rq1QZmrKmcjDtdsviCTZx7m9a9yHIUS8Wa9T7hvqyGTsLHi6Qifn2WUfpAKx9DWp0SJGleIn9vh2YF4A16id93kXFTgIgmwIOvbVAScyrx7yVl6bPZnCx27ec4WQDtaTewC1CpgudeDV2jQQnSaCP6ny3xa8qLH-QUgYqdQuoA_LF1phxgRCUfIrCLQOkolX5nv3ze_f==`. It is ok if more than one cookie are included here as all other cookies will be ignored. * @param {*} [options] Override http request option. * @throws {RequiredError} */ disableMySession: (id: string, xSessionToken?: string, cookie?: string, options?: RawAxiosRequestConfig) => Promise; /** * * @summary Exchange Session Token * @param {string} initCode The part of the code return when initializing the flow. * @param {string} returnToCode The part of the code returned by the return_to URL. * @param {*} [options] Override http request option. * @throws {RequiredError} */ exchangeSessionToken: (initCode: string, returnToCode: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: `?id=stub:500` - returns a stub 500 (Internal Server Error) error. More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors). * @summary Get User-Flow Errors * @param {string} id Error is the error\'s ID * @param {*} [options] Override http request option. * @throws {RequiredError} */ getFlowError: (id: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint returns a login flow\'s context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request\'s HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain and you need to forward the incoming HTTP Cookie header to this endpoint: ```js pseudo-code example router.get(\'/login\', async function (req, res) { const flow = await client.getLoginFlow(req.header(\'cookie\'), req.query[\'flow\']) res.render(\'login\', flow) }) ``` This request may fail due to several reasons. The `error.id` can be one of: `session_already_available`: The user is already signed in. `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). * @summary Get Login Flow * @param {string} id The Login Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/login?flow=abcde`). * @param {string} [cookie] HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. * @param {*} [options] Override http request option. * @throws {RequiredError} */ getLoginFlow: (id: string, cookie?: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint returns a recovery flow\'s context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request\'s HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain and you need to forward the incoming HTTP Cookie header to this endpoint: ```js pseudo-code example router.get(\'/recovery\', async function (req, res) { const flow = await client.getRecoveryFlow(req.header(\'Cookie\'), req.query[\'flow\']) res.render(\'recovery\', flow) }) ``` More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery). * @summary Get Recovery Flow * @param {string} id The Flow ID The value for this parameter comes from `request` URL Query parameter sent to your application (e.g. `/recovery?flow=abcde`). * @param {string} [cookie] HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. * @param {*} [options] Override http request option. * @throws {RequiredError} */ getRecoveryFlow: (id: string, cookie?: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint returns a registration flow\'s context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request\'s HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain and you need to forward the incoming HTTP Cookie header to this endpoint: ```js pseudo-code example router.get(\'/registration\', async function (req, res) { const flow = await client.getRegistrationFlow(req.header(\'cookie\'), req.query[\'flow\']) res.render(\'registration\', flow) }) ``` This request may fail due to several reasons. The `error.id` can be one of: `session_already_available`: The user is already signed in. `self_service_flow_expired`: The flow is expired and you should request a new one. More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration). * @summary Get Registration Flow * @param {string} id The Registration Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/registration?flow=abcde`). * @param {string} [cookie] HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. * @param {*} [options] Override http request option. * @throws {RequiredError} */ getRegistrationFlow: (id: string, cookie?: string, options?: RawAxiosRequestConfig) => Promise; /** * When accessing this endpoint through Ory Kratos\' Public API you must ensure that either the Ory Kratos Session Cookie or the Ory Kratos Session Token are set. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user to sign in with the second factor or change the configuration. You can access this endpoint without credentials when using Ory Kratos\' Admin API. If this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the case of an error, the `error.id` of the JSON response body can be one of: `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `session_inactive`: No Ory Session was found - sign in a user first. `security_identity_mismatch`: The flow was interrupted with `session_refresh_required` but apparently some other identity logged in instead. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). * @summary Get Settings Flow * @param {string} id ID is the Settings Flow ID The value for this parameter comes from `flow` URL Query parameter sent to your application (e.g. `/settings?flow=abcde`). * @param {string} [xSessionToken] The Session Token When using the SDK in an app without a browser, please include the session token here. * @param {string} [cookie] HTTP Cookies When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. * @param {*} [options] Override http request option. * @throws {RequiredError} */ getSettingsFlow: (id: string, xSessionToken?: string, cookie?: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint returns a verification flow\'s context with, for example, error details and other information. Browser flows expect the anti-CSRF cookie to be included in the request\'s HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail. If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain and you need to forward the incoming HTTP Cookie header to this endpoint: ```js pseudo-code example router.get(\'/recovery\', async function (req, res) { const flow = await client.getVerificationFlow(req.header(\'cookie\'), req.query[\'flow\']) res.render(\'verification\', flow) }) ``` More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation). * @summary Get Verification Flow * @param {string} id The Flow ID The value for this parameter comes from `request` URL Query parameter sent to your application (e.g. `/verification?flow=abcde`). * @param {string} [cookie] HTTP Cookies When using the SDK on the server side you must include the HTTP Cookie Header originally sent to your HTTP handler here. * @param {*} [options] Override http request option. * @throws {RequiredError} */ getVerificationFlow: (id: string, cookie?: string, options?: RawAxiosRequestConfig) => Promise; /** * This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration. If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file: ```html