models

type AuthorizationDetailType string

type AuthorizationDetailWithServiceDeveloperResponse struct {

	// Description
	// Example: Authorization detail for payment initiation
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// Display name
	// Example: Payment Initiation
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// schema
	Schema *SupportedJSONSchema `json:"schema,omitempty" yaml:"schema,omitempty"`

	// service description
	// Example: service description
	ServiceDescription string `json:"service_description,omitempty" yaml:"service_description,omitempty"`

	// service id
	// Example: 1
	ServiceID string `json:"service_id,omitempty" yaml:"service_id,omitempty"`

	// service name
	// Example: service
	ServiceName string `json:"service_name,omitempty" yaml:"service_name,omitempty"`

	// Authorization detail type as defined in RFC: https://datatracker.ietf.org/doc/html/rfc9396
	// Must be unique within the authorization server.
	// Example: payment_initiation
	// Required: true
	Type string `json:"type" yaml:"type"`
}

type ClientDeveloperResponse struct {

	// The client application type.
	//
	// Client applications can be either of a `web` or `native` types.
	//
	// Web applications include clients like server web applications or service apps.
	//
	// Native applications include single-page applications (SPAs) and mobile or desktop
	// applications.
	//
	// Apply security measures according to the type of your application.
	// Example: web
	ApplicationType string `json:"application_type,omitempty" yaml:"application_type,omitempty"`

	// An array of dynamically calculated application types that can be used for filtering
	// Example: ["single_page","server_web","mobile_desktop","service","legacy","dcr"]
	// Read Only: true
	ApplicationTypes []string `json:"application_types" yaml:"application_types"`

	// Identity of the intended recipients (the audience).
	//
	// Typically, the audience is a single resource server or a list of resource servers.
	//
	// It is considered a good practice to limit the audience of the token for security purposes.
	Audience []string `json:"audience" yaml:"audience"`

	// Authorization details types
	//
	// Indicates what authorization details types the client can use.
	AuthorizationDetailsTypes []AuthorizationDetailType `json:"authorization_details_types" yaml:"authorization_details_types"`

	// Algorithm used for encrypting authorization responses.
	//
	// If both signing and encryption are requested, the response is first signed, and then encrypted.
	// As a result, a Nested JWT is obtained, as defined in JWT [RFC7519].
	//
	// If omitted, no encryption is applied by default.
	// Example: RSA-OAEP-256
	// Enum: [RSA-OAEP RSA-OAEP-256]
	AuthorizationEncryptedResponseAlg string `json:"authorization_encrypted_response_alg,omitempty" yaml:"authorization_encrypted_response_alg,omitempty"`

	// Algorithm used for encrypting authorization responses.
	//
	// With `authorization_encrypted_response_alg` specified, the default value is `A128CBC-HS256`.
	// When `authorization_encrypted_response_enc` is included, `authorization_encrypted_response_alg`
	// MUST also be provided in a request.
	// Example: A128CBC-HS256
	// Enum: [A256GCM A128CBC-HS256]
	AuthorizationEncryptedResponseEnc string `json:"authorization_encrypted_response_enc,omitempty" yaml:"authorization_encrypted_response_enc,omitempty"`

	// An authorization server (workspace) identifier holding the client application.
	// Example: default
	// Required: true
	AuthorizationServerID string `json:"authorization_server_id" yaml:"authorization_server_id"`

	// Algorithm used for signing authorization responses.
	//
	// With this parameter specified, the response is signed using JWS and according to the configured algorithm.
	//
	// `none` isn't allowed.
	// Example: RS256
	AuthorizationSignedResponseAlg string `json:"authorization_signed_response_alg,omitempty" yaml:"authorization_signed_response_alg,omitempty"`

	// OPTIONAL. The JWS alg algorithm value used by the client application to sign authentication requests.
	//
	// When omitted, the client application doesn't send signed authentication requests.
	BackchannelAuthenticationRequestSigningAlg string `` /* 127-byte string literal not displayed */

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type, and the token
	// delivery mode is set to `ping` or `push`.
	//
	// This parameter is the endpoint where an OP (OpenID Provider) posts a notification after end-user authentication.
	//
	// Input: an HTTPS URL.
	BackchannelClientNotificationEndpoint string `json:"backchannel_client_notification_endpoint,omitempty" yaml:"backchannel_client_notification_endpoint,omitempty"`

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type.
	//
	// Input: `poll`, `ping`, or `push`.
	BackchannelTokenDeliveryMode string `json:"backchannel_token_delivery_mode,omitempty" yaml:"backchannel_token_delivery_mode,omitempty"`

	// OPTIONAL. A boolean value indicating the `user_code` parameter support by the client application.
	//
	// If omitted, the default value is `false`.
	//
	// This applies only when the `backchannel_user_code_parameter_supported` OP parameter is `true`.
	BackchannelUserCodeParameter bool `json:"backchannel_user_code_parameter,omitempty" yaml:"backchannel_user_code_parameter,omitempty"`

	// OAuth client application identifier
	//
	// If not provided, a random client ID is generated.
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// The client identifier time of issue.
	//
	// The value is the number of seconds between 1970-01-01T00:00:00Z (UTC) and the date/time of issue.
	ClientIDIssuedAt int64 `json:"client_id_issued_at,omitempty" yaml:"client_id_issued_at,omitempty"`

	// Human-readable name of a client application.
	// Example: My app
	ClientName string `json:"client_name,omitempty" yaml:"client_name,omitempty"`

	// OAuth client secret
	//
	// If not provided, a random client secret is generated.
	// Min Length: 32
	ClientSecret string `json:"client_secret,omitempty" yaml:"client_secret,omitempty"`

	// The client secret expiration time.
	//
	// If the client secret does not expire, `client_secret_expires_at` = `0`.
	ClientSecretExpiresAt int64 `json:"client_secret_expires_at,omitempty" yaml:"client_secret_expires_at,omitempty"`

	// URI of a client application.
	ClientURI string `json:"client_uri,omitempty" yaml:"client_uri,omitempty"`

	// Date when the client application was created.
	// Example: 2022-04-07T19:17:31.323187Z
	// Format: date-time
	CreatedAt strfmt.DateTime `json:"created_at,omitempty" yaml:"created_at,omitempty"`

	// Description of the client application.
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// Boolean value specifying whether the client always uses DPoP for token requests
	// If true, the authorization server will reject token requests from this client that do not contain the DPoP header.
	DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens,omitempty" yaml:"dpop_bound_access_tokens,omitempty"`

	// An array of allowed OAuth client grant types.
	//
	// The `grantTypes` array stores OAuth flows that are allowed for a given client application.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-grant-types/grant-types-overview/) about grant types.
	// Example: ["password","refresh_token","client_credentials","implicit","authorization_code"]
	GrantTypes []string `json:"grant_types" yaml:"grant_types"`

	// An array of hashed rotated client secrets
	HashedRotatedSecrets []string `json:"hashed_rotated_secrets" yaml:"hashed_rotated_secrets"`

	// Hashed client secret
	//
	// Hashing client secrets provides additional security for your secrets storage as it hides
	// plaintext secrets from being viewed both in the UI and the database.
	HashedSecret string `json:"hashed_secret,omitempty" yaml:"hashed_secret,omitempty"`

	// JWE alg algorithm for encrypting the ID token issued to this client application.
	// Enum: [RSA-OAEP RSA-OAEP-256]
	IDTokenEncryptedResponseAlg string `json:"id_token_encrypted_response_alg,omitempty" yaml:"id_token_encrypted_response_alg,omitempty"`

	// JWE enc algorithm for encrypting the ID token issued to this client application.
	// Enum: [A256GCM A128CBC-HS256]
	IDTokenEncryptedResponseEnc string `json:"id_token_encrypted_response_enc,omitempty" yaml:"id_token_encrypted_response_enc,omitempty"`

	// Algorithm for signing ID tokens issued for a client application.
	//
	// The default value depends on authorization server configuration.
	// Example: ES256
	// Enum: [RS256 ES256 PS256]
	IDTokenSignedResponseAlg string `json:"id_token_signed_response_alg,omitempty" yaml:"id_token_signed_response_alg,omitempty"`

	// An introspection endpoint authentication method configured for the client application (read-only).
	//
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// Cloudentity supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: [client_secret_basic client_secret_post client_secret_jwt private_key_jwt self_signed_tls_client_auth tls_client_auth none]
	IntrospectionEndpointAuthMethod string `json:"introspection_endpoint_auth_method,omitempty" yaml:"introspection_endpoint_auth_method,omitempty"`

	// jwks
	Jwks *ClientJWKs `json:"jwks,omitempty" yaml:"jwks,omitempty"`

	// A URL of JSON Web Key Set with the public keys used by a client application to authenticate to Cloudentity.
	JwksURI string `json:"jwks_uri,omitempty" yaml:"jwks_uri,omitempty"`

	// Logo URI.
	LogoURI string `json:"logo_uri,omitempty" yaml:"logo_uri,omitempty"`

	// External organization identifier. It is a unique string assigned by the CDR Register to identify an Accredited
	// Data Recipient Brand.
	//
	// The value obtained is used as the `aud` claim for message signing, for example, when a JSON Web Token (JWT) is
	// required for authorization, and represents the audience(s) the JWT is intended for.
	// Example: 5647fe90-f6bc-11eb-9a03-0242ac130003
	OrganisationID string `json:"organisation_id,omitempty" yaml:"organisation_id,omitempty"`

	// Policy URL to read about how the profile data is used.
	PolicyURI string `json:"policy_uri,omitempty" yaml:"policy_uri,omitempty"`

	// Array of URLs to which a relying party may request that the user be redirected after a logout has been performed.
	PostLogoutRedirectUris []string `json:"post_logout_redirect_uris" yaml:"post_logout_redirect_uris"`

	// privacy
	Privacy *ClientPrivacy `json:"privacy,omitempty" yaml:"privacy,omitempty"`

	// redirect uris
	RedirectUris RedirectURIs `json:"redirect_uris,omitempty" yaml:"redirect_uris,omitempty"`

	// Optional JWE alg algorithm the client is declaring that it may use for encrypting Request Objects
	// Example: RSA-OAEP
	// Enum: [RSA-OAEP RSA-OAEP-256]
	RequestObjectEncryptionAlg string `json:"request_object_encryption_alg,omitempty" yaml:"request_object_encryption_alg,omitempty"`

	// Optional JWE enc algorithm the client is declaring that it may use for encrypting Request Objects
	// When `request_object_encryption_enc` is included, `request_object_encryption_alg` MUST also be provided.
	// Example: A256GCM
	// Enum: [A256GCM A128CBC-HS256]
	RequestObjectEncryptionEnc string `json:"request_object_encryption_enc,omitempty" yaml:"request_object_encryption_enc,omitempty"`

	// Request object signing algorithm for the token endpoint
	//
	// Cloudentity supports signing tokens with the RS256, ES256, and PS256 algorithms. If you do not want
	// to use a signing algorithm, set the value of this parameter to `none`.
	// Example: none
	// Enum: [any none RS256 ES256 PS256]
	RequestObjectSigningAlg string `json:"request_object_signing_alg,omitempty" yaml:"request_object_signing_alg,omitempty"`

	// Array of absolute URIs that points to the Request Object that holds authorization request parameters.
	RequestUris []string `json:"request_uris" yaml:"request_uris"`

	// Boolean parameter indicating whether the only means of initiating an authorization request the client is allowed to use is PAR.
	RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests,omitempty" yaml:"require_pushed_authorization_requests,omitempty"`

	// response types
	ResponseTypes ResponseTypes `json:"response_types,omitempty" yaml:"response_types,omitempty"`

	// A revocation endpoint authentication method configured for the client application (read-only).
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// Cloudentity supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: [client_secret_basic client_secret_post client_secret_jwt private_key_jwt self_signed_tls_client_auth tls_client_auth none]
	RevocationEndpointAuthMethod string `json:"revocation_endpoint_auth_method,omitempty" yaml:"revocation_endpoint_auth_method,omitempty"`

	// An array of rotated OAuth client secrets
	RotatedSecrets []string `json:"rotated_secrets" yaml:"rotated_secrets"`

	// Space-separated list of scopes for compatibility with the OAuth specification.
	// Example: email offline_access openid
	Scope string `json:"scope,omitempty" yaml:"scope,omitempty"`

	// An array of string represented scopes assigned to a client application
	// Example: ["email","offline_access","openid"]
	Scopes []string `json:"scopes" yaml:"scopes"`

	// OPTIONAL. [A URL using the HTTPS scheme](https://openid.net/specs/openid-connect-registration-1_0.html#SectorIdentifierValidation).
	// It must reference a JSON file with the array of `redirect_uri` values.
	//
	// Pass this parameter when you use multiple domains in your `redirect_uris` or need a mechanism to allow changes in
	// domain without affecting consumer consent.
	//
	// [Read more](https://openid.net/specs/openid-connect-core-1_0.html)
	SectorIdentifierURI string `json:"sector_identifier_uri,omitempty" yaml:"sector_identifier_uri,omitempty"`

	// Subject identifier type
	//
	// Stores information if the subject identifier is of the `public` or the `pairwise` type.
	//
	// Subject identifiers identify an end-user. They are locally unique and never reassigned within the Issuer,
	// and are intended to be consumed by client applications. There are two types
	// of subject identifiers: `public` and `pairwise`.
	//
	// For the `public` type, the value of the `sub` (subject) token claim is the same for all clients.
	//
	// For the `pairwise` type, a different `sub` (subject) token claim is provided for each client.
	// Using the `pairwise` subject identifier makes it impossible for client applications to correlate the end-user's
	// activity without their permission.
	// Example: public
	// Enum: [public pairwise]
	SubjectType string `json:"subject_type,omitempty" yaml:"subject_type,omitempty"`

	// ID of a tenant where the client application is added
	// Example: default
	// Required: true
	TenantID string `json:"tenant_id" yaml:"tenant_id"`

	// A string containing the value of an expected dNSName SAN entry in the certificate.
	TLSClientAuthSanDNS string `json:"tls_client_auth_san_dns,omitempty" yaml:"tls_client_auth_san_dns,omitempty"`

	// A string containing the value of an expected rfc822Name SAN entry in the certificate.
	TLSClientAuthSanEmail string `json:"tls_client_auth_san_email,omitempty" yaml:"tls_client_auth_san_email,omitempty"`

	// A string representation of an IP address in either dotted decimal notation (for IPv4) or colon-delimited hexadecimal (for IPv6, as defined in [RFC5952]) that is expected to be present as an iPAddress SAN entry in the certificate.
	TLSClientAuthSanIP string `json:"tls_client_auth_san_ip,omitempty" yaml:"tls_client_auth_san_ip,omitempty"`

	// A string containing the value of an expected uniformResourceIdentifier SAN entry in the certificate.
	TLSClientAuthSanURI string `json:"tls_client_auth_san_uri,omitempty" yaml:"tls_client_auth_san_uri,omitempty"`

	// An [RFC4514] string representation of the expected subject distinguished name of the certificate.
	TLSClientAuthSubjectDn string `json:"tls_client_auth_subject_dn,omitempty" yaml:"tls_client_auth_subject_dn,omitempty"`

	// Boolean value indicating server support for mutual TLS client certificate-bound access tokens. If omitted, the default value is "false".
	TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens,omitempty" yaml:"tls_client_certificate_bound_access_tokens,omitempty"`

	// Token endpoint authentication method configured for a client application
	//
	// Cloudentity supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// To learn more, go to the Authorization Basics > Client Authentication section of this guide.
	// Example: client_secret_basic
	// Enum: [client_secret_basic client_secret_post client_secret_jwt private_key_jwt self_signed_tls_client_auth tls_client_auth none]
	TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty" yaml:"token_endpoint_auth_method,omitempty"`

	// Signing algorithm for the token endpoint
	//
	// This field is optional. If empty, a client can use any algorithm supported by the server (see `token_endpoint_auth_signing_alg_values_supported` in the well-known endpoing).
	//
	// If provided, depending on the server configuration, client can use of one: HS256, RS256, ES256, PS256 algorithms.
	//
	// If your token endpoint authentication is set to the `private_key_jwt` method, the
	// `token_endpoint_auth_signing_alg` parameter must be either RS256, ES256, or PS256.
	//
	// If your token endpoint authentication is set to the `client_secret_jwt` method,
	// the `token_endpoint_auth_signing_alg` parameter must be HS256.
	// Example: ES256
	// Enum: [RS256 ES256 PS256 HS256 ]
	TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg,omitempty" yaml:"token_endpoint_auth_signing_alg,omitempty"`

	// token exchange
	TokenExchange *ClientTokenExchangeConfiguration `json:"token_exchange,omitempty" yaml:"token_exchange,omitempty"`

	// Terms of Service URL.
	TosURI string `json:"tos_uri,omitempty" yaml:"tos_uri,omitempty"`

	// Date when the client application was updated.
	// Example: 2022-05-08T01:11:51.1262916Z
	// Format: date-time
	UpdatedAt strfmt.DateTime `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`

	// JWS alg algorithm REQUIRED for signing UserInfo Responses.
	//
	// If specified, the response is a JWT serialized and signed with JWS.
	//
	// If omitted, then by default, UserInfo Response returns the Claims
	// as an UTF-8 encoded JSON object using the application/json content-type.
	// Example: none
	// Enum: [none RS256 ES256]
	UserinfoSignedResponseAlg string `json:"userinfo_signed_response_alg,omitempty" yaml:"userinfo_signed_response_alg,omitempty"`
}

type ClientJWK struct {

	// The "alg" (algorithm) parameter identifies the algorithm intended for
	// use with the key.  The values used should either be registered in the
	// IANA "JSON Web Signature and Encryption Algorithms" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.
	// Example: RS256
	Alg string `json:"alg,omitempty" yaml:"alg,omitempty"`

	// crv
	// Example: P-256
	Crv string `json:"crv,omitempty" yaml:"crv,omitempty"`

	// d
	// Example: T_N8I-6He3M8a7X1vWt6TGIx4xB_GP3Mb4SsZSA4v-orvJzzRiQhLlRR81naWYxfQAYt5isDI6_C2L9bdWo4FFPjGQFvNoRX-_sBJyBI_rl-TBgsZYoUlAj3J92WmY2inbA-PwyJfsaIIDceYBC-eX-xiCu6qMqkZi3MwQAFL6bMdPEM0z4JBcwFT3VdiWAIRUuACWQwrXMq672x7fMuaIaHi7XDGgt1ith23CLfaREmJku9PQcchbt_uEY-hqrFY6ntTtS4paWWQj86xLL94S-Tf6v6xkL918PfLSOTq6XCzxvlFwzBJqApnAhbwqLjpPhgUG04EDRrqrSBc5Y1BLevn6Ip5h1AhessBp3wLkQgz_roeckt-ybvzKTjESMuagnpqLvOT7Y9veIug2MwPJZI2VjczRc1vzMs25XrFQ8DpUy-bNdp89TmvAXwctUMiJdgHloJw23Cv03gIUAkDnsTqZmkpbIf-crpgNKFmQP_EDKoe8p_PXZZgfbRri3NoEVGP7Mk6yEu8LjJhClhZaBNjuWw2-KlBfOA3g79mhfBnkInee5KO9mGR50qPk1V-MorUYNTFMZIm0kFE6eYVWFBwJHLKYhHU34DoiK1VP-svZpC2uAMFNA_UJEwM9CQ2b8qe4-5e9aywMvwcuArRkAB5mBIfOaOJao3mfukKAE
	D string `json:"d,omitempty" yaml:"d,omitempty"`

	// dp
	// Example: G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0
	Dp string `json:"dp,omitempty" yaml:"dp,omitempty"`

	// dq
	// Example: s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk
	Dq string `json:"dq,omitempty" yaml:"dq,omitempty"`

	// e
	// Example: AQAB
	E string `json:"e,omitempty" yaml:"e,omitempty"`

	// k
	// Example: GawgguFyGrWKav7AX4VKUg
	K string `json:"k,omitempty" yaml:"k,omitempty"`

	// The "kid" (key ID) parameter is used to match a specific key.  This
	// is used, for instance, to choose among a set of keys within a JWK Set
	// during key rollover.  The structure of the "kid" value is
	// unspecified.  When "kid" values are used within a JWK Set, different
	// keys within the JWK Set SHOULD use distinct "kid" values.  (One
	// example in which different keys might use the same "kid" value is if
	// they have different "kty" (key type) values but are considered to be
	// equivalent alternatives by the application using them.)  The "kid"
	// value is a case-sensitive string.
	// Example: 1603dfe0af8f4596
	Kid string `json:"kid,omitempty" yaml:"kid,omitempty"`

	// The "kty" (key type) parameter identifies the cryptographic algorithm
	// family used with the key, such as "RSA" or "EC". "kty" values should
	// either be registered in the IANA "JSON Web Key Types" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.  The "kty" value is a case-sensitive string.
	// Example: RSA
	// Required: true
	Kty string `json:"kty" yaml:"kty"`

	// n
	// Example: vTqrxUyQPl_20aqf5kXHwDZrel-KovIp8s7ewJod2EXHl8tWlRB3_Rem34KwBfqlKQGp1nqah-51H4Jzruqe0cFP58hPEIt6WqrvnmJCXxnNuIB53iX_uUUXXHDHBeaPCSRoNJzNysjoJ30TIUsKBiirhBa7f235PXbKiHducLevV6PcKxJ5cY8zO286qJLBWSPm-OIevwqsIsSIH44Qtm9sioFikhkbLwoqwWORGAY0nl6XvVOlhADdLjBSqSAeT1FPuCDCnXwzCDR8N9IFB_IjdStFkC-rVt2K5BYfPd0c3yFp_vHR15eRd0zJ8XQ7woBC8Vnsac6Et1pKS59pX6256DPWu8UDdEOolKAPgcd_g2NpA76cAaF_jcT80j9KrEzw8Tv0nJBGesuCjPNjGs_KzdkWTUXt23Hn9QJsdc1MZuaW0iqXBepHYfYoqNelzVte117t4BwVp0kUM6we0IqyXClaZgOI8S-WDBw2_Ovdm8e5NmhYAblEVoygcX8Y46oH6bKiaCQfKCFDMcRgChme7AoE1yZZYsPbaG_3IjPrC4LBMHQw8rM9dWjJ8ImjicvZ1pAm0dx-KHCP3y5PVKrxBDf1zSOsBRkOSjB8TPODnJMz6-jd5hTtZxpZPwPoIdCanTZ3ZD6uRBpTmDwtpRGm63UQs1m5FWPwb0T2IF0
	N string `json:"n,omitempty" yaml:"n,omitempty"`

	// p
	// Example: 6NbkXwDWUhi-eR55Cgbf27FkQDDWIamOaDr0rj1q0f1fFEz1W5A_09YvG09Fiv1AO2-D8Rl8gS1Vkz2i0zCSqnyy8A025XOcRviOMK7nIxE4OH_PEsko8dtIrb3TmE2hUXvCkmzw9EsTF1LQBOGC6iusLTXepIC1x9ukCKFZQvdgtEObQ5kzd9Nhq-cdqmSeMVLoxPLd1blviVT9Vm8-y12CtYpeJHOaIDtVPLlBhJiBoPKWg3vxSm4XxIliNOefqegIlsmTIa3MpS6WWlCK3yHhat0Q-rRxDxdyiVdG_wzJvp0Iw_2wms7pe-PgNPYvUWH9JphWP5K38YqEBiJFXQ
	P string `json:"p,omitempty" yaml:"p,omitempty"`

	// q
	// Example: 0A1FmpOWR91_RAWpqreWSavNaZb9nXeKiBo0DQGBz32DbqKqQ8S4aBJmbRhJcctjCLjain-ivut477tAUMmzJwVJDDq2MZFwC9Q-4VYZmFU4HJityQuSzHYe64RjN-E_NQ02TWhG3QGW6roq6c57c99rrUsETwJJiwS8M5p15Miuz53DaOjv-uqqFAFfywN5WkxHbraBcjHtMiQuyQbQqkCFh-oanHkwYNeytsNhTu2mQmwR5DR2roZ2nPiFjC6nsdk-A7E3S3wMzYYFw7jvbWWoYWo9vB40_MY2Y0FYQSqcDzcBIcq_0tnnasf3VW4Fdx6m80RzOb2Fsnln7vKXAQ
	Q string `json:"q,omitempty" yaml:"q,omitempty"`

	// qi
	// Example: GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU
	Qi string `json:"qi,omitempty" yaml:"qi,omitempty"`

	// Use ("public key use") identifies the intended use of
	// the public key. The "use" parameter is employed to indicate whether
	// a public key is used for encrypting data or verifying the signature
	// on data. Values are commonly "sig" (signature) or "enc" (encryption).
	// Example: sig
	Use string `json:"use,omitempty" yaml:"use,omitempty"`

	// x
	// Example: f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU
	X string `json:"x,omitempty" yaml:"x,omitempty"`

	// The "x5c" (X.509 certificate chain) parameter contains a chain of one
	// or more PKIX certificates [RFC5280].  The certificate chain is
	// represented as a JSON array of certificate value strings.  Each
	// string in the array is a base64-encoded (Section 4 of [RFC4648] --
	// not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
	// The PKIX certificate containing the key value MUST be the first
	// certificate.
	X5c []string `json:"x5c" yaml:"x5c"`

	// x5t
	// Example: GawgguFyGrWKav7AX4VKUg
	X5t string `json:"x5t,omitempty" yaml:"x5t,omitempty"`

	// x5t s256
	// Example: GawgguFyGrWKav7AX4VKUg
	X5tS256 string `json:"x5t#S256,omitempty" yaml:"x5t#S256,omitempty"`

	// y
	// Example: x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0
	Y string `json:"y,omitempty" yaml:"y,omitempty"`
}

type ClientJWKs struct {

	// keys
	// Example: []
	Keys []*ClientJWK `json:"keys" yaml:"keys"`
}

type ClientPrivacy struct {

	// optional privacy information mapping for scopes
	Scopes map[string]ScopePrivacyInformation `json:"scopes,omitempty" yaml:"scopes,omitempty"`
}

type ClientTokenExchangeConfiguration struct {

	// Additional actor token claims
	//
	// Claims from the actor token that will be injected into the exchanged token under the `act` claim.
	//
	// Applies for the token exchange delegation flow only.
	ActorClaims []string `json:"actor_claims" yaml:"actor_claims"`
}

type ClientsForDeveloper struct {

	// clients
	Clients []*ClientDeveloperResponse `json:"clients" yaml:"clients"`
}

type CreateClientDeveloperRequest struct {

	// The client application type.
	//
	// Client applications can be either of a `web` or `native` types.
	//
	// Web applications include clients like server web applications or service apps.
	//
	// Native applications include single-page applications (SPAs) and mobile or desktop
	// applications.
	//
	// Apply security measures according to the type of your application.
	// Example: web
	ApplicationType string `json:"application_type,omitempty" yaml:"application_type,omitempty"`

	// An array of dynamically calculated application types that can be used for filtering
	// Example: ["single_page","server_web","mobile_desktop","service","legacy","dcr"]
	// Read Only: true
	ApplicationTypes []string `json:"application_types" yaml:"application_types"`

	// Identity of the intended recipients (the audience).
	//
	// Typically, the audience is a single resource server or a list of resource servers.
	//
	// It is considered a good practice to limit the audience of the token for security purposes.
	Audience []string `json:"audience" yaml:"audience"`

	// Authorization details types
	//
	// Indicates what authorization details types the client can use.
	AuthorizationDetailsTypes []AuthorizationDetailType `json:"authorization_details_types" yaml:"authorization_details_types"`

	// Algorithm used for encrypting authorization responses.
	//
	// If both signing and encryption are requested, the response is first signed, and then encrypted.
	// As a result, a Nested JWT is obtained, as defined in JWT [RFC7519].
	//
	// If omitted, no encryption is applied by default.
	// Example: RSA-OAEP-256
	// Enum: [RSA-OAEP RSA-OAEP-256]
	AuthorizationEncryptedResponseAlg string `json:"authorization_encrypted_response_alg,omitempty" yaml:"authorization_encrypted_response_alg,omitempty"`

	// Algorithm used for encrypting authorization responses.
	//
	// With `authorization_encrypted_response_alg` specified, the default value is `A128CBC-HS256`.
	// When `authorization_encrypted_response_enc` is included, `authorization_encrypted_response_alg`
	// MUST also be provided in a request.
	// Example: A128CBC-HS256
	// Enum: [A256GCM A128CBC-HS256]
	AuthorizationEncryptedResponseEnc string `json:"authorization_encrypted_response_enc,omitempty" yaml:"authorization_encrypted_response_enc,omitempty"`

	// An authorization server (workspace) identifier holding the client application.
	// Example: default
	// Required: true
	AuthorizationServerID string `json:"authorization_server_id" yaml:"authorization_server_id"`

	// Algorithm used for signing authorization responses.
	//
	// With this parameter specified, the response is signed using JWS and according to the configured algorithm.
	//
	// `none` isn't allowed.
	// Example: RS256
	AuthorizationSignedResponseAlg string `json:"authorization_signed_response_alg,omitempty" yaml:"authorization_signed_response_alg,omitempty"`

	// OPTIONAL. The JWS alg algorithm value used by the client application to sign authentication requests.
	//
	// When omitted, the client application doesn't send signed authentication requests.
	BackchannelAuthenticationRequestSigningAlg string `` /* 127-byte string literal not displayed */

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type, and the token
	// delivery mode is set to `ping` or `push`.
	//
	// This parameter is the endpoint where an OP (OpenID Provider) posts a notification after end-user authentication.
	//
	// Input: an HTTPS URL.
	BackchannelClientNotificationEndpoint string `json:"backchannel_client_notification_endpoint,omitempty" yaml:"backchannel_client_notification_endpoint,omitempty"`

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type.
	//
	// Input: `poll`, `ping`, or `push`.
	BackchannelTokenDeliveryMode string `json:"backchannel_token_delivery_mode,omitempty" yaml:"backchannel_token_delivery_mode,omitempty"`

	// OPTIONAL. A boolean value indicating the `user_code` parameter support by the client application.
	//
	// If omitted, the default value is `false`.
	//
	// This applies only when the `backchannel_user_code_parameter_supported` OP parameter is `true`.
	BackchannelUserCodeParameter bool `json:"backchannel_user_code_parameter,omitempty" yaml:"backchannel_user_code_parameter,omitempty"`

	// The client identifier time of issue.
	//
	// The value is the number of seconds between 1970-01-01T00:00:00Z (UTC) and the date/time of issue.
	ClientIDIssuedAt int64 `json:"client_id_issued_at,omitempty" yaml:"client_id_issued_at,omitempty"`

	// Human-readable name of a client application.
	// Example: My app
	ClientName string `json:"client_name,omitempty" yaml:"client_name,omitempty"`

	// The client secret expiration time.
	//
	// If the client secret does not expire, `client_secret_expires_at` = `0`.
	ClientSecretExpiresAt int64 `json:"client_secret_expires_at,omitempty" yaml:"client_secret_expires_at,omitempty"`

	// URI of a client application.
	ClientURI string `json:"client_uri,omitempty" yaml:"client_uri,omitempty"`

	// Date when the client application was created.
	// Example: 2022-04-07T19:17:31.323187Z
	// Format: date-time
	CreatedAt strfmt.DateTime `json:"created_at,omitempty" yaml:"created_at,omitempty"`

	// Description of the client application.
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// Boolean value specifying whether the client always uses DPoP for token requests
	// If true, the authorization server will reject token requests from this client that do not contain the DPoP header.
	DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens,omitempty" yaml:"dpop_bound_access_tokens,omitempty"`

	// An array of allowed OAuth client grant types.
	//
	// The `grantTypes` array stores OAuth flows that are allowed for a given client application.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-grant-types/grant-types-overview/) about grant types.
	// Example: ["password","refresh_token","client_credentials","implicit","authorization_code"]
	GrantTypes []string `json:"grant_types" yaml:"grant_types"`

	// JWE alg algorithm for encrypting the ID token issued to this client application.
	// Enum: [RSA-OAEP RSA-OAEP-256]
	IDTokenEncryptedResponseAlg string `json:"id_token_encrypted_response_alg,omitempty" yaml:"id_token_encrypted_response_alg,omitempty"`

	// JWE enc algorithm for encrypting the ID token issued to this client application.
	// Enum: [A256GCM A128CBC-HS256]
	IDTokenEncryptedResponseEnc string `json:"id_token_encrypted_response_enc,omitempty" yaml:"id_token_encrypted_response_enc,omitempty"`

	// Algorithm for signing ID tokens issued for a client application.
	//
	// The default value depends on authorization server configuration.
	// Example: ES256
	// Enum: [RS256 ES256 PS256]
	IDTokenSignedResponseAlg string `json:"id_token_signed_response_alg,omitempty" yaml:"id_token_signed_response_alg,omitempty"`

	// An introspection endpoint authentication method configured for the client application (read-only).
	//
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// Cloudentity supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: [client_secret_basic client_secret_post client_secret_jwt private_key_jwt self_signed_tls_client_auth tls_client_auth none]
	IntrospectionEndpointAuthMethod string `json:"introspection_endpoint_auth_method,omitempty" yaml:"introspection_endpoint_auth_method,omitempty"`

	// jwks
	Jwks *ClientJWKs `json:"jwks,omitempty" yaml:"jwks,omitempty"`

	// A URL of JSON Web Key Set with the public keys used by a client application to authenticate to Cloudentity.
	JwksURI string `json:"jwks_uri,omitempty" yaml:"jwks_uri,omitempty"`

	// Logo URI.
	LogoURI string `json:"logo_uri,omitempty" yaml:"logo_uri,omitempty"`

	// External organization identifier. It is a unique string assigned by the CDR Register to identify an Accredited
	// Data Recipient Brand.
	//
	// The value obtained is used as the `aud` claim for message signing, for example, when a JSON Web Token (JWT) is
	// required for authorization, and represents the audience(s) the JWT is intended for.
	// Example: 5647fe90-f6bc-11eb-9a03-0242ac130003
	OrganisationID string `json:"organisation_id,omitempty" yaml:"organisation_id,omitempty"`

	// Policy URL to read about how the profile data is used.
	PolicyURI string `json:"policy_uri,omitempty" yaml:"policy_uri,omitempty"`

	// Array of URLs to which a relying party may request that the user be redirected after a logout has been performed.
	PostLogoutRedirectUris []string `json:"post_logout_redirect_uris" yaml:"post_logout_redirect_uris"`

	// privacy
	Privacy *ClientPrivacy `json:"privacy,omitempty" yaml:"privacy,omitempty"`

	// redirect uris
	RedirectUris RedirectURIs `json:"redirect_uris,omitempty" yaml:"redirect_uris,omitempty"`

	// Optional JWE alg algorithm the client is declaring that it may use for encrypting Request Objects
	// Example: RSA-OAEP
	// Enum: [RSA-OAEP RSA-OAEP-256]
	RequestObjectEncryptionAlg string `json:"request_object_encryption_alg,omitempty" yaml:"request_object_encryption_alg,omitempty"`

	// Optional JWE enc algorithm the client is declaring that it may use for encrypting Request Objects
	// When `request_object_encryption_enc` is included, `request_object_encryption_alg` MUST also be provided.
	// Example: A256GCM
	// Enum: [A256GCM A128CBC-HS256]
	RequestObjectEncryptionEnc string `json:"request_object_encryption_enc,omitempty" yaml:"request_object_encryption_enc,omitempty"`

	// Request object signing algorithm for the token endpoint
	//
	// Cloudentity supports signing tokens with the RS256, ES256, and PS256 algorithms. If you do not want
	// to use a signing algorithm, set the value of this parameter to `none`.
	// Example: none
	// Enum: [any none RS256 ES256 PS256]
	RequestObjectSigningAlg string `json:"request_object_signing_alg,omitempty" yaml:"request_object_signing_alg,omitempty"`

	// Array of absolute URIs that points to the Request Object that holds authorization request parameters.
	RequestUris []string `json:"request_uris" yaml:"request_uris"`

	// Boolean parameter indicating whether the only means of initiating an authorization request the client is allowed to use is PAR.
	RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests,omitempty" yaml:"require_pushed_authorization_requests,omitempty"`

	// response types
	ResponseTypes ResponseTypes `json:"response_types,omitempty" yaml:"response_types,omitempty"`

	// A revocation endpoint authentication method configured for the client application (read-only).
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// Cloudentity supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: [client_secret_basic client_secret_post client_secret_jwt private_key_jwt self_signed_tls_client_auth tls_client_auth none]
	RevocationEndpointAuthMethod string `json:"revocation_endpoint_auth_method,omitempty" yaml:"revocation_endpoint_auth_method,omitempty"`

	// Space-separated list of scopes for compatibility with the OAuth specification.
	// Example: email offline_access openid
	Scope string `json:"scope,omitempty" yaml:"scope,omitempty"`

	// An array of string represented scopes assigned to a client application
	// Example: ["email","offline_access","openid"]
	Scopes []string `json:"scopes" yaml:"scopes"`

	// OPTIONAL. [A URL using the HTTPS scheme](https://openid.net/specs/openid-connect-registration-1_0.html#SectorIdentifierValidation).
	// It must reference a JSON file with the array of `redirect_uri` values.
	//
	// Pass this parameter when you use multiple domains in your `redirect_uris` or need a mechanism to allow changes in
	// domain without affecting consumer consent.
	//
	// [Read more](https://openid.net/specs/openid-connect-core-1_0.html)
	SectorIdentifierURI string `json:"sector_identifier_uri,omitempty" yaml:"sector_identifier_uri,omitempty"`

	// Subject identifier type
	//
	// Stores information if the subject identifier is of the `public` or the `pairwise` type.
	//
	// Subject identifiers identify an end-user. They are locally unique and never reassigned within the Issuer,
	// and are intended to be consumed by client applications. There are two types
	// of subject identifiers: `public` and `pairwise`.
	//
	// For the `public` type, the value of the `sub` (subject) token claim is the same for all clients.
	//
	// For the `pairwise` type, a different `sub` (subject) token claim is provided for each client.
	// Using the `pairwise` subject identifier makes it impossible for client applications to correlate the end-user's
	// activity without their permission.
	// Example: public
	// Enum: [public pairwise]
	SubjectType string `json:"subject_type,omitempty" yaml:"subject_type,omitempty"`

	// ID of a tenant where the client application is added
	// Example: default
	// Required: true
	TenantID string `json:"tenant_id" yaml:"tenant_id"`

	// A string containing the value of an expected dNSName SAN entry in the certificate.
	TLSClientAuthSanDNS string `json:"tls_client_auth_san_dns,omitempty" yaml:"tls_client_auth_san_dns,omitempty"`

	// A string containing the value of an expected rfc822Name SAN entry in the certificate.
	TLSClientAuthSanEmail string `json:"tls_client_auth_san_email,omitempty" yaml:"tls_client_auth_san_email,omitempty"`

	// A string representation of an IP address in either dotted decimal notation (for IPv4) or colon-delimited hexadecimal (for IPv6, as defined in [RFC5952]) that is expected to be present as an iPAddress SAN entry in the certificate.
	TLSClientAuthSanIP string `json:"tls_client_auth_san_ip,omitempty" yaml:"tls_client_auth_san_ip,omitempty"`

	// A string containing the value of an expected uniformResourceIdentifier SAN entry in the certificate.
	TLSClientAuthSanURI string `json:"tls_client_auth_san_uri,omitempty" yaml:"tls_client_auth_san_uri,omitempty"`

	// An [RFC4514] string representation of the expected subject distinguished name of the certificate.
	TLSClientAuthSubjectDn string `json:"tls_client_auth_subject_dn,omitempty" yaml:"tls_client_auth_subject_dn,omitempty"`

	// Boolean value indicating server support for mutual TLS client certificate-bound access tokens. If omitted, the default value is "false".
	TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens,omitempty" yaml:"tls_client_certificate_bound_access_tokens,omitempty"`

	// Token endpoint authentication method configured for a client application
	//
	// Cloudentity supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// To learn more, go to the Authorization Basics > Client Authentication section of this guide.
	// Example: client_secret_basic
	// Enum: [client_secret_basic client_secret_post client_secret_jwt private_key_jwt self_signed_tls_client_auth tls_client_auth none]
	TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty" yaml:"token_endpoint_auth_method,omitempty"`

	// Signing algorithm for the token endpoint
	//
	// This field is optional. If empty, a client can use any algorithm supported by the server (see `token_endpoint_auth_signing_alg_values_supported` in the well-known endpoing).
	//
	// If provided, depending on the server configuration, client can use of one: HS256, RS256, ES256, PS256 algorithms.
	//
	// If your token endpoint authentication is set to the `private_key_jwt` method, the
	// `token_endpoint_auth_signing_alg` parameter must be either RS256, ES256, or PS256.
	//
	// If your token endpoint authentication is set to the `client_secret_jwt` method,
	// the `token_endpoint_auth_signing_alg` parameter must be HS256.
	// Example: ES256
	// Enum: [RS256 ES256 PS256 HS256 ]
	TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg,omitempty" yaml:"token_endpoint_auth_signing_alg,omitempty"`

	// token exchange
	TokenExchange *ClientTokenExchangeConfiguration `json:"token_exchange,omitempty" yaml:"token_exchange,omitempty"`

	// Terms of Service URL.
	TosURI string `json:"tos_uri,omitempty" yaml:"tos_uri,omitempty"`

	// Date when the client application was updated.
	// Example: 2022-05-08T01:11:51.1262916Z
	// Format: date-time
	UpdatedAt strfmt.DateTime `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`

	// JWS alg algorithm REQUIRED for signing UserInfo Responses.
	//
	// If specified, the response is a JWT serialized and signed with JWS.
	//
	// If omitted, then by default, UserInfo Response returns the Claims
	// as an UTF-8 encoded JSON object using the application/json content-type.
	// Example: none
	// Enum: [none RS256 ES256]
	UserinfoSignedResponseAlg string `json:"userinfo_signed_response_alg,omitempty" yaml:"userinfo_signed_response_alg,omitempty"`
}

type DeveloperEnvironment struct {

	// store client secrets as a one way hash
	ClientSecretsStoredAsOneWayHash bool `json:"client_secrets_stored_as_one_way_hash,omitempty" yaml:"client_secrets_stored_as_one_way_hash,omitempty"`

	// Rich Authorization Requests (RAR)
	Rar bool `json:"rar,omitempty" yaml:"rar,omitempty"`
}

type Error struct {

	// details
	Details interface{} `json:"details,omitempty" yaml:"details,omitempty"`

	// error
	Error string `json:"error,omitempty" yaml:"error,omitempty"`

	// status code
	StatusCode int64 `json:"status_code,omitempty" yaml:"status_code,omitempty"`
}

type GetServerDeveloperResponse struct {

	// Color
	// Example: #007FFF
	Color string `json:"color,omitempty" yaml:"color,omitempty"`

	// supported grant types
	// Example: ["implicit","authorization_code","refresh_token"]
	GrantTypes []string `json:"grant_types" yaml:"grant_types"`

	// authorization server id
	// Example: default
	ID string `json:"id,omitempty" yaml:"id,omitempty"`

	// issuer URL
	// Example: https://example.com/default/default
	IssuerURL string `json:"issuer_url,omitempty" yaml:"issuer_url,omitempty"`

	// mtls issuer url
	MtlsIssuerURL string `json:"mtls_issuer_url,omitempty" yaml:"mtls_issuer_url,omitempty"`

	// authorizations server name
	// Example: ACP
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// response types
	ResponseTypes ResponseTypes `json:"response_types,omitempty" yaml:"response_types,omitempty"`

	// supported subject identifier types
	// Example: ["public","pairwise"]
	SubjectIdentifierTypes []string `json:"subject_identifier_types" yaml:"subject_identifier_types"`

	// supported application purposes
	// Example: ["single_page","server_web","mobile_desktop","service","legacy"]
	SupportedApplicationPurposes []string `json:"supported_application_purposes" yaml:"supported_application_purposes"`
}

type GetServerWithScopesDeveloperResponse struct {

	// list of authorization details
	AuthorizationDetails []*AuthorizationDetailWithServiceDeveloperResponse `json:"authorization_details" yaml:"authorization_details"`

	// Color
	// Example: #007FFF
	Color string `json:"color,omitempty" yaml:"color,omitempty"`

	// supported grant types
	// Example: ["implicit","authorization_code","refresh_token"]
	GrantTypes []string `json:"grant_types" yaml:"grant_types"`

	// authorization server id
	// Example: default
	ID string `json:"id,omitempty" yaml:"id,omitempty"`

	// issuer URL
	// Example: https://example.com/default/default
	IssuerURL string `json:"issuer_url,omitempty" yaml:"issuer_url,omitempty"`

	// mtls issuer url
	MtlsIssuerURL string `json:"mtls_issuer_url,omitempty" yaml:"mtls_issuer_url,omitempty"`

	// authorizations server name
	// Example: ACP
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// response types
	ResponseTypes ResponseTypes `json:"response_types,omitempty" yaml:"response_types,omitempty"`

	// list of scopes
	Scopes []*ScopeWithServiceDeveloperResponse `json:"scopes" yaml:"scopes"`

	// supported subject identifier types
	// Example: ["public","pairwise"]
	SubjectIdentifierTypes []string `json:"subject_identifier_types" yaml:"subject_identifier_types"`

	// supported application purposes
	// Example: ["single_page","server_web","mobile_desktop","service","legacy"]
	SupportedApplicationPurposes []string `json:"supported_application_purposes" yaml:"supported_application_purposes"`
}

type ListServersDeveloperResponse struct {

	// list of authorization servers
	Servers []*GetServerDeveloperResponse `json:"servers" yaml:"servers"`
}

type PIICategory struct {

	// name
	// Example: HIPAA
	Name string `json:"name,omitempty" yaml:"name,omitempty"`
}

type RedirectURIs []string

type ResponseTypes []string

type RotateClientSecretDeveloperResponse struct {

	// secret
	Secret string `json:"secret,omitempty" yaml:"secret,omitempty"`
}

type ScopePrivacyInformation struct {

	// pii categories
	PiiCategories []*PIICategory `json:"pii_categories" yaml:"pii_categories"`

	// purpose
	Purpose string `json:"purpose,omitempty" yaml:"purpose,omitempty"`
}

type ScopeWithServiceDeveloperResponse struct {

	// scope description
	// Example: This scope value requests offline access using refresh token
	ScopeDescription string `json:"scope_description,omitempty" yaml:"scope_description,omitempty"`

	// scope display name
	// Example: Offline access
	ScopeDisplayName string `json:"scope_display_name,omitempty" yaml:"scope_display_name,omitempty"`

	// scope id
	// Example: 1
	ScopeID string `json:"scope_id,omitempty" yaml:"scope_id,omitempty"`

	// scope name
	// Example: offline_access
	ScopeName string `json:"scope_name,omitempty" yaml:"scope_name,omitempty"`

	// service description
	// Example: service description
	ServiceDescription string `json:"service_description,omitempty" yaml:"service_description,omitempty"`

	// service id
	// Example: 1
	ServiceID string `json:"service_id,omitempty" yaml:"service_id,omitempty"`

	// service name
	// Example: service
	ServiceName string `json:"service_name,omitempty" yaml:"service_name,omitempty"`

	// is scope assigned to a service
	// Example: false
	WithService bool `json:"with_service,omitempty" yaml:"with_service,omitempty"`
}

type SupportedJSONSchema struct {

	// additional properties
	AdditionalProperties bool `json:"additionalProperties,omitempty" yaml:"additionalProperties,omitempty"`

	// all of
	AllOf []*SupportedJSONSchema `json:"allOf" yaml:"allOf"`

	// any of
	AnyOf []*SupportedJSONSchema `json:"anyOf" yaml:"anyOf"`

	// const
	Const string `json:"const,omitempty" yaml:"const,omitempty"`

	// contains
	Contains *SupportedJSONSchema `json:"contains,omitempty" yaml:"contains,omitempty"`

	// dependent required
	DependentRequired map[string][]string `json:"dependentRequired,omitempty" yaml:"dependentRequired,omitempty"`

	// dependent schemas
	DependentSchemas map[string]SupportedJSONSchema `json:"dependentSchemas,omitempty" yaml:"dependentSchemas,omitempty"`

	// description
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// else
	Else *SupportedJSONSchema `json:"else,omitempty" yaml:"else,omitempty"`

	// enum
	Enum []string `json:"enum" yaml:"enum"`

	// exclusive maximum
	ExclusiveMaximum int64 `json:"exclusiveMaximum,omitempty" yaml:"exclusiveMaximum,omitempty"`

	// exclusive minimum
	ExclusiveMinimum int64 `json:"exclusiveMinimum,omitempty" yaml:"exclusiveMinimum,omitempty"`

	// hidden
	Hidden bool `json:"hidden,omitempty" yaml:"hidden,omitempty"`

	// if
	If *SupportedJSONSchema `json:"if,omitempty" yaml:"if,omitempty"`

	// items
	Items *SupportedJSONSchema `json:"items,omitempty" yaml:"items,omitempty"`

	// max contains
	MaxContains int64 `json:"maxContains,omitempty" yaml:"maxContains,omitempty"`

	// arrays
	MaxItems int64 `json:"maxItems,omitempty" yaml:"maxItems,omitempty"`

	// strings
	MaxLength int64 `json:"maxLength,omitempty" yaml:"maxLength,omitempty"`

	// objects
	MaxProperties int64 `json:"maxProperties,omitempty" yaml:"maxProperties,omitempty"`

	// maximum
	Maximum int64 `json:"maximum,omitempty" yaml:"maximum,omitempty"`

	// min contains
	MinContains int64 `json:"minContains,omitempty" yaml:"minContains,omitempty"`

	// min items
	MinItems int64 `json:"minItems,omitempty" yaml:"minItems,omitempty"`

	// min length
	MinLength int64 `json:"minLength,omitempty" yaml:"minLength,omitempty"`

	// min properties
	MinProperties int64 `json:"minProperties,omitempty" yaml:"minProperties,omitempty"`

	// minimum
	Minimum int64 `json:"minimum,omitempty" yaml:"minimum,omitempty"`

	// numeric
	MultipleOf int64 `json:"multipleOf,omitempty" yaml:"multipleOf,omitempty"`

	// not
	Not *SupportedJSONSchema `json:"not,omitempty" yaml:"not,omitempty"`

	// one of
	OneOf []*SupportedJSONSchema `json:"oneOf" yaml:"oneOf"`

	// pattern
	Pattern string `json:"pattern,omitempty" yaml:"pattern,omitempty"`

	// pattern properties
	PatternProperties map[string]SupportedJSONSchema `json:"patternProperties,omitempty" yaml:"patternProperties,omitempty"`

	// properties
	Properties map[string]SupportedJSONSchema `json:"properties,omitempty" yaml:"properties,omitempty"`

	// property names
	PropertyNames *SupportedJSONSchema `json:"propertyNames,omitempty" yaml:"propertyNames,omitempty"`

	// required
	Required []string `json:"required" yaml:"required"`

	// then
	Then *SupportedJSONSchema `json:"then,omitempty" yaml:"then,omitempty"`

	// any
	Type string `json:"type,omitempty" yaml:"type,omitempty"`

	// unique items
	UniqueItems bool `json:"uniqueItems,omitempty" yaml:"uniqueItems,omitempty"`
}

type UpdateClientDeveloperRequest struct {

	// The client application type.
	//
	// Client applications can be either of a `web` or `native` types.
	//
	// Web applications include clients like server web applications or service apps.
	//
	// Native applications include single-page applications (SPAs) and mobile or desktop
	// applications.
	//
	// Apply security measures according to the type of your application.
	// Example: web
	ApplicationType string `json:"application_type,omitempty" yaml:"application_type,omitempty"`

	// An array of dynamically calculated application types that can be used for filtering
	// Example: ["single_page","server_web","mobile_desktop","service","legacy","dcr"]
	// Read Only: true
	ApplicationTypes []string `json:"application_types" yaml:"application_types"`

	// Identity of the intended recipients (the audience).
	//
	// Typically, the audience is a single resource server or a list of resource servers.
	//
	// It is considered a good practice to limit the audience of the token for security purposes.
	Audience []string `json:"audience" yaml:"audience"`

	// Authorization details types
	//
	// Indicates what authorization details types the client can use.
	AuthorizationDetailsTypes []AuthorizationDetailType `json:"authorization_details_types" yaml:"authorization_details_types"`

	// Algorithm used for encrypting authorization responses.
	//
	// If both signing and encryption are requested, the response is first signed, and then encrypted.
	// As a result, a Nested JWT is obtained, as defined in JWT [RFC7519].
	//
	// If omitted, no encryption is applied by default.
	// Example: RSA-OAEP-256
	// Enum: [RSA-OAEP RSA-OAEP-256]
	AuthorizationEncryptedResponseAlg string `json:"authorization_encrypted_response_alg,omitempty" yaml:"authorization_encrypted_response_alg,omitempty"`

	// Algorithm used for encrypting authorization responses.
	//
	// With `authorization_encrypted_response_alg` specified, the default value is `A128CBC-HS256`.
	// When `authorization_encrypted_response_enc` is included, `authorization_encrypted_response_alg`
	// MUST also be provided in a request.
	// Example: A128CBC-HS256
	// Enum: [A256GCM A128CBC-HS256]
	AuthorizationEncryptedResponseEnc string `json:"authorization_encrypted_response_enc,omitempty" yaml:"authorization_encrypted_response_enc,omitempty"`

	// Algorithm used for signing authorization responses.
	//
	// With this parameter specified, the response is signed using JWS and according to the configured algorithm.
	//
	// `none` isn't allowed.
	// Example: RS256
	AuthorizationSignedResponseAlg string `json:"authorization_signed_response_alg,omitempty" yaml:"authorization_signed_response_alg,omitempty"`

	// OPTIONAL. The JWS alg algorithm value used by the client application to sign authentication requests.
	//
	// When omitted, the client application doesn't send signed authentication requests.
	BackchannelAuthenticationRequestSigningAlg string `` /* 127-byte string literal not displayed */

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type, and the token
	// delivery mode is set to `ping` or `push`.
	//
	// This parameter is the endpoint where an OP (OpenID Provider) posts a notification after end-user authentication.
	//
	// Input: an HTTPS URL.
	BackchannelClientNotificationEndpoint string `json:"backchannel_client_notification_endpoint,omitempty" yaml:"backchannel_client_notification_endpoint,omitempty"`

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type.
	//
	// Input: `poll`, `ping`, or `push`.
	BackchannelTokenDeliveryMode string `json:"backchannel_token_delivery_mode,omitempty" yaml:"backchannel_token_delivery_mode,omitempty"`

	// OPTIONAL. A boolean value indicating the `user_code` parameter support by the client application.
	//
	// If omitted, the default value is `false`.
	//
	// This applies only when the `backchannel_user_code_parameter_supported` OP parameter is `true`.
	BackchannelUserCodeParameter bool `json:"backchannel_user_code_parameter,omitempty" yaml:"backchannel_user_code_parameter,omitempty"`

	// The client identifier time of issue.
	//
	// The value is the number of seconds between 1970-01-01T00:00:00Z (UTC) and the date/time of issue.
	ClientIDIssuedAt int64 `json:"client_id_issued_at,omitempty" yaml:"client_id_issued_at,omitempty"`

	// Human-readable name of a client application.
	// Example: My app
	ClientName string `json:"client_name,omitempty" yaml:"client_name,omitempty"`

	// OAuth client secret
	//
	// If not provided, a random client secret is generated.
	// Min Length: 32
	ClientSecret string `json:"client_secret,omitempty" yaml:"client_secret,omitempty"`

	// The client secret expiration time.
	//
	// If the client secret does not expire, `client_secret_expires_at` = `0`.
	ClientSecretExpiresAt int64 `json:"client_secret_expires_at,omitempty" yaml:"client_secret_expires_at,omitempty"`

	// URI of a client application.
	ClientURI string `json:"client_uri,omitempty" yaml:"client_uri,omitempty"`

	// Date when the client application was created.
	// Example: 2022-04-07T19:17:31.323187Z
	// Format: date-time
	CreatedAt strfmt.DateTime `json:"created_at,omitempty" yaml:"created_at,omitempty"`

	// Description of the client application.
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// Boolean value specifying whether the client always uses DPoP for token requests
	// If true, the authorization server will reject token requests from this client that do not contain the DPoP header.
	DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens,omitempty" yaml:"dpop_bound_access_tokens,omitempty"`

	// An array of allowed OAuth client grant types.
	//
	// The `grantTypes` array stores OAuth flows that are allowed for a given client application.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-grant-types/grant-types-overview/) about grant types.
	// Example: ["password","refresh_token","client_credentials","implicit","authorization_code"]
	GrantTypes []string `json:"grant_types" yaml:"grant_types"`

	// An array of hashed rotated client secrets
	HashedRotatedSecrets []string `json:"hashed_rotated_secrets" yaml:"hashed_rotated_secrets"`

	// Hashed client secret
	//
	// Hashing client secrets provides additional security for your secrets storage as it hides
	// plaintext secrets from being viewed both in the UI and the database.
	HashedSecret string `json:"hashed_secret,omitempty" yaml:"hashed_secret,omitempty"`

	// JWE alg algorithm for encrypting the ID token issued to this client application.
	// Enum: [RSA-OAEP RSA-OAEP-256]
	IDTokenEncryptedResponseAlg string `json:"id_token_encrypted_response_alg,omitempty" yaml:"id_token_encrypted_response_alg,omitempty"`

	// JWE enc algorithm for encrypting the ID token issued to this client application.
	// Enum: [A256GCM A128CBC-HS256]
	IDTokenEncryptedResponseEnc string `json:"id_token_encrypted_response_enc,omitempty" yaml:"id_token_encrypted_response_enc,omitempty"`

	// Algorithm for signing ID tokens issued for a client application.
	//
	// The default value depends on authorization server configuration.
	// Example: ES256
	// Enum: [RS256 ES256 PS256]
	IDTokenSignedResponseAlg string `json:"id_token_signed_response_alg,omitempty" yaml:"id_token_signed_response_alg,omitempty"`

	// An introspection endpoint authentication method configured for the client application (read-only).
	//
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// Cloudentity supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: [client_secret_basic client_secret_post client_secret_jwt private_key_jwt self_signed_tls_client_auth tls_client_auth none]
	IntrospectionEndpointAuthMethod string `json:"introspection_endpoint_auth_method,omitempty" yaml:"introspection_endpoint_auth_method,omitempty"`

	// jwks
	Jwks *ClientJWKs `json:"jwks,omitempty" yaml:"jwks,omitempty"`

	// A URL of JSON Web Key Set with the public keys used by a client application to authenticate to Cloudentity.
	JwksURI string `json:"jwks_uri,omitempty" yaml:"jwks_uri,omitempty"`

	// Logo URI.
	LogoURI string `json:"logo_uri,omitempty" yaml:"logo_uri,omitempty"`

	// External organization identifier. It is a unique string assigned by the CDR Register to identify an Accredited
	// Data Recipient Brand.
	//
	// The value obtained is used as the `aud` claim for message signing, for example, when a JSON Web Token (JWT) is
	// required for authorization, and represents the audience(s) the JWT is intended for.
	// Example: 5647fe90-f6bc-11eb-9a03-0242ac130003
	OrganisationID string `json:"organisation_id,omitempty" yaml:"organisation_id,omitempty"`

	// Policy URL to read about how the profile data is used.
	PolicyURI string `json:"policy_uri,omitempty" yaml:"policy_uri,omitempty"`

	// Array of URLs to which a relying party may request that the user be redirected after a logout has been performed.
	PostLogoutRedirectUris []string `json:"post_logout_redirect_uris" yaml:"post_logout_redirect_uris"`

	// privacy
	Privacy *ClientPrivacy `json:"privacy,omitempty" yaml:"privacy,omitempty"`

	// redirect uris
	RedirectUris RedirectURIs `json:"redirect_uris,omitempty" yaml:"redirect_uris,omitempty"`

	// Optional JWE alg algorithm the client is declaring that it may use for encrypting Request Objects
	// Example: RSA-OAEP
	// Enum: [RSA-OAEP RSA-OAEP-256]
	RequestObjectEncryptionAlg string `json:"request_object_encryption_alg,omitempty" yaml:"request_object_encryption_alg,omitempty"`

	// Optional JWE enc algorithm the client is declaring that it may use for encrypting Request Objects
	// When `request_object_encryption_enc` is included, `request_object_encryption_alg` MUST also be provided.
	// Example: A256GCM
	// Enum: [A256GCM A128CBC-HS256]
	RequestObjectEncryptionEnc string `json:"request_object_encryption_enc,omitempty" yaml:"request_object_encryption_enc,omitempty"`

	// Request object signing algorithm for the token endpoint
	//
	// Cloudentity supports signing tokens with the RS256, ES256, and PS256 algorithms. If you do not want
	// to use a signing algorithm, set the value of this parameter to `none`.
	// Example: none
	// Enum: [any none RS256 ES256 PS256]
	RequestObjectSigningAlg string `json:"request_object_signing_alg,omitempty" yaml:"request_object_signing_alg,omitempty"`

	// Array of absolute URIs that points to the Request Object that holds authorization request parameters.
	RequestUris []string `json:"request_uris" yaml:"request_uris"`

	// Boolean parameter indicating whether the only means of initiating an authorization request the client is allowed to use is PAR.
	RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests,omitempty" yaml:"require_pushed_authorization_requests,omitempty"`

	// response types
	ResponseTypes ResponseTypes `json:"response_types,omitempty" yaml:"response_types,omitempty"`

	// A revocation endpoint authentication method configured for the client application (read-only).
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// Cloudentity supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: [client_secret_basic client_secret_post client_secret_jwt private_key_jwt self_signed_tls_client_auth tls_client_auth none]
	RevocationEndpointAuthMethod string `json:"revocation_endpoint_auth_method,omitempty" yaml:"revocation_endpoint_auth_method,omitempty"`

	// An array of rotated OAuth client secrets
	RotatedSecrets []string `json:"rotated_secrets" yaml:"rotated_secrets"`

	// Space-separated list of scopes for compatibility with the OAuth specification.
	// Example: email offline_access openid
	Scope string `json:"scope,omitempty" yaml:"scope,omitempty"`

	// An array of string represented scopes assigned to a client application
	// Example: ["email","offline_access","openid"]
	Scopes []string `json:"scopes" yaml:"scopes"`

	// OPTIONAL. [A URL using the HTTPS scheme](https://openid.net/specs/openid-connect-registration-1_0.html#SectorIdentifierValidation).
	// It must reference a JSON file with the array of `redirect_uri` values.
	//
	// Pass this parameter when you use multiple domains in your `redirect_uris` or need a mechanism to allow changes in
	// domain without affecting consumer consent.
	//
	// [Read more](https://openid.net/specs/openid-connect-core-1_0.html)
	SectorIdentifierURI string `json:"sector_identifier_uri,omitempty" yaml:"sector_identifier_uri,omitempty"`

	// Subject identifier type
	//
	// Stores information if the subject identifier is of the `public` or the `pairwise` type.
	//
	// Subject identifiers identify an end-user. They are locally unique and never reassigned within the Issuer,
	// and are intended to be consumed by client applications. There are two types
	// of subject identifiers: `public` and `pairwise`.
	//
	// For the `public` type, the value of the `sub` (subject) token claim is the same for all clients.
	//
	// For the `pairwise` type, a different `sub` (subject) token claim is provided for each client.
	// Using the `pairwise` subject identifier makes it impossible for client applications to correlate the end-user's
	// activity without their permission.
	// Example: public
	// Enum: [public pairwise]
	SubjectType string `json:"subject_type,omitempty" yaml:"subject_type,omitempty"`

	// A string containing the value of an expected dNSName SAN entry in the certificate.
	TLSClientAuthSanDNS string `json:"tls_client_auth_san_dns,omitempty" yaml:"tls_client_auth_san_dns,omitempty"`

	// A string containing the value of an expected rfc822Name SAN entry in the certificate.
	TLSClientAuthSanEmail string `json:"tls_client_auth_san_email,omitempty" yaml:"tls_client_auth_san_email,omitempty"`

	// A string representation of an IP address in either dotted decimal notation (for IPv4) or colon-delimited hexadecimal (for IPv6, as defined in [RFC5952]) that is expected to be present as an iPAddress SAN entry in the certificate.
	TLSClientAuthSanIP string `json:"tls_client_auth_san_ip,omitempty" yaml:"tls_client_auth_san_ip,omitempty"`

	// A string containing the value of an expected uniformResourceIdentifier SAN entry in the certificate.
	TLSClientAuthSanURI string `json:"tls_client_auth_san_uri,omitempty" yaml:"tls_client_auth_san_uri,omitempty"`

	// An [RFC4514] string representation of the expected subject distinguished name of the certificate.
	TLSClientAuthSubjectDn string `json:"tls_client_auth_subject_dn,omitempty" yaml:"tls_client_auth_subject_dn,omitempty"`

	// Boolean value indicating server support for mutual TLS client certificate-bound access tokens. If omitted, the default value is "false".
	TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens,omitempty" yaml:"tls_client_certificate_bound_access_tokens,omitempty"`

	// Token endpoint authentication method configured for a client application
	//
	// Cloudentity supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// To learn more, go to the Authorization Basics > Client Authentication section of this guide.
	// Example: client_secret_basic
	// Enum: [client_secret_basic client_secret_post client_secret_jwt private_key_jwt self_signed_tls_client_auth tls_client_auth none]
	TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty" yaml:"token_endpoint_auth_method,omitempty"`

	// Signing algorithm for the token endpoint
	//
	// This field is optional. If empty, a client can use any algorithm supported by the server (see `token_endpoint_auth_signing_alg_values_supported` in the well-known endpoing).
	//
	// If provided, depending on the server configuration, client can use of one: HS256, RS256, ES256, PS256 algorithms.
	//
	// If your token endpoint authentication is set to the `private_key_jwt` method, the
	// `token_endpoint_auth_signing_alg` parameter must be either RS256, ES256, or PS256.
	//
	// If your token endpoint authentication is set to the `client_secret_jwt` method,
	// the `token_endpoint_auth_signing_alg` parameter must be HS256.
	// Example: ES256
	// Enum: [RS256 ES256 PS256 HS256 ]
	TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg,omitempty" yaml:"token_endpoint_auth_signing_alg,omitempty"`

	// token exchange
	TokenExchange *ClientTokenExchangeConfiguration `json:"token_exchange,omitempty" yaml:"token_exchange,omitempty"`

	// Terms of Service URL.
	TosURI string `json:"tos_uri,omitempty" yaml:"tos_uri,omitempty"`

	// Date when the client application was updated.
	// Example: 2022-05-08T01:11:51.1262916Z
	// Format: date-time
	UpdatedAt strfmt.DateTime `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`

	// JWS alg algorithm REQUIRED for signing UserInfo Responses.
	//
	// If specified, the response is a JWT serialized and signed with JWS.
	//
	// If omitted, then by default, UserInfo Response returns the Claims
	// as an UTF-8 encoded JSON object using the application/json content-type.
	// Example: none
	// Enum: [none RS256 ES256]
	UserinfoSignedResponseAlg string `json:"userinfo_signed_response_alg,omitempty" yaml:"userinfo_signed_response_alg,omitempty"`
}