models

type API struct {

	// api type
	// Example: rest
	// Enum: [rest graphql]
	APIType string `json:"api_type,omitempty" yaml:"api_type,omitempty"`

	// if false it is not possible to assign a policy
	CanHavePolicy bool `json:"can_have_policy,omitempty" yaml:"can_have_policy,omitempty"`

	// Data classifications
	DataClassifications []string `json:"data_classifications" yaml:"data_classifications"`

	// graphql schema
	GraphqlSchema string `json:"graphql_schema,omitempty" yaml:"graphql_schema,omitempty"`

	// graphql types
	GraphqlTypes GraphQLTypes `json:"graphql_types,omitempty" yaml:"graphql_types,omitempty"`

	// API id
	// Example: 1
	ID string `json:"id,omitempty" yaml:"id,omitempty"`

	// HTTP request method
	// Example: GET
	Method string `json:"method,omitempty" yaml:"method,omitempty"`

	// HTTP request path
	// Example: /pets
	Path string `json:"path,omitempty" yaml:"path,omitempty"`

	// optional id of a policy
	// Example: block
	PolicyID string `json:"policy_id,omitempty" yaml:"policy_id,omitempty"`

	// position of the api in the apis list
	// Example: 1
	Position int64 `json:"position,omitempty" yaml:"position,omitempty"`

	// server id
	// Example: default
	ServerID string `json:"server_id,omitempty" yaml:"server_id,omitempty"`

	// service id
	// Example: 1
	ServiceID string `json:"service_id,omitempty" yaml:"service_id,omitempty"`

	// tenant id
	// Example: default
	TenantID string `json:"tenant_id,omitempty" yaml:"tenant_id,omitempty"`
}

type APIGroupMetadata struct {

	// apigee
	Apigee *ApigeeMetadata `json:"apigee,omitempty" yaml:"apigee,omitempty"`

	// aws
	Aws *AWSMetadata `json:"aws,omitempty" yaml:"aws,omitempty"`

	// azure
	Azure *AzureMetadata `json:"azure,omitempty" yaml:"azure,omitempty"`

	// Gateway type
	Type string `json:"type,omitempty" yaml:"type,omitempty"`
}

type AWSMetadata struct {

	// api id
	APIID string `json:"api_id,omitempty" yaml:"api_id,omitempty"`

	// api name
	APIName string `json:"api_name,omitempty" yaml:"api_name,omitempty"`

	// stage
	Stage string `json:"stage,omitempty" yaml:"stage,omitempty"`
}

type AdvancedConfiguration struct {

	// Configurable ACR values to enforce during auth flow
	AcrValues []string `json:"acr_values" yaml:"acr_values"`

	// This option overrides all urls advertised by the well known endpoint with their mtls alias
	AdvertiseOnlyMtlsAliasesInWellKnown bool `json:"advertise_only_mtls_aliases_in_well_known,omitempty" yaml:"advertise_only_mtls_aliases_in_well_known,omitempty"`

	// Block response modes
	BlockResponseModes bool `json:"block_response_modes,omitempty" yaml:"block_response_modes,omitempty"`

	// Disable certificate-bound access tokens for new DCR clients
	//
	// If true, new DCR clients are created with CertificateBoundAccessToken disabled.
	DisableDcrClientCertificateBoundAccessTokens bool `` /* 135-byte string literal not displayed */

	// Disable PAR
	DisablePar bool `json:"disable_par,omitempty" yaml:"disable_par,omitempty"`

	// Disable RAR
	DisableRar bool `json:"disable_rar,omitempty" yaml:"disable_rar,omitempty"`

	// Disable refresh token cycling
	//
	// Once disabled, original refresh token can be constantly used to issue new access token.
	DisableRefreshTokenCycling bool `json:"disable_refresh_token_cycling,omitempty" yaml:"disable_refresh_token_cycling,omitempty"`

	// When enabled, the authorization server will not accept access tokens supplied in the request query parameter
	// for protected resources endpoints.
	DisallowAccessTokenInQueryForProtectedResources bool `` /* 143-byte string literal not displayed */

	// Disallow code response type without JARM
	DisallowCodeResponseTypeWithoutJarm bool `json:"disallow_code_response_type_without_jarm,omitempty" yaml:"disallow_code_response_type_without_jarm,omitempty"`

	// disallowed response modes
	DisallowedResponseModes ResponseModes `json:"disallowed_response_modes,omitempty" yaml:"disallowed_response_modes,omitempty"`

	// Enforce acr values
	EnforceAcrValues bool `json:"enforce_acr_values,omitempty" yaml:"enforce_acr_values,omitempty"`

	// Ignore unknown scopes for DCR
	//
	// If enabled, an attempt to register or update a client with a scope that does not exist in the server will succeed.
	IgnoreUnknownScopesForDcr bool `json:"ignore_unknown_scopes_for_dcr,omitempty" yaml:"ignore_unknown_scopes_for_dcr,omitempty"`

	// Require request or request uri parameter for authorization flow
	RequireRequestOrRequestURIParameter bool `json:"require_request_or_request_uri_parameter,omitempty" yaml:"require_request_or_request_uri_parameter,omitempty"`

	// Return iss parameter in the authorization response
	ReturnIssParameterInAuthorizationResponse bool `` /* 127-byte string literal not displayed */
}

type AffiliationDescriptor struct {

	// affiliate members
	AffiliateMembers []string `json:"AffiliateMembers" yaml:"AffiliateMembers"`

	// affiliation owner ID
	AffiliationOwnerID string `json:"AffiliationOwnerID,omitempty" yaml:"AffiliationOwnerID,omitempty"`

	// cache duration
	CacheDuration Duration `json:"CacheDuration,omitempty" yaml:"CacheDuration,omitempty"`

	// ID
	ID string `json:"ID,omitempty" yaml:"ID,omitempty"`

	// key descriptors
	KeyDescriptors []*KeyDescriptor `json:"KeyDescriptors" yaml:"KeyDescriptors"`

	// signature
	Signature *Element `json:"Signature,omitempty" yaml:"Signature,omitempty"`

	// valid until
	// Format: date-time
	ValidUntil strfmt.DateTime `json:"ValidUntil,omitempty" yaml:"ValidUntil,omitempty"`
}

type ApigeeMetadata struct {

	// Apigee environment name. It's a uniqe, immutable name of an environment for a given proxy name.
	// Example: my-default-proxy
	// Required: true
	EnvironmentName string `json:"environment_name" yaml:"environment_name"`

	// Apigee organization name. It's a uniqe, immutable name of an Apigee organization.
	// Example: apigee-x-905913
	// Required: true
	OrganizationName string `json:"organization_name" yaml:"organization_name"`

	// Apigee proxy name. It's a uniqe, immutable name of a proxy for a given organization id.
	// Example: my-default-proxy
	// Required: true
	ProxyName string `json:"proxy_name" yaml:"proxy_name"`
}

type Attr struct {

	// space
	Space string `json:"Space,omitempty" yaml:"Space,omitempty"`

	// value
	Value string `json:"Value,omitempty" yaml:"Value,omitempty"`
}

type Attribute struct {

	// String represented display name of an attribute
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// Array of Strings represents attribute labels
	Labels []string `json:"labels" yaml:"labels"`

	// String represented variable name of an attribute
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// The data type of an attribute
	//
	// It stores information what kind of data is used as the value of the attribute.
	//
	// Available types: `number`, `string`, `bool`, `object`, `number_array`, `string_array`, `bool_array`, `object_array` or `any`.
	Type string `json:"type,omitempty" yaml:"type,omitempty"`
}

type AttributeAuthorityDescriptor struct {

	// assertion ID request services
	AssertionIDRequestServices []*Endpoint `json:"AssertionIDRequestServices" yaml:"AssertionIDRequestServices"`

	// attribute profiles
	AttributeProfiles []string `json:"AttributeProfiles" yaml:"AttributeProfiles"`

	// attribute services
	AttributeServices []*Endpoint `json:"AttributeServices" yaml:"AttributeServices"`

	// attributes
	Attributes []*Attribute `json:"Attributes" yaml:"Attributes"`

	// cache duration
	CacheDuration Duration `json:"CacheDuration,omitempty" yaml:"CacheDuration,omitempty"`

	// contact people
	ContactPeople []*ContactPerson `json:"ContactPeople" yaml:"ContactPeople"`

	// error URL
	ErrorURL string `json:"ErrorURL,omitempty" yaml:"ErrorURL,omitempty"`

	// ID
	ID string `json:"ID,omitempty" yaml:"ID,omitempty"`

	// key descriptors
	KeyDescriptors []*KeyDescriptor `json:"KeyDescriptors" yaml:"KeyDescriptors"`

	// name ID formats
	NameIDFormats []NameIDFormat `json:"NameIDFormats" yaml:"NameIDFormats"`

	// organization
	Organization *Organization `json:"Organization,omitempty" yaml:"Organization,omitempty"`

	// protocol support enumeration
	ProtocolSupportEnumeration string `json:"ProtocolSupportEnumeration,omitempty" yaml:"ProtocolSupportEnumeration,omitempty"`

	// signature
	Signature *Element `json:"Signature,omitempty" yaml:"Signature,omitempty"`

	// valid until
	// Format: date-time
	ValidUntil strfmt.DateTime `json:"ValidUntil,omitempty" yaml:"ValidUntil,omitempty"`
}

type AttributeConsumingService struct {

	// index
	Index int64 `json:"Index,omitempty" yaml:"Index,omitempty"`

	// is default
	IsDefault bool `json:"IsDefault,omitempty" yaml:"IsDefault,omitempty"`

	// requested attributes
	RequestedAttributes []*RequestedAttribute `json:"RequestedAttributes" yaml:"RequestedAttributes"`

	// service descriptions
	ServiceDescriptions []*LocalizedName `json:"ServiceDescriptions" yaml:"ServiceDescriptions"`

	// service names
	ServiceNames []*LocalizedName `json:"ServiceNames" yaml:"ServiceNames"`
}

type AttributeValue struct {

	// name ID
	NameID *NameID `json:"NameID,omitempty" yaml:"NameID,omitempty"`

	// type
	Type string `json:"Type,omitempty" yaml:"Type,omitempty"`

	// value
	Value string `json:"Value,omitempty" yaml:"Value,omitempty"`
}

type Attributes []*Attribute

type AuditEvent struct {

	// action
	// Enum: [authenticated authorized unauthorized created updated deleted generated requested confirmed accepted rejected revoked notified issued denied granted attempted failed succeeded sent not_sent executed]
	Action string `json:"action,omitempty" yaml:"action,omitempty"`

	// event id
	EventID string `json:"event_id,omitempty" yaml:"event_id,omitempty"`

	// event payload
	EventPayload interface{} `json:"event_payload,omitempty" yaml:"event_payload,omitempty"`

	// event subject
	// Enum: [request gateway_request gateway_policy policy client credential login post_authn consent client_consents customer_consents authorization_code access_token saml_assertion scopes otp user selfuser schema pool password bruteforce dcr script role task jit tokens service server]
	EventSubject string `json:"event_subject,omitempty" yaml:"event_subject,omitempty"`

	// event type
	EventType AuditEventType `json:"event_type,omitempty" yaml:"event_type,omitempty"`

	// metadata
	Metadata *AuditEventMetadata `json:"metadata,omitempty" yaml:"metadata,omitempty"`

	// server id
	ServerID string `json:"server_id,omitempty" yaml:"server_id,omitempty"`

	// tenant id
	TenantID string `json:"tenant_id,omitempty" yaml:"tenant_id,omitempty"`

	// timestamp
	// Format: date-time
	Timestamp strfmt.DateTime `json:"timestamp,omitempty" yaml:"timestamp,omitempty"`
}

type AuditEventMetadata struct {

	// Access request actor claims.
	//
	// It's only populated if the token has been issued in token exchange delegation flow.
	ActorClaims map[string]interface{} `json:"actor_claims,omitempty" yaml:"actor_claims,omitempty"`

	// Access request client ID related to an audit event.
	//
	// May be empty when the access is incorrect or missing.
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// ID of the Identity Pool
	IdentityPoolID string `json:"identity_pool_id,omitempty" yaml:"identity_pool_id,omitempty"`

	// Audit event IP address.
	//
	// It's first not empty value from: X-Forwaded-For, X-Real-IP or network socket IP address
	IP string `json:"ip,omitempty" yaml:"ip,omitempty"`

	// Access request may act claims.
	//
	// It's only populated if the token has been issued token with may_act claim.
	MayActClaims map[string]interface{} `json:"may_act_claims,omitempty" yaml:"may_act_claims,omitempty"`

	// Session id
	//
	// Correlation ID in a login process. Returns events related to a particular login process.
	// It's empty for audit events that have been created outside login process.
	SessionID string `json:"session_id,omitempty" yaml:"session_id,omitempty"`

	// Access request subject ID related to a given audit event.
	//
	// May be empty when the access is incorrect or missing.
	Subject string `json:"subject,omitempty" yaml:"subject,omitempty"`

	// Token signature
	//
	// Signature of a token that was used to perform an action that has published an audit event.
	TokenSignature string `json:"token_signature,omitempty" yaml:"token_signature,omitempty"`

	// Trace ID
	TraceID string `json:"trace_id,omitempty" yaml:"trace_id,omitempty"`

	// User-agent that describes a device name that generated the audit event.
	UserAgent string `json:"user_agent,omitempty" yaml:"user_agent,omitempty"`
}

type AuditEventType string

type Auth0Credentials struct {

	// OAuth client application secret
	ClientSecret string `json:"client_secret,omitempty" yaml:"client_secret,omitempty"`
}

type Auth0Settings struct {

	// OAuth client application identifier
	// Example: client
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// String represented domain of the Auth0 for your organization
	// Example: dev-318ay013.us.auth0.com
	Domain string `json:"domain,omitempty" yaml:"domain,omitempty"`

	// If enabled, users' data is collected by calling the `userinfo` endpoint.
	GetUserInfo bool `json:"get_user_info,omitempty" yaml:"get_user_info,omitempty"`

	// An array of additional scopes your client requests
	// Example: ["email","profile","openid"]
	Scopes []string `json:"scopes" yaml:"scopes"`

	// Whether to send the identifier as a `login_hint` parameter to the IDP
	SendLoginHint bool `json:"send_login_hint,omitempty" yaml:"send_login_hint,omitempty"`
}

type AuthenticationContext map[string]interface{}

type AuthenticationContextSettings struct {

	// attributes
	Attributes []*Attribute `json:"attributes" yaml:"attributes"`
}

type AuthnAuthorityDescriptor struct {

	// assertion ID request services
	AssertionIDRequestServices []*Endpoint `json:"AssertionIDRequestServices" yaml:"AssertionIDRequestServices"`

	// authn query services
	AuthnQueryServices []*Endpoint `json:"AuthnQueryServices" yaml:"AuthnQueryServices"`

	// cache duration
	CacheDuration Duration `json:"CacheDuration,omitempty" yaml:"CacheDuration,omitempty"`

	// contact people
	ContactPeople []*ContactPerson `json:"ContactPeople" yaml:"ContactPeople"`

	// error URL
	ErrorURL string `json:"ErrorURL,omitempty" yaml:"ErrorURL,omitempty"`

	// ID
	ID string `json:"ID,omitempty" yaml:"ID,omitempty"`

	// key descriptors
	KeyDescriptors []*KeyDescriptor `json:"KeyDescriptors" yaml:"KeyDescriptors"`

	// name ID formats
	NameIDFormats []NameIDFormat `json:"NameIDFormats" yaml:"NameIDFormats"`

	// organization
	Organization *Organization `json:"Organization,omitempty" yaml:"Organization,omitempty"`

	// protocol support enumeration
	ProtocolSupportEnumeration string `json:"ProtocolSupportEnumeration,omitempty" yaml:"ProtocolSupportEnumeration,omitempty"`

	// signature
	Signature *Element `json:"Signature,omitempty" yaml:"Signature,omitempty"`

	// valid until
	// Format: date-time
	ValidUntil strfmt.DateTime `json:"ValidUntil,omitempty" yaml:"ValidUntil,omitempty"`
}

type AuthorizationDetail struct {

	// An authorization server (workspace) identifier holding the client application.
	// Example: default
	// Required: true
	AuthorizationServerID string `json:"authorization_server_id" yaml:"authorization_server_id"`

	// Description
	// Example: Authorization detail for payment initiation
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// Authorization detail unique identifier
	ID string `json:"id,omitempty" yaml:"id,omitempty"`

	// General purpose metadata
	Metadata map[string]interface{} `json:"metadata,omitempty" yaml:"metadata,omitempty"`

	// Display name
	// Example: Payment Initiation
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// schema
	Schema *SupportedJSONSchema `json:"schema,omitempty" yaml:"schema,omitempty"`

	// ID of the tenant
	// Example: default
	// Required: true
	TenantID string `json:"tenant_id" yaml:"tenant_id"`

	// type
	// Required: true
	Type *AuthorizationDetailType `json:"type" yaml:"type"`
}

type AuthorizationDetailType string

type AzureB2CCredentials struct {

	// Application secret from your Microsoft Azure application settings
	ClientSecret string `json:"client_secret,omitempty" yaml:"client_secret,omitempty"`
}

type AzureB2CSettings struct {

	// Application ID from your Microsoft Azure B2C application settings
	// Example: client
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// Custom domain from your Microsoft Azure application settings when using a custom
	// domain such as with Azure Front Door. This is optional.
	// Example: my.customdomain.com
	CustomDomain string `json:"custom_domain,omitempty" yaml:"custom_domain,omitempty"`

	// If enabled, the groups a user belongs to are collected
	//
	// Groups are collections of users and other principals who share access to resources in
	// Microsoft services or in your app. Microsoft Graph provides APIs that you can use to create
	// and manage different types of groups and group functionality according to your scenario.
	//
	// You can only get groups data if you are entitled to call the Microsoft Graph API.
	// Example: true
	FetchGroups bool `json:"fetch_groups,omitempty" yaml:"fetch_groups,omitempty"`

	// If enabled, users' data is collected from the Microsoft Graph API
	//
	// You can only get user's data if you are entitled to call the Microsoft Graph API.
	GetUser bool `json:"get_user,omitempty" yaml:"get_user,omitempty"`

	// An array of user attributes fetched from the Microsoft Graph API
	GraphUserAttributes []string `json:"graph_user_attributes" yaml:"graph_user_attributes"`

	// String represented group name format used for fetching groups
	//
	// It's value can be either `id` or `name`.
	// Example: id
	GroupNameFormat string `json:"group_name_format,omitempty" yaml:"group_name_format,omitempty"`

	// If enabled, only security groups a user belongs to are collected.
	// Example: true
	OnlySecurityGroups bool `json:"only_security_groups,omitempty" yaml:"only_security_groups,omitempty"`

	// The user flow to be run.
	// Specify the name of a user flow you've created in your Azure AD B2C tenant.
	// Example: b2c_1_sign_in
	Policy string `json:"policy,omitempty" yaml:"policy,omitempty"`

	// An array of additional scopes your client is going to request
	// Example: ["email","profile","openid"]
	Scopes []string `json:"scopes" yaml:"scopes"`

	// Whether to send the identifier as a `login_hint` parameter to the IDP
	SendLoginHint bool `json:"send_login_hint,omitempty" yaml:"send_login_hint,omitempty"`

	// Directory ID from your Microsoft Azure B2C application settings
	// Example: 123-312-123
	Tenant string `json:"tenant,omitempty" yaml:"tenant,omitempty"`
}

type AzureCredentials struct {

	// Application secret from your Microsoft Azure application settings
	ClientSecret string `json:"client_secret,omitempty" yaml:"client_secret,omitempty"`
}

type AzureMetadata struct {

	// apim id
	ApimID string `json:"apim_id,omitempty" yaml:"apim_id,omitempty"`

	// apim name
	ApimName string `json:"apim_name,omitempty" yaml:"apim_name,omitempty"`
}

type AzureSettings struct {

	// Application ID from your Microsoft Azure application settings
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// If enabled, the groups a user belongs to are collected
	//
	// Groups are collections of users and other principals who share access to resources in
	// Microsoft services or in your app. Microsoft Graph provides APIs that you can use to create
	// and manage different types of groups and group functionality according to your scenario.
	//
	// You can only get groups data if you are entitled to call the Microsoft Graph API.
	FetchGroups bool `json:"fetch_groups,omitempty" yaml:"fetch_groups,omitempty"`

	// If enabled, users' data is collected from the Microsoft Graph API
	//
	// You can only get user's data if you are entitled to call the Microsoft Graph API.
	GetUser bool `json:"get_user,omitempty" yaml:"get_user,omitempty"`

	// An array of user attributes fetched from the Microsoft Graph API
	GraphUserAttributes []string `json:"graph_user_attributes" yaml:"graph_user_attributes"`

	// String represented group name format used for fetching groups
	//
	// It's value can be either `id` or `name`.
	GroupNameFormat string `json:"group_name_format,omitempty" yaml:"group_name_format,omitempty"`

	// If enabled, only security groups a user belongs to are collected.
	OnlySecurityGroups bool `json:"only_security_groups,omitempty" yaml:"only_security_groups,omitempty"`

	// An array of additional scopes your client requests
	Scopes []string `json:"scopes" yaml:"scopes"`

	// Whether to send the identifier as a `login_hint` parameter to the IDP
	SendLoginHint bool `json:"send_login_hint,omitempty" yaml:"send_login_hint,omitempty"`

	// Directory ID from your Microsoft Azure application settings
	Tenant string `json:"tenant,omitempty" yaml:"tenant,omitempty"`
}

type BruteForceLimit struct {

	// block duration
	// Example: 1m0s
	// Required: true
	// Format: duration
	BlockDuration strfmt.Duration `json:"block_duration" yaml:"block_duration"`

	// Max number of attempts
	// Example: 5
	// Required: true
	MaxAttempts int64 `json:"max_attempts" yaml:"max_attempts"`

	// protected type
	// Required: true
	ProtectedType *ProtectedType `json:"protected_type" yaml:"protected_type"`

	// tenant id
	// Example: default
	// Required: true
	TenantID string `json:"tenant_id" yaml:"tenant_id"`
}

type CDRArrangement struct {

	// List of accounts.
	//
	// It can refer to user's bank accounts that can be accessed by your client application in order to provide consumer
	// services.
	AccountIds []string `json:"account_ids" yaml:"account_ids"`

	// amending arrangement id
	AmendingArrangementID CDRArrangementID `json:"amending_arrangement_id,omitempty" yaml:"amending_arrangement_id,omitempty"`

	// Workspace identifier
	// Example: server
	AuthorizationServerID string `json:"authorization_server_id,omitempty" yaml:"authorization_server_id,omitempty"`

	// cdr arrangement id
	CdrArrangementID CDRArrangementID `json:"cdr_arrangement_id,omitempty" yaml:"cdr_arrangement_id,omitempty"`

	// cdr arrangement metadata
	CdrArrangementMetadata *CDRArrangementMetadata `json:"cdr_arrangement_metadata,omitempty" yaml:"cdr_arrangement_metadata,omitempty"`

	// Client application identifier
	// Example: bugkgm23g9kregtu051g
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// Arrangement creation date
	// Example: 2022-07-01T08:52:27.127932Z
	// Format: date-time
	CreatedAt strfmt.DateTime `json:"created_at,omitempty" yaml:"created_at,omitempty"`

	// customer id
	CustomerID CDRCustomerID `json:"customer_id,omitempty" yaml:"customer_id,omitempty"`

	// Arrangement expiration date
	// Example: 2023-03-01T09:02:27.127932Z
	// Format: date-time
	Expiry strfmt.DateTime `json:"expiry,omitempty" yaml:"expiry,omitempty"`

	// The detailed list of scopes voluntarily granted by the user for the client application to access user data.
	ScopeGrants []*ScopeGrant `json:"scope_grants" yaml:"scope_grants"`

	// The rule on how a user shares their data: reuse with a token or without it, or the user allows one-time access.
	// Example: one_time
	// Enum: [one_time one_time_with_refresh_token reusable]
	SharingType string `json:"sharing_type,omitempty" yaml:"sharing_type,omitempty"`

	// Arrangement version.
	// Currently, the version parameter is not used.
	// Example: v1
	// Enum: [v1]
	SpecVersion string `json:"spec_version,omitempty" yaml:"spec_version,omitempty"`

	// status
	Status ConsentStatus `json:"status,omitempty" yaml:"status,omitempty"`

	// Subject identifies an authenticated user.
	// Depending on the workspace configuration, the value can be hashed.
	// Example: 377eb000a87a471291b5a9869930a2422c670b7b6a06f74143eb74a01ed2fbe1
	Subject string `json:"subject,omitempty" yaml:"subject,omitempty"`

	// Tenant identifier
	// Example: my-company
	TenantID string `json:"tenant_id,omitempty" yaml:"tenant_id,omitempty"`

	// Arrangement last update date
	// Example: 2022-10-01T08:52:27.127932Z
	// Format: date-time
	UpdatedAt strfmt.DateTime `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`
}

type CDRArrangementID string

type CDRArrangementMetadata struct {

	// personal details
	PersonalDetails *PersonalDetails `json:"personal_details,omitempty" yaml:"personal_details,omitempty"`

	// revocation channel
	RevocationChannel RevocationChannel `json:"revocation_channel,omitempty" yaml:"revocation_channel,omitempty"`

	// revocation reason
	RevocationReason RevocationReason `json:"revocation_reason,omitempty" yaml:"revocation_reason,omitempty"`
}

type CDRConfiguration struct {

	// Flag to enable / disable ADR validation
	// If enabled, register URL must be provided and point to a existing registry
	AdrValidationEnabled bool `json:"adr_validation_enabled,omitempty" yaml:"adr_validation_enabled,omitempty"`

	// brand id
	BrandID string `json:"brand_id,omitempty" yaml:"brand_id,omitempty"`

	// Do not cache trust anchor data, fetch it from registry every time
	// This is useful for testing purposes when the registry might not be fully up when the test is run
	DontCacheTrustAnchorData bool `json:"dont_cache_trust_anchor_data,omitempty" yaml:"dont_cache_trust_anchor_data,omitempty"`

	// industry
	Industry CDRIndustry `json:"industry,omitempty" yaml:"industry,omitempty"`

	// register api version
	RegisterAPIVersion CDRRegisterAPIVersion `json:"register_api_version,omitempty" yaml:"register_api_version,omitempty"`

	// register url
	RegisterURL CDRRegisterURL `json:"register_url,omitempty" yaml:"register_url,omitempty"`

	// Flag to disable register URL validation
	// If enabled, there will be no error message
	// if data from provided register URL can not be fetched
	// It is highly not recommended to use this flag if it is not required
	SkipRegisterURLValidation bool `json:"skip_register_url_validation,omitempty" yaml:"skip_register_url_validation,omitempty"`
}

type CDRCustomerID string

type CDRIndustry string

type CDRRegisterAPIVersion string

type CDRRegisterURL string

type CIBAAuthenticationService struct {

	// client id
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// external
	External *ExternalCIBAAuthenticationService `json:"external,omitempty" yaml:"external,omitempty"`

	// server id
	ServerID string `json:"server_id,omitempty" yaml:"server_id,omitempty"`

	// tenant id
	TenantID string `json:"tenant_id,omitempty" yaml:"tenant_id,omitempty"`

	// type
	Type string `json:"type,omitempty" yaml:"type,omitempty"`
}

type Claim struct {

	// authorization server id
	// Example: default
	AuthorizationServerID string `json:"authorization_server_id,omitempty" yaml:"authorization_server_id,omitempty"`

	// unique claim id
	// Example: 1
	ID string `json:"id,omitempty" yaml:"id,omitempty"`

	// DeprecatedMapping use SourceType and SourcePath instead
	// claim mapping - path to attribute in authentication context from where claim value should be picked
	// Example: email
	Mapping string `json:"mapping,omitempty" yaml:"mapping,omitempty"`

	// claim name in outgoing id / access token
	// Example: email
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// included in userinfo/introspect endpoints only
	Opaque bool `json:"opaque,omitempty" yaml:"opaque,omitempty"`

	// saml name
	// Example: email
	SamlName string `json:"saml_name,omitempty" yaml:"saml_name,omitempty"`

	// saml name format
	// Example: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
	SamlNameFormat string `json:"saml_name_format,omitempty" yaml:"saml_name_format,omitempty"`

	// list of scopes - when at least one of listed scopes has been granted to a client, then claim will be added to id / access token.
	// In case of empty array claim is always added.
	// Example: ["email","email_verified"]
	Scopes []string `json:"scopes" yaml:"scopes"`

	// path to the attribute in source type context where claim value should be picked from
	SourcePath string `json:"source_path,omitempty" yaml:"source_path,omitempty"`

	// source type
	SourceType ClaimSourceType `json:"source_type,omitempty" yaml:"source_type,omitempty"`

	// tenant id
	// Example: default
	TenantID string `json:"tenant_id,omitempty" yaml:"tenant_id,omitempty"`

	// type
	Type ClaimType `json:"type,omitempty" yaml:"type,omitempty"`
}

type ClaimGrant struct {

	// The claim name as it's set initially.
	// Example: email
	ClaimName string `json:"claim_name,omitempty" yaml:"claim_name,omitempty"`

	// Identifier of a client application that is granted with the claim.
	// Example: bugkgm23g9kregtu051g
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// Time when the claim was granted
	// Format: date-time
	GivenAt strfmt.DateTime `json:"given_at,omitempty" yaml:"given_at,omitempty"`

	// Language
	Language string `json:"language,omitempty" yaml:"language,omitempty"`

	// Identifier of a server where the client app is hosted.
	// Example: my-server
	ServerID string `json:"server_id,omitempty" yaml:"server_id,omitempty"`

	// Identifier of a user who granted the claim.
	Subject string `json:"subject,omitempty" yaml:"subject,omitempty"`

	// Identifier of the tenant where the client app is hosted.
	// Example: my-company
	TenantID string `json:"tenant_id,omitempty" yaml:"tenant_id,omitempty"`
}

type ClaimSourceType string

type ClaimType string

type Client struct {

	// The client application type.
	//
	// Client applications can be either of a `web` or `native` types.
	//
	// Web applications include clients like server web applications or service apps.
	//
	// Native applications include single-page applications (SPAs) and mobile or desktop
	// applications.
	//
	// Apply security measures according to the type of your application.
	// Example: web
	ApplicationType string `json:"application_type,omitempty" yaml:"application_type,omitempty"`

	// An array of dynamically calculated application types that can be used for filtering
	// Example: ["single_page","server_web","mobile_desktop","service","legacy","dcr"]
	// Read Only: true
	ApplicationTypes []string `json:"application_types" yaml:"application_types"`

	// Identity of the intended recipients (the audience).
	//
	// Typically, the audience is a single resource server or a list of resource servers.
	//
	// It is considered a good practice to limit the audience of the token for security purposes.
	Audience []string `json:"audience" yaml:"audience"`

	// Authorization details types
	//
	// Indicates what authorization details types the client can use.
	AuthorizationDetailsTypes []AuthorizationDetailType `json:"authorization_details_types" yaml:"authorization_details_types"`

	// Algorithm used for encrypting authorization responses.
	//
	// If both signing and encryption are requested, the response is first signed, and then encrypted.
	// As a result, a Nested JWT is obtained, as defined in JWT [RFC7519].
	//
	// If omitted, no encryption is applied by default.
	// Example: RSA-OAEP-256
	// Enum: [RSA-OAEP RSA-OAEP-256]
	AuthorizationEncryptedResponseAlg string `json:"authorization_encrypted_response_alg,omitempty" yaml:"authorization_encrypted_response_alg,omitempty"`

	// Algorithm used for encrypting authorization responses.
	//
	// With `authorization_encrypted_response_alg` specified, the default value is `A128CBC-HS256`.
	// When `authorization_encrypted_response_enc` is included, `authorization_encrypted_response_alg`
	// MUST also be provided in a request.
	// Example: A128CBC-HS256
	// Enum: [A256GCM A128CBC-HS256]
	AuthorizationEncryptedResponseEnc string `json:"authorization_encrypted_response_enc,omitempty" yaml:"authorization_encrypted_response_enc,omitempty"`

	// An authorization server (workspace) identifier holding the client application.
	// Example: default
	// Required: true
	AuthorizationServerID string `json:"authorization_server_id" yaml:"authorization_server_id"`

	// Algorithm used for signing authorization responses.
	//
	// With this parameter specified, the response is signed using JWS and according to the configured algorithm.
	//
	// `none` isn't allowed.
	// Example: RS256
	AuthorizationSignedResponseAlg string `json:"authorization_signed_response_alg,omitempty" yaml:"authorization_signed_response_alg,omitempty"`

	// OPTIONAL. The JWS alg algorithm value used by the client application to sign authentication requests.
	//
	// When omitted, the client application doesn't send signed authentication requests.
	BackchannelAuthenticationRequestSigningAlg string `` /* 127-byte string literal not displayed */

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type, and the token
	// delivery mode is set to `ping` or `push`.
	//
	// This parameter is the endpoint where an OP (OpenID Provider) posts a notification after end-user authentication.
	//
	// Input: an HTTPS URL.
	BackchannelClientNotificationEndpoint string `json:"backchannel_client_notification_endpoint,omitempty" yaml:"backchannel_client_notification_endpoint,omitempty"`

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type.
	//
	// Input: `poll`, `ping`, or `push`.
	BackchannelTokenDeliveryMode string `json:"backchannel_token_delivery_mode,omitempty" yaml:"backchannel_token_delivery_mode,omitempty"`

	// OPTIONAL. A boolean value indicating the `user_code` parameter support by the client application.
	//
	// If omitted, the default value is `false`.
	//
	// This applies only when the `backchannel_user_code_parameter_supported` OP parameter is `true`.
	BackchannelUserCodeParameter bool `json:"backchannel_user_code_parameter,omitempty" yaml:"backchannel_user_code_parameter,omitempty"`

	// OAuth client application identifier
	//
	// If not provided, a random client ID is generated.
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// The client identifier time of issue.
	//
	// The value is the number of seconds between 1970-01-01T00:00:00Z (UTC) and the date/time of issue.
	ClientIDIssuedAt int64 `json:"client_id_issued_at,omitempty" yaml:"client_id_issued_at,omitempty"`

	// Human-readable name of a client application.
	// Example: My app
	ClientName string `json:"client_name,omitempty" yaml:"client_name,omitempty"`

	// OAuth client secret
	//
	// If not provided, a random client secret is generated.
	// Min Length: 32
	ClientSecret string `json:"client_secret,omitempty" yaml:"client_secret,omitempty"`

	// The client secret expiration time.
	//
	// If the client secret does not expire, `client_secret_expires_at` = `0`.
	ClientSecretExpiresAt int64 `json:"client_secret_expires_at,omitempty" yaml:"client_secret_expires_at,omitempty"`

	// Defines whether the client application is active or not.
	//
	// Only clients with the `Active` status can preform authorization, authentication, and PAR requests.
	// Enum: [active inactive]
	ClientStatus string `json:"client_status,omitempty" yaml:"client_status,omitempty"`

	// client type
	// Enum: [oauth2 saml]
	ClientType string `json:"client_type,omitempty" yaml:"client_type,omitempty"`

	// URI of a client application.
	ClientURI string `json:"client_uri,omitempty" yaml:"client_uri,omitempty"`

	// confirmation
	Confirmation *Confirmation `json:"confirmation,omitempty" yaml:"confirmation,omitempty"`

	// Date when the client application was created.
	// Example: 2022-04-07T19:17:31.323187Z
	// Format: date-time
	CreatedAt strfmt.DateTime `json:"created_at,omitempty" yaml:"created_at,omitempty"`

	// Description of the client application.
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// Optional developer owner of the client application.
	DeveloperID string `json:"developer_id,omitempty" yaml:"developer_id,omitempty"`

	// developer metadata
	DeveloperMetadata Metadata `json:"developer_metadata,omitempty" yaml:"developer_metadata,omitempty"`

	// Boolean value specifying whether the client always uses DPoP for token requests
	// If true, the authorization server will reject token requests from this client that do not contain the DPoP header.
	DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens,omitempty" yaml:"dpop_bound_access_tokens,omitempty"`

	// dynamically registered
	DynamicallyRegistered bool `json:"dynamically_registered,omitempty" yaml:"dynamically_registered,omitempty"`

	// fdx
	Fdx *FDXMetadata `json:"fdx,omitempty" yaml:"fdx,omitempty"`

	// An array of allowed OAuth client grant types.
	//
	// The `grantTypes` array stores OAuth flows that are allowed for a given client application.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-grant-types/grant-types-overview/) about grant types.
	// Example: ["password","refresh_token","client_credentials","implicit","authorization_code"]
	GrantTypes []string `json:"grant_types" yaml:"grant_types"`

	// An array of hashed rotated client secrets
	HashedRotatedSecrets []string `json:"hashed_rotated_secrets" yaml:"hashed_rotated_secrets"`

	// Hashed client secret
	//
	// Hashing client secrets provides additional security for your secrets storage as it hides
	// plaintext secrets from being viewed both in the UI and the database.
	HashedSecret string `json:"hashed_secret,omitempty" yaml:"hashed_secret,omitempty"`

	// JWE alg algorithm for encrypting the ID token issued to this client application.
	// Enum: [RSA-OAEP RSA-OAEP-256]
	IDTokenEncryptedResponseAlg string `json:"id_token_encrypted_response_alg,omitempty" yaml:"id_token_encrypted_response_alg,omitempty"`

	// JWE enc algorithm for encrypting the ID token issued to this client application.
	// Enum: [A256GCM A128CBC-HS256]
	IDTokenEncryptedResponseEnc string `json:"id_token_encrypted_response_enc,omitempty" yaml:"id_token_encrypted_response_enc,omitempty"`

	// Algorithm for signing ID tokens issued for a client application.
	//
	// The default value depends on authorization server configuration.
	// Example: ES256
	// Enum: [RS256 ES256 PS256]
	IDTokenSignedResponseAlg string `json:"id_token_signed_response_alg,omitempty" yaml:"id_token_signed_response_alg,omitempty"`

	// An introspection endpoint authentication method configured for the client application (read-only).
	//
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// Cloudentity supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: [client_secret_basic client_secret_post client_secret_jwt private_key_jwt self_signed_tls_client_auth tls_client_auth none]
	IntrospectionEndpointAuthMethod string `json:"introspection_endpoint_auth_method,omitempty" yaml:"introspection_endpoint_auth_method,omitempty"`

	// jwks
	Jwks *ClientJWKs `json:"jwks,omitempty" yaml:"jwks,omitempty"`

	// A URL of JSON Web Key Set with the public keys used by a client application to authenticate to Cloudentity.
	JwksURI string `json:"jwks_uri,omitempty" yaml:"jwks_uri,omitempty"`

	// Logo URI.
	LogoURI string `json:"logo_uri,omitempty" yaml:"logo_uri,omitempty"`

	// metadata
	Metadata Metadata `json:"metadata,omitempty" yaml:"metadata,omitempty"`

	// obbr
	Obbr *OBBRMetadata `json:"obbr,omitempty" yaml:"obbr,omitempty"`

	// External organization identifier. It is a unique string assigned by the CDR Register to identify an Accredited
	// Data Recipient Brand.
	//
	// The value obtained is used as the `aud` claim for message signing, for example, when a JSON Web Token (JWT) is
	// required for authorization, and represents the audience(s) the JWT is intended for.
	// Example: 5647fe90-f6bc-11eb-9a03-0242ac130003
	OrganisationID string `json:"organisation_id,omitempty" yaml:"organisation_id,omitempty"`

	// Policy URL to read about how the profile data is used.
	PolicyURI string `json:"policy_uri,omitempty" yaml:"policy_uri,omitempty"`

	// Array of URLs to which a relying party may request that the user be redirected after a logout has been performed.
	PostLogoutRedirectUris []string `json:"post_logout_redirect_uris" yaml:"post_logout_redirect_uris"`

	// privacy
	Privacy *ClientPrivacy `json:"privacy,omitempty" yaml:"privacy,omitempty"`

	// redirect uris
	RedirectUris RedirectURIs `json:"redirect_uris,omitempty" yaml:"redirect_uris,omitempty"`

	// registration token
	RegistrationToken *RegistrationToken `json:"registration_token,omitempty" yaml:"registration_token,omitempty"`

	// Optional JWE alg algorithm the client is declaring that it may use for encrypting Request Objects
	// Example: RSA-OAEP
	// Enum: [RSA-OAEP RSA-OAEP-256]
	RequestObjectEncryptionAlg string `json:"request_object_encryption_alg,omitempty" yaml:"request_object_encryption_alg,omitempty"`

	// Optional JWE enc algorithm the client is declaring that it may use for encrypting Request Objects
	// When `request_object_encryption_enc` is included, `request_object_encryption_alg` MUST also be provided.
	// Example: A256GCM
	// Enum: [A256GCM A128CBC-HS256]
	RequestObjectEncryptionEnc string `json:"request_object_encryption_enc,omitempty" yaml:"request_object_encryption_enc,omitempty"`

	// Request object signing algorithm for the token endpoint
	//
	// Cloudentity supports signing tokens with the RS256, ES256, and PS256 algorithms. If you do not want
	// to use a signing algorithm, set the value of this parameter to `none`.
	// Example: none
	// Enum: [any none RS256 ES256 PS256]
	RequestObjectSigningAlg string `json:"request_object_signing_alg,omitempty" yaml:"request_object_signing_alg,omitempty"`

	// Array of absolute URIs that points to the Request Object that holds authorization request parameters.
	RequestUris []string `json:"request_uris" yaml:"request_uris"`

	// Boolean parameter indicating whether the only means of initiating an authorization request the client is allowed to use is PAR.
	RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests,omitempty" yaml:"require_pushed_authorization_requests,omitempty"`

	// response types
	ResponseTypes ResponseTypes `json:"response_types,omitempty" yaml:"response_types,omitempty"`

	// A revocation endpoint authentication method configured for the client application (read-only).
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// Cloudentity supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: [client_secret_basic client_secret_post client_secret_jwt private_key_jwt self_signed_tls_client_auth tls_client_auth none]
	RevocationEndpointAuthMethod string `json:"revocation_endpoint_auth_method,omitempty" yaml:"revocation_endpoint_auth_method,omitempty"`

	// An array of rotated OAuth client secrets
	RotatedSecrets []string `json:"rotated_secrets" yaml:"rotated_secrets"`

	// saml metadata
	SamlMetadata *EntityDescriptor `json:"saml_metadata,omitempty" yaml:"saml_metadata,omitempty"`

	// saml service provider id
	SamlServiceProviderID string `json:"saml_service_provider_id,omitempty" yaml:"saml_service_provider_id,omitempty"`

	// Space-separated list of scopes for compatibility with the OAuth specification.
	// Example: email offline_access openid
	Scope string `json:"scope,omitempty" yaml:"scope,omitempty"`

	// An array of string represented scopes assigned to a client application
	// Example: ["email","offline_access","openid"]
	Scopes []string `json:"scopes" yaml:"scopes"`

	// OPTIONAL. [A URL using the HTTPS scheme](https://openid.net/specs/openid-connect-registration-1_0.html#SectorIdentifierValidation).
	// It must reference a JSON file with the array of `redirect_uri` values.
	//
	// Pass this parameter when you use multiple domains in your `redirect_uris` or need a mechanism to allow changes in
	// domain without affecting consumer consent.
	//
	// [Read more](https://openid.net/specs/openid-connect-core-1_0.html)
	SectorIdentifierURI string `json:"sector_identifier_uri,omitempty" yaml:"sector_identifier_uri,omitempty"`

	// A unique identifier string (e.g., a Universally Unique Identifier
	// (UUID)) assigned by the client developer or software publisher.
	//
	// The `software_id` MUST remain the same across
	// multiple updates or versions of the same software package. The
	// value of this field is not intended to be human-readable and is
	// usually opaque to the client and authorization server.
	SoftwareID string `json:"software_id,omitempty" yaml:"software_id,omitempty"`

	// A digitally signed or MACed JSON Web Token (JWT) [RFC7519] that
	// asserts metadata values about the client software.  In some cases,
	// a software statement is issued directly by the client
	// developer.  In other cases, a software statement is issued by
	// a third-party organization for use by the client developer.
	//
	// In both cases, the trust relationship the authorization server has
	// with the issuer of the software statement is intended to be used
	// as an input to the evaluation of whether the registration request
	// is accepted.
	//
	// A software statement can be presented to an
	// authorization server as part of the client registration request.
	SoftwareStatement string `json:"software_statement,omitempty" yaml:"software_statement,omitempty"`

	// software statement payload
	SoftwareStatementPayload Metadata `json:"software_statement_payload,omitempty" yaml:"software_statement_payload,omitempty"`

	// A version identifier string for the client software identified by
	// `software_id`. The value of the `software_version` MUST be changed
	// with any update of the client software identified by the same
	// `software_id`.
	SoftwareVersion string `json:"software_version,omitempty" yaml:"software_version,omitempty"`

	// Subject identifier type
	//
	// Stores information if the subject identifier is of the `public` or the `pairwise` type.
	//
	// Subject identifiers identify an end-user. They are locally unique and never reassigned within the Issuer,
	// and are intended to be consumed by client applications. There are two types
	// of subject identifiers: `public` and `pairwise`.
	//
	// For the `public` type, the value of the `sub` (subject) token claim is the same for all clients.
	//
	// For the `pairwise` type, a different `sub` (subject) token claim is provided for each client.
	// Using the `pairwise` subject identifier makes it impossible for client applications to correlate the end-user's
	// activity without their permission.
	// Example: public
	// Enum: [public pairwise]
	SubjectType string `json:"subject_type,omitempty" yaml:"subject_type,omitempty"`

	// Defines whether the client application is a system tenant's application or not.
	System bool `json:"system,omitempty" yaml:"system,omitempty"`

	// ID of a tenant where the client application is added
	// Example: default
	// Required: true
	TenantID string `json:"tenant_id" yaml:"tenant_id"`

	// A string containing the value of an expected dNSName SAN entry in the certificate.
	TLSClientAuthSanDNS string `json:"tls_client_auth_san_dns,omitempty" yaml:"tls_client_auth_san_dns,omitempty"`

	// A string containing the value of an expected rfc822Name SAN entry in the certificate.
	TLSClientAuthSanEmail string `json:"tls_client_auth_san_email,omitempty" yaml:"tls_client_auth_san_email,omitempty"`

	// A string representation of an IP address in either dotted decimal notation (for IPv4) or colon-delimited hexadecimal (for IPv6, as defined in [RFC5952]) that is expected to be present as an iPAddress SAN entry in the certificate.
	TLSClientAuthSanIP string `json:"tls_client_auth_san_ip,omitempty" yaml:"tls_client_auth_san_ip,omitempty"`

	// A string containing the value of an expected uniformResourceIdentifier SAN entry in the certificate.
	TLSClientAuthSanURI string `json:"tls_client_auth_san_uri,omitempty" yaml:"tls_client_auth_san_uri,omitempty"`

	// An [RFC4514] string representation of the expected subject distinguished name of the certificate.
	TLSClientAuthSubjectDn string `json:"tls_client_auth_subject_dn,omitempty" yaml:"tls_client_auth_subject_dn,omitempty"`

	// Boolean value indicating server support for mutual TLS client certificate-bound access tokens. If omitted, the default value is "false".
	TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens,omitempty" yaml:"tls_client_certificate_bound_access_tokens,omitempty"`

	// Token endpoint authentication method configured for a client application
	//
	// Cloudentity supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// To learn more, go to the Authorization Basics > Client Authentication section of this guide.
	// Example: client_secret_basic
	// Enum: [client_secret_basic client_secret_post client_secret_jwt private_key_jwt self_signed_tls_client_auth tls_client_auth none]
	TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty" yaml:"token_endpoint_auth_method,omitempty"`

	// Signing algorithm for the token endpoint
	//
	// This field is optional. If empty, a client can use any algorithm supported by the server (see `token_endpoint_auth_signing_alg_values_supported` in the well-known endpoing).
	//
	// If provided, depending on the server configuration, client can use of one: HS256, RS256, ES256, PS256 algorithms.
	//
	// If your token endpoint authentication is set to the `private_key_jwt` method, the
	// `token_endpoint_auth_signing_alg` parameter must be either RS256, ES256, or PS256.
	//
	// If your token endpoint authentication is set to the `client_secret_jwt` method,
	// the `token_endpoint_auth_signing_alg` parameter must be HS256.
	// Example: ES256
	// Enum: [RS256 ES256 PS256 HS256 ]
	TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg,omitempty" yaml:"token_endpoint_auth_signing_alg,omitempty"`

	// token exchange
	TokenExchange *ClientTokenExchangeConfiguration `json:"token_exchange,omitempty" yaml:"token_exchange,omitempty"`

	// token ttls
	TokenTtls *TokenTTLs `json:"token_ttls,omitempty" yaml:"token_ttls,omitempty"`

	// Terms of Service URL.
	TosURI string `json:"tos_uri,omitempty" yaml:"tos_uri,omitempty"`

	// Defines whether the client application is trusted or not.
	//
	// For trusted clients, consent pages are skipped during the authorization process.
	Trusted bool `json:"trusted,omitempty" yaml:"trusted,omitempty"`

	// Date when the client application was updated.
	// Example: 2022-05-08T01:11:51.1262916Z
	// Format: date-time
	UpdatedAt strfmt.DateTime `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`

	// If enabled the client application will be able to set its own token TTLs.
	UseCustomTokenTtls bool `json:"use_custom_token_ttls,omitempty" yaml:"use_custom_token_ttls,omitempty"`

	// JWS alg algorithm REQUIRED for signing UserInfo Responses.
	//
	// If specified, the response is a JWT serialized and signed with JWS.
	//
	// If omitted, then by default, UserInfo Response returns the Claims
	// as an UTF-8 encoded JSON object using the application/json content-type.
	// Example: none
	// Enum: [none RS256 ES256]
	UserinfoSignedResponseAlg string `json:"userinfo_signed_response_alg,omitempty" yaml:"userinfo_signed_response_alg,omitempty"`
}

type ClientJWK struct {

	// The "alg" (algorithm) parameter identifies the algorithm intended for
	// use with the key.  The values used should either be registered in the
	// IANA "JSON Web Signature and Encryption Algorithms" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.
	// Example: RS256
	Alg string `json:"alg,omitempty" yaml:"alg,omitempty"`

	// crv
	// Example: P-256
	Crv string `json:"crv,omitempty" yaml:"crv,omitempty"`

	// d
	// Example: T_N8I-6He3M8a7X1vWt6TGIx4xB_GP3Mb4SsZSA4v-orvJzzRiQhLlRR81naWYxfQAYt5isDI6_C2L9bdWo4FFPjGQFvNoRX-_sBJyBI_rl-TBgsZYoUlAj3J92WmY2inbA-PwyJfsaIIDceYBC-eX-xiCu6qMqkZi3MwQAFL6bMdPEM0z4JBcwFT3VdiWAIRUuACWQwrXMq672x7fMuaIaHi7XDGgt1ith23CLfaREmJku9PQcchbt_uEY-hqrFY6ntTtS4paWWQj86xLL94S-Tf6v6xkL918PfLSOTq6XCzxvlFwzBJqApnAhbwqLjpPhgUG04EDRrqrSBc5Y1BLevn6Ip5h1AhessBp3wLkQgz_roeckt-ybvzKTjESMuagnpqLvOT7Y9veIug2MwPJZI2VjczRc1vzMs25XrFQ8DpUy-bNdp89TmvAXwctUMiJdgHloJw23Cv03gIUAkDnsTqZmkpbIf-crpgNKFmQP_EDKoe8p_PXZZgfbRri3NoEVGP7Mk6yEu8LjJhClhZaBNjuWw2-KlBfOA3g79mhfBnkInee5KO9mGR50qPk1V-MorUYNTFMZIm0kFE6eYVWFBwJHLKYhHU34DoiK1VP-svZpC2uAMFNA_UJEwM9CQ2b8qe4-5e9aywMvwcuArRkAB5mBIfOaOJao3mfukKAE
	D string `json:"d,omitempty" yaml:"d,omitempty"`

	// dp
	// Example: G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0
	Dp string `json:"dp,omitempty" yaml:"dp,omitempty"`

	// dq
	// Example: s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk
	Dq string `json:"dq,omitempty" yaml:"dq,omitempty"`

	// e
	// Example: AQAB
	E string `json:"e,omitempty" yaml:"e,omitempty"`

	// k
	// Example: GawgguFyGrWKav7AX4VKUg
	K string `json:"k,omitempty" yaml:"k,omitempty"`

	// The "kid" (key ID) parameter is used to match a specific key.  This
	// is used, for instance, to choose among a set of keys within a JWK Set
	// during key rollover.  The structure of the "kid" value is
	// unspecified.  When "kid" values are used within a JWK Set, different
	// keys within the JWK Set SHOULD use distinct "kid" values.  (One
	// example in which different keys might use the same "kid" value is if
	// they have different "kty" (key type) values but are considered to be
	// equivalent alternatives by the application using them.)  The "kid"
	// value is a case-sensitive string.
	// Example: 1603dfe0af8f4596
	Kid string `json:"kid,omitempty" yaml:"kid,omitempty"`

	// The "kty" (key type) parameter identifies the cryptographic algorithm
	// family used with the key, such as "RSA" or "EC". "kty" values should
	// either be registered in the IANA "JSON Web Key Types" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.  The "kty" value is a case-sensitive string.
	// Example: RSA
	// Required: true
	Kty string `json:"kty" yaml:"kty"`

	// n
	// Example: vTqrxUyQPl_20aqf5kXHwDZrel-KovIp8s7ewJod2EXHl8tWlRB3_Rem34KwBfqlKQGp1nqah-51H4Jzruqe0cFP58hPEIt6WqrvnmJCXxnNuIB53iX_uUUXXHDHBeaPCSRoNJzNysjoJ30TIUsKBiirhBa7f235PXbKiHducLevV6PcKxJ5cY8zO286qJLBWSPm-OIevwqsIsSIH44Qtm9sioFikhkbLwoqwWORGAY0nl6XvVOlhADdLjBSqSAeT1FPuCDCnXwzCDR8N9IFB_IjdStFkC-rVt2K5BYfPd0c3yFp_vHR15eRd0zJ8XQ7woBC8Vnsac6Et1pKS59pX6256DPWu8UDdEOolKAPgcd_g2NpA76cAaF_jcT80j9KrEzw8Tv0nJBGesuCjPNjGs_KzdkWTUXt23Hn9QJsdc1MZuaW0iqXBepHYfYoqNelzVte117t4BwVp0kUM6we0IqyXClaZgOI8S-WDBw2_Ovdm8e5NmhYAblEVoygcX8Y46oH6bKiaCQfKCFDMcRgChme7AoE1yZZYsPbaG_3IjPrC4LBMHQw8rM9dWjJ8ImjicvZ1pAm0dx-KHCP3y5PVKrxBDf1zSOsBRkOSjB8TPODnJMz6-jd5hTtZxpZPwPoIdCanTZ3ZD6uRBpTmDwtpRGm63UQs1m5FWPwb0T2IF0
	N string `json:"n,omitempty" yaml:"n,omitempty"`

	// p
	// Example: 6NbkXwDWUhi-eR55Cgbf27FkQDDWIamOaDr0rj1q0f1fFEz1W5A_09YvG09Fiv1AO2-D8Rl8gS1Vkz2i0zCSqnyy8A025XOcRviOMK7nIxE4OH_PEsko8dtIrb3TmE2hUXvCkmzw9EsTF1LQBOGC6iusLTXepIC1x9ukCKFZQvdgtEObQ5kzd9Nhq-cdqmSeMVLoxPLd1blviVT9Vm8-y12CtYpeJHOaIDtVPLlBhJiBoPKWg3vxSm4XxIliNOefqegIlsmTIa3MpS6WWlCK3yHhat0Q-rRxDxdyiVdG_wzJvp0Iw_2wms7pe-PgNPYvUWH9JphWP5K38YqEBiJFXQ
	P string `json:"p,omitempty" yaml:"p,omitempty"`

	// q
	// Example: 0A1FmpOWR91_RAWpqreWSavNaZb9nXeKiBo0DQGBz32DbqKqQ8S4aBJmbRhJcctjCLjain-ivut477tAUMmzJwVJDDq2MZFwC9Q-4VYZmFU4HJityQuSzHYe64RjN-E_NQ02TWhG3QGW6roq6c57c99rrUsETwJJiwS8M5p15Miuz53DaOjv-uqqFAFfywN5WkxHbraBcjHtMiQuyQbQqkCFh-oanHkwYNeytsNhTu2mQmwR5DR2roZ2nPiFjC6nsdk-A7E3S3wMzYYFw7jvbWWoYWo9vB40_MY2Y0FYQSqcDzcBIcq_0tnnasf3VW4Fdx6m80RzOb2Fsnln7vKXAQ
	Q string `json:"q,omitempty" yaml:"q,omitempty"`

	// qi
	// Example: GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU
	Qi string `json:"qi,omitempty" yaml:"qi,omitempty"`

	// Use ("public key use") identifies the intended use of
	// the public key. The "use" parameter is employed to indicate whether
	// a public key is used for encrypting data or verifying the signature
	// on data. Values are commonly "sig" (signature) or "enc" (encryption).
	// Example: sig
	Use string `json:"use,omitempty" yaml:"use,omitempty"`

	// x
	// Example: f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU
	X string `json:"x,omitempty" yaml:"x,omitempty"`

	// The "x5c" (X.509 certificate chain) parameter contains a chain of one
	// or more PKIX certificates [RFC5280].  The certificate chain is
	// represented as a JSON array of certificate value strings.  Each
	// string in the array is a base64-encoded (Section 4 of [RFC4648] --
	// not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
	// The PKIX certificate containing the key value MUST be the first
	// certificate.
	X5c []string `json:"x5c" yaml:"x5c"`

	// x5t
	// Example: GawgguFyGrWKav7AX4VKUg
	X5t string `json:"x5t,omitempty" yaml:"x5t,omitempty"`

	// x5t s256
	// Example: GawgguFyGrWKav7AX4VKUg
	X5tS256 string `json:"x5t#S256,omitempty" yaml:"x5t#S256,omitempty"`

	// y
	// Example: x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0
	Y string `json:"y,omitempty" yaml:"y,omitempty"`
}

type ClientJWKs struct {

	// keys
	// Example: []
	Keys []*ClientJWK `json:"keys" yaml:"keys"`
}

type ClientPrivacy struct {

	// optional privacy information mapping for scopes
	Scopes map[string]ScopePrivacyInformation `json:"scopes,omitempty" yaml:"scopes,omitempty"`
}

type ClientTokenExchangeConfiguration struct {

	// Additional actor token claims
	//
	// Claims from the actor token that will be injected into the exchanged token under the `act` claim.
	//
	// Applies for the token exchange delegation flow only.
	ActorClaims []string `json:"actor_claims" yaml:"actor_claims"`
}

type CognitoCredentials struct {

	// Cognito app client secret from your application settings
	ClientSecret string `json:"client_secret,omitempty" yaml:"client_secret,omitempty"`
}

type CognitoSettings struct {

	// Cognito app client ID from your application settings
	// Example: client
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// If enabled, additional user data is collected from the `userinfo` Cognito API
	GetUserInfo bool `json:"get_user_info,omitempty" yaml:"get_user_info,omitempty"`

	// Cognito pool ID
	//
	// A user pool is a user directory in Amazon Cognito. It enables your users to sign in to your
	// application through Amazon Cognito. You can find your pool ID in your User Pools > Federated
	// Identities settings.
	PoolID string `json:"pool_id,omitempty" yaml:"pool_id,omitempty"`

	// AWS Region where the user pool is hosted
	// Example: us-east-1
	Region string `json:"region,omitempty" yaml:"region,omitempty"`

	// An array of allowed OAuth scopes which the client requests
	//
	// The following scopes can be allowed for a Cognito application:
	// `phone`, `email`, `openid`, `aws.cognito.signin.user.admin`, `profile`.
	// Example: ["email","profile","openid"]
	Scopes []string `json:"scopes" yaml:"scopes"`

	// Whether to send the identifier as a `login_hint` parameter to the IDP
	SendLoginHint bool `json:"send_login_hint,omitempty" yaml:"send_login_hint,omitempty"`
}

type Confirmation struct {

	// jkt
	Jkt string `json:"jkt,omitempty" yaml:"jkt,omitempty"`

	// x5t s256
	X5tS256 string `json:"x5t#S256,omitempty" yaml:"x5t#S256,omitempty"`
}

type Consent struct {

	// flag determining if can user withdrawn consent
	// Example: false
	CanBeWithdrawn bool `json:"can_be_withdrawn,omitempty" yaml:"can_be_withdrawn,omitempty"`

	// consent description
	// Example: End User License Agreement
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// consent unique identifier
	// Example: 1
	ID string `json:"id,omitempty" yaml:"id,omitempty"`

	// internal services
	InternalServices []*ConsentService `json:"internal_services" yaml:"internal_services"`

	// consent name
	// Example: EULA
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// PII Categories
	PiiCategories []*PIICategory `json:"pii_categories" yaml:"pii_categories"`

	// tenant id
	// Example: default
	TenantID string `json:"tenant_id,omitempty" yaml:"tenant_id,omitempty"`

	// third party services
	ThirdPartyServices []*ConsentService `json:"third_party_services" yaml:"third_party_services"`

	// strategy for upading existing grants, one of: explicitAll, implicitAll, keepCurrent
	// Example: explicitAll
	UpdateExistingGrants string `json:"update_existing_grants,omitempty" yaml:"update_existing_grants,omitempty"`

	// marks the time from which the consent is in use. Can't be set to a future time
	// Example: 2019-12-11T13:44:28.772101Z
	// Format: date-time
	ValidFrom strfmt.DateTime `json:"valid_from,omitempty" yaml:"valid_from,omitempty"`

	// consent version. When a consent is updated, version is incremented.
	// Example: 1
	Version int64 `json:"version,omitempty" yaml:"version,omitempty"`
}

type ConsentActionToConsent struct {

	// flag determining if can user withdrawn consent
	// Example: false
	CanBeWithdrawn bool `json:"can_be_withdrawn,omitempty" yaml:"can_be_withdrawn,omitempty"`

	// consent description
	// Example: End User License Agreement
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// consent unique identifier
	// Example: 1
	ID string `json:"id,omitempty" yaml:"id,omitempty"`

	// internal services
	InternalServices []*ConsentService `json:"internal_services" yaml:"internal_services"`

	// consent name
	// Example: EULA
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// PII Categories
	PiiCategories []*PIICategory `json:"pii_categories" yaml:"pii_categories"`

	// is consent required
	// Example: false
	Required bool `json:"required,omitempty" yaml:"required,omitempty"`

	// tenant id
	// Example: default
	TenantID string `json:"tenant_id,omitempty" yaml:"tenant_id,omitempty"`

	// third party services
	ThirdPartyServices []*ConsentService `json:"third_party_services" yaml:"third_party_services"`

	// strategy for upading existing grants, one of: explicitAll, implicitAll, keepCurrent
	// Example: explicitAll
	UpdateExistingGrants string `json:"update_existing_grants,omitempty" yaml:"update_existing_grants,omitempty"`

	// marks the time from which the consent is in use. Can't be set to a future time
	// Example: 2019-12-11T13:44:28.772101Z
	// Format: date-time
	ValidFrom strfmt.DateTime `json:"valid_from,omitempty" yaml:"valid_from,omitempty"`

	// consent version. When a consent is updated, version is incremented.
	// Example: 1
	Version int64 `json:"version,omitempty" yaml:"version,omitempty"`
}