You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/Model/CreateProjectNormalizedPayload.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,13 +27,15 @@ Name | Type | Description | Notes
27
27
**hydraOauth2GrantJwtIatOptional** | **bool** | Configures if the issued at (`iat`) claim is required in the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC7523). If set to `false`, the `iat` claim is required. Set this value to `true` only after careful consideration. This governs the \"oauth2.grant.jwt.iat_optional\" setting. | [optional]
28
28
**hydraOauth2GrantJwtJtiOptional** | **bool** | Configures if the JSON Web Token ID (`jti`) claim is required in the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC7523). If set to `false`, the `jti` claim is required. Set this value to `true` only after careful consideration. This governs the \"oauth2.grant.jwt.jti_optional\" setting. | [optional]
29
29
**hydraOauth2GrantJwtMaxTtl** | **string** | Configures what the maximum age of a JWT assertion used in the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC7523) can be. This feature uses the `exp` claim and `iat` claim to calculate assertion age. Assertions exceeding the max age will be denied. Useful as a safety measure and recommended to keep below 720h. This governs the \"oauth2.grant.jwt.max_ttl\" setting. | [optional][default to '720h']
30
-
**hydraOauth2GrantRefreshTokenRotationGracePeriod** | **string** | Configures the OAuth2 Grant Refresh Token Rotation Grace Period If set to `null` or `\"0s\"`, the graceful refresh token rotation is disabled. This governs the \"oauth2.grant.refresh_token_rotation_grace_period\" setting. | [optional]
30
+
**hydraOauth2GrantRefreshTokenRotationGracePeriod** | **string** | Configures the OAuth2 Grant Refresh Token Rotation Grace Period If set to `null` or `\"0s\"`, the graceful refresh token rotation is disabled. This governs the \"oauth2.grant.refresh_token.rotation_grace_period\" setting. | [optional]
31
+
**hydraOauth2GrantRefreshTokenRotationGraceReuseCount** | **int** | Configures the OAuth2 Grant Refresh Token Rotation Grace Reuse Count. The maximum number of times a refresh token can be reused within the grace period. If set to `null` or `0`, the limit is disabled. This governs the \"oauth2.grant.refresh_token.rotation_grace_reuse_count\" setting. | [optional]
31
32
**hydraOauth2MirrorTopLevelClaims** | **bool** | Set to false if you don't want to mirror custom claims under 'ext'. This governs the \"oauth2.mirror_top_level_claims\" setting. | [optional]
32
33
**hydraOauth2PkceEnforced** | **bool** | Configures whether PKCE should be enforced for all OAuth2 Clients. This governs the \"oauth2.pkce.enforced\" setting. | [optional]
33
34
**hydraOauth2PkceEnforcedForPublicClients** | **bool** | Configures whether PKCE should be enforced for OAuth2 Clients without a client secret (public clients). This governs the \"oauth2.pkce.enforced_for_public_clients\" setting. | [optional]
34
35
**hydraOauth2PreserveExtClaims** | **bool** | Set to true to keep custom claims that are not promoted to the top level in the 'ext' claim. Only applies when mirror_top_level_claims is false. This governs the \"oauth2.preserve_ext_claims\" setting. | [optional]
35
36
**hydraOauth2RefreshTokenHook** | **string** | Sets the Refresh Token Hook Endpoint. If set this endpoint will be called during the OAuth2 Token Refresh grant update the OAuth2 Access Token claims. This governs the \"oauth2.refresh_token_hook\" setting. | [optional]
36
37
**hydraOauth2TokenHook** | **string** | Sets the token hook endpoint for all grant types. If set it will be called while providing token to customize claims. This governs the \"oauth2.token_hook.url\" setting. | [optional]
38
+
**hydraOauth2TokenPrefix** | **string** | Sets a per-project Access Token, Refresh Token, and Authorization Code prefix. The literal \"%s\" is replaced at issuance time with the token kind: \"at\" (access token), \"rt\" (refresh token), or \"ac\" (authorization code). For example, \"acme_%s_\" yields \"acme_at_…\", \"acme_rt_…\", and \"acme_ac_…\". Must be a fmt.Sprintf template with exactly one \"%s\" substitution. The rendered prefix may contain only ASCII letters, digits, and underscores — no other \"%\" directives (\"%d\", \"%%\", positional or width-flagged verbs), no hyphens, dots, slashes, whitespace, quotes, or non-ASCII characters. Leave empty to keep the default \"ory_%s_\" prefix. This is an Enterprise feature. This governs the \"oauth2.token_prefix\" setting. | [optional]
37
39
**hydraOidcDynamicClientRegistrationDefaultScope** | **string[]** | The OpenID Connect Dynamic Client Registration specification has no concept of whitelisting OAuth 2.0 Scope. If you want to expose Dynamic Client Registration, you should set the default scope enabled for newly registered clients. Keep in mind that users can overwrite this default by setting the \"scope\" key in the registration payload, effectively disabling the concept of whitelisted scopes. This governs the \"oidc.dynamic_client_registration.default_scope\" setting. | [optional]
38
40
**hydraOidcDynamicClientRegistrationEnabled** | **bool** | Configures OpenID Connect Dynamic Client Registration. This governs the \"oidc.dynamic_client_registration.enabled\" setting. | [optional]
39
41
**hydraOidcSubjectIdentifiersPairwiseSalt** | **string** | Configures OpenID Connect Discovery and overwrites the pairwise algorithm This governs the \"oidc.subject_identifiers.pairwise_salt\" setting. | [optional]
Copy file name to clipboardExpand all lines: docs/Model/NormalizedProjectRevision.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,13 +25,15 @@ Name | Type | Description | Notes
25
25
**hydraOauth2GrantJwtIatOptional** | **bool** | Configures if the issued at (`iat`) claim is required in the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC7523). If set to `false`, the `iat` claim is required. Set this value to `true` only after careful consideration. This governs the \"oauth2.grant.jwt.iat_optional\" setting. | [optional]
26
26
**hydraOauth2GrantJwtJtiOptional** | **bool** | Configures if the JSON Web Token ID (`jti`) claim is required in the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC7523). If set to `false`, the `jti` claim is required. Set this value to `true` only after careful consideration. This governs the \"oauth2.grant.jwt.jti_optional\" setting. | [optional]
27
27
**hydraOauth2GrantJwtMaxTtl** | **string** | Configures what the maximum age of a JWT assertion used in the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC7523) can be. This feature uses the `exp` claim and `iat` claim to calculate assertion age. Assertions exceeding the max age will be denied. Useful as a safety measure and recommended to keep below 720h. This governs the \"oauth2.grant.jwt.max_ttl\" setting. | [optional][default to '720h']
28
-
**hydraOauth2GrantRefreshTokenRotationGracePeriod** | **string** | Configures the OAuth2 Grant Refresh Token Rotation Grace Period If set to `null` or `\"0s\"`, the graceful refresh token rotation is disabled. This governs the \"oauth2.grant.refresh_token_rotation_grace_period\" setting. | [optional]
28
+
**hydraOauth2GrantRefreshTokenRotationGracePeriod** | **string** | Configures the OAuth2 Grant Refresh Token Rotation Grace Period If set to `null` or `\"0s\"`, the graceful refresh token rotation is disabled. This governs the \"oauth2.grant.refresh_token.rotation_grace_period\" setting. | [optional]
29
+
**hydraOauth2GrantRefreshTokenRotationGraceReuseCount** | **int** | Configures the OAuth2 Grant Refresh Token Rotation Grace Reuse Count. The maximum number of times a refresh token can be reused within the grace period. If set to `null` or `0`, the limit is disabled. This governs the \"oauth2.grant.refresh_token.rotation_grace_reuse_count\" setting. | [optional]
29
30
**hydraOauth2MirrorTopLevelClaims** | **bool** | Set to false if you don't want to mirror custom claims under 'ext'. This governs the \"oauth2.mirror_top_level_claims\" setting. | [optional]
30
31
**hydraOauth2PkceEnforced** | **bool** | Configures whether PKCE should be enforced for all OAuth2 Clients. This governs the \"oauth2.pkce.enforced\" setting. | [optional]
31
32
**hydraOauth2PkceEnforcedForPublicClients** | **bool** | Configures whether PKCE should be enforced for OAuth2 Clients without a client secret (public clients). This governs the \"oauth2.pkce.enforced_for_public_clients\" setting. | [optional]
32
33
**hydraOauth2PreserveExtClaims** | **bool** | Set to true to keep custom claims that are not promoted to the top level in the 'ext' claim. Only applies when mirror_top_level_claims is false. This governs the \"oauth2.preserve_ext_claims\" setting. | [optional]
33
34
**hydraOauth2RefreshTokenHook** | **string** | Sets the Refresh Token Hook Endpoint. If set this endpoint will be called during the OAuth2 Token Refresh grant update the OAuth2 Access Token claims. This governs the \"oauth2.refresh_token_hook\" setting. | [optional]
34
35
**hydraOauth2TokenHook** | **string** | Sets the token hook endpoint for all grant types. If set it will be called while providing token to customize claims. This governs the \"oauth2.token_hook.url\" setting. | [optional]
36
+
**hydraOauth2TokenPrefix** | **string** | Sets a per-project Access Token, Refresh Token, and Authorization Code prefix. The literal \"%s\" is replaced at issuance time with the token kind: \"at\" (access token), \"rt\" (refresh token), or \"ac\" (authorization code). For example, \"acme_%s_\" yields \"acme_at_…\", \"acme_rt_…\", and \"acme_ac_…\". Must be a fmt.Sprintf template with exactly one \"%s\" substitution. The rendered prefix may contain only ASCII letters, digits, and underscores — no other \"%\" directives (\"%d\", \"%%\", positional or width-flagged verbs), no hyphens, dots, slashes, whitespace, quotes, or non-ASCII characters. Leave empty to keep the default \"ory_%s_\" prefix. This is an Enterprise feature. This governs the \"oauth2.token_prefix\" setting. | [optional]
35
37
**hydraOidcDynamicClientRegistrationDefaultScope** | **string[]** | The OpenID Connect Dynamic Client Registration specification has no concept of whitelisting OAuth 2.0 Scope. If you want to expose Dynamic Client Registration, you should set the default scope enabled for newly registered clients. Keep in mind that users can overwrite this default by setting the \"scope\" key in the registration payload, effectively disabling the concept of whitelisted scopes. This governs the \"oidc.dynamic_client_registration.default_scope\" setting. | [optional]
36
38
**hydraOidcDynamicClientRegistrationEnabled** | **bool** | Configures OpenID Connect Dynamic Client Registration. This governs the \"oidc.dynamic_client_registration.enabled\" setting. | [optional]
37
39
**hydraOidcSubjectIdentifiersPairwiseSalt** | **string** | Configures OpenID Connect Discovery and overwrites the pairwise algorithm This governs the \"oidc.subject_identifiers.pairwise_salt\" setting. | [optional]
0 commit comments