diff --git a/src/management/__generated/managers/clients-manager.ts b/src/management/__generated/managers/clients-manager.ts
index 25b2ee6b0..f012342e5 100644
--- a/src/management/__generated/managers/clients-manager.ts
+++ b/src/management/__generated/managers/clients-manager.ts
@@ -54,6 +54,7 @@ export class ClientsManager extends BaseAPI {
}
/**
+ * Delete a client credential you previously created. May be enabled or disabled. For more information, read Client Credential Flow.
* Delete a client credential
*
* @throws {RequiredError}
@@ -242,9 +243,9 @@ export class ClientsManager extends BaseAPI {
}
/**
- * Get the list of client credentials that are associated to the client.
+ * Get the details of a client credential.
*
- * Important: To enable credentials to be used
+ * Important: To enable credentials to be used for Private Key JWT authentication method, set the client_authentication_methods property on the client.
* Get client credentials
*
* @throws {RequiredError}
@@ -271,7 +272,9 @@ export class ClientsManager extends BaseAPI {
/**
* Get the details of a client credential.
- * Get client credential
+ *
+ * Important: To enable credentials to be used for Private Key JWT authentication method, set the client_authentication_methods property on the client.
+ * Get client credential details
*
* @throws {RequiredError}
*/
@@ -336,6 +339,7 @@ export class ClientsManager extends BaseAPI {
}
/**
+ * Change a client credential you previously created. May be enabled or disabled. For more information, read Client Credential Flow.
* Update a client credential
*
* @throws {RequiredError}
@@ -407,7 +411,8 @@ export class ClientsManager extends BaseAPI {
}
/**
- * Create a client credential associated to the client. The credential will be created but not yet enabled
+ * Create a client credential associated to your application. The credential will be created but not yet enabled for use with Private Key JWT authentication method. To enable the credential, set the client_authentication_methods property on the client.
+ * For more information, read Configure Private Key JWT Authentication.
* Create a client credential
*
* @throws {RequiredError}
diff --git a/src/management/__generated/models/index.ts b/src/management/__generated/models/index.ts
index 867ebd26b..d534bdf92 100644
--- a/src/management/__generated/models/index.ts
+++ b/src/management/__generated/models/index.ts
@@ -192,6 +192,24 @@ export interface Client {
/**
*/
client_authentication_methods: ClientClientAuthenticationMethods | null;
+ /**
+ * Makes the use of Pushed Authorization Requests mandatory for this client
+ *
+ */
+ require_pushed_authorization_requests: boolean;
+ /**
+ */
+ signed_request_object: ClientSignedRequestObject;
+ /**
+ * Makes the use of Proof-of-Possession mandatory for this client
+ *
+ */
+ require_proof_of_possession: boolean;
+ /**
+ * Defines the compliance level for this client, which may restrict it's capabilities
+ *
+ */
+ compliance_level: ClientComplianceLevelEnum;
}
export const ClientTokenEndpointAuthMethodEnum = {
@@ -218,6 +236,15 @@ export const ClientOrganizationRequireBehaviorEnum = {
export type ClientOrganizationRequireBehaviorEnum =
(typeof ClientOrganizationRequireBehaviorEnum)[keyof typeof ClientOrganizationRequireBehaviorEnum];
+export const ClientComplianceLevelEnum = {
+ none: 'none',
+ fapi1_adv_pkj_par: 'fapi1_adv_pkj_par',
+ fapi1_adv_mtls_par: 'fapi1_adv_mtls_par',
+ null: 'null',
+} as const;
+export type ClientComplianceLevelEnum =
+ (typeof ClientComplianceLevelEnum)[keyof typeof ClientComplianceLevelEnum];
+
/**
* Addons enabled for this client and their associated configurations.
*/
@@ -846,6 +873,12 @@ export interface ClientClientAuthenticationMethods {
/**
*/
private_key_jwt: ClientClientAuthenticationMethodsPrivateKeyJwt;
+ /**
+ */
+ tls_client_auth: ClientClientAuthenticationMethodsTlsClientAuth;
+ /**
+ */
+ self_signed_tls_client_auth: ClientClientAuthenticationMethodsSelfSignedTlsClientAuth;
}
/**
* Defines `private_key_jwt` client authentication method. If this property is defined, the client is enabled to use the Private Key JWT authentication method.
@@ -867,6 +900,26 @@ export interface ClientClientAuthenticationMethodsPrivateKeyJwtCredentialsInner
*/
id: string;
}
+/**
+ * Defines `self_signed_tls_client_auth` client authentication method. If the property is defined, the client is configured to use mTLS authentication method utilizing self-signed certificate.
+ */
+export interface ClientClientAuthenticationMethodsSelfSignedTlsClientAuth {
+ /**
+ * A list of unique and previously created credential IDs enabled on the client for mTLS authentication utilizing self-signed certificate.
+ *
+ */
+ credentials: Array;
+}
+/**
+ * Defines `tls_client_auth` client authentication method. If the property is defined, the client is configured to use CA-based mTLS authentication method.
+ */
+export interface ClientClientAuthenticationMethodsTlsClientAuth {
+ /**
+ * A list of unique and previously created credential IDs enabled on the client for CA-based mTLS authentication.
+ *
+ */
+ credentials: Array;
+}
/**
*
*/
@@ -1025,6 +1078,24 @@ export interface ClientCreate {
/**
*/
client_authentication_methods?: ClientCreateClientAuthenticationMethods;
+ /**
+ * Makes the use of Pushed Authorization Requests mandatory for this client
+ *
+ */
+ require_pushed_authorization_requests?: boolean;
+ /**
+ */
+ signed_request_object?: ClientCreateSignedRequestObject;
+ /**
+ * Makes the use of Proof-of-Possession mandatory for this client
+ *
+ */
+ require_proof_of_possession?: boolean;
+ /**
+ * Defines the compliance level for this client, which may restrict it's capabilities
+ *
+ */
+ compliance_level?: ClientCreateComplianceLevelEnum;
}
export const ClientCreateTokenEndpointAuthMethodEnum = {
@@ -1079,6 +1150,15 @@ export const ClientCreateOrganizationRequireBehaviorEnum = {
export type ClientCreateOrganizationRequireBehaviorEnum =
(typeof ClientCreateOrganizationRequireBehaviorEnum)[keyof typeof ClientCreateOrganizationRequireBehaviorEnum];
+export const ClientCreateComplianceLevelEnum = {
+ none: 'none',
+ fapi1_adv_pkj_par: 'fapi1_adv_pkj_par',
+ fapi1_adv_mtls_par: 'fapi1_adv_mtls_par',
+ null: 'null',
+} as const;
+export type ClientCreateComplianceLevelEnum =
+ (typeof ClientCreateComplianceLevelEnum)[keyof typeof ClientCreateComplianceLevelEnum];
+
/**
* Addons enabled for this client and their associated configurations.
*/
@@ -1639,6 +1719,12 @@ export interface ClientCreateClientAuthenticationMethods {
/**
*/
private_key_jwt?: ClientCreateClientAuthenticationMethodsPrivateKeyJwt;
+ /**
+ */
+ tls_client_auth?: ClientCreateClientAuthenticationMethodsTlsClientAuth;
+ /**
+ */
+ self_signed_tls_client_auth?: ClientCreateClientAuthenticationMethodsSelfSignedTlsClientAuth;
}
/**
* Defines `private_key_jwt` client authentication method. If this property is defined, the client is enabled to use the Private Key JWT authentication method.
@@ -1701,6 +1787,79 @@ export const ClientCreateClientAuthenticationMethodsPrivateKeyJwtCredentialsInne
export type ClientCreateClientAuthenticationMethodsPrivateKeyJwtCredentialsInnerAlgEnum =
(typeof ClientCreateClientAuthenticationMethodsPrivateKeyJwtCredentialsInnerAlgEnum)[keyof typeof ClientCreateClientAuthenticationMethodsPrivateKeyJwtCredentialsInnerAlgEnum];
+/**
+ * Defines `self_signed_tls_client_auth` client authentication method. If the property is defined, the client is configured to use mTLS authentication method utilizing self-signed certificate.
+ */
+export interface ClientCreateClientAuthenticationMethodsSelfSignedTlsClientAuth {
+ /**
+ * Fully defined credentials that will be enabled on the client for mTLS authentication utilizing self-signed certificate.
+ *
+ */
+ credentials: Array;
+}
+/**
+ *
+ */
+export interface ClientCreateClientAuthenticationMethodsSelfSignedTlsClientAuthCredentialsInner {
+ /**
+ */
+ credential_type: ClientCreateClientAuthenticationMethodsSelfSignedTlsClientAuthCredentialsInnerCredentialTypeEnum;
+ /**
+ */
+ name?: string;
+ /**
+ * PEM-formatted X509 certificate. Must be JSON escaped.
+ *
+ */
+ pem: string;
+}
+
+export const ClientCreateClientAuthenticationMethodsSelfSignedTlsClientAuthCredentialsInnerCredentialTypeEnum =
+ {
+ x509_cert: 'x509_cert',
+ } as const;
+export type ClientCreateClientAuthenticationMethodsSelfSignedTlsClientAuthCredentialsInnerCredentialTypeEnum =
+ (typeof ClientCreateClientAuthenticationMethodsSelfSignedTlsClientAuthCredentialsInnerCredentialTypeEnum)[keyof typeof ClientCreateClientAuthenticationMethodsSelfSignedTlsClientAuthCredentialsInnerCredentialTypeEnum];
+
+/**
+ * Defines `tls_client_auth` client authentication method. If the property is defined, the client is configured to use CA-based mTLS authentication method.
+ */
+export interface ClientCreateClientAuthenticationMethodsTlsClientAuth {
+ /**
+ * Fully defined credentials that will be enabled on the client for CA-based mTLS authentication.
+ *
+ */
+ credentials: Array;
+}
+/**
+ *
+ */
+export interface ClientCreateClientAuthenticationMethodsTlsClientAuthCredentialsInner {
+ /**
+ */
+ credential_type?: ClientCreateClientAuthenticationMethodsTlsClientAuthCredentialsInnerCredentialTypeEnum;
+ /**
+ */
+ name?: string;
+ /**
+ * Subject Distinguished Name. Mutually exclusive with `pem` property.
+ *
+ */
+ subject_dn?: string;
+ /**
+ * PEM-formatted X509 certificate. Must be JSON escaped. Mutually exclusive with `subject_dn` property.
+ *
+ */
+ pem?: string;
+}
+
+export const ClientCreateClientAuthenticationMethodsTlsClientAuthCredentialsInnerCredentialTypeEnum =
+ {
+ cert_subject_dn: 'cert_subject_dn',
+ } as const;
+export type ClientCreateClientAuthenticationMethodsTlsClientAuthCredentialsInnerCredentialTypeEnum =
+ (typeof ClientCreateClientAuthenticationMethodsTlsClientAuthCredentialsInnerCredentialTypeEnum)[keyof typeof ClientCreateClientAuthenticationMethodsTlsClientAuthCredentialsInnerCredentialTypeEnum];
+
/**
* Encryption used for WsFed responses with this client.
*/
@@ -1832,6 +1991,19 @@ export interface ClientCreateOidcLogout {
*/
backchannel_logout_urls: Array;
}
+/**
+ * JWT-secured Authorization Requests (JAR) settings.
+ */
+export interface ClientCreateSignedRequestObject {
+ /**
+ * Indicates whether the JAR requests are mandatory
+ *
+ */
+ required?: boolean;
+ /**
+ */
+ credentials?: Array;
+}
/**
* Encryption used for WsFed responses with this client.
*/
@@ -2074,6 +2246,19 @@ export const ClientRefreshTokenExpirationTypeEnum = {
export type ClientRefreshTokenExpirationTypeEnum =
(typeof ClientRefreshTokenExpirationTypeEnum)[keyof typeof ClientRefreshTokenExpirationTypeEnum];
+/**
+ * JWT-secured Authorization Requests (JAR) settings.
+ */
+export interface ClientSignedRequestObject {
+ /**
+ * Indicates whether the JAR requests are mandatory
+ *
+ */
+ required: boolean;
+ /**
+ */
+ credentials: Array;
+}
/**
*
*/
@@ -2256,6 +2441,24 @@ export interface ClientUpdate {
/**
*/
client_authentication_methods?: ClientUpdateClientAuthenticationMethods | null;
+ /**
+ * Makes the use of Pushed Authorization Requests mandatory for this client
+ *
+ */
+ require_pushed_authorization_requests?: boolean;
+ /**
+ */
+ signed_request_object?: ClientUpdateSignedRequestObject | null;
+ /**
+ * Makes the use of Proof-of-Possession mandatory for this client
+ *
+ */
+ require_proof_of_possession?: boolean;
+ /**
+ * Defines the compliance level for this client, which may restrict it's capabilities
+ *
+ */
+ compliance_level?: ClientUpdateComplianceLevelEnum;
}
export const ClientUpdateTokenEndpointAuthMethodEnum = {
@@ -2311,6 +2514,15 @@ export const ClientUpdateOrganizationRequireBehaviorEnum = {
export type ClientUpdateOrganizationRequireBehaviorEnum =
(typeof ClientUpdateOrganizationRequireBehaviorEnum)[keyof typeof ClientUpdateOrganizationRequireBehaviorEnum];
+export const ClientUpdateComplianceLevelEnum = {
+ none: 'none',
+ fapi1_adv_pkj_par: 'fapi1_adv_pkj_par',
+ fapi1_adv_mtls_par: 'fapi1_adv_mtls_par',
+ null: 'null',
+} as const;
+export type ClientUpdateComplianceLevelEnum =
+ (typeof ClientUpdateComplianceLevelEnum)[keyof typeof ClientUpdateComplianceLevelEnum];
+
/**
* Addons enabled for this client and their associated configurations.
*/
@@ -2425,6 +2637,12 @@ export interface ClientUpdateClientAuthenticationMethods {
/**
*/
private_key_jwt?: ClientClientAuthenticationMethodsPrivateKeyJwt;
+ /**
+ */
+ tls_client_auth?: ClientClientAuthenticationMethodsTlsClientAuth;
+ /**
+ */
+ self_signed_tls_client_auth?: ClientClientAuthenticationMethodsSelfSignedTlsClientAuth;
}
/**
* The client's encryption key
@@ -2524,6 +2742,19 @@ export interface ClientUpdateOidcLogout {
*/
backchannel_logout_urls?: Array;
}
+/**
+ * JWT-secured Authorization Requests (JAR) settings.
+ */
+export interface ClientUpdateSignedRequestObject {
+ /**
+ * Indicates whether the JAR requests are mandatory
+ *
+ */
+ required?: boolean;
+ /**
+ */
+ credentials?: Array;
+}
/**
*
*/
@@ -4741,6 +4972,16 @@ export interface GetCredentials200ResponseInner {
*
*/
credential_type: string;
+ /**
+ * The X509 certificate's Subject Distinguished Name
+ *
+ */
+ subject_dn: string;
+ /**
+ * The X509 certificate's SHA256 thumbprint
+ *
+ */
+ thumbprint_sha256: string;
/**
* The ISO 8601 formatted date the credential was created.
*
@@ -11066,6 +11307,18 @@ export interface ResourceServer {
/**
*/
client: object;
+ /**
+ */
+ token_encryption: ResourceServerTokenEncryption | null;
+ /**
+ */
+ consent_policy: ResourceServerConsentPolicyEnum;
+ /**
+ */
+ authorization_details: Array;
+ /**
+ */
+ proof_of_possession: ResourceServerProofOfPossession | null;
}
export const ResourceServerSigningAlgEnum = {
@@ -11085,6 +11338,13 @@ export const ResourceServerTokenDialectEnum = {
export type ResourceServerTokenDialectEnum =
(typeof ResourceServerTokenDialectEnum)[keyof typeof ResourceServerTokenDialectEnum];
+export const ResourceServerConsentPolicyEnum = {
+ transactional_authorization_with_mfa: 'transactional-authorization-with-mfa',
+ null: 'null',
+} as const;
+export type ResourceServerConsentPolicyEnum =
+ (typeof ResourceServerConsentPolicyEnum)[keyof typeof ResourceServerConsentPolicyEnum];
+
/**
*
*/
@@ -11125,7 +11385,7 @@ export interface ResourceServerCreate {
*/
token_lifetime?: number;
/**
- * Dialect of access tokens that should be issued. `access_token` is a JWT containing standard Auth0 claims; `rfc9068_profile` is a JWT conforming to the IETF JWT Access Token Profile. `access_token_authz` and `rfc9068_profile_authz` additionally include RBAC permissions claims.
+ * Dialect of issued access token. `access_token` is a JWT containing standard Auth0 claims; `rfc9068_profile` is a JWT conforming to the IETF JWT Access Token Profile. `access_token_authz` and `rfc9068_profile_authz` additionally include RBAC permissions claims.
*
*/
token_dialect?: ResourceServerCreateTokenDialectEnum;
@@ -11142,6 +11402,18 @@ export interface ResourceServerCreate {
/**
*/
client?: object;
+ /**
+ */
+ token_encryption?: ResourceServerTokenEncryption | null;
+ /**
+ */
+ consent_policy?: ResourceServerCreateConsentPolicyEnum;
+ /**
+ */
+ authorization_details?: Array;
+ /**
+ */
+ proof_of_possession?: ResourceServerProofOfPossession | null;
}
export const ResourceServerCreateSigningAlgEnum = {
@@ -11161,6 +11433,89 @@ export const ResourceServerCreateTokenDialectEnum = {
export type ResourceServerCreateTokenDialectEnum =
(typeof ResourceServerCreateTokenDialectEnum)[keyof typeof ResourceServerCreateTokenDialectEnum];
+export const ResourceServerCreateConsentPolicyEnum = {
+ transactional_authorization_with_mfa: 'transactional-authorization-with-mfa',
+ null: 'null',
+} as const;
+export type ResourceServerCreateConsentPolicyEnum =
+ (typeof ResourceServerCreateConsentPolicyEnum)[keyof typeof ResourceServerCreateConsentPolicyEnum];
+
+/**
+ * Proof-of-Possession configuration for access tokens
+ */
+export interface ResourceServerProofOfPossession {
+ /**
+ * Intended mechanism for Proof-of-Possession
+ *
+ */
+ mechanism: ResourceServerProofOfPossessionMechanismEnum;
+ /**
+ * Whether the use of Proof-of-Possession is required for the resource server
+ *
+ */
+ required: boolean;
+}
+
+export const ResourceServerProofOfPossessionMechanismEnum = {
+ mtls: 'mtls',
+} as const;
+export type ResourceServerProofOfPossessionMechanismEnum =
+ (typeof ResourceServerProofOfPossessionMechanismEnum)[keyof typeof ResourceServerProofOfPossessionMechanismEnum];
+
+/**
+ *
+ */
+export interface ResourceServerTokenEncryption {
+ /**
+ * Format of the encrypted JWT payload.
+ *
+ */
+ format: ResourceServerTokenEncryptionFormatEnum;
+ /**
+ */
+ encryption_key: ResourceServerTokenEncryptionEncryptionKey;
+}
+
+export const ResourceServerTokenEncryptionFormatEnum = {
+ compact_nested_jwe: 'compact-nested-jwe',
+} as const;
+export type ResourceServerTokenEncryptionFormatEnum =
+ (typeof ResourceServerTokenEncryptionFormatEnum)[keyof typeof ResourceServerTokenEncryptionFormatEnum];
+
+/**
+ *
+ */
+export interface ResourceServerTokenEncryptionEncryptionKey {
+ /**
+ * Name of the encryption key.
+ *
+ */
+ name?: string;
+ /**
+ * Algorithm used to encrypt the token.
+ *
+ */
+ alg: ResourceServerTokenEncryptionEncryptionKeyAlgEnum;
+ /**
+ * Key ID.
+ *
+ */
+ kid?: string;
+ /**
+ * PEM-formatted public key. Must be JSON escaped.
+ *
+ */
+ pem: string;
+}
+
+export const ResourceServerTokenEncryptionEncryptionKeyAlgEnum = {
+ _256: 'RSA-OAEP-256',
+ _384: 'RSA-OAEP-384',
+ _512: 'RSA-OAEP-512',
+} as const;
+export type ResourceServerTokenEncryptionEncryptionKeyAlgEnum =
+ (typeof ResourceServerTokenEncryptionEncryptionKeyAlgEnum)[keyof typeof ResourceServerTokenEncryptionEncryptionKeyAlgEnum];
+
/**
*
*/
@@ -11201,7 +11556,7 @@ export interface ResourceServerUpdate {
*/
token_lifetime?: number;
/**
- * Dialect of access tokens that should be issued. `access_token` is a JWT containing standard Auth0 claims; `rfc9068_profile` is a JWT conforming to the IETF JWT Access Token Profile. `access_token_authz` and `rfc9068_profile_authz` additionally include RBAC permissions claims.
+ * Dialect of issued access token. `access_token` is a JWT containing standard Auth0 claims; `rfc9068_profile` is a JWT conforming to the IETF JWT Access Token Profile. `access_token_authz` and `rfc9068_profile_authz` additionally include RBAC permissions claims.
*
*/
token_dialect?: ResourceServerUpdateTokenDialectEnum;
@@ -11213,6 +11568,18 @@ export interface ResourceServerUpdate {
/**
*/
client?: object;
+ /**
+ */
+ token_encryption?: ResourceServerTokenEncryption | null;
+ /**
+ */
+ consent_policy?: ResourceServerUpdateConsentPolicyEnum;
+ /**
+ */
+ authorization_details?: Array;
+ /**
+ */
+ proof_of_possession?: ResourceServerProofOfPossession | null;
}
export const ResourceServerUpdateSigningAlgEnum = {
@@ -11232,6 +11599,13 @@ export const ResourceServerUpdateTokenDialectEnum = {
export type ResourceServerUpdateTokenDialectEnum =
(typeof ResourceServerUpdateTokenDialectEnum)[keyof typeof ResourceServerUpdateTokenDialectEnum];
+export const ResourceServerUpdateConsentPolicyEnum = {
+ transactional_authorization_with_mfa: 'transactional-authorization-with-mfa',
+ null: 'null',
+} as const;
+export type ResourceServerUpdateConsentPolicyEnum =
+ (typeof ResourceServerUpdateConsentPolicyEnum)[keyof typeof ResourceServerUpdateConsentPolicyEnum];
+
/**
*
*/
@@ -11558,6 +11932,19 @@ export interface TenantSettings {
*
*/
customize_mfa_in_postlogin_action: boolean;
+ /**
+ * Supported ACR values
+ *
+ */
+ acr_values_supported: Array;
+ /**
+ */
+ mtls: TenantSettingsMtls | null;
+ /**
+ * Enables the use of Pushed Authorization Requests
+ *
+ */
+ pushed_authorization_requests_supported: boolean;
}
export const TenantSettingsEnabledLocalesEnum = {
@@ -11786,6 +12173,11 @@ export interface TenantSettingsFlags {
*
*/
mfa_show_factor_list_on_enrollment: boolean;
+ /**
+ * Removes alg property from jwks .well-known endpoint
+ *
+ */
+ remove_alg_from_jwks: boolean;
}
/**
* Guardian page customization.
@@ -11802,6 +12194,16 @@ export interface TenantSettingsGuardianMfaPage {
*/
html: string;
}
+/**
+ * mTLS configuration.
+ */
+export interface TenantSettingsMtls {
+ /**
+ * If true, enables mTLS endpoint aliases
+ *
+ */
+ enable_endpoint_aliases: boolean;
+}
/**
* Session cookie configuration
*/
@@ -11925,6 +12327,19 @@ export interface TenantSettingsUpdate {
*
*/
allow_organization_name_in_authentication_api?: boolean | null;
+ /**
+ * Supported ACR values
+ *
+ */
+ acr_values_supported?: Array;
+ /**
+ */
+ mtls?: TenantSettingsUpdateMtls | null;
+ /**
+ * Enables the use of Pushed Authorization Requests
+ *
+ */
+ pushed_authorization_requests_supported?: boolean | null;
}
export const TenantSettingsUpdateEnabledLocalesEnum = {
@@ -12163,6 +12578,11 @@ export interface TenantSettingsUpdateFlags {
*
*/
mfa_show_factor_list_on_enrollment?: boolean;
+ /**
+ * Removes alg property from jwks .well-known endpoint
+ *
+ */
+ remove_alg_from_jwks?: boolean;
}
export const TenantSettingsUpdateFlagsChangePwdFlowV1Enum = {
@@ -12186,6 +12606,16 @@ export interface TenantSettingsUpdateGuardianMfaPage {
*/
html?: string;
}
+/**
+ * mTLS configuration.
+ */
+export interface TenantSettingsUpdateMtls {
+ /**
+ * If true, enables mTLS endpoint aliases
+ *
+ */
+ enable_endpoint_aliases?: boolean;
+}
/**
* Sessions related settings for tenant
*/