Fields

• unAll :: Bool
   

Fields

• unClient :: Text
   

Fields

• unClientId :: Text
   

Fields

• unClientName :: Text
   

Fields

• unClientSecret :: Text
   

Fields

• unCode :: Text
   

Fields

• unConsentChallenge :: Text
   

Fields

• unDefaultItems :: Integer
   

Fields

• unGrantType :: Text
   

Fields

• unId :: Text
   

Fields

• unIssuer :: Text
   

Fields

• unJsonPatch2 :: [JsonPatch]
   

Fields

• unKid :: Text
   

Fields

• unLoginChallenge :: Text
   

Fields

• unLoginSessionId :: Text
   

Fields

• unLogoutChallenge :: Text
   

Fields

• unMaxItems :: Integer
   

Fields

• unOwner :: Text
   

Fields

• unPageSize :: Integer
   

Fields

• unPageToken :: Text
   

Fields

• unRedirectUri :: Text
   

Fields

• unRefreshToken :: Text
   

Fields

• unScope :: Text
   

Fields

• unSet :: Text
   

Fields

• unSubject :: Text
   

Fields

• unToken :: Text
   

Fields

• acceptOAuth2ConsentRequestGrantAccessTokenAudience :: Maybe [Text]

  "grant_access_token_audience"

• acceptOAuth2ConsentRequestGrantScope :: Maybe [Text]

  "grant_scope"

• acceptOAuth2ConsentRequestHandledAt :: Maybe DateTime

  "handled_at"

• acceptOAuth2ConsentRequestRemember :: Maybe Bool

  "remember" - Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same client asks the same user for the same, or a subset of, scope.

• acceptOAuth2ConsentRequestRememberFor :: Maybe Integer

  "remember_for" - RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the authorization will be remembered indefinitely.

• acceptOAuth2ConsentRequestSession :: Maybe AcceptOAuth2ConsentRequestSession

  "session"

Fields

• acceptOAuth2ConsentRequestSessionAccessToken :: Maybe Value

  "access_token" - AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the refresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection. If only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties can access that endpoint as well, sensitive data from the session might be exposed to them. Use with care!

• acceptOAuth2ConsentRequestSessionIdToken :: Maybe Value

  "id_token" - IDToken sets session data for the OpenID Connect ID token. Keep in mind that the session'id payloads are readable by anyone that has access to the ID Challenge. Use with care!

Fields

• acceptOAuth2LoginRequestAcr :: Maybe Text

  "acr" - ACR sets the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it to express that, for example, a user authenticated using two factor authentication.

• acceptOAuth2LoginRequestAmr :: Maybe [Text]

  "amr"

• acceptOAuth2LoginRequestContext :: Maybe Value

  "context"

• acceptOAuth2LoginRequestForceSubjectIdentifier :: Maybe Text

  "force_subject_identifier" - ForceSubjectIdentifier forces the "pairwise" user ID of the end-user that authenticated. The "pairwise" user ID refers to the (Pairwise Identifier Algorithm)[http:/openid.netspecsopenid-connect-core-1_0.html#PairwiseAlg] of the OpenID Connect specification. It allows you to set an obfuscated subject ("user") identifier that is unique to the client. Please note that this changes the user ID on endpoint userinfo and sub claim of the ID Token. It does not change the sub claim in the OAuth 2.0 Introspection. Per default, ORY Hydra handles this value with its own algorithm. In case you want to set this yourself you can use this field. Please note that setting this field has no effect if `pairwise` is not configured in ORY Hydra or the OAuth 2.0 Client does not expect a pairwise identifier (set via `subject_type` key in the client's configuration). Please also be aware that ORY Hydra is unable to properly compute this value during authentication. This implies that you have to compute this value on every authentication process (probably depending on the client ID or some other unique value). If you fail to compute the proper value, then authentication processes which have id_token_hint set might fail.

• acceptOAuth2LoginRequestRemember :: Maybe Bool

  "remember" - Remember, if set to true, tells ORY Hydra to remember this user by telling the user agent (browser) to store a cookie with authentication data. If the same user performs another OAuth 2.0 Authorization Request, he/she will not be asked to log in again.

• acceptOAuth2LoginRequestRememberFor :: Maybe Integer

  "remember_for" - RememberFor sets how long the authentication should be remembered for in seconds. If set to `0`, the authorization will be remembered for the duration of the browser session (using a session cookie).

• acceptOAuth2LoginRequestSubject :: Text

  Required "subject" - Subject is the user ID of the end-user that authenticated.

Fields

• createJsonWebKeySetAlg :: Text

  Required "alg" - JSON Web Key Algorithm The algorithm to be used for creating the key. Supports `RS256`, `ES256`, `ES512`, `HS512`, and `HS256`.

• createJsonWebKeySetKid :: Text

  Required "kid" - JSON Web Key ID The Key ID of the key to be created.

• createJsonWebKeySetUse :: Text

  Required "use" - JSON Web Key Use The "use" (public key use) parameter identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Valid values are "enc" and "sig".

Fields

• errorOAuth2Error :: Maybe Text

  "error" - Error

• errorOAuth2ErrorDebug :: Maybe Text

  "error_debug" - Error Debug Information Only available in dev mode.

• errorOAuth2ErrorDescription :: Maybe Text

  "error_description" - Error Description

• errorOAuth2ErrorHint :: Maybe Text

  "error_hint" - Error Hint Helps the user identify the error cause.

• errorOAuth2StatusCode :: Maybe Integer

  "status_code" - HTTP Status Code

Fields

• genericErrorCode :: Maybe Integer

  "code" - The status code

• genericErrorDebug :: Maybe Text

  "debug" - Debug information This field is often not exposed to protect against leaking sensitive information.

• genericErrorDetails :: Maybe Value

  "details" - Further error details

• genericErrorId :: Maybe Text

  "id" - The error ID Useful when trying to identify various errors in application logic.

• genericErrorMessage :: Text

  Required "message" - Error message The error's message.

• genericErrorReason :: Maybe Text

  "reason" - A human-readable reason for the error

• genericErrorRequest :: Maybe Text

  "request" - The request ID The request ID is often exposed internally in order to trace errors across service architectures. This is often a UUID.

• genericErrorStatus :: Maybe Text

  "status" - The status description

Fields

• getVersion200ResponseVersion :: Maybe Text

  "version" - The version of Ory Hydra.

Fields

• healthNotReadyStatusErrors :: Maybe (Map String Text)

  "errors" - Errors contains a list of errors that caused the not ready status.

Fields

• healthStatusStatus :: Maybe Text

  "status" - Status always contains "ok".

Fields

• introspectedOAuth2TokenActive :: Bool

  Required "active" - Active is a boolean indicator of whether or not the presented token is currently active. The specifics of a token's "active" state will vary depending on the implementation of the authorization server and the information it keeps about its tokens, but a "true" value return for the "active" property will generally indicate that a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity (e.g., after its issuance time and before its expiration time).

• introspectedOAuth2TokenAud :: Maybe [Text]

  "aud" - Audience contains a list of the token's intended audiences.

• introspectedOAuth2TokenClientId :: Maybe Text

  "client_id" - ID is aclient identifier for the OAuth 2.0 client that requested this token.

• introspectedOAuth2TokenExp :: Maybe Integer

  "exp" - Expires at is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token will expire.

• introspectedOAuth2TokenExt :: Maybe (Map String Value)

  "ext" - Extra is arbitrary data set by the session.

• introspectedOAuth2TokenIat :: Maybe Integer

  "iat" - Issued at is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token was originally issued.

• introspectedOAuth2TokenIss :: Maybe Text

  "iss" - IssuerURL is a string representing the issuer of this token

• introspectedOAuth2TokenNbf :: Maybe Integer

  "nbf" - NotBefore is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token is not to be used before.

• introspectedOAuth2TokenObfuscatedSubject :: Maybe Text

  "obfuscated_subject" - ObfuscatedSubject is set when the subject identifier algorithm was set to "pairwise" during authorization. It is the `sub` value of the ID Token that was issued.

• introspectedOAuth2TokenScope :: Maybe Text

  "scope" - Scope is a JSON string containing a space-separated list of scopes associated with this token.

• introspectedOAuth2TokenSub :: Maybe Text

  "sub" - Subject of the token, as defined in JWT [RFC7519]. Usually a machine-readable identifier of the resource owner who authorized this token.

• introspectedOAuth2TokenTokenType :: Maybe Text

  "token_type" - TokenType is the introspected token's type, typically `Bearer`.

• introspectedOAuth2TokenTokenUse :: Maybe Text

  "token_use" - TokenUse is the introspected token's use, for example `access_token` or `refresh_token`.

• introspectedOAuth2TokenUsername :: Maybe Text

  "username" - Username is a human-readable identifier for the resource owner who authorized this token.

Fields

• isReady200ResponseStatus :: Maybe Text

  "status" - Always "ok".

Fields

• isReady503ResponseErrors :: Maybe (Map String Text)

  "errors" - Errors contains a list of errors that caused the not ready status.

Fields

• jsonPatchFrom :: Maybe Text

  "from" - This field is used together with operation "move" and uses JSON Pointer notation. Learn more about JSON Pointers.

• jsonPatchOp :: Text

  Required "op" - The operation to be performed. One of "add", "remove", "replace", "move", "copy", or "test".

• jsonPatchPath :: Text

  Required "path" - The path to the target path. Uses JSON pointer notation. Learn more about JSON Pointers.

• jsonPatchValue :: Maybe Value

  "value" - The value to be used within the operations. Learn more about JSON Pointers.

Fields

• jsonWebKeyAlg :: Text

  Required "alg" - The "alg" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA "JSON Web Signature and Encryption Algorithms" registry established by [JWA] or be a value that contains a Collision- Resistant Name.

• jsonWebKeyCrv :: Maybe Text

  "crv"

• jsonWebKeyD :: Maybe Text

  "d"

• jsonWebKeyDp :: Maybe Text

  "dp"

• jsonWebKeyDq :: Maybe Text

  "dq"

• jsonWebKeyE :: Maybe Text

  "e"

• jsonWebKeyK :: Maybe Text

  "k"

• jsonWebKeyKid :: Text

  Required "kid" - The "kid" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the "kid" value is unspecified. When "kid" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct "kid" values. (One example in which different keys might use the same "kid" value is if they have different "kty" (key type) values but are considered to be equivalent alternatives by the application using them.) The "kid" value is a case-sensitive string.

• jsonWebKeyKty :: Text

  Required "kty" - The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC". "kty" values should either be registered in the IANA "JSON Web Key Types" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The "kty" value is a case-sensitive string.

• jsonWebKeyN :: Maybe Text

  "n"

• jsonWebKeyP :: Maybe Text

  "p"

• jsonWebKeyQ :: Maybe Text

  "q"

• jsonWebKeyQi :: Maybe Text

  "qi"

• jsonWebKeyUse :: Text

  Required "use" - Use ("public key use") identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly "sig" (signature) or "enc" (encryption).

• jsonWebKeyX :: Maybe Text

  "x"

• jsonWebKeyX5c :: Maybe [Text]

  "x5c" - The "x5c" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate.

• jsonWebKeyY :: Maybe Text

  "y"