diff --git a/docs/docs/.static/api.json b/docs/docs/.static/api.json new file mode 100755 index 000000000000..25f128e3d9cc --- /dev/null +++ b/docs/docs/.static/api.json @@ -0,0 +1,3938 @@ +{ + "components": { + "responses": { + "emptyResponse": { + "description": "Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is typically 201." + } + }, + "schemas": { + "AdminUpdateIdentityBody": { + "properties": { + "schema_id": { + "description": "SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set\nwill update the Identity's SchemaID.", + "type": "string" + }, + "state": { + "description": "State is the identity's state." + }, + "traits": { + "description": "Traits represent an identity's traits. The identity is able to create, modify, and delete traits\nin a self-service manner. The input will always be validated against the JSON Schema defined\nin `schema_id`.", + "type": "object" + } + }, + "required": ["traits", "state"], + "type": "object" + }, + "AuthenticateOKBody": { + "description": "AuthenticateOKBody authenticate o k body", + "properties": { + "IdentityToken": { + "description": "An opaque token used to authenticate a user after a successful login", + "type": "string" + }, + "Status": { + "description": "The status of the authentication", + "type": "string" + } + }, + "required": ["IdentityToken", "Status"], + "type": "object" + }, + "ContainerChangeResponseItem": { + "description": "ContainerChangeResponseItem change item in response to ContainerChanges operation", + "properties": { + "Kind": { + "description": "Kind of change", + "format": "uint8", + "type": "integer" + }, + "Path": { + "description": "Path to file that has changed", + "type": "string" + } + }, + "required": ["Kind", "Path"], + "type": "object" + }, + "ContainerCreateCreatedBody": { + "description": "ContainerCreateCreatedBody OK response to ContainerCreate operation", + "properties": { + "Id": { + "description": "The ID of the created container", + "type": "string" + }, + "Warnings": { + "description": "Warnings encountered when creating the container", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": ["Id", "Warnings"], + "type": "object" + }, + "ContainerTopOKBody": { + "description": "ContainerTopOKBody OK response to ContainerTop operation", + "properties": { + "Processes": { + "description": "Each process running in the container, where each is process is an array of values corresponding to the titles", + "items": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": "array" + }, + "Titles": { + "description": "The ps column titles", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": ["Processes", "Titles"], + "type": "object" + }, + "ContainerUpdateOKBody": { + "description": "ContainerUpdateOKBody OK response to ContainerUpdate operation", + "properties": { + "Warnings": { + "description": "warnings", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": ["Warnings"], + "type": "object" + }, + "ContainerWaitOKBody": { + "description": "ContainerWaitOKBody OK response to ContainerWait operation", + "properties": { + "Error": { + "$ref": "#/components/schemas/ContainerWaitOKBodyError" + }, + "StatusCode": { + "description": "Exit code of the container", + "format": "int64", + "type": "integer" + } + }, + "required": ["Error", "StatusCode"], + "type": "object" + }, + "ContainerWaitOKBodyError": { + "description": "ContainerWaitOKBodyError container waiting error, if any", + "properties": { + "Message": { + "description": "Details of an error", + "type": "string" + } + }, + "type": "object" + }, + "CredentialsType": { + "description": "and so on.", + "title": "CredentialsType represents several different credential types, like password credentials, passwordless credentials,", + "type": "string" + }, + "ErrorResponse": { + "properties": { + "message": { + "description": "The error message.", + "type": "string" + } + }, + "required": ["message"], + "title": "ErrorResponse Represents an error.", + "type": "object" + }, + "GraphDriverData": { + "properties": { + "Data": { + "additionalProperties": { + "type": "string" + }, + "description": "data", + "type": "object" + }, + "Name": { + "description": "name", + "type": "string" + } + }, + "required": ["Data", "Name"], + "title": "GraphDriverData Information about a container's graph driver.", + "type": "object" + }, + "ID": { + "format": "int64", + "type": "integer" + }, + "IdResponse": { + "description": "IDResponse Response to an API call that returns just an Id", + "properties": { + "Id": { + "description": "The id of the newly created object.", + "type": "string" + } + }, + "required": ["Id"], + "type": "object" + }, + "ImageDeleteResponseItem": { + "description": "ImageDeleteResponseItem image delete response item", + "properties": { + "Deleted": { + "description": "The image ID of an image that was deleted", + "type": "string" + }, + "Untagged": { + "description": "The image ID of an image that was untagged", + "type": "string" + } + }, + "type": "object" + }, + "ImageSummary": { + "description": "ImageSummary image summary", + "properties": { + "Containers": { + "description": "containers", + "format": "int64", + "type": "integer" + }, + "Created": { + "description": "created", + "format": "int64", + "type": "integer" + }, + "Id": { + "description": "Id", + "type": "string" + }, + "Labels": { + "additionalProperties": { + "type": "string" + }, + "description": "labels", + "type": "object" + }, + "ParentId": { + "description": "parent Id", + "type": "string" + }, + "RepoDigests": { + "description": "repo digests", + "items": { + "type": "string" + }, + "type": "array" + }, + "RepoTags": { + "description": "repo tags", + "items": { + "type": "string" + }, + "type": "array" + }, + "SharedSize": { + "description": "shared size", + "format": "int64", + "type": "integer" + }, + "Size": { + "description": "size", + "format": "int64", + "type": "integer" + }, + "VirtualSize": { + "description": "virtual size", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "Containers", + "Created", + "Id", + "Labels", + "ParentId", + "RepoDigests", + "RepoTags", + "SharedSize", + "Size", + "VirtualSize" + ], + "type": "object" + }, + "JSONRawMessage": { + "title": "JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger.", + "type": "object" + }, + "Meta": { + "description": "This might include a label and other information that can optionally\nbe used to render UIs.", + "properties": { + "label": { + "$ref": "#/components/schemas/uiText" + } + }, + "title": "A Node's Meta Information", + "type": "object" + }, + "Plugin": { + "description": "Plugin A plugin for the Engine API", + "properties": { + "Config": { + "$ref": "#/components/schemas/PluginConfig" + }, + "Enabled": { + "description": "True if the plugin is running. False if the plugin is not running, only installed.", + "type": "boolean" + }, + "Id": { + "description": "Id", + "type": "string" + }, + "Name": { + "description": "name", + "type": "string" + }, + "PluginReference": { + "description": "plugin remote reference used to push/pull the plugin", + "type": "string" + }, + "Settings": { + "$ref": "#/components/schemas/PluginSettings" + } + }, + "required": ["Config", "Enabled", "Name", "Settings"], + "type": "object" + }, + "PluginConfig": { + "properties": { + "Args": { + "$ref": "#/components/schemas/PluginConfigArgs" + }, + "Description": { + "description": "description", + "type": "string" + }, + "DockerVersion": { + "description": "Docker Version used to create the plugin", + "type": "string" + }, + "Documentation": { + "description": "documentation", + "type": "string" + }, + "Entrypoint": { + "description": "entrypoint", + "items": { + "type": "string" + }, + "type": "array" + }, + "Env": { + "description": "env", + "items": { + "$ref": "#/components/schemas/PluginEnv" + }, + "type": "array" + }, + "Interface": { + "$ref": "#/components/schemas/PluginConfigInterface" + }, + "IpcHost": { + "description": "ipc host", + "type": "boolean" + }, + "Linux": { + "$ref": "#/components/schemas/PluginConfigLinux" + }, + "Mounts": { + "description": "mounts", + "items": { + "$ref": "#/components/schemas/PluginMount" + }, + "type": "array" + }, + "Network": { + "$ref": "#/components/schemas/PluginConfigNetwork" + }, + "PidHost": { + "description": "pid host", + "type": "boolean" + }, + "PropagatedMount": { + "description": "propagated mount", + "type": "string" + }, + "User": { + "$ref": "#/components/schemas/PluginConfigUser" + }, + "WorkDir": { + "description": "work dir", + "type": "string" + }, + "rootfs": { + "$ref": "#/components/schemas/PluginConfigRootfs" + } + }, + "required": [ + "Args", + "Description", + "Documentation", + "Entrypoint", + "Env", + "Interface", + "IpcHost", + "Linux", + "Mounts", + "Network", + "PidHost", + "PropagatedMount", + "WorkDir" + ], + "title": "PluginConfig The config of a plugin.", + "type": "object" + }, + "PluginConfigArgs": { + "description": "PluginConfigArgs plugin config args", + "properties": { + "Description": { + "description": "description", + "type": "string" + }, + "Name": { + "description": "name", + "type": "string" + }, + "Settable": { + "description": "settable", + "items": { + "type": "string" + }, + "type": "array" + }, + "Value": { + "description": "value", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": ["Description", "Name", "Settable", "Value"], + "type": "object" + }, + "PluginConfigInterface": { + "description": "PluginConfigInterface The interface between Docker and the plugin", + "properties": { + "Socket": { + "description": "socket", + "type": "string" + }, + "Types": { + "description": "types", + "items": { + "$ref": "#/components/schemas/PluginInterfaceType" + }, + "type": "array" + } + }, + "required": ["Socket", "Types"], + "type": "object" + }, + "PluginConfigLinux": { + "description": "PluginConfigLinux plugin config linux", + "properties": { + "AllowAllDevices": { + "description": "allow all devices", + "type": "boolean" + }, + "Capabilities": { + "description": "capabilities", + "items": { + "type": "string" + }, + "type": "array" + }, + "Devices": { + "description": "devices", + "items": { + "$ref": "#/components/schemas/PluginDevice" + }, + "type": "array" + } + }, + "required": ["AllowAllDevices", "Capabilities", "Devices"], + "type": "object" + }, + "PluginConfigNetwork": { + "description": "PluginConfigNetwork plugin config network", + "properties": { + "Type": { + "description": "type", + "type": "string" + } + }, + "required": ["Type"], + "type": "object" + }, + "PluginConfigRootfs": { + "description": "PluginConfigRootfs plugin config rootfs", + "properties": { + "diff_ids": { + "description": "diff ids", + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "description": "type", + "type": "string" + } + }, + "type": "object" + }, + "PluginConfigUser": { + "description": "PluginConfigUser plugin config user", + "properties": { + "GID": { + "description": "g ID", + "format": "uint32", + "type": "integer" + }, + "UID": { + "description": "UID", + "format": "uint32", + "type": "integer" + } + }, + "type": "object" + }, + "PluginDevice": { + "description": "PluginDevice plugin device", + "properties": { + "Description": { + "description": "description", + "type": "string" + }, + "Name": { + "description": "name", + "type": "string" + }, + "Path": { + "description": "path", + "type": "string" + }, + "Settable": { + "description": "settable", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": ["Description", "Name", "Path", "Settable"], + "type": "object" + }, + "PluginEnv": { + "description": "PluginEnv plugin env", + "properties": { + "Description": { + "description": "description", + "type": "string" + }, + "Name": { + "description": "name", + "type": "string" + }, + "Settable": { + "description": "settable", + "items": { + "type": "string" + }, + "type": "array" + }, + "Value": { + "description": "value", + "type": "string" + } + }, + "required": ["Description", "Name", "Settable", "Value"], + "type": "object" + }, + "PluginInterfaceType": { + "description": "PluginInterfaceType plugin interface type", + "properties": { + "Capability": { + "description": "capability", + "type": "string" + }, + "Prefix": { + "description": "prefix", + "type": "string" + }, + "Version": { + "description": "version", + "type": "string" + } + }, + "required": ["Capability", "Prefix", "Version"], + "type": "object" + }, + "PluginMount": { + "description": "PluginMount plugin mount", + "properties": { + "Description": { + "description": "description", + "type": "string" + }, + "Destination": { + "description": "destination", + "type": "string" + }, + "Name": { + "description": "name", + "type": "string" + }, + "Options": { + "description": "options", + "items": { + "type": "string" + }, + "type": "array" + }, + "Settable": { + "description": "settable", + "items": { + "type": "string" + }, + "type": "array" + }, + "Source": { + "description": "source", + "type": "string" + }, + "Type": { + "description": "type", + "type": "string" + } + }, + "required": [ + "Description", + "Destination", + "Name", + "Options", + "Settable", + "Source", + "Type" + ], + "type": "object" + }, + "PluginSettings": { + "properties": { + "Args": { + "description": "args", + "items": { + "type": "string" + }, + "type": "array" + }, + "Devices": { + "description": "devices", + "items": { + "$ref": "#/components/schemas/PluginDevice" + }, + "type": "array" + }, + "Env": { + "description": "env", + "items": { + "type": "string" + }, + "type": "array" + }, + "Mounts": { + "description": "mounts", + "items": { + "$ref": "#/components/schemas/PluginMount" + }, + "type": "array" + } + }, + "required": ["Args", "Devices", "Env", "Mounts"], + "title": "PluginSettings Settings that can be modified by users.", + "type": "object" + }, + "Port": { + "description": "Port An open port on a container", + "properties": { + "IP": { + "description": "IP", + "type": "string" + }, + "PrivatePort": { + "description": "Port on the container", + "format": "uint16", + "type": "integer" + }, + "PublicPort": { + "description": "Port exposed on the host", + "format": "uint16", + "type": "integer" + }, + "Type": { + "description": "type", + "type": "string" + } + }, + "required": ["PrivatePort", "Type"], + "type": "object" + }, + "RecoveryAddress": { + "properties": { + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "id": { + "$ref": "#/components/schemas/UUID" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "value": { + "type": "string" + }, + "via": { + "$ref": "#/components/schemas/RecoveryAddressType" + } + }, + "required": ["id", "value", "via"], + "type": "object" + }, + "RecoveryAddressType": { + "type": "string" + }, + "ServiceUpdateResponse": { + "description": "ServiceUpdateResponse service update response", + "properties": { + "Warnings": { + "description": "Optional warning messages", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "UUID": { + "format": "uuid4", + "type": "string" + }, + "Volume": { + "description": "Volume volume", + "properties": { + "CreatedAt": { + "description": "Date/Time the volume was created.", + "type": "string" + }, + "Driver": { + "description": "Name of the volume driver used by the volume.", + "type": "string" + }, + "Labels": { + "additionalProperties": { + "type": "string" + }, + "description": "User-defined key/value metadata.", + "type": "object" + }, + "Mountpoint": { + "description": "Mount path of the volume on the host.", + "type": "string" + }, + "Name": { + "description": "Name of the volume.", + "type": "string" + }, + "Options": { + "additionalProperties": { + "type": "string" + }, + "description": "The driver specific options used when creating the volume.", + "type": "object" + }, + "Scope": { + "description": "The level at which the volume exists. Either `global` for cluster-wide, or `local` for machine level.", + "type": "string" + }, + "Status": { + "additionalProperties": true, + "description": "Low-level details about the volume, provided by the volume driver.\nDetails are returned as a map with key/value pairs:\n`{\"key\":\"value\",\"key2\":\"value2\"}`.\n\nThe `Status` field is optional, and is omitted if the volume driver\ndoes not support this feature.", + "type": "object" + }, + "UsageData": { + "$ref": "#/components/schemas/VolumeUsageData" + } + }, + "required": [ + "Driver", + "Labels", + "Mountpoint", + "Name", + "Options", + "Scope" + ], + "type": "object" + }, + "VolumeUsageData": { + "description": "VolumeUsageData Usage details about the volume. This information is used by the\n`GET /system/df` endpoint, and omitted in other endpoints.", + "properties": { + "RefCount": { + "description": "The number of containers referencing this volume. This field\nis set to `-1` if the reference-count is not available.", + "format": "int64", + "type": "integer" + }, + "Size": { + "description": "Amount of disk space used by the volume (in bytes). This information\nis only available for volumes created with the `\"local\"` volume\ndriver. For volumes created with other volume drivers, this field\nis set to `-1` (\"not available\")", + "format": "int64", + "type": "integer" + } + }, + "required": ["RefCount", "Size"], + "type": "object" + }, + "adminCreateIdentityBody": { + "properties": { + "schema_id": { + "description": "SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.", + "type": "string" + }, + "traits": { + "description": "Traits represent an identity's traits. The identity is able to create, modify, and delete traits\nin a self-service manner. The input will always be validated against the JSON Schema defined\nin `schema_url`.", + "type": "object" + } + }, + "required": ["schema_id", "traits"], + "type": "object" + }, + "adminCreateSelfServiceRecoveryLinkBody": { + "properties": { + "expires_in": { + "description": "Link Expires In\n\nThe recovery link will expire at that point in time. Defaults to the configuration value of\n`selfservice.flows.recovery.request_lifespan`.", + "pattern": "^[0-9]+(ns|us|ms|s|m|h)$", + "type": "string" + }, + "identity_id": { + "$ref": "#/components/schemas/UUID" + } + }, + "required": ["identity_id"], + "type": "object" + }, + "genericError": { + "properties": { + "code": { + "description": "The status code", + "example": 404, + "format": "int64", + "type": "integer" + }, + "debug": { + "description": "Debug information\n\nThis field is often not exposed to protect against leaking\nsensitive information.", + "example": "SQL field \"foo\" is not a bool.", + "type": "string" + }, + "details": { + "additionalProperties": true, + "description": "Further error details", + "type": "object" + }, + "message": { + "description": "Error message\n\nThe error's message.", + "example": "The resource could not be found", + "type": "string" + }, + "reason": { + "description": "A human-readable reason for the error", + "example": "User with ID 1234 does not exist.", + "type": "string" + }, + "request": { + "description": "The request ID\n\nThe request ID is often exposed internally in order to trace\nerrors across service architectures. This is often a UUID.", + "example": "d7ef54b1-ec15-46e6-bccb-524b82c035e6", + "type": "string" + }, + "status": { + "description": "The status description", + "example": "Not Found", + "type": "string" + } + }, + "required": ["message"], + "type": "object" + }, + "healthNotReadyStatus": { + "properties": { + "errors": { + "additionalProperties": { + "type": "string" + }, + "description": "Errors contains a list of errors that caused the not ready status.", + "type": "object" + } + }, + "type": "object" + }, + "healthStatus": { + "properties": { + "status": { + "description": "Status always contains \"ok\".", + "type": "string" + } + }, + "type": "object" + }, + "identity": { + "description": "An identity can be a real human, a service, an IoT device - everything that\ncan be described as an \"actor\" in a system.", + "properties": { + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "credentials": { + "additionalProperties": { + "$ref": "#/components/schemas/identityCredentials" + }, + "description": "Credentials represents all credentials that can be used for authenticating this identity.", + "type": "object" + }, + "id": { + "$ref": "#/components/schemas/UUID" + }, + "recovery_addresses": { + "description": "RecoveryAddresses contains all the addresses that can be used to recover an identity.", + "items": { + "$ref": "#/components/schemas/RecoveryAddress" + }, + "type": "array", + "x-omitempty": true + }, + "schema_id": { + "description": "SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.", + "type": "string" + }, + "schema_url": { + "description": "SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.\n\nformat: url", + "type": "string" + }, + "state": { + "description": "State is the identity's state." + }, + "state_changed_at": { + "$ref": "#/components/schemas/nullTime" + }, + "traits": { + "$ref": "#/components/schemas/identityTraits" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "verifiable_addresses": { + "description": "VerifiableAddresses contains all the addresses that can be verified by the user.", + "items": { + "$ref": "#/components/schemas/verifiableIdentityAddress" + }, + "type": "array", + "x-omitempty": true + } + }, + "required": ["id", "schema_id", "schema_url", "state", "traits"], + "title": "Identity represents an Ory Kratos identity", + "type": "object" + }, + "identityCredentials": { + "description": "Credentials represents a specific credential type", + "properties": { + "config": { + "$ref": "#/components/schemas/JSONRawMessage" + }, + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "identifiers": { + "description": "Identifiers represents a list of unique identifiers this credential type matches.", + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "$ref": "#/components/schemas/CredentialsType" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "identityList": { + "items": { + "$ref": "#/components/schemas/identity" + }, + "title": "A list of identities.", + "type": "array" + }, + "identityTraits": { + "description": "Traits represent an identity's traits. The identity is able to create, modify, and delete traits\nin a self-service manner. The input will always be validated against the JSON Schema defined\nin `schema_url`." + }, + "identityVerifiableAddressStatus": { + "description": "VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema", + "type": "string" + }, + "identityVerifiableAddressType": { + "description": "VerifiableAddressType must not exceed 16 characters as that is the limitation in the SQL Schema", + "type": "string" + }, + "jsonError": { + "description": "The standard Ory JSON API error format.", + "properties": { + "error": { + "$ref": "#/components/schemas/genericError" + } + }, + "required": ["error"], + "title": "JSON API Error Response", + "type": "object" + }, + "jsonSchema": { + "description": "Raw JSON Schema", + "type": "object" + }, + "nullJsonRawMessage": { + "description": "NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-", + "type": "object" + }, + "nullTime": { + "format": "date-time", + "title": "NullTime implements sql.NullTime functionality.", + "type": "string" + }, + "selfServiceError": { + "properties": { + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "error": { + "type": "object" + }, + "id": { + "$ref": "#/components/schemas/UUID" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + } + }, + "required": ["id"], + "type": "object" + }, + "selfServiceFlowType": { + "description": "The flow type can either be `api` or `browser`.", + "title": "Type is the flow type.", + "type": "string" + }, + "selfServiceLoginFlow": { + "description": "This object represents a login flow. A login flow is initiated at the \"Initiate Login API / Browser Flow\"\nendpoint by a client.\n\nOnce a login flow is completed successfully, a session cookie or session token will be issued.", + "properties": { + "active": { + "$ref": "#/components/schemas/CredentialsType" + }, + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "expires_at": { + "description": "ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in,\na new flow has to be initiated.", + "format": "date-time", + "type": "string" + }, + "forced": { + "description": "Forced stores whether this login flow should enforce re-authentication.", + "type": "boolean" + }, + "id": { + "$ref": "#/components/schemas/UUID" + }, + "issued_at": { + "description": "IssuedAt is the time (UTC) when the flow started.", + "format": "date-time", + "type": "string" + }, + "request_url": { + "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/selfServiceFlowType" + }, + "ui": { + "$ref": "#/components/schemas/uiContainer" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "id", + "type", + "expires_at", + "issued_at", + "request_url", + "ui" + ], + "title": "Login Flow", + "type": "object" + }, + "selfServiceLogoutUrl": { + "properties": { + "logout_url": { + "description": "LogoutURL can be opened in a browser to\n\nformat: uri", + "type": "string" + } + }, + "type": "object" + }, + "selfServiceRecoveryFlow": { + "description": "This request is used when an identity wants to recover their account.\n\nWe recommend reading the [Account Recovery Documentation](../self-service/flows/password-reset-account-recovery)", + "properties": { + "active": { + "description": "Active, if set, contains the registration method that is being used. It is initially\nnot set.", + "type": "string" + }, + "expires_at": { + "description": "ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting,\na new request has to be initiated.", + "format": "date-time", + "type": "string" + }, + "id": { + "$ref": "#/components/schemas/UUID" + }, + "issued_at": { + "description": "IssuedAt is the time (UTC) when the request occurred.", + "format": "date-time", + "type": "string" + }, + "request_url": { + "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", + "type": "string" + }, + "state": { + "$ref": "#/components/schemas/selfServiceRecoveryFlowState" + }, + "type": { + "$ref": "#/components/schemas/selfServiceFlowType" + }, + "ui": { + "$ref": "#/components/schemas/uiContainer" + } + }, + "required": [ + "id", + "expires_at", + "issued_at", + "request_url", + "ui", + "state" + ], + "title": "A Recovery Flow", + "type": "object" + }, + "selfServiceRecoveryFlowState": { + "description": "The state represents the state of the recovery flow.\n\nchoose_method: ask the user to choose a method (e.g. recover account via email)\nsent_email: the email has been sent to the user\npassed_challenge: the request was successful and the recovery challenge was passed.", + "enum": ["choose_method", "sent_email", "passed_challenge"], + "title": "Recovery Flow State", + "type": "string" + }, + "selfServiceRecoveryLink": { + "properties": { + "expires_at": { + "description": "Recovery Link Expires At\n\nThe timestamp when the recovery link expires.", + "format": "date-time", + "type": "string" + }, + "recovery_link": { + "description": "Recovery Link\n\nThis link can be used to recover the account.", + "type": "string" + } + }, + "required": ["recovery_link"], + "type": "object" + }, + "selfServiceRegistrationFlow": { + "properties": { + "active": { + "$ref": "#/components/schemas/CredentialsType" + }, + "expires_at": { + "description": "ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in,\na new flow has to be initiated.", + "format": "date-time", + "type": "string" + }, + "id": { + "$ref": "#/components/schemas/UUID" + }, + "issued_at": { + "description": "IssuedAt is the time (UTC) when the flow occurred.", + "format": "date-time", + "type": "string" + }, + "request_url": { + "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/selfServiceFlowType" + }, + "ui": { + "$ref": "#/components/schemas/uiContainer" + } + }, + "required": ["id", "expires_at", "issued_at", "request_url", "ui"], + "type": "object" + }, + "selfServiceSettingsFlow": { + "description": "This flow is used when an identity wants to update settings\n(e.g. profile data, passwords, ...) in a selfservice manner.\n\nWe recommend reading the [User Settings Documentation](../self-service/flows/user-settings)", + "properties": { + "active": { + "description": "Active, if set, contains the registration method that is being used. It is initially\nnot set.", + "type": "string" + }, + "expires_at": { + "description": "ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to update the setting,\na new flow has to be initiated.", + "format": "date-time", + "type": "string" + }, + "id": { + "$ref": "#/components/schemas/UUID" + }, + "identity": { + "$ref": "#/components/schemas/identity" + }, + "issued_at": { + "description": "IssuedAt is the time (UTC) when the flow occurred.", + "format": "date-time", + "type": "string" + }, + "request_url": { + "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", + "type": "string" + }, + "state": { + "$ref": "#/components/schemas/selfServiceSettingsFlowState" + }, + "type": { + "$ref": "#/components/schemas/selfServiceFlowType" + }, + "ui": { + "$ref": "#/components/schemas/uiContainer" + } + }, + "required": [ + "id", + "expires_at", + "issued_at", + "request_url", + "ui", + "identity", + "state" + ], + "title": "Flow represents a Settings Flow", + "type": "object" + }, + "selfServiceSettingsFlowState": { + "description": "show_form: No user data has been collected, or it is invalid, and thus the form should be shown.\nsuccess: Indicates that the settings flow has been updated successfully with the provided data.\nDone will stay true when repeatedly checking. If set to true, done will revert back to false only\nwhen a flow with invalid (e.g. \"please use a valid phone number\") data was sent.", + "enum": ["show_form", "success"], + "title": "State represents the state of this flow. It knows two states:", + "type": "string" + }, + "selfServiceVerificationFlow": { + "description": "Used to verify an out-of-band communication\nchannel such as an email address or a phone number.\n\nFor more information head over to: https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation", + "properties": { + "active": { + "description": "Active, if set, contains the registration method that is being used. It is initially\nnot set.", + "type": "string" + }, + "expires_at": { + "description": "ExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address,\na new request has to be initiated.", + "format": "date-time", + "type": "string" + }, + "id": { + "$ref": "#/components/schemas/UUID" + }, + "issued_at": { + "description": "IssuedAt is the time (UTC) when the request occurred.", + "format": "date-time", + "type": "string" + }, + "request_url": { + "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", + "type": "string" + }, + "state": { + "$ref": "#/components/schemas/selfServiceVerificationFlowState" + }, + "type": { + "$ref": "#/components/schemas/selfServiceFlowType" + }, + "ui": { + "$ref": "#/components/schemas/uiContainer" + } + }, + "required": ["id", "type", "ui", "state"], + "title": "A Verification Flow", + "type": "object" + }, + "selfServiceVerificationFlowState": { + "description": "The state represents the state of the verification flow.\n\nchoose_method: ask the user to choose a method (e.g. recover account via email)\nsent_email: the email has been sent to the user\npassed_challenge: the request was successful and the recovery challenge was passed.", + "enum": ["choose_method", "sent_email", "passed_challenge"], + "title": "Verification Flow State", + "type": "string" + }, + "session": { + "description": "A Session", + "properties": { + "active": { + "description": "Whether or not the session is active.", + "type": "boolean" + }, + "authenticated_at": { + "description": "The Session Authentication Timestamp\n\nWhen this session was authenticated at.", + "format": "date-time", + "type": "string" + }, + "expires_at": { + "description": "The Session Expiry\n\nWhen this session expires at.", + "format": "date-time", + "type": "string" + }, + "id": { + "$ref": "#/components/schemas/UUID" + }, + "identity": { + "$ref": "#/components/schemas/identity" + }, + "issued_at": { + "description": "The Session Issuance Timestamp\n\nWhen this session was authenticated at.", + "format": "date-time", + "type": "string" + } + }, + "required": ["id", "identity"], + "type": "object" + }, + "settingsProfileFormConfig": { + "properties": { + "action": { + "description": "Action should be used as the form action URL `\u003cform action=\"{{ .Action }}\" method=\"post\"\u003e`.", + "type": "string" + }, + "messages": { + "$ref": "#/components/schemas/uiTexts" + }, + "method": { + "description": "Method is the form method (e.g. POST)", + "type": "string" + }, + "nodes": { + "$ref": "#/components/schemas/uiNodes" + } + }, + "required": ["action", "method", "nodes"], + "type": "object" + }, + "submitSelfServiceLoginFlowBody": { + "discriminator": { + "mapping": { + "oidc": "#/components/schemas/submitSelfServiceLoginFlowWithOidcMethodBody", + "password": "#/components/schemas/submitSelfServiceLoginFlowWithPasswordMethodBody" + }, + "propertyName": "method" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/submitSelfServiceLoginFlowWithPasswordMethodBody" + } + ] + }, + "submitSelfServiceLoginFlowWithOidcMethodBody": { + "description": "SubmitSelfServiceLoginFlowWithOidcMethodBody is used to decode the login form payload\nwhen using the oidc method.", + "properties": { + "csrf_token": { + "description": "The CSRF Token", + "type": "string" + }, + "method": { + "description": "Method to use\n\nThis field must be set to `oidc` when using the oidc method.", + "type": "string" + }, + "traits": { + "description": "The provider to register with", + "type": "string" + } + }, + "required": ["traits", "method"], + "type": "object" + }, + "submitSelfServiceLoginFlowWithPasswordMethodBody": { + "properties": { + "csrf_token": { + "description": "Sending the anti-csrf token is only required for browser login flows.", + "type": "string" + }, + "method": { + "description": "Method should be set to \"password\" when logging in using the identifier and password strategy.", + "enum": ["password", "oidc"], + "type": "string" + }, + "password": { + "description": "The user's password.", + "type": "string" + }, + "password_identifier": { + "description": "Identifier is the email or username of the user trying to log in.", + "type": "string" + } + }, + "required": ["method", "password", "password_identifier"], + "title": "submitSelfServiceLoginFlowWithPasswordMethodBody is used to decode the login form payload.", + "type": "object" + }, + "submitSelfServiceLogoutFlowWithoutBrowserBody": { + "description": "nolint:deadcode,unused", + "properties": { + "session_token": { + "description": "The Session Token\n\nInvalidate this session token.", + "type": "string" + } + }, + "required": ["session_token"], + "type": "object" + }, + "submitSelfServiceRecoveryFlowBody": { + "discriminator": { + "mapping": { + "link": "#/components/schemas/submitSelfServiceRecoveryFlowWithLinkMethodBody" + }, + "propertyName": "method" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/submitSelfServiceRecoveryFlowWithLinkMethodBody" + } + ] + }, + "submitSelfServiceRecoveryFlowWithLinkMethodBody": { + "properties": { + "csrf_token": { + "description": "Sending the anti-csrf token is only required for browser login flows.", + "type": "string" + }, + "email": { + "description": "Email to Recover\n\nNeeds to be set when initiating the flow. If the email is a registered\nrecovery email, a recovery link will be sent. If the email is not known,\na email with details on what happened will be sent instead.\n\nformat: email", + "type": "string" + }, + "method": { + "description": "Method supports `link` only right now.", + "enum": ["password", "oidc"], + "type": "string" + } + }, + "required": ["email", "method"], + "type": "object" + }, + "submitSelfServiceRegistrationFlowBody": { + "discriminator": { + "mapping": { + "oidc": "#/components/schemas/submitSelfServiceRegistrationFlowWithOidcMethodBody", + "password": "#/components/schemas/submitSelfServiceRegistrationFlowWithPasswordMethodBody" + }, + "propertyName": "method" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/submitSelfServiceRegistrationFlowWithPasswordMethodBody" + } + ] + }, + "submitSelfServiceRegistrationFlowWithOidcMethodBody": { + "description": "SubmitSelfServiceRegistrationFlowWithOidcMethodBody is used to decode the registration form payload\nwhen using the oidc method.", + "properties": { + "csrf_token": { + "description": "The CSRF Token", + "type": "string" + }, + "method": { + "description": "Method to use\n\nThis field must be set to `oidc` when using the oidc method.", + "type": "string" + }, + "traits": { + "description": "The provider to register with", + "type": "string" + } + }, + "required": ["traits", "method"], + "type": "object" + }, + "submitSelfServiceRegistrationFlowWithPasswordMethodBody": { + "description": "SubmitSelfServiceRegistrationFlowWithPasswordMethodBody is used to decode the registration form payload\nwhen using the password method.", + "properties": { + "csrf_token": { + "description": "The CSRF Token", + "type": "string" + }, + "method": { + "description": "Method to use\n\nThis field must be set to `password` when using the password method.", + "enum": ["password", "oidc"], + "type": "string" + }, + "password": { + "description": "Password to sign the user up with", + "type": "string" + }, + "traits": { + "description": "The identity's traits", + "type": "object" + } + }, + "required": ["password", "traits", "method"], + "type": "object" + }, + "submitSelfServiceSettingsFlowBody": { + "discriminator": { + "mapping": { + "oidc": "#/components/schemas/submitSelfServiceSettingsFlowWithOidcMethodBody", + "password": "#/components/schemas/submitSelfServiceSettingsFlowWithPasswordMethodBody", + "profile": "#/components/schemas/submitSelfServiceSettingsFlowWithProfileMethodBody" + }, + "propertyName": "method" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/submitSelfServiceSettingsFlowWithPasswordMethodBody" + }, + { + "$ref": "#/components/schemas/submitSelfServiceSettingsFlowWithProfileMethodBody" + } + ] + }, + "submitSelfServiceSettingsFlowWithOidcMethodBody": { + "description": "nolint:deadcode,unused", + "properties": { + "flow": { + "description": "Flow ID is the flow's ID.\n\nin: query", + "type": "string" + }, + "link": { + "description": "Link this provider\n\nEither this or `unlink` must be set.\n\ntype: string\nin: body", + "type": "string" + }, + "method": { + "description": "Method\n\nShould be set to profile when trying to update a profile.", + "type": "string" + }, + "unlink": { + "description": "Unlink this provider\n\nEither this or `link` must be set.\n\ntype: string\nin: body", + "type": "string" + } + }, + "required": ["method"], + "type": "object" + }, + "submitSelfServiceSettingsFlowWithPasswordMethodBody": { + "properties": { + "csrf_token": { + "description": "CSRFToken is the anti-CSRF token", + "type": "string" + }, + "method": { + "description": "Method\n\nShould be set to password when trying to update a password.", + "enum": ["password", "profile", "oidc"], + "type": "string" + }, + "password": { + "description": "Password is the updated password", + "type": "string" + } + }, + "required": ["password", "method"], + "type": "object" + }, + "submitSelfServiceSettingsFlowWithProfileMethodBody": { + "description": "nolint:deadcode,unused", + "properties": { + "csrf_token": { + "description": "The Anti-CSRF Token\n\nThis token is only required when performing browser flows.", + "type": "string" + }, + "method": { + "description": "Method\n\nShould be set to profile when trying to update a profile.", + "type": "string" + }, + "traits": { + "description": "Traits contains all of the identity's traits.", + "type": "object" + } + }, + "required": ["traits", "method"], + "type": "object" + }, + "submitSelfServiceVerificationFlowBody": { + "description": "nolint:deadcode,unused", + "discriminator": { + "mapping": { + "link": "#/components/schemas/submitSelfServiceVerificationFlowWithLinkMethodBody" + }, + "propertyName": "method" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/submitSelfServiceVerificationFlowWithLinkMethodBody" + } + ] + }, + "submitSelfServiceVerificationFlowWithLinkMethodBody": { + "properties": { + "csrf_token": { + "description": "Sending the anti-csrf token is only required for browser login flows.", + "type": "string" + }, + "email": { + "description": "Email to Verify\n\nNeeds to be set when initiating the flow. If the email is a registered\nverification email, a verification link will be sent. If the email is not known,\na email with details on what happened will be sent instead.\n\nformat: email", + "type": "string" + }, + "method": { + "description": "Method supports `link` only right now.", + "enum": ["password", "oidc"], + "type": "string" + } + }, + "required": ["email", "method"], + "type": "object" + }, + "successfulSelfServiceLoginWithoutBrowser": { + "description": "The Response for Login Flows via API", + "properties": { + "session": { + "$ref": "#/components/schemas/session" + }, + "session_token": { + "description": "The Session Token\n\nA session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization\nHeader:\n\nAuthorization: bearer ${session-token}\n\nThe session token is only issued for API flows, not for Browser flows!", + "type": "string" + } + }, + "required": ["session"], + "type": "object" + }, + "successfulSelfServiceRegistrationWithoutBrowser": { + "description": "The Response for Registration Flows via API", + "properties": { + "identity": { + "$ref": "#/components/schemas/identity" + }, + "session": { + "$ref": "#/components/schemas/session" + }, + "session_token": { + "description": "The Session Token\n\nThis field is only set when the session hook is configured as a post-registration hook.\n\nA session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization\nHeader:\n\nAuthorization: bearer ${session-token}\n\nThe session token is only issued for API flows, not for Browser flows!", + "type": "string" + } + }, + "required": ["identity"], + "type": "object" + }, + "successfulSelfServiceSettingsWithoutBrowser": { + "description": "The Response for Settings Flows via API", + "properties": { + "flow": { + "$ref": "#/components/schemas/selfServiceSettingsFlow" + }, + "identity": { + "$ref": "#/components/schemas/identity" + } + }, + "required": ["flow", "identity"], + "type": "object" + }, + "uiContainer": { + "description": "Container represents a HTML Form. The container can work with both HTTP Form and JSON requests", + "properties": { + "action": { + "description": "Action should be used as the form action URL `\u003cform action=\"{{ .Action }}\" method=\"post\"\u003e`.", + "type": "string" + }, + "messages": { + "$ref": "#/components/schemas/uiTexts" + }, + "method": { + "description": "Method is the form method (e.g. POST)", + "type": "string" + }, + "nodes": { + "$ref": "#/components/schemas/uiNodes" + } + }, + "required": ["action", "method", "nodes"], + "type": "object" + }, + "uiNode": { + "description": "Nodes are represented as HTML elements or their native UI equivalents. For example,\na node can be an `\u003cimg\u003e` tag, or an `\u003cinput element\u003e` but also `some plain text`.", + "properties": { + "attributes": { + "$ref": "#/components/schemas/uiNodeAttributes" + }, + "group": { + "$ref": "#/components/schemas/uiNodeGroup" + }, + "messages": { + "$ref": "#/components/schemas/uiTexts" + }, + "meta": { + "$ref": "#/components/schemas/Meta" + }, + "type": { + "$ref": "#/components/schemas/uiNodeType" + } + }, + "required": ["type", "group", "attributes", "messages", "meta"], + "title": "Node represents a flow's nodes", + "type": "object" + }, + "uiNodeAnchorAttributes": { + "properties": { + "href": { + "description": "The link's href (destination) URL.\n\nformat: uri", + "type": "string" + }, + "title": { + "$ref": "#/components/schemas/uiText" + } + }, + "required": ["href", "title"], + "title": "AnchorAttributes represents the attributes of an anchor node.", + "type": "object" + }, + "uiNodeAttributes": { + "oneOf": [ + { + "$ref": "#/components/schemas/uiNodeInputAttributes" + }, + { + "$ref": "#/components/schemas/uiNodeTextAttributes" + }, + { + "$ref": "#/components/schemas/uiNodeImageAttributes" + }, + { + "$ref": "#/components/schemas/uiNodeAnchorAttributes" + } + ], + "title": "Attributes represents a list of attributes (e.g. `href=\"foo\"` for links)." + }, + "uiNodeGroup": { + "type": "string" + }, + "uiNodeImageAttributes": { + "properties": { + "src": { + "description": "The image's source URL.\n\nformat: uri", + "type": "string" + } + }, + "required": ["src"], + "title": "ImageAttributes represents the attributes of an image node.", + "type": "object" + }, + "uiNodeInputAttributeType": { + "type": "string" + }, + "uiNodeInputAttributes": { + "description": "InputAttributes represents the attributes of an input node", + "properties": { + "disabled": { + "description": "Sets the input's disabled field to true or false.", + "type": "boolean" + }, + "label": { + "$ref": "#/components/schemas/uiText" + }, + "name": { + "description": "The input's element name.", + "type": "string" + }, + "pattern": { + "description": "The input's pattern.", + "type": "string" + }, + "required": { + "description": "Mark this input field as required.", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/uiNodeInputAttributeType" + }, + "value": { + "description": "The input's value.", + "nullable": true + } + }, + "required": ["name", "type", "disabled"], + "type": "object" + }, + "uiNodeTextAttributes": { + "properties": { + "text": { + "$ref": "#/components/schemas/uiText" + } + }, + "required": ["text"], + "title": "TextAttributes represents the attributes of a text node.", + "type": "object" + }, + "uiNodeType": { + "type": "string" + }, + "uiNodes": { + "items": { + "$ref": "#/components/schemas/uiNode" + }, + "type": "array" + }, + "uiText": { + "properties": { + "context": { + "description": "The message's context. Useful when customizing messages.", + "type": "object" + }, + "id": { + "$ref": "#/components/schemas/ID" + }, + "text": { + "description": "The message text. Written in american english.", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/uiTextType" + } + }, + "required": ["id", "text", "type"], + "type": "object" + }, + "uiTextType": { + "type": "string" + }, + "uiTexts": { + "items": { + "$ref": "#/components/schemas/uiText" + }, + "type": "array" + }, + "verifiableIdentityAddress": { + "description": "VerifiableAddress is an identity's verifiable address", + "properties": { + "created_at": { + "description": "When this entry was created", + "example": "2014-01-01T23:28:56.782Z", + "format": "date-time", + "type": "string" + }, + "id": { + "$ref": "#/components/schemas/UUID" + }, + "status": { + "$ref": "#/components/schemas/identityVerifiableAddressStatus" + }, + "updated_at": { + "description": "When this entry was last updated", + "example": "2014-01-01T23:28:56.782Z", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "The address value\n\nexample foo@user.com", + "type": "string" + }, + "verified": { + "description": "Indicates if the address has already been verified", + "example": true, + "type": "boolean" + }, + "verified_at": { + "$ref": "#/components/schemas/nullTime" + }, + "via": { + "$ref": "#/components/schemas/identityVerifiableAddressType" + } + }, + "required": ["id", "value", "verified", "via", "status"], + "type": "object" + }, + "version": { + "properties": { + "version": { + "description": "Version is the service's version.", + "type": "string" + } + }, + "type": "object" + } + }, + "securitySchemes": { + "oryAccessToken": { + "description": "This security mechanism is only applicable when using the [Ory Platform](https://console.ory.sh) by\ncreating an [Ory Personal Access Token](https://www.ory.sh/docs/guides/create-personal-access-token).\nIf you are using the open source version, this security mechanism\nwill not work out of the box as you will need to add a security mechanism yourself.\n", + "scheme": "bearer", + "type": "http" + } + } + }, + "info": { + "contact": { + "email": "hi@ory.sh" + }, + "description": "Documentation for all public and administrative Ory Kratos APIs. Public and administrative APIs\nare exposed on different ports. Public APIs can face the public internet without any protection\nwhile administrative APIs should never be exposed without prior authorization. To protect\nthe administative API port you should use something like Nginx, Ory Oathkeeper, or any other\ntechnology capable of authorizing incoming requests.\n", + "license": { + "name": "Apache 2.0" + }, + "title": "Ory Kratos API", + "version": "" + }, + "openapi": "3.0.3", + "paths": { + "/health/alive": { + "get": { + "description": "This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming\nHTTP requests. This status does currently not include checks whether the database connection is working.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.", + "operationId": "isAlive", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "properties": { + "status": { + "description": "Always \"ok\".", + "type": "string" + } + }, + "required": ["status"], + "type": "object" + } + } + }, + "description": "Ory Kratos is ready to accept connections." + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/genericError" + } + } + }, + "description": "genericError" + } + }, + "summary": "Check HTTP Server Status", + "tags": ["admin"] + } + }, + "/health/ready": { + "get": { + "description": "This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g.\nthe database) are responsive as well.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of Ory Kratos, the health status will never\nrefer to the cluster state, only to a single instance.", + "operationId": "isReady", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "properties": { + "status": { + "description": "Always \"ok\".", + "type": "string" + } + }, + "required": ["status"], + "type": "object" + } + } + }, + "description": "Ory Kratos is ready to accept requests." + }, + "503": { + "content": { + "application/json": { + "schema": { + "properties": { + "errors": { + "additionalProperties": { + "type": "string" + }, + "description": "Errors contains a list of errors that caused the not ready status.", + "type": "object" + } + }, + "required": ["errors"], + "type": "object" + } + } + }, + "description": "Ory Kratos is not yet ready to accept requests." + } + }, + "summary": "Check HTTP Server and Database Status", + "tags": ["admin"] + } + }, + "/identities": { + "get": { + "description": "Lists all identities. Does not support search at the moment.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", + "operationId": "adminListIdentities", + "parameters": [ + { + "description": "Items per Page\n\nThis is the number of items per page.", + "in": "query", + "name": "per_page", + "schema": { + "default": 100, + "format": "int64", + "maximum": 500, + "minimum": 1, + "type": "integer" + } + }, + { + "description": "Pagination Page", + "in": "query", + "name": "page", + "schema": { + "default": 0, + "format": "int64", + "minimum": 0, + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identityList" + } + } + }, + "description": "identityList" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "security": [ + { + "oryAccessToken": [] + } + ], + "summary": "List Identities", + "tags": ["v0alpha1"] + }, + "post": { + "description": "This endpoint creates an identity. It is NOT possible to set an identity's credentials (password, ...)\nusing this method! A way to achieve that will be introduced in the future.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", + "operationId": "adminCreateIdentity", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/adminCreateIdentityBody" + } + } + }, + "x-originalParamName": "Body" + }, + "responses": { + "201": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity" + } + } + }, + "description": "identity" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "409": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "security": [ + { + "oryAccessToken": [] + } + ], + "summary": "Create an Identity", + "tags": ["v0alpha1"] + } + }, + "/identities/{id}": { + "delete": { + "description": "Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone.\nThis endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is\nassumed that is has been deleted already.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", + "operationId": "adminDeleteIdentity", + "parameters": [ + { + "description": "ID is the identity's ID.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "$ref": "#/components/responses/emptyResponse" + }, + "404": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "security": [ + { + "oryAccessToken": [] + } + ], + "summary": "Delete an Identity", + "tags": ["v0alpha1"] + }, + "get": { + "description": "Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", + "operationId": "adminGetIdentity", + "parameters": [ + { + "description": "ID must be set to the ID of identity you want to get", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity" + } + } + }, + "description": "identity" + }, + "404": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "security": [ + { + "oryAccessToken": [] + } + ], + "summary": "Get an Identity", + "tags": ["v0alpha1"] + }, + "put": { + "description": "This endpoint updates an identity. It is NOT possible to set an identity's credentials (password, ...)\nusing this method! A way to achieve that will be introduced in the future.\n\nThe full identity payload (except credentials) is expected. This endpoint does not support patching.\n\nLearn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).", + "operationId": "adminUpdateIdentity", + "parameters": [ + { + "description": "ID must be set to the ID of identity you want to update", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AdminUpdateIdentityBody" + } + } + }, + "x-originalParamName": "Body" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity" + } + } + }, + "description": "identity" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "404": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "409": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "security": [ + { + "oryAccessToken": [] + } + ], + "summary": "Update an Identity", + "tags": ["v0alpha1"] + } + }, + "/metrics/prometheus": { + "get": { + "description": "```\nmetadata:\nannotations:\nprometheus.io/port: \"4434\"\nprometheus.io/path: \"/metrics/prometheus\"\n```", + "operationId": "prometheus", + "responses": { + "200": { + "$ref": "#/components/responses/emptyResponse" + } + }, + "summary": "Get snapshot metrics from the service. If you're using k8s, you can then add annotations to\nyour deployment like so:", + "tags": ["admin"] + } + }, + "/recovery/link": { + "post": { + "description": "This endpoint creates a recovery link which should be given to the user in order for them to recover\n(or activate) their account.", + "operationId": "adminCreateSelfServiceRecoveryLink", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/adminCreateSelfServiceRecoveryLinkBody" + } + } + }, + "x-originalParamName": "Body" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceRecoveryLink" + } + } + }, + "description": "selfServiceRecoveryLink" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "404": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Create a Recovery Link", + "tags": ["v0alpha1"] + } + }, + "/schemas/{id}": { + "get": { + "description": "Get a JSON Schema", + "operationId": "getJsonSchema", + "parameters": [ + { + "description": "ID must be set to the ID of schema you want to get", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonSchema" + } + } + }, + "description": "jsonSchema" + }, + "404": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "tags": ["v0alpha1"] + } + }, + "/self-service/errors": { + "get": { + "description": "This endpoint returns the error associated with a user-facing self service errors.\n\nThis endpoint supports stub values to help you implement the error UI:\n\n`?id=stub:500` - returns a stub 500 (Internal Server Error) error.\n\nMore information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors).", + "operationId": "getSelfServiceError", + "parameters": [ + { + "description": "Error is the error's ID", + "in": "query", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceError" + } + } + }, + "description": "selfServiceError" + }, + "403": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "404": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Get Self-Service Errors", + "tags": ["v0alpha1"] + } + }, + "/self-service/login": { + "post": { + "description": ":::info\n\nThis endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.\n\n:::\n\nUse this endpoint to complete a login flow. This endpoint\nbehaves differently for API and browser flows.\n\nAPI flows expect `application/json` to be sent in the body and responds with\nHTTP 200 and a application/json body with the session token on success;\nHTTP 302 redirect to a fresh login flow if the original flow expired with the appropriate error messages set;\nHTTP 400 on form validation errors.\n\nBrowser flows expect a Content-Type of `application/x-www-form-urlencoded` or `application/json` to be sent in the body and respond with\na HTTP 302 redirect to the post/after login URL or the `return_to` value if it was set and if the login succeeded;\na HTTP 302 redirect to the login UI URL with the flow ID containing the validation errors otherwise.\n\nBrowser flows with an accept header of `application/json` will not redirect but instead respond with\nHTTP 200 and a application/json body with the signed in identity and a `Set-Cookie` header on success;\nHTTP 302 redirect to a fresh login flow if the original flow expired with the appropriate error messages set;\nHTTP 400 on form validation errors.\n\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).", + "operationId": "submitSelfServiceLoginFlow", + "parameters": [ + { + "description": "The Login Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/login?flow=abcde`).", + "in": "query", + "name": "flow", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/submitSelfServiceLoginFlowBody" + } + }, + "application/x-www-form-urlencoded": { + "schema": { + "$ref": "#/components/schemas/submitSelfServiceLoginFlowBody" + } + } + }, + "x-originalParamName": "Body" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/successfulSelfServiceLoginWithoutBrowser" + } + } + }, + "description": "successfulSelfServiceLoginWithoutBrowser" + }, + "302": { + "$ref": "#/components/responses/emptyResponse" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceLoginFlow" + } + } + }, + "description": "selfServiceLoginFlow" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Submit a Login Flow", + "tags": ["v0alpha1"] + } + }, + "/self-service/login/api": { + "get": { + "description": "This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error\nwill be returned unless the URL query parameter `?refresh=true` is set.\n\nTo fetch an existing login flow call `/self-service/login/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks, including CSRF login attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).", + "operationId": "initializeSelfServiceLoginFlowWithoutBrowser", + "parameters": [ + { + "description": "Refresh a login session\n\nIf set to true, this will refresh an existing login session by\nasking the user to sign in again. This will reset the\nauthenticated_at time of the session.", + "in": "query", + "name": "refresh", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceLoginFlow" + } + } + }, + "description": "selfServiceLoginFlow" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Initialize Login Flow for APIs, Services, Apps, ...", + "tags": ["v0alpha1"] + } + }, + "/self-service/login/browser": { + "get": { + "description": "This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate\ncookies and anti-CSRF measures required for browser-based flows.\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter\n`?refresh=true` was set.\n\nIf this endpoint is called via an AJAX request, the response contains the login flow without a redirect.\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).", + "operationId": "initializeSelfServiceLoginFlowForBrowsers", + "parameters": [ + { + "description": "Refresh a login session\n\nIf set to true, this will refresh an existing login session by\nasking the user to sign in again. This will reset the\nauthenticated_at time of the session.", + "in": "query", + "name": "refresh", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceLoginFlow" + } + } + }, + "description": "selfServiceLoginFlow" + }, + "302": { + "$ref": "#/components/responses/emptyResponse" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Initialize Login Flow for Browsers", + "tags": ["v0alpha1"] + } + }, + "/self-service/login/flows": { + "get": { + "description": "This endpoint returns a login flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/login', async function (req, res) {\nconst flow = await client.getSelfServiceLoginFlow(req.header('cookie'), req.query['flow'])\n\nres.render('login', flow)\n})\n```\n\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).", + "operationId": "getSelfServiceLoginFlow", + "parameters": [ + { + "description": "The Login Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/login?flow=abcde`).", + "in": "query", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here.", + "in": "header", + "name": "cookie", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceLoginFlow" + } + } + }, + "description": "selfServiceLoginFlow" + }, + "403": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "404": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "410": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Get Login Flow", + "tags": ["v0alpha1"] + } + }, + "/self-service/logout": { + "get": { + "description": "This endpoint logs out an identity in a self-service manner.\n\nIf the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 302 Found)\nto the `return_to` parameter of the initial request or fall back to `urls.default_return_to`.\n\nIf the `Accept` HTTP header is set to `application/json`, a 204 No Content response\nwill be sent on successful logout instead.\n\nThis endpoint is NOT INTENDED for API clients and only works\nwith browsers (Chrome, Firefox, ...). For API clients you can\ncall the `/self-service/logout/api` URL directly with the Ory Session Token.\n\nMore information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout).", + "operationId": "submitSelfServiceLogoutFlow", + "parameters": [ + { + "description": "A Valid Logout Token\n\nIf you do not have a logout token because you only have a session cookie,\ncall `/self-service/logout/urls` to generate a URL for this endpoint.", + "in": "query", + "name": "token", + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "$ref": "#/components/responses/emptyResponse" + }, + "302": { + "$ref": "#/components/responses/emptyResponse" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Complete Self-Service Logout", + "tags": ["v0alpha1"] + } + }, + "/self-service/logout/api": { + "delete": { + "description": "Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully\nrevoked, the server returns a 204 No Content response. A 204 No Content response is also sent when\nthe Ory Session Token has been revoked already before.\n\nIf the Ory Session Token is malformed or does not exist a 403 Forbidden response will be returned.\n\nThis endpoint does not remove any HTTP\nCookies - use the Browser-Based Self-Service Logout Flow instead.", + "operationId": "submitSelfServiceLogoutFlowWithoutBrowser", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/submitSelfServiceLogoutFlowWithoutBrowserBody" + } + } + }, + "required": true, + "x-originalParamName": "Body" + }, + "responses": { + "204": { + "$ref": "#/components/responses/emptyResponse" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Perform Logout for APIs, Services, Apps, ...", + "tags": ["v0alpha1"] + } + }, + "/self-service/logout/browser": { + "get": { + "description": "This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.\n\nThis endpoint is NOT INTENDED for API clients and only works\nwith browsers (Chrome, Firefox, ...). For API clients you can\ncall the `/self-service/logout/api` URL directly with the Ory Session Token.\n\nThe URL is only valid for the currently signed in user. If no user is signed in, this endpoint returns\na 401 error.\n\nWhen calling this endpoint from a backend, please ensure to properly forward the HTTP cookies.", + "operationId": "createSelfServiceLogoutFlowUrlForBrowsers", + "parameters": [ + { + "description": "HTTP Cookies\n\nIf you call this endpoint from a backend, please include the\noriginal Cookie header in the request.", + "in": "header", + "name": "cookie", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceLogoutUrl" + } + } + }, + "description": "selfServiceLogoutUrl" + }, + "401": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Create a Logout URL for Browsers", + "tags": ["v0alpha1"] + } + }, + "/self-service/recovery": { + "post": { + "description": "Use this endpoint to complete a recovery flow. This endpoint\nbehaves differently for API and browser flows and has several states:\n\n`choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent\nand works with API- and Browser-initiated flows.\nFor API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid.\nand a HTTP 302 Found redirect with a fresh recovery flow if the flow was otherwise invalid (e.g. expired).\nFor Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 302 Found redirect to the Recovery UI URL with the Recovery Flow ID appended.\n`sent_email` is the success state after `choose_method` for the `link` method and allows the user to request another recovery email. It\nworks for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state.\n`passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\"sending a recovery link\")\ndoes not have any API capabilities. The server responds with a HTTP 302 Found redirect either to the Settings UI URL\n(if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with\na new Recovery Flow ID which contains an error message that the recovery link was invalid.\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).", + "operationId": "submitSelfServiceRecoveryFlow", + "parameters": [ + { + "description": "The Recovery Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/recovery?flow=abcde`).", + "in": "query", + "name": "flow", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "Recovery Token\n\nThe recovery token which completes the recovery request. If the token\nis invalid (e.g. expired) an error will be shown to the end-user.\n\nThis parameter is usually set in a link and not used by any direct API call.", + "in": "query", + "name": "token", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/submitSelfServiceRecoveryFlowBody" + } + }, + "application/x-www-form-urlencoded": { + "schema": { + "$ref": "#/components/schemas/submitSelfServiceRecoveryFlowBody" + } + } + }, + "x-originalParamName": "Body" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceRecoveryFlow" + } + } + }, + "description": "selfServiceRecoveryFlow" + }, + "302": { + "$ref": "#/components/responses/emptyResponse" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceRecoveryFlow" + } + } + }, + "description": "selfServiceRecoveryFlow" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Complete Recovery Flow", + "tags": ["v0alpha1"] + } + }, + "/self-service/recovery/api": { + "get": { + "description": "This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error.\n\nTo fetch an existing recovery flow call `/self-service/recovery/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).", + "operationId": "initializeSelfServiceRecoveryFlowWithoutBrowser", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceRecoveryFlow" + } + } + }, + "description": "selfServiceRecoveryFlow" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Initialize Recovery Flow for APIs, Services, Apps, ...", + "tags": ["v0alpha1"] + } + }, + "/self-service/recovery/browser": { + "get": { + "description": "This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to\n`selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists, the browser is returned to the configured return URL.\n\nIf this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects\nor a 400 bad request error if the user is already authenticated.\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).", + "operationId": "initializeSelfServiceRecoveryFlowForBrowsers", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceRecoveryFlow" + } + } + }, + "description": "selfServiceRecoveryFlow" + }, + "302": { + "$ref": "#/components/responses/emptyResponse" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Initialize Recovery Flow for Browsers", + "tags": ["v0alpha1"] + } + }, + "/self-service/recovery/flows": { + "get": { + "description": "This endpoint returns a recovery flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/recovery', async function (req, res) {\nconst flow = await client.getSelfServiceRecoveryFlow(req.header('Cookie'), req.query['flow'])\n\nres.render('recovery', flow)\n})\n```\n\nMore information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).", + "operationId": "getSelfServiceRecoveryFlow", + "parameters": [ + { + "description": "The Flow ID\n\nThe value for this parameter comes from `request` URL Query parameter sent to your\napplication (e.g. `/recovery?flow=abcde`).", + "in": "query", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here.", + "in": "header", + "name": "cookie", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceRecoveryFlow" + } + } + }, + "description": "selfServiceRecoveryFlow" + }, + "404": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "410": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Get Recovery Flow", + "tags": ["v0alpha1"] + } + }, + "/self-service/registration": { + "post": { + "description": "Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint\nbehaves differently for API and browser flows.\n\nAPI flows expect `application/json` to be sent in the body and respond with\nHTTP 200 and a application/json body with the created identity success - if the session hook is configured the\n`session` and `session_token` will also be included;\nHTTP 302 redirect to a fresh registration flow if the original flow expired with the appropriate error messages set;\nHTTP 400 on form validation errors.\n\nBrowser flows expect a Content-Type of `application/x-www-form-urlencoded` or `application/json` to be sent in the body and respond with\na HTTP 302 redirect to the post/after registration URL or the `return_to` value if it was set and if the registration succeeded;\na HTTP 302 redirect to the registration UI URL with the flow ID containing the validation errors otherwise.\n\nBrowser flows with an accept header of `application/json` will not redirect but instead respond with\nHTTP 200 and a application/json body with the signed in identity and a `Set-Cookie` header on success;\nHTTP 302 redirect to a fresh login flow if the original flow expired with the appropriate error messages set;\nHTTP 400 on form validation errors.\n\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).", + "operationId": "submitSelfServiceRegistrationFlow", + "parameters": [ + { + "description": "The Registration Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/registration?flow=abcde`).", + "in": "query", + "name": "flow", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/submitSelfServiceRegistrationFlowBody" + } + }, + "application/x-www-form-urlencoded": { + "schema": { + "$ref": "#/components/schemas/submitSelfServiceRegistrationFlowBody" + } + } + }, + "x-originalParamName": "Body" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/successfulSelfServiceRegistrationWithoutBrowser" + } + } + }, + "description": "successfulSelfServiceRegistrationWithoutBrowser" + }, + "302": { + "$ref": "#/components/responses/emptyResponse" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceRegistrationFlow" + } + } + }, + "description": "selfServiceRegistrationFlow" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Submit a Registration Flow", + "tags": ["v0alpha1"] + } + }, + "/self-service/registration/api": { + "get": { + "description": "This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.\n\nIf a valid provided session cookie or session token is provided, a 400 Bad Request error\nwill be returned unless the URL query parameter `?refresh=true` is set.\n\nTo fetch an existing registration flow call `/self-service/registration/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).", + "operationId": "initializeSelfServiceRegistrationFlowWithoutBrowser", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceRegistrationFlow" + } + } + }, + "description": "selfServiceRegistrationFlow" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Initialize Registration Flow for APIs, Services, Apps, ...", + "tags": ["v0alpha1"] + } + }, + "/self-service/registration/browser": { + "get": { + "description": "This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate\ncookies and anti-CSRF measures required for browser-based flows.\n\n:::info\n\nThis endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.\n\n:::\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.registration.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session\nexists already, the browser will be redirected to `urls.default_redirect_url`.\n\nIf this endpoint is called via an AJAX request, the response contains the registration flow without a redirect.\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).", + "operationId": "initializeSelfServiceRegistrationFlowForBrowsers", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceRegistrationFlow" + } + } + }, + "description": "selfServiceRegistrationFlow" + }, + "302": { + "$ref": "#/components/responses/emptyResponse" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Initialize Registration Flow for Browsers", + "tags": ["v0alpha1"] + } + }, + "/self-service/registration/flows": { + "get": { + "description": "This endpoint returns a registration flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/registration', async function (req, res) {\nconst flow = await client.getSelfServiceRegistrationFlow(req.header('cookie'), req.query['flow'])\n\nres.render('registration', flow)\n})\n```\n\nMore information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).", + "operationId": "getSelfServiceRegistrationFlow", + "parameters": [ + { + "description": "The Registration Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/registration?flow=abcde`).", + "in": "query", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here.", + "in": "header", + "name": "cookie", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceRegistrationFlow" + } + } + }, + "description": "selfServiceRegistrationFlow" + }, + "403": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "404": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "410": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Get Registration Flow", + "tags": ["v0alpha1"] + } + }, + "/self-service/settings": { + "post": { + "description": "Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint\nbehaves differently for API and browser flows.\n\nAPI-initiated flows expect `application/json` to be sent in the body and respond with\nHTTP 200 and an application/json body with the session token on success;\nHTTP 302 redirect to a fresh settings flow if the original flow expired with the appropriate error messages set;\nHTTP 400 on form validation errors.\nHTTP 401 when the endpoint is called without a valid session token.\nHTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached.\nImplies that the user needs to re-authenticate.\n\nBrowser flows without HTTP Header `Accept` or with `Accept: text/*` respond with\na HTTP 302 redirect to the post/after settings URL or the `return_to` value if it was set and if the flow succeeded;\na HTTP 302 redirect to the Settings UI URL with the flow ID containing the validation errors otherwise.\na HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached.\n\nBrowser flows with HTTP Header `Accept: application/json` respond with\nHTTP 200 and a application/json body with the signed in identity and a `Set-Cookie` header on success;\nHTTP 302 redirect to a fresh login flow if the original flow expired with the appropriate error messages set;\nHTTP 403 when the page is accessed without a session cookie.\nHTTP 400 on form validation errors.\n\nMore information can be found at [Ory Kratos User Settings \u0026 Profile Management Documentation](../self-service/flows/user-settings).", + "operationId": "submitSelfServiceSettingsFlow", + "parameters": [ + { + "description": "The Settings Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/settings?flow=abcde`).", + "in": "query", + "name": "flow", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "The Session Token of the Identity performing the settings flow.", + "in": "header", + "name": "X-Session-Token", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/submitSelfServiceSettingsFlowBody" + } + }, + "application/x-www-form-urlencoded": { + "schema": { + "$ref": "#/components/schemas/submitSelfServiceSettingsFlowBody" + } + } + }, + "x-originalParamName": "Body" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/successfulSelfServiceSettingsWithoutBrowser" + } + } + }, + "description": "successfulSelfServiceSettingsWithoutBrowser" + }, + "302": { + "$ref": "#/components/responses/emptyResponse" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceSettingsFlow" + } + } + }, + "description": "selfServiceSettingsFlow" + }, + "401": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "403": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "security": [ + { + "sessionToken": [] + } + ], + "summary": "Complete Settings Flow", + "tags": ["v0alpha1"] + } + }, + "/self-service/settings/api": { + "get": { + "description": "This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on.\nYou must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK.\n\nTo fetch an existing settings flow call `/self-service/settings/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos User Settings \u0026 Profile Management Documentation](../self-service/flows/user-settings).", + "operationId": "initializeSelfServiceSettingsFlowWithoutBrowser", + "parameters": [ + { + "description": "The Session Token of the Identity performing the settings flow.", + "in": "header", + "name": "X-Session-Token", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceSettingsFlow" + } + } + }, + "description": "selfServiceSettingsFlow" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Initialize Settings Flow for APIs, Services, Apps, ...", + "tags": ["v0alpha1"] + } + }, + "/self-service/settings/browser": { + "get": { + "description": "This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to\n`selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid\nOry Kratos Session Cookie is included in the request, a login flow will be initialized.\n\nIf this endpoint is opened as a link in the browser, it will be redirected to\n`selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid user session\nwas set, the browser will be redirected to the login endpoint.\n\nIf this endpoint is called via an AJAX request, the response contains the settings flow without any redirects\nor a 403 forbidden error if no valid session was set.\n\nThis endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.\n\nMore information can be found at [Ory Kratos User Settings \u0026 Profile Management Documentation](../self-service/flows/user-settings).", + "operationId": "initializeSelfServiceSettingsFlowForBrowsers", + "parameters": [ + { + "description": "The Session Cookie of the Identity performing the settings flow.", + "in": "header", + "name": "Cookie", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceSettingsFlow" + } + } + }, + "description": "selfServiceSettingsFlow" + }, + "302": { + "$ref": "#/components/responses/emptyResponse" + }, + "403": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Initialize Settings Flow for Browsers", + "tags": ["v0alpha1"] + } + }, + "/self-service/settings/flows": { + "get": { + "description": "When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie\nor the Ory Kratos Session Token are set. The public endpoint does not return 404 status codes\nbut instead 403 or 500 to improve data privacy.\n\nYou can access this endpoint without credentials when using Ory Kratos' Admin API.\n\nMore information can be found at [Ory Kratos User Settings \u0026 Profile Management Documentation](../self-service/flows/user-settings).", + "operationId": "getSelfServiceSettingsFlow", + "parameters": [ + { + "description": "ID is the Settings Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/settings?flow=abcde`).", + "in": "query", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "The Session Token\n\nWhen using the SDK in an app without a browser, please include the\nsession token here.", + "in": "header", + "name": "X-Session-Token", + "schema": { + "type": "string" + } + }, + { + "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here. You only need to do this for browser-\nbased flows.", + "in": "header", + "name": "cookie", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceSettingsFlow" + } + } + }, + "description": "selfServiceSettingsFlow" + }, + "403": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "404": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "410": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Get Settings Flow", + "tags": ["v0alpha1"] + } + }, + "/self-service/verification": { + "post": { + "description": "Use this endpoint to complete a verification flow. This endpoint\nbehaves differently for API and browser flows and has several states:\n\n`choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent\nand works with API- and Browser-initiated flows.\nFor API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid\nand a HTTP 302 Found redirect with a fresh verification flow if the flow was otherwise invalid (e.g. expired).\nFor Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 302 Found redirect to the Verification UI URL with the Verification Flow ID appended.\n`sent_email` is the success state after `choose_method` when using the `link` method and allows the user to request another verification email. It\nworks for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state.\n`passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\"sending a verification link\")\ndoes not have any API capabilities. The server responds with a HTTP 302 Found redirect either to the Settings UI URL\n(if the link was valid) and instructs the user to update their password, or a redirect to the Verification UI URL with\na new Verification Flow ID which contains an error message that the verification link was invalid.\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", + "operationId": "submitSelfServiceVerificationFlow", + "parameters": [ + { + "description": "The Verification Flow ID\n\nThe value for this parameter comes from `flow` URL Query parameter sent to your\napplication (e.g. `/verification?flow=abcde`).", + "in": "query", + "name": "flow", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "Verification Token\n\nThe verification token which completes the verification request. If the token\nis invalid (e.g. expired) an error will be shown to the end-user.\n\nThis parameter is usually set in a link and not used by any direct API call.", + "in": "query", + "name": "token", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/submitSelfServiceVerificationFlowBody" + } + }, + "application/x-www-form-urlencoded": { + "schema": { + "$ref": "#/components/schemas/submitSelfServiceVerificationFlowBody" + } + } + }, + "x-originalParamName": "Body" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceVerificationFlow" + } + } + }, + "description": "selfServiceVerificationFlow" + }, + "302": { + "$ref": "#/components/responses/emptyResponse" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceVerificationFlow" + } + } + }, + "description": "selfServiceVerificationFlow" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Complete Verification Flow", + "tags": ["v0alpha1"] + } + }, + "/self-service/verification/api": { + "get": { + "description": "This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.\n\nTo fetch an existing verification flow call `/self-service/verification/flows?flow=\u003cflow_id\u003e`.\n\nYou MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server\nPages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make\nyou vulnerable to a variety of CSRF attacks.\n\nThis endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", + "operationId": "initializeSelfServiceVerificationFlowWithoutBrowser", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceVerificationFlow" + } + } + }, + "description": "selfServiceVerificationFlow" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Initialize Verification Flow for APIs, Services, Apps, ...", + "tags": ["v0alpha1"] + } + }, + "/self-service/verification/browser": { + "get": { + "description": "This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to\n`selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.\n\nIf this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects.\n\nThis endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", + "operationId": "initializeSelfServiceVerificationFlowForBrowsers", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceVerificationFlow" + } + } + }, + "description": "selfServiceVerificationFlow" + }, + "302": { + "$ref": "#/components/responses/emptyResponse" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Initialize Verification Flow for Browser Clients", + "tags": ["v0alpha1"] + } + }, + "/self-service/verification/flows": { + "get": { + "description": "This endpoint returns a verification flow's context with, for example, error details and other information.\n\nBrowser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header.\nFor AJAX requests you must ensure that cookies are included in the request or requests will fail.\n\nIf you use the browser-flow for server-side apps, the services need to run on a common top-level-domain\nand you need to forward the incoming HTTP Cookie header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/recovery', async function (req, res) {\nconst flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow'])\n\nres.render('verification', flow)\n})\n\nMore information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).", + "operationId": "getSelfServiceVerificationFlow", + "parameters": [ + { + "description": "The Flow ID\n\nThe value for this parameter comes from `request` URL Query parameter sent to your\napplication (e.g. `/verification?flow=abcde`).", + "in": "query", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "HTTP Cookies\n\nWhen using the SDK on the server side you must include the HTTP Cookie Header\noriginally sent to your HTTP handler here.", + "in": "header", + "name": "cookie", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/selfServiceVerificationFlow" + } + } + }, + "description": "selfServiceVerificationFlow" + }, + "403": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "404": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Get Verification Flow", + "tags": ["v0alpha1"] + } + }, + "/sessions/whoami": { + "get": { + "description": "Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.\nReturns a session object in the body or 401 if the credentials are invalid or no credentials were sent.\nAdditionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response.\n\nIf you call this endpoint from a server-side application, you must forward the HTTP Cookie Header to this endpoint:\n\n```js\npseudo-code example\nrouter.get('/protected-endpoint', async function (req, res) {\nconst session = await client.toSession(undefined, req.header('cookie'))\n\nconsole.log(session)\n})\n```\n\nWhen calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token:\n\n```js\npseudo-code example\n...\nconst session = await client.toSession(\"the-session-token\")\n\nconsole.log(session)\n```\n\nThis endpoint is useful for:\n\nAJAX calls. Remember to send credentials and set up CORS correctly!\nReverse proxies and API Gateways\nServer-side calls - use the `X-Session-Token` header!\n\nThis endpoint authenticates users by checking\n\nif the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie;\nif the `Authorization: bearer \u003cory-session-token\u003e` HTTP header was set with a valid Ory Kratos Session Token;\nif the `X-Session-Token` HTTP header was set with a valid Ory Kratos Session Token.\n\nIf none of these headers are set or the cooke or token are invalid, the endpoint returns a HTTP 401 status code.", + "operationId": "toSession", + "parameters": [ + { + "description": "Set the Session Token when calling from non-browser clients. A session token has a format of `MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj`.", + "example": "MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj", + "in": "header", + "name": "X-Session-Token", + "schema": { + "type": "string" + } + }, + { + "description": "Set the Cookie Header. This is especially useful when calling this endpoint from a server-side application. In that\nscenario you must include the HTTP Cookie Header which originally was included in the request to your server.\nAn example of a session in the HTTP Cookie Header is: `ory_kratos_session=a19iOVAbdzdgl70Rq1QZmrKmcjDtdsviCTZx7m9a9yHIUS8Wa9T7hvqyGTsLHi6Qifn2WUfpAKx9DWp0SJGleIn9vh2YF4A16id93kXFTgIgmwIOvbVAScyrx7yVl6bPZnCx27ec4WQDtaTewC1CpgudeDV2jQQnSaCP6ny3xa8qLH-QUgYqdQuoA_LF1phxgRCUfIrCLQOkolX5nv3ze_f==`.\n\nIt is ok if more than one cookie are included here as all other cookies will be ignored.", + "example": "ory_kratos_session=a19iOVAbdzdgl70Rq1QZmrKmcjDtdsviCTZx7m9a9yHIUS8Wa9T7hvqyGTsLHi6Qifn2WUfpAKx9DWp0SJGleIn9vh2YF4A16id93kXFTgIgmwIOvbVAScyrx7yVl6bPZnCx27ec4WQDtaTewC1CpgudeDV2jQQnSaCP6ny3xa8qLH-QUgYqdQuoA_LF1phxgRCUfIrCLQOkolX5nv3ze_f==", + "in": "header", + "name": "Cookie", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/session" + } + } + }, + "description": "session" + }, + "401": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Check Who the Current HTTP Session Belongs To", + "tags": ["v0alpha1"] + } + }, + "/version": { + "get": { + "description": "This endpoint returns the version of Ory Kratos.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the version will never\nrefer to the cluster state, only to a single instance.", + "operationId": "getVersion", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "properties": { + "version": { + "description": "The version of Ory Kratos.", + "type": "string" + } + }, + "required": ["version"], + "type": "object" + } + } + }, + "description": "Returns the Ory Kratos version." + } + }, + "summary": "Return Running Software Version.", + "tags": ["admin"] + } + } + }, + "x-forwarded-proto": "string", + "x-request-id": "string" +} diff --git a/docs/docs/self-service/flows/code/login/index.js b/docs/docs/self-service/flows/code/login/index.js index 3fe56444054d..ba0e10f4ec08 100644 --- a/docs/docs/self-service/flows/code/login/index.js +++ b/docs/docs/self-service/flows/code/login/index.js @@ -61,7 +61,7 @@ export const initApiFlow = { go: { label: 'Go', language: 'go', - code: require('raw-loader!../../../../../../examples/go/selfserviceinit/login/main.go') + code: require('raw-loader!../../../../../../examples/go/selfservice/login/main.go') .default } } diff --git a/docs/docs/self-service/flows/code/logout/index.js b/docs/docs/self-service/flows/code/logout/index.js index 84c65794b69a..75bda76a303c 100644 --- a/docs/docs/self-service/flows/code/logout/index.js +++ b/docs/docs/self-service/flows/code/logout/index.js @@ -7,7 +7,7 @@ export const apiFlow = { go: { label: 'Go', language: 'go', - code: require('raw-loader!../../../../../../examples/go/selfservicesubmit/logout/main.go') + code: require('raw-loader!../../../../../../examples/go/selfservice/logout/main.go') .default } } diff --git a/docs/docs/self-service/flows/code/recovery/index.js b/docs/docs/self-service/flows/code/recovery/index.js index 3eabbe53a8bf..60dd8403feab 100644 --- a/docs/docs/self-service/flows/code/recovery/index.js +++ b/docs/docs/self-service/flows/code/recovery/index.js @@ -61,7 +61,7 @@ export const initApiFlow = { go: { label: 'Go', language: 'go', - code: require('raw-loader!../../../../../../examples/go/selfserviceinit/recovery/main.go') + code: require('raw-loader!../../../../../../examples/go/selfservice/recovery/main.go') .default } } diff --git a/docs/docs/self-service/flows/code/registration/index.js b/docs/docs/self-service/flows/code/registration/index.js index 45819e48c783..0721e135fa2b 100644 --- a/docs/docs/self-service/flows/code/registration/index.js +++ b/docs/docs/self-service/flows/code/registration/index.js @@ -61,7 +61,7 @@ export const initApiFlow = { go: { label: 'Go', language: 'go', - code: require('raw-loader!../../../../../../examples/go/selfserviceinit/registration/main.go') + code: require('raw-loader!../../../../../../examples/go/selfservice/registration/main.go') .default } } diff --git a/docs/docs/self-service/flows/code/settings/index.js b/docs/docs/self-service/flows/code/settings/index.js index 8c91323a31df..b2c941f4bacc 100644 --- a/docs/docs/self-service/flows/code/settings/index.js +++ b/docs/docs/self-service/flows/code/settings/index.js @@ -69,7 +69,7 @@ export const initApiFlow = { go: { label: 'Go', language: 'go', - code: require('raw-loader!../../../../../../examples/go/selfserviceinit/settings/main.go') + code: require('raw-loader!../../../../../../examples/go/selfservice/settings/main.go') .default }, curlUnauth: { diff --git a/docs/docs/self-service/flows/code/verification/index.js b/docs/docs/self-service/flows/code/verification/index.js index d82878818c05..518030303164 100644 --- a/docs/docs/self-service/flows/code/verification/index.js +++ b/docs/docs/self-service/flows/code/verification/index.js @@ -61,7 +61,7 @@ export const initApiFlow = { go: { label: 'Go', language: 'go', - code: require('raw-loader!../../../../../../examples/go/selfserviceinit/verification/main.go') + code: require('raw-loader!../../../../../../examples/go/selfservice/verification/main.go') .default } } diff --git a/schema/handler.go b/schema/handler.go index 607a3b4c51e9..6b8f5a13d276 100644 --- a/schema/handler.go +++ b/schema/handler.go @@ -7,6 +7,8 @@ import ( "net/http" "os" + "github.com/ory/kratos/driver/config" + "github.com/julienschmidt/httprouter" "github.com/pkg/errors" @@ -20,6 +22,8 @@ type ( x.WriterProvider x.LoggingProvider IdentityTraitsProvider + x.CSRFProvider + config.Provider } Handler struct { r handlerDependencies @@ -36,11 +40,12 @@ func NewHandler(r handlerDependencies) *Handler { const SchemasPath string = "schemas" func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) { + h.r.CSRFHandler().IgnoreGlobs(fmt.Sprintf("/%s/*", SchemasPath)) public.GET(fmt.Sprintf("/%s/:id", SchemasPath), h.get) } func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { - admin.GET(fmt.Sprintf("/%s/:id", SchemasPath), h.get) + admin.GET(fmt.Sprintf("/%s/:id", SchemasPath), x.RedirectToPublicRoute(h.r)) } // Raw JSON Schema diff --git a/selfservice/flow/recovery/handler.go b/selfservice/flow/recovery/handler.go index 0503c435d2a5..37aa201e6b3d 100644 --- a/selfservice/flow/recovery/handler.go +++ b/selfservice/flow/recovery/handler.go @@ -83,6 +83,11 @@ func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) { } func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { + admin.GET(RouteInitBrowserFlow, x.RedirectToPublicRoute(h.d)) + admin.GET(RouteInitAPIFlow, x.RedirectToPublicRoute(h.d)) + admin.GET(RouteGetFlow, x.RedirectToPublicRoute(h.d)) + admin.GET(RouteSubmitFlow, x.RedirectToPublicRoute(h.d)) + admin.POST(RouteSubmitFlow, x.RedirectToPublicRoute(h.d)) } // swagger:route GET /self-service/recovery/api v0alpha1 initializeSelfServiceRecoveryFlowWithoutBrowser diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go index 3f8d7ae65037..a89bf5848560 100644 --- a/selfservice/flow/registration/handler.go +++ b/selfservice/flow/registration/handler.go @@ -81,7 +81,13 @@ func (h *Handler) onAuthenticated(w http.ResponseWriter, r *http.Request, ps htt handler(w, r, ps) } -func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) {} +func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { + admin.GET(RouteInitBrowserFlow, x.RedirectToPublicRoute(h.d)) + admin.GET(RouteInitAPIFlow, x.RedirectToPublicRoute(h.d)) + admin.GET(RouteGetFlow, x.RedirectToPublicRoute(h.d)) + admin.POST(RouteSubmitFlow, x.RedirectToPublicRoute(h.d)) + admin.GET(RouteSubmitFlow, x.RedirectToPublicRoute(h.d)) +} func (h *Handler) NewRegistrationFlow(w http.ResponseWriter, r *http.Request, ft flow.Type) (*Flow, error) { f := NewFlow(h.d.Config(r.Context()), h.d.Config(r.Context()).SelfServiceFlowRegistrationRequestLifespan(), h.d.GenerateCSRFToken(r), r, ft) diff --git a/selfservice/flow/settings/handler.go b/selfservice/flow/settings/handler.go index d3f0c10312c0..7ef6b4416255 100644 --- a/selfservice/flow/settings/handler.go +++ b/selfservice/flow/settings/handler.go @@ -96,6 +96,13 @@ func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) { } func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { + admin.GET(RouteInitBrowserFlow, x.RedirectToPublicRoute(h.d)) + + admin.GET(RouteInitAPIFlow, x.RedirectToPublicRoute(h.d)) + admin.GET(RouteGetFlow, x.RedirectToPublicRoute(h.d)) + + admin.POST(RouteSubmitFlow, x.RedirectToPublicRoute(h.d)) + admin.GET(RouteSubmitFlow, x.RedirectToPublicRoute(h.d)) } func (h *Handler) NewFlow(w http.ResponseWriter, r *http.Request, i *identity.Identity, ft flow.Type) (*Flow, error) { diff --git a/selfservice/flow/verification/handler.go b/selfservice/flow/verification/handler.go index ba5723e27bb6..2af20a143e34 100644 --- a/selfservice/flow/verification/handler.go +++ b/selfservice/flow/verification/handler.go @@ -71,7 +71,14 @@ func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) { public.GET(RouteSubmitFlow, h.submitFlow) } -func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) {} +func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { + admin.GET(RouteInitBrowserFlow, x.RedirectToPublicRoute(h.d)) + admin.GET(RouteInitAPIFlow, x.RedirectToPublicRoute(h.d)) + admin.GET(RouteGetFlow, x.RedirectToPublicRoute(h.d)) + + admin.POST(RouteSubmitFlow, x.RedirectToPublicRoute(h.d)) + admin.GET(RouteSubmitFlow, x.RedirectToPublicRoute(h.d)) +} // swagger:route GET /self-service/verification/api v0alpha1 initializeSelfServiceVerificationFlowWithoutBrowser // diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go index 52465a5a693e..f924e3e02c4d 100644 --- a/selfservice/strategy/link/strategy_recovery.go +++ b/selfservice/strategy/link/strategy_recovery.go @@ -34,6 +34,9 @@ func (s *Strategy) RecoveryStrategyID() string { } func (s *Strategy) RegisterPublicRecoveryRoutes(public *x.RouterPublic) { + s.d.CSRFHandler().IgnorePath(RouteAdminCreateRecoveryLink) + public.POST(RouteAdminCreateRecoveryLink, x.RedirectToAdminRoute(s.d)) + } func (s *Strategy) RegisterAdminRecoveryRoutes(admin *x.RouterAdmin) {