docs: bump to 2d9333091a1fc8c74219e466711761786444c25d

Author: aeneasr

docs/reference/api.json

@@ -1282,6 +1282,14 @@
             "type": "string",
             "x-go-enum-desc": "link SelfServiceMessageVerificationStrategyLink\ncode SelfServiceMessageVerificationStrategyCode"
           },
+          "kratos_selfservice_methods_captcha_config_cf_turnstile_sitekey": {
+            "description": "Configures the Turnstile site key for CAPTCHA protection\n\nThe site key is public and will be shared with the client.\n\nReach out to your account manager to enable this feature.",
+            "type": "string"
+          },
+          "kratos_selfservice_methods_captcha_enabled": {
+            "description": "Configures the Ory Kratos Self-Service Methods' Captcha Enabled Setting\n\nReach out to your account manager to enable this feature.",
+            "type": "boolean"
+          },
           "kratos_selfservice_methods_code_config_lifespan": {
             "description": "Configures the Ory Kratos Code Method's lifespan\n\nThis governs the \"selfservice.methods.code.config.lifespan\" setting.",
             "type": "string"
@@ -3954,6 +3962,9 @@
           },
           "subject": {
             "type": "string"
+          },
+          "use_auto_link": {
+            "type": "boolean"
           }
         },
         "title": "CredentialsOIDCProvider is contains a specific OpenID COnnect credential for a particular connection (e.g. Google).",
@@ -4114,6 +4125,10 @@
           "subject": {
             "description": "The subject (`sub`) of the OpenID Connect connection. Usually the `sub` field of the ID Token.",
             "type": "string"
+          },
+          "use_auto_link": {
+            "description": "If set, this credential allows the user to sign in using the OpenID Connect provider without setting the subject first.",
+            "type": "boolean"
           }
         },
         "required": ["subject", "provider"],
@@ -5745,6 +5760,14 @@
             "type": "string",
             "x-go-enum-desc": "link SelfServiceMessageVerificationStrategyLink\ncode SelfServiceMessageVerificationStrategyCode"
           },
+          "kratos_selfservice_methods_captcha_config_cf_turnstile_sitekey": {
+            "description": "Configures the Turnstile site key for CAPTCHA protection\n\nThe site key is public and will be shared with the client.\n\nReach out to your account manager to enable this feature.",
+            "type": "string"
+          },
+          "kratos_selfservice_methods_captcha_enabled": {
+            "description": "Configures the Ory Kratos Self-Service Methods' Captcha Enabled Setting\n\nReach out to your account manager to enable this feature.",
+            "type": "boolean"
+          },
           "kratos_selfservice_methods_code_config_lifespan": {
             "description": "Configures the Ory Kratos Code Method's lifespan\n\nThis governs the \"selfservice.methods.code.config.lifespan\" setting.",
             "type": "string"
@@ -6350,7 +6373,7 @@
         "description": "OAuth 2.0 Clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are\ngenerated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.",
         "properties": {
           "access_token_strategy": {
-            "description": "OAuth 2.0 Access Token Strategy\n\nAccessTokenStrategy is the strategy used to generate access tokens.\nValid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens\nSetting the stragegy here overrides the global setting in `strategies.access_token`.",
+            "description": "OAuth 2.0 Access Token Strategy\n\nAccessTokenStrategy is the strategy used to generate access tokens.\nValid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/oauth2-oidc/jwt-access-token\nSetting the stragegy here overrides the global setting in `strategies.access_token`.",
             "type": "string"
           },
           "allowed_cors_origins": {
@@ -6577,12 +6600,16 @@
             "$ref": "#/components/schemas/StringSliceJSONFormat"
           },
           "challenge": {
-            "description": "ID is the identifier (\"authorization challenge\") of the consent authorization request. It is used to\nidentify the session.",
+            "description": "Challenge is used to retrieve/accept/deny the consent request.",
             "type": "string"
           },
           "client": {
             "$ref": "#/components/schemas/oAuth2Client"
           },
+          "consent_request_id": {
+            "description": "ConsentRequestID is the ID of the consent request.",
+            "type": "string"
+          },
           "context": {
             "$ref": "#/components/schemas/JSONRawMessage"
           },
@@ -6659,6 +6686,10 @@
           "consent_request": {
             "$ref": "#/components/schemas/oAuth2ConsentRequest"
           },
+          "consent_request_id": {
+            "description": "ConsentRequestID is the identifier of the consent request that initiated this consent session.",
+            "type": "string"
+          },
           "context": {
             "$ref": "#/components/schemas/JSONRawMessage"
           },
@@ -6722,7 +6753,7 @@
       "oAuth2LoginRequest": {
         "properties": {
           "challenge": {
-            "description": "ID is the identifier (\"login challenge\") of the login request. It is used to\nidentify the session.",
+            "description": "ID is the identifier of the login request.",
             "type": "string"
           },
           "client": {
@@ -6761,16 +6792,22 @@
       "oAuth2LogoutRequest": {
         "properties": {
           "challenge": {
-            "description": "Challenge is the identifier (\"logout challenge\") of the logout authentication request. It is used to\nidentify the session.",
+            "description": "Challenge is the identifier of the logout authentication request.",
             "type": "string"
           },
           "client": {
             "$ref": "#/components/schemas/oAuth2Client"
           },
+          "expires_at": {
+            "$ref": "#/components/schemas/nullTime"
+          },
           "request_url": {
             "description": "RequestURL is the original Logout URL requested.",
             "type": "string"
           },
+          "requested_at": {
+            "$ref": "#/components/schemas/nullTime"
+          },
           "rp_initiated": {
             "description": "RPInitiated is set to true if the request was initiated by a Relying Party (RP), also known as an OAuth 2.0 Client.",
             "type": "boolean"
@@ -7989,7 +8026,7 @@
             "type": "boolean"
           },
           "feature": {
-            "description": "\nproduction_projects ProductionProjects\nstaging_projects StagingProjects\ndevelopment_projects DevelopmentProjects\ndaily_active_users DailyActiveUsers\ncustom_domains CustomDomains\nevent_streams EventStreams\nevent_stream_events EventStreamEvents\nsla SLA\ncollaborator_seats CollaboratorSeats\nedge_cache EdgeCache\nbranding_themes BrandingThemes\nzendesk_support ZendeskSupport\nproject_metrics ProjectMetrics\nproject_metrics_time_window ProjectMetricsTimeWindow\nproject_metrics_events_history ProjectMetricsEventsHistory\norganizations Organizations\nrop_grant ResourceOwnerPasswordGrant\nconcierge_onboarding ConciergeOnboarding\ncredit Credit\ndata_location_global DataLocationGlobal\ndata_location_us DataLocationUS\ndata_location_asiane DataLocationAsiaNorthEast\nm2m_token_issuance M2MTokenIssuance\npermission_checks PermissionChecks\ncaptcha Captcha\nsaml_sp SAMLSP\nsaml_idp SAMLIDP\ndata_location_regional DataLocationRegional  Required Features\nrate_limit_tier RateLimitTier\nsession_rate_limit_tier RateLimitTierSessions\nidentities_list_rate_limit_tier RateLimitTierIdentitiesList\npermission_checks_rate_limit_tier RateLimitTierPermissionChecks\noauth2_introspect_rate_limit_tier RateLimitTierOAuth2Introspect\ncreate_recovery_admin_rate_limit_tier RateLimitTierCreateAdminRecovery",
+            "description": "\nproduction_projects ProductionProjects\nstaging_projects StagingProjects\ndevelopment_projects DevelopmentProjects\ndaily_active_users DailyActiveUsers\ncustom_domains CustomDomains\nevent_streams EventStreams\nevent_stream_events EventStreamEvents\nsla SLA\ncollaborator_seats CollaboratorSeats\nedge_cache EdgeCache\nbranding_themes BrandingThemes\nzendesk_support ZendeskSupport\nproject_metrics ProjectMetrics\nproject_metrics_time_window ProjectMetricsTimeWindow\nproject_metrics_events_history ProjectMetricsEventsHistory\norganizations Organizations\nrop_grant ResourceOwnerPasswordGrant\nconcierge_onboarding ConciergeOnboarding\ncredit Credit\ndata_location_global DataLocationGlobal\ndata_location_us DataLocationUS\ndata_location_asiane DataLocationAsiaNorthEast\nm2m_token_issuance M2MTokenIssuance\npermission_checks PermissionChecks\ncaptcha Captcha\nsaml_sp SAMLSP\nsaml_idp SAMLIDP\nauto_link_policy AutoLinkPolicy\ndata_location_regional DataLocationRegional  Required Features\nrate_limit_tier RateLimitTier\nsession_rate_limit_tier RateLimitTierSessions\nidentities_list_rate_limit_tier RateLimitTierIdentitiesList\npermission_checks_rate_limit_tier RateLimitTierPermissionChecks\noauth2_introspect_rate_limit_tier RateLimitTierOAuth2Introspect\ncreate_recovery_admin_rate_limit_tier RateLimitTierCreateAdminRecovery",
             "enum": [
               "production_projects",
               "staging_projects",
@@ -8018,6 +8055,7 @@
               "captcha",
               "saml_sp",
               "saml_idp",
+              "auto_link_policy",
               "data_location_regional",
               "rate_limit_tier",
               "session_rate_limit_tier",
@@ -8027,7 +8065,7 @@
               "create_recovery_admin_rate_limit_tier"
             ],
             "type": "string",
-            "x-go-enum-desc": "production_projects ProductionProjects\nstaging_projects StagingProjects\ndevelopment_projects DevelopmentProjects\ndaily_active_users DailyActiveUsers\ncustom_domains CustomDomains\nevent_streams EventStreams\nevent_stream_events EventStreamEvents\nsla SLA\ncollaborator_seats CollaboratorSeats\nedge_cache EdgeCache\nbranding_themes BrandingThemes\nzendesk_support ZendeskSupport\nproject_metrics ProjectMetrics\nproject_metrics_time_window ProjectMetricsTimeWindow\nproject_metrics_events_history ProjectMetricsEventsHistory\norganizations Organizations\nrop_grant ResourceOwnerPasswordGrant\nconcierge_onboarding ConciergeOnboarding\ncredit Credit\ndata_location_global DataLocationGlobal\ndata_location_us DataLocationUS\ndata_location_asiane DataLocationAsiaNorthEast\nm2m_token_issuance M2MTokenIssuance\npermission_checks PermissionChecks\ncaptcha Captcha\nsaml_sp SAMLSP\nsaml_idp SAMLIDP\ndata_location_regional DataLocationRegional  Required Features\nrate_limit_tier RateLimitTier\nsession_rate_limit_tier RateLimitTierSessions\nidentities_list_rate_limit_tier RateLimitTierIdentitiesList\npermission_checks_rate_limit_tier RateLimitTierPermissionChecks\noauth2_introspect_rate_limit_tier RateLimitTierOAuth2Introspect\ncreate_recovery_admin_rate_limit_tier RateLimitTierCreateAdminRecovery"
+            "x-go-enum-desc": "production_projects ProductionProjects\nstaging_projects StagingProjects\ndevelopment_projects DevelopmentProjects\ndaily_active_users DailyActiveUsers\ncustom_domains CustomDomains\nevent_streams EventStreams\nevent_stream_events EventStreamEvents\nsla SLA\ncollaborator_seats CollaboratorSeats\nedge_cache EdgeCache\nbranding_themes BrandingThemes\nzendesk_support ZendeskSupport\nproject_metrics ProjectMetrics\nproject_metrics_time_window ProjectMetricsTimeWindow\nproject_metrics_events_history ProjectMetricsEventsHistory\norganizations Organizations\nrop_grant ResourceOwnerPasswordGrant\nconcierge_onboarding ConciergeOnboarding\ncredit Credit\ndata_location_global DataLocationGlobal\ndata_location_us DataLocationUS\ndata_location_asiane DataLocationAsiaNorthEast\nm2m_token_issuance M2MTokenIssuance\npermission_checks PermissionChecks\ncaptcha Captcha\nsaml_sp SAMLSP\nsaml_idp SAMLIDP\nauto_link_policy AutoLinkPolicy\ndata_location_regional DataLocationRegional  Required Features\nrate_limit_tier RateLimitTier\nsession_rate_limit_tier RateLimitTierSessions\nidentities_list_rate_limit_tier RateLimitTierIdentitiesList\npermission_checks_rate_limit_tier RateLimitTierPermissionChecks\noauth2_introspect_rate_limit_tier RateLimitTierOAuth2Introspect\ncreate_recovery_admin_rate_limit_tier RateLimitTierCreateAdminRecovery"
           },
           "feature_available": {
             "type": "boolean"
@@ -12879,7 +12917,6 @@
             "description": "OAuth 2.0 Consent Subject\n\nThe subject whose consent sessions should be deleted.",
             "in": "query",
             "name": "subject",
-            "required": true,
             "schema": {
               "type": "string"
             }
@@ -12892,6 +12929,14 @@
               "type": "string"
             }
           },
+          {
+            "description": "Consent Request ID\n\nIf set, revoke all token chains derived from this particular consent request ID.",
+            "in": "query",
+            "name": "consent_request_id",
+            "schema": {
+              "type": "string"
+            }
+          },
           {
             "description": "Revoke All Consent Sessions\n\nIf set to `true` deletes all consent sessions by the Subject that have been granted.",
             "in": "query",
@@ -13001,7 +13046,7 @@
     },
     "/admin/oauth2/auth/sessions/login": {
       "delete": {
-        "description": "This endpoint invalidates authentication sessions. After revoking the authentication session(s), the subject\nhas to re-authenticate at the Ory OAuth2 Provider. This endpoint does not invalidate any tokens.\n\nIf you send the subject in a query param, all authentication sessions that belong to that subject are revoked.\nNo OpenID Connect Front- or Back-channel logout is performed in this case.\n\nAlternatively, you can send a SessionID via `sid` query param, in which case, only the session that is connected\nto that SessionID is revoked. OpenID Connect Back-channel logout is performed in this case.",
+        "description": "This endpoint invalidates authentication sessions. After revoking the authentication session(s), the subject\nhas to re-authenticate at the Ory OAuth2 Provider. This endpoint does not invalidate any tokens.\n\nIf you send the subject in a query param, all authentication sessions that belong to that subject are revoked.\nNo OpenID Connect Front- or Back-channel logout is performed in this case.\n\nAlternatively, you can send a SessionID via `sid` query param, in which case, only the session that is connected\nto that SessionID is revoked. OpenID Connect Back-channel logout is performed in this case.\n\nWhen using Ory for the identity provider, the login provider will also invalidate the session cookie.",
         "operationId": "revokeOAuth2LoginSessions",
         "parameters": [
           {