# NOTE: This file is auto generated by OpenAPI Generator 6.2.1 (https://openapi-generator.tech).
# Do not edit this file manually.
defmodule Ory.Api.OAuth2 do
@moduledoc """
API calls for all endpoints tagged `OAuth2`.
"""
alias Ory.Connection
import Ory.RequestBuilder
@doc """
Accept OAuth 2.0 Consent Request
When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider to authenticate the subject and then tell Ory now about it. If the subject authenticated, he/she must now be asked if the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the subject's behalf. The consent challenge is appended to the consent provider's URL to which the subject's user-agent (browser) is redirected to. The consent provider uses that challenge to fetch information on the OAuth2 request and then tells Ory if the subject accepted or rejected the request. This endpoint tells Ory that the subject has authorized the OAuth 2.0 client to access resources on his/her behalf. The consent provider includes additional information, such as session data for access and ID tokens, and if the consent request should be used as basis for future requests. The response contains a redirect URL which the consent provider should redirect the user-agent to. The default consent provider is available via the Ory Managed Account Experience. To customize the consent provider, please head over to the OAuth 2.0 documentation.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `consent_challenge` (String.t): OAuth 2.0 Consent Request Challenge
- `opts` (keyword): Optional parameters
- `:body` (AcceptOAuth2ConsentRequest):
### Returns
- `{:ok, Ory.Model.OAuth2RedirectTo.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec accept_o_auth2_consent_request(Tesla.Env.client, String.t, keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.OAuth2RedirectTo.t} | {:error, Tesla.Env.t}
def accept_o_auth2_consent_request(connection, consent_challenge, opts \\ []) do
optional_params = %{
:body => :body
}
request =
%{}
|> method(:put)
|> url("/admin/oauth2/auth/requests/consent/accept")
|> add_param(:query, :consent_challenge, consent_challenge)
|> add_optional_params(optional_params, opts)
|> ensure_body()
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.OAuth2RedirectTo{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Accept OAuth 2.0 Login Request
When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider to authenticate the subject and then tell the Ory OAuth2 Service about it. The authentication challenge is appended to the login provider URL to which the subject's user-agent (browser) is redirected to. The login provider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process. This endpoint tells Ory that the subject has successfully authenticated and includes additional information such as the subject's ID and if Ory should remember the subject's subject agent for future authentication attempts by setting a cookie. The response contains a redirect URL which the login provider should redirect the user-agent to.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `login_challenge` (String.t): OAuth 2.0 Login Request Challenge
- `opts` (keyword): Optional parameters
- `:body` (AcceptOAuth2LoginRequest):
### Returns
- `{:ok, Ory.Model.OAuth2RedirectTo.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec accept_o_auth2_login_request(Tesla.Env.client, String.t, keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.OAuth2RedirectTo.t} | {:error, Tesla.Env.t}
def accept_o_auth2_login_request(connection, login_challenge, opts \\ []) do
optional_params = %{
:body => :body
}
request =
%{}
|> method(:put)
|> url("/admin/oauth2/auth/requests/login/accept")
|> add_param(:query, :login_challenge, login_challenge)
|> add_optional_params(optional_params, opts)
|> ensure_body()
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.OAuth2RedirectTo{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Accept OAuth 2.0 Session Logout Request
When a user or an application requests Ory OAuth 2.0 to remove the session state of a subject, this endpoint is used to confirm that logout request. The response contains a redirect URL which the consent provider should redirect the user-agent to.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `logout_challenge` (String.t): OAuth 2.0 Logout Request Challenge
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, Ory.Model.OAuth2RedirectTo.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec accept_o_auth2_logout_request(Tesla.Env.client, String.t, keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.OAuth2RedirectTo.t} | {:error, Tesla.Env.t}
def accept_o_auth2_logout_request(connection, logout_challenge, _opts \\ []) do
request =
%{}
|> method(:put)
|> url("/admin/oauth2/auth/requests/logout/accept")
|> add_param(:query, :logout_challenge, logout_challenge)
|> ensure_body()
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.OAuth2RedirectTo{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Create OAuth 2.0 Client
Create a new OAuth 2.0 client. If you pass `client_secret` the secret is used, otherwise a random secret is generated. The secret is echoed in the response. It is not possible to retrieve it later on.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `o_auth2_client` (OAuth2Client): OAuth 2.0 Client Request Body
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, Ory.Model.OAuth2Client.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec create_o_auth2_client(Tesla.Env.client, Ory.Model.OAuth2Client.t, keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.OAuth2Client.t} | {:error, Tesla.Env.t}
def create_o_auth2_client(connection, o_auth2_client, _opts \\ []) do
request =
%{}
|> method(:post)
|> url("/admin/clients")
|> add_param(:body, :body, o_auth2_client)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{201, %Ory.Model.OAuth2Client{}},
{400, %Ory.Model.ErrorOAuth2{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Delete OAuth 2.0 Client
Delete an existing OAuth 2.0 Client by its ID. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. Make sure that this endpoint is well protected and only callable by first-party components.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `id` (String.t): The id of the OAuth 2.0 Client.
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, nil}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec delete_o_auth2_client(Tesla.Env.client, String.t, keyword()) :: {:ok, nil} | {:ok, Ory.Model.GenericError.t} | {:error, Tesla.Env.t}
def delete_o_auth2_client(connection, id, _opts \\ []) do
request =
%{}
|> method(:delete)
|> url("/admin/clients/#{id}")
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{204, false},
{:default, %Ory.Model.GenericError{}}
])
end
@doc """
Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client
This endpoint deletes OAuth2 access tokens issued to an OAuth 2.0 Client from the database.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `client_id` (String.t): OAuth 2.0 Client ID
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, nil}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec delete_o_auth2_token(Tesla.Env.client, String.t, keyword()) :: {:ok, nil} | {:ok, Ory.Model.ErrorOAuth2.t} | {:error, Tesla.Env.t}
def delete_o_auth2_token(connection, client_id, _opts \\ []) do
request =
%{}
|> method(:delete)
|> url("/admin/oauth2/tokens")
|> add_param(:query, :client_id, client_id)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{204, false},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Delete Trusted OAuth2 JWT Bearer Grant Type Issuer
Use this endpoint to delete trusted JWT Bearer Grant Type Issuer. The ID is the one returned when you created the trust relationship. Once deleted, the associated issuer will no longer be able to perform the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grant.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `id` (String.t): The id of the desired grant
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, nil}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec delete_trusted_o_auth2_jwt_grant_issuer(Tesla.Env.client, String.t, keyword()) :: {:ok, nil} | {:ok, Ory.Model.GenericError.t} | {:error, Tesla.Env.t}
def delete_trusted_o_auth2_jwt_grant_issuer(connection, id, _opts \\ []) do
request =
%{}
|> method(:delete)
|> url("/admin/trust/grants/jwt-bearer/issuers/#{id}")
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{204, false},
{:default, %Ory.Model.GenericError{}}
])
end
@doc """
Get an OAuth 2.0 Client
Get an OAuth 2.0 client by its ID. This endpoint never returns the client secret. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `id` (String.t): The id of the OAuth 2.0 Client.
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, Ory.Model.OAuth2Client.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec get_o_auth2_client(Tesla.Env.client, String.t, keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.OAuth2Client.t} | {:error, Tesla.Env.t}
def get_o_auth2_client(connection, id, _opts \\ []) do
request =
%{}
|> method(:get)
|> url("/admin/clients/#{id}")
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.OAuth2Client{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Get OAuth 2.0 Consent Request
When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider to authenticate the subject and then tell Ory now about it. If the subject authenticated, he/she must now be asked if the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the subject's behalf. The consent challenge is appended to the consent provider's URL to which the subject's user-agent (browser) is redirected to. The consent provider uses that challenge to fetch information on the OAuth2 request and then tells Ory if the subject accepted or rejected the request. The default consent provider is available via the Ory Managed Account Experience. To customize the consent provider, please head over to the OAuth 2.0 documentation.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `consent_challenge` (String.t): OAuth 2.0 Consent Request Challenge
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, Ory.Model.OAuth2ConsentRequest.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec get_o_auth2_consent_request(Tesla.Env.client, String.t, keyword()) :: {:ok, Ory.Model.OAuth2ConsentRequest.t} | {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.OAuth2RedirectTo.t} | {:error, Tesla.Env.t}
def get_o_auth2_consent_request(connection, consent_challenge, _opts \\ []) do
request =
%{}
|> method(:get)
|> url("/admin/oauth2/auth/requests/consent")
|> add_param(:query, :consent_challenge, consent_challenge)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.OAuth2ConsentRequest{}},
{410, %Ory.Model.OAuth2RedirectTo{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Get OAuth 2.0 Login Request
When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider to authenticate the subject and then tell the Ory OAuth2 Service about it. Per default, the login provider is Ory itself. You may use a different login provider which needs to be a web-app you write and host, and it must be able to authenticate (\"show the subject a login screen\") a subject (in OAuth2 the proper name for subject is \"resource owner\"). The authentication challenge is appended to the login provider URL to which the subject's user-agent (browser) is redirected to. The login provider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `login_challenge` (String.t): OAuth 2.0 Login Request Challenge
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, Ory.Model.OAuth2LoginRequest.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec get_o_auth2_login_request(Tesla.Env.client, String.t, keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.OAuth2LoginRequest.t} | {:ok, Ory.Model.OAuth2RedirectTo.t} | {:error, Tesla.Env.t}
def get_o_auth2_login_request(connection, login_challenge, _opts \\ []) do
request =
%{}
|> method(:get)
|> url("/admin/oauth2/auth/requests/login")
|> add_param(:query, :login_challenge, login_challenge)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.OAuth2LoginRequest{}},
{410, %Ory.Model.OAuth2RedirectTo{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Get OAuth 2.0 Session Logout Request
Use this endpoint to fetch an Ory OAuth 2.0 logout request.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `logout_challenge` (String.t):
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, Ory.Model.OAuth2LogoutRequest.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec get_o_auth2_logout_request(Tesla.Env.client, String.t, keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.OAuth2LogoutRequest.t} | {:ok, Ory.Model.OAuth2RedirectTo.t} | {:error, Tesla.Env.t}
def get_o_auth2_logout_request(connection, logout_challenge, _opts \\ []) do
request =
%{}
|> method(:get)
|> url("/admin/oauth2/auth/requests/logout")
|> add_param(:query, :logout_challenge, logout_challenge)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.OAuth2LogoutRequest{}},
{410, %Ory.Model.OAuth2RedirectTo{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Get Trusted OAuth2 JWT Bearer Grant Type Issuer
Use this endpoint to get a trusted JWT Bearer Grant Type Issuer. The ID is the one returned when you created the trust relationship.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `id` (String.t): The id of the desired grant
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, Ory.Model.TrustedOAuth2JwtGrantIssuer.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec get_trusted_o_auth2_jwt_grant_issuer(Tesla.Env.client, String.t, keyword()) :: {:ok, Ory.Model.TrustedOAuth2JwtGrantIssuer.t} | {:ok, Ory.Model.GenericError.t} | {:error, Tesla.Env.t}
def get_trusted_o_auth2_jwt_grant_issuer(connection, id, _opts \\ []) do
request =
%{}
|> method(:get)
|> url("/admin/trust/grants/jwt-bearer/issuers/#{id}")
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.TrustedOAuth2JwtGrantIssuer{}},
{:default, %Ory.Model.GenericError{}}
])
end
@doc """
Introspect OAuth2 Access and Refresh Tokens
The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token is neither expired nor revoked. If a token is active, additional information on the token will be included. You can set additional data for a token by setting `session.access_token` during the consent flow.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `token` (String.t): The string value of the token. For access tokens, this is the \\\"access_token\\\" value returned from the token endpoint defined in OAuth 2.0. For refresh tokens, this is the \\\"refresh_token\\\" value returned.
- `opts` (keyword): Optional parameters
- `:scope` (String.t): An optional, space separated list of required scopes. If the access token was not granted one of the scopes, the result of active will be false.
### Returns
- `{:ok, Ory.Model.IntrospectedOAuth2Token.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec introspect_o_auth2_token(Tesla.Env.client, String.t, keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.IntrospectedOAuth2Token.t} | {:error, Tesla.Env.t}
def introspect_o_auth2_token(connection, token, opts \\ []) do
optional_params = %{
:scope => :form
}
request =
%{}
|> method(:post)
|> url("/admin/oauth2/introspect")
|> add_param(:form, :token, token)
|> add_optional_params(optional_params, opts)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.IntrospectedOAuth2Token{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
List OAuth 2.0 Clients
This endpoint lists all clients in the database, and never returns client secrets. As a default it lists the first 100 clients.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `opts` (keyword): Optional parameters
- `:page_size` (integer()): Items per Page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
- `:page_token` (String.t): Next Page Token The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
- `:client_name` (String.t): The name of the clients to filter by.
- `:owner` (String.t): The owner of the clients to filter by.
### Returns
- `{:ok, [%OAuth2Client{}, ...]}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec list_o_auth2_clients(Tesla.Env.client, keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, list(Ory.Model.OAuth2Client.t)} | {:error, Tesla.Env.t}
def list_o_auth2_clients(connection, opts \\ []) do
optional_params = %{
:page_size => :query,
:page_token => :query,
:client_name => :query,
:owner => :query
}
request =
%{}
|> method(:get)
|> url("/admin/clients")
|> add_optional_params(optional_params, opts)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, [%Ory.Model.OAuth2Client{}]},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
List OAuth 2.0 Consent Sessions of a Subject
This endpoint lists all subject's granted consent sessions, including client and granted scope. If the subject is unknown or has not granted any consent sessions yet, the endpoint returns an empty JSON array with status code 200 OK.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `subject` (String.t): The subject to list the consent sessions for.
- `opts` (keyword): Optional parameters
- `:page_size` (integer()): Items per Page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
- `:page_token` (String.t): Next Page Token The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
- `:login_session_id` (String.t): The login session id to list the consent sessions for.
### Returns
- `{:ok, [%OAuth2ConsentSession{}, ...]}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec list_o_auth2_consent_sessions(Tesla.Env.client, String.t, keyword()) :: {:ok, list(Ory.Model.OAuth2ConsentSession.t)} | {:ok, Ory.Model.ErrorOAuth2.t} | {:error, Tesla.Env.t}
def list_o_auth2_consent_sessions(connection, subject, opts \\ []) do
optional_params = %{
:page_size => :query,
:page_token => :query,
:login_session_id => :query
}
request =
%{}
|> method(:get)
|> url("/admin/oauth2/auth/sessions/consent")
|> add_param(:query, :subject, subject)
|> add_optional_params(optional_params, opts)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, [%Ory.Model.OAuth2ConsentSession{}]},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
List Trusted OAuth2 JWT Bearer Grant Type Issuers
Use this endpoint to list all trusted JWT Bearer Grant Type Issuers.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `opts` (keyword): Optional parameters
- `:MaxItems` (integer()):
- `:DefaultItems` (integer()):
- `:issuer` (String.t): If optional \"issuer\" is supplied, only jwt-bearer grants with this issuer will be returned.
### Returns
- `{:ok, [%TrustedOAuth2JwtGrantIssuer{}, ...]}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec list_trusted_o_auth2_jwt_grant_issuers(Tesla.Env.client, keyword()) :: {:ok, list(Ory.Model.TrustedOAuth2JwtGrantIssuer.t)} | {:ok, Ory.Model.GenericError.t} | {:error, Tesla.Env.t}
def list_trusted_o_auth2_jwt_grant_issuers(connection, opts \\ []) do
optional_params = %{
:MaxItems => :query,
:DefaultItems => :query,
:issuer => :query
}
request =
%{}
|> method(:get)
|> url("/admin/trust/grants/jwt-bearer/issuers")
|> add_optional_params(optional_params, opts)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, [%Ory.Model.TrustedOAuth2JwtGrantIssuer{}]},
{:default, %Ory.Model.GenericError{}}
])
end
@doc """
OAuth 2.0 Authorize Endpoint
Use open source libraries to perform OAuth 2.0 and OpenID Connect available for any programming language. You can find a list of libraries at https://oauth.net/code/ The Ory SDK is not yet able to this endpoint properly.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, Ory.Model.ErrorOAuth2.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec o_auth2_authorize(Tesla.Env.client, keyword()) :: {:ok, nil} | {:ok, Ory.Model.ErrorOAuth2.t} | {:error, Tesla.Env.t}
def o_auth2_authorize(connection, _opts \\ []) do
request =
%{}
|> method(:get)
|> url("/oauth2/auth")
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{302, false},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
The OAuth 2.0 Token Endpoint
Use open source libraries to perform OAuth 2.0 and OpenID Connect available for any programming language. You can find a list of libraries here https://oauth.net/code/ The Ory SDK is not yet able to this endpoint properly.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `grant_type` (String.t):
- `opts` (keyword): Optional parameters
- `:client_id` (String.t):
- `:code` (String.t):
- `:redirect_uri` (String.t):
- `:refresh_token` (String.t):
### Returns
- `{:ok, Ory.Model.OAuth2TokenExchange.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec oauth2_token_exchange(Tesla.Env.client, String.t, keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.OAuth2TokenExchange.t} | {:error, Tesla.Env.t}
def oauth2_token_exchange(connection, grant_type, opts \\ []) do
optional_params = %{
:client_id => :form,
:code => :form,
:redirect_uri => :form,
:refresh_token => :form
}
request =
%{}
|> method(:post)
|> url("/oauth2/token")
|> add_param(:form, :grant_type, grant_type)
|> add_optional_params(optional_params, opts)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.OAuth2TokenExchange{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Patch OAuth 2.0 Client
Patch an existing OAuth 2.0 Client using JSON Patch. If you pass `client_secret` the secret will be updated and returned via the API. This is the only time you will be able to retrieve the client secret, so write it down and keep it safe. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `id` (String.t): The id of the OAuth 2.0 Client.
- `json_patch` ([Ory.Model.JsonPatch.t]): OAuth 2.0 Client JSON Patch Body
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, Ory.Model.OAuth2Client.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec patch_o_auth2_client(Tesla.Env.client, String.t, list(Ory.Model.JsonPatch.t), keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.OAuth2Client.t} | {:error, Tesla.Env.t}
def patch_o_auth2_client(connection, id, json_patch, _opts \\ []) do
request =
%{}
|> method(:patch)
|> url("/admin/clients/#{id}")
|> add_param(:body, :body, json_patch)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.OAuth2Client{}},
{404, %Ory.Model.ErrorOAuth2{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Reject OAuth 2.0 Consent Request
When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider to authenticate the subject and then tell Ory now about it. If the subject authenticated, he/she must now be asked if the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the subject's behalf. The consent challenge is appended to the consent provider's URL to which the subject's user-agent (browser) is redirected to. The consent provider uses that challenge to fetch information on the OAuth2 request and then tells Ory if the subject accepted or rejected the request. This endpoint tells Ory that the subject has not authorized the OAuth 2.0 client to access resources on his/her behalf. The consent provider must include a reason why the consent was not granted. The response contains a redirect URL which the consent provider should redirect the user-agent to. The default consent provider is available via the Ory Managed Account Experience. To customize the consent provider, please head over to the OAuth 2.0 documentation.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `consent_challenge` (String.t): OAuth 2.0 Consent Request Challenge
- `opts` (keyword): Optional parameters
- `:body` (RejectOAuth2Request):
### Returns
- `{:ok, Ory.Model.OAuth2RedirectTo.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec reject_o_auth2_consent_request(Tesla.Env.client, String.t, keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.OAuth2RedirectTo.t} | {:error, Tesla.Env.t}
def reject_o_auth2_consent_request(connection, consent_challenge, opts \\ []) do
optional_params = %{
:body => :body
}
request =
%{}
|> method(:put)
|> url("/admin/oauth2/auth/requests/consent/reject")
|> add_param(:query, :consent_challenge, consent_challenge)
|> add_optional_params(optional_params, opts)
|> ensure_body()
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.OAuth2RedirectTo{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Reject OAuth 2.0 Login Request
When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider to authenticate the subject and then tell the Ory OAuth2 Service about it. The authentication challenge is appended to the login provider URL to which the subject's user-agent (browser) is redirected to. The login provider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process. This endpoint tells Ory that the subject has not authenticated and includes a reason why the authentication was denied. The response contains a redirect URL which the login provider should redirect the user-agent to.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `login_challenge` (String.t): OAuth 2.0 Login Request Challenge
- `opts` (keyword): Optional parameters
- `:body` (RejectOAuth2Request):
### Returns
- `{:ok, Ory.Model.OAuth2RedirectTo.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec reject_o_auth2_login_request(Tesla.Env.client, String.t, keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.OAuth2RedirectTo.t} | {:error, Tesla.Env.t}
def reject_o_auth2_login_request(connection, login_challenge, opts \\ []) do
optional_params = %{
:body => :body
}
request =
%{}
|> method(:put)
|> url("/admin/oauth2/auth/requests/login/reject")
|> add_param(:query, :login_challenge, login_challenge)
|> add_optional_params(optional_params, opts)
|> ensure_body()
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.OAuth2RedirectTo{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Reject OAuth 2.0 Session Logout Request
When a user or an application requests Ory OAuth 2.0 to remove the session state of a subject, this endpoint is used to deny that logout request. No HTTP request body is required. The response is empty as the logout provider has to chose what action to perform next.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `logout_challenge` (String.t):
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, nil}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec reject_o_auth2_logout_request(Tesla.Env.client, String.t, keyword()) :: {:ok, nil} | {:ok, Ory.Model.ErrorOAuth2.t} | {:error, Tesla.Env.t}
def reject_o_auth2_logout_request(connection, logout_challenge, _opts \\ []) do
request =
%{}
|> method(:put)
|> url("/admin/oauth2/auth/requests/logout/reject")
|> add_param(:query, :logout_challenge, logout_challenge)
|> ensure_body()
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{204, false},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Revoke OAuth 2.0 Consent Sessions of a Subject
This endpoint revokes a subject's granted consent sessions and invalidates all associated OAuth 2.0 Access Tokens. You may also only revoke sessions for a specific OAuth 2.0 Client ID.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `subject` (String.t): OAuth 2.0 Consent Subject The subject whose consent sessions should be deleted.
- `opts` (keyword): Optional parameters
- `:client` (String.t): OAuth 2.0 Client ID If set, deletes only those consent sessions that have been granted to the specified OAuth 2.0 Client ID.
- `:all` (boolean()): Revoke All Consent Sessions If set to `true` deletes all consent sessions by the Subject that have been granted.
### Returns
- `{:ok, nil}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec revoke_o_auth2_consent_sessions(Tesla.Env.client, String.t, keyword()) :: {:ok, nil} | {:ok, Ory.Model.ErrorOAuth2.t} | {:error, Tesla.Env.t}
def revoke_o_auth2_consent_sessions(connection, subject, opts \\ []) do
optional_params = %{
:client => :query,
:all => :query
}
request =
%{}
|> method(:delete)
|> url("/admin/oauth2/auth/sessions/consent")
|> add_param(:query, :subject, subject)
|> add_optional_params(optional_params, opts)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{204, false},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Revokes All OAuth 2.0 Login Sessions of a Subject
This endpoint invalidates a subject's authentication session. After revoking the authentication session, the subject has to re-authenticate at the Ory OAuth2 Provider. This endpoint does not invalidate any tokens and does not work with OpenID Connect Front- or Back-channel logout.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `subject` (String.t): OAuth 2.0 Subject The subject to revoke authentication sessions for.
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, nil}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec revoke_o_auth2_login_sessions(Tesla.Env.client, String.t, keyword()) :: {:ok, nil} | {:ok, Ory.Model.ErrorOAuth2.t} | {:error, Tesla.Env.t}
def revoke_o_auth2_login_sessions(connection, subject, _opts \\ []) do
request =
%{}
|> method(:delete)
|> url("/admin/oauth2/auth/sessions/login")
|> add_param(:query, :subject, subject)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{204, false},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Revoke OAuth 2.0 Access or Refresh Token
Revoking a token (both access and refresh) means that the tokens will be invalid. A revoked access token can no longer be used to make access requests, and a revoked refresh token can no longer be used to refresh an access token. Revoking a refresh token also invalidates the access token that was created with it. A token may only be revoked by the client the token was generated for.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `token` (String.t):
- `opts` (keyword): Optional parameters
- `:client_id` (String.t):
- `:client_secret` (String.t):
### Returns
- `{:ok, nil}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec revoke_o_auth2_token(Tesla.Env.client, String.t, keyword()) :: {:ok, nil} | {:ok, Ory.Model.ErrorOAuth2.t} | {:error, Tesla.Env.t}
def revoke_o_auth2_token(connection, token, opts \\ []) do
optional_params = %{
:client_id => :form,
:client_secret => :form
}
request =
%{}
|> method(:post)
|> url("/oauth2/revoke")
|> add_param(:form, :token, token)
|> add_optional_params(optional_params, opts)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, false},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Set OAuth 2.0 Client
Replaces an existing OAuth 2.0 Client with the payload you send. If you pass `client_secret` the secret is used, otherwise the existing secret is used. If set, the secret is echoed in the response. It is not possible to retrieve it later on. OAuth 2.0 Clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `id` (String.t): OAuth 2.0 Client ID
- `o_auth2_client` (OAuth2Client): OAuth 2.0 Client Request Body
- `opts` (keyword): Optional parameters
### Returns
- `{:ok, Ory.Model.OAuth2Client.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec set_o_auth2_client(Tesla.Env.client, String.t, Ory.Model.OAuth2Client.t, keyword()) :: {:ok, Ory.Model.ErrorOAuth2.t} | {:ok, Ory.Model.OAuth2Client.t} | {:error, Tesla.Env.t}
def set_o_auth2_client(connection, id, o_auth2_client, _opts \\ []) do
request =
%{}
|> method(:put)
|> url("/admin/clients/#{id}")
|> add_param(:body, :body, o_auth2_client)
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.OAuth2Client{}},
{400, %Ory.Model.ErrorOAuth2{}},
{404, %Ory.Model.ErrorOAuth2{}},
{:default, %Ory.Model.ErrorOAuth2{}}
])
end
@doc """
Set OAuth2 Client Token Lifespans
Set lifespans of different token types issued for this OAuth 2.0 client. Does not modify other fields.
### Parameters
- `connection` (Ory.Connection): Connection to server
- `id` (String.t): OAuth 2.0 Client ID
- `opts` (keyword): Optional parameters
- `:body` (OAuth2ClientTokenLifespans):
### Returns
- `{:ok, Ory.Model.OAuth2Client.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec set_o_auth2_client_lifespans(Tesla.Env.client, String.t, keyword()) :: {:ok, Ory.Model.GenericError.t} | {:ok, Ory.Model.OAuth2Client.t} | {:error, Tesla.Env.t}
def set_o_auth2_client_lifespans(connection, id, opts \\ []) do
optional_params = %{
:body => :body
}
request =
%{}
|> method(:put)
|> url("/admin/clients/#{id}/lifespans")
|> add_optional_params(optional_params, opts)
|> ensure_body()
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{200, %Ory.Model.OAuth2Client{}},
{:default, %Ory.Model.GenericError{}}
])
end
@doc """
Trust OAuth2 JWT Bearer Grant Type Issuer
Use this endpoint to establish a trust relationship for a JWT issuer to perform JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants [RFC7523](https://datatracker.ietf.org/doc/html/rfc7523).
### Parameters
- `connection` (Ory.Connection): Connection to server
- `opts` (keyword): Optional parameters
- `:body` (TrustOAuth2JwtGrantIssuer):
### Returns
- `{:ok, Ory.Model.TrustedOAuth2JwtGrantIssuer.t}` on success
- `{:error, Tesla.Env.t}` on failure
"""
@spec trust_o_auth2_jwt_grant_issuer(Tesla.Env.client, keyword()) :: {:ok, Ory.Model.TrustedOAuth2JwtGrantIssuer.t} | {:ok, Ory.Model.GenericError.t} | {:error, Tesla.Env.t}
def trust_o_auth2_jwt_grant_issuer(connection, opts \\ []) do
optional_params = %{
:body => :body
}
request =
%{}
|> method(:post)
|> url("/admin/trust/grants/jwt-bearer/issuers")
|> add_optional_params(optional_params, opts)
|> ensure_body()
|> Enum.into([])
connection
|> Connection.request(request)
|> evaluate_response([
{201, %Ory.Model.TrustedOAuth2JwtGrantIssuer{}},
{:default, %Ory.Model.GenericError{}}
])
end
end
