ory
diff --git a/‎.openapi-generator/FILES‎
Lines changed: 6 additions & 0 deletions b/‎.openapi-generator/FILES‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎docs/CustomerPortalAvailability.md‎
Lines changed: 31 additions & 0 deletions b/‎docs/CustomerPortalAvailability.md‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎docs/DeviceAuthnKey.md‎
Lines changed: 35 additions & 0 deletions b/‎docs/DeviceAuthnKey.md‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎docs/IdentityApi.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/IdentityApi.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/IdentityCredentials.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/IdentityCredentials.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/LoginFlow.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/LoginFlow.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/NormalizedProjectRevisionThirdPartyProvider.md‎
Lines changed: 2 additions & 0 deletions b/‎docs/NormalizedProjectRevisionThirdPartyProvider.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/ProjectApi.md‎
Lines changed: 1 addition & 0 deletions b/‎docs/ProjectApi.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/RegistrationFlow.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/RegistrationFlow.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/SessionAuthenticationMethod.md‎
Lines changed: 3 additions & 1 deletion b/‎docs/SessionAuthenticationMethod.md‎
Lines changed: 3 additions & 1 deletion
@@ -65,7 +65,9 @@ docs/CreateWorkspaceOrganizationBody.md
 docs/CreateWorkspaceSubscriptionBody.md
 docs/CredentialSupportedDraft00.md
 docs/CustomDomain.md
+docs/CustomerPortalAvailability.md
 docs/DeleteMySessionsCount.md
+docs/DeviceAuthnKey.md
 docs/DeviceAuthorization.md
 docs/DeviceUserAuthRequest.md
 docs/EmailTemplateData.md
@@ -410,7 +412,9 @@ ory_client/models/create_workspace_organization_body.py
 ory_client/models/create_workspace_subscription_body.py
 ory_client/models/credential_supported_draft00.py
 ory_client/models/custom_domain.py
+ory_client/models/customer_portal_availability.py
 ory_client/models/delete_my_sessions_count.py
+ory_client/models/device_authn_key.py
 ory_client/models/device_authorization.py
 ory_client/models/device_user_auth_request.py
 ory_client/models/email_template_data.py
@@ -731,7 +735,9 @@ test/test_create_workspace_organization_body.py
 test/test_create_workspace_subscription_body.py
 test/test_credential_supported_draft00.py
 test/test_custom_domain.py
+test/test_customer_portal_availability.py
 test/test_delete_my_sessions_count.py
+test/test_device_authn_key.py
 test/test_device_authorization.py
 test/test_device_user_auth_request.py
 test/test_email_template_data.py
 
@@ -0,0 +1,31 @@
+# CustomerPortalAvailability
+
+CustomerPortalAvailability describes whether the Stripe customer portal is available for the logged-in user (or a workspace they access).
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**available** | **bool** | Whether the customer portal is available. | 
+**reason** | **str** | Optional reason why the portal is unavailable. Populated only when &#x60;available&#x60; is false. For debugging and support purposes — frontend consumers should not parse or depend on specific values. no_stripe_customer CustomerPortalReasonNoStripeCustomer no_subscription CustomerPortalReasonNoSubscription | [optional] 
+
+## Example
+
+```python
+from ory_client.models.customer_portal_availability import CustomerPortalAvailability
+
+# TODO update the JSON string below
+json = "{}"
+# create an instance of CustomerPortalAvailability from a JSON string
+customer_portal_availability_instance = CustomerPortalAvailability.from_json(json)
+# print the JSON string representation of the object
+print(CustomerPortalAvailability.to_json())
+
+# convert the object into a dict
+customer_portal_availability_dict = customer_portal_availability_instance.to_dict()
+# create an instance of CustomerPortalAvailability from a dict
+customer_portal_availability_from_dict = CustomerPortalAvailability.from_dict(customer_portal_availability_dict)
+```
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
@@ -0,0 +1,35 @@
+# DeviceAuthnKey
+
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**client_key_id** | **str** | ClientKeyID is a client-chosen id for the key and is unique per identity. | [optional] 
+**created_at** | **datetime** | CreatedAt is the timestamp of when the key was created. Only used for troubleshooting/UI. | [optional] 
+**device_name** | **str** | DeviceName is a human readable name for the device, helping the user to distinguish it from others. | [optional] 
+**device_type** | **str** |  | [optional] 
+**public_key** | **List[int]** | PublicKey is an EC (in v1) public key, used to verify signatures, stored as uncompressed bytes. The private key resides inside the device and does not exist on the server. | [optional] 
+**state** | **str** |  | [optional] 
+**version** | **int** | v1 uses SHA256 + EC256. v2 (in the future) may use ML-DSA which is post-quantum resistant. This requires Android/iOS support so we have to wait. We intentionally avoid storing the cryptographic algorithm here a la JWT/TLS to avoid security issues and algorithm negotiation. | [optional] 
+
+## Example
+
+```python
+from ory_client.models.device_authn_key import DeviceAuthnKey
+
+# TODO update the JSON string below
+json = "{}"
+# create an instance of DeviceAuthnKey from a JSON string
+device_authn_key_instance = DeviceAuthnKey.from_json(json)
+# print the JSON string representation of the object
+print(DeviceAuthnKey.to_json())
+
+# convert the object into a dict
+device_authn_key_dict = device_authn_key_instance.to_dict()
+# create an instance of DeviceAuthnKey from a dict
+device_authn_key_from_dict = DeviceAuthnKey.from_dict(device_authn_key_dict)
+```
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
@@ -496,7 +496,7 @@ with ory_client.ApiClient(configuration) as api_client:
     # Create an instance of the API class
     api_instance = ory_client.IdentityApi(api_client)
     id = 'id_example' # str | ID is the identity's ID.
-    type = 'type_example' # str | Type is the type of credentials to delete. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode
+    type = 'type_example' # str | Type is the type of credentials to delete. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode
     identifier = 'identifier_example' # str | Identifier is the identifier of the OIDC/SAML credential to delete. Find the identifier by calling the `GET /admin/identities/{id}?include_credential={oidc,saml}` endpoint. (optional)
 
     try:
@@ -514,7 +514,7 @@ with ory_client.ApiClient(configuration) as api_client:
 Name | Type | Description  | Notes
 ------------- | ------------- | ------------- | -------------
  **id** | **str**| ID is the identity&#39;s ID. | 
- **type** | **str**| Type is the type of credentials to delete. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | 
+ **type** | **str**| Type is the type of credentials to delete. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | 
  **identifier** | **str**| Identifier is the identifier of the OIDC/SAML credential to delete. Find the identifier by calling the &#x60;GET /admin/identities/{id}?include_credential&#x3D;{oidc,saml}&#x60; endpoint. | [optional] 
 
 ### Return type
 
@@ -9,7 +9,7 @@ Name | Type | Description | Notes
 **config** | **object** |  | [optional] 
 **created_at** | **datetime** | CreatedAt is a helper struct field for gobuffalo.pop. | [optional] 
 **identifiers** | **List[str]** | Identifiers represent a list of unique identifiers this credential type matches. | [optional] 
-**type** | **str** | Type discriminates between different types of credentials. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | [optional] 
+**type** | **str** | Type discriminates between different types of credentials. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | [optional] 
 **updated_at** | **datetime** | UpdatedAt is a helper struct field for gobuffalo.pop. | [optional] 
 **version** | **int** | Version refers to the version of the credential. Useful when changing the config schema. | [optional] 
 
 
@@ -6,7 +6,7 @@ This object represents a login flow. A login flow is initiated at the \"Initiate
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**active** | **str** | The active login method  If set contains the login method used. If the flow is new, it is unset. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | [optional] 
+**active** | **str** | The active login method  If set contains the login method used. If the flow is new, it is unset. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | [optional] 
 **created_at** | **datetime** | CreatedAt is a helper struct field for gobuffalo.pop. | [optional] 
 **expires_at** | **datetime** | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated. | 
 **id** | **str** | ID represents the flow&#39;s unique ID. When performing the login flow, this represents the id in the login UI&#39;s query parameter: http://&lt;selfservice.flows.login.ui_url&gt;/?flow&#x3D;&lt;flow_id&gt; | 
 
@@ -5,6 +5,8 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
+**aal2_acr_values** | **List[str]** | AAL2ACRValues lists upstream OIDC &#x60;acr&#x60; claim values that should elevate the resulting Kratos session to AAL2. Empty means the upstream &#x60;acr&#x60; claim is ignored when deciding session AAL. | [optional] 
+**aal2_amr_values** | **List[str]** | AAL2AMRValues lists upstream OIDC &#x60;amr&#x60; claim values that should elevate the resulting Kratos session to AAL2 when any of them appears in the upstream &#x60;amr&#x60; array. Empty means the upstream &#x60;amr&#x60; claim is ignored when deciding session AAL. | [optional] 
 **account_linking_mode** | **str** | AccountLinkingMode controls how account conflicts are resolved for this provider.  Possible values are &#x60;confirm_with_existing_credential&#x60; (default) and &#x60;automatic&#x60;. &#x60;automatic&#x60; silently links accounts when the provider verifies email ownership. Only supported for &#x60;apple&#x60; and &#x60;google&#x60; providers. automatic AccountLinkingModeAutomatic  AccountLinkingModeAutomatic silently links accounts if the provider verifies email ownership. confirm_with_existing_credential AccountLinkingModeConfirmWithExistingCredential  AccountLinkingModeConfirmWithExistingCredential requires the user to confirm the account linking by providing an existing credential. | [optional] 
 **additional_id_token_audiences** | **List[str]** | AdditionalIDTokenAudiences is a list of additional audiences allowed in the ID Token.  This is only relevant in OIDC flows that submit an IDToken instead of using the callback from the OIDC provider. | [optional] 
 **apple_private_key** | **str** |  | [optional] 
 
@@ -274,6 +274,7 @@ Name | Type | Description  | Notes
 | Status code | Description | Response headers |
 |-------------|-------------|------------------|
 **201** | project |  -  |
+**400** | errorGeneric |  -  |
 **401** | errorGeneric |  -  |
 **403** | errorGeneric |  -  |
 **404** | errorGeneric |  -  |
 
@@ -5,7 +5,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**active** | **str** | Active, if set, contains the registration method that is being used. It is initially not set. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | [optional] 
+**active** | **str** | Active, if set, contains the registration method that is being used. It is initially not set. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | [optional] 
 **expires_at** | **datetime** | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated. | 
 **id** | **str** | ID represents the flow&#39;s unique ID. When performing the registration flow, this represents the id in the registration ui&#39;s query parameter: http://&lt;selfservice.flows.registration.ui_url&gt;/?flow&#x3D;&lt;id&gt; | 
 **identity_schema** | **str** | IdentitySchema optionally holds the ID of the identity schema that is used for this flow. This value can be set by the user when creating the flow and should be retained when the flow is saved or converted to another flow. | [optional] 
 
@@ -8,9 +8,11 @@ Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **aal** | [**AuthenticatorAssuranceLevel**](AuthenticatorAssuranceLevel.md) |  | [optional] 
 **completed_at** | **datetime** | When the authentication challenge was completed. | [optional] 
-**method** | **str** | The method used in this authenticator. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | [optional] 
+**method** | **str** | The method used in this authenticator. password CredentialsTypePassword oidc CredentialsTypeOIDC totp CredentialsTypeTOTP lookup_secret CredentialsTypeLookup webauthn CredentialsTypeWebAuthn code CredentialsTypeCodeAuth passkey CredentialsTypePasskey profile CredentialsTypeProfile saml CredentialsTypeSAML deviceauthn CredentialsTypeDeviceAuthn link_recovery CredentialsTypeRecoveryLink  CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).  It is not used within the credentials object itself. code_recovery CredentialsTypeRecoveryCode | [optional] 
 **organization** | **str** | The Organization id used for authentication | [optional] 
 **provider** | **str** | OIDC or SAML provider id used for authentication | [optional] 
+**upstream_acr** | **str** | UpstreamACR is the &#x60;acr&#x60; claim reported by the upstream OIDC provider, if any. Populated only for OIDC login methods when the upstream ID token contained an &#x60;acr&#x60; claim. | [optional] 
+**upstream_amr** | **List[str]** | UpstreamAMR is the &#x60;amr&#x60; claim reported by the upstream OIDC provider, if any. Populated only for OIDC login methods when the upstream ID token contained an &#x60;amr&#x60; claim. | [optional] 
 
 ## Example