models

type AcceptCDRConsentRequest struct {

	// List of account identifiers. For example, it can refer to user bank accounts. User grants
	// access to these accounts on the consent page.
	// Pass account identifiers to SecureAuth in the encrypted form.
	AccountIds []string `json:"account_ids" yaml:"account_ids"`

	// The customer identifier of a user.
	// `customer_id` can be provided by the login page and optionally overridden by the consent page.
	// Example: joe-1
	CustomerID string `json:"customer_id,omitempty" yaml:"customer_id,omitempty"`

	// granted scopes
	GrantedScopes GrantedScopes `json:"granted_scopes,omitempty" yaml:"granted_scopes,omitempty"`

	// A string of characters randomly generated by SecureAuth to mitigate cross-site request forgery (CSRF) attacks.
	// SecureAuth passes this value with the `login_state` query parameter when redirecting a user to the consent page.
	// Example: cauq8fonbud6q8806bf0
	LoginState string `json:"login_state,omitempty" yaml:"login_state,omitempty"`
}

type AffiliationDescriptor struct {

	// affiliate members
	AffiliateMembers []string `json:"AffiliateMembers" yaml:"AffiliateMembers"`

	// affiliation owner ID
	AffiliationOwnerID string `json:"AffiliationOwnerID,omitempty" yaml:"AffiliationOwnerID,omitempty"`

	// cache duration
	CacheDuration Duration `json:"CacheDuration,omitempty" yaml:"CacheDuration,omitempty"`

	// ID
	ID string `json:"ID,omitempty" yaml:"ID,omitempty"`

	// key descriptors
	KeyDescriptors []*KeyDescriptor `json:"KeyDescriptors" yaml:"KeyDescriptors"`

	// signature
	Signature *Element `json:"Signature,omitempty" yaml:"Signature,omitempty"`

	// valid until
	// Format: date-time
	ValidUntil strfmt.DateTime `json:"ValidUntil,omitempty" yaml:"ValidUntil,omitempty"`
}

type AgentCapability string

type Attr struct {

	// space
	Space string `json:"Space,omitempty" yaml:"Space,omitempty"`

	// value
	Value string `json:"Value,omitempty" yaml:"Value,omitempty"`
}

type Attribute struct {

	// friendly name
	FriendlyName string `json:"FriendlyName,omitempty" yaml:"FriendlyName,omitempty"`

	// name
	Name string `json:"Name,omitempty" yaml:"Name,omitempty"`

	// name format
	NameFormat string `json:"NameFormat,omitempty" yaml:"NameFormat,omitempty"`

	// values
	Values []*AttributeValue `json:"Values" yaml:"Values"`
}

type AttributeAuthorityDescriptor struct {

	// assertion ID request services
	AssertionIDRequestServices []*Endpoint `json:"AssertionIDRequestServices" yaml:"AssertionIDRequestServices"`

	// attribute profiles
	AttributeProfiles []string `json:"AttributeProfiles" yaml:"AttributeProfiles"`

	// attribute services
	AttributeServices []*Endpoint `json:"AttributeServices" yaml:"AttributeServices"`

	// attributes
	Attributes []*Attribute `json:"Attributes" yaml:"Attributes"`

	// cache duration
	CacheDuration Duration `json:"CacheDuration,omitempty" yaml:"CacheDuration,omitempty"`

	// contact people
	ContactPeople []*ContactPerson `json:"ContactPeople" yaml:"ContactPeople"`

	// error URL
	ErrorURL string `json:"ErrorURL,omitempty" yaml:"ErrorURL,omitempty"`

	// ID
	ID string `json:"ID,omitempty" yaml:"ID,omitempty"`

	// key descriptors
	KeyDescriptors []*KeyDescriptor `json:"KeyDescriptors" yaml:"KeyDescriptors"`

	// name ID formats
	NameIDFormats []NameIDFormat `json:"NameIDFormats" yaml:"NameIDFormats"`

	// organization
	Organization *Organization `json:"Organization,omitempty" yaml:"Organization,omitempty"`

	// protocol support enumeration
	ProtocolSupportEnumeration string `json:"ProtocolSupportEnumeration,omitempty" yaml:"ProtocolSupportEnumeration,omitempty"`

	// signature
	Signature *Element `json:"Signature,omitempty" yaml:"Signature,omitempty"`

	// valid until
	// Format: date-time
	ValidUntil strfmt.DateTime `json:"ValidUntil,omitempty" yaml:"ValidUntil,omitempty"`
}

type AttributeConsumingService struct {

	// index
	Index int64 `json:"Index,omitempty" yaml:"Index,omitempty"`

	// is default
	IsDefault bool `json:"IsDefault,omitempty" yaml:"IsDefault,omitempty"`

	// requested attributes
	RequestedAttributes []*RequestedAttribute `json:"RequestedAttributes" yaml:"RequestedAttributes"`

	// service descriptions
	ServiceDescriptions []*LocalizedName `json:"ServiceDescriptions" yaml:"ServiceDescriptions"`

	// service names
	ServiceNames []*LocalizedName `json:"ServiceNames" yaml:"ServiceNames"`
}

type AttributeValue struct {

	// name ID
	NameID *NameID `json:"NameID,omitempty" yaml:"NameID,omitempty"`

	// type
	Type string `json:"Type,omitempty" yaml:"Type,omitempty"`

	// value
	Value string `json:"Value,omitempty" yaml:"Value,omitempty"`
}

type AuthenticationContext map[string]interface{}

type AuthnAuthorityDescriptor struct {

	// assertion ID request services
	AssertionIDRequestServices []*Endpoint `json:"AssertionIDRequestServices" yaml:"AssertionIDRequestServices"`

	// authn query services
	AuthnQueryServices []*Endpoint `json:"AuthnQueryServices" yaml:"AuthnQueryServices"`

	// cache duration
	CacheDuration Duration `json:"CacheDuration,omitempty" yaml:"CacheDuration,omitempty"`

	// contact people
	ContactPeople []*ContactPerson `json:"ContactPeople" yaml:"ContactPeople"`

	// error URL
	ErrorURL string `json:"ErrorURL,omitempty" yaml:"ErrorURL,omitempty"`

	// ID
	ID string `json:"ID,omitempty" yaml:"ID,omitempty"`

	// key descriptors
	KeyDescriptors []*KeyDescriptor `json:"KeyDescriptors" yaml:"KeyDescriptors"`

	// name ID formats
	NameIDFormats []NameIDFormat `json:"NameIDFormats" yaml:"NameIDFormats"`

	// organization
	Organization *Organization `json:"Organization,omitempty" yaml:"Organization,omitempty"`

	// protocol support enumeration
	ProtocolSupportEnumeration string `json:"ProtocolSupportEnumeration,omitempty" yaml:"ProtocolSupportEnumeration,omitempty"`

	// signature
	Signature *Element `json:"Signature,omitempty" yaml:"Signature,omitempty"`

	// valid until
	// Format: date-time
	ValidUntil strfmt.DateTime `json:"ValidUntil,omitempty" yaml:"ValidUntil,omitempty"`
}

type AuthorizationDetailType string

type CDRAdminRequestMetaDataUpdate struct {

	// data
	// Required: true
	Data *CDRAdminRequestMetaDataUpdateData `json:"data" yaml:"data"`

	// meta
	Meta interface{} `json:"meta,omitempty" yaml:"meta,omitempty"`
}

type CDRAdminRequestMetaDataUpdateData struct {

	// The action to take for the meta data. At the moment the only option is REFRESH which requires the data holder to call the ACCC to refresh meta data as soon as practicable
	// Example: REFRESH
	// Required: true
	Action string `json:"action" yaml:"action"`
}

type CDRArrangement struct {

	// List of accounts.
	//
	// It can refer to user's bank accounts that can be accessed by your client application in order to provide consumer
	// services.
	AccountIds []string `json:"account_ids" yaml:"account_ids"`

	// amending arrangement id
	AmendingArrangementID CDRArrangementID `json:"amending_arrangement_id,omitempty" yaml:"amending_arrangement_id,omitempty"`

	// Workspace identifier
	// Example: server
	AuthorizationServerID string `json:"authorization_server_id,omitempty" yaml:"authorization_server_id,omitempty"`

	// cdr arrangement id
	CdrArrangementID CDRArrangementID `json:"cdr_arrangement_id,omitempty" yaml:"cdr_arrangement_id,omitempty"`

	// cdr arrangement metadata
	CdrArrangementMetadata *CDRArrangementMetadata `json:"cdr_arrangement_metadata,omitempty" yaml:"cdr_arrangement_metadata,omitempty"`

	// Client application identifier
	// Example: bugkgm23g9kregtu051g
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// Arrangement creation date
	// Example: 2022-07-01T08:52:27.127932Z
	// Format: date-time
	CreatedAt strfmt.DateTime `json:"created_at,omitempty" yaml:"created_at,omitempty"`

	// customer id
	CustomerID CDRCustomerID `json:"customer_id,omitempty" yaml:"customer_id,omitempty"`

	// Arrangement expiration date
	// Example: 2023-03-01T09:02:27.127932Z
	// Format: date-time
	Expiry strfmt.DateTime `json:"expiry,omitempty" yaml:"expiry,omitempty"`

	// The detailed list of scopes voluntarily granted by the user for the client application to access user data.
	ScopeGrants []*ScopeGrant `json:"scope_grants" yaml:"scope_grants"`

	// The rule on how a user shares their data: reuse with a token or without it, or the user allows one-time access.
	// Example: one_time
	// Enum: ["one_time","one_time_with_refresh_token","reusable"]
	SharingType string `json:"sharing_type,omitempty" yaml:"sharing_type,omitempty"`

	// Arrangement version.
	// Currently, the version parameter is not used.
	// Example: v1
	// Enum: ["v1"]
	SpecVersion string `json:"spec_version,omitempty" yaml:"spec_version,omitempty"`

	// status
	Status ConsentStatus `json:"status,omitempty" yaml:"status,omitempty"`

	// Subject identifies an authenticated user.
	// Depending on the workspace configuration, the value can be hashed.
	// Example: 377eb000a87a471291b5a9869930a2422c670b7b6a06f74143eb74a01ed2fbe1
	Subject string `json:"subject,omitempty" yaml:"subject,omitempty"`

	// Tenant identifier
	// Example: my-company
	TenantID string `json:"tenant_id,omitempty" yaml:"tenant_id,omitempty"`

	// Arrangement last update date
	// Example: 2022-10-01T08:52:27.127932Z
	// Format: date-time
	UpdatedAt strfmt.DateTime `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`
}

type CDRArrangementID string

type CDRArrangementMetadata struct {

	// personal details
	PersonalDetails *PersonalDetails `json:"personal_details,omitempty" yaml:"personal_details,omitempty"`

	// revocation channel
	RevocationChannel RevocationChannel `json:"revocation_channel,omitempty" yaml:"revocation_channel,omitempty"`

	// revocation reason
	RevocationReason RevocationReason `json:"revocation_reason,omitempty" yaml:"revocation_reason,omitempty"`
}

type CDRArrangements struct {

	// arrangements
	Arrangements []*CDRArrangement `json:"arrangements" yaml:"arrangements"`
}

type CDRConsentsRequest struct {

	// List of accounts.
	//
	// It can refer to user bank accounts the client application is allowed to access.
	Accounts []string `json:"accounts" yaml:"accounts"`

	// A consent identifier.
	//
	// Use it to navigate through the request pagination when the number of consents is greater than
	// the `limit` set for results in the response.
	//
	// With `after_consent_id`, the list you obtain starts from the subsequent consent after the specified one. Also,
	// the response depends on the `sort` and `order` parameters, if any are passed.
	AfterConsentID string `json:"after_consent_id,omitempty" yaml:"after_consent_id,omitempty"`

	// A consent identifier.
	//
	// Use it to navigate through the request pagination when the number of consents is greater than
	// the limit set for results in the response.
	//
	// With `before_consent_id`, the list you obtain comprises consents up to the specified one. The specified consent
	// isn't included. Also, the response depends on the `sort` and `order` parameters, if any are passed.
	BeforeConsentID string `json:"before_consent_id,omitempty" yaml:"before_consent_id,omitempty"`

	// A client identifier.
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// Customer identifier. It represents an organization. The customer identifier can cover several
	// user identifiers as organization members.
	//
	// When you pass a `customer_id` with your request, the response contains results related to the specified
	// organization, including the allowed information about its users and their arrangements.
	CustomerID string `json:"customer_id,omitempty" yaml:"customer_id,omitempty"`

	// Limit the number of results returned in the response.
	// Maximum: 100
	// Minimum: 1
	Limit int64 `json:"limit,omitempty" yaml:"limit,omitempty"`

	// Input: `acs` or `desc`.
	//
	// Set the order of results returned in the response.
	Order string `json:"order,omitempty" yaml:"order,omitempty"`

	// Sort results returned in the response.
	Sort string `json:"sort,omitempty" yaml:"sort,omitempty"`

	// List of the consent statuses.
	Status []string `json:"status" yaml:"status"`

	// Consent types.
	//
	// in:query
	Types []string `json:"types" yaml:"types"`

	// User identifier. It represents an end-user.
	//
	// When you pass a `user_id` with your request, the endpoint returns the details relating to the specified user.
	UserID string `json:"user_id,omitempty" yaml:"user_id,omitempty"`
}

type CDRCustomerID string

type CDRDynamicClientRegistrationRequest struct {

	// agent capability
	AgentCapability AgentCapability `json:"agent_capability,omitempty" yaml:"agent_capability,omitempty"`

	// Application URL
	AppURL string `json:"app_url,omitempty" yaml:"app_url,omitempty"`

	// Application purpose
	// Example: signle_page
	// Enum: ["single_page","server_web","mobile_desktop","service","legacy","custom","saml","ai_agent"]
	ApplicationPurpose string `json:"application_purpose,omitempty" yaml:"application_purpose,omitempty"`

	// The client application type.
	//
	// Client applications can be either of a `web` or `native` types.
	//
	// Web applications include clients like server web applications or service apps.
	//
	// Native applications include single-page applications (SPAs) and mobile or desktop
	// applications.
	//
	// Apply security measures according to the type of your application.
	// Example: web
	ApplicationType string `json:"application_type,omitempty" yaml:"application_type,omitempty"`

	// An array of dynamically calculated application types that can be used for filtering
	// Example: ["single_page","server_web","mobile_desktop","service","legacy","dcr"]
	// Read Only: true
	ApplicationTypes []string `json:"application_types" yaml:"application_types"`

	// The audience for the request. This should be the unique identifier
	// for the ASPSP issued by the issuer of the software statement.
	// An ASPSP processing the software statement may validate the value
	// of the claim and reject software statements for which the ASPSP
	// is not the audience.The value must be a Base62 encoded GUID.
	// Pattern: ^[0-9a-zA-Z]{1,18}$
	Aud string `json:"aud,omitempty" yaml:"aud,omitempty"`

	// Identity of the intended recipients (the audience).
	//
	// Typically, the audience is a single resource server or a list of resource servers.
	//
	// It is considered a good practice to limit the audience of the token for security purposes.
	Audience []string `json:"audience" yaml:"audience"`

	// Authorization details types
	//
	// Indicates what authorization details types the client can use.
	AuthorizationDetailsTypes []AuthorizationDetailType `json:"authorization_details_types" yaml:"authorization_details_types"`

	// Algorithm used for encrypting authorization responses.
	//
	// If both signing and encryption are requested, the response is first signed, and then encrypted.
	// As a result, a Nested JWT is obtained, as defined in JWT [RFC7519].
	//
	// If omitted, no encryption is applied by default.
	// Example: RSA-OAEP-256
	// Enum: ["RSA-OAEP","RSA-OAEP-256"]
	AuthorizationEncryptedResponseAlg string `json:"authorization_encrypted_response_alg,omitempty" yaml:"authorization_encrypted_response_alg,omitempty"`

	// Algorithm used for encrypting authorization responses.
	//
	// With `authorization_encrypted_response_alg` specified, the default value is `A128CBC-HS256`.
	// When `authorization_encrypted_response_enc` is included, `authorization_encrypted_response_alg`
	// MUST also be provided in a request.
	// Example: A128CBC-HS256
	// Enum: ["A256GCM","A128CBC-HS256"]
	AuthorizationEncryptedResponseEnc string `json:"authorization_encrypted_response_enc,omitempty" yaml:"authorization_encrypted_response_enc,omitempty"`

	// Algorithm used for signing authorization responses.
	//
	// With this parameter specified, the response is signed using JWS and according to the configured algorithm.
	//
	// `none` isn't allowed.
	// Example: RS256
	AuthorizationSignedResponseAlg string `json:"authorization_signed_response_alg,omitempty" yaml:"authorization_signed_response_alg,omitempty"`

	// OPTIONAL. The JWS alg algorithm value used by the client application to sign authentication requests.
	//
	// When omitted, the client application doesn't send signed authentication requests.
	BackchannelAuthenticationRequestSigningAlg string `` /* 127-byte string literal not displayed */

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type, and the token
	// delivery mode is set to `ping` or `push`.
	//
	// This parameter is the endpoint where an OP (OpenID Provider) posts a notification after end-user authentication.
	//
	// Input: an HTTPS URL.
	BackchannelClientNotificationEndpoint string `json:"backchannel_client_notification_endpoint,omitempty" yaml:"backchannel_client_notification_endpoint,omitempty"`

	// Boolean value specifying whether the RP requires that a sid (session ID) claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used.
	BackchannelLogoutSessionRequired bool `json:"backchannel_logout_session_required,omitempty" yaml:"backchannel_logout_session_required,omitempty"`

	// RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
	BackchannelLogoutURI string `json:"backchannel_logout_uri,omitempty" yaml:"backchannel_logout_uri,omitempty"`

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type.
	//
	// Input: `poll`, `ping`, or `push`.
	BackchannelTokenDeliveryMode string `json:"backchannel_token_delivery_mode,omitempty" yaml:"backchannel_token_delivery_mode,omitempty"`

	// OPTIONAL. A boolean value indicating the `user_code` parameter support by the client application.
	//
	// If omitted, the default value is `false`.
	//
	// This applies only when the `backchannel_user_code_parameter_supported` OP parameter is `true`.
	BackchannelUserCodeParameter bool `json:"backchannel_user_code_parameter,omitempty" yaml:"backchannel_user_code_parameter,omitempty"`

	// Base64 encoded certicate in PEM format that will be automatically converted and stored in jwks
	//
	// It is used only as an input parameter for the Create / Import Client.
	Certificate string `json:"certificate,omitempty" yaml:"certificate,omitempty"`

	// The client identifier time of issue.
	//
	// The value is the number of seconds between 1970-01-01T00:00:00Z (UTC) and the date/time of issue.
	ClientIDIssuedAt int64 `json:"client_id_issued_at,omitempty" yaml:"client_id_issued_at,omitempty"`

	// Human-readable name of a client application.
	// Example: My app
	ClientName string `json:"client_name,omitempty" yaml:"client_name,omitempty"`

	// The client secret expiration time.
	//
	// If the client secret does not expire, `client_secret_expires_at` = `0`.
	ClientSecretExpiresAt int64 `json:"client_secret_expires_at,omitempty" yaml:"client_secret_expires_at,omitempty"`

	// URI of a client application.
	ClientURI string `json:"client_uri,omitempty" yaml:"client_uri,omitempty"`

	// Date when the client application was created.
	// Example: 2022-04-07T19:17:31.323187Z
	// Format: date-time
	CreatedAt strfmt.DateTime `json:"created_at,omitempty" yaml:"created_at,omitempty"`

	// default ACR values
	// list of ACR values that will be implicitly requested for the client if not explicitly specified
	DefaultAcrValues []string `json:"default_acr_values" yaml:"default_acr_values"`

	// Description of the client application.
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// Boolean value specifying whether the client always uses DPoP for token requests
	// If true, the authorization server will reject token requests from this client that do not contain the DPoP header.
	DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens,omitempty" yaml:"dpop_bound_access_tokens,omitempty"`

	// The time at which the request expires expressed as seconds since
	// the epoch. An ASPSP processing the request must reject requests
	// where the current time is greater than the time specified in the claim.
	Exp int64 `json:"exp,omitempty" yaml:"exp,omitempty"`

	// An array of allowed OAuth client grant types.
	//
	// The `grantTypes` array stores OAuth flows that are allowed for a given client application.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-grant-types/grant-types-overview/) about grant types.
	// Example: ["password","refresh_token","client_credentials","implicit","authorization_code"]
	GrantTypes []string `json:"grant_types" yaml:"grant_types"`

	// The time at which the request was issued by the TPP expressed
	// as "seconds since the epoch"
	Iat int64 `json:"iat,omitempty" yaml:"iat,omitempty"`

	// JWE alg algorithm for encrypting the ID token issued to this client application.
	// Enum: ["RSA-OAEP","RSA-OAEP-256"]
	IDTokenEncryptedResponseAlg string `json:"id_token_encrypted_response_alg,omitempty" yaml:"id_token_encrypted_response_alg,omitempty"`

	// JWE enc algorithm for encrypting the ID token issued to this client application.
	// Enum: ["A256GCM","A128CBC-HS256"]
	IDTokenEncryptedResponseEnc string `json:"id_token_encrypted_response_enc,omitempty" yaml:"id_token_encrypted_response_enc,omitempty"`

	// Algorithm for signing ID tokens issued for a client application.
	//
	// The default value depends on authorization server configuration.
	// Example: ES256
	// Enum: ["RS256","ES256","PS256"]
	IDTokenSignedResponseAlg string `json:"id_token_signed_response_alg,omitempty" yaml:"id_token_signed_response_alg,omitempty"`

	// An introspection endpoint authentication method configured for the client application (read-only).
	//
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// SecureAuth supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: ["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt","self_signed_tls_client_auth","tls_client_auth","none"]
	IntrospectionEndpointAuthMethod string `json:"introspection_endpoint_auth_method,omitempty" yaml:"introspection_endpoint_auth_method,omitempty"`

	// Identifier for the TPP. This value must be unique for each TPP
	// registered by the issuer of the SSA.The value must be a Base62
	// encoded GUID. For SSAs issued by the OB Directory,
	// this must be the software_id.
	// Pattern: ^[0-9a-zA-Z]{1,22}$
	Iss string `json:"iss,omitempty" yaml:"iss,omitempty"`

	// A unique identifier for the JWT. The value must be a UUIDv4 GUID.
	// Pattern: ^[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$
	Jti string `json:"jti,omitempty" yaml:"jti,omitempty"`

	// jwks
	Jwks *ClientJWKs `json:"jwks,omitempty" yaml:"jwks,omitempty"`

	// A URL of JSON Web Key Set with the public keys used by a client application to authenticate to SecureAuth.
	JwksURI string `json:"jwks_uri,omitempty" yaml:"jwks_uri,omitempty"`

	// Logo URI.
	LogoURI string `json:"logo_uri,omitempty" yaml:"logo_uri,omitempty"`

	// External organization identifier. It is a unique string assigned by the CDR Register to identify an Accredited
	// Data Recipient Brand.
	//
	// The value obtained is used as the `aud` claim for message signing, for example, when a JSON Web Token (JWT) is
	// required for authorization, and represents the audience(s) the JWT is intended for.
	// Example: 5647fe90-f6bc-11eb-9a03-0242ac130003
	OrganisationID string `json:"organisation_id,omitempty" yaml:"organisation_id,omitempty"`

	// Policy URL to read about how the profile data is used.
	PolicyURI string `json:"policy_uri,omitempty" yaml:"policy_uri,omitempty"`

	// Array of URLs to which a relying party may request that the user be redirected after a logout has been performed.
	PostLogoutRedirectUris []string `json:"post_logout_redirect_uris" yaml:"post_logout_redirect_uris"`

	// privacy
	Privacy *ClientPrivacy `json:"privacy,omitempty" yaml:"privacy,omitempty"`

	// redirect uris
	RedirectUris RedirectURIs `json:"redirect_uris,omitempty" yaml:"redirect_uris,omitempty"`

	// Optional JWE alg algorithm the client is declaring that it may use for encrypting Request Objects
	// Example: RSA-OAEP
	// Enum: ["RSA-OAEP","RSA-OAEP-256"]
	RequestObjectEncryptionAlg string `json:"request_object_encryption_alg,omitempty" yaml:"request_object_encryption_alg,omitempty"`

	// Optional JWE enc algorithm the client is declaring that it may use for encrypting Request Objects
	// When `request_object_encryption_enc` is included, `request_object_encryption_alg` MUST also be provided.
	// Example: A256GCM
	// Enum: ["A256GCM","A128CBC-HS256"]
	RequestObjectEncryptionEnc string `json:"request_object_encryption_enc,omitempty" yaml:"request_object_encryption_enc,omitempty"`

	// Request object signing algorithm for the token endpoint
	//
	// SecureAuth supports signing tokens with the RS256, ES256, and PS256 algorithms. If you do not want
	// to use a signing algorithm, set the value of this parameter to `none`.
	// Example: none
	// Enum: ["any","none","RS256","ES256","PS256"]
	RequestObjectSigningAlg string `json:"request_object_signing_alg,omitempty" yaml:"request_object_signing_alg,omitempty"`

	// Array of absolute URIs that points to the Request Object that holds authorization request parameters.
	RequestUris []string `json:"request_uris" yaml:"request_uris"`

	// Boolean parameter indicating whether the only means of initiating an authorization request the client is allowed to use is PAR.
	RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests,omitempty" yaml:"require_pushed_authorization_requests,omitempty"`

	// response types
	ResponseTypes ResponseTypes `json:"response_types,omitempty" yaml:"response_types,omitempty"`

	// A revocation endpoint authentication method configured for the client application (read-only).
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// SecureAuth supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: ["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt","self_signed_tls_client_auth","tls_client_auth","none"]
	RevocationEndpointAuthMethod string `json:"revocation_endpoint_auth_method,omitempty" yaml:"revocation_endpoint_auth_method,omitempty"`

	// Space-separated list of scopes for compatibility with the OAuth specification.
	// Example: email offline_access openid
	Scope string `json:"scope,omitempty" yaml:"scope,omitempty"`

	// An array of string represented scopes assigned to a client application
	// Example: ["email","offline_access","openid"]
	Scopes []string `json:"scopes" yaml:"scopes"`

	// OPTIONAL. [A URL using the HTTPS scheme](https://openid.net/specs/openid-connect-registration-1_0.html#SectorIdentifierValidation).
	// It must reference a JSON file with the array of `redirect_uri` values.
	//
	// Pass this parameter when you use multiple domains in your `redirect_uris` or need a mechanism to allow changes in
	// domain without affecting consumer consent.
	//
	// [Read more](https://openid.net/specs/openid-connect-core-1_0.html)
	SectorIdentifierURI string `json:"sector_identifier_uri,omitempty" yaml:"sector_identifier_uri,omitempty"`

	// A unique identifier string (e.g., a Universally Unique Identifier
	// (UUID)) assigned by the client developer or software publisher.
	//
	// The `software_id` MUST remain the same across
	// multiple updates or versions of the same software package. The
	// value of this field is not intended to be human-readable and is
	// usually opaque to the client and authorization server.
	SoftwareID string `json:"software_id,omitempty" yaml:"software_id,omitempty"`

	// A digitally signed or MACed JSON Web Token (JWT) [RFC7519] that
	// asserts metadata values about the client software.  In some cases,
	// a software statement is issued directly by the client
	// developer.  In other cases, a software statement is issued by
	// a third-party organization for use by the client developer.
	//
	// In both cases, the trust relationship the authorization server has
	// with the issuer of the software statement is intended to be used
	// as an input to the evaluation of whether the registration request
	// is accepted.
	//
	// A software statement can be presented to an
	// authorization server as part of the client registration request.
	SoftwareStatement string `json:"software_statement,omitempty" yaml:"software_statement,omitempty"`

	// A version identifier string for the client software identified by
	// `software_id`. The value of the `software_version` MUST be changed
	// with any update of the client software identified by the same
	// `software_id`.
	SoftwareVersion string `json:"software_version,omitempty" yaml:"software_version,omitempty"`

	// Subject identifier type
	//
	// Stores information if the subject identifier is of the `public` or the `pairwise` type.
	//
	// Subject identifiers identify an end-user. They are locally unique and never reassigned within the Issuer,
	// and are intended to be consumed by client applications. There are two types
	// of subject identifiers: `public` and `pairwise`.
	//
	// For the `public` type, the value of the `sub` (subject) token claim is the same for all clients.
	//
	// For the `pairwise` type, a different `sub` (subject) token claim is provided for each client.
	// Using the `pairwise` subject identifier makes it impossible for client applications to correlate the end-user's
	// activity without their permission.
	// Example: public
	// Enum: ["public","pairwise"]
	SubjectType string `json:"subject_type,omitempty" yaml:"subject_type,omitempty"`

	// A string containing the value of an expected dNSName SAN entry in the certificate.
	TLSClientAuthSanDNS string `json:"tls_client_auth_san_dns,omitempty" yaml:"tls_client_auth_san_dns,omitempty"`

	// A string containing the value of an expected rfc822Name SAN entry in the certificate.
	TLSClientAuthSanEmail string `json:"tls_client_auth_san_email,omitempty" yaml:"tls_client_auth_san_email,omitempty"`

	// A string representation of an IP address in either dotted decimal notation (for IPv4) or colon-delimited hexadecimal (for IPv6, as defined in [RFC5952]) that is expected to be present as an iPAddress SAN entry in the certificate.
	TLSClientAuthSanIP string `json:"tls_client_auth_san_ip,omitempty" yaml:"tls_client_auth_san_ip,omitempty"`

	// A string containing the value of an expected uniformResourceIdentifier SAN entry in the certificate.
	TLSClientAuthSanURI string `json:"tls_client_auth_san_uri,omitempty" yaml:"tls_client_auth_san_uri,omitempty"`

	// An [RFC4514] string representation of the expected subject distinguished name of the certificate.
	TLSClientAuthSubjectDn string `json:"tls_client_auth_subject_dn,omitempty" yaml:"tls_client_auth_subject_dn,omitempty"`

	// Boolean value indicating server support for mutual TLS client certificate-bound access tokens. If omitted, the default value is "false".
	TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens,omitempty" yaml:"tls_client_certificate_bound_access_tokens,omitempty"`

	// Token endpoint authentication method configured for a client application
	//
	// SecureAuth supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// To learn more, go to the Authorization Basics > Client Authentication section of this guide.
	// Example: client_secret_basic
	// Enum: ["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt","self_signed_tls_client_auth","tls_client_auth","none","unspecified"]
	TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty" yaml:"token_endpoint_auth_method,omitempty"`

	// Signing algorithm for the token endpoint
	//
	// This field is optional. If empty, a client can use any algorithm supported by the server (see `token_endpoint_auth_signing_alg_values_supported` in the well-known endpoing).
	//
	// If provided, depending on the server configuration, client can use of one: HS256, RS256, ES256, PS256 algorithms.
	//
	// If your token endpoint authentication is set to the `private_key_jwt` method, the
	// `token_endpoint_auth_signing_alg` parameter must be either RS256, ES256, or PS256.
	//
	// If your token endpoint authentication is set to the `client_secret_jwt` method,
	// the `token_endpoint_auth_signing_alg` parameter must be HS256.
	// Example: ES256
	// Enum: ["RS256","ES256","PS256","HS256",""]
	TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg,omitempty" yaml:"token_endpoint_auth_signing_alg,omitempty"`

	// token exchange
	TokenExchange *ClientTokenExchangeConfiguration `json:"token_exchange,omitempty" yaml:"token_exchange,omitempty"`

	// Terms of Service URL.
	TosURI string `json:"tos_uri,omitempty" yaml:"tos_uri,omitempty"`

	// Date when the client application was updated.
	// Example: 2022-05-08T01:11:51.1262916Z
	// Format: date-time
	UpdatedAt strfmt.DateTime `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`

	// JWS alg algorithm REQUIRED for signing UserInfo Responses.
	//
	// If specified, the response is a JWT serialized and signed with JWS.
	//
	// If omitted, then by default, UserInfo Response returns the Claims
	// as an UTF-8 encoded JSON object using the application/json content-type.
	// Example: none
	// Enum: ["none","RS256","ES256"]
	UserinfoSignedResponseAlg string `json:"userinfo_signed_response_alg,omitempty" yaml:"userinfo_signed_response_alg,omitempty"`
}

type CDRDynamicClientRegistrationResponse struct {

	// agent capability
	AgentCapability AgentCapability `json:"agent_capability,omitempty" yaml:"agent_capability,omitempty"`

	// Application URL
	AppURL string `json:"app_url,omitempty" yaml:"app_url,omitempty"`

	// Application purpose
	// Example: signle_page
	// Enum: ["single_page","server_web","mobile_desktop","service","legacy","custom","saml","ai_agent"]
	ApplicationPurpose string `json:"application_purpose,omitempty" yaml:"application_purpose,omitempty"`

	// The client application type.
	//
	// Client applications can be either of a `web` or `native` types.
	//
	// Web applications include clients like server web applications or service apps.
	//
	// Native applications include single-page applications (SPAs) and mobile or desktop
	// applications.
	//
	// Apply security measures according to the type of your application.
	// Example: web
	ApplicationType string `json:"application_type,omitempty" yaml:"application_type,omitempty"`

	// An array of dynamically calculated application types that can be used for filtering
	// Example: ["single_page","server_web","mobile_desktop","service","legacy","dcr"]
	// Read Only: true
	ApplicationTypes []string `json:"application_types" yaml:"application_types"`

	// Identity of the intended recipients (the audience).
	//
	// Typically, the audience is a single resource server or a list of resource servers.
	//
	// It is considered a good practice to limit the audience of the token for security purposes.
	Audience []string `json:"audience" yaml:"audience"`

	// Authorization details types
	//
	// Indicates what authorization details types the client can use.
	AuthorizationDetailsTypes []AuthorizationDetailType `json:"authorization_details_types" yaml:"authorization_details_types"`

	// Algorithm used for encrypting authorization responses.
	//
	// If both signing and encryption are requested, the response is first signed, and then encrypted.
	// As a result, a Nested JWT is obtained, as defined in JWT [RFC7519].
	//
	// If omitted, no encryption is applied by default.
	// Example: RSA-OAEP-256
	// Enum: ["RSA-OAEP","RSA-OAEP-256"]
	AuthorizationEncryptedResponseAlg string `json:"authorization_encrypted_response_alg,omitempty" yaml:"authorization_encrypted_response_alg,omitempty"`

	// Algorithm used for encrypting authorization responses.
	//
	// With `authorization_encrypted_response_alg` specified, the default value is `A128CBC-HS256`.
	// When `authorization_encrypted_response_enc` is included, `authorization_encrypted_response_alg`
	// MUST also be provided in a request.
	// Example: A128CBC-HS256
	// Enum: ["A256GCM","A128CBC-HS256"]
	AuthorizationEncryptedResponseEnc string `json:"authorization_encrypted_response_enc,omitempty" yaml:"authorization_encrypted_response_enc,omitempty"`

	// Algorithm used for signing authorization responses.
	//
	// With this parameter specified, the response is signed using JWS and according to the configured algorithm.
	//
	// `none` isn't allowed.
	// Example: RS256
	AuthorizationSignedResponseAlg string `json:"authorization_signed_response_alg,omitempty" yaml:"authorization_signed_response_alg,omitempty"`

	// OPTIONAL. The JWS alg algorithm value used by the client application to sign authentication requests.
	//
	// When omitted, the client application doesn't send signed authentication requests.
	BackchannelAuthenticationRequestSigningAlg string `` /* 127-byte string literal not displayed */

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type, and the token
	// delivery mode is set to `ping` or `push`.
	//
	// This parameter is the endpoint where an OP (OpenID Provider) posts a notification after end-user authentication.
	//
	// Input: an HTTPS URL.
	BackchannelClientNotificationEndpoint string `json:"backchannel_client_notification_endpoint,omitempty" yaml:"backchannel_client_notification_endpoint,omitempty"`

	// Boolean value specifying whether the RP requires that a sid (session ID) claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used.
	BackchannelLogoutSessionRequired bool `json:"backchannel_logout_session_required,omitempty" yaml:"backchannel_logout_session_required,omitempty"`

	// RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
	BackchannelLogoutURI string `json:"backchannel_logout_uri,omitempty" yaml:"backchannel_logout_uri,omitempty"`

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type.
	//
	// Input: `poll`, `ping`, or `push`.
	BackchannelTokenDeliveryMode string `json:"backchannel_token_delivery_mode,omitempty" yaml:"backchannel_token_delivery_mode,omitempty"`

	// OPTIONAL. A boolean value indicating the `user_code` parameter support by the client application.
	//
	// If omitted, the default value is `false`.
	//
	// This applies only when the `backchannel_user_code_parameter_supported` OP parameter is `true`.
	BackchannelUserCodeParameter bool `json:"backchannel_user_code_parameter,omitempty" yaml:"backchannel_user_code_parameter,omitempty"`

	// Base64 encoded certicate in PEM format that will be automatically converted and stored in jwks
	//
	// It is used only as an input parameter for the Create / Import Client.
	Certificate string `json:"certificate,omitempty" yaml:"certificate,omitempty"`

	// Human-readable string name of the software product description to be presented to the end user during authorization
	ClientDescription string `json:"client_description,omitempty" yaml:"client_description,omitempty"`

	// OAuth client application identifier
	//
	// If not provided, a random client ID is generated.
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// The client identifier time of issue.
	//
	// The value is the number of seconds between 1970-01-01T00:00:00Z (UTC) and the date/time of issue.
	ClientIDIssuedAt int64 `json:"client_id_issued_at,omitempty" yaml:"client_id_issued_at,omitempty"`

	// Human-readable name of a client application.
	// Example: My app
	ClientName string `json:"client_name,omitempty" yaml:"client_name,omitempty"`

	// OAuth client secret
	//
	// If not provided, a random client secret is generated.
	// Min Length: 32
	ClientSecret string `json:"client_secret,omitempty" yaml:"client_secret,omitempty"`

	// The client secret expiration time.
	//
	// If the client secret does not expire, `client_secret_expires_at` = `0`.
	ClientSecretExpiresAt int64 `json:"client_secret_expires_at,omitempty" yaml:"client_secret_expires_at,omitempty"`

	// Defines whether the client application is active or not.
	//
	// Only clients with the `Active` status can preform authorization, authentication, and PAR requests.
	// Enum: ["active","inactive"]
	ClientStatus string `json:"client_status,omitempty" yaml:"client_status,omitempty"`

	// URI of a client application.
	ClientURI string `json:"client_uri,omitempty" yaml:"client_uri,omitempty"`

	// Date when the client application was created.
	// Example: 2022-04-07T19:17:31.323187Z
	// Format: date-time
	CreatedAt strfmt.DateTime `json:"created_at,omitempty" yaml:"created_at,omitempty"`

	// default ACR values
	// list of ACR values that will be implicitly requested for the client if not explicitly specified
	DefaultAcrValues []string `json:"default_acr_values" yaml:"default_acr_values"`

	// Description of the client application.
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// Optional developer owner of the client application.
	DeveloperID string `json:"developer_id,omitempty" yaml:"developer_id,omitempty"`

	// Boolean value specifying whether the client always uses DPoP for token requests
	// If true, the authorization server will reject token requests from this client that do not contain the DPoP header.
	DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens,omitempty" yaml:"dpop_bound_access_tokens,omitempty"`

	// dynamically registered
	DynamicallyRegistered bool `json:"dynamically_registered,omitempty" yaml:"dynamically_registered,omitempty"`

	// An array of allowed OAuth client grant types.
	//
	// The `grantTypes` array stores OAuth flows that are allowed for a given client application.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-grant-types/grant-types-overview/) about grant types.
	// Example: ["password","refresh_token","client_credentials","implicit","authorization_code"]
	GrantTypes []string `json:"grant_types" yaml:"grant_types"`

	// An array of hashed rotated client secrets
	HashedRotatedSecrets []string `json:"hashed_rotated_secrets" yaml:"hashed_rotated_secrets"`

	// Hashed client secret
	//
	// Hashing client secrets provides additional security for your secrets storage as it hides
	// plaintext secrets from being viewed both in the UI and the database.
	HashedSecret string `json:"hashed_secret,omitempty" yaml:"hashed_secret,omitempty"`

	// JWE alg algorithm for encrypting the ID token issued to this client application.
	// Enum: ["RSA-OAEP","RSA-OAEP-256"]
	IDTokenEncryptedResponseAlg string `json:"id_token_encrypted_response_alg,omitempty" yaml:"id_token_encrypted_response_alg,omitempty"`

	// JWE enc algorithm for encrypting the ID token issued to this client application.
	// Enum: ["A256GCM","A128CBC-HS256"]
	IDTokenEncryptedResponseEnc string `json:"id_token_encrypted_response_enc,omitempty" yaml:"id_token_encrypted_response_enc,omitempty"`

	// Algorithm for signing ID tokens issued for a client application.
	//
	// The default value depends on authorization server configuration.
	// Example: ES256
	// Enum: ["RS256","ES256","PS256"]
	IDTokenSignedResponseAlg string `json:"id_token_signed_response_alg,omitempty" yaml:"id_token_signed_response_alg,omitempty"`

	// An introspection endpoint authentication method configured for the client application (read-only).
	//
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// SecureAuth supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: ["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt","self_signed_tls_client_auth","tls_client_auth","none"]
	IntrospectionEndpointAuthMethod string `json:"introspection_endpoint_auth_method,omitempty" yaml:"introspection_endpoint_auth_method,omitempty"`

	// jwks
	Jwks *ClientJWKs `json:"jwks,omitempty" yaml:"jwks,omitempty"`

	// A URL of JSON Web Key Set with the public keys used by a client application to authenticate to SecureAuth.
	JwksURI string `json:"jwks_uri,omitempty" yaml:"jwks_uri,omitempty"`

	// A unique identifier string assigned by the CDR Register that identifies the Accredited Data Recipient Legal Entity
	LegalEntityID string `json:"legal_entity_id,omitempty" yaml:"legal_entity_id,omitempty"`

	// Human-readable string name of the Accredited Data Recipient Legal Entity
	LegalEntityName string `json:"legal_entity_name,omitempty" yaml:"legal_entity_name,omitempty"`

	// Logo URI.
	LogoURI string `json:"logo_uri,omitempty" yaml:"logo_uri,omitempty"`

	// A unique identifier string assigned by the CDR Register that identifies the Accredited Data Recipient Brand
	OrgID string `json:"org_id,omitempty" yaml:"org_id,omitempty"`

	// Human-readable string name of the Accredited Data Recipient Brand to be presented to the end user during authorization
	OrgName string `json:"org_name,omitempty" yaml:"org_name,omitempty"`

	// External organization identifier. It is a unique string assigned by the CDR Register to identify an Accredited
	// Data Recipient Brand.
	//
	// The value obtained is used as the `aud` claim for message signing, for example, when a JSON Web Token (JWT) is
	// required for authorization, and represents the audience(s) the JWT is intended for.
	// Example: 5647fe90-f6bc-11eb-9a03-0242ac130003
	OrganisationID string `json:"organisation_id,omitempty" yaml:"organisation_id,omitempty"`

	// Policy URL to read about how the profile data is used.
	PolicyURI string `json:"policy_uri,omitempty" yaml:"policy_uri,omitempty"`

	// Array of URLs to which a relying party may request that the user be redirected after a logout has been performed.
	PostLogoutRedirectUris []string `json:"post_logout_redirect_uris" yaml:"post_logout_redirect_uris"`

	// privacy
	Privacy *ClientPrivacy `json:"privacy,omitempty" yaml:"privacy,omitempty"`

	// Base URI for the Consumer Data Standard Data Recipient endpoints. This SHOULD be the base to provide reference to all other Data Recipient Endpoints
	RecipientBaseURI string `json:"recipient_base_uri,omitempty" yaml:"recipient_base_uri,omitempty"`

	// redirect uris
	RedirectUris RedirectURIs `json:"redirect_uris,omitempty" yaml:"redirect_uris,omitempty"`

	// Optional JWE alg algorithm the client is declaring that it may use for encrypting Request Objects
	// Example: RSA-OAEP
	// Enum: ["RSA-OAEP","RSA-OAEP-256"]
	RequestObjectEncryptionAlg string `json:"request_object_encryption_alg,omitempty" yaml:"request_object_encryption_alg,omitempty"`

	// Optional JWE enc algorithm the client is declaring that it may use for encrypting Request Objects
	// When `request_object_encryption_enc` is included, `request_object_encryption_alg` MUST also be provided.
	// Example: A256GCM
	// Enum: ["A256GCM","A128CBC-HS256"]
	RequestObjectEncryptionEnc string `json:"request_object_encryption_enc,omitempty" yaml:"request_object_encryption_enc,omitempty"`

	// Request object signing algorithm for the token endpoint
	//
	// SecureAuth supports signing tokens with the RS256, ES256, and PS256 algorithms. If you do not want
	// to use a signing algorithm, set the value of this parameter to `none`.
	// Example: none
	// Enum: ["any","none","RS256","ES256","PS256"]
	RequestObjectSigningAlg string `json:"request_object_signing_alg,omitempty" yaml:"request_object_signing_alg,omitempty"`

	// Array of absolute URIs that points to the Request Object that holds authorization request parameters.
	RequestUris []string `json:"request_uris" yaml:"request_uris"`

	// Boolean parameter indicating whether the only means of initiating an authorization request the client is allowed to use is PAR.
	RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests,omitempty" yaml:"require_pushed_authorization_requests,omitempty"`

	// response types
	ResponseTypes ResponseTypes `json:"response_types,omitempty" yaml:"response_types,omitempty"`

	// A revocation endpoint authentication method configured for the client application (read-only).
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// SecureAuth supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: ["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt","self_signed_tls_client_auth","tls_client_auth","none"]
	RevocationEndpointAuthMethod string `json:"revocation_endpoint_auth_method,omitempty" yaml:"revocation_endpoint_auth_method,omitempty"`

	// URI string that references the location of the Software Product consent revocation endpoint as per Consumer Data Standards Endpoints
	RevocationURI string `json:"revocation_uri,omitempty" yaml:"revocation_uri,omitempty"`

	// An array of rotated OAuth client secrets
	RotatedSecrets []string `json:"rotated_secrets" yaml:"rotated_secrets"`

	// Space-separated list of scopes for compatibility with the OAuth specification.
	// Example: email offline_access openid
	Scope string `json:"scope,omitempty" yaml:"scope,omitempty"`

	// An array of string represented scopes assigned to a client application
	// Example: ["email","offline_access","openid"]
	Scopes []string `json:"scopes" yaml:"scopes"`

	// OPTIONAL. [A URL using the HTTPS scheme](https://openid.net/specs/openid-connect-registration-1_0.html#SectorIdentifierValidation).
	// It must reference a JSON file with the array of `redirect_uri` values.
	//
	// Pass this parameter when you use multiple domains in your `redirect_uris` or need a mechanism to allow changes in
	// domain without affecting consumer consent.
	//
	// [Read more](https://openid.net/specs/openid-connect-core-1_0.html)
	SectorIdentifierURI string `json:"sector_identifier_uri,omitempty" yaml:"sector_identifier_uri,omitempty"`

	// String representing a unique identifier assigned by the Register and used by registration endpoints to identify the software product to be dynamically registered.
	//
	// The software_id will remain the same across multiple updates or versions of the same piece of software.
	// The software_id SHOULD be used as the primary external identifier for the client to prevent duplicate client registrations
	SoftwareID string `json:"software_id,omitempty" yaml:"software_id,omitempty"`

	// String containing a role of the software in the CDR Regime. Initially the only value used with be “data-recipient-software-product”
	SoftwareRoles string `json:"software_roles,omitempty" yaml:"software_roles,omitempty"`

	// software statement
	SoftwareStatement string `json:"software_statement,omitempty" yaml:"software_statement,omitempty"`

	// A version identifier string for the client software identified by
	// `software_id`. The value of the `software_version` MUST be changed
	// with any update of the client software identified by the same
	// `software_id`.
	SoftwareVersion string `json:"software_version,omitempty" yaml:"software_version,omitempty"`

	// Subject identifier type
	//
	// Stores information if the subject identifier is of the `public` or the `pairwise` type.
	//
	// Subject identifiers identify an end-user. They are locally unique and never reassigned within the Issuer,
	// and are intended to be consumed by client applications. There are two types
	// of subject identifiers: `public` and `pairwise`.
	//
	// For the `public` type, the value of the `sub` (subject) token claim is the same for all clients.
	//
	// For the `pairwise` type, a different `sub` (subject) token claim is provided for each client.
	// Using the `pairwise` subject identifier makes it impossible for client applications to correlate the end-user's
	// activity without their permission.
	// Example: public
	// Enum: ["public","pairwise"]
	SubjectType string `json:"subject_type,omitempty" yaml:"subject_type,omitempty"`

	// Defines whether the client application is a system tenant's application or not.
	System bool `json:"system,omitempty" yaml:"system,omitempty"`

	// A string containing the value of an expected dNSName SAN entry in the certificate.
	TLSClientAuthSanDNS string `json:"tls_client_auth_san_dns,omitempty" yaml:"tls_client_auth_san_dns,omitempty"`

	// A string containing the value of an expected rfc822Name SAN entry in the certificate.
	TLSClientAuthSanEmail string `json:"tls_client_auth_san_email,omitempty" yaml:"tls_client_auth_san_email,omitempty"`

	// A string representation of an IP address in either dotted decimal notation (for IPv4) or colon-delimited hexadecimal (for IPv6, as defined in [RFC5952]) that is expected to be present as an iPAddress SAN entry in the certificate.
	TLSClientAuthSanIP string `json:"tls_client_auth_san_ip,omitempty" yaml:"tls_client_auth_san_ip,omitempty"`

	// A string containing the value of an expected uniformResourceIdentifier SAN entry in the certificate.
	TLSClientAuthSanURI string `json:"tls_client_auth_san_uri,omitempty" yaml:"tls_client_auth_san_uri,omitempty"`

	// An [RFC4514] string representation of the expected subject distinguished name of the certificate.
	TLSClientAuthSubjectDn string `json:"tls_client_auth_subject_dn,omitempty" yaml:"tls_client_auth_subject_dn,omitempty"`

	// Boolean value indicating server support for mutual TLS client certificate-bound access tokens. If omitted, the default value is "false".
	TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens,omitempty" yaml:"tls_client_certificate_bound_access_tokens,omitempty"`

	// Token endpoint authentication method configured for a client application
	//
	// SecureAuth supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// To learn more, go to the Authorization Basics > Client Authentication section of this guide.
	// Example: client_secret_basic
	// Enum: ["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt","self_signed_tls_client_auth","tls_client_auth","none","unspecified"]
	TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty" yaml:"token_endpoint_auth_method,omitempty"`

	// Signing algorithm for the token endpoint
	//
	// This field is optional. If empty, a client can use any algorithm supported by the server (see `token_endpoint_auth_signing_alg_values_supported` in the well-known endpoing).
	//
	// If provided, depending on the server configuration, client can use of one: HS256, RS256, ES256, PS256 algorithms.
	//
	// If your token endpoint authentication is set to the `private_key_jwt` method, the
	// `token_endpoint_auth_signing_alg` parameter must be either RS256, ES256, or PS256.
	//
	// If your token endpoint authentication is set to the `client_secret_jwt` method,
	// the `token_endpoint_auth_signing_alg` parameter must be HS256.
	// Example: ES256
	// Enum: ["RS256","ES256","PS256","HS256",""]
	TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg,omitempty" yaml:"token_endpoint_auth_signing_alg,omitempty"`

	// token exchange
	TokenExchange *ClientTokenExchangeConfiguration `json:"token_exchange,omitempty" yaml:"token_exchange,omitempty"`

	// token ttls
	TokenTtls *TokenTTLs `json:"token_ttls,omitempty" yaml:"token_ttls,omitempty"`

	// Terms of Service URL.
	TosURI string `json:"tos_uri,omitempty" yaml:"tos_uri,omitempty"`

	// Defines whether the client application is trusted or not.
	//
	// For trusted clients, consent pages are skipped during the authorization process.
	Trusted bool `json:"trusted,omitempty" yaml:"trusted,omitempty"`

	// Date when the client application was updated.
	// Example: 2022-05-08T01:11:51.1262916Z
	// Format: date-time
	UpdatedAt strfmt.DateTime `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`

	// If enabled the client application will be able to set its own token TTLs.
	UseCustomTokenTtls bool `json:"use_custom_token_ttls,omitempty" yaml:"use_custom_token_ttls,omitempty"`

	// JWS alg algorithm REQUIRED for signing UserInfo Responses.
	//
	// If specified, the response is a JWT serialized and signed with JWS.
	//
	// If omitted, then by default, UserInfo Response returns the Claims
	// as an UTF-8 encoded JSON object using the application/json content-type.
	// Example: none
	// Enum: ["none","RS256","ES256"]
	UserinfoSignedResponseAlg string `json:"userinfo_signed_response_alg,omitempty" yaml:"userinfo_signed_response_alg,omitempty"`
}

type CDRError struct {

	// code
	Code string `json:"code,omitempty" yaml:"code,omitempty"`

	// detail
	Detail string `json:"detail,omitempty" yaml:"detail,omitempty"`

	// title
	Title string `json:"title,omitempty" yaml:"title,omitempty"`
}

type CDRErrorResponse struct {

	// errors
	Errors []*CDRError `json:"errors" yaml:"errors"`
}

type CDRRegisterClientMetadata struct {

	// Data recipient status
	DataRecipientStatus string `json:"data_recipient_status,omitempty" yaml:"data_recipient_status,omitempty"`

	// Software product status
	SoftwareProductStatus string `json:"software_product_status,omitempty" yaml:"software_product_status,omitempty"`
}

type ClaimSourceType string

type Client struct {

	// agent capability
	AgentCapability AgentCapability `json:"agent_capability,omitempty" yaml:"agent_capability,omitempty"`

	// Application URL
	AppURL string `json:"app_url,omitempty" yaml:"app_url,omitempty"`

	// Application purpose
	// Example: signle_page
	// Enum: ["single_page","server_web","mobile_desktop","service","legacy","custom","saml","ai_agent"]
	ApplicationPurpose string `json:"application_purpose,omitempty" yaml:"application_purpose,omitempty"`

	// The client application type.
	//
	// Client applications can be either of a `web` or `native` types.
	//
	// Web applications include clients like server web applications or service apps.
	//
	// Native applications include single-page applications (SPAs) and mobile or desktop
	// applications.
	//
	// Apply security measures according to the type of your application.
	// Example: web
	ApplicationType string `json:"application_type,omitempty" yaml:"application_type,omitempty"`

	// An array of dynamically calculated application types that can be used for filtering
	// Example: ["single_page","server_web","mobile_desktop","service","legacy","dcr"]
	// Read Only: true
	ApplicationTypes []string `json:"application_types" yaml:"application_types"`

	// Identity of the intended recipients (the audience).
	//
	// Typically, the audience is a single resource server or a list of resource servers.
	//
	// It is considered a good practice to limit the audience of the token for security purposes.
	Audience []string `json:"audience" yaml:"audience"`

	// Authorization details types
	//
	// Indicates what authorization details types the client can use.
	AuthorizationDetailsTypes []AuthorizationDetailType `json:"authorization_details_types" yaml:"authorization_details_types"`

	// Algorithm used for encrypting authorization responses.
	//
	// If both signing and encryption are requested, the response is first signed, and then encrypted.
	// As a result, a Nested JWT is obtained, as defined in JWT [RFC7519].
	//
	// If omitted, no encryption is applied by default.
	// Example: RSA-OAEP-256
	// Enum: ["RSA-OAEP","RSA-OAEP-256"]
	AuthorizationEncryptedResponseAlg string `json:"authorization_encrypted_response_alg,omitempty" yaml:"authorization_encrypted_response_alg,omitempty"`

	// Algorithm used for encrypting authorization responses.
	//
	// With `authorization_encrypted_response_alg` specified, the default value is `A128CBC-HS256`.
	// When `authorization_encrypted_response_enc` is included, `authorization_encrypted_response_alg`
	// MUST also be provided in a request.
	// Example: A128CBC-HS256
	// Enum: ["A256GCM","A128CBC-HS256"]
	AuthorizationEncryptedResponseEnc string `json:"authorization_encrypted_response_enc,omitempty" yaml:"authorization_encrypted_response_enc,omitempty"`

	// An authorization server (workspace) identifier holding the client application.
	// Example: default
	// Required: true
	AuthorizationServerID string `json:"authorization_server_id" yaml:"authorization_server_id"`

	// Algorithm used for signing authorization responses.
	//
	// With this parameter specified, the response is signed using JWS and according to the configured algorithm.
	//
	// `none` isn't allowed.
	// Example: RS256
	AuthorizationSignedResponseAlg string `json:"authorization_signed_response_alg,omitempty" yaml:"authorization_signed_response_alg,omitempty"`

	// OPTIONAL. The JWS alg algorithm value used by the client application to sign authentication requests.
	//
	// When omitted, the client application doesn't send signed authentication requests.
	BackchannelAuthenticationRequestSigningAlg string `` /* 127-byte string literal not displayed */

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type, and the token
	// delivery mode is set to `ping` or `push`.
	//
	// This parameter is the endpoint where an OP (OpenID Provider) posts a notification after end-user authentication.
	//
	// Input: an HTTPS URL.
	BackchannelClientNotificationEndpoint string `json:"backchannel_client_notification_endpoint,omitempty" yaml:"backchannel_client_notification_endpoint,omitempty"`

	// Boolean value specifying whether the RP requires that a sid (session ID) claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used.
	BackchannelLogoutSessionRequired bool `json:"backchannel_logout_session_required,omitempty" yaml:"backchannel_logout_session_required,omitempty"`

	// RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
	BackchannelLogoutURI string `json:"backchannel_logout_uri,omitempty" yaml:"backchannel_logout_uri,omitempty"`

	// REQUIRED for requests when the client application uses CIBA as an authorization grant type.
	//
	// Input: `poll`, `ping`, or `push`.
	BackchannelTokenDeliveryMode string `json:"backchannel_token_delivery_mode,omitempty" yaml:"backchannel_token_delivery_mode,omitempty"`

	// OPTIONAL. A boolean value indicating the `user_code` parameter support by the client application.
	//
	// If omitted, the default value is `false`.
	//
	// This applies only when the `backchannel_user_code_parameter_supported` OP parameter is `true`.
	BackchannelUserCodeParameter bool `json:"backchannel_user_code_parameter,omitempty" yaml:"backchannel_user_code_parameter,omitempty"`

	// Base64 encoded certicate in PEM format that will be automatically converted and stored in jwks
	//
	// It is used only as an input parameter for the Create / Import Client.
	Certificate string `json:"certificate,omitempty" yaml:"certificate,omitempty"`

	// OAuth client application identifier
	//
	// If not provided, a random client ID is generated.
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// The client identifier time of issue.
	//
	// The value is the number of seconds between 1970-01-01T00:00:00Z (UTC) and the date/time of issue.
	ClientIDIssuedAt int64 `json:"client_id_issued_at,omitempty" yaml:"client_id_issued_at,omitempty"`

	// Human-readable name of a client application.
	// Example: My app
	ClientName string `json:"client_name,omitempty" yaml:"client_name,omitempty"`

	// OAuth client secret
	//
	// If not provided, a random client secret is generated.
	// Min Length: 32
	ClientSecret string `json:"client_secret,omitempty" yaml:"client_secret,omitempty"`

	// The client secret expiration time.
	//
	// If the client secret does not expire, `client_secret_expires_at` = `0`.
	ClientSecretExpiresAt int64 `json:"client_secret_expires_at,omitempty" yaml:"client_secret_expires_at,omitempty"`

	// Defines whether the client application is active or not.
	//
	// Only clients with the `Active` status can preform authorization, authentication, and PAR requests.
	// Enum: ["active","inactive"]
	ClientStatus string `json:"client_status,omitempty" yaml:"client_status,omitempty"`

	// client type
	// Enum: ["oauth2","saml"]
	ClientType string `json:"client_type,omitempty" yaml:"client_type,omitempty"`

	// URI of a client application.
	ClientURI string `json:"client_uri,omitempty" yaml:"client_uri,omitempty"`

	// confirmation
	Confirmation *Confirmation `json:"confirmation,omitempty" yaml:"confirmation,omitempty"`

	// Date when the client application was created.
	// Example: 2022-04-07T19:17:31.323187Z
	// Format: date-time
	CreatedAt strfmt.DateTime `json:"created_at,omitempty" yaml:"created_at,omitempty"`

	// default ACR values
	// list of ACR values that will be implicitly requested for the client if not explicitly specified
	DefaultAcrValues []string `json:"default_acr_values" yaml:"default_acr_values"`

	// Description of the client application.
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// Optional developer owner of the client application.
	DeveloperID string `json:"developer_id,omitempty" yaml:"developer_id,omitempty"`

	// developer metadata
	DeveloperMetadata Metadata `json:"developer_metadata,omitempty" yaml:"developer_metadata,omitempty"`

	// Boolean value specifying whether the client always uses DPoP for token requests
	// If true, the authorization server will reject token requests from this client that do not contain the DPoP header.
	DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens,omitempty" yaml:"dpop_bound_access_tokens,omitempty"`

	// dynamically registered
	DynamicallyRegistered bool `json:"dynamically_registered,omitempty" yaml:"dynamically_registered,omitempty"`

	// fdx
	Fdx *FDXMetadata `json:"fdx,omitempty" yaml:"fdx,omitempty"`

	// An array of allowed OAuth client grant types.
	//
	// The `grantTypes` array stores OAuth flows that are allowed for a given client application.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-grant-types/grant-types-overview/) about grant types.
	// Example: ["password","refresh_token","client_credentials","implicit","authorization_code"]
	GrantTypes []string `json:"grant_types" yaml:"grant_types"`

	// An array of hashed rotated client secrets
	HashedRotatedSecrets []string `json:"hashed_rotated_secrets" yaml:"hashed_rotated_secrets"`

	// Hashed client secret
	//
	// Hashing client secrets provides additional security for your secrets storage as it hides
	// plaintext secrets from being viewed both in the UI and the database.
	HashedSecret string `json:"hashed_secret,omitempty" yaml:"hashed_secret,omitempty"`

	// JWE alg algorithm for encrypting the ID token issued to this client application.
	// Enum: ["RSA-OAEP","RSA-OAEP-256"]
	IDTokenEncryptedResponseAlg string `json:"id_token_encrypted_response_alg,omitempty" yaml:"id_token_encrypted_response_alg,omitempty"`

	// JWE enc algorithm for encrypting the ID token issued to this client application.
	// Enum: ["A256GCM","A128CBC-HS256"]
	IDTokenEncryptedResponseEnc string `json:"id_token_encrypted_response_enc,omitempty" yaml:"id_token_encrypted_response_enc,omitempty"`

	// Algorithm for signing ID tokens issued for a client application.
	//
	// The default value depends on authorization server configuration.
	// Example: ES256
	// Enum: ["RS256","ES256","PS256"]
	IDTokenSignedResponseAlg string `json:"id_token_signed_response_alg,omitempty" yaml:"id_token_signed_response_alg,omitempty"`

	// An introspection endpoint authentication method configured for the client application (read-only).
	//
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// SecureAuth supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: ["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt","self_signed_tls_client_auth","tls_client_auth","none"]
	IntrospectionEndpointAuthMethod string `json:"introspection_endpoint_auth_method,omitempty" yaml:"introspection_endpoint_auth_method,omitempty"`

	// jwks
	Jwks *ClientJWKs `json:"jwks,omitempty" yaml:"jwks,omitempty"`

	// A URL of JSON Web Key Set with the public keys used by a client application to authenticate to SecureAuth.
	JwksURI string `json:"jwks_uri,omitempty" yaml:"jwks_uri,omitempty"`

	// Logo URI.
	LogoURI string `json:"logo_uri,omitempty" yaml:"logo_uri,omitempty"`

	// metadata
	Metadata Metadata `json:"metadata,omitempty" yaml:"metadata,omitempty"`

	// obbr
	Obbr *OBBRMetadata `json:"obbr,omitempty" yaml:"obbr,omitempty"`

	// External organization identifier. It is a unique string assigned by the CDR Register to identify an Accredited
	// Data Recipient Brand.
	//
	// The value obtained is used as the `aud` claim for message signing, for example, when a JSON Web Token (JWT) is
	// required for authorization, and represents the audience(s) the JWT is intended for.
	// Example: 5647fe90-f6bc-11eb-9a03-0242ac130003
	OrganisationID string `json:"organisation_id,omitempty" yaml:"organisation_id,omitempty"`

	// Policy URL to read about how the profile data is used.
	PolicyURI string `json:"policy_uri,omitempty" yaml:"policy_uri,omitempty"`

	// Array of URLs to which a relying party may request that the user be redirected after a logout has been performed.
	PostLogoutRedirectUris []string `json:"post_logout_redirect_uris" yaml:"post_logout_redirect_uris"`

	// privacy
	Privacy *ClientPrivacy `json:"privacy,omitempty" yaml:"privacy,omitempty"`

	// redirect uris
	RedirectUris RedirectURIs `json:"redirect_uris,omitempty" yaml:"redirect_uris,omitempty"`

	// registration token
	RegistrationToken *RegistrationToken `json:"registration_token,omitempty" yaml:"registration_token,omitempty"`

	// Optional JWE alg algorithm the client is declaring that it may use for encrypting Request Objects
	// Example: RSA-OAEP
	// Enum: ["RSA-OAEP","RSA-OAEP-256"]
	RequestObjectEncryptionAlg string `json:"request_object_encryption_alg,omitempty" yaml:"request_object_encryption_alg,omitempty"`

	// Optional JWE enc algorithm the client is declaring that it may use for encrypting Request Objects
	// When `request_object_encryption_enc` is included, `request_object_encryption_alg` MUST also be provided.
	// Example: A256GCM
	// Enum: ["A256GCM","A128CBC-HS256"]
	RequestObjectEncryptionEnc string `json:"request_object_encryption_enc,omitempty" yaml:"request_object_encryption_enc,omitempty"`

	// Request object signing algorithm for the token endpoint
	//
	// SecureAuth supports signing tokens with the RS256, ES256, and PS256 algorithms. If you do not want
	// to use a signing algorithm, set the value of this parameter to `none`.
	// Example: none
	// Enum: ["any","none","RS256","ES256","PS256"]
	RequestObjectSigningAlg string `json:"request_object_signing_alg,omitempty" yaml:"request_object_signing_alg,omitempty"`

	// Array of absolute URIs that points to the Request Object that holds authorization request parameters.
	RequestUris []string `json:"request_uris" yaml:"request_uris"`

	// Boolean parameter indicating whether the only means of initiating an authorization request the client is allowed to use is PAR.
	RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests,omitempty" yaml:"require_pushed_authorization_requests,omitempty"`

	// response types
	ResponseTypes ResponseTypes `json:"response_types,omitempty" yaml:"response_types,omitempty"`

	// A revocation endpoint authentication method configured for the client application (read-only).
	// If empty, the `token_endpoint_auth_method` is used.
	//
	// SecureAuth supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// [Read more](https://cloudentity.com/developers/basics/oauth-client-authentication/client-authentication-overview/) about client authentication.
	// Example: client_secret_basic
	// Enum: ["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt","self_signed_tls_client_auth","tls_client_auth","none"]
	RevocationEndpointAuthMethod string `json:"revocation_endpoint_auth_method,omitempty" yaml:"revocation_endpoint_auth_method,omitempty"`

	// An array of rotated OAuth client secrets
	RotatedSecrets []string `json:"rotated_secrets" yaml:"rotated_secrets"`

	// Allowed SAML attributes
	SamlAllowedAttributes []string `json:"saml_allowed_attributes" yaml:"saml_allowed_attributes"`

	// accept ACS from SamlRequest even if it's not registered in the metadata
	SamlIdpAcceptAcsFromRequest bool `json:"saml_idp_accept_acs_from_request,omitempty" yaml:"saml_idp_accept_acs_from_request,omitempty"`

	// saml idp attributes override
	SamlIdpAttributesOverride SAMLIDPAttributesOverride `json:"saml_idp_attributes_override,omitempty" yaml:"saml_idp_attributes_override,omitempty"`

	// custom entity id
	SamlIdpCustomEntityID string `json:"saml_idp_custom_entity_id,omitempty" yaml:"saml_idp_custom_entity_id,omitempty"`

	// custom sso url
	SamlIdpCustomSsoURL string `json:"saml_idp_custom_sso_url,omitempty" yaml:"saml_idp_custom_sso_url,omitempty"`

	// enable flag
	SamlIdpOverrideEnabled bool `json:"saml_idp_override_enabled,omitempty" yaml:"saml_idp_override_enabled,omitempty"`

	// saml idp signing key
	SamlIdpSigningKey *ServerJWK `json:"saml_idp_signing_key,omitempty" yaml:"saml_idp_signing_key,omitempty"`

	// saml metadata
	SamlMetadata *EntityDescriptor `json:"saml_metadata,omitempty" yaml:"saml_metadata,omitempty"`

	// saml metadata updated at
	// Format: date-time
	SamlMetadataUpdatedAt strfmt.DateTime `json:"saml_metadata_updated_at,omitempty" yaml:"saml_metadata_updated_at,omitempty"`

	// saml metadata url
	SamlMetadataURL string `json:"saml_metadata_url,omitempty" yaml:"saml_metadata_url,omitempty"`

	// If true, then only attributes defined in saml_attributes will be used to build the SAML assertion
	SamlOverrideAttributes bool `json:"saml_override_attributes,omitempty" yaml:"saml_override_attributes,omitempty"`

	// saml service provider id
	SamlServiceProviderID string `json:"saml_service_provider_id,omitempty" yaml:"saml_service_provider_id,omitempty"`

	// SAML Assertion signing hash algorithm.
	// Example: sha-256
	// Enum: ["sha-1","sha-256","sha-512"]
	SamlSigningHash string `json:"saml_signing_hash,omitempty" yaml:"saml_signing_hash,omitempty"`

	// Allows to override the subject name id.
	SamlSubjectNameID string `json:"saml_subject_name_id,omitempty" yaml:"saml_subject_name_id,omitempty"`

	// Allows to override the subject name id format
	// Enum: ["urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified","urn:oasis:names:tc:SAML:2.0:nameid-format:transient","urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress","urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"]
	SamlSubjectNameIDFormat string `json:"saml_subject_name_id_format,omitempty" yaml:"saml_subject_name_id_format,omitempty"`

	// Space-separated list of scopes for compatibility with the OAuth specification.
	// Example: email offline_access openid
	Scope string `json:"scope,omitempty" yaml:"scope,omitempty"`

	// An array of string represented scopes assigned to a client application
	// Example: ["email","offline_access","openid"]
	Scopes []string `json:"scopes" yaml:"scopes"`

	// OPTIONAL. [A URL using the HTTPS scheme](https://openid.net/specs/openid-connect-registration-1_0.html#SectorIdentifierValidation).
	// It must reference a JSON file with the array of `redirect_uri` values.
	//
	// Pass this parameter when you use multiple domains in your `redirect_uris` or need a mechanism to allow changes in
	// domain without affecting consumer consent.
	//
	// [Read more](https://openid.net/specs/openid-connect-core-1_0.html)
	SectorIdentifierURI string `json:"sector_identifier_uri,omitempty" yaml:"sector_identifier_uri,omitempty"`

	// A unique identifier string (e.g., a Universally Unique Identifier
	// (UUID)) assigned by the client developer or software publisher.
	//
	// The `software_id` MUST remain the same across
	// multiple updates or versions of the same software package. The
	// value of this field is not intended to be human-readable and is
	// usually opaque to the client and authorization server.
	SoftwareID string `json:"software_id,omitempty" yaml:"software_id,omitempty"`

	// A digitally signed or MACed JSON Web Token (JWT) [RFC7519] that
	// asserts metadata values about the client software.  In some cases,
	// a software statement is issued directly by the client
	// developer.  In other cases, a software statement is issued by
	// a third-party organization for use by the client developer.
	//
	// In both cases, the trust relationship the authorization server has
	// with the issuer of the software statement is intended to be used
	// as an input to the evaluation of whether the registration request
	// is accepted.
	//
	// A software statement can be presented to an
	// authorization server as part of the client registration request.
	SoftwareStatement string `json:"software_statement,omitempty" yaml:"software_statement,omitempty"`

	// software statement payload
	SoftwareStatementPayload Metadata `json:"software_statement_payload,omitempty" yaml:"software_statement_payload,omitempty"`

	// A version identifier string for the client software identified by
	// `software_id`. The value of the `software_version` MUST be changed
	// with any update of the client software identified by the same
	// `software_id`.
	SoftwareVersion string `json:"software_version,omitempty" yaml:"software_version,omitempty"`

	// Subject identifier type
	//
	// Stores information if the subject identifier is of the `public` or the `pairwise` type.
	//
	// Subject identifiers identify an end-user. They are locally unique and never reassigned within the Issuer,
	// and are intended to be consumed by client applications. There are two types
	// of subject identifiers: `public` and `pairwise`.
	//
	// For the `public` type, the value of the `sub` (subject) token claim is the same for all clients.
	//
	// For the `pairwise` type, a different `sub` (subject) token claim is provided for each client.
	// Using the `pairwise` subject identifier makes it impossible for client applications to correlate the end-user's
	// activity without their permission.
	// Example: public
	// Enum: ["public","pairwise"]
	SubjectType string `json:"subject_type,omitempty" yaml:"subject_type,omitempty"`

	// Defines whether the client application is a system tenant's application or not.
	System bool `json:"system,omitempty" yaml:"system,omitempty"`

	// ID of a tenant where the client application is added
	// Example: default
	// Required: true
	TenantID string `json:"tenant_id" yaml:"tenant_id"`

	// A string containing the value of an expected dNSName SAN entry in the certificate.
	TLSClientAuthSanDNS string `json:"tls_client_auth_san_dns,omitempty" yaml:"tls_client_auth_san_dns,omitempty"`

	// A string containing the value of an expected rfc822Name SAN entry in the certificate.
	TLSClientAuthSanEmail string `json:"tls_client_auth_san_email,omitempty" yaml:"tls_client_auth_san_email,omitempty"`

	// A string representation of an IP address in either dotted decimal notation (for IPv4) or colon-delimited hexadecimal (for IPv6, as defined in [RFC5952]) that is expected to be present as an iPAddress SAN entry in the certificate.
	TLSClientAuthSanIP string `json:"tls_client_auth_san_ip,omitempty" yaml:"tls_client_auth_san_ip,omitempty"`

	// A string containing the value of an expected uniformResourceIdentifier SAN entry in the certificate.
	TLSClientAuthSanURI string `json:"tls_client_auth_san_uri,omitempty" yaml:"tls_client_auth_san_uri,omitempty"`

	// An [RFC4514] string representation of the expected subject distinguished name of the certificate.
	TLSClientAuthSubjectDn string `json:"tls_client_auth_subject_dn,omitempty" yaml:"tls_client_auth_subject_dn,omitempty"`

	// Boolean value indicating server support for mutual TLS client certificate-bound access tokens. If omitted, the default value is "false".
	TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens,omitempty" yaml:"tls_client_certificate_bound_access_tokens,omitempty"`

	// Token endpoint authentication method configured for a client application
	//
	// SecureAuth supports the following client authentication methods:
	// `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt`,
	// `self_signed_tls_client_auth`, `tls_client_auth`, `none`.
	//
	// To learn more, go to the Authorization Basics > Client Authentication section of this guide.
	// Example: client_secret_basic
	// Enum: ["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt","self_signed_tls_client_auth","tls_client_auth","none","unspecified"]
	TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty" yaml:"token_endpoint_auth_method,omitempty"`

	// Signing algorithm for the token endpoint
	//
	// This field is optional. If empty, a client can use any algorithm supported by the server (see `token_endpoint_auth_signing_alg_values_supported` in the well-known endpoing).
	//
	// If provided, depending on the server configuration, client can use of one: HS256, RS256, ES256, PS256 algorithms.
	//
	// If your token endpoint authentication is set to the `private_key_jwt` method, the
	// `token_endpoint_auth_signing_alg` parameter must be either RS256, ES256, or PS256.
	//
	// If your token endpoint authentication is set to the `client_secret_jwt` method,
	// the `token_endpoint_auth_signing_alg` parameter must be HS256.
	// Example: ES256
	// Enum: ["RS256","ES256","PS256","HS256",""]
	TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg,omitempty" yaml:"token_endpoint_auth_signing_alg,omitempty"`

	// token exchange
	TokenExchange *ClientTokenExchangeConfiguration `json:"token_exchange,omitempty" yaml:"token_exchange,omitempty"`

	// token ttls
	TokenTtls *TokenTTLs `json:"token_ttls,omitempty" yaml:"token_ttls,omitempty"`

	// Terms of Service URL.
	TosURI string `json:"tos_uri,omitempty" yaml:"tos_uri,omitempty"`

	// Defines whether the client application is trusted or not.
	//
	// For trusted clients, consent pages are skipped during the authorization process.
	Trusted bool `json:"trusted,omitempty" yaml:"trusted,omitempty"`

	// Date when the client application was updated.
	// Example: 2022-05-08T01:11:51.1262916Z
	// Format: date-time
	UpdatedAt strfmt.DateTime `json:"updated_at,omitempty" yaml:"updated_at,omitempty"`

	// If enabled the client application will be able to set its own token TTLs.
	UseCustomTokenTtls bool `json:"use_custom_token_ttls,omitempty" yaml:"use_custom_token_ttls,omitempty"`

	// JWS alg algorithm REQUIRED for signing UserInfo Responses.
	//
	// If specified, the response is a JWT serialized and signed with JWS.
	//
	// If omitted, then by default, UserInfo Response returns the Claims
	// as an UTF-8 encoded JSON object using the application/json content-type.
	// Example: none
	// Enum: ["none","RS256","ES256"]
	UserinfoSignedResponseAlg string `json:"userinfo_signed_response_alg,omitempty" yaml:"userinfo_signed_response_alg,omitempty"`
}

type ClientInfo struct {

	// Human-readable name of a client application.
	// Example: My app
	ClientName string `json:"client_name,omitempty" yaml:"client_name,omitempty"`

	// URI of a client application.
	ClientURI string `json:"client_uri,omitempty" yaml:"client_uri,omitempty"`

	// Description of the client application.
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// Logo URI.
	LogoURI string `json:"logo_uri,omitempty" yaml:"logo_uri,omitempty"`

	// External organization identifier. It is a unique string assigned by the CDR Register to identify an Accredited
	// Data Recipient Brand.
	//
	// The value obtained is used as the `aud` claim for message signing, for example, when a JSON Web Token (JWT) is
	// required for authorization, and represents the audience(s) the JWT is intended for.
	// Example: 5647fe90-f6bc-11eb-9a03-0242ac130003
	OrganisationID string `json:"organisation_id,omitempty" yaml:"organisation_id,omitempty"`

	// Policy URL to read about how the profile data is used.
	PolicyURI string `json:"policy_uri,omitempty" yaml:"policy_uri,omitempty"`

	// Terms of Service URL.
	TosURI string `json:"tos_uri,omitempty" yaml:"tos_uri,omitempty"`
}

type ClientJWK struct {

	// The "alg" (algorithm) parameter identifies the algorithm intended for
	// use with the key.  The values used should either be registered in the
	// IANA "JSON Web Signature and Encryption Algorithms" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.
	// Example: RS256
	Alg string `json:"alg,omitempty" yaml:"alg,omitempty"`

	// crv
	// Example: P-256
	Crv string `json:"crv,omitempty" yaml:"crv,omitempty"`

	// d
	// Example: T_N8I-6He3M8a7X1vWt6TGIx4xB_GP3Mb4SsZSA4v-orvJzzRiQhLlRR81naWYxfQAYt5isDI6_C2L9bdWo4FFPjGQFvNoRX-_sBJyBI_rl-TBgsZYoUlAj3J92WmY2inbA-PwyJfsaIIDceYBC-eX-xiCu6qMqkZi3MwQAFL6bMdPEM0z4JBcwFT3VdiWAIRUuACWQwrXMq672x7fMuaIaHi7XDGgt1ith23CLfaREmJku9PQcchbt_uEY-hqrFY6ntTtS4paWWQj86xLL94S-Tf6v6xkL918PfLSOTq6XCzxvlFwzBJqApnAhbwqLjpPhgUG04EDRrqrSBc5Y1BLevn6Ip5h1AhessBp3wLkQgz_roeckt-ybvzKTjESMuagnpqLvOT7Y9veIug2MwPJZI2VjczRc1vzMs25XrFQ8DpUy-bNdp89TmvAXwctUMiJdgHloJw23Cv03gIUAkDnsTqZmkpbIf-crpgNKFmQP_EDKoe8p_PXZZgfbRri3NoEVGP7Mk6yEu8LjJhClhZaBNjuWw2-KlBfOA3g79mhfBnkInee5KO9mGR50qPk1V-MorUYNTFMZIm0kFE6eYVWFBwJHLKYhHU34DoiK1VP-svZpC2uAMFNA_UJEwM9CQ2b8qe4-5e9aywMvwcuArRkAB5mBIfOaOJao3mfukKAE
	D string `json:"d,omitempty" yaml:"d,omitempty"`

	// dp
	// Example: G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0
	Dp string `json:"dp,omitempty" yaml:"dp,omitempty"`

	// dq
	// Example: s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk
	Dq string `json:"dq,omitempty" yaml:"dq,omitempty"`

	// e
	// Example: AQAB
	E string `json:"e,omitempty" yaml:"e,omitempty"`

	// k
	// Example: GawgguFyGrWKav7AX4VKUg
	K string `json:"k,omitempty" yaml:"k,omitempty"`

	// The "kid" (key ID) parameter is used to match a specific key.  This
	// is used, for instance, to choose among a set of keys within a JWK Set
	// during key rollover.  The structure of the "kid" value is
	// unspecified.  When "kid" values are used within a JWK Set, different
	// keys within the JWK Set SHOULD use distinct "kid" values.  (One
	// example in which different keys might use the same "kid" value is if
	// they have different "kty" (key type) values but are considered to be
	// equivalent alternatives by the application using them.)  The "kid"
	// value is a case-sensitive string.
	// Example: 1603dfe0af8f4596
	Kid string `json:"kid,omitempty" yaml:"kid,omitempty"`

	// The "kty" (key type) parameter identifies the cryptographic algorithm
	// family used with the key, such as "RSA" or "EC". "kty" values should
	// either be registered in the IANA "JSON Web Key Types" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.  The "kty" value is a case-sensitive string.
	// Example: RSA
	// Required: true
	Kty string `json:"kty" yaml:"kty"`

	// n
	// Example: vTqrxUyQPl_20aqf5kXHwDZrel-KovIp8s7ewJod2EXHl8tWlRB3_Rem34KwBfqlKQGp1nqah-51H4Jzruqe0cFP58hPEIt6WqrvnmJCXxnNuIB53iX_uUUXXHDHBeaPCSRoNJzNysjoJ30TIUsKBiirhBa7f235PXbKiHducLevV6PcKxJ5cY8zO286qJLBWSPm-OIevwqsIsSIH44Qtm9sioFikhkbLwoqwWORGAY0nl6XvVOlhADdLjBSqSAeT1FPuCDCnXwzCDR8N9IFB_IjdStFkC-rVt2K5BYfPd0c3yFp_vHR15eRd0zJ8XQ7woBC8Vnsac6Et1pKS59pX6256DPWu8UDdEOolKAPgcd_g2NpA76cAaF_jcT80j9KrEzw8Tv0nJBGesuCjPNjGs_KzdkWTUXt23Hn9QJsdc1MZuaW0iqXBepHYfYoqNelzVte117t4BwVp0kUM6we0IqyXClaZgOI8S-WDBw2_Ovdm8e5NmhYAblEVoygcX8Y46oH6bKiaCQfKCFDMcRgChme7AoE1yZZYsPbaG_3IjPrC4LBMHQw8rM9dWjJ8ImjicvZ1pAm0dx-KHCP3y5PVKrxBDf1zSOsBRkOSjB8TPODnJMz6-jd5hTtZxpZPwPoIdCanTZ3ZD6uRBpTmDwtpRGm63UQs1m5FWPwb0T2IF0
	N string `json:"n,omitempty" yaml:"n,omitempty"`

	// p
	// Example: 6NbkXwDWUhi-eR55Cgbf27FkQDDWIamOaDr0rj1q0f1fFEz1W5A_09YvG09Fiv1AO2-D8Rl8gS1Vkz2i0zCSqnyy8A025XOcRviOMK7nIxE4OH_PEsko8dtIrb3TmE2hUXvCkmzw9EsTF1LQBOGC6iusLTXepIC1x9ukCKFZQvdgtEObQ5kzd9Nhq-cdqmSeMVLoxPLd1blviVT9Vm8-y12CtYpeJHOaIDtVPLlBhJiBoPKWg3vxSm4XxIliNOefqegIlsmTIa3MpS6WWlCK3yHhat0Q-rRxDxdyiVdG_wzJvp0Iw_2wms7pe-PgNPYvUWH9JphWP5K38YqEBiJFXQ
	P string `json:"p,omitempty" yaml:"p,omitempty"`

	// q
	// Example: 0A1FmpOWR91_RAWpqreWSavNaZb9nXeKiBo0DQGBz32DbqKqQ8S4aBJmbRhJcctjCLjain-ivut477tAUMmzJwVJDDq2MZFwC9Q-4VYZmFU4HJityQuSzHYe64RjN-E_NQ02TWhG3QGW6roq6c57c99rrUsETwJJiwS8M5p15Miuz53DaOjv-uqqFAFfywN5WkxHbraBcjHtMiQuyQbQqkCFh-oanHkwYNeytsNhTu2mQmwR5DR2roZ2nPiFjC6nsdk-A7E3S3wMzYYFw7jvbWWoYWo9vB40_MY2Y0FYQSqcDzcBIcq_0tnnasf3VW4Fdx6m80RzOb2Fsnln7vKXAQ
	Q string `json:"q,omitempty" yaml:"q,omitempty"`

	// qi
	// Example: GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU
	Qi string `json:"qi,omitempty" yaml:"qi,omitempty"`

	// Use ("public key use") identifies the intended use of
	// the public key. The "use" parameter is employed to indicate whether
	// a public key is used for encrypting data or verifying the signature
	// on data. Values are commonly "sig" (signature) or "enc" (encryption).
	// Example: sig
	Use string `json:"use,omitempty" yaml:"use,omitempty"`

	// x
	// Example: f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU
	X string `json:"x,omitempty" yaml:"x,omitempty"`

	// The "x5c" (X.509 certificate chain) parameter contains a chain of one
	// or more PKIX certificates [RFC5280].  The certificate chain is
	// represented as a JSON array of certificate value strings.  Each
	// string in the array is a base64-encoded (Section 4 of [RFC4648] --
	// not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
	// The PKIX certificate containing the key value MUST be the first
	// certificate.
	X5c []string `json:"x5c" yaml:"x5c"`

	// x5t
	// Example: GawgguFyGrWKav7AX4VKUg
	X5t string `json:"x5t,omitempty" yaml:"x5t,omitempty"`

	// x5t s256
	// Example: GawgguFyGrWKav7AX4VKUg
	X5tS256 string `json:"x5t#S256,omitempty" yaml:"x5t#S256,omitempty"`

	// y
	// Example: x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0
	Y string `json:"y,omitempty" yaml:"y,omitempty"`
}

type ClientJWKs struct {

	// keys
	// Example: []
	Keys []*ClientJWK `json:"keys" yaml:"keys"`
}

type ClientPrivacy struct {

	// optional privacy information mapping for scopes
	Scopes map[string]ScopePrivacyInformation `json:"scopes,omitempty" yaml:"scopes,omitempty"`
}

type ClientTokenExchangeConfiguration struct {

	// Additional actor token claims
	//
	// Claims from the actor token that will be injected into the exchanged token under the `act` claim.
	//
	// Applies for the token exchange delegation flow only.
	ActorClaims []string `json:"actor_claims" yaml:"actor_claims"`
}

type Clients struct {

	// clients
	Clients []*Client `json:"clients" yaml:"clients"`
}

type Confirmation struct {

	// jkt
	Jkt string `json:"jkt,omitempty" yaml:"jkt,omitempty"`

	// x5t s256
	X5tS256 string `json:"x5t#S256,omitempty" yaml:"x5t#S256,omitempty"`
}

type ConsentAccepted struct {

	// A URL to redirect the user.
	// It applies for the redirect flow only, i.e the consent page.
	// Example: https://authorization.cloudentity.com:8443/tenant/server/oauth2/authorize?client_id=bugkgm23g9kregtu051g\u0026consent_verified=true\u0026login_id=cavai7d8s9nelp7k792g\u0026login_state=cauq8fonbud6q8806bf0
	RedirectTo string `json:"redirect_to,omitempty" yaml:"redirect_to,omitempty"`
}

type ConsentRejected struct {

	// A URL to redirect the user.
	// It applies for the redirect flow only, i.e the consent page.
	// Example: https://authorization.cloudentity.com:8443/tenant/server/oauth2/authorize?client_id=bugkgm23g9kregtu051g\u0026consent_verified=true\u0026login_id=cavai7d8s9nelp7k792g\u0026login_state=cauq8fonbud6q8806bf0
	RedirectTo string `json:"redirect_to,omitempty" yaml:"redirect_to,omitempty"`
}

type ConsentStatus string

type ConsentsRemovedResponse struct {

	// number of consents removed
	NumberOfConsentsRemoved int64 `json:"number_of_consents_removed,omitempty" yaml:"number_of_consents_removed,omitempty"`
}

type ContactPerson struct {

	// company
	Company string `json:"Company,omitempty" yaml:"Company,omitempty"`

	// contact type
	ContactType string `json:"ContactType,omitempty" yaml:"ContactType,omitempty"`

	// email addresses
	EmailAddresses []string `json:"EmailAddresses" yaml:"EmailAddresses"`

	// given name
	GivenName string `json:"GivenName,omitempty" yaml:"GivenName,omitempty"`

	// sur name
	SurName string `json:"SurName,omitempty" yaml:"SurName,omitempty"`

	// telephone numbers
	TelephoneNumbers []string `json:"TelephoneNumbers" yaml:"TelephoneNumbers"`
}

type Duration int64

type DurationType string

type Element struct {

	// attr
	Attr []*Attr `json:"Attr" yaml:"Attr"`

	// child
	Child []*Token `json:"Child" yaml:"Child"`

	// space
	Space string `json:"Space,omitempty" yaml:"Space,omitempty"`
}

type EncryptionMethod struct {

	// algorithm
	Algorithm string `json:"Algorithm,omitempty" yaml:"Algorithm,omitempty"`
}

type Endpoint struct {

	// binding
	Binding string `json:"Binding,omitempty" yaml:"Binding,omitempty"`

	// location
	Location string `json:"Location,omitempty" yaml:"Location,omitempty"`

	// response location
	ResponseLocation string `json:"ResponseLocation,omitempty" yaml:"ResponseLocation,omitempty"`
}

type EntityDescriptor struct {

	// additional metadata locations
	AdditionalMetadataLocations []string `json:"AdditionalMetadataLocations" yaml:"AdditionalMetadataLocations"`

	// affiliation descriptor
	AffiliationDescriptor *AffiliationDescriptor `json:"AffiliationDescriptor,omitempty" yaml:"AffiliationDescriptor,omitempty"`

	// attribute authority descriptors
	AttributeAuthorityDescriptors []*AttributeAuthorityDescriptor `json:"AttributeAuthorityDescriptors" yaml:"AttributeAuthorityDescriptors"`

	// authn authority descriptors
	AuthnAuthorityDescriptors []*AuthnAuthorityDescriptor `json:"AuthnAuthorityDescriptors" yaml:"AuthnAuthorityDescriptors"`

	// cache duration
	CacheDuration Duration `json:"CacheDuration,omitempty" yaml:"CacheDuration,omitempty"`

	// contact person
	ContactPerson *ContactPerson `json:"ContactPerson,omitempty" yaml:"ContactPerson,omitempty"`

	// entity ID
	EntityID string `json:"EntityID,omitempty" yaml:"EntityID,omitempty"`

	// ID
	ID string `json:"ID,omitempty" yaml:"ID,omitempty"`

	// ID p s s o descriptors
	IDPSSODescriptors []*IDPSSODescriptor `json:"IDPSSODescriptors" yaml:"IDPSSODescriptors"`

	// organization
	Organization *Organization `json:"Organization,omitempty" yaml:"Organization,omitempty"`

	// p d p descriptors
	PDPDescriptors []*PDPDescriptor `json:"PDPDescriptors" yaml:"PDPDescriptors"`

	// role descriptors
	RoleDescriptors []*RoleDescriptor `json:"RoleDescriptors" yaml:"RoleDescriptors"`

	// s p s s o descriptors
	SPSSODescriptors []*SPSSODescriptor `json:"SPSSODescriptors" yaml:"SPSSODescriptors"`

	// signature
	Signature *Element `json:"Signature,omitempty" yaml:"Signature,omitempty"`

	// valid until
	// Format: date-time
	ValidUntil strfmt.DateTime `json:"ValidUntil,omitempty" yaml:"ValidUntil,omitempty"`

	// XML name
	XMLName *Name `json:"XMLName,omitempty" yaml:"XMLName,omitempty"`
}

type Error struct {

	// details
	Details interface{} `json:"details,omitempty" yaml:"details,omitempty"`

	// error
	Error string `json:"error,omitempty" yaml:"error,omitempty"`

	// error code
	ErrorCode string `json:"error_code,omitempty" yaml:"error_code,omitempty"`

	// status code
	StatusCode int64 `json:"status_code,omitempty" yaml:"status_code,omitempty"`
}

type FDXClientStatus string

type FDXMetadata struct {

	// Contact information of individuals responsible for the Data Recipient application.
	Contacts []string `json:"contacts" yaml:"contacts"`

	// The time window the end-user grants the consent for. Used when `duration_type`=`TIME_BOUND`.
	DurationPeriod int64 `json:"duration_period,omitempty" yaml:"duration_period,omitempty"`

	// The rule of consent granting by the end-user to indicate whether they must take action
	// to revoke access or the consent will be revoked automatically.
	//
	// One of: `ONE_TIME`, `PERSISTENT`, `TIME_BOUND`
	// Example: ONE_TIME
	DurationType []DurationType `json:"duration_type" yaml:"duration_type"`

	// An array of the intermediaries for this Data Recipient.
	Intermediaries []*Intermediary `json:"intermediaries" yaml:"intermediaries"`

	// The maximum number of days allowed for Data Recipient consumers to obtain in transaction history, effective from
	// the current date
	LookbackPeriod int64 `json:"lookback_period,omitempty" yaml:"lookback_period,omitempty"`

	// The list of external registries where the Data Recipient is registered. It comprises the following details:
	// name, identifier, and the `registry` string with any additional info.
	RegistryReferences []*RegistryReference `json:"registry_references" yaml:"registry_references"`

	// status
	Status FDXClientStatus `json:"status,omitempty" yaml:"status,omitempty"`
}

type GenericError struct {

	// error
	// Example: The requested resource could not be found
	// Required: true
	Error string `json:"error" yaml:"error"`

	// Code represents the error status code (404, 403, 401, ...).
	// Example: 404
	ErrorCode int64 `json:"error_code,omitempty" yaml:"error_code,omitempty"`

	// error hint
	// Example: Object with ID 12345 does not exist
	ErrorHint string `json:"error_hint,omitempty" yaml:"error_hint,omitempty"`
}

type GetCDRConsentResponse struct {

	// authentication context
	AuthenticationContext AuthenticationContext `json:"authentication_context,omitempty" yaml:"authentication_context,omitempty"`

	// cdr arrangement
	CdrArrangement *CDRArrangement `json:"cdr_arrangement,omitempty" yaml:"cdr_arrangement,omitempty"`

	// client info
	ClientInfo *ClientInfo `json:"client_info,omitempty" yaml:"client_info,omitempty"`

	// previous cdr arrangement
	PreviousCdrArrangement *CDRArrangement `json:"previous_cdr_arrangement,omitempty" yaml:"previous_cdr_arrangement,omitempty"`

	// List of requested scopes
	RequestedScopes []*RequestedScope `json:"requested_scopes" yaml:"requested_scopes"`

	// SecureAuth internal consent status.
	//
	// This parameter is deprecated. The `status` value is available in the `cdr_arrangement` >
	// `status` parameter received with the current response.
	// Example: AwaitingAuthorisation
	Status string `json:"status,omitempty" yaml:"status,omitempty"`

	// Subject identifying the authenticated user.
	// Depending on the workspace configuration, the value can be hashed.
	// Example: 377eb000a87a471291b5a9869930a2422c670b7b6a06f74143eb74a01ed2fbe1
	Subject string `json:"subject,omitempty" yaml:"subject,omitempty"`
}

type GrantedScopes []string

type IDPSSODescriptor struct {

	// artifact resolution services
	ArtifactResolutionServices []*Endpoint `json:"ArtifactResolutionServices" yaml:"ArtifactResolutionServices"`

	// assertion ID request services
	AssertionIDRequestServices []*Endpoint `json:"AssertionIDRequestServices" yaml:"AssertionIDRequestServices"`

	// attribute profiles
	AttributeProfiles []string `json:"AttributeProfiles" yaml:"AttributeProfiles"`

	// attributes
	Attributes []*Attribute `json:"Attributes" yaml:"Attributes"`

	// cache duration
	CacheDuration Duration `json:"CacheDuration,omitempty" yaml:"CacheDuration,omitempty"`

	// contact people
	ContactPeople []*ContactPerson `json:"ContactPeople" yaml:"ContactPeople"`

	// error URL
	ErrorURL string `json:"ErrorURL,omitempty" yaml:"ErrorURL,omitempty"`

	// ID
	ID string `json:"ID,omitempty" yaml:"ID,omitempty"`

	// key descriptors
	KeyDescriptors []*KeyDescriptor `json:"KeyDescriptors" yaml:"KeyDescriptors"`

	// manage name ID services
	ManageNameIDServices []*Endpoint `json:"ManageNameIDServices" yaml:"ManageNameIDServices"`

	// name ID formats
	NameIDFormats []NameIDFormat `json:"NameIDFormats" yaml:"NameIDFormats"`

	// name ID mapping services
	NameIDMappingServices []*Endpoint `json:"NameIDMappingServices" yaml:"NameIDMappingServices"`

	// organization
	Organization *Organization `json:"Organization,omitempty" yaml:"Organization,omitempty"`

	// protocol support enumeration
	ProtocolSupportEnumeration string `json:"ProtocolSupportEnumeration,omitempty" yaml:"ProtocolSupportEnumeration,omitempty"`

	// signature
	Signature *Element `json:"Signature,omitempty" yaml:"Signature,omitempty"`

	// single logout services
	SingleLogoutServices []*Endpoint `json:"SingleLogoutServices" yaml:"SingleLogoutServices"`

	// single sign on services
	SingleSignOnServices []*Endpoint `json:"SingleSignOnServices" yaml:"SingleSignOnServices"`

	// valid until
	// Format: date-time
	ValidUntil strfmt.DateTime `json:"ValidUntil,omitempty" yaml:"ValidUntil,omitempty"`

	// want authn requests signed
	WantAuthnRequestsSigned bool `json:"WantAuthnRequestsSigned,omitempty" yaml:"WantAuthnRequestsSigned,omitempty"`

	// XML name
	XMLName *Name `json:"XMLName,omitempty" yaml:"XMLName,omitempty"`
}

type IndexedEndpoint struct {

	// binding
	Binding string `json:"Binding,omitempty" yaml:"Binding,omitempty"`

	// index
	Index int64 `json:"Index,omitempty" yaml:"Index,omitempty"`

	// is default
	IsDefault bool `json:"IsDefault,omitempty" yaml:"IsDefault,omitempty"`

	// location
	Location string `json:"Location,omitempty" yaml:"Location,omitempty"`

	// response location
	ResponseLocation string `json:"ResponseLocation,omitempty" yaml:"ResponseLocation,omitempty"`
}

type Intermediary struct {

	// Array of strings representing ways to contact people responsible for this intermediary
	Contacts []string `json:"contacts" yaml:"contacts"`

	// A short description of the intermediary
	Description string `json:"description,omitempty" yaml:"description,omitempty"`

	// A URL string that references a logo for this intermediary
	LogoURI string `json:"logo_uri,omitempty" yaml:"logo_uri,omitempty"`

	// Name of intermediary party
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// Registry references for this intermediary
	RegistryReferences []*RegistryReference `json:"registry_references" yaml:"registry_references"`

	// A URL string of a web page providing information about the intermediary
	URI string `json:"uri,omitempty" yaml:"uri,omitempty"`
}

type IntrospectResponse struct {

	// Authentication context class reference
	Acr string `json:"acr,omitempty" yaml:"acr,omitempty"`

	// Actor claims used in the Token Exchange flow.
	Act map[string]interface{} `json:"act,omitempty" yaml:"act,omitempty"`

	// Active is a boolean indicator of whether or not the presented token
	// is currently active. The specifics of a token's `active` state
	// varies depending on the implementation of an authorization
	// server and the information it keeps about its token. Still, the `true`
	// value returned for the `active` property generally indicates
	// that a given token has been issued by this authorization server,
	// has not been revoked by the resource owner, and is within its
	// given time window of validity (e.g., between its issuance and
	// expiration time).
	Active bool `json:"active,omitempty" yaml:"active,omitempty"`

	// Authentication method references
	Amr []string `json:"amr" yaml:"amr"`

	// Audience contains the list of the audiences the token is intended for.
	Aud []string `json:"aud" yaml:"aud"`

	// Granted authorization details
	AuthorizationDetails []map[string]interface{} `json:"authorization_details" yaml:"authorization_details"`

	// A client application identifier for the OAuth 2.0 client that
	// requested this token.
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// cnf
	Cnf *Confirmation `json:"cnf,omitempty" yaml:"cnf,omitempty"`

	// ExpiredAt is the integer timestamp measured in the number of seconds
	// since January 1 1970 UTC (1970-01-01T00:00:00Z). It indicates when this token will expire.
	Exp int64 `json:"exp,omitempty" yaml:"exp,omitempty"`

	// Extra is arbitrary data set by the session.
	Ext map[string]interface{} `json:"ext,omitempty" yaml:"ext,omitempty"`

	// IssuedAt is the integer timestamp measured in the number of seconds
	// since January 1 1970 UTC. It indicates when this token was
	// originally issued.
	Iat int64 `json:"iat,omitempty" yaml:"iat,omitempty"`

	// The identifier of an identity provider that user authenticated with.
	Idp string `json:"idp,omitempty" yaml:"idp,omitempty"`

	// IDP subject
	IdpSub string `json:"idp_sub,omitempty" yaml:"idp_sub,omitempty"`

	// Issuer URL is a string representing the issuer of this token.
	Iss string `json:"iss,omitempty" yaml:"iss,omitempty"`

	// May act claims used in the Token Exchange flow.s
	MayAct map[string]interface{} `json:"may_act,omitempty" yaml:"may_act,omitempty"`

	// NotBefore is an integer timestamp measured in the number of seconds
	// since January 1 1970 UTC. It indicates this token was not
	// used before the specified time.
	Nbf int64 `json:"nbf,omitempty" yaml:"nbf,omitempty"`

	// Scope is a JSON string containing a space-separated list of
	// scopes associated with this token.
	Scope string `json:"scope,omitempty" yaml:"scope,omitempty"`

	// The OAuth 2.0 authorization server identifier that
	// issued this token.
	ServerID string `json:"server_id,omitempty" yaml:"server_id,omitempty"`

	// Subject of the token, as defined in JWT [RFC7519].
	// Usually a machine-readable identifier of the resource owner who
	// authorized this token.
	Sub string `json:"sub,omitempty" yaml:"sub,omitempty"`

	// TenantID identifies a tenant holding the authorization server that
	// issued this token.
	TenantID string `json:"tenant_id,omitempty" yaml:"tenant_id,omitempty"`

	// TokenType is the type of the introspected token. For example, `access_token` or `refresh_token`.
	TokenType string `json:"token_type,omitempty" yaml:"token_type,omitempty"`

	// Username is a human-readable identifier for the resource owner who
	// authorized this token.
	Username string `json:"username,omitempty" yaml:"username,omitempty"`
}

type KeyDescriptor struct {

	// encryption methods
	EncryptionMethods []*EncryptionMethod `json:"EncryptionMethods" yaml:"EncryptionMethods"`

	// key info
	KeyInfo *KeyInfo `json:"KeyInfo,omitempty" yaml:"KeyInfo,omitempty"`

	// use
	Use string `json:"Use,omitempty" yaml:"Use,omitempty"`
}

type KeyInfo struct {

	// x509 data
	X509Data *X509Data `json:"X509Data,omitempty" yaml:"X509Data,omitempty"`

	// XML name
	XMLName *Name `json:"XMLName,omitempty" yaml:"XMLName,omitempty"`
}

type ListCDRCustomerArrangementsFilter struct {

	// List of accounts.
	//
	// It can refer to user bank accounts the client application is allowed to access.
	Accounts []string `json:"accounts" yaml:"accounts"`

	// A consent identifier.
	//
	// Use it to navigate through the request pagination when the number of consents is greater than
	// the `limit` set for results in the response.
	//
	// With `after_consent_id`, the list you obtain starts from the subsequent consent after the specified one. Also,
	// the response depends on the `sort` and `order` parameters, if any are passed.
	AfterConsentID string `json:"after_consent_id,omitempty" yaml:"after_consent_id,omitempty"`

	// A consent identifier.
	//
	// Use it to navigate through the request pagination when the number of consents is greater than
	// the limit set for results in the response.
	//
	// With `before_consent_id`, the list you obtain comprises consents up to the specified one. The specified consent
	// isn't included. Also, the response depends on the `sort` and `order` parameters, if any are passed.
	BeforeConsentID string `json:"before_consent_id,omitempty" yaml:"before_consent_id,omitempty"`

	// A client identifier.
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// Limit the number of results returned in the response.
	// Maximum: 100
	// Minimum: 1
	Limit int64 `json:"limit,omitempty" yaml:"limit,omitempty"`

	// Input: `acs` or `desc`.
	//
	// Set the order of results returned in the response.
	Order string `json:"order,omitempty" yaml:"order,omitempty"`

	// Sort results returned in the response.
	Sort string `json:"sort,omitempty" yaml:"sort,omitempty"`

	// List of the consent statuses.
	Status []string `json:"status" yaml:"status"`

	// Consent types.
	//
	// in:query
	Types []string `json:"types" yaml:"types"`

	// Optional User id
	// UserID
	UserID string `json:"user_id,omitempty" yaml:"user_id,omitempty"`
}

type LocalizedName struct {

	// lang
	Lang string `json:"Lang,omitempty" yaml:"Lang,omitempty"`

	// value
	Value string `json:"Value,omitempty" yaml:"Value,omitempty"`
}

type LocalizedURI struct {

	// lang
	Lang string `json:"Lang,omitempty" yaml:"Lang,omitempty"`

	// value
	Value string `json:"Value,omitempty" yaml:"Value,omitempty"`
}

type Metadata map[string]interface{}

type Name struct {

	// space
	Space string `json:"Space,omitempty" yaml:"Space,omitempty"`
}

type NameID struct {

	// format
	Format string `json:"Format,omitempty" yaml:"Format,omitempty"`

	// name qualifier
	NameQualifier string `json:"NameQualifier,omitempty" yaml:"NameQualifier,omitempty"`

	// s p name qualifier
	SPNameQualifier string `json:"SPNameQualifier,omitempty" yaml:"SPNameQualifier,omitempty"`

	// s p provided ID
	SPProvidedID string `json:"SPProvidedID,omitempty" yaml:"SPProvidedID,omitempty"`

	// value
	Value string `json:"Value,omitempty" yaml:"Value,omitempty"`
}

type NameIDFormat string

type OBBRMetadata struct {

	// An array of hosts subscribed to Open Finance Webhook Notifications
	WebhookUris []string `json:"webhook_uris" yaml:"webhook_uris"`
}

type Organization struct {

	// organization display names
	OrganizationDisplayNames []*LocalizedName `json:"OrganizationDisplayNames" yaml:"OrganizationDisplayNames"`

	// organization names
	OrganizationNames []*LocalizedName `json:"OrganizationNames" yaml:"OrganizationNames"`

	// organization u r ls
	OrganizationURLs []*LocalizedURI `json:"OrganizationURLs" yaml:"OrganizationURLs"`
}

type PDPDescriptor struct {

	// assertion ID request services
	AssertionIDRequestServices []*Endpoint `json:"AssertionIDRequestServices" yaml:"AssertionIDRequestServices"`

	// authz services
	AuthzServices []*Endpoint `json:"AuthzServices" yaml:"AuthzServices"`

	// cache duration
	CacheDuration Duration `json:"CacheDuration,omitempty" yaml:"CacheDuration,omitempty"`

	// contact people
	ContactPeople []*ContactPerson `json:"ContactPeople" yaml:"ContactPeople"`

	// error URL
	ErrorURL string `json:"ErrorURL,omitempty" yaml:"ErrorURL,omitempty"`

	// ID
	ID string `json:"ID,omitempty" yaml:"ID,omitempty"`

	// key descriptors
	KeyDescriptors []*KeyDescriptor `json:"KeyDescriptors" yaml:"KeyDescriptors"`

	// name ID formats
	NameIDFormats []NameIDFormat `json:"NameIDFormats" yaml:"NameIDFormats"`

	// organization
	Organization *Organization `json:"Organization,omitempty" yaml:"Organization,omitempty"`

	// protocol support enumeration
	ProtocolSupportEnumeration string `json:"ProtocolSupportEnumeration,omitempty" yaml:"ProtocolSupportEnumeration,omitempty"`

	// signature
	Signature *Element `json:"Signature,omitempty" yaml:"Signature,omitempty"`

	// valid until
	// Format: date-time
	ValidUntil strfmt.DateTime `json:"ValidUntil,omitempty" yaml:"ValidUntil,omitempty"`
}