{"Scopes define permissions and access levels for API requests and authentication tokens."}
true promotes to a domain-level connection so that
third-party applications can use it. false does not
promote the connection, so only first-party applications with the
connection enabled can use it. (Defaults to false.)
show_as_button:
type: boolean
description: >-
Enables showing a button for the connection in the login page (new
experience only). If false, it will be usable only by HRD. (Defaults
to false.)
realms:
type: array
description: >-
Defines the realms for which the connection will be used (ie: email
domains). If the array is empty or the property is not specified,
the connection name will be added as realm.
items:
type: string
description: The realm where this connection belongs
format: connection-realm
metadata:
$ref: '#/components/schemas/ConnectionsMetadata'
authentication:
$ref: '#/components/schemas/ConnectionAuthenticationPurpose'
x-release-lifecycle: GA
connected_accounts:
$ref: '#/components/schemas/ConnectionConnectedAccountsPurpose'
x-release-lifecycle: GA
cross_app_access_requesting_app:
$ref: '#/components/schemas/CrossAppAccessRequestingApp'
x-release-lifecycle: EA
CreateConnectionResponseContent:
type: object
additionalProperties: false
properties:
name:
type: string
description: The name of the connection
default: My connection
display_name:
type: string
description: Connection name used in login screen
options:
$ref: '#/components/schemas/ConnectionOptions'
id:
type: string
description: The connection's identifier
default: con_0000000000000001
strategy:
type: string
description: The type of the connection, related to the identity provider
default: auth0
realms:
type: array
description: >-
Defines the realms for which the connection will be used (ie: email
domains). If the array is empty or the property is not specified,
the connection name will be added as realm.
items:
type: string
description: The realm where this connection belongs
format: connection-realm
enabled_clients:
type: array
description: >-
DEPRECATED property. Use the GET /connections/:id/clients endpoint
to get the ids of the clients for which the connection is enabled
x-release-lifecycle: deprecated
items:
type: string
description: The client id
is_domain_connection:
type: boolean
description: True if the connection is domain level
show_as_button:
type: boolean
description: >-
Enables showing a button for the connection in the login page (new
experience only). If false, it will be usable only by HRD.
metadata:
$ref: '#/components/schemas/ConnectionsMetadata'
authentication:
$ref: '#/components/schemas/ConnectionAuthenticationPurpose'
x-release-lifecycle: GA
connected_accounts:
$ref: '#/components/schemas/ConnectionConnectedAccountsPurpose'
x-release-lifecycle: GA
cross_app_access_requesting_app:
$ref: '#/components/schemas/CrossAppAccessRequestingApp'
x-release-lifecycle: EA
ConnectionIdentityProviderEnum:
type: string
description: The identity provider identifier for the connection
enum:
- ad
- adfs
- amazon
- apple
- dropbox
- bitbucket
- auth0-oidc
- auth0
- baidu
- bitly
- box
- custom
- daccount
- dwolla
- email
- evernote-sandbox
- evernote
- exact
- facebook
- fitbit
- github
- google-apps
- google-oauth2
- instagram
- ip
- line
- linkedin
- oauth1
- oauth2
- office365
- oidc
- okta
- paypal
- paypal-sandbox
- pingfederate
- planningcenter
- salesforce-community
- salesforce-sandbox
- salesforce
- samlp
- sharepoint
- shopify
- shop
- sms
- soundcloud
- thirtysevensignals
- twitter
- untappd
- vkontakte
- waad
- weibo
- windowslive
- wordpress
- yahoo
- yandex
ConnectionPropertiesOptions:
type: object
description: The connection's options (depend on the connection strategy)
additionalProperties: true
properties:
validation:
$ref: '#/components/schemas/ConnectionValidationOptions'
non_persistent_attrs:
type:
- array
- 'null'
description: >-
An array of user fields that should not be stored in the Auth0
database (https://auth0.com/docs/security/data-security/denylist)
items:
type: string
precedence:
type: array
description: >-
Order of precedence for attribute types. If the property is not
specified, the default precedence of attributes will be used.
minItems: 3
items:
$ref: '#/components/schemas/ConnectionIdentifierPrecedenceEnum'
attributes:
$ref: '#/components/schemas/ConnectionAttributes'
enable_script_context:
type: boolean
description: >-
Set to true to inject context into custom DB scripts (warning:
cannot be disabled once enabled)
enabledDatabaseCustomization:
type: boolean
description: Set to true to use a legacy user store
import_mode:
type: boolean
description: >-
Enable this if you have a legacy user store and you want to
gradually migrate those users to the Auth0 user store
configuration:
type:
- object
- 'null'
description: Stores encrypted string only configurations for connections
additionalProperties:
type:
- string
- 'null'
customScripts:
$ref: '#/components/schemas/ConnectionCustomScripts'
authentication_methods:
$ref: '#/components/schemas/ConnectionAuthenticationMethods'
passkey_options:
$ref: '#/components/schemas/ConnectionPasskeyOptions'
passwordPolicy:
$ref: '#/components/schemas/ConnectionPasswordPolicyEnum'
password_complexity_options:
$ref: '#/components/schemas/ConnectionPasswordComplexityOptions'
password_history:
$ref: '#/components/schemas/ConnectionPasswordHistoryOptions'
password_no_personal_info:
$ref: '#/components/schemas/ConnectionPasswordNoPersonalInfoOptions'
password_dictionary:
$ref: '#/components/schemas/ConnectionPasswordDictionaryOptions'
api_enable_users:
type: boolean
api_enable_groups:
type: boolean
x-release-lifecycle: EA
basic_profile:
type: boolean
ext_admin:
type: boolean
ext_is_suspended:
type: boolean
ext_agreed_terms:
type: boolean
ext_groups:
type: boolean
ext_assigned_plans:
type: boolean
ext_profile:
type: boolean
disable_self_service_change_password:
type: boolean
upstream_params:
$ref: '#/components/schemas/ConnectionUpstreamParams'
set_user_root_attributes:
$ref: '#/components/schemas/ConnectionSetUserRootAttributesEnum'
gateway_authentication:
$ref: '#/components/schemas/ConnectionGatewayAuthentication'
federated_connections_access_tokens:
$ref: '#/components/schemas/ConnectionFederatedConnectionsAccessTokens'
password_options:
$ref: '#/components/schemas/ConnectionPasswordOptions'
assertion_decryption_settings:
$ref: '#/components/schemas/ConnectionAssertionDecryptionSettings'
id_token_signed_response_algs:
$ref: '#/components/schemas/ConnectionIdTokenSignedResponseAlgs'
dpop_signing_alg:
$ref: '#/components/schemas/ConnectionDpopSigningAlgEnum'
token_endpoint_auth_method:
$ref: '#/components/schemas/ConnectionTokenEndpointAuthMethodEnum'
token_endpoint_auth_signing_alg:
$ref: '#/components/schemas/ConnectionTokenEndpointAuthSigningAlgEnum'
token_endpoint_jwtca_aud_format:
$ref: '#/components/schemas/ConnectionTokenEndpointJwtcaAudFormatEnumOIDC'
id_token_session_expiry_supported:
$ref: '#/components/schemas/ConnectionIdTokenSessionExpirySupported'
ConnectionsMetadata:
type: object
description: >-
Metadata associated with the connection in the form of an object with
string values (max 255 chars). Maximum of 10 metadata properties
allowed.
additionalProperties:
type:
- string
- 'null'
maxLength: 255
maxProperties: 10
ConnectionAuthenticationPurpose:
type: object
description: >-
Configure the purpose of a connection to be used for authentication
during login.
additionalProperties: false
required:
- active
x-release-lifecycle: GA
properties:
active:
type: boolean
ConnectionConnectedAccountsPurpose:
type: object
description: >-
Configure the purpose of a connection to be used for connected accounts
and Token Vault.
additionalProperties: false
required:
- active
x-release-lifecycle: GA
properties:
active:
type: boolean
cross_app_access:
type: boolean
CrossAppAccessRequestingApp:
type: object
description: >-
Configure the connection to be used as a Requesting Application for
Cross App Access.
additionalProperties: false
required:
- active
x-release-lifecycle: EA
properties:
active:
type: boolean
description: >-
Set to `true` to enable the connection as a Requesting Application
for Cross App Access.
ConnectionOptions:
type: object
description: >-
In order to return options in the response, the
`read:connections_options` scope must be present
additionalProperties: true
ConnectionValidationOptions:
type:
- object
- 'null'
description: Options for validation
additionalProperties: false
properties:
username:
$ref: '#/components/schemas/ConnectionUsernameValidationOptions'
ConnectionIdentifierPrecedenceEnum:
type: string
description: Order of precedence for attribute types
enum:
- email
- phone_number
- username
ConnectionAttributes:
type: object
description: Attribute configuration
additionalProperties: false
minProperties: 1
properties:
email:
$ref: '#/components/schemas/EmailAttribute'
phone_number:
$ref: '#/components/schemas/PhoneAttribute'
username:
$ref: '#/components/schemas/UsernameAttribute'
ConnectionCustomScripts:
type: object
description: A map of scripts used to integrate with a custom database.
additionalProperties: true
properties:
login:
type: string
minLength: 1
get_user:
type: string
minLength: 1
delete:
type: string
minLength: 1
change_password:
type: string
minLength: 1
verify:
type: string
minLength: 1
create:
type: string
minLength: 1
change_username:
type: string
minLength: 1
change_email:
type: string
minLength: 1
change_phone_number:
type: string
minLength: 1
ConnectionAuthenticationMethods:
type:
- object
- 'null'
description: Options for enabling authentication methods.
additionalProperties: false
properties:
password:
$ref: '#/components/schemas/ConnectionPasswordAuthenticationMethod'
passkey:
$ref: '#/components/schemas/ConnectionPasskeyAuthenticationMethod'
email_otp:
$ref: '#/components/schemas/ConnectionEmailOtpAuthenticationMethod'
x-release-lifecycle: EA
phone_otp:
$ref: '#/components/schemas/ConnectionPhoneOtpAuthenticationMethod'
x-release-lifecycle: EA
ConnectionPasskeyOptions:
type:
- object
- 'null'
description: Options for the passkey authentication method
additionalProperties: false
properties:
challenge_ui:
$ref: '#/components/schemas/ConnectionPasskeyChallengeUIEnum'
progressive_enrollment_enabled:
type: boolean
description: >-
Enables or disables progressive enrollment of passkeys for the
connection.
local_enrollment_enabled:
type: boolean
description: >-
Enables or disables enrollment prompt for local passkey when user
authenticates using a cross-device passkey for the connection.
ConnectionPasswordPolicyEnum:
type:
- string
- 'null'
description: Password strength level
enum:
- none
- low
- fair
- good
- excellent
- null
ConnectionPasswordComplexityOptions:
type:
- object
- 'null'
description: Password complexity options
additionalProperties: false
properties:
min_length:
type: integer
description: Minimum password length
minimum: 1
maximum: 128
ConnectionPasswordHistoryOptions:
type:
- object
- 'null'
description: Options for password history policy
additionalProperties: false
required:
- enable
properties:
enable:
type: boolean
size:
type: integer
minimum: 0
maximum: 24
ConnectionPasswordNoPersonalInfoOptions:
type:
- object
- 'null'
description: Options for personal info in passwords policy
additionalProperties: false
required:
- enable
properties:
enable:
type: boolean
ConnectionPasswordDictionaryOptions:
type:
- object
- 'null'
description: Options for password dictionary policy
additionalProperties: false
required:
- enable
properties:
enable:
type: boolean
dictionary:
type: array
description: Custom Password Dictionary. An array of up to 200 entries.
items:
type: string
description: Custom Password Dictionary entry. 50 characters max.
maxLength: 50
ConnectionUpstreamParams:
type:
- object
- 'null'
description: Options for adding parameters in the request to the upstream IdP
additionalProperties:
$ref: '#/components/schemas/ConnectionUpstreamAdditionalProperties'
ConnectionSetUserRootAttributesEnum:
type: string
description: >-
When using an external IdP, this flag determines whether 'name',
'given_name', 'family_name', 'nickname', and 'picture' attributes are
updated. In addition, it also determines whether the user is created
when user doesnt exist previously. Possible values are 'on_each_login'
(default value, it configures the connection to automatically create the
user if necessary and update the root attributes from the external IdP
with each user login. When this setting is used, root attributes cannot
be independently updated), 'on_first_login' (configures the connection
to create the user and set the root attributes on first login only,
allowing them to be independently updated thereafter), and
'never_on_login' (configures the connection not to create the user and
not to set the root attributes from the external IdP, allowing them to
be independently updated).
default: on_each_login
enum:
- on_each_login
- on_first_login
- never_on_login
ConnectionGatewayAuthentication:
type:
- object
- 'null'
description: >-
Token-based authentication settings to be applied when connection is
using an sms strategy.
additionalProperties: true
required:
- method
- audience
- secret
properties:
method:
type: string
description: The Authorization header type.
subject:
type: string
description: The subject to be added to the JWT payload.
audience:
type: string
description: The audience to be added to the JWT payload.
secret:
type: string
description: The secret to be used for signing tokens.
secret_base64_encoded:
type: boolean
description: Set to true if the provided secret is base64 encoded.
ConnectionFederatedConnectionsAccessTokens:
type:
- object
- 'null'
description: Federated Connections Access Tokens
additionalProperties: false
properties:
active:
type: boolean
description: >-
Enables refresh tokens and access tokens collection for federated
connections
ConnectionPasswordOptions:
type: object
description: Password policy options for flexible password policy configuration
additionalProperties: false
properties:
complexity:
$ref: '#/components/schemas/ConnectionPasswordOptionsComplexity'
dictionary:
$ref: '#/components/schemas/ConnectionPasswordOptionsDictionary'
history:
$ref: '#/components/schemas/ConnectionPasswordOptionsHistory'
profile_data:
$ref: '#/components/schemas/ConnectionPasswordOptionsProfileData'
ConnectionAssertionDecryptionSettings:
type: object
description: Settings for SAML assertion decryption.
additionalProperties: false
required:
- algorithm_profile
properties:
algorithm_profile:
$ref: >-
#/components/schemas/ConnectionAssertionDecryptionAlgorithmProfileEnum
algorithm_exceptions:
type: array
description: >-
A list of insecure algorithms to allow for SAML assertion
decryption.
items:
type: string
minLength: 1
maxLength: 100
ConnectionIdTokenSignedResponseAlgs:
description: List of algorithms allowed to verify the ID tokens.
type:
- array
- 'null'
items:
$ref: '#/components/schemas/ConnectionIdTokenSignedResponseAlgEnum'
x-merge-priority: -5
ConnectionDpopSigningAlgEnum:
type: string
description: Algorithm used for DPoP proof JWT signing.
enum:
- ES256
- ES384
- ES512
- Ed25519
x-merge-priority: -5
ConnectionTokenEndpointAuthMethodEnum:
type:
- string
- 'null'
description: >-
Authentication method used at the identity provider's token endpoint.
'client_secret_post' sends credentials in the request body;
'private_key_jwt' uses a signed JWT assertion for enhanced security.
enum:
- client_secret_post
- private_key_jwt
x-merge-priority: -5
ConnectionTokenEndpointAuthSigningAlgEnum:
type:
- string
- 'null'
description: Algorithm used to sign client_assertions.
enum:
- ES256
- ES384
- PS256
- PS384
- RS256
- RS384
- RS512
x-merge-priority: -5
ConnectionTokenEndpointJwtcaAudFormatEnumOIDC:
type: string
description: >-
Specifies the format of the aud (audience) claim included in the JWT
used for client authentication at the token endpoint. Accepted values
are: 'issuer' (the aud claim is set to the OIDC issuer URL) or
'token_endpoint' (the aud claim is set to the token endpoint URL).
enum:
- issuer
- token_endpoint
x-merge-priority: -5
ConnectionIdTokenSessionExpirySupported:
type: boolean
description: >-
Indicates whether the identity provider supports session expiry via the
id_token. If true, the system will use the session_expiry claim in the
id_token to determine session expiry.
x-release-lifecycle: GA
x-merge-priority: -5
ConnectionUsernameValidationOptions:
type:
- object
- 'null'
additionalProperties: false
required:
- max
- min
properties:
min:
type: integer
minimum: 1
max:
type: integer
maximum: 128
EmailAttribute:
type: object
description: Configuration for the email attribute for users.
additionalProperties: false
properties:
identifier:
$ref: '#/components/schemas/EmailAttributeIdentifier'
unique:
type: boolean
description: Determines if the attribute is unique in a given connection
profile_required:
type: boolean
description: Determines if property should be required for users
verification_method:
$ref: '#/components/schemas/VerificationMethodEnum'
signup:
$ref: '#/components/schemas/SignupVerified'
PhoneAttribute:
type: object
description: Configuration for the phone number attribute for users.
additionalProperties: false
properties:
identifier:
$ref: '#/components/schemas/PhoneAttributeIdentifier'
profile_required:
type: boolean
description: Determines if property should be required for users
signup:
$ref: '#/components/schemas/SignupVerified'
UsernameAttribute:
type: object
description: Configuration for the username attribute for users.
additionalProperties: false
properties:
identifier:
$ref: '#/components/schemas/UsernameAttributeIdentifier'
profile_required:
type: boolean
description: Determines if property should be required for users
signup:
$ref: '#/components/schemas/SignupSchema'
validation:
$ref: '#/components/schemas/UsernameValidation'
ConnectionPasswordAuthenticationMethod:
type: object
description: Password authentication enablement
additionalProperties: false
properties:
enabled:
type: boolean
description: Determines whether passwords are enabled
api_behavior:
$ref: '#/components/schemas/ConnectionApiBehaviorEnum'
x-release-lifecycle: EA
signup_behavior:
$ref: '#/components/schemas/ConnectionSignupBehaviorEnum'
x-release-lifecycle: EA
ConnectionPasskeyAuthenticationMethod:
type: object
description: Passkey authentication enablement
additionalProperties: false
properties:
enabled:
type: boolean
description: Determines whether passkeys are enabled
ConnectionEmailOtpAuthenticationMethod:
type: object
description: Email OTP authentication enablement
additionalProperties: false
x-release-lifecycle: EA
properties:
enabled:
type: boolean
description: Determines whether email OTP is enabled
ConnectionPhoneOtpAuthenticationMethod:
type: object
description: Phone OTP authentication enablement
additionalProperties: false
x-release-lifecycle: EA
properties:
enabled:
type: boolean
description: Determines whether phone OTP is enabled
ConnectionPasskeyChallengeUIEnum:
type: string
description: Controls the UI used to challenge the user for their passkey.
enum:
- both
- autofill
- button
ConnectionUpstreamAdditionalProperties:
type: object
oneOf:
- $ref: '#/components/schemas/ConnectionUpstreamAlias'
- $ref: '#/components/schemas/ConnectionUpstreamValue'
ConnectionPasswordOptionsComplexity:
type: object
description: Password complexity requirements configuration
additionalProperties: false
properties:
min_length:
type: integer
description: Minimum password length required (1-72 characters)
minimum: 1
maximum: 72
character_types:
type: array
description: >-
Required character types that must be present in passwords. Valid
options: uppercase, lowercase, number, special
items:
$ref: '#/components/schemas/PasswordCharacterTypeEnum'
character_type_rule:
$ref: '#/components/schemas/PasswordCharacterTypeRulePolicyEnum'
identical_characters:
$ref: '#/components/schemas/PasswordIdenticalCharactersPolicyEnum'
sequential_characters:
$ref: '#/components/schemas/PasswordSequentialCharactersPolicyEnum'
max_length_exceeded:
$ref: '#/components/schemas/PasswordMaxLengthExceededPolicyEnum'
ConnectionPasswordOptionsDictionary:
type: object
description: Dictionary-based password restriction policy to prevent common passwords
additionalProperties: false
properties:
active:
type: boolean
description: >-
Enables dictionary checking to prevent use of common passwords and
custom blocked words
custom:
type: array
description: >-
Array of custom words to block in passwords. Maximum 200 items, each
up to 50 characters
items:
type: string
maxLength: 50
default:
$ref: '#/components/schemas/PasswordDefaultDictionariesEnum'
ConnectionPasswordOptionsHistory:
type: object
description: Password history policy configuration to prevent password reuse
additionalProperties: false
properties:
active:
type: boolean
description: >-
Enables password history checking to prevent users from reusing
recent passwords
size:
type: integer
description: Number of previous passwords to remember and prevent reuse (1-24)
minimum: 1
maximum: 24
ConnectionPasswordOptionsProfileData:
type: object
description: >-
Personal information restriction policy to prevent use of profile data
in passwords
additionalProperties: false
properties:
active:
type: boolean
description: >-
Prevents users from including profile data (like name, email) in
their passwords
blocked_fields:
type: array
description: Blocked profile fields. An array of up to 12 entries.
items:
type: string
description: Blocked profile fields entry. 100 characters max.
maxLength: 100
ConnectionAssertionDecryptionAlgorithmProfileEnum:
type: string
description: The algorithm profile to use for decrypting SAML assertions.
enum:
- v2026-1
ConnectionIdTokenSignedResponseAlgEnum:
description: Algorithm allowed to verify the ID tokens.
type: string
enum:
- ES256
- ES384
- PS256
- PS384
- RS256
- RS384
- RS512
x-merge-priority: -5
EmailAttributeIdentifier:
type: object
additionalProperties: false
properties:
active:
type: boolean
description: Determines if the attribute is used for identification
default_method:
$ref: '#/components/schemas/DefaultMethodEmailIdentifierEnum'
x-release-lifecycle: EA
VerificationMethodEnum:
type: string
enum:
- link
- otp
SignupVerified:
type: object
additionalProperties: false
properties:
status:
$ref: '#/components/schemas/SignupStatusEnum'
verification:
$ref: '#/components/schemas/SignupVerification'
PhoneAttributeIdentifier:
type: object
additionalProperties: false
properties:
active:
type: boolean
description: Determines if the attribute is used for identification
default_method:
$ref: '#/components/schemas/DefaultMethodPhoneNumberIdentifierEnum'
x-release-lifecycle: EA
UsernameAttributeIdentifier:
type: object
additionalProperties: false
properties:
active:
type: boolean
description: Determines if the attribute is used for identification
SignupSchema:
type: object
additionalProperties: false
properties:
status:
$ref: '#/components/schemas/SignupStatusEnum'
UsernameValidation:
type: object
additionalProperties: false
properties:
min_length:
type: number
description: Minimum allowed length
minimum: 1
maximum: 128
max_length:
type: number
description: Maximum allowed length
minimum: 1
maximum: 128
allowed_types:
$ref: '#/components/schemas/UsernameAllowedTypes'
ConnectionApiBehaviorEnum:
type: string
description: Specifies the API behavior for password authentication
enum:
- required
- optional
x-release-lifecycle: EA
ConnectionSignupBehaviorEnum:
type: string
description: Specifies the signup behavior for password authentication
enum:
- allow
- block
x-release-lifecycle: EA
ConnectionUpstreamAlias:
type: object
additionalProperties: false
properties:
alias:
$ref: '#/components/schemas/ConnectionUpstreamAliasEnum'
ConnectionUpstreamValue:
type: object
additionalProperties: false
properties:
value:
type: string
PasswordCharacterTypeEnum:
type: string
enum:
- uppercase
- lowercase
- number
- special
PasswordCharacterTypeRulePolicyEnum:
type: string
description: >-
When enabled, passwords must contain at least 3 out of 4 character
types. Can only be enabled when all 4 character types are specified
enum:
- all
- three_of_four
PasswordIdenticalCharactersPolicyEnum:
type: string
description: >-
Controls whether identical consecutive characters are allowed in
passwords
enum:
- allow
- block
PasswordSequentialCharactersPolicyEnum:
type: string
description: Controls whether sequential characters are allowed in passwords
enum:
- allow
- block
PasswordMaxLengthExceededPolicyEnum:
type: string
description: >-
Controls whether passwords that exceed the maximum length are truncated
or rejected
enum:
- truncate
- error
PasswordDefaultDictionariesEnum:
type: string
description: >-
Default dictionary to use for password validation. Options: "en_10k"
(10,000 common words) or "en_100k" (100,000 common words)
enum:
- en_10k
- en_100k
DefaultMethodEmailIdentifierEnum:
type: string
description: Default authentication method for email identifier
enum:
- password
- email_otp
x-release-lifecycle: EA
SignupStatusEnum:
type: string
enum:
- required
- optional
- inactive
SignupVerification:
type: object
additionalProperties: false
properties:
active:
type: boolean
DefaultMethodPhoneNumberIdentifierEnum:
type: string
description: Default authentication method for phone_number identifier
enum:
- password
- phone_otp
x-release-lifecycle: EA
UsernameAllowedTypes:
type: object
additionalProperties: false
properties:
email:
type: boolean
phone_number:
type: boolean
ConnectionUpstreamAliasEnum:
type: string
enum:
- acr_values
- audience
- client_id
- display
- id_token_hint
- login_hint
- max_age
- prompt
- resource
- response_mode
- response_type
- ui_locales
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: jwt
oAuth2ClientCredentials:
type: oauth2
flows:
clientCredentials:
tokenUrl: /oauth/token/
x-form-parameters:
audience: /api/v2/
scopes:
create:actions: Create Actions
read:actions: Read Actions
update:actions: Update Actions
delete:actions: Delete Actions
read:anomaly_blocks: Read Anomaly Blocks
delete:anomaly_blocks: Delete Anomaly Blocks
read:attack_protection: Read Attack Protection
update:attack_protection: Update Attack Protection
create:authentication_methods: Create Authentication Methods
read:authentication_methods: Read Authentication Methods
update:authentication_methods: Update Authentication Methods
delete:authentication_methods: Delete Authentication Methods
read:branding: Read Branding
update:branding: Update Branding
delete:branding: Delete Branding
create:client_credentials: Create Client Credentials
read:client_credentials: Read Client Credentials
update:client_credentials: Update Client Credentials
delete:client_credentials: Delete Client Credentials
create:client_grants: Create Client Grants
read:client_grants: Read Client Grants
update:client_grants: Update Client Grants
delete:client_grants: Delete Client Grants
read:client_keys: Read Client Keys
update:client_keys: Update Client Keys
read:client_summary: Read Client Summary
update:client_token_vault_privileged_access: Update Client Token Vault Privileged Access
create:clients: Create Clients
read:clients: Read Clients
update:clients: Update Clients
delete:clients: Delete Clients
create:connection_profiles: Create Connection Profiles
read:connection_profiles: Read Connection Profiles
update:connection_profiles: Update Connection Profiles
delete:connection_profiles: Delete Connection Profiles
create:connections: Create Connections
read:connections: Read Connections
update:connections: Update Connections
delete:connections: Delete Connections
create:connections_keys: Create Connections Keys
read:connections_keys: Read Connections Keys
update:connections_keys: Update Connections Keys
read:current_user: Read Current User
delete:current_user: Delete Current User
create:current_user_device_credentials: Create Current User Device Credentials
delete:current_user_device_credentials: Delete Current User Device Credentials
update:current_user_identities: Update Current User Identities
update:current_user_metadata: Update Current User Metadata
create:custom_domains: Create Custom Domains
read:custom_domains: Read Custom Domains
update:custom_domains: Update Custom Domains
delete:custom_domains: Delete Custom Domains
create:custom_signing_keys: Create Custom Signing Keys
read:custom_signing_keys: Read Custom Signing Keys
update:custom_signing_keys: Update Custom Signing Keys
delete:custom_signing_keys: Delete Custom Signing Keys
read:device_credentials: Read Device Credentials
delete:device_credentials: Delete Device Credentials
create:directory_provisionings: Create Directory Provisionings
read:directory_provisionings: Read Directory Provisionings
update:directory_provisionings: Update Directory Provisionings
delete:directory_provisionings: Delete Directory Provisionings
create:email_provider: Create Email Provider
read:email_provider: Read Email Provider
update:email_provider: Update Email Provider
delete:email_provider: Delete Email Provider
create:email_templates: Create Email Templates
read:email_templates: Read Email Templates
update:email_templates: Update Email Templates
create:encryption_keys: Create Encryption Keys
read:encryption_keys: Read Encryption Keys
update:encryption_keys: Update Encryption Keys
delete:encryption_keys: Delete Encryption Keys
read:event_deliveries: Read Event Deliveries
update:event_deliveries: Update Event Deliveries
create:event_streams: Create Event Streams
read:event_streams: Read Event Streams
update:event_streams: Update Event Streams
delete:event_streams: Delete Event Streams
read:events: Read Events
create:experimentation: Create Experimentation
read:experimentation: Read Experimentation
update:experimentation: Update Experimentation
delete:experimentation: Delete Experimentation
read:federated_connections_tokens: Read Federated Connections Tokens
delete:federated_connections_tokens: Delete Federated Connections Tokens
create:flows: Create Flows
read:flows: Read Flows
update:flows: Update Flows
delete:flows: Delete Flows
read:flows_executions: Read Flows Executions
delete:flows_executions: Delete Flows Executions
create:flows_vault_connections: Create Flows Vault Connections
read:flows_vault_connections: Read Flows Vault Connections
update:flows_vault_connections: Update Flows Vault Connections
delete:flows_vault_connections: Delete Flows Vault Connections
create:forms: Create Forms
read:forms: Read Forms
update:forms: Update Forms
delete:forms: Delete Forms
read:grants: Read Grants
delete:grants: Delete Grants
read:group_members: Read Group Members
create:group_roles: Create Group Roles
read:group_roles: Read Group Roles
delete:group_roles: Delete Group Roles
read:groups: Read Groups
delete:groups: Delete Groups
create:guardian_enrollment_tickets: Create Guardian Enrollment Tickets
read:guardian_enrollments: Read Guardian Enrollments
delete:guardian_enrollments: Delete Guardian Enrollments
read:guardian_factors: Read Guardian Factors
update:guardian_factors: Update Guardian Factors
create:hooks: Create Hooks
read:hooks: Read Hooks
update:hooks: Update Hooks
delete:hooks: Delete Hooks
create:log_streams: Create Log Streams
read:log_streams: Read Log Streams
update:log_streams: Update Log Streams
delete:log_streams: Delete Log Streams
read:logs: Read Logs
read:logs_users: Read Logs Users
read:mfa_policies: Read Mfa Policies
update:mfa_policies: Update Mfa Policies
create:network_acls: Create Network Acls
read:network_acls: Read Network Acls
update:network_acls: Update Network Acls
delete:network_acls: Delete Network Acls
create:organization_client_grants: Create Organization Client Grants
read:organization_client_grants: Read Organization Client Grants
delete:organization_client_grants: Delete Organization Client Grants
create:organization_connections: Create Organization Connections
read:organization_connections: Read Organization Connections
update:organization_connections: Update Organization Connections
delete:organization_connections: Delete Organization Connections
create:organization_discovery_domains: Create Organization Discovery Domains
read:organization_discovery_domains: Read Organization Discovery Domains
update:organization_discovery_domains: Update Organization Discovery Domains
delete:organization_discovery_domains: Delete Organization Discovery Domains
create:organization_group_roles: Create Organization Group Roles
read:organization_group_roles: Read Organization Group Roles
delete:organization_group_roles: Delete Organization Group Roles
read:organization_groups: Read Organization Groups
create:organization_invitations: Create Organization Invitations
read:organization_invitations: Read Organization Invitations
delete:organization_invitations: Delete Organization Invitations
read:organization_member_effective_roles: Read Organization Member Effective Roles
read:organization_member_role_source_groups: Read Organization Member Role Source Groups
create:organization_member_roles: Create Organization Member Roles
read:organization_member_roles: Read Organization Member Roles
delete:organization_member_roles: Delete Organization Member Roles
create:organization_members: Create Organization Members
read:organization_members: Read Organization Members
delete:organization_members: Delete Organization Members
create:organizations: Create Organizations
read:organizations: Read Organizations
update:organizations: Update Organizations
delete:organizations: Delete Organizations
read:organizations_summary: Read Organizations Summary
create:phone_providers: Create Phone Providers
read:phone_providers: Read Phone Providers
update:phone_providers: Update Phone Providers
delete:phone_providers: Delete Phone Providers
create:phone_templates: Create Phone Templates
read:phone_templates: Read Phone Templates
update:phone_templates: Update Phone Templates
delete:phone_templates: Delete Phone Templates
read:prompts: Read Prompts
update:prompts: Update Prompts
create:rate_limit_policies: Create Rate Limit Policies
read:rate_limit_policies: Read Rate Limit Policies
update:rate_limit_policies: Update Rate Limit Policies
delete:rate_limit_policies: Delete Rate Limit Policies
read:refresh_tokens: Read Refresh Tokens
update:refresh_tokens: Update Refresh Tokens
delete:refresh_tokens: Delete Refresh Tokens
create:resource_servers: Create Resource Servers
read:resource_servers: Read Resource Servers
update:resource_servers: Update Resource Servers
delete:resource_servers: Delete Resource Servers
create:role_members: Create Role Members
read:role_members: Read Role Members
delete:role_members: Delete Role Members
create:roles: Create Roles
read:roles: Read Roles
update:roles: Update Roles
delete:roles: Delete Roles
create:rules: Create Rules
read:rules: Read Rules
update:rules: Update Rules
delete:rules: Delete Rules
read:rules_configs: Read Rules Configs
update:rules_configs: Update Rules Configs
delete:rules_configs: Delete Rules Configs
create:scim_config: Create Scim Config
read:scim_config: Read Scim Config
update:scim_config: Update Scim Config
delete:scim_config: Delete Scim Config
create:scim_token: Create Scim Token
read:scim_token: Read Scim Token
delete:scim_token: Delete Scim Token
read:self_service_profile_custom_texts: Read Self Service Profile Custom Texts
update:self_service_profile_custom_texts: Update Self Service Profile Custom Texts
create:self_service_profiles: Create Self Service Profiles
read:self_service_profiles: Read Self Service Profiles
update:self_service_profiles: Update Self Service Profiles
delete:self_service_profiles: Delete Self Service Profiles
read:sessions: Read Sessions
update:sessions: Update Sessions
delete:sessions: Delete Sessions
create:signing_keys: Create Signing Keys
read:signing_keys: Read Signing Keys
update:signing_keys: Update Signing Keys
create:sso_access_tickets: Create Sso Access Tickets
delete:sso_access_tickets: Delete Sso Access Tickets
read:stats: Read Stats
read:tenant_settings: Read Tenant Settings
update:tenant_settings: Update Tenant Settings
create:token_exchange_profiles: Create Token Exchange Profiles
read:token_exchange_profiles: Read Token Exchange Profiles
update:token_exchange_profiles: Update Token Exchange Profiles
delete:token_exchange_profiles: Delete Token Exchange Profiles
create:user_attribute_profiles: Create User Attribute Profiles
read:user_attribute_profiles: Read User Attribute Profiles
update:user_attribute_profiles: Update User Attribute Profiles
delete:user_attribute_profiles: Delete User Attribute Profiles
read:user_effective_permissions: Read User Effective Permissions
read:user_effective_roles: Read User Effective Roles
read:user_idp_tokens: Read User Idp Tokens
read:user_permission_source_roles: Read User Permission Source Roles
read:user_role_source_groups: Read User Role Source Groups
create:user_tickets: Create User Tickets
create:users: Create Users
read:users: Read Users
update:users: Update Users
delete:users: Delete Users
update:users_app_metadata: Update Users App Metadata
create:vdcs_templates: Create Vdcs Templates
read:vdcs_templates: Read Vdcs Templates
update:vdcs_templates: Update Vdcs Templates
delete:vdcs_templates: Delete Vdcs Templates
````