packages feed

ory-kratos 0.0.6.0 → 0.0.7.0

raw patch · 20 files changed

+2098/−1379 lines, 20 filesdep ~aesondep ~basedep ~containerssetup-changed

Dependency ranges changed: aeson, base, containers, exceptions, http-api-data, http-client, http-client-tls, http-types, mtl, network-uri, servant, servant-client, servant-client-core, servant-server, swagger2, text, time, transformers, uuid, wai, warp

Files

− Setup.hs
@@ -1,2 +0,0 @@-import Distribution.Simple-main = defaultMain
lib/OryKratos/API.hs view
@@ -1,6 +1,20 @@--- | Client and Server+{-# LANGUAGE DataKinds #-}+{-# LANGUAGE DeriveDataTypeable #-}+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DeriveTraversable #-}+{-# LANGUAGE FlexibleContexts #-}+{-# LANGUAGE FlexibleInstances #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE TypeOperators #-}+{-# LANGUAGE ViewPatterns #-}+{-# OPTIONS_GHC -fno-warn-unused-binds -fno-warn-unused-imports -freduction-depth=328 #-}+ module OryKratos.API-  ( Config (..),+  ( -- * Client and Server+    Config (..),     OryKratosBackend (..),     createOryKratosClient,     runOryKratosServer,@@ -13,6 +27,9 @@      -- ** Servant     OryKratosAPI,++    -- ** Plain WAI Application+    serverWaiApplicationOryKratos,   ) where @@ -22,21 +39,31 @@ import Control.Monad.Trans.Reader (ReaderT (..)) import Data.Aeson (Value) import Data.Coerce (coerce)+import Data.Data (Data) import Data.Function ((&))+import qualified Data.Map as Map+import Data.Monoid ((<>)) import Data.Proxy (Proxy (..))+import Data.Set (Set) import Data.Text (Text) import qualified Data.Text as T+import Data.Time+import Data.UUID (UUID) import GHC.Exts (IsString (..))+import GHC.Generics (Generic) import Network.HTTP.Client (Manager, newManager) import Network.HTTP.Client.TLS (tlsManagerSettings)+import Network.HTTP.Types.Method (methodOptions) import Network.Wai (Middleware) import qualified Network.Wai.Handler.Warp as Warp-import OryKratos.Types hiding (error)+import OryKratos.Types import Servant (ServerError, serve) import Servant.API+import Servant.API.Verbs (StdMethod (..), Verb) import Servant.Client   ( ClientEnv,     ClientError,+    Scheme (Http),     client,     mkClientEnv,     parseBaseUrl,@@ -45,7 +72,8 @@ import Servant.Client.Internal.HttpClient (ClientM (..)) import Servant.Server (Application, Handler (..)) import Servant.Server.StaticFiles (serveDirectoryFileServer)-import Prelude+import Web.FormUrlEncoded+import Web.HttpApiData  -- | List of elements parsed from a query. newtype QueryList (p :: CollectionFormat) a = QueryList@@ -105,42 +133,49 @@  -- | Servant type-level API, generated from the OpenAPI spec for OryKratos. type OryKratosAPI =-  "identities" :> ReqBody '[JSON] CreateIdentity :> Verb 'POST 200 '[JSON] Identity -- 'createIdentity' route-    :<|> "recovery" :> "link" :> ReqBody '[JSON] CreateRecoveryLink :> Verb 'POST 200 '[JSON] RecoveryLink -- 'createRecoveryLink' route-    :<|> "identities" :> Capture "id" Text :> Verb 'DELETE 200 '[JSON] NoContent -- 'deleteIdentity' route-    :<|> "identities" :> Capture "id" Text :> Verb 'GET 200 '[JSON] Identity -- 'getIdentity' route-    :<|> "identities" :> QueryParam "per_page" Integer :> QueryParam "page" Integer :> Verb 'GET 200 '[JSON] [Identity] -- 'listIdentities' route-    :<|> "metrics" :> "prometheus" :> Verb 'GET 200 '[JSON] NoContent -- 'prometheus' route-    :<|> "identities" :> Capture "id" Text :> ReqBody '[JSON] UpdateIdentity :> Verb 'PUT 200 '[JSON] Identity -- 'updateIdentity' route-    :<|> "health" :> "alive" :> Verb 'GET 200 '[JSON] HealthStatus -- 'isInstanceAlive' route-    :<|> "health" :> "ready" :> Verb 'GET 200 '[JSON] HealthStatus -- 'isInstanceReady' route-    :<|> "schemas" :> Capture "id" Text :> Verb 'GET 200 '[JSON] Value -- 'getSchema' route-    :<|> "self-service" :> "errors" :> QueryParam "error" Text :> Verb 'GET 200 '[JSON] SelfServiceErrorContainer -- 'getSelfServiceError' route-    :<|> "self-service" :> "login" :> "flows" :> QueryParam "id" Text :> Verb 'GET 200 '[JSON] LoginFlow -- 'getSelfServiceLoginFlow' route-    :<|> "self-service" :> "recovery" :> "flows" :> QueryParam "id" Text :> Verb 'GET 200 '[JSON] RecoveryFlow -- 'getSelfServiceRecoveryFlow' route-    :<|> "self-service" :> "registration" :> "flows" :> QueryParam "id" Text :> Verb 'GET 200 '[JSON] RegistrationFlow -- 'getSelfServiceRegistrationFlow' route-    :<|> "self-service" :> "settings" :> "flows" :> QueryParam "id" Text :> Header "X-Session-Token" Text :> Verb 'GET 200 '[JSON] SettingsFlow -- 'getSelfServiceSettingsFlow' route-    :<|> "self-service" :> "verification" :> "flows" :> QueryParam "id" Text :> Verb 'GET 200 '[JSON] VerificationFlow -- 'getSelfServiceVerificationFlow' route-    :<|> "self-service" :> "browser" :> "flows" :> "logout" :> Verb 'GET 200 '[JSON] NoContent -- 'initializeSelfServiceBrowserLogoutFlow' route-    :<|> "self-service" :> "login" :> "browser" :> QueryParam "refresh" Bool :> Verb 'GET 200 '[JSON] NoContent -- 'initializeSelfServiceLoginForBrowsers' route-    :<|> "self-service" :> "login" :> "api" :> QueryParam "refresh" Bool :> Verb 'GET 200 '[JSON] LoginFlow -- 'initializeSelfServiceLoginForNativeApps' route-    :<|> "self-service" :> "recovery" :> "browser" :> Verb 'GET 200 '[JSON] NoContent -- 'initializeSelfServiceRecoveryForBrowsers' route-    :<|> "self-service" :> "recovery" :> "api" :> Verb 'GET 200 '[JSON] RecoveryFlow -- 'initializeSelfServiceRecoveryForNativeApps' route-    :<|> "self-service" :> "registration" :> "browser" :> Verb 'GET 200 '[JSON] NoContent -- 'initializeSelfServiceRegistrationForBrowsers' route-    :<|> "self-service" :> "registration" :> "api" :> Verb 'GET 200 '[JSON] RegistrationFlow -- 'initializeSelfServiceRegistrationForNativeApps' route-    :<|> "self-service" :> "settings" :> "browser" :> Verb 'GET 200 '[JSON] NoContent -- 'initializeSelfServiceSettingsForBrowsers' route-    :<|> "self-service" :> "settings" :> "api" :> Header "X-Session-Token" Text :> Verb 'GET 200 '[JSON] SettingsFlow -- 'initializeSelfServiceSettingsForNativeApps' route-    :<|> "self-service" :> "verification" :> "browser" :> Verb 'GET 200 '[JSON] NoContent -- 'initializeSelfServiceVerificationForBrowsers' route-    :<|> "self-service" :> "verification" :> "api" :> Verb 'GET 200 '[JSON] VerificationFlow -- 'initializeSelfServiceVerificationForNativeApps' route-    :<|> "sessions" :> ReqBody '[JSON] RevokeSession :> Verb 'DELETE 200 '[JSON] NoContent -- 'revokeSession' route-    :<|> "self-service" :> "login" :> QueryParam "flow" Text :> ReqBody '[JSON] Value :> Verb 'POST 200 '[JSON] LoginViaApiResponse -- 'submitSelfServiceLoginFlow' route-    :<|> "self-service" :> "recovery" :> QueryParam "flow" Text :> ReqBody '[JSON] Value :> Verb 'POST 200 '[JSON] NoContent -- 'submitSelfServiceRecoveryFlow' route-    :<|> "self-service" :> "recovery" :> "methods" :> "link" :> QueryParam "token" Text :> QueryParam "flow" Text :> ReqBody '[JSON] SubmitSelfServiceRecoveryFlowWithLinkMethod :> Verb 'POST 200 '[JSON] NoContent -- 'submitSelfServiceRecoveryFlowWithLinkMethod' route-    :<|> "self-service" :> "registration" :> QueryParam "flow" Text :> ReqBody '[JSON] Value :> Verb 'POST 200 '[JSON] RegistrationViaApiResponse -- 'submitSelfServiceRegistrationFlow' route-    :<|> "self-service" :> "settings" :> QueryParam "flow" Text :> ReqBody '[JSON] Value :> Header "X-Session-Token" Text :> Verb 'POST 200 '[JSON] SettingsViaApiResponse -- 'submitSelfServiceSettingsFlow' route-    :<|> "self-service" :> "verification" :> "methods" :> "link" :> QueryParam "flow" Text :> ReqBody '[JSON] Value :> Verb 'POST 200 '[JSON] NoContent -- 'submitSelfServiceVerificationFlow' route-    :<|> "sessions" :> "whoami" :> Header "X-Session-Token" Text :> Verb 'GET 200 '[JSON] Session -- 'toSession' route-    :<|> "version" :> Verb 'GET 200 '[JSON] Version -- 'getVersion' route+  "version" :> Verb 'GET 200 '[JSON] GetVersion200Response -- 'getVersion' route+    :<|> "health" :> "alive" :> Verb 'GET 200 '[JSON] IsAlive200Response -- 'isAlive' route+    :<|> "health" :> "ready" :> Verb 'GET 200 '[JSON] IsAlive200Response -- 'isReady' route+    :<|> "admin" :> "identities" :> ReqBody '[JSON] AdminCreateIdentityBody :> Verb 'POST 200 '[JSON] Identity -- 'adminCreateIdentity' route+    :<|> "admin" :> "recovery" :> "link" :> ReqBody '[JSON] AdminCreateSelfServiceRecoveryLinkBody :> Verb 'POST 200 '[JSON] SelfServiceRecoveryLink -- 'adminCreateSelfServiceRecoveryLink' route+    :<|> "admin" :> "identities" :> Capture "id" Text :> Verb 'DELETE 200 '[JSON] NoContent -- 'adminDeleteIdentity' route+    :<|> "admin" :> "identities" :> Capture "id" Text :> "sessions" :> Verb 'DELETE 200 '[JSON] NoContent -- 'adminDeleteIdentitySessions' route+    :<|> "admin" :> "sessions" :> Capture "id" Text :> "extend" :> Verb 'PATCH 200 '[JSON] Session -- 'adminExtendSession' route+    :<|> "admin" :> "identities" :> Capture "id" Text :> QueryParam "include_credential" (QueryList 'MultiParamArray (Text)) :> Verb 'GET 200 '[JSON] Identity -- 'adminGetIdentity' route+    :<|> "admin" :> "identities" :> QueryParam "per_page" Integer :> QueryParam "page" Integer :> Verb 'GET 200 '[JSON] [Identity] -- 'adminListIdentities' route+    :<|> "admin" :> "identities" :> Capture "id" Text :> "sessions" :> QueryParam "per_page" Integer :> QueryParam "page" Integer :> QueryParam "active" Bool :> Verb 'GET 200 '[JSON] [Session] -- 'adminListIdentitySessions' route+    :<|> "admin" :> "identities" :> Capture "id" Text :> ReqBody '[JSON] AdminUpdateIdentityBody :> Verb 'PUT 200 '[JSON] Identity -- 'adminUpdateIdentity' route+    :<|> "self-service" :> "logout" :> "browser" :> Header "cookie" Text :> Verb 'GET 200 '[JSON] SelfServiceLogoutUrl -- 'createSelfServiceLogoutFlowUrlForBrowsers' route+    :<|> "schemas" :> Capture "id" Text :> Verb 'GET 200 '[JSON] Value -- 'getJsonSchema' route+    :<|> "self-service" :> "errors" :> QueryParam "id" Text :> Verb 'GET 200 '[JSON] SelfServiceError -- 'getSelfServiceError' route+    :<|> "self-service" :> "login" :> "flows" :> QueryParam "id" Text :> Header "Cookie" Text :> Verb 'GET 200 '[JSON] SelfServiceLoginFlow -- 'getSelfServiceLoginFlow' route+    :<|> "self-service" :> "recovery" :> "flows" :> QueryParam "id" Text :> Header "Cookie" Text :> Verb 'GET 200 '[JSON] SelfServiceRecoveryFlow -- 'getSelfServiceRecoveryFlow' route+    :<|> "self-service" :> "registration" :> "flows" :> QueryParam "id" Text :> Header "Cookie" Text :> Verb 'GET 200 '[JSON] SelfServiceRegistrationFlow -- 'getSelfServiceRegistrationFlow' route+    :<|> "self-service" :> "settings" :> "flows" :> QueryParam "id" Text :> Header "X-Session-Token" Text :> Header "Cookie" Text :> Verb 'GET 200 '[JSON] SelfServiceSettingsFlow -- 'getSelfServiceSettingsFlow' route+    :<|> "self-service" :> "verification" :> "flows" :> QueryParam "id" Text :> Header "cookie" Text :> Verb 'GET 200 '[JSON] SelfServiceVerificationFlow -- 'getSelfServiceVerificationFlow' route+    :<|> ".well-known" :> "ory" :> "webauthn.js" :> Verb 'GET 200 '[JSON] Text -- 'getWebAuthnJavaScript' route+    :<|> "self-service" :> "login" :> "browser" :> QueryParam "refresh" Bool :> QueryParam "aal" Text :> QueryParam "return_to" Text :> Verb 'GET 200 '[JSON] SelfServiceLoginFlow -- 'initializeSelfServiceLoginFlowForBrowsers' route+    :<|> "self-service" :> "login" :> "api" :> QueryParam "refresh" Bool :> QueryParam "aal" Text :> Header "X-Session-Token" Text :> Verb 'GET 200 '[JSON] SelfServiceLoginFlow -- 'initializeSelfServiceLoginFlowWithoutBrowser' route+    :<|> "self-service" :> "recovery" :> "browser" :> QueryParam "return_to" Text :> Verb 'GET 200 '[JSON] SelfServiceRecoveryFlow -- 'initializeSelfServiceRecoveryFlowForBrowsers' route+    :<|> "self-service" :> "recovery" :> "api" :> Verb 'GET 200 '[JSON] SelfServiceRecoveryFlow -- 'initializeSelfServiceRecoveryFlowWithoutBrowser' route+    :<|> "self-service" :> "registration" :> "browser" :> QueryParam "return_to" Text :> Verb 'GET 200 '[JSON] SelfServiceRegistrationFlow -- 'initializeSelfServiceRegistrationFlowForBrowsers' route+    :<|> "self-service" :> "registration" :> "api" :> Verb 'GET 200 '[JSON] SelfServiceRegistrationFlow -- 'initializeSelfServiceRegistrationFlowWithoutBrowser' route+    :<|> "self-service" :> "settings" :> "browser" :> QueryParam "return_to" Text :> Verb 'GET 200 '[JSON] SelfServiceSettingsFlow -- 'initializeSelfServiceSettingsFlowForBrowsers' route+    :<|> "self-service" :> "settings" :> "api" :> Header "X-Session-Token" Text :> Verb 'GET 200 '[JSON] SelfServiceSettingsFlow -- 'initializeSelfServiceSettingsFlowWithoutBrowser' route+    :<|> "self-service" :> "verification" :> "browser" :> QueryParam "return_to" Text :> Verb 'GET 200 '[JSON] SelfServiceVerificationFlow -- 'initializeSelfServiceVerificationFlowForBrowsers' route+    :<|> "self-service" :> "verification" :> "api" :> Verb 'GET 200 '[JSON] SelfServiceVerificationFlow -- 'initializeSelfServiceVerificationFlowWithoutBrowser' route+    :<|> "schemas" :> QueryParam "per_page" Integer :> QueryParam "page" Integer :> Verb 'GET 200 '[JSON] [IdentitySchema] -- 'listIdentitySchemas' route+    :<|> "sessions" :> QueryParam "per_page" Integer :> QueryParam "page" Integer :> Header "X-Session-Token" Text :> Header "Cookie" Text :> Verb 'GET 200 '[JSON] [Session] -- 'listSessions' route+    :<|> "sessions" :> Capture "id" Text :> Verb 'DELETE 200 '[JSON] NoContent -- 'revokeSession' route+    :<|> "sessions" :> Header "X-Session-Token" Text :> Header "Cookie" Text :> Verb 'DELETE 200 '[JSON] RevokedSessions -- 'revokeSessions' route+    :<|> "self-service" :> "login" :> QueryParam "flow" Text :> ReqBody '[JSON] SubmitSelfServiceLoginFlowBody :> Header "X-Session-Token" Text :> Header "Cookie" Text :> Verb 'POST 200 '[JSON] SuccessfulSelfServiceLoginWithoutBrowser -- 'submitSelfServiceLoginFlow' route+    :<|> "self-service" :> "logout" :> QueryParam "token" Text :> QueryParam "return_to" Text :> Verb 'GET 200 '[JSON] NoContent -- 'submitSelfServiceLogoutFlow' route+    :<|> "self-service" :> "logout" :> "api" :> ReqBody '[JSON] SubmitSelfServiceLogoutFlowWithoutBrowserBody :> Verb 'DELETE 200 '[JSON] NoContent -- 'submitSelfServiceLogoutFlowWithoutBrowser' route+    :<|> "self-service" :> "recovery" :> QueryParam "flow" Text :> QueryParam "token" Text :> ReqBody '[JSON] SubmitSelfServiceRecoveryFlowBody :> Header "Cookie" Text :> Verb 'POST 200 '[JSON] SelfServiceRecoveryFlow -- 'submitSelfServiceRecoveryFlow' route+    :<|> "self-service" :> "registration" :> QueryParam "flow" Text :> ReqBody '[JSON] SubmitSelfServiceRegistrationFlowBody :> Header "Cookie" Text :> Verb 'POST 200 '[JSON] SuccessfulSelfServiceRegistrationWithoutBrowser -- 'submitSelfServiceRegistrationFlow' route+    :<|> "self-service" :> "settings" :> QueryParam "flow" Text :> ReqBody '[JSON] SubmitSelfServiceSettingsFlowBody :> Header "X-Session-Token" Text :> Header "Cookie" Text :> Verb 'POST 200 '[JSON] SelfServiceSettingsFlow -- 'submitSelfServiceSettingsFlow' route+    :<|> "self-service" :> "verification" :> QueryParam "flow" Text :> QueryParam "token" Text :> ReqBody '[JSON] SubmitSelfServiceVerificationFlowBody :> Header "Cookie" Text :> Verb 'POST 200 '[JSON] SelfServiceVerificationFlow -- 'submitSelfServiceVerificationFlow' route+    :<|> "sessions" :> "whoami" :> Header "X-Session-Token" Text :> Header "Cookie" Text :> Verb 'GET 200 '[JSON] Session -- 'toSession' route     :<|> Raw  -- | Server or client configuration, specifying the host and port to query or serve on.@@ -150,7 +185,7 @@   }   deriving stock (Eq, Ord, Show, Read) --- | Custom exception type for our errors.+-- | Custom exception type for our Prelude.errors. newtype OryKratosClientError = OryKratosClientError ClientError   deriving newtype (Show, Exception) @@ -161,78 +196,92 @@ -- is a backend that executes actions by sending HTTP requests (see @createOryKratosClient@). Alternatively, provided -- a backend, the API can be served using @runOryKratosMiddlewareServer@. data OryKratosBackend m = OryKratosBackend-  { -- | This endpoint creates an identity. It is NOT possible to set an identity's credentials (password, ...) using this method! A way to achieve that will be introduced in the future.  Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).-    createIdentity :: CreateIdentity -> m Identity,+  { -- | This endpoint returns the version of Ory Kratos.  If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set.  Be aware that if you are running multiple nodes of this service, the version will never refer to the cluster state, only to a single instance.+    getVersion :: m GetVersion200Response,+    -- | This endpoint returns a HTTP 200 status code when Ory Kratos is accepting incoming HTTP requests. This status does currently not include checks whether the database connection is working.  If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set.  Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance.+    isAlive :: m IsAlive200Response,+    -- | This endpoint returns a HTTP 200 status code when Ory Kratos is up running and the environment dependencies (e.g. the database) are responsive as well.  If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set.  Be aware that if you are running multiple nodes of Ory Kratos, the health status will never refer to the cluster state, only to a single instance.+    isReady :: m IsAlive200Response,+    -- | This endpoint creates an identity. Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).+    adminCreateIdentity :: AdminCreateIdentityBody -> m Identity,     -- | This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account.-    createRecoveryLink :: CreateRecoveryLink -> m RecoveryLink,+    adminCreateSelfServiceRecoveryLink :: AdminCreateSelfServiceRecoveryLinkBody -> m SelfServiceRecoveryLink,     -- | Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already.  Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).-    deleteIdentity :: Text -> m NoContent,+    adminDeleteIdentity :: Text -> m NoContent,+    -- | This endpoint is useful for:  To forcefully logout Identity from all devices and sessions+    adminDeleteIdentitySessions :: Text -> m NoContent,+    -- | Retrieve the session ID from the `/sessions/whoami` endpoint / `toSession` SDK method.+    adminExtendSession :: Text -> m Session,     -- | Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).-    getIdentity :: Text -> m Identity,-    -- | Get a Traits Schema Definition-    getSchema :: Text -> m Value,-    -- | This endpoint returns the error associated with a user-facing self service errors.  This endpoint supports stub values to help you implement the error UI:  `?error=stub:500` - returns a stub 500 (Internal Server Error) error.  More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors).-    getSelfServiceError :: Maybe Text -> m SelfServiceErrorContainer,-    -- | This endpoint returns a login flow's context with, for example, error details and other information.  More information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).-    getSelfServiceLoginFlow :: Maybe Text -> m LoginFlow,-    -- | This endpoint returns a recovery flow's context with, for example, error details and other information.  More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).-    getSelfServiceRecoveryFlow :: Maybe Text -> m RecoveryFlow,-    -- | This endpoint returns a registration flow's context with, for example, error details and other information.  More information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).-    getSelfServiceRegistrationFlow :: Maybe Text -> m RegistrationFlow,-    -- | When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie or the Ory Kratos Session Token are set. The public endpoint does not return 404 status codes but instead 403 or 500 to improve data privacy.  You can access this endpoint without credentials when using Ory Kratos' Admin API.  More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).-    getSelfServiceSettingsFlow :: Maybe Text -> Maybe Text -> m SettingsFlow,-    -- | This endpoint returns a verification flow's context with, for example, error details and other information.  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).-    getSelfServiceVerificationFlow :: Maybe Text -> m VerificationFlow,+    adminGetIdentity :: Text -> Maybe [Text] -> m Identity,     -- | Lists all identities. Does not support search at the moment.  Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).-    listIdentities :: Maybe Integer -> Maybe Integer -> m [Identity],-    -- | ``` metadata: annotations: prometheus.io/port: \"4434\" prometheus.io/path: \"/metrics/prometheus\" ```-    prometheus :: m NoContent,-    -- | This endpoint updates an identity. It is NOT possible to set an identity's credentials (password, ...) using this method! A way to achieve that will be introduced in the future.  The full identity payload (except credentials) is expected. This endpoint does not support patching.  Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).-    updateIdentity :: Text -> UpdateIdentity -> m Identity,-    -- | This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working.  If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set.  Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance.-    isInstanceAlive :: m HealthStatus,-    -- | This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well.  If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set.  Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance.-    isInstanceReady :: m HealthStatus,-    -- | This endpoint initializes a logout flow.  > This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).  On successful logout, the browser will be redirected (HTTP 302 Found) to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`.  More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout).-    initializeSelfServiceBrowserLogoutFlow :: m NoContent,-    -- | This endpoint initializes a browser-based user login flow. Once initialized, the browser will be redirected to `selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter `?refresh=true` was set.  This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).  More information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).-    initializeSelfServiceLoginForBrowsers :: Maybe Bool -> m NoContent,-    -- | This endpoint initiates a login flow for API clients such as mobile devices, smart TVs, and so on.  If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set.  To fetch an existing login flow call `/self-service/login/flows?flow=<flow_id>`.  :::warning  You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks, including CSRF login attacks.  This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).  :::  More information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).-    initializeSelfServiceLoginForNativeApps :: Maybe Bool -> m LoginFlow,-    -- | This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL.  This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).  More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).-    initializeSelfServiceRecoveryForBrowsers :: m NoContent,-    -- | This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.  If a valid provided session cookie or session token is provided, a 400 Bad Request error.  To fetch an existing recovery flow call `/self-service/recovery/flows?flow=<flow_id>`.  :::warning  You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks.  This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).  :::  More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).-    initializeSelfServiceRecoveryForNativeApps :: m RecoveryFlow,-    -- | This endpoint initializes a browser-based user registration flow. Once initialized, the browser will be redirected to `selfservice.flows.registration.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter `?refresh=true` was set.  :::note  This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).  :::  More information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).-    initializeSelfServiceRegistrationForBrowsers :: m NoContent,-    -- | This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.  If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set.  To fetch an existing registration flow call `/self-service/registration/flows?flow=<flow_id>`.  :::warning  You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks.  This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).  :::  More information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).-    initializeSelfServiceRegistrationForNativeApps :: m RegistrationFlow,-    -- | This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized.  :::note  This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).  :::  More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).-    initializeSelfServiceSettingsForBrowsers :: m NoContent,-    -- | This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK.  To fetch an existing settings flow call `/self-service/settings/flows?flow=<flow_id>`.  :::warning  You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks.  This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).  :::  More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).-    initializeSelfServiceSettingsForNativeApps :: Maybe Text -> m SettingsFlow,-    -- | This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.  This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).-    initializeSelfServiceVerificationForBrowsers :: m NoContent,-    -- | This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.  To fetch an existing verification flow call `/self-service/verification/flows?flow=<flow_id>`.  :::warning  You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks.  This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).  :::  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).-    initializeSelfServiceVerificationForNativeApps :: m VerificationFlow,-    -- | Use this endpoint to revoke a session using its token. This endpoint is particularly useful for API clients such as mobile apps to log the user out of the system and invalidate the session.  This endpoint does not remove any HTTP Cookies - use the Browser-Based Self-Service Logout Flow instead.-    revokeSession :: RevokeSession -> m NoContent,-    -- | Use this endpoint to complete a login flow. This endpoint behaves differently for API and browser flows.  API flows expect `application/json` to be sent in the body and responds with HTTP 200 and a application/json body with the session token on success; HTTP 302 redirect to a fresh login flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors.  Browser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with a HTTP 302 redirect to the post/after login URL or the `return_to` value if it was set and if the login succeeded; a HTTP 302 redirect to the login UI URL with the flow ID containing the validation errors otherwise.  More information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).-    submitSelfServiceLoginFlow :: Maybe Text -> Value -> m LoginViaApiResponse,-    -- | Use this endpoint to complete a recovery flow. This endpoint behaves differently for API and browser flows and has several states:  `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent and works with API- and Browser-initiated flows. For API clients it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid and a HTTP 302 Found redirect with a fresh recovery flow if the flow was otherwise invalid (e.g. expired). For Browser clients it returns a HTTP 302 Found redirect to the Recovery UI URL with the Recovery Flow ID appended. `sent_email` is the success state after `choose_method` for the `link` method and allows the user to request another recovery email. It works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\"sending a recovery link\") does not have any API capabilities. The server responds with a HTTP 302 Found redirect either to the Settings UI URL (if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with a new Recovery Flow ID which contains an error message that the recovery link was invalid.  More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).-    submitSelfServiceRecoveryFlow :: Maybe Text -> Value -> m NoContent,-    -- | Use this endpoint to complete a recovery flow using the link method. This endpoint behaves differently for API and browser flows and has several states:  `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent and works with API- and Browser-initiated flows. For API clients it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid and a HTTP 302 Found redirect with a fresh recovery flow if the flow was otherwise invalid (e.g. expired). For Browser clients it returns a HTTP 302 Found redirect to the Recovery UI URL with the Recovery Flow ID appended. `sent_email` is the success state after `choose_method` and allows the user to request another recovery email. It works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\"sending a recovery link\") does not have any API capabilities. The server responds with a HTTP 302 Found redirect either to the Settings UI URL (if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with a new Recovery Flow ID which contains an error message that the recovery link was invalid.  More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx).-    submitSelfServiceRecoveryFlowWithLinkMethod :: Maybe Text -> Maybe Text -> SubmitSelfServiceRecoveryFlowWithLinkMethod -> m NoContent,-    -- | Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint behaves differently for API and browser flows.  API flows expect `application/json` to be sent in the body and respond with HTTP 200 and a application/json body with the created identity success - if the session hook is configured the `session` and `session_token` will also be included; HTTP 302 redirect to a fresh registration flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors.  Browser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with a HTTP 302 redirect to the post/after registration URL or the `return_to` value if it was set and if the registration succeeded; a HTTP 302 redirect to the registration UI URL with the flow ID containing the validation errors otherwise.  More information can be found at [Ory Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration).-    submitSelfServiceRegistrationFlow :: Maybe Text -> Value -> m RegistrationViaApiResponse,-    -- | Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows.  API-initiated flows expect `application/json` to be sent in the body and respond with HTTP 200 and an application/json body with the session token on success; HTTP 302 redirect to a fresh settings flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors. HTTP 401 when the endpoint is called without a valid session token. HTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached. Implies that the user needs to re-authenticate.  Browser flows expect `application/x-www-form-urlencoded` to be sent in the body and responds with a HTTP 302 redirect to the post/after settings URL or the `return_to` value if it was set and if the flow succeeded; a HTTP 302 redirect to the Settings UI URL with the flow ID containing the validation errors otherwise. a HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached.  More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).-    submitSelfServiceSettingsFlow :: Maybe Text -> Value -> Maybe Text -> m SettingsViaApiResponse,-    -- | Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states:  `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent and works with API- and Browser-initiated flows. For API clients it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid and a HTTP 302 Found redirect with a fresh verification flow if the flow was otherwise invalid (e.g. expired). For Browser clients it returns a HTTP 302 Found redirect to the Verification UI URL with the Verification Flow ID appended. `sent_email` is the success state after `choose_method` when using the `link` method and allows the user to request another verification email. It works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\"sending a verification link\") does not have any API capabilities. The server responds with a HTTP 302 Found redirect either to the Settings UI URL (if the link was valid) and instructs the user to update their password, or a redirect to the Verification UI URL with a new Verification Flow ID which contains an error message that the verification link was invalid.  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).-    submitSelfServiceVerificationFlow :: Maybe Text -> Value -> m NoContent,-    -- | Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response.  This endpoint is useful for:  AJAX calls. Remember to send credentials and set up CORS correctly! Reverse proxies and API Gateways Server-side calls - use the `X-Session-Token` header!-    toSession :: Maybe Text -> m Session,-    -- | This endpoint returns the service version typically notated using semantic versioning.  If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set.  Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance.-    getVersion :: m Version+    adminListIdentities :: Maybe Integer -> Maybe Integer -> m [Identity],+    -- | This endpoint is useful for:  Listing all sessions that belong to an Identity in an administrative context.+    adminListIdentitySessions :: Text -> Maybe Integer -> Maybe Integer -> Maybe Bool -> m [Session],+    -- | This endpoint updates an identity. The full identity payload (except credentials) is expected. This endpoint does not support patching.  Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).+    adminUpdateIdentity :: Text -> AdminUpdateIdentityBody -> m Identity,+    -- | This endpoint initializes a browser-based user logout flow and a URL which can be used to log out the user.  This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). For API clients you can call the `/self-service/logout/api` URL directly with the Ory Session Token.  The URL is only valid for the currently signed in user. If no user is signed in, this endpoint returns a 401 Prelude.error.  When calling this endpoint from a backend, please ensure to properly forward the HTTP cookies.+    createSelfServiceLogoutFlowUrlForBrowsers :: Maybe Text -> m SelfServiceLogoutUrl,+    -- | Get a JSON Schema+    getJsonSchema :: Text -> m Value,+    -- | This endpoint returns the Prelude.error associated with a user-facing self service Prelude.errors.  This endpoint supports stub values to help you implement the Prelude.error UI:  `?id=stub:500` - returns a stub 500 (Internal Server Error) Prelude.error.  More information can be found at [Ory Kratos User User Facing Error Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-facing-errors).+    getSelfServiceError :: Maybe Text -> m SelfServiceError,+    -- | This endpoint returns a login flow's context with, for example, Prelude.error details and other information.  Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail.  If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain and you need to forward the incoming HTTP Cookie header to this endpoint:  ```js pseudo-code example router.get('/login', async function (req, res) { const flow = await client.getSelfServiceLoginFlow(req.header('cookie'), req.query['flow'])  res.render('login', flow) }) ```  This request may fail due to several reasons. The `error.id` can be one of:  `session_already_available`: The user is already signed in. `self_service_flow_expired`: The flow is expired and you should request a new one.  More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).+    getSelfServiceLoginFlow :: Maybe Text -> Maybe Text -> m SelfServiceLoginFlow,+    -- | This endpoint returns a recovery flow's context with, for example, Prelude.error details and other information.  Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail.  If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain and you need to forward the incoming HTTP Cookie header to this endpoint:  ```js pseudo-code example router.get('/recovery', async function (req, res) { const flow = await client.getSelfServiceRecoveryFlow(req.header('Cookie'), req.query['flow'])  res.render('recovery', flow) }) ```  More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).+    getSelfServiceRecoveryFlow :: Maybe Text -> Maybe Text -> m SelfServiceRecoveryFlow,+    -- | This endpoint returns a registration flow's context with, for example, Prelude.error details and other information.  Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail.  If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain and you need to forward the incoming HTTP Cookie header to this endpoint:  ```js pseudo-code example router.get('/registration', async function (req, res) { const flow = await client.getSelfServiceRegistrationFlow(req.header('cookie'), req.query['flow'])  res.render('registration', flow) }) ```  This request may fail due to several reasons. The `error.id` can be one of:  `session_already_available`: The user is already signed in. `self_service_flow_expired`: The flow is expired and you should request a new one.  More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).+    getSelfServiceRegistrationFlow :: Maybe Text -> Maybe Text -> m SelfServiceRegistrationFlow,+    -- | When accessing this endpoint through Ory Kratos' Public API you must ensure that either the Ory Kratos Session Cookie or the Ory Kratos Session Token are set.  Depending on your configuration this endpoint might return a 403 Prelude.error if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this Prelude.error occurs, ask the user to sign in with the second factor or change the configuration.  You can access this endpoint without credentials when using Ory Kratos' Admin API.  If this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the case of an Prelude.error, the `error.id` of the JSON response body can be one of:  `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `session_inactive`: No Ory Session was found - sign in a user first. `security_identity_mismatch`: The flow was interrupted with `session_refresh_required` but apparently some other identity logged in instead.  More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).+    getSelfServiceSettingsFlow :: Maybe Text -> Maybe Text -> Maybe Text -> m SelfServiceSettingsFlow,+    -- | This endpoint returns a verification flow's context with, for example, Prelude.error details and other information.  Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail.  If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain and you need to forward the incoming HTTP Cookie header to this endpoint:  ```js pseudo-code example router.get('/recovery', async function (req, res) { const flow = await client.getSelfServiceVerificationFlow(req.header('cookie'), req.query['flow'])  res.render('verification', flow) })  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).+    getSelfServiceVerificationFlow :: Maybe Text -> Maybe Text -> m SelfServiceVerificationFlow,+    -- | This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.  If you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file:  ```html <script src=\"https://public-kratos.example.org/.well-known/ory/webauthn.js\" type=\"script\" async /> ```  More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).+    getWebAuthnJavaScript :: m Text,+    -- | This endpoint initializes a browser-based user login flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows.  If this endpoint is opened as a link in the browser, it will be redirected to `selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter `?refresh=true` was set.  If this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the case of an Prelude.error, the `error.id` of the JSON response body can be one of:  `session_already_available`: The user is already signed in. `session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!  This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.  More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).+    initializeSelfServiceLoginFlowForBrowsers :: Maybe Bool -> Maybe Text -> Maybe Text -> m SelfServiceLoginFlow,+    -- | This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on.  If a valid provided session cookie or session token is provided, a 400 Bad Request Prelude.error will be returned unless the URL query parameter `?refresh=true` is set.  To fetch an existing login flow call `/self-service/login/flows?flow=<flow_id>`.  You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks, including CSRF login attacks.  In the case of an Prelude.error, the `error.id` of the JSON response body can be one of:  `session_already_available`: The user is already signed in. `session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.  This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).  More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).+    initializeSelfServiceLoginFlowWithoutBrowser :: Maybe Bool -> Maybe Text -> Maybe Text -> m SelfServiceLoginFlow,+    -- | This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL.  If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects or a 400 bad request Prelude.error if the user is already authenticated.  This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.  More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).+    initializeSelfServiceRecoveryFlowForBrowsers :: Maybe Text -> m SelfServiceRecoveryFlow,+    -- | This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on.  If a valid provided session cookie or session token is provided, a 400 Bad Request Prelude.error.  To fetch an existing recovery flow call `/self-service/recovery/flows?flow=<flow_id>`.  You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks.  This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).   More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).+    initializeSelfServiceRecoveryFlowWithoutBrowser :: m SelfServiceRecoveryFlow,+    -- | This endpoint initializes a browser-based user registration flow. This endpoint will set the appropriate cookies and anti-CSRF measures required for browser-based flows.  :::info  This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.  :::  If this endpoint is opened as a link in the browser, it will be redirected to `selfservice.flows.registration.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists already, the browser will be redirected to `urls.default_redirect_url`.  If this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the case of an Prelude.error, the `error.id` of the JSON response body can be one of:  `session_already_available`: The user is already signed in. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!  If this endpoint is called via an AJAX request, the response contains the registration flow without a redirect.  This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.  More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).+    initializeSelfServiceRegistrationFlowForBrowsers :: Maybe Text -> m SelfServiceRegistrationFlow,+    -- | This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on.  If a valid provided session cookie or session token is provided, a 400 Bad Request Prelude.error will be returned unless the URL query parameter `?refresh=true` is set.  To fetch an existing registration flow call `/self-service/registration/flows?flow=<flow_id>`.  You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks.  In the case of an Prelude.error, the `error.id` of the JSON response body can be one of:  `session_already_available`: The user is already signed in. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred.  This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).  More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).+    initializeSelfServiceRegistrationFlowWithoutBrowser :: m SelfServiceRegistrationFlow,+    -- | This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized.  If this endpoint is opened as a link in the browser, it will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid user session was set, the browser will be redirected to the login endpoint.  If this endpoint is called via an AJAX request, the response contains the settings flow without any redirects or a 401 forbidden Prelude.error if no valid session was set.  Depending on your configuration this endpoint might return a 403 Prelude.error if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this Prelude.error occurs, ask the user to sign in with the second factor (happens automatically for server-side browser flows) or change the configuration.  If this endpoint is called via an AJAX request, the response contains the flow without a redirect. In the case of an Prelude.error, the `error.id` of the JSON response body can be one of:  `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `session_inactive`: No Ory Session was found - sign in a user first. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration!  This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.  More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).+    initializeSelfServiceSettingsFlowForBrowsers :: Maybe Text -> m SelfServiceSettingsFlow,+    -- | This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK.  To fetch an existing settings flow call `/self-service/settings/flows?flow=<flow_id>`.  You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks.  Depending on your configuration this endpoint might return a 403 Prelude.error if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this Prelude.error occurs, ask the user to sign in with the second factor or change the configuration.  In the case of an Prelude.error, the `error.id` of the JSON response body can be one of:  `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `session_inactive`: No Ory Session was found - sign in a user first.  This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).  More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).+    initializeSelfServiceSettingsFlowWithoutBrowser :: Maybe Text -> m SelfServiceSettingsFlow,+    -- | This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`.  If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects.  This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...).  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).+    initializeSelfServiceVerificationFlowForBrowsers :: Maybe Text -> m SelfServiceVerificationFlow,+    -- | This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.  To fetch an existing verification flow call `/self-service/verification/flows?flow=<flow_id>`.  You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks.  This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).+    initializeSelfServiceVerificationFlowWithoutBrowser :: m SelfServiceVerificationFlow,+    -- | Get all Identity Schemas+    listIdentitySchemas :: Maybe Integer -> Maybe Integer -> m [IdentitySchema],+    -- | This endpoint is useful for:  Displaying all other sessions that belong to the logged-in user+    listSessions :: Maybe Integer -> Maybe Integer -> Maybe Text -> Maybe Text -> m [Session],+    -- | This endpoint is useful for:  To forcefully logout the current user from another device or session+    revokeSession :: Text -> m NoContent,+    -- | This endpoint is useful for:  To forcefully logout the current user from all other devices and sessions+    revokeSessions :: Maybe Text -> Maybe Text -> m RevokedSessions,+    -- | :::info  This endpoint is EXPERIMENTAL and subject to potential breaking changes in the future.  :::  Use this endpoint to complete a login flow. This endpoint behaves differently for API and browser flows.  API flows expect `application/json` to be sent in the body and responds with HTTP 200 and a application/json body with the session token on success; HTTP 410 if the original flow expired with the appropriate Prelude.error messages set and optionally a `use_flow_id` parameter in the body; HTTP 400 on form validation Prelude.errors.  Browser flows expect a Content-Type of `application/x-www-form-urlencoded` or `application/json` to be sent in the body and respond with a HTTP 303 redirect to the post/after login URL or the `return_to` value if it was set and if the login succeeded; a HTTP 303 redirect to the login UI URL with the flow ID containing the validation Prelude.errors otherwise.  Browser flows with an accept header of `application/json` will not redirect but instead respond with HTTP 200 and a application/json body with the signed in identity and a `Set-Cookie` header on success; HTTP 303 redirect to a fresh login flow if the original flow expired with the appropriate Prelude.error messages set; HTTP 400 on form validation Prelude.errors.  If this endpoint is called with `Accept: application/json` in the header, the response contains the flow without a redirect. In the case of an Prelude.error, the `error.id` of the JSON response body can be one of:  `session_already_available`: The user is already signed in. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. Most likely used in Social Sign In flows.  More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).+    submitSelfServiceLoginFlow :: Maybe Text -> SubmitSelfServiceLoginFlowBody -> Maybe Text -> Maybe Text -> m SuccessfulSelfServiceLoginWithoutBrowser,+    -- | This endpoint logs out an identity in a self-service manner.  If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`.  If the `Accept` HTTP header is set to `application/json`, a 204 No Content response will be sent on successful logout instead.  This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). For API clients you can call the `/self-service/logout/api` URL directly with the Ory Session Token.  More information can be found at [Ory Kratos User Logout Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-logout).+    submitSelfServiceLogoutFlow :: Maybe Text -> Maybe Text -> m NoContent,+    -- | Use this endpoint to log out an identity using an Ory Session Token. If the Ory Session Token was successfully revoked, the server returns a 204 No Content response. A 204 No Content response is also sent when the Ory Session Token has been revoked already before.  If the Ory Session Token is malformed or does not exist a 403 Forbidden response will be returned.  This endpoint does not remove any HTTP Cookies - use the Browser-Based Self-Service Logout Flow instead.+    submitSelfServiceLogoutFlowWithoutBrowser :: SubmitSelfServiceLogoutFlowWithoutBrowserBody -> m NoContent,+    -- | Use this endpoint to complete a recovery flow. This endpoint behaves differently for API and browser flows and has several states:  `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent and works with API- and Browser-initiated flows. For API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid. and a HTTP 303 See Other redirect with a fresh recovery flow if the flow was otherwise invalid (e.g. expired). For Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Recovery UI URL with the Recovery Flow ID appended. `sent_email` is the success state after `choose_method` for the `link` method and allows the user to request another recovery email. It works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\"sending a recovery link\") does not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL (if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with a new Recovery Flow ID which contains an Prelude.error message that the recovery link was invalid.  More information can be found at [Ory Kratos Account Recovery Documentation](../self-service/flows/account-recovery).+    submitSelfServiceRecoveryFlow :: Maybe Text -> Maybe Text -> SubmitSelfServiceRecoveryFlowBody -> Maybe Text -> m SelfServiceRecoveryFlow,+    -- | Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint behaves differently for API and browser flows.  API flows expect `application/json` to be sent in the body and respond with HTTP 200 and a application/json body with the created identity success - if the session hook is configured the `session` and `session_token` will also be included; HTTP 410 if the original flow expired with the appropriate Prelude.error messages set and optionally a `use_flow_id` parameter in the body; HTTP 400 on form validation Prelude.errors.  Browser flows expect a Content-Type of `application/x-www-form-urlencoded` or `application/json` to be sent in the body and respond with a HTTP 303 redirect to the post/after registration URL or the `return_to` value if it was set and if the registration succeeded; a HTTP 303 redirect to the registration UI URL with the flow ID containing the validation Prelude.errors otherwise.  Browser flows with an accept header of `application/json` will not redirect but instead respond with HTTP 200 and a application/json body with the signed in identity and a `Set-Cookie` header on success; HTTP 303 redirect to a fresh login flow if the original flow expired with the appropriate Prelude.error messages set; HTTP 400 on form validation Prelude.errors.  If this endpoint is called with `Accept: application/json` in the header, the response contains the flow without a redirect. In the case of an Prelude.error, the `error.id` of the JSON response body can be one of:  `session_already_available`: The user is already signed in. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. Most likely used in Social Sign In flows.  More information can be found at [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login) and [User Registration Documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration).+    submitSelfServiceRegistrationFlow :: Maybe Text -> SubmitSelfServiceRegistrationFlowBody -> Maybe Text -> m SuccessfulSelfServiceRegistrationWithoutBrowser,+    -- | Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows.  API-initiated flows expect `application/json` to be sent in the body and respond with HTTP 200 and an application/json body with the session token on success; HTTP 303 redirect to a fresh settings flow if the original flow expired with the appropriate Prelude.error messages set; HTTP 400 on form validation Prelude.errors. HTTP 401 when the endpoint is called without a valid session token. HTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached or the session's AAL is too low. Implies that the user needs to re-authenticate.  Browser flows without HTTP Header `Accept` or with `Accept: text/*` respond with a HTTP 303 redirect to the post/after settings URL or the `return_to` value if it was set and if the flow succeeded; a HTTP 303 redirect to the Settings UI URL with the flow ID containing the validation Prelude.errors otherwise. a HTTP 303 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached or the session's AAL is too low.  Browser flows with HTTP Header `Accept: application/json` respond with HTTP 200 and a application/json body with the signed in identity and a `Set-Cookie` header on success; HTTP 303 redirect to a fresh login flow if the original flow expired with the appropriate Prelude.error messages set; HTTP 401 when the endpoint is called without a valid session cookie. HTTP 403 when the page is accessed without a session cookie or the session's AAL is too low. HTTP 400 on form validation Prelude.errors.  Depending on your configuration this endpoint might return a 403 Prelude.error if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this Prelude.error occurs, ask the user to sign in with the second factor (happens automatically for server-side browser flows) or change the configuration.  If this endpoint is called with a `Accept: application/json` HTTP header, the response contains the flow without a redirect. In the case of an Prelude.error, the `error.id` of the JSON response body can be one of:  `session_refresh_required`: The identity requested to change something that needs a privileged session. Redirect the identity to the login init endpoint with query parameters `?refresh=true&return_to=<the-current-browser-url>`, or initiate a refresh login flow otherwise. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `session_inactive`: No Ory Session was found - sign in a user first. `security_identity_mismatch`: The flow was interrupted with `session_refresh_required` but apparently some other identity logged in instead. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. Most likely used in Social Sign In flows.  More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).+    submitSelfServiceSettingsFlow :: Maybe Text -> SubmitSelfServiceSettingsFlowBody -> Maybe Text -> Maybe Text -> m SelfServiceSettingsFlow,+    -- | Use this endpoint to complete a verification flow. This endpoint behaves differently for API and browser flows and has several states:  `choose_method` expects `flow` (in the URL query) and `email` (in the body) to be sent and works with API- and Browser-initiated flows. For API clients and Browser clients with HTTP Header `Accept: application/json` it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid and a HTTP 303 See Other redirect with a fresh verification flow if the flow was otherwise invalid (e.g. expired). For Browser clients without HTTP Header `Accept` or with `Accept: text/*` it returns a HTTP 303 See Other redirect to the Verification UI URL with the Verification Flow ID appended. `sent_email` is the success state after `choose_method` when using the `link` method and allows the user to request another verification email. It works for both API and Browser-initiated flows and returns the same responses as the flow in `choose_method` state. `passed_challenge` expects a `token` to be sent in the URL query and given the nature of the flow (\"sending a verification link\") does not have any API capabilities. The server responds with a HTTP 303 See Other redirect either to the Settings UI URL (if the link was valid) and instructs the user to update their password, or a redirect to the Verification UI URL with a new Verification Flow ID which contains an Prelude.error message that the verification link was invalid.  More information can be found at [Ory Kratos Email and Phone Verification Documentation](https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation).+    submitSelfServiceVerificationFlow :: Maybe Text -> Maybe Text -> SubmitSelfServiceVerificationFlowBody -> Maybe Text -> m SelfServiceVerificationFlow,+    -- | Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response.  If you call this endpoint from a server-side application, you must forward the HTTP Cookie Header to this endpoint:  ```js pseudo-code example router.get('/protected-endpoint', async function (req, res) { const session = await client.toSession(undefined, req.header('cookie'))  console.log(session) }) ```  When calling this endpoint from a non-browser application (e.g. mobile app) you must include the session token:  ```js pseudo-code example ... const session = await client.toSession(\"the-session-token\")  console.log(session) ```  Depending on your configuration this endpoint might return a 403 status code if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this Prelude.error occurs, ask the user to sign in with the second factor or change the configuration.  This endpoint is useful for:  AJAX calls. Remember to send credentials and set up CORS correctly! Reverse proxies and API Gateways Server-side calls - use the `X-Session-Token` header!  This endpoint authenticates users by checking  if the `Cookie` HTTP header was set containing an Ory Kratos Session Cookie; if the `Authorization: bearer <ory-session-token>` HTTP header was set with a valid Ory Kratos Session Token; if the `X-Session-Token` HTTP header was set with a valid Ory Kratos Session Token.  If none of these headers are set or the cooke or token are invalid, the endpoint returns a HTTP 401 status code.  As explained above, this request may fail due to several reasons. The `error.id` can be one of:  `session_inactive`: No active session was found in the request (e.g. no Ory Session Cookie / Ory Session Token). `session_aal2_required`: An active session was found but it does not fulfil the Authenticator Assurance Level, implying that the session must (e.g.) authenticate the second factor.+    toSession :: Maybe Text -> Maybe Text -> m Session   }  newtype OryKratosClient a = OryKratosClient@@ -259,43 +308,51 @@ createOryKratosClient :: OryKratosBackend OryKratosClient createOryKratosClient = OryKratosBackend {..}   where-    ((coerce -> createIdentity) :<|>-     (coerce -> createRecoveryLink) :<|>-     (coerce -> deleteIdentity) :<|>-     (coerce -> getIdentity) :<|>-     (coerce -> listIdentities) :<|>-     (coerce -> prometheus) :<|>-     (coerce -> updateIdentity) :<|>-     (coerce -> isInstanceAlive) :<|>-     (coerce -> isInstanceReady) :<|>-     (coerce -> getSchema) :<|>-     (coerce -> getSelfServiceError) :<|>-     (coerce -> getSelfServiceLoginFlow) :<|>-     (coerce -> getSelfServiceRecoveryFlow) :<|>-     (coerce -> getSelfServiceRegistrationFlow) :<|>-     (coerce -> getSelfServiceSettingsFlow) :<|>-     (coerce -> getSelfServiceVerificationFlow) :<|>-     (coerce -> initializeSelfServiceBrowserLogoutFlow) :<|>-     (coerce -> initializeSelfServiceLoginForBrowsers) :<|>-     (coerce -> initializeSelfServiceLoginForNativeApps) :<|>-     (coerce -> initializeSelfServiceRecoveryForBrowsers) :<|>-     (coerce -> initializeSelfServiceRecoveryForNativeApps) :<|>-     (coerce -> initializeSelfServiceRegistrationForBrowsers) :<|>-     (coerce -> initializeSelfServiceRegistrationForNativeApps) :<|>-     (coerce -> initializeSelfServiceSettingsForBrowsers) :<|>-     (coerce -> initializeSelfServiceSettingsForNativeApps) :<|>-     (coerce -> initializeSelfServiceVerificationForBrowsers) :<|>-     (coerce -> initializeSelfServiceVerificationForNativeApps) :<|>-     (coerce -> revokeSession) :<|>-     (coerce -> submitSelfServiceLoginFlow) :<|>-     (coerce -> submitSelfServiceRecoveryFlow) :<|>-     (coerce -> submitSelfServiceRecoveryFlowWithLinkMethod) :<|>-     (coerce -> submitSelfServiceRegistrationFlow) :<|>-     (coerce -> submitSelfServiceSettingsFlow) :<|>-     (coerce -> submitSelfServiceVerificationFlow) :<|>-     (coerce -> toSession) :<|>-     (coerce -> getVersion) :<|>-     _) = client (Proxy :: Proxy OryKratosAPI)+    ( (coerce -> getVersion)+        :<|> (coerce -> isAlive)+        :<|> (coerce -> isReady)+        :<|> (coerce -> adminCreateIdentity)+        :<|> (coerce -> adminCreateSelfServiceRecoveryLink)+        :<|> (coerce -> adminDeleteIdentity)+        :<|> (coerce -> adminDeleteIdentitySessions)+        :<|> (coerce -> adminExtendSession)+        :<|> (coerce -> adminGetIdentity)+        :<|> (coerce -> adminListIdentities)+        :<|> (coerce -> adminListIdentitySessions)+        :<|> (coerce -> adminUpdateIdentity)+        :<|> (coerce -> createSelfServiceLogoutFlowUrlForBrowsers)+        :<|> (coerce -> getJsonSchema)+        :<|> (coerce -> getSelfServiceError)+        :<|> (coerce -> getSelfServiceLoginFlow)+        :<|> (coerce -> getSelfServiceRecoveryFlow)+        :<|> (coerce -> getSelfServiceRegistrationFlow)+        :<|> (coerce -> getSelfServiceSettingsFlow)+        :<|> (coerce -> getSelfServiceVerificationFlow)+        :<|> (coerce -> getWebAuthnJavaScript)+        :<|> (coerce -> initializeSelfServiceLoginFlowForBrowsers)+        :<|> (coerce -> initializeSelfServiceLoginFlowWithoutBrowser)+        :<|> (coerce -> initializeSelfServiceRecoveryFlowForBrowsers)+        :<|> (coerce -> initializeSelfServiceRecoveryFlowWithoutBrowser)+        :<|> (coerce -> initializeSelfServiceRegistrationFlowForBrowsers)+        :<|> (coerce -> initializeSelfServiceRegistrationFlowWithoutBrowser)+        :<|> (coerce -> initializeSelfServiceSettingsFlowForBrowsers)+        :<|> (coerce -> initializeSelfServiceSettingsFlowWithoutBrowser)+        :<|> (coerce -> initializeSelfServiceVerificationFlowForBrowsers)+        :<|> (coerce -> initializeSelfServiceVerificationFlowWithoutBrowser)+        :<|> (coerce -> listIdentitySchemas)+        :<|> (coerce -> listSessions)+        :<|> (coerce -> revokeSession)+        :<|> (coerce -> revokeSessions)+        :<|> (coerce -> submitSelfServiceLoginFlow)+        :<|> (coerce -> submitSelfServiceLogoutFlow)+        :<|> (coerce -> submitSelfServiceLogoutFlowWithoutBrowser)+        :<|> (coerce -> submitSelfServiceRecoveryFlow)+        :<|> (coerce -> submitSelfServiceRegistrationFlow)+        :<|> (coerce -> submitSelfServiceSettingsFlow)+        :<|> (coerce -> submitSelfServiceVerificationFlow)+        :<|> (coerce -> toSession)+        :<|> _+      ) = client (Proxy :: Proxy OryKratosAPI)  -- | Run requests in the OryKratosClient monad. runOryKratosClient :: Config -> OryKratosClient a -> ExceptT ClientError IO a@@ -331,8 +388,7 @@   Config ->   OryKratosBackend (ExceptT ServerError IO) ->   m ()-runOryKratosServer config =-  runOryKratosMiddlewareServer config requestMiddlewareId+runOryKratosServer config backend = runOryKratosMiddlewareServer config requestMiddlewareId backend  -- | Run the OryKratos server at the provided host and port. runOryKratosMiddlewareServer ::@@ -347,43 +403,57 @@         Warp.defaultSettings           & Warp.setPort (baseUrlPort url)           & Warp.setHost (fromString $ baseUrlHost url)-  liftIO $ Warp.runSettings warpSettings $ middleware $ serve (Proxy :: Proxy OryKratosAPI) (serverFromBackend backend)+  liftIO $ Warp.runSettings warpSettings $ middleware $ serverWaiApplicationOryKratos backend++-- | Plain "Network.Wai" Application for the OryKratos server.+--+-- Can be used to implement e.g. tests that call the API without a full webserver.+serverWaiApplicationOryKratos :: OryKratosBackend (ExceptT ServerError IO) -> Application+serverWaiApplicationOryKratos backend = serve (Proxy :: Proxy OryKratosAPI) (serverFromBackend backend)   where     serverFromBackend OryKratosBackend {..} =-      coerce createIdentity :<|>-       coerce createRecoveryLink :<|>-       coerce deleteIdentity :<|>-       coerce getIdentity :<|>-       coerce listIdentities :<|>-       coerce prometheus :<|>-       coerce updateIdentity :<|>-       coerce isInstanceAlive :<|>-       coerce isInstanceReady :<|>-       coerce getSchema :<|>-       coerce getSelfServiceError :<|>-       coerce getSelfServiceLoginFlow :<|>-       coerce getSelfServiceRecoveryFlow :<|>-       coerce getSelfServiceRegistrationFlow :<|>-       coerce getSelfServiceSettingsFlow :<|>-       coerce getSelfServiceVerificationFlow :<|>-       coerce initializeSelfServiceBrowserLogoutFlow :<|>-       coerce initializeSelfServiceLoginForBrowsers :<|>-       coerce initializeSelfServiceLoginForNativeApps :<|>-       coerce initializeSelfServiceRecoveryForBrowsers :<|>-       coerce initializeSelfServiceRecoveryForNativeApps :<|>-       coerce initializeSelfServiceRegistrationForBrowsers :<|>-       coerce initializeSelfServiceRegistrationForNativeApps :<|>-       coerce initializeSelfServiceSettingsForBrowsers :<|>-       coerce initializeSelfServiceSettingsForNativeApps :<|>-       coerce initializeSelfServiceVerificationForBrowsers :<|>-       coerce initializeSelfServiceVerificationForNativeApps :<|>-       coerce revokeSession :<|>-       coerce submitSelfServiceLoginFlow :<|>-       coerce submitSelfServiceRecoveryFlow :<|>-       coerce submitSelfServiceRecoveryFlowWithLinkMethod :<|>-       coerce submitSelfServiceRegistrationFlow :<|>-       coerce submitSelfServiceSettingsFlow :<|>-       coerce submitSelfServiceVerificationFlow :<|>-       coerce toSession :<|>-       coerce getVersion :<|>-       serveDirectoryFileServer "static"+      ( coerce getVersion+          :<|> coerce isAlive+          :<|> coerce isReady+          :<|> coerce adminCreateIdentity+          :<|> coerce adminCreateSelfServiceRecoveryLink+          :<|> coerce adminDeleteIdentity+          :<|> coerce adminDeleteIdentitySessions+          :<|> coerce adminExtendSession+          :<|> coerce adminGetIdentity+          :<|> coerce adminListIdentities+          :<|> coerce adminListIdentitySessions+          :<|> coerce adminUpdateIdentity+          :<|> coerce createSelfServiceLogoutFlowUrlForBrowsers+          :<|> coerce getJsonSchema+          :<|> coerce getSelfServiceError+          :<|> coerce getSelfServiceLoginFlow+          :<|> coerce getSelfServiceRecoveryFlow+          :<|> coerce getSelfServiceRegistrationFlow+          :<|> coerce getSelfServiceSettingsFlow+          :<|> coerce getSelfServiceVerificationFlow+          :<|> coerce getWebAuthnJavaScript+          :<|> coerce initializeSelfServiceLoginFlowForBrowsers+          :<|> coerce initializeSelfServiceLoginFlowWithoutBrowser+          :<|> coerce initializeSelfServiceRecoveryFlowForBrowsers+          :<|> coerce initializeSelfServiceRecoveryFlowWithoutBrowser+          :<|> coerce initializeSelfServiceRegistrationFlowForBrowsers+          :<|> coerce initializeSelfServiceRegistrationFlowWithoutBrowser+          :<|> coerce initializeSelfServiceSettingsFlowForBrowsers+          :<|> coerce initializeSelfServiceSettingsFlowWithoutBrowser+          :<|> coerce initializeSelfServiceVerificationFlowForBrowsers+          :<|> coerce initializeSelfServiceVerificationFlowWithoutBrowser+          :<|> coerce listIdentitySchemas+          :<|> coerce listSessions+          :<|> coerce revokeSession+          :<|> coerce revokeSessions+          :<|> coerce submitSelfServiceLoginFlow+          :<|> coerce submitSelfServiceLogoutFlow+          :<|> coerce submitSelfServiceLogoutFlowWithoutBrowser+          :<|> coerce submitSelfServiceRecoveryFlow+          :<|> coerce submitSelfServiceRegistrationFlow+          :<|> coerce submitSelfServiceSettingsFlow+          :<|> coerce submitSelfServiceVerificationFlow+          :<|> coerce toSession+          :<|> serveDirectoryFileServer "static"+      )
lib/OryKratos/Types.hs view
@@ -1,18 +1,18 @@ module OryKratos.Types-  ( module OryKratos.Types.Login,-    module OryKratos.Types.Misc,-    module OryKratos.Types.Recovery,-    module OryKratos.Types.Registration,-    module OryKratos.Types.Settings,-    module OryKratos.Types.Verification,+  ( module OryKratos.Types.Admin,+    module OryKratos.Types.Identity,+    module OryKratos.Types.Other,+    module OryKratos.Types.Payload,+    module OryKratos.Types.SelfService,+    module OryKratos.Types.Types,     module OryKratos.Types.Ui,   ) where -import OryKratos.Types.Login-import OryKratos.Types.Misc-import OryKratos.Types.Recovery-import OryKratos.Types.Registration-import OryKratos.Types.Settings-import OryKratos.Types.Verification+import OryKratos.Types.Admin+import OryKratos.Types.Identity+import OryKratos.Types.Other+import OryKratos.Types.Payload+import OryKratos.Types.SelfService+import OryKratos.Types.Types import OryKratos.Types.Ui
+ lib/OryKratos/Types/Admin.hs view
@@ -0,0 +1,159 @@+{-# OPTIONS_GHC -fno-warn-unused-binds -fno-warn-unused-imports #-}++module OryKratos.Types.Admin+  ( AdminCreateIdentityBody (..),+    AdminCreateIdentityImportCredentialsOidc (..),+    AdminCreateIdentityImportCredentialsOidcConfig (..),+    AdminCreateIdentityImportCredentialsOidcProvider (..),+    AdminCreateIdentityImportCredentialsPassword (..),+    AdminCreateIdentityImportCredentialsPasswordConfig (..),+    AdminCreateSelfServiceRecoveryLinkBody (..),+    AdminIdentityImportCredentials (..),+    AdminUpdateIdentityBody (..),+  )+where++import Data.Aeson (FromJSON (..), ToJSON (..), Value, genericParseJSON, genericToEncoding, genericToJSON)+import Data.Aeson.Types (Options (..), defaultOptions)+import qualified Data.Char as Char+import Data.Data (Data)+import Data.Function ((&))+import Data.List (stripPrefix)+import qualified Data.Map as Map+import Data.Maybe (fromMaybe)+import Data.Set (Set)+import Data.Swagger (ToSchema, declareNamedSchema)+import qualified Data.Swagger as Swagger+import Data.Text (Text)+import qualified Data.Text as T+import Data.Time+import Data.UUID (UUID)+import GHC.Generics (Generic)+import OryKratos.Types.Helper (removeFieldLabelPrefix)+import OryKratos.Types.Identity (IdentityState)+import OryKratos.Types.Types+  ( RecoveryAddress,+    VerifiableIdentityAddress,+  )++data AdminCreateIdentityBody = AdminCreateIdentityBody+  { credentials :: Maybe AdminIdentityImportCredentials,+    -- | Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/<id>`.+    metadata_admin :: Maybe Value,+    -- | Store metadata about the identity which the identity itself can see when calling for example the session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field.+    metadata_public :: Maybe Value,+    -- | RecoveryAddresses contains all the addresses that can be used to recover an identity.  Use this structure to import recovery addresses for an identity. Please keep in mind that the address needs to be represented in the Identity Schema or this field will be overwritten on the next identity update.+    recovery_addresses :: Maybe [RecoveryAddress],+    -- | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.+    schema_id :: Text,+    state :: Maybe IdentityState,+    -- | Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_url`.+    traits :: Value,+    -- | VerifiableAddresses contains all the addresses that can be verified by the user.  Use this structure to import verified addresses for an identity. Please keep in mind that the address needs to be represented in the Identity Schema or this field will be overwritten on the next identity update.+    verifiable_addresses :: Maybe [VerifiableIdentityAddress]+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON AdminCreateIdentityBody++instance ToJSON AdminCreateIdentityBody where+  toEncoding = genericToEncoding defaultOptions++data AdminCreateIdentityImportCredentialsOidc = AdminCreateIdentityImportCredentialsOidc+  { config :: Maybe AdminCreateIdentityImportCredentialsOidcConfig+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON AdminCreateIdentityImportCredentialsOidc++instance ToJSON AdminCreateIdentityImportCredentialsOidc where+  toEncoding = genericToEncoding defaultOptions++data AdminCreateIdentityImportCredentialsOidcConfig = AdminCreateIdentityImportCredentialsOidcConfig+  { config :: Maybe AdminCreateIdentityImportCredentialsPasswordConfig,+    -- | A list of OpenID Connect Providers+    providers :: Maybe [AdminCreateIdentityImportCredentialsOidcProvider]+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON AdminCreateIdentityImportCredentialsOidcConfig++instance ToJSON AdminCreateIdentityImportCredentialsOidcConfig where+  toEncoding = genericToEncoding defaultOptions++data AdminCreateIdentityImportCredentialsOidcProvider = AdminCreateIdentityImportCredentialsOidcProvider+  { -- | The OpenID Connect provider to link the subject to. Usually something like `google` or `github`.+    provider :: Text,+    -- | The subject (`sub`) of the OpenID Connect connection. Usually the `sub` field of the ID Token.+    subject :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON AdminCreateIdentityImportCredentialsOidcProvider++instance ToJSON AdminCreateIdentityImportCredentialsOidcProvider where+  toEncoding = genericToEncoding defaultOptions++data AdminCreateIdentityImportCredentialsPassword = AdminCreateIdentityImportCredentialsPassword+  { config :: Maybe AdminCreateIdentityImportCredentialsPasswordConfig+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON AdminCreateIdentityImportCredentialsPassword++instance ToJSON AdminCreateIdentityImportCredentialsPassword where+  toEncoding = genericToEncoding defaultOptions++data AdminCreateIdentityImportCredentialsPasswordConfig = AdminCreateIdentityImportCredentialsPasswordConfig+  { -- | The hashed password in [PHC format]( https://www.ory.sh/docs/kratos/concepts/credentials/username-email-password#hashed-password-format)+    hashed_password :: Maybe Text,+    -- | The password in plain text if no hash is available.+    password :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON AdminCreateIdentityImportCredentialsPasswordConfig++instance ToJSON AdminCreateIdentityImportCredentialsPasswordConfig where+  toEncoding = genericToEncoding defaultOptions++data AdminCreateSelfServiceRecoveryLinkBody = AdminCreateSelfServiceRecoveryLinkBody+  { -- | Link Expires In  The recovery link will expire at that point in time. Defaults to the configuration value of `selfservice.flows.recovery.request_lifespan`.+    expires_in :: Maybe Text,+    identity_id :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON AdminCreateSelfServiceRecoveryLinkBody++instance ToJSON AdminCreateSelfServiceRecoveryLinkBody where+  toEncoding = genericToEncoding defaultOptions++data AdminIdentityImportCredentials = AdminIdentityImportCredentials+  { oidc :: Maybe AdminCreateIdentityImportCredentialsOidc,+    password :: Maybe AdminCreateIdentityImportCredentialsPassword+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON AdminIdentityImportCredentials++instance ToJSON AdminIdentityImportCredentials where+  toEncoding = genericToEncoding defaultOptions++data AdminUpdateIdentityBody = AdminUpdateIdentityBody+  { -- | Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/<id>`.+    metadata_admin :: Maybe Value,+    -- | Store metadata about the identity which the identity itself can see when calling for example the session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field.+    metadata_public :: Maybe Value,+    -- | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set will update the Identity's SchemaID.+    schema_id :: Text,+    state :: IdentityState,+    -- | Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_id`.+    traits :: Value+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON AdminUpdateIdentityBody++instance ToJSON AdminUpdateIdentityBody where+  toEncoding = genericToEncoding defaultOptions
+ lib/OryKratos/Types/Helper.hs view
@@ -0,0 +1,84 @@+module OryKratos.Types.Helper (uncapitalize, removeFieldLabelPrefix, customOptions) where++import Data.Aeson.Types (Options (..), defaultOptions)+import qualified Data.Char as Char+import Data.Function ((&))+import Data.List (stripPrefix)+import Data.Maybe (fromMaybe)+import qualified Data.Text as T+import Data.Time ()++uncapitalize :: String -> String+uncapitalize (first : rest) = Char.toLower first : rest+uncapitalize [] = []++typeFieldRename :: String -> String+typeFieldRename "_type" = "type"+typeFieldRename "_data" = "data"+typeFieldRename "_pattern" = "pattern"+typeFieldRename x = x++customOptions :: Options+customOptions =+  defaultOptions+    { constructorTagModifier = typeFieldRename,+      fieldLabelModifier = typeFieldRename+    }++-- | Remove a field label prefix during JSON parsing.+--   Also perform any replacements for special characters.+--   The @forParsing@ parameter is to distinguish between the cases in which we're using this+--   to power a @FromJSON@ or a @ToJSON@ instance. In the first case we're parsing, and we want+--   to replace special characters with their quoted equivalents (because we cannot have special+--   chars in identifier names), while we want to do vice versa when sending data instead.+removeFieldLabelPrefix :: Bool -> String -> Options+removeFieldLabelPrefix forParsing prefix =+  defaultOptions+    { omitNothingFields = True,+      fieldLabelModifier = uncapitalize . fromMaybe (error ("did not find prefix " ++ prefix)) . stripPrefix prefix . replaceSpecialChars+    }+  where+    replaceSpecialChars field = foldl (&) field (map mkCharReplacement specialChars)+    specialChars =+      [ ("$", "'Dollar"),+        ("^", "'Caret"),+        ("|", "'Pipe"),+        ("=", "'Equal"),+        ("*", "'Star"),+        ("-", "'Dash"),+        ("&", "'Ampersand"),+        ("%", "'Percent"),+        ("#", "'Hash"),+        ("@", "'At"),+        ("!", "'Exclamation"),+        ("+", "'Plus"),+        (":", "'Colon"),+        (";", "'Semicolon"),+        (">", "'GreaterThan"),+        ("<", "'LessThan"),+        (".", "'Period"),+        ("_", "'Underscore"),+        ("?", "'Question_Mark"),+        (",", "'Comma"),+        ("'", "'Quote"),+        ("/", "'Slash"),+        ("(", "'Left_Parenthesis"),+        (")", "'Right_Parenthesis"),+        ("{", "'Left_Curly_Bracket"),+        ("}", "'Right_Curly_Bracket"),+        ("[", "'Left_Square_Bracket"),+        ("]", "'Right_Square_Bracket"),+        ("~", "'Tilde"),+        ("`", "'Backtick"),+        ("<=", "'Less_Than_Or_Equal_To"),+        (">=", "'Greater_Than_Or_Equal_To"),+        ("!=", "'Not_Equal"),+        ("~=", "'Tilde_Equal"),+        ("\\", "'Back_Slash"),+        ("\"", "'Double_Quote")+      ]+    mkCharReplacement (replaceStr, searchStr) = T.unpack . replacer (T.pack searchStr) (T.pack replaceStr) . T.pack+    replacer =+      if forParsing+        then flip T.replace+        else T.replace
+ lib/OryKratos/Types/Identity.hs view
@@ -0,0 +1,179 @@+{-# OPTIONS_GHC -fno-warn-unused-binds -fno-warn-unused-imports #-}++module OryKratos.Types.Identity+  ( Identity (..),+    IdentityCredentials (..),+    IdentityCredentialsOidc (..),+    IdentityCredentialsOidcProvider (..),+    IdentityCredentialsPassword (..),+    IdentityCredentialsType (..),+    IdentitySchema (..),+    IdentityState (..),+  )+where++import Data.Aeson (FromJSON (..), ToJSON (..), Value, genericParseJSON, genericToEncoding, genericToJSON)+import qualified Data.Aeson as Aeson+import Data.Aeson.Types (Options (..), defaultOptions)+import qualified Data.Char as Char+import Data.Data (Data)+import Data.Function ((&))+import Data.List (stripPrefix)+import qualified Data.Map as Map+import Data.Maybe (fromMaybe)+import Data.Set (Set)+import Data.Swagger (ToSchema, declareNamedSchema)+import qualified Data.Swagger as Swagger+import Data.Text (Text)+import qualified Data.Text as T+import Data.Time+import Data.UUID (UUID)+import GHC.Generics (Generic)+import OryKratos.Types.Helper (customOptions, removeFieldLabelPrefix)+import OryKratos.Types.Types+  ( RecoveryAddress,+    VerifiableIdentityAddress,+  )++-- | An identity can be a real human, a service, an IoT device - everything that can be described as an \&quot;actor\&quot; in a system.+data Identity = Identity+  { -- | CreatedAt is a helper struct field for gobuffalo.pop.+    created_at :: Maybe UTCTime,+    -- | Credentials represents all credentials that can be used for authenticating this identity.+    credentials :: Maybe (Map.Map String IdentityCredentials),+    id :: Text,+    -- | NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-+    metadata_admin :: Maybe Value,+    -- | NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-+    metadata_public :: Maybe Value,+    -- | RecoveryAddresses contains all the addresses that can be used to recover an identity.+    recovery_addresses :: Maybe [RecoveryAddress],+    -- | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.+    schema_id :: Text,+    -- | SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.  format: url+    schema_url :: Text,+    state :: Maybe IdentityState,+    state_changed_at :: Maybe UTCTime,+    -- | Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_url`.+    traits :: Value,+    -- | UpdatedAt is a helper struct field for gobuffalo.pop.+    updated_at :: Maybe UTCTime,+    -- | VerifiableAddresses contains all the addresses that can be verified by the user.+    verifiable_addresses :: Maybe [VerifiableIdentityAddress]+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON Identity++instance ToJSON Identity where+  toEncoding = genericToEncoding defaultOptions++-- | Credentials represents a specific credential type+data IdentityCredentials = IdentityCredentials+  { config :: Maybe Value,+    -- | CreatedAt is a helper struct field for gobuffalo.pop.+    created_at :: Maybe UTCTime,+    -- | Identifiers represents a list of unique identifiers this credential type matches.+    identifiers :: Maybe [Text],+    _type :: Maybe IdentityCredentialsType,+    -- | UpdatedAt is a helper struct field for gobuffalo.pop.+    updated_at :: Maybe UTCTime,+    -- | Version refers to the version of the credential. Useful when changing the config schema.+    version :: Maybe Integer+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON IdentityCredentials where+  parseJSON = genericParseJSON customOptions++instance ToJSON IdentityCredentials where+  toJSON = genericToJSON customOptions+  toEncoding = genericToEncoding customOptions++data IdentityCredentialsOidc = IdentityCredentialsOidc+  { providers :: Maybe [IdentityCredentialsOidcProvider]+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON IdentityCredentialsOidc++instance ToJSON IdentityCredentialsOidc where+  toEncoding = genericToEncoding defaultOptions++data IdentityCredentialsOidcProvider = IdentityCredentialsOidcProvider+  { initial_access_token :: Maybe Text,+    initial_id_token :: Maybe Text,+    initial_refresh_token :: Maybe Text,+    provider :: Maybe Text,+    subject :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON IdentityCredentialsOidcProvider++instance ToJSON IdentityCredentialsOidcProvider where+  toEncoding = genericToEncoding defaultOptions++data IdentityCredentialsPassword = IdentityCredentialsPassword+  { -- | HashedPassword is a hash-representation of the password.+    hashed_password :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON IdentityCredentialsPassword++instance ToJSON IdentityCredentialsPassword where+  toEncoding = genericToEncoding defaultOptions++-- | and so on.+data IdentityCredentialsType+  = Password+  | TOTP+  | OIDC+  | WebAuthn+  | LookupSecret+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON IdentityCredentialsType where+  parseJSON (Aeson.String s) = case T.unpack s of+    "password" -> return Password+    "totp" -> return TOTP+    "oidc" -> return OIDC+    "webauthn" -> return WebAuthn+    "lookup_secret" -> return LookupSecret+    _ -> error "Invalid IdentityCredentialsType"+  parseJSON _ = error "Invalid IdentityCredentialsType"++instance ToJSON IdentityCredentialsType where+  toJSON (Password) = Aeson.String "password"+  toJSON (TOTP) = Aeson.String "totp"+  toJSON (OIDC) = Aeson.String "oidc"+  toJSON (WebAuthn) = Aeson.String "webauthn"+  toJSON (LookupSecret) = Aeson.String "lookup_secret"++data IdentitySchema = IdentitySchema+  { -- | The ID of the Identity JSON Schema+    id :: Maybe Text,+    -- | The actual Identity JSON Schema+    schema :: Maybe Value+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON IdentitySchema++instance ToJSON IdentitySchema where+  toEncoding = genericToEncoding defaultOptions++-- | The state can either be &#x60;active&#x60; or &#x60;inactive&#x60;.+data IdentityState = IdentityStateActive | IdentityStateInactive deriving stock (Show, Eq, Generic, Data)++instance FromJSON IdentityState where+  parseJSON (Aeson.String s) = case T.unpack s of+    "active" -> return IdentityStateActive+    "inactive" -> return IdentityStateInactive+    _ -> error "Invalid IdentityState"+  parseJSON _ = error "Invalid IdentityState"++instance ToJSON IdentityState where+  toJSON (IdentityStateActive) = Aeson.String "active"+  toJSON (IdentityStateInactive) = Aeson.String "inactive"
− lib/OryKratos/Types/Login.hs
@@ -1,98 +0,0 @@-module OryKratos.Types.Login-  ( LoginFlow (..),-    LoginViaApiResponse (..),-    AuthenticateOKBody (..),-    SubmitSelfServiceLoginFlowWithPasswordMethod (..),-  )-where--import OryKratos.Types.Misc (Session)-import OryKratos.Types.Ui (UiContainer)-import Pre---- | This object represents a login flow. A login flow is initiated at the \&quot;Initiate Login API / Browser Flow\&quot; endpoint by a client.  Once a login flow is completed successfully, a session cookie or session token will be issued.-data LoginFlow = LoginFlow-  { -- | and so on.-    active :: Maybe Text,-    -- | CreatedAt is a helper struct field for gobuffalo.pop.-    created_at :: Maybe UTCTime,-    -- | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated.-    expires_at :: UTCTime,-    -- | Forced stores whether this login flow should enforce re-authentication.-    forced :: Maybe Bool,-    -- |-    id :: Text,-    -- | IssuedAt is the time (UTC) when the flow started.-    issued_at :: UTCTime,-    -- | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example.-    request_url :: Text,-    -- | The flow type can either be `api` or `browser`.-    _type :: Text,-    -- |-    ui :: UiContainer,-    -- | UpdatedAt is a helper struct field for gobuffalo.pop.-    updated_at :: Maybe UTCTime-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON LoginFlow where-  parseJSON =-    genericParseJSON-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }--instance ToJSON LoginFlow where-  toEncoding =-    genericToEncoding-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }---- | The Response for Login Flows via API-data LoginViaApiResponse = LoginViaApiResponse-  { -- |-    session :: Session,-    -- | The Session Token  A session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization Header:  Authorization: bearer ${session-token}  The session token is only issued for API flows, not for Browser flows!-    session_token :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON LoginViaApiResponse--instance ToJSON LoginViaApiResponse where-  toEncoding = genericToEncoding defaultOptions---- | AuthenticateOKBody authenticate o k body-data AuthenticateOKBody = AuthenticateOKBody-  { -- | An opaque token used to authenticate a user after a successful login-    identity_token :: Text,-    -- | The status of the authentication-    status :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON AuthenticateOKBody--instance ToJSON AuthenticateOKBody where-  toEncoding = genericToEncoding defaultOptions---- |-data SubmitSelfServiceLoginFlowWithPasswordMethod = SubmitSelfServiceLoginFlowWithPasswordMethod-  { -- | Sending the anti-csrf token is only required for browser login flows.-    csrf_token :: Maybe Text,-    -- | Method should be set to \"password\" when logging in using the identifier and password strategy.-    method :: Maybe Text,-    -- | The user's password.-    password :: Maybe Text,-    -- | Identifier is the email or username of the user trying to log in.-    password_identifier :: Maybe Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON SubmitSelfServiceLoginFlowWithPasswordMethod--instance ToJSON SubmitSelfServiceLoginFlowWithPasswordMethod where-  toEncoding = genericToEncoding defaultOptions
− lib/OryKratos/Types/Misc.hs
@@ -1,608 +0,0 @@-module OryKratos.Types.Misc-  ( Message (..),-    ErrorContainer (..),-    FormField (..),-    GenericError (..),-    HealthNotReadyStatus (..),-    HealthStatus (..),-    CreateIdentity (..),-    CreateRecoveryLink (..),-    Identity (..),-    RevokeSession (..),-    Session (..),-    UpdateIdentity (..),-    VerifiableIdentityAddress (..),-    Version (..),-    RecoveryAddress (..),-    ContainerChangeResponseItem (..),-    ContainerCreateCreatedBody (..),-    ContainerTopOKBody (..),-    ContainerUpdateOKBody (..),-    ContainerWaitOKBody (..),-    ContainerWaitOKBodyError (..),-    ErrorResponse (..),-    GraphDriverData (..),-    IdResponse (..),-    ImageSummary (..),-    ImageDeleteResponseItem (..),-    JsonError (..),-    SelfServiceErrorContainer (..),-  )-where--import Pre---- |-data Message = Message-  { -- |-    context :: Maybe Value,-    -- |-    id :: Maybe Integer,-    -- |-    text :: Maybe Text,-    -- | The flow type can either be `api` or `browser`.-    _type :: Maybe Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON Message where-  parseJSON =-    genericParseJSON-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }--instance ToJSON Message where-  toEncoding =-    genericToEncoding-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }---- |-data ErrorContainer = ErrorContainer-  { -- | Errors in the container-    errors :: Value,-    -- |-    id :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON ErrorContainer--instance ToJSON ErrorContainer where-  toEncoding = genericToEncoding defaultOptions---- | Field represents a HTML Form Field-data FormField = FormField-  { -- | Disabled is the equivalent of `<input {{if .Disabled}}disabled{{end}}\">`-    disabled :: Maybe Bool,-    -- |-    messages :: Maybe [Message],-    -- | Name is the equivalent of `<input name=\"{{.Name}}\">`-    name :: Text,-    -- | Pattern is the equivalent of `<input pattern=\"{{.Pattern}}\">`-    p :: Maybe Text,-    -- | Required is the equivalent of `<input required=\"{{.Required}}\">`-    required :: Maybe Bool,-    -- | Type is the equivalent of `<input type=\"{{.Type}}\">`-    _type :: Text,-    -- | Value is the equivalent of `<input value=\"{{.Value}}\">`-    value :: Maybe Value-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON FormField where-  parseJSON =-    genericParseJSON-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }--instance ToJSON FormField where-  toEncoding =-    genericToEncoding-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }---- | Error responses are sent when an error (e.g. unauthorized, bad request, ...) occurred.-data GenericError = GenericError-  { -- | The status code-    code :: Maybe Integer,-    -- | Debug information  This field is often not exposed to protect against leaking sensitive information.-    debug :: Maybe Text,-    -- | Further error details-    details :: Maybe Value,-    -- | Error message  The error's message.-    message :: Text,-    -- | A human-readable reason for the error-    reason :: Maybe Text,-    -- | The request ID  The request ID is often exposed internally in order to trace errors across service architectures. This is often a UUID.-    request :: Maybe Text,-    -- | The status description-    status :: Maybe Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON GenericError--instance ToJSON GenericError where-  toEncoding = genericToEncoding defaultOptions---- |-data HealthNotReadyStatus = HealthNotReadyStatus-  { -- | Errors contains a list of errors that caused the not ready status.-    errors :: Maybe (Map String Text)-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON HealthNotReadyStatus--instance ToJSON HealthNotReadyStatus where-  toEncoding = genericToEncoding defaultOptions---- |-data HealthStatus = HealthStatus-  { -- | Status always contains \"ok\".-    status :: Maybe Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON HealthStatus--instance ToJSON HealthStatus where-  toEncoding = genericToEncoding defaultOptions---- |-data CompleteSelfServiceLoginFlowWithPasswordMethod = CompleteSelfServiceLoginFlowWithPasswordMethod-  { -- | Sending the anti-csrf token is only required for browser login flows.-    csrf_token :: Maybe Text,-    -- | Identifier is the email or username of the user trying to log in.-    identifier :: Maybe Text,-    -- | The user's password.-    password :: Maybe Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON CompleteSelfServiceLoginFlowWithPasswordMethod--instance ToJSON CompleteSelfServiceLoginFlowWithPasswordMethod where-  toEncoding = genericToEncoding defaultOptions---- |-data CompleteSelfServiceRecoveryFlowWithLinkMethod = CompleteSelfServiceRecoveryFlowWithLinkMethod-  { -- | Sending the anti-csrf token is only required for browser login flows.-    csrf_token :: Maybe Text,-    -- | Email to Recover  Needs to be set when initiating the flow. If the email is a registered recovery email, a recovery link will be sent. If the email is not known, a email with details on what happened will be sent instead.  format: email in: body-    email :: Maybe Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON CompleteSelfServiceRecoveryFlowWithLinkMethod--instance ToJSON CompleteSelfServiceRecoveryFlowWithLinkMethod where-  toEncoding = genericToEncoding defaultOptions---- |-data CompleteSelfServiceSettingsFlowWithPasswordMethod = CompleteSelfServiceSettingsFlowWithPasswordMethod-  { -- | CSRFToken is the anti-CSRF token  type: string-    csrf_token :: Maybe Text,-    -- | Password is the updated password  type: string-    password :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON CompleteSelfServiceSettingsFlowWithPasswordMethod--instance ToJSON CompleteSelfServiceSettingsFlowWithPasswordMethod where-  toEncoding = genericToEncoding defaultOptions---- |-data CompleteSelfServiceVerificationFlowWithLinkMethod = CompleteSelfServiceVerificationFlowWithLinkMethod-  { -- | Sending the anti-csrf token is only required for browser login flows.-    csrf_token :: Maybe Text,-    -- | Email to Verify  Needs to be set when initiating the flow. If the email is a registered verification email, a verification link will be sent. If the email is not known, a email with details on what happened will be sent instead.  format: email in: body-    email :: Maybe Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON CompleteSelfServiceVerificationFlowWithLinkMethod--instance ToJSON CompleteSelfServiceVerificationFlowWithLinkMethod where-  toEncoding = genericToEncoding defaultOptions---- |-data CreateIdentity = CreateIdentity-  { -- | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.-    schema_id :: Text,-    -- | Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_url`.-    traits :: Value-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON CreateIdentity--instance ToJSON CreateIdentity where-  toEncoding = genericToEncoding defaultOptions---- |-data CreateRecoveryLink = AdminCreateSelfServiceRecoveryLinkBody-  { -- | Link Expires In  The recovery link will expire at that point in time. Defaults to the configuration value of `selfservice.flows.recovery.request_lifespan`.-    expires_in :: Maybe Text,-    -- |-    identity_id :: UUID-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON CreateRecoveryLink--instance ToJSON CreateRecoveryLink where-  toEncoding = genericToEncoding defaultOptions---- |-data Identity = Identity-  { -- | CreatedAt is a helper struct field for gobuffalo.pop.-    created_at :: Maybe UTCTime,-    -- |-    id :: Text,-    -- | RecoveryAddresses contains all the addresses that can be used to recover an identity.-    recovery_addresses :: Maybe [RecoveryAddress],-    -- | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.-    schema_id :: Text,-    -- | SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.  format: url-    schema_url :: Text,-    -- | Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_url`.-    traits :: Value,-    -- | UpdatedAt is a helper struct field for gobuffalo.pop.-    updated_at :: Maybe UTCTime,-    -- | VerifiableAddresses contains all the addresses that can be verified by the user.-    verifiable_addresses :: Maybe [VerifiableIdentityAddress]-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON Identity--instance ToJSON Identity where-  toEncoding = genericToEncoding defaultOptions---- | Credentials represents a specific credential type-data IdentityCredentials = IdentityCredentials-  { -- |-    config :: Maybe Value,-    -- | CreatedAt is a helper struct field for gobuffalo.pop.-    created_at :: Maybe UTCTime,-    -- | Identifiers represents a list of unique identifiers this credential type matches.-    identifiers :: Maybe [Text],-    -- | and so on.-    _type :: Maybe Text,-    -- | UpdatedAt is a helper struct field for gobuffalo.pop.-    updated_at :: Maybe UTCTime-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON IdentityCredentials where-  parseJSON =-    genericParseJSON-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }--instance ToJSON IdentityCredentials where-  toEncoding =-    genericToEncoding-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }---- |-data RevokeSession = RevokeSession-  { -- | The Session Token  Invalidate this session token.-    session_token :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON RevokeSession--instance ToJSON RevokeSession where-  toEncoding = genericToEncoding defaultOptions---- |-data Session = Session-  { -- |-    active :: Maybe Bool,-    -- |-    authenticated_at :: UTCTime,-    -- |-    expires_at :: UTCTime,-    -- |-    id :: UUID,-    -- |-    identity :: Identity,-    -- |-    issued_at :: UTCTime-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON Session--instance ToJSON Session where-  toEncoding = genericToEncoding defaultOptions---- |-data UpdateIdentity = UpdateIdentity-  { -- | SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set will update the Identity's SchemaID.-    schema_id :: Maybe Text,-    -- | State is the identity's state.-    state :: Value,-    -- | Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_id`.-    traits :: Value-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON UpdateIdentity--instance ToJSON UpdateIdentity where-  toEncoding = genericToEncoding defaultOptions---- |-data VerifiableIdentityAddress = VerifiableIdentityAddress-  { -- | When this entry was created-    created_at :: Maybe UTCTime,-    -- |-    id :: UUID,-    -- | VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema-    status :: Text,-    -- | When this entry was last updated-    updated_at :: Maybe UTCTime,-    -- | The address value  example foo@user.com-    value :: Text,-    -- | Indicates if the address has already been verified-    verified :: Bool,-    -- |-    verified_at :: Maybe UTCTime,-    -- | VerifiableAddressType must not exceed 16 characters as that is the limitation in the SQL Schema-    via :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON VerifiableIdentityAddress--instance ToJSON VerifiableIdentityAddress where-  toEncoding = genericToEncoding defaultOptions---- |-data Version = Version-  { -- | Version is the service's version.-    version :: Maybe Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON Version--instance ToJSON Version where-  toEncoding = genericToEncoding defaultOptions---- |-data RecoveryAddress = RecoveryAddress-  { -- |-    id :: UUID,-    -- |-    value :: Text,-    -- |-    via :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON RecoveryAddress--instance ToJSON RecoveryAddress where-  toEncoding = genericToEncoding defaultOptions---- | ContainerChangeResponseItem change item in response to ContainerChanges operation-data ContainerChangeResponseItem = ContainerChangeResponseItem-  { -- | Kind of change-    item_kind :: Int,-    -- | Path to file that has changed-    item_path :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON ContainerChangeResponseItem--instance ToJSON ContainerChangeResponseItem where-  toEncoding = genericToEncoding defaultOptions---- | ContainerCreateCreatedBody OK response to ContainerCreate operation-data ContainerCreateCreatedBody = ContainerCreateCreatedBody-  { -- | The ID of the created container-    id :: Text,-    -- | Warnings encountered when creating the container-    warnings :: [Text]-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON ContainerCreateCreatedBody--instance ToJSON ContainerCreateCreatedBody where-  toEncoding = genericToEncoding defaultOptions---- | ContainerTopOKBody OK response to ContainerTop operation-data ContainerTopOKBody = ContainerTopOKBody-  { -- | Each process running in the container, where each is process is an array of values corresponding to the titles-    processes :: [[Text]],-    -- | The ps column titles-    titles :: [Text]-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON ContainerTopOKBody--instance ToJSON ContainerTopOKBody where-  toEncoding = genericToEncoding defaultOptions---- | ContainerUpdateOKBody OK response to ContainerUpdate operation-data ContainerUpdateOKBody = ContainerUpdateOKBody-  { -- | warnings-    warnings :: [Text]-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON ContainerUpdateOKBody--instance ToJSON ContainerUpdateOKBody where-  toEncoding = genericToEncoding defaultOptions---- | ContainerWaitOKBody OK response to ContainerWait operation-data ContainerWaitOKBody = ContainerWaitOKBody-  { -- |-    error :: ContainerWaitOKBodyError,-    -- | Exit code of the container-    status_code :: Integer-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON ContainerWaitOKBody--instance ToJSON ContainerWaitOKBody where-  toEncoding = genericToEncoding defaultOptions---- | ContainerWaitOKBodyError container waiting error, if any-data ContainerWaitOKBodyError = ContainerWaitOKBodyError-  { -- | Details of an error-    error_message :: Maybe Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON ContainerWaitOKBodyError--instance ToJSON ContainerWaitOKBodyError where-  toEncoding = genericToEncoding defaultOptions---- |-data ErrorResponse = ErrorResponse-  { -- | The error message.-    message :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON ErrorResponse--instance ToJSON ErrorResponse where-  toEncoding = genericToEncoding defaultOptions--data GraphDriverData = GraphDriverData-  { -- | data-    _data :: Map String Text,-    -- | name-    name :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON GraphDriverData where-  parseJSON =-    genericParseJSON-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }--instance ToJSON GraphDriverData where-  toEncoding =-    genericToEncoding-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }---- | IDResponse Response to an API call that returns just an Id-data IdResponse = IdResponse-  { -- | The id of the newly created object.-    id :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON IdResponse--instance ToJSON IdResponse where-  toEncoding = genericToEncoding defaultOptions---- | ImageDeleteResponseItem image delete response item-data ImageDeleteResponseItem = ImageDeleteResponseItem-  { -- | The image ID of an image that was deleted-    deleted :: Maybe Text,-    -- | The image ID of an image that was untagged-    untagged :: Maybe Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON ImageDeleteResponseItem--instance ToJSON ImageDeleteResponseItem where-  toEncoding = genericToEncoding defaultOptions---- | ImageSummary image summary-data ImageSummary = ImageSummary-  { -- | containers-    containers :: Integer,-    -- | created-    created :: Integer,-    -- | Id-    id :: Text,-    -- | labels-    labels :: Map String Text,-    -- | parent Id-    parent_id :: Text,-    -- | repo digests-    repo_digests :: [Text],-    -- | repo tags-    repo_tags :: [Text],-    -- | shared size-    shared_size :: Integer,-    -- | size-    size :: Integer,-    -- | virtual size-    virtual_size :: Integer-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON ImageSummary--instance ToJSON ImageSummary where-  toEncoding = genericToEncoding defaultOptions---- | The standard Ory JSON API error format.-data JsonError = JsonError-  { -- |-    error :: GenericError-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON JsonError--instance ToJSON JsonError where-  toEncoding = genericToEncoding defaultOptions---- |-data SelfServiceErrorContainer = SelfServiceErrorContainer-  { -- | CreatedAt is a helper struct field for gobuffalo.pop.-    created_at :: Maybe UTCTime,-    -- | Errors in the container-    errors :: Value,-    -- |-    id :: Text,-    -- | UpdatedAt is a helper struct field for gobuffalo.pop.-    updated_at :: Maybe UTCTime-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON SelfServiceErrorContainer--instance ToJSON SelfServiceErrorContainer where-  toEncoding = genericToEncoding defaultOptions
+ lib/OryKratos/Types/Other.hs view
@@ -0,0 +1,98 @@+{-# OPTIONS_GHC -fno-warn-unused-binds -fno-warn-unused-imports #-}++module OryKratos.Types.Other+  ( Session (..),+    SettingsProfileFormConfig (..),+    SuccessfulSelfServiceLoginWithoutBrowser (..),+    SuccessfulSelfServiceRegistrationWithoutBrowser (..),+  )+where++import Data.Aeson (FromJSON (..), ToJSON (..), Value, genericParseJSON, genericToEncoding, genericToJSON)+import Data.Aeson.Types (Options (..), defaultOptions)+import qualified Data.Char as Char+import Data.Data (Data)+import Data.Function ((&))+import Data.List (stripPrefix)+import qualified Data.Map as Map+import Data.Maybe (fromMaybe)+import Data.Set (Set)+import Data.Swagger (ToSchema, declareNamedSchema)+import qualified Data.Swagger as Swagger+import Data.Text (Text)+import qualified Data.Text as T+import Data.Time+import Data.UUID (UUID)+import GHC.Generics (Generic)+import OryKratos.Types.Helper (removeFieldLabelPrefix)+import OryKratos.Types.Identity (Identity)+import OryKratos.Types.Types+  ( AuthenticatorAssuranceLevel,+    SessionAuthenticationMethod,+  )+import OryKratos.Types.Ui (UiNode, UiText)++-- | A Session+data Session = Session+  { -- | Active state. If false the session is no longer active.+    active :: Maybe Bool,+    -- | The Session Authentication Timestamp  When this session was authenticated at. If multi-factor authentication was used this is the time when the last factor was authenticated (e.g. the TOTP code challenge was completed).+    authenticated_at :: Maybe UTCTime,+    -- | A list of authenticators which were used to authenticate the session.+    authentication_methods :: Maybe [SessionAuthenticationMethod],+    authenticator_assurance_level :: Maybe AuthenticatorAssuranceLevel,+    -- | The Session Expiry  When this session expires at.+    expires_at :: Maybe UTCTime,+    id :: Text,+    identity :: Identity,+    -- | The Session Issuance Timestamp  When this session was issued at. Usually equal or close to `authenticated_at`.+    issued_at :: Maybe UTCTime+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON Session++instance ToJSON Session where+  toEncoding = genericToEncoding defaultOptions++data SettingsProfileFormConfig = SettingsProfileFormConfig+  { -- | Action should be used as the form action URL `<form action=\"{{ .Action }}\" method=\"post\">`.+    action :: Text,+    messages :: Maybe [UiText],+    -- | Method is the form method (e.g. POST)+    method :: Text,+    nodes :: [UiNode]+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SettingsProfileFormConfig++instance ToJSON SettingsProfileFormConfig where+  toEncoding = genericToEncoding defaultOptions++-- | The Response for Login Flows via API+data SuccessfulSelfServiceLoginWithoutBrowser = SuccessfulSelfServiceLoginWithoutBrowser+  { session :: Session,+    -- | The Session Token  A session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization Header:  Authorization: bearer ${session-token}  The session token is only issued for API flows, not for Browser flows!+    session_token :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SuccessfulSelfServiceLoginWithoutBrowser++instance ToJSON SuccessfulSelfServiceLoginWithoutBrowser where+  toEncoding = genericToEncoding defaultOptions++-- | The Response for Registration Flows via API+data SuccessfulSelfServiceRegistrationWithoutBrowser = SuccessfulSelfServiceRegistrationWithoutBrowser+  { identity :: Identity,+    session :: Maybe Session,+    -- | The Session Token  This field is only set when the session hook is configured as a post-registration hook.  A session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization Header:  Authorization: bearer ${session-token}  The session token is only issued for API flows, not for Browser flows!+    session_token :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SuccessfulSelfServiceRegistrationWithoutBrowser++instance ToJSON SuccessfulSelfServiceRegistrationWithoutBrowser where+  toEncoding = genericToEncoding defaultOptions
+ lib/OryKratos/Types/Payload.hs view
@@ -0,0 +1,458 @@+{-# OPTIONS_GHC -fno-warn-unused-binds -fno-warn-unused-imports #-}++module OryKratos.Types.Payload+  ( SubmitSelfServiceLoginFlowBody (..),+    SubmitSelfServiceLoginFlowWithLookupSecretMethodBody (..),+    SubmitSelfServiceLoginFlowWithOidcMethodBody (..),+    SubmitSelfServiceLoginFlowWithPasswordMethodBody (..),+    SubmitSelfServiceLoginFlowWithTotpMethodBody (..),+    SubmitSelfServiceLoginFlowWithWebAuthnMethodBody (..),+    SubmitSelfServiceLogoutFlowWithoutBrowserBody (..),+    SubmitSelfServiceRecoveryFlowBody (..),+    SubmitSelfServiceRecoveryFlowWithLinkMethodBody (..),+    SubmitSelfServiceRegistrationFlowBody (..),+    SubmitSelfServiceRegistrationFlowWithOidcMethodBody (..),+    SubmitSelfServiceRegistrationFlowWithPasswordMethodBody (..),+    SubmitSelfServiceRegistrationFlowWithWebAuthnMethodBody (..),+    SubmitSelfServiceSettingsFlowBody (..),+    SubmitSelfServiceSettingsFlowWithLookupMethodBody (..),+    SubmitSelfServiceSettingsFlowWithOidcMethodBody (..),+    SubmitSelfServiceSettingsFlowWithPasswordMethodBody (..),+    SubmitSelfServiceSettingsFlowWithProfileMethodBody (..),+    SubmitSelfServiceSettingsFlowWithTotpMethodBody (..),+    SubmitSelfServiceSettingsFlowWithWebAuthnMethodBody (..),+    SubmitSelfServiceVerificationFlowBody (..),+    SubmitSelfServiceVerificationFlowWithLinkMethodBody (..),+  )+where++import Data.Aeson (FromJSON (..), ToJSON (..), Value, genericParseJSON, genericToEncoding, genericToJSON)+import Data.Aeson.Types (Options (..), defaultOptions)+import qualified Data.Char as Char+import Data.Data (Data)+import Data.Function ((&))+import Data.List (stripPrefix)+import qualified Data.Map as Map+import Data.Maybe (fromMaybe)+import Data.Set (Set)+import Data.Swagger (ToSchema, declareNamedSchema)+import qualified Data.Swagger as Swagger+import Data.Text (Text)+import qualified Data.Text as T+import Data.Time+import Data.UUID (UUID)+import GHC.Generics (Generic)+import OryKratos.Types.Helper (removeFieldLabelPrefix)++data SubmitSelfServiceLoginFlowBody = SubmitSelfServiceLoginFlowBody+  { -- | Sending the anti-csrf token is only required for browser login flows.+    csrf_token :: Maybe Text,+    -- | Identifier is the email or username of the user trying to log in. This field is only required when using WebAuthn for passwordless login. When using WebAuthn for multi-factor authentication, it is not needed.+    identifier :: Text,+    -- | Method should be set to \"lookup_secret\" when logging in using the lookup_secret strategy.+    method :: Text,+    -- | The user's password.+    password :: Text,+    -- | Identifier is the email or username of the user trying to log in. This field is deprecated!+    password_identifier :: Maybe Text,+    -- | The provider to register with+    provider :: Text,+    -- | The identity traits. This is a placeholder for the registration flow.+    traits :: Maybe Value,+    -- | The TOTP code.+    totp_code :: Text,+    -- | Login a WebAuthn Security Key  This must contain the ID of the WebAuthN connection.+    webauthn_login :: Maybe Text,+    -- | The lookup secret.+    lookup_secret :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceLoginFlowBody++instance ToJSON SubmitSelfServiceLoginFlowBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceLoginFlowWithLookupSecretMethodBody = SubmitSelfServiceLoginFlowWithLookupSecretMethodBody+  { -- | Sending the anti-csrf token is only required for browser login flows.+    csrf_token :: Maybe Text,+    -- | The lookup secret.+    lookup_secret :: Text,+    -- | Method should be set to \"lookup_secret\" when logging in using the lookup_secret strategy.+    method :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceLoginFlowWithLookupSecretMethodBody++instance ToJSON SubmitSelfServiceLoginFlowWithLookupSecretMethodBody where+  toEncoding = genericToEncoding defaultOptions++-- | SubmitSelfServiceLoginFlowWithOidcMethodBody is used to decode the login form payload when using the oidc method.+data SubmitSelfServiceLoginFlowWithOidcMethodBody = SubmitSelfServiceLoginFlowWithOidcMethodBody+  { -- | The CSRF Token+    csrf_token :: Maybe Text,+    -- | Method to use  This field must be set to `oidc` when using the oidc method.+    method :: Text,+    -- | The provider to register with+    provider :: Text,+    -- | The identity traits. This is a placeholder for the registration flow.+    traits :: Maybe Value+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceLoginFlowWithOidcMethodBody++instance ToJSON SubmitSelfServiceLoginFlowWithOidcMethodBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceLoginFlowWithPasswordMethodBody = SubmitSelfServiceLoginFlowWithPasswordMethodBody+  { -- | Sending the anti-csrf token is only required for browser login flows.+    csrf_token :: Maybe Text,+    -- | Identifier is the email or username of the user trying to log in.+    identifier :: Text,+    -- | Method should be set to \"password\" when logging in using the identifier and password strategy.+    method :: Text,+    -- | The user's password.+    password :: Text,+    -- | Identifier is the email or username of the user trying to log in. This field is deprecated!+    password_identifier :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceLoginFlowWithPasswordMethodBody++instance ToJSON SubmitSelfServiceLoginFlowWithPasswordMethodBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceLoginFlowWithTotpMethodBody = SubmitSelfServiceLoginFlowWithTotpMethodBody+  { -- | Sending the anti-csrf token is only required for browser login flows.+    csrf_token :: Maybe Text,+    -- | Method should be set to \"totp\" when logging in using the TOTP strategy.+    method :: Text,+    -- | The TOTP code.+    totp_code :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceLoginFlowWithTotpMethodBody++instance ToJSON SubmitSelfServiceLoginFlowWithTotpMethodBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceLoginFlowWithWebAuthnMethodBody = SubmitSelfServiceLoginFlowWithWebAuthnMethodBody+  { -- | Sending the anti-csrf token is only required for browser login flows.+    csrf_token :: Maybe Text,+    -- | Identifier is the email or username of the user trying to log in. This field is only required when using WebAuthn for passwordless login. When using WebAuthn for multi-factor authentication, it is not needed.+    identifier :: Maybe Text,+    -- | Method should be set to \"webAuthn\" when logging in using the WebAuthn strategy.+    method :: Text,+    -- | Login a WebAuthn Security Key  This must contain the ID of the WebAuthN connection.+    webauthn_login :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceLoginFlowWithWebAuthnMethodBody++instance ToJSON SubmitSelfServiceLoginFlowWithWebAuthnMethodBody where+  toEncoding = genericToEncoding defaultOptions++-- | nolint:deadcode,unused+data SubmitSelfServiceLogoutFlowWithoutBrowserBody = SubmitSelfServiceLogoutFlowWithoutBrowserBody+  { -- | The Session Token  Invalidate this session token.+    session_token :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceLogoutFlowWithoutBrowserBody++instance ToJSON SubmitSelfServiceLogoutFlowWithoutBrowserBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceRecoveryFlowBody = SubmitSelfServiceRecoveryFlowBody+  { -- | Sending the anti-csrf token is only required for browser login flows.+    csrf_token :: Maybe Text,+    -- | Email to Recover  Needs to be set when initiating the flow. If the email is a registered recovery email, a recovery link will be sent. If the email is not known, a email with details on what happened will be sent instead.  format: email+    email :: Text,+    -- | Method supports `link` only right now.+    method :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceRecoveryFlowBody++instance ToJSON SubmitSelfServiceRecoveryFlowBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceRecoveryFlowWithLinkMethodBody = SubmitSelfServiceRecoveryFlowWithLinkMethodBody+  { -- | Sending the anti-csrf token is only required for browser login flows.+    csrf_token :: Maybe Text,+    -- | Email to Recover  Needs to be set when initiating the flow. If the email is a registered recovery email, a recovery link will be sent. If the email is not known, a email with details on what happened will be sent instead.  format: email+    email :: Text,+    -- | Method supports `link` only right now.+    method :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceRecoveryFlowWithLinkMethodBody++instance ToJSON SubmitSelfServiceRecoveryFlowWithLinkMethodBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceRegistrationFlowBody = SubmitSelfServiceRegistrationFlowBody+  { -- | CSRFToken is the anti-CSRF token+    csrf_token :: Maybe Text,+    -- | Method  Should be set to \"webauthn\" when trying to add, update, or remove a webAuthn pairing.+    method :: Text,+    -- | Password to sign the user up with+    password :: Text,+    -- | The identity's traits+    traits :: Value,+    -- | The provider to register with+    provider :: Text,+    -- | Register a WebAuthn Security Key  It is expected that the JSON returned by the WebAuthn registration process is included here.+    webauthn_register :: Maybe Text,+    -- | Name of the WebAuthn Security Key to be Added  A human-readable name for the security key which will be added.+    webauthn_register_displayname :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceRegistrationFlowBody++instance ToJSON SubmitSelfServiceRegistrationFlowBody where+  toEncoding = genericToEncoding defaultOptions++-- | SubmitSelfServiceRegistrationFlowWithOidcMethodBody is used to decode the registration form payload when using the oidc method.+data SubmitSelfServiceRegistrationFlowWithOidcMethodBody = SubmitSelfServiceRegistrationFlowWithOidcMethodBody+  { -- | The CSRF Token+    csrf_token :: Maybe Text,+    -- | Method to use  This field must be set to `oidc` when using the oidc method.+    method :: Text,+    -- | The provider to register with+    provider :: Text,+    -- | The identity traits+    traits :: Maybe Value+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceRegistrationFlowWithOidcMethodBody++instance ToJSON SubmitSelfServiceRegistrationFlowWithOidcMethodBody where+  toEncoding = genericToEncoding defaultOptions++-- | SubmitSelfServiceRegistrationFlowWithPasswordMethodBody is used to decode the registration form payload when using the password method.+data SubmitSelfServiceRegistrationFlowWithPasswordMethodBody = SubmitSelfServiceRegistrationFlowWithPasswordMethodBody+  { -- | The CSRF Token+    csrf_token :: Maybe Text,+    -- | Method to use  This field must be set to `password` when using the password method.+    method :: Text,+    -- | Password to sign the user up with+    password :: Text,+    -- | The identity's traits+    traits :: Value+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceRegistrationFlowWithPasswordMethodBody++instance ToJSON SubmitSelfServiceRegistrationFlowWithPasswordMethodBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceRegistrationFlowWithWebAuthnMethodBody = SubmitSelfServiceRegistrationFlowWithWebAuthnMethodBody+  { -- | CSRFToken is the anti-CSRF token+    csrf_token :: Maybe Text,+    -- | Method  Should be set to \"webauthn\" when trying to add, update, or remove a webAuthn pairing.+    method :: Text,+    -- | The identity's traits+    traits :: Value,+    -- | Register a WebAuthn Security Key  It is expected that the JSON returned by the WebAuthn registration process is included here.+    webauthn_register :: Maybe Text,+    -- | Name of the WebAuthn Security Key to be Added  A human-readable name for the security key which will be added.+    webauthn_register_displayname :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceRegistrationFlowWithWebAuthnMethodBody++instance ToJSON SubmitSelfServiceRegistrationFlowWithWebAuthnMethodBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceSettingsFlowBody = SubmitSelfServiceSettingsFlowBody+  { -- | CSRFToken is the anti-CSRF token+    csrf_token :: Maybe Text,+    -- | Method  Should be set to \"lookup\" when trying to add, update, or remove a lookup pairing.+    method :: Text,+    -- | Password is the updated password+    password :: Text,+    -- | The identity's traits  in: body+    traits :: Value,+    -- | Flow ID is the flow's ID.  in: query+    flow :: Maybe Text,+    -- | Link this provider  Either this or `unlink` must be set.  type: string in: body+    link :: Maybe Text,+    -- | Unlink this provider  Either this or `link` must be set.  type: string in: body+    unlink :: Maybe Text,+    -- | ValidationTOTP must contain a valid TOTP based on the+    totp_code :: Maybe Text,+    -- | UnlinkTOTP if true will remove the TOTP pairing, effectively removing the credential. This can be used to set up a new TOTP device.+    totp_unlink :: Maybe Bool,+    -- | Register a WebAuthn Security Key  It is expected that the JSON returned by the WebAuthn registration process is included here.+    webauthn_register :: Maybe Text,+    -- | Name of the WebAuthn Security Key to be Added  A human-readable name for the security key which will be added.+    webauthn_register_displayname :: Maybe Text,+    -- | Remove a WebAuthn Security Key  This must contain the ID of the WebAuthN connection.+    webauthn_remove :: Maybe Text,+    -- | If set to true will save the regenerated lookup secrets+    lookup_secret_confirm :: Maybe Bool,+    -- | Disables this method if true.+    lookup_secret_disable :: Maybe Bool,+    -- | If set to true will regenerate the lookup secrets+    lookup_secret_regenerate :: Maybe Bool,+    -- | If set to true will reveal the lookup secrets+    lookup_secret_reveal :: Maybe Bool+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceSettingsFlowBody++instance ToJSON SubmitSelfServiceSettingsFlowBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceSettingsFlowWithLookupMethodBody = SubmitSelfServiceSettingsFlowWithLookupMethodBody+  { -- | CSRFToken is the anti-CSRF token+    csrf_token :: Maybe Text,+    -- | If set to true will save the regenerated lookup secrets+    lookup_secret_confirm :: Maybe Bool,+    -- | Disables this method if true.+    lookup_secret_disable :: Maybe Bool,+    -- | If set to true will regenerate the lookup secrets+    lookup_secret_regenerate :: Maybe Bool,+    -- | If set to true will reveal the lookup secrets+    lookup_secret_reveal :: Maybe Bool,+    -- | Method  Should be set to \"lookup\" when trying to add, update, or remove a lookup pairing.+    method :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceSettingsFlowWithLookupMethodBody++instance ToJSON SubmitSelfServiceSettingsFlowWithLookupMethodBody where+  toEncoding = genericToEncoding defaultOptions++-- | nolint:deadcode,unused+data SubmitSelfServiceSettingsFlowWithOidcMethodBody = SubmitSelfServiceSettingsFlowWithOidcMethodBody+  { -- | Flow ID is the flow's ID.  in: query+    flow :: Maybe Text,+    -- | Link this provider  Either this or `unlink` must be set.  type: string in: body+    link :: Maybe Text,+    -- | Method  Should be set to profile when trying to update a profile.+    method :: Text,+    -- | The identity's traits  in: body+    traits :: Maybe Value,+    -- | Unlink this provider  Either this or `link` must be set.  type: string in: body+    unlink :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceSettingsFlowWithOidcMethodBody++instance ToJSON SubmitSelfServiceSettingsFlowWithOidcMethodBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceSettingsFlowWithPasswordMethodBody = SubmitSelfServiceSettingsFlowWithPasswordMethodBody+  { -- | CSRFToken is the anti-CSRF token+    csrf_token :: Maybe Text,+    -- | Method  Should be set to password when trying to update a password.+    method :: Text,+    -- | Password is the updated password+    password :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceSettingsFlowWithPasswordMethodBody++instance ToJSON SubmitSelfServiceSettingsFlowWithPasswordMethodBody where+  toEncoding = genericToEncoding defaultOptions++-- | nolint:deadcode,unused+data SubmitSelfServiceSettingsFlowWithProfileMethodBody = SubmitSelfServiceSettingsFlowWithProfileMethodBody+  { -- | The Anti-CSRF Token  This token is only required when performing browser flows.+    csrf_token :: Maybe Text,+    -- | Method  Should be set to profile when trying to update a profile.+    method :: Text,+    -- | Traits contains all of the identity's traits.+    traits :: Value+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceSettingsFlowWithProfileMethodBody++instance ToJSON SubmitSelfServiceSettingsFlowWithProfileMethodBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceSettingsFlowWithTotpMethodBody = SubmitSelfServiceSettingsFlowWithTotpMethodBody+  { -- | CSRFToken is the anti-CSRF token+    csrf_token :: Maybe Text,+    -- | Method  Should be set to \"totp\" when trying to add, update, or remove a totp pairing.+    method :: Text,+    -- | ValidationTOTP must contain a valid TOTP based on the+    totp_code :: Maybe Text,+    -- | UnlinkTOTP if true will remove the TOTP pairing, effectively removing the credential. This can be used to set up a new TOTP device.+    totp_unlink :: Maybe Bool+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceSettingsFlowWithTotpMethodBody++instance ToJSON SubmitSelfServiceSettingsFlowWithTotpMethodBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceSettingsFlowWithWebAuthnMethodBody = SubmitSelfServiceSettingsFlowWithWebAuthnMethodBody+  { -- | CSRFToken is the anti-CSRF token+    csrf_token :: Maybe Text,+    -- | Method  Should be set to \"webauthn\" when trying to add, update, or remove a webAuthn pairing.+    method :: Text,+    -- | Register a WebAuthn Security Key  It is expected that the JSON returned by the WebAuthn registration process is included here.+    webauthn_register :: Maybe Text,+    -- | Name of the WebAuthn Security Key to be Added  A human-readable name for the security key which will be added.+    webauthn_register_displayname :: Maybe Text,+    -- | Remove a WebAuthn Security Key  This must contain the ID of the WebAuthN connection.+    webauthn_remove :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceSettingsFlowWithWebAuthnMethodBody++instance ToJSON SubmitSelfServiceSettingsFlowWithWebAuthnMethodBody where+  toEncoding = genericToEncoding defaultOptions++-- | nolint:deadcode,unused+data SubmitSelfServiceVerificationFlowBody = SubmitSelfServiceVerificationFlowBody+  { -- | Sending the anti-csrf token is only required for browser login flows.+    csrf_token :: Maybe Text,+    -- | Email to Verify  Needs to be set when initiating the flow. If the email is a registered verification email, a verification link will be sent. If the email is not known, a email with details on what happened will be sent instead.  format: email+    email :: Text,+    -- | Method supports `link` only right now.+    method :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceVerificationFlowBody++instance ToJSON SubmitSelfServiceVerificationFlowBody where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceVerificationFlowWithLinkMethodBody = SubmitSelfServiceVerificationFlowWithLinkMethodBody+  { -- | Sending the anti-csrf token is only required for browser login flows.+    csrf_token :: Maybe Text,+    -- | Email to Verify  Needs to be set when initiating the flow. If the email is a registered verification email, a verification link will be sent. If the email is not known, a email with details on what happened will be sent instead.  format: email+    email :: Text,+    -- | Method supports `link` only right now.+    method :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceVerificationFlowWithLinkMethodBody++instance ToJSON SubmitSelfServiceVerificationFlowWithLinkMethodBody where+  toEncoding = genericToEncoding defaultOptions
− lib/OryKratos/Types/Recovery.hs
@@ -1,74 +0,0 @@-module OryKratos.Types.Recovery-  ( RecoveryFlow (..),-    RecoveryLink (..),-    SubmitSelfServiceRecoveryFlowWithLinkMethod (..),-  )-where--import OryKratos.Types.Ui (UiContainer)-import Pre---- | This request is used when an identity wants to recover their account.  We recommend reading the [Account Recovery Documentation](../self-service/flows/password-reset-account-recovery)-data RecoveryFlow = RecoveryFlow-  { -- | Active, if set, contains the registration method that is being used. It is initially not set.-    active :: Maybe Text,-    -- | ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting, a new request has to be initiated.-    expires_at :: UTCTime,-    -- |-    id :: Text,-    -- | IssuedAt is the time (UTC) when the request occurred.-    issued_at :: UTCTime,-    -- | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example.-    request_url :: Text,-    -- |-    state :: Text,-    -- | The flow type can either be `api` or `browser`.-    _type :: Maybe Text,-    -- |-    ui :: UiContainer-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON RecoveryFlow where-  parseJSON =-    genericParseJSON-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }--instance ToJSON RecoveryFlow where-  toEncoding =-    genericToEncoding-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }---- |-data RecoveryLink = RecoveryLink-  { -- | Recovery Link Expires At  The timestamp when the recovery link expires.-    expires_at :: Maybe UTCTime,-    -- | Recovery Link  This link can be used to recover the account.-    recovery_link :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON RecoveryLink--instance ToJSON RecoveryLink where-  toEncoding = genericToEncoding defaultOptions---- |-data SubmitSelfServiceRecoveryFlowWithLinkMethod = SubmitSelfServiceRecoveryFlowWithLinkMethod-  { -- | Sending the anti-csrf token is only required for browser login flows.-    csrf_token :: Maybe Text,-    -- | Email to Recover  Needs to be set when initiating the flow. If the email is a registered recovery email, a recovery link will be sent. If the email is not known, a email with details on what happened will be sent instead.  format: email in: body-    email :: Maybe Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON SubmitSelfServiceRecoveryFlowWithLinkMethod--instance ToJSON SubmitSelfServiceRecoveryFlowWithLinkMethod where-  toEncoding = genericToEncoding defaultOptions
− lib/OryKratos/Types/Registration.hs
@@ -1,82 +0,0 @@-module OryKratos.Types.Registration-  ( RegistrationFlow (..),-    RegistrationViaApiResponse (..),-    SubmitSelfServiceRegistrationFlowWithPasswordMethod (..),-  )-where--import OryKratos.Types.Misc-  ( Identity,-    Session,-  )-import OryKratos.Types.Ui (UiContainer)-import Pre---- |-data RegistrationFlow = RegistrationFlow-  { -- | and so on.-    active :: Maybe Text,-    -- | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated.-    expires_at :: UTCTime,-    -- |-    id :: Text,-    -- | IssuedAt is the time (UTC) when the flow occurred.-    issued_at :: UTCTime,-    -- | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example.-    request_url :: Text,-    -- | The flow type can either be `api` or `browser`.-    _type :: Maybe Text,-    -- |-    ui :: UiContainer-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON RegistrationFlow where-  parseJSON =-    genericParseJSON-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }--instance ToJSON RegistrationFlow where-  toEncoding =-    genericToEncoding-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }---- | The Response for Registration Flows via API-data RegistrationViaApiResponse = RegistrationViaApiResponse-  { -- |-    identity :: Identity,-    -- |-    session :: Maybe Session,-    -- | The Session Token  This field is only set when the session hook is configured as a post-registration hook.  A session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization Header:  Authorization: bearer ${session-token}  The session token is only issued for API flows, not for Browser flows!-    session_token :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON RegistrationViaApiResponse--instance ToJSON RegistrationViaApiResponse where-  toEncoding = genericToEncoding defaultOptions---- | SubmitSelfServiceRegistrationFlowWithPasswordMethod is used to decode the registration form payload when using the password method.-data SubmitSelfServiceRegistrationFlowWithPasswordMethod = SubmitSelfServiceRegistrationFlowWithPasswordMethod-  { -- | The CSRF Token-    csrf_token :: Maybe Text,-    -- | Method to use  This field must be set to `password` when using the password method.-    method :: Text,-    -- | Password to sign the user up with-    password :: Maybe Text,-    -- | The identity's traits-    traits :: Maybe Value-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON SubmitSelfServiceRegistrationFlowWithPasswordMethod--instance ToJSON SubmitSelfServiceRegistrationFlowWithPasswordMethod where-  toEncoding = genericToEncoding defaultOptions
+ lib/OryKratos/Types/SelfService.hs view
@@ -0,0 +1,329 @@+{-# OPTIONS_GHC -fno-warn-unused-binds -fno-warn-unused-imports #-}++module OryKratos.Types.SelfService+  ( SelfServiceBrowserLocationChangeRequiredError (..),+    SelfServiceError (..),+    SelfServiceFlowExpiredError (..),+    SelfServiceLoginFlow (..),+    SelfServiceLogoutUrl (..),+    SelfServiceRecoveryFlow (..),+    SelfServiceRecoveryFlowState (..),+    SelfServiceRecoveryLink (..),+    SelfServiceRegistrationFlow (..),+    SelfServiceSettingsFlow (..),+    SelfServiceSettingsFlowState (..),+    SelfServiceVerificationFlow (..),+    SelfServiceVerificationFlowState (..),+  )+where++import Data.Aeson (FromJSON (..), ToJSON (..), Value, genericParseJSON, genericToEncoding, genericToJSON)+import qualified Data.Aeson as Aeson+import Data.Aeson.Types (Options (..), defaultOptions)+import qualified Data.Char as Char+import Data.Data (Data)+import Data.Function ((&))+import Data.List (stripPrefix)+import qualified Data.Map as Map+import Data.Maybe (fromMaybe)+import Data.Set (Set)+import Data.Swagger (ToSchema, declareNamedSchema)+import qualified Data.Swagger as Swagger+import Data.Text (Text)+import qualified Data.Text as T+import Data.Time+import Data.UUID (UUID)+import GHC.Generics (Generic)+import OryKratos.Types.Helper (customOptions, removeFieldLabelPrefix)+import OryKratos.Types.Identity (Identity, IdentityCredentialsType)+import OryKratos.Types.Types (AuthenticatorAssuranceLevel)+import OryKratos.Types.Ui (UiContainer)++data SelfServiceBrowserLocationChangeRequiredError = SelfServiceBrowserLocationChangeRequiredError+  { -- | The status code+    code :: Maybe Integer,+    -- | Debug information  This field is often not exposed to protect against leaking sensitive information.+    debug :: Maybe Text,+    -- | Further error details+    details :: Maybe (Map.Map String Value),+    -- | The error ID  Useful when trying to identify various errors in application logic.+    id :: Maybe Text,+    -- | Error message  The error's message.+    message :: Text,+    -- | A human-readable reason for the error+    reason :: Maybe Text,+    -- | Since when the flow has expired+    redirect_browser_to :: Maybe Text,+    -- | The request ID  The request ID is often exposed internally in order to trace errors across service architectures. This is often a UUID.+    request :: Maybe Text,+    -- | The status description+    status :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SelfServiceBrowserLocationChangeRequiredError++instance ToJSON SelfServiceBrowserLocationChangeRequiredError where+  toEncoding = genericToEncoding defaultOptions++data SelfServiceError = SelfServiceError+  { -- | CreatedAt is a helper struct field for gobuffalo.pop.+    created_at :: Maybe UTCTime,+    error :: Maybe Value,+    id :: Text,+    -- | UpdatedAt is a helper struct field for gobuffalo.pop.+    updated_at :: Maybe UTCTime+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SelfServiceError++instance ToJSON SelfServiceError where+  toEncoding = genericToEncoding defaultOptions++-- | Is sent when a flow is expired+data SelfServiceFlowExpiredError = SelfServiceFlowExpiredError+  { -- | The status code+    code :: Maybe Integer,+    -- | Debug information  This field is often not exposed to protect against leaking sensitive information.+    debug :: Maybe Text,+    -- | Further error details+    details :: Maybe (Map.Map String Value),+    -- | The error ID  Useful when trying to identify various errors in application logic.+    id :: Maybe Text,+    -- | Error message  The error's message.+    message :: Text,+    -- | A human-readable reason for the error+    reason :: Maybe Text,+    -- | The request ID  The request ID is often exposed internally in order to trace errors across service architectures. This is often a UUID.+    request :: Maybe Text,+    -- | A Duration represents the elapsed time between two instants as an int64 nanosecond count. The representation limits the largest representable duration to approximately 290 years.+    since :: Maybe Integer,+    -- | The status description+    status :: Maybe Text,+    use_flow_id :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SelfServiceFlowExpiredError++instance ToJSON SelfServiceFlowExpiredError where+  toEncoding = genericToEncoding defaultOptions++-- | This object represents a login flow. A login flow is initiated at the \&quot;Initiate Login API / Browser Flow\&quot; endpoint by a client.  Once a login flow is completed successfully, a session cookie or session token will be issued.+data SelfServiceLoginFlow = SelfServiceLoginFlow+  { active :: Maybe IdentityCredentialsType,+    -- | CreatedAt is a helper struct field for gobuffalo.pop.+    created_at :: Maybe UTCTime,+    -- | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated.+    expires_at :: UTCTime,+    id :: Text,+    -- | IssuedAt is the time (UTC) when the flow started.+    issued_at :: UTCTime,+    -- | Refresh stores whether this login flow should enforce re-authentication.+    refresh :: Maybe Bool,+    -- | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example.+    request_url :: Text,+    requested_aal :: Maybe AuthenticatorAssuranceLevel,+    -- | ReturnTo contains the requested return_to URL.+    return_to :: Maybe Text,+    -- | The flow type can either be `api` or `browser`.+    _type :: Text,+    ui :: UiContainer,+    -- | UpdatedAt is a helper struct field for gobuffalo.pop.+    updated_at :: Maybe UTCTime+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SelfServiceLoginFlow where+  parseJSON = genericParseJSON customOptions++instance ToJSON SelfServiceLoginFlow where+  toJSON = genericToJSON customOptions+  toEncoding = genericToEncoding customOptions++data SelfServiceLogoutUrl = SelfServiceLogoutUrl+  { -- | LogoutToken can be used to perform logout using AJAX.+    logout_token :: Text,+    -- | LogoutURL can be opened in a browser to sign the user out.  format: uri+    logout_url :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SelfServiceLogoutUrl++instance ToJSON SelfServiceLogoutUrl where+  toEncoding = genericToEncoding defaultOptions++-- | This request is used when an identity wants to recover their account.  We recommend reading the [Account Recovery Documentation](../self-service/flows/password-reset-account-recovery)+data SelfServiceRecoveryFlow = SelfServiceRecoveryFlow+  { -- | Active, if set, contains the registration method that is being used. It is initially not set.+    active :: Maybe Text,+    -- | ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting, a new request has to be initiated.+    expires_at :: UTCTime,+    id :: Text,+    -- | IssuedAt is the time (UTC) when the request occurred.+    issued_at :: UTCTime,+    -- | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example.+    request_url :: Text,+    -- | ReturnTo contains the requested return_to URL.+    return_to :: Maybe Text,+    state :: SelfServiceRecoveryFlowState,+    -- | The flow type can either be `api` or `browser`.+    _type :: Text,+    ui :: UiContainer+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SelfServiceRecoveryFlow where+  parseJSON = genericParseJSON customOptions++instance ToJSON SelfServiceRecoveryFlow where+  toJSON = genericToJSON customOptions+  toEncoding = genericToEncoding customOptions++-- | The state represents the state of the recovery flow.  choose_method: ask the user to choose a method (e.g. recover account via email) sent_email: the email has been sent to the user passed_challenge: the request was successful and the recovery challenge was passed.+data SelfServiceRecoveryFlowState+  = SelfServiceRecoveryFlowStateChooseMethod+  | SelfServiceRecoveryFlowStateSentEmail+  | SelfServiceRecoveryFlowStatePassedChallenge+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SelfServiceRecoveryFlowState where+  parseJSON (Aeson.String s) = case T.unpack s of+    "choose_method" -> return SelfServiceRecoveryFlowStateChooseMethod+    "sent_email" -> return SelfServiceRecoveryFlowStateSentEmail+    "passed_challenge" -> return SelfServiceRecoveryFlowStatePassedChallenge+    _ -> Prelude.error "Invalid SelfServiceRecoveryFlowState"+  parseJSON _ = Prelude.error "Invalid SelfServiceRecoveryFlowState"++instance ToJSON SelfServiceRecoveryFlowState where+  toJSON (SelfServiceRecoveryFlowStateChooseMethod) = Aeson.String "choose_method"+  toJSON (SelfServiceRecoveryFlowStateSentEmail) = Aeson.String "sent_email"+  toJSON (SelfServiceRecoveryFlowStatePassedChallenge) = Aeson.String "passed_challenge"++data SelfServiceRecoveryLink = SelfServiceRecoveryLink+  { -- | Recovery Link Expires At  The timestamp when the recovery link expires.+    expires_at :: Maybe UTCTime,+    -- | Recovery Link  This link can be used to recover the account.+    recovery_link :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SelfServiceRecoveryLink++instance ToJSON SelfServiceRecoveryLink where+  toEncoding = genericToEncoding defaultOptions++data SelfServiceRegistrationFlow = SelfServiceRegistrationFlow+  { active :: Maybe IdentityCredentialsType,+    -- | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, a new flow has to be initiated.+    expires_at :: UTCTime,+    id :: Text,+    -- | IssuedAt is the time (UTC) when the flow occurred.+    issued_at :: UTCTime,+    -- | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example.+    request_url :: Text,+    -- | ReturnTo contains the requested return_to URL.+    return_to :: Maybe Text,+    -- | The flow type can either be `api` or `browser`.+    _type :: Text,+    ui :: UiContainer+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SelfServiceRegistrationFlow where+  parseJSON = genericParseJSON customOptions++instance ToJSON SelfServiceRegistrationFlow where+  toJSON = genericToJSON customOptions+  toEncoding = genericToEncoding customOptions++-- | This flow is used when an identity wants to update settings (e.g. profile data, passwords, ...) in a selfservice manner.  We recommend reading the [User Settings Documentation](../self-service/flows/user-settings)+data SelfServiceSettingsFlow = SelfServiceSettingsFlow+  { -- | Active, if set, contains the registration method that is being used. It is initially not set.+    active :: Maybe Text,+    -- | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to update the setting, a new flow has to be initiated.+    expires_at :: UTCTime,+    id :: Text,+    identity :: Identity,+    -- | IssuedAt is the time (UTC) when the flow occurred.+    issued_at :: UTCTime,+    -- | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example.+    request_url :: Text,+    -- | ReturnTo contains the requested return_to URL.+    return_to :: Maybe Text,+    state :: SelfServiceSettingsFlowState,+    -- | The flow type can either be `api` or `browser`.+    _type :: Text,+    ui :: UiContainer+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SelfServiceSettingsFlow where+  parseJSON = genericParseJSON customOptions++instance ToJSON SelfServiceSettingsFlow where+  toJSON = genericToJSON customOptions+  toEncoding = genericToEncoding customOptions++-- | show_form: No user data has been collected, or it is invalid, and thus the form should be shown. success: Indicates that the settings flow has been updated successfully with the provided data. Done will stay true when repeatedly checking. If set to true, done will revert back to false only when a flow with invalid (e.g. \&quot;please use a valid phone number\&quot;) data was sent.+data SelfServiceSettingsFlowState = SelfServiceSettingsFlowStateShowForm | SelfServiceSettingsFlowStateSuccess deriving stock (Show, Eq, Generic, Data)++instance FromJSON SelfServiceSettingsFlowState where+  parseJSON (Aeson.String s) = case T.unpack s of+    "show_form" -> return SelfServiceSettingsFlowStateShowForm+    "success" -> return SelfServiceSettingsFlowStateSuccess+    _ -> Prelude.error "Invalid SelfServiceSettingsFlowState"+  parseJSON _ = Prelude.error "Invalid SelfServiceSettingsFlowState"++instance ToJSON SelfServiceSettingsFlowState where+  toJSON (SelfServiceSettingsFlowStateShowForm) = Aeson.String "show_form"+  toJSON (SelfServiceSettingsFlowStateSuccess) = Aeson.String "success"++-- | Used to verify an out-of-band communication channel such as an email address or a phone number.  For more information head over to: https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation+data SelfServiceVerificationFlow = SelfServiceVerificationFlow+  { -- | Active, if set, contains the registration method that is being used. It is initially not set.+    active :: Maybe Text,+    -- | ExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address, a new request has to be initiated.+    expires_at :: Maybe UTCTime,+    id :: Text,+    -- | IssuedAt is the time (UTC) when the request occurred.+    issued_at :: Maybe UTCTime,+    -- | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example.+    request_url :: Maybe Text,+    -- | ReturnTo contains the requested return_to URL.+    return_to :: Maybe Text,+    state :: SelfServiceVerificationFlowState,+    -- | The flow type can either be `api` or `browser`.+    _type :: Text,+    ui :: UiContainer+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SelfServiceVerificationFlow where+  parseJSON = genericParseJSON customOptions++instance ToJSON SelfServiceVerificationFlow where+  toJSON = genericToJSON customOptions+  toEncoding = genericToEncoding customOptions++-- | The state represents the state of the verification flow.  choose_method: ask the user to choose a method (e.g. recover account via email) sent_email: the email has been sent to the user passed_challenge: the request was successful and the recovery challenge was passed.+data SelfServiceVerificationFlowState+  = SelfServiceVerificationFlowStateChooseMethod+  | SelfServiceVerificationFlowStateSentEmail+  | SelfServiceVerificationFlowStatePassedChallenge+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SelfServiceVerificationFlowState where+  parseJSON (Aeson.String s) = case T.unpack s of+    "choose_method" -> return SelfServiceVerificationFlowStateChooseMethod+    "sent_email" -> return SelfServiceVerificationFlowStateSentEmail+    "passed_challenge" -> return SelfServiceVerificationFlowStatePassedChallenge+    _ -> Prelude.error "Invalid SelfServiceRecoveryFlowState"+  parseJSON _ = Prelude.error "Invalid SelfServiceRecoveryFlowState"++instance ToJSON SelfServiceVerificationFlowState where+  toJSON (SelfServiceVerificationFlowStateChooseMethod) = Aeson.String "choose_method"+  toJSON (SelfServiceVerificationFlowStateSentEmail) = Aeson.String "sent_email"+  toJSON (SelfServiceVerificationFlowStatePassedChallenge) = Aeson.String "passed_challenge"
− lib/OryKratos/Types/Settings.hs
@@ -1,95 +0,0 @@-module OryKratos.Types.Settings-  ( SettingsFlow (..),-    SettingsViaApiResponse (..),-    SubmitSelfServiceBrowserSettingsOIDCFlowPayload (..),-    SubmitSelfServiceSettingsFlowWithPasswordMethod (..),-  )-where--import OryKratos.Types.Misc (Identity)-import OryKratos.Types.Ui (UiContainer)-import Pre---- | This flow is used when an identity wants to update settings (e.g. profile data, passwords, ...) in a selfservice manner.  We recommend reading the [User Settings Documentation](../self-service/flows/user-settings)-data SettingsFlow = SettingsFlow-  { -- | Active, if set, contains the registration method that is being used. It is initially not set.-    active :: Maybe Text,-    -- | ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to update the setting, a new flow has to be initiated.-    expires_at :: UTCTime,-    -- |-    id :: Text,-    -- |-    identity :: Identity,-    -- | IssuedAt is the time (UTC) when the flow occurred.-    issued_at :: UTCTime,-    -- | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example.-    request_url :: Text,-    -- |-    state :: Text,-    -- | The flow type can either be `api` or `browser`.-    _type :: Maybe Text,-    -- |-    ui :: UiContainer-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON SettingsFlow where-  parseJSON =-    genericParseJSON-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }--instance ToJSON SettingsFlow where-  toEncoding =-    genericToEncoding-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }---- | The Response for Settings Flows via API-data SettingsViaApiResponse = SettingsViaApiResponse-  { -- |-    flow :: SettingsFlow,-    -- |-    identity :: Identity-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON SettingsViaApiResponse--instance ToJSON SettingsViaApiResponse where-  toEncoding = genericToEncoding defaultOptions---- |-data SubmitSelfServiceBrowserSettingsOIDCFlowPayload = SubmitSelfServiceBrowserSettingsOIDCFlowPayload-  { -- | Flow ID is the flow's ID.  in: query-    flow :: Maybe Text,-    -- | Link this provider  Either this or `unlink` must be set.  type: string in: body-    link :: Maybe Text,-    -- | Unlink this provider  Either this or `link` must be set.  type: string in: body-    unlink :: Maybe Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON SubmitSelfServiceBrowserSettingsOIDCFlowPayload--instance ToJSON SubmitSelfServiceBrowserSettingsOIDCFlowPayload where-  toEncoding = genericToEncoding defaultOptions--data SubmitSelfServiceSettingsFlowWithPasswordMethod = SubmitSelfServiceSettingsFlowWithPasswordMethod-  { -- | CSRFToken is the anti-CSRF token  type: string-    csrf_token :: Maybe Text,-    -- | Method  Should be set to password when trying to update a password.  type: string-    method :: Maybe Text,-    -- | Password is the updated password  type: string-    password :: Text-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON SubmitSelfServiceSettingsFlowWithPasswordMethod--instance ToJSON SubmitSelfServiceSettingsFlowWithPasswordMethod where-  toEncoding = genericToEncoding defaultOptions
+ lib/OryKratos/Types/Types.hs view
@@ -0,0 +1,338 @@+{-# OPTIONS_GHC -fno-warn-unused-binds -fno-warn-unused-imports #-}++module OryKratos.Types.Types+  ( AuthenticatorAssuranceLevel (..),+    ErrorAuthenticatorAssuranceLevelNotSatisfied (..),+    GenericError (..),+    GetVersion200Response (..),+    HealthNotReadyStatus (..),+    HealthStatus (..),+    IsAlive200Response (..),+    IsReady503Response (..),+    JsonError (..),+    NeedsPrivilegedSessionError (..),+    Pagination (..),+    RecoveryAddress (..),+    RevokedSessions (..),+    SessionAuthenticationMethod (..),+    SessionDevice (..),+    SubmitSelfServiceFlowWithWebAuthnRegistrationMethod (..),+    VerifiableIdentityAddress (..),+    Version (..),+  )+where++import Data.Aeson (FromJSON (..), ToJSON (..), Value, genericParseJSON, genericToEncoding, genericToJSON)+import qualified Data.Aeson as Aeson+import Data.Aeson.Types (Options (..), defaultOptions)+import qualified Data.Char as Char+import Data.Data (Data)+import Data.Function ((&))+import Data.List (stripPrefix)+import qualified Data.Map as Map+import Data.Maybe (fromMaybe)+import Data.Set (Set)+import Data.Swagger (ToSchema, declareNamedSchema)+import qualified Data.Swagger as Swagger+import Data.Text (Text)+import qualified Data.Text as T+import Data.Time+import Data.UUID (UUID)+import GHC.Generics (Generic)+import OryKratos.Types.Helper (removeFieldLabelPrefix)++-- | The authenticator assurance level can be one of \&quot;aal1\&quot;, \&quot;aal2\&quot;, or \&quot;aal3\&quot;. A higher number means that it is harder for an attacker to compromise the account.  Generally, \&quot;aal1\&quot; implies that one authentication factor was used while AAL2 implies that two factors (e.g. password + TOTP) have been used.  To learn more about these levels please head over to: https://www.ory.sh/kratos/docs/concepts/credentials+data AuthenticatorAssuranceLevel+  = AuthenticatorAssuranceLevel0+  | AuthenticatorAssuranceLevel1+  | AuthenticatorAssuranceLevel2+  | AuthenticatorAssuranceLevel3+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON AuthenticatorAssuranceLevel where+  parseJSON (Aeson.String s) = case T.unpack s of+    "aal0" -> return AuthenticatorAssuranceLevel0+    "aal1" -> return AuthenticatorAssuranceLevel1+    "aal2" -> return AuthenticatorAssuranceLevel2+    "aal3" -> return AuthenticatorAssuranceLevel3+    _ -> Prelude.error "Invalid AuthenticatorAssuranceLevel"+  parseJSON _ = Prelude.error "Invalid AuthenticatorAssuranceLevel"++instance ToJSON AuthenticatorAssuranceLevel where+  toJSON (AuthenticatorAssuranceLevel0) = Aeson.String "aal0"+  toJSON (AuthenticatorAssuranceLevel1) = Aeson.String "aal1"+  toJSON (AuthenticatorAssuranceLevel2) = Aeson.String "aal2"+  toJSON (AuthenticatorAssuranceLevel3) = Aeson.String "aal3"++data ErrorAuthenticatorAssuranceLevelNotSatisfied = ErrorAuthenticatorAssuranceLevelNotSatisfied+  { -- | The status code+    code :: Maybe Integer,+    -- | Debug information  This field is often not exposed to protect against leaking sensitive information.+    debug :: Maybe Text,+    -- | Further error details+    details :: Maybe (Map.Map String Value),+    -- | The error ID  Useful when trying to identify various errors in application logic.+    id :: Maybe Text,+    -- | Error message  The error's message.+    message :: Text,+    -- | A human-readable reason for the error+    reason :: Maybe Text,+    redirect_browser_to :: Maybe Text,+    -- | The request ID  The request ID is often exposed internally in order to trace errors across service architectures. This is often a UUID.+    request :: Maybe Text,+    -- | The status description+    status :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON ErrorAuthenticatorAssuranceLevelNotSatisfied where+  parseJSON = genericParseJSON (removeFieldLabelPrefix True "errorAuthenticatorAssuranceLevelNotSatisfied")++instance ToJSON ErrorAuthenticatorAssuranceLevelNotSatisfied where+  toJSON = genericToJSON (removeFieldLabelPrefix False "errorAuthenticatorAssuranceLevelNotSatisfied")+  toEncoding = genericToEncoding (removeFieldLabelPrefix False "errorAuthenticatorAssuranceLevelNotSatisfied")++data GenericError = GenericError+  { -- | The status code+    genericErrorCode :: Maybe Integer,+    -- | Debug information  This field is often not exposed to protect against leaking sensitive information.+    genericErrorDebug :: Maybe Text,+    -- | Further error details+    genericErrorDetails :: Maybe Value,+    -- | The error ID  Useful when trying to identify various errors in application logic.+    genericErrorId :: Maybe Text,+    -- | Error message  The error's message.+    genericErrorMessage :: Text,+    -- | A human-readable reason for the error+    genericErrorReason :: Maybe Text,+    -- | The request ID  The request ID is often exposed internally in order to trace errors across service architectures. This is often a UUID.+    genericErrorRequest :: Maybe Text,+    -- | The status description+    genericErrorStatus :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON GenericError where+  parseJSON = genericParseJSON (removeFieldLabelPrefix True "genericError")++instance ToJSON GenericError where+  toJSON = genericToJSON (removeFieldLabelPrefix False "genericError")+  toEncoding = genericToEncoding (removeFieldLabelPrefix False "genericError")++data GetVersion200Response = GetVersion200Response+  { -- | The version of Ory Kratos.+    getVersion200ResponseVersion :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON GetVersion200Response where+  parseJSON = genericParseJSON (removeFieldLabelPrefix True "getVersion200Response")++instance ToJSON GetVersion200Response where+  toJSON = genericToJSON (removeFieldLabelPrefix False "getVersion200Response")+  toEncoding = genericToEncoding (removeFieldLabelPrefix False "getVersion200Response")++data HealthNotReadyStatus = HealthNotReadyStatus+  { -- | Errors contains a list of errors that caused the not ready status.+    healthNotReadyStatusErrors :: Maybe (Map.Map String Text)+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON HealthNotReadyStatus where+  parseJSON = genericParseJSON (removeFieldLabelPrefix True "healthNotReadyStatus")++instance ToJSON HealthNotReadyStatus where+  toJSON = genericToJSON (removeFieldLabelPrefix False "healthNotReadyStatus")+  toEncoding = genericToEncoding (removeFieldLabelPrefix False "healthNotReadyStatus")++data HealthStatus = HealthStatus+  { -- | Status always contains \"ok\".+    healthStatusStatus :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON HealthStatus where+  parseJSON = genericParseJSON (removeFieldLabelPrefix True "healthStatus")++instance ToJSON HealthStatus where+  toJSON = genericToJSON (removeFieldLabelPrefix False "healthStatus")+  toEncoding = genericToEncoding (removeFieldLabelPrefix False "healthStatus")++data IsAlive200Response = IsAlive200Response+  { -- | Always \"ok\".+    isAlive200ResponseStatus :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON IsAlive200Response where+  parseJSON = genericParseJSON (removeFieldLabelPrefix True "isAlive200Response")++instance ToJSON IsAlive200Response where+  toJSON = genericToJSON (removeFieldLabelPrefix False "isAlive200Response")+  toEncoding = genericToEncoding (removeFieldLabelPrefix False "isAlive200Response")++data IsReady503Response = IsReady503Response+  { -- | Errors contains a list of errors that caused the not ready status.+    isReady503ResponseErrors :: (Map.Map String Text)+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON IsReady503Response where+  parseJSON = genericParseJSON (removeFieldLabelPrefix True "isReady503Response")++instance ToJSON IsReady503Response where+  toJSON = genericToJSON (removeFieldLabelPrefix False "isReady503Response")+  toEncoding = genericToEncoding (removeFieldLabelPrefix False "isReady503Response")++-- | The standard Ory JSON API error format.+data JsonError = JsonError+  { jsonErrorError :: GenericError+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON JsonError where+  parseJSON = genericParseJSON (removeFieldLabelPrefix True "jsonError")++instance ToJSON JsonError where+  toJSON = genericToJSON (removeFieldLabelPrefix False "jsonError")+  toEncoding = genericToEncoding (removeFieldLabelPrefix False "jsonError")++data NeedsPrivilegedSessionError = NeedsPrivilegedSessionError+  { -- | The status code+    code :: Maybe Integer,+    -- | Debug information  This field is often not exposed to protect against leaking sensitive information.+    debug :: Maybe Text,+    -- | Further error details+    details :: Maybe (Map.Map String Value),+    -- | The error ID  Useful when trying to identify various errors in application logic.+    id :: Maybe Text,+    -- | Error message  The error's message.+    message :: Text,+    -- | A human-readable reason for the error+    reason :: Maybe Text,+    -- | Points to where to redirect the user to next.+    redirect_browser_to :: Text,+    -- | The request ID  The request ID is often exposed internally in order to trace errors across service architectures. This is often a UUID.+    request :: Maybe Text,+    -- | The status description+    status :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON NeedsPrivilegedSessionError++instance ToJSON NeedsPrivilegedSessionError where+  toEncoding = genericToEncoding defaultOptions++data Pagination = Pagination+  { -- | Pagination Page+    page :: Maybe Integer,+    -- | Items per Page  This is the number of items per page.+    per_page :: Maybe Integer+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON Pagination++instance ToJSON Pagination where+  toEncoding = genericToEncoding defaultOptions++data RecoveryAddress = RecoveryAddress+  { -- | CreatedAt is a helper struct field for gobuffalo.pop.+    created_at :: Maybe UTCTime,+    id :: Text,+    -- | UpdatedAt is a helper struct field for gobuffalo.pop.+    updated_at :: Maybe UTCTime,+    value :: Text,+    via :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON RecoveryAddress++instance ToJSON RecoveryAddress where+  toEncoding = genericToEncoding defaultOptions++data RevokedSessions = RevokedSessions+  { -- | The number of sessions that were revoked.+    count :: Maybe Integer+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON RevokedSessions++instance ToJSON RevokedSessions where+  toEncoding = genericToEncoding defaultOptions++-- | A singular authenticator used during authentication / login.+data SessionAuthenticationMethod = SessionAuthenticationMethod+  { aal :: Maybe AuthenticatorAssuranceLevel,+    -- | When the authentication challenge was completed.+    completed_at :: Maybe UTCTime,+    method :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SessionAuthenticationMethod++instance ToJSON SessionAuthenticationMethod where+  toEncoding = genericToEncoding defaultOptions++data SessionDevice = SessionDevice+  { -- | UserAgent of this device+    user_agent :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SessionDevice++instance ToJSON SessionDevice where+  toEncoding = genericToEncoding defaultOptions++data SubmitSelfServiceFlowWithWebAuthnRegistrationMethod = SubmitSelfServiceFlowWithWebAuthnRegistrationMethod+  { -- | Register a WebAuthn Security Key  It is expected that the JSON returned by the WebAuthn registration process is included here.+    webauthn_register :: Maybe Text,+    -- | Name of the WebAuthn Security Key to be Added  A human-readable name for the security key which will be added.+    webauthn_register_displayname :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON SubmitSelfServiceFlowWithWebAuthnRegistrationMethod++instance ToJSON SubmitSelfServiceFlowWithWebAuthnRegistrationMethod where+  toEncoding = genericToEncoding defaultOptions++-- | VerifiableAddress is an identity&#39;s verifiable address+data VerifiableIdentityAddress = VerifiableIdentityAddress+  { -- | When this entry was created+    created_at :: Maybe UTCTime,+    id :: Text,+    -- | VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema+    status :: Text,+    -- | When this entry was last updated+    updated_at :: Maybe UTCTime,+    -- | The address value  example foo@user.com+    value :: Text,+    -- | Indicates if the address has already been verified+    verified :: Bool,+    verified_at :: Maybe UTCTime,+    -- | VerifiableAddressType must not exceed 16 characters as that is the limitation in the SQL Schema+    via :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON VerifiableIdentityAddress++instance ToJSON VerifiableIdentityAddress where+  toEncoding = genericToEncoding defaultOptions++data Version = Version+  { -- | Version is the service's version.+    version :: Maybe Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON Version++instance ToJSON Version where+  toEncoding = genericToEncoding defaultOptions
lib/OryKratos/Types/Ui.hs view
@@ -1,26 +1,44 @@+{-# OPTIONS_GHC -fno-warn-unused-binds -fno-warn-unused-imports #-}+ module OryKratos.Types.Ui   ( UiContainer (..),     UiNode (..),     UiNodeAnchorAttributes (..),+    UiNodeAttributes (..),     UiNodeImageAttributes (..),     UiNodeInputAttributes (..),+    UiNodeMeta (..),+    UiNodeScriptAttributes (..),     UiNodeTextAttributes (..),     UiText (..),-    Meta (..),   ) where -import Pre+import Data.Aeson (FromJSON (..), ToJSON (..), Value, genericParseJSON, genericToEncoding, genericToJSON)+import Data.Aeson.Types (Options (..), defaultOptions)+import qualified Data.Char as Char+import Data.Data (Data)+import Data.Function ((&))+import Data.List (stripPrefix)+import qualified Data.Map as Map+import Data.Maybe (fromMaybe)+import Data.Set (Set)+import Data.Swagger (ToSchema, declareNamedSchema)+import qualified Data.Swagger as Swagger+import Data.Text (Text)+import qualified Data.Text as T+import Data.Time+import Data.UUID (UUID)+import GHC.Generics (Generic)+import OryKratos.Types.Helper (customOptions, removeFieldLabelPrefix)  -- | Container represents a HTML Form. The container can work with both HTTP Form and JSON requests data UiContainer = UiContainer   { -- | Action should be used as the form action URL `<form action=\"{{ .Action }}\" method=\"post\">`.     action :: Text,-    -- |     messages :: Maybe [UiText],     -- | Method is the form method (e.g. POST)     method :: Text,-    -- |     nodes :: [UiNode]   }   deriving stock (Show, Eq, Generic, Data)@@ -32,40 +50,30 @@  -- | Nodes are represented as HTML elements or their native UI equivalents. For example, a node can be an &#x60;&lt;img&gt;&#x60; tag, or an &#x60;&lt;input element&gt;&#x60; but also &#x60;some plain text&#x60;. data UiNode = UiNode-  { -- |-    attributes :: Value,-    -- |+  { attributes :: UiNodeAttributes,+    -- | Group specifies which group (e.g. password authenticator) this node belongs to.     group :: Text,-    -- |     messages :: [UiText],-    -- |-    meta :: Meta,-    -- |+    meta :: UiNodeMeta,+    -- | The node's type     _type :: Text   }   deriving stock (Show, Eq, Generic, Data)  instance FromJSON UiNode where-  parseJSON =-    genericParseJSON-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }+  parseJSON = genericParseJSON customOptions  instance ToJSON UiNode where-  toEncoding =-    genericToEncoding-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }+  toJSON = genericToJSON customOptions+  toEncoding = genericToEncoding customOptions --- | data UiNodeAnchorAttributes = UiNodeAnchorAttributes   { -- | The link's href (destination) URL.  format: uri     href :: Text,-    -- |+    -- | A unique identifier+    id :: Text,+    -- | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0.  In this struct it technically always is \"a\".+    node_type :: Text,     title :: UiText   }   deriving stock (Show, Eq, Generic, Data)@@ -75,10 +83,67 @@ instance ToJSON UiNodeAnchorAttributes where   toEncoding = genericToEncoding defaultOptions --- |+data UiNodeAttributes = UiNodeAttributes+  { -- | Sets the input's disabled field to true or false.+    disabled :: Bool,+    label :: Maybe UiText,+    -- | The input's element name.+    name :: Text,+    -- | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"script\".+    node_type :: Text,+    -- | OnClick may contain javascript which should be executed on click. This is primarily used for WebAuthn.+    onclick :: Maybe Text,+    -- | The input's pattern.+    _pattern :: Maybe Text,+    -- | Mark this input field as required.+    required :: Maybe Bool,+    -- | The script MIME type+    _type :: Text,+    -- | The input's value.+    value :: Maybe Value,+    -- | A unique identifier+    id :: Text,+    text :: UiText,+    -- | Height of the image+    height :: Integer,+    -- | The script source+    src :: Text,+    -- | Width of the image+    width :: Integer,+    -- | The link's href (destination) URL.  format: uri+    href :: Text,+    title :: UiText,+    -- | The script async type+    async :: Bool,+    -- | The script cross origin policy+    crossorigin :: Text,+    -- | The script's integrity hash+    integrity :: Text,+    -- | Nonce for CSP  A nonce you may want to use to improve your Content Security Policy. You do not have to use this value but if you want to improve your CSP policies you may use it. You can also choose to use your own nonce value!+    nonce :: Text,+    -- | The script referrer policy+    referrerpolicy :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON UiNodeAttributes where+  parseJSON = genericParseJSON customOptions++instance ToJSON UiNodeAttributes where+  toJSON = genericToJSON customOptions+  toEncoding = genericToEncoding customOptions+ data UiNodeImageAttributes = UiNodeImageAttributes-  { -- | The image's source URL.  format: uri-    src :: Text+  { -- | Height of the image+    height :: Integer,+    -- | A unique identifier+    id :: Text,+    -- | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0.  In this struct it technically always is \"img\".+    node_type :: Text,+    -- | The image's source URL.  format: uri+    src :: Text,+    -- | Width of the image+    width :: Integer   }   deriving stock (Show, Eq, Generic, Data) @@ -91,15 +156,17 @@ data UiNodeInputAttributes = UiNodeInputAttributes   { -- | Sets the input's disabled field to true or false.     disabled :: Bool,-    -- |     label :: Maybe UiText,     -- | The input's element name.     name :: Text,+    -- | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0.  In this struct it technically always is \"input\".+    node_type :: Text,+    -- | OnClick may contain javascript which should be executed on click. This is primarily used for WebAuthn.+    onclick :: Maybe Text,     -- | The input's pattern.     _pattern :: Maybe Text,     -- | Mark this input field as required.     required :: Maybe Bool,-    -- |     _type :: Text,     -- | The input's value.     value :: Maybe Value@@ -107,24 +174,57 @@   deriving stock (Show, Eq, Generic, Data)  instance FromJSON UiNodeInputAttributes where-  parseJSON =-    genericParseJSON-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }+  parseJSON = genericParseJSON customOptions  instance ToJSON UiNodeInputAttributes where-  toEncoding =-    genericToEncoding-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }+  toJSON = genericToJSON customOptions+  toEncoding = genericToEncoding customOptions --- |+-- | This might include a label and other information that can optionally be used to render UIs.+data UiNodeMeta = UiNodeMeta+  { label :: Maybe UiText+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON UiNodeMeta++instance ToJSON UiNodeMeta where+  toEncoding = genericToEncoding defaultOptions++data UiNodeScriptAttributes = UiNodeScriptAttributes+  { -- | The script async type+    async :: Bool,+    -- | The script cross origin policy+    crossorigin :: Text,+    -- | A unique identifier+    id :: Text,+    -- | The script's integrity hash+    integrity :: Text,+    -- | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"script\".+    node_type :: Text,+    -- | Nonce for CSP  A nonce you may want to use to improve your Content Security Policy. You do not have to use this value but if you want to improve your CSP policies you may use it. You can also choose to use your own nonce value!+    nonce :: Text,+    -- | The script referrer policy+    referrerpolicy :: Text,+    -- | The script source+    src :: Text,+    -- | The script MIME type+    _type :: Text+  }+  deriving stock (Show, Eq, Generic, Data)++instance FromJSON UiNodeScriptAttributes where+  parseJSON = genericParseJSON customOptions++instance ToJSON UiNodeScriptAttributes where+  toJSON = genericToJSON customOptions+  toEncoding = genericToEncoding customOptions+ data UiNodeTextAttributes = UiNodeTextAttributes-  { -- |+  { -- | A unique identifier+    id :: Text,+    -- | NodeType represents this node's types. It is a mirror of `node.type` and is primarily used to allow compatibility with OpenAPI 3.0.  In this struct it technically always is \"text\".+    node_type :: Text,     text :: UiText   }   deriving stock (Show, Eq, Generic, Data)@@ -134,43 +234,19 @@ instance ToJSON UiNodeTextAttributes where   toEncoding = genericToEncoding defaultOptions --- | data UiText = UiText   { -- | The message's context. Useful when customizing messages.     context :: Maybe Value,-    -- |     id :: Integer,     -- | The message text. Written in american english.     text :: Text,-    -- |     _type :: Text   }   deriving stock (Show, Eq, Generic, Data)  instance FromJSON UiText where-  parseJSON =-    genericParseJSON-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }+  parseJSON = genericParseJSON customOptions  instance ToJSON UiText where-  toEncoding =-    genericToEncoding-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }---- | This might include a label and other information that can optionally be used to render UIs.-data Meta = Meta-  { -- |-    label :: Maybe UiText-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON Meta--instance ToJSON Meta where-  toEncoding = genericToEncoding defaultOptions+  toJSON = genericToJSON customOptions+  toEncoding = genericToEncoding customOptions
− lib/OryKratos/Types/Verification.hs
@@ -1,44 +0,0 @@-module OryKratos.Types.Verification-  ( VerificationFlow (..),-  )-where--import OryKratos.Types.Ui (UiContainer)-import Pre---- | Used to verify an out-of-band communication channel such as an email address or a phone number.  For more information head over to: https://www.ory.sh/docs/kratos/selfservice/flows/verify-email-account-activation-data VerificationFlow = VerificationFlow-  { -- | Active, if set, contains the registration method that is being used. It is initially not set.-    active :: Maybe Text,-    -- | ExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address, a new request has to be initiated.-    expires_at :: Maybe UTCTime,-    -- |-    id :: Text,-    -- | IssuedAt is the time (UTC) when the request occurred.-    issued_at :: Maybe UTCTime,-    -- | RequestURL is the initial URL that was requested from Ory Kratos. It can be used to forward information contained in the URL's path or query for example.-    request_url :: Maybe Text,-    -- |-    state :: Text,-    -- | The flow type can either be `api` or `browser`.-    _type :: Text,-    -- |-    ui :: UiContainer-  }-  deriving stock (Show, Eq, Generic, Data)--instance FromJSON VerificationFlow where-  parseJSON =-    genericParseJSON-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }--instance ToJSON VerificationFlow where-  toEncoding =-    genericToEncoding-      defaultOptions-        { constructorTagModifier = typeFieldRename,-          fieldLabelModifier = typeFieldRename-        }
− lib/Pre.hs
@@ -1,46 +0,0 @@-module Pre-  ( typeFieldRename,-    FromJSON (..),-    ToJSON (..),-    Value,-    genericParseJSON,-    genericToEncoding,-    genericToJSON,-    Options (..),-    defaultOptions,-    Data,-    (&),-    stripPrefix,-    fromMaybe,-    Set,-    ToSchema,-    declareNamedSchema,-    Text,-    module Data.Time,-    UUID,-    Generic,-    Map,-    module Prelude,-  )-where--import Data.Aeson (FromJSON (..), ToJSON (..), Value, genericParseJSON, genericToEncoding, genericToJSON)-import Data.Aeson.Types (Options (..), defaultOptions)-import Data.Data (Data)-import Data.Function ((&))-import Data.List (stripPrefix)-import Data.Map (Map)-import Data.Maybe (fromMaybe)-import Data.Set (Set)-import Data.Swagger (ToSchema, declareNamedSchema)-import Data.Text (Text)-import Data.Time-import Data.UUID (UUID)-import GHC.Generics (Generic)-import Prelude--typeFieldRename :: String -> String-typeFieldRename "_type" = "type"-typeFieldRename "_data" = "data"-typeFieldRename "_pattern" = "pattern"-typeFieldRename x = x
ory-kratos.cabal view
@@ -1,40 +1,28 @@ cabal-version: 3.0 name:          ory-kratos-version:       0.0.6.0+version:       0.0.7.0 synopsis:      API bindings for Ory Kratos-description:   API bindings for ory-kratos 0.6.3-alpha1+description:   API bindings for ory-kratos 0.10.1 homepage:      https://github.com/njaremko/ory-kratos-haskell-sdk author:        ory maintainer:    nathan@jaremko.ca-copyright:     2021 - Ory+copyright:     2022 - Ory category:      Web build-type:    Simple license:       Apache-2.0 -common common-options-  build-depends:-    , aeson                >=1.4.7 && < 1.6-    , base                 ^>=4.14.0.0-    , containers           ^>=0.6.2-    , exceptions           ^>=0.10.4-    , http-api-data        >=0.4.1 && <0.5-    , http-client          ^>=0.6.4-    , http-client-tls      ^>=0.3.5-    , http-types           ^>=0.12.3-    , mtl                  ^>=2.2.2-    , network-uri          >=2.6.3 && <2.7-    , servant              ^>=0.18.2-    , servant-client       ^>=0.18.2-    , servant-client-core  ^>=0.18.2-    , servant-server       ^>=0.18.2-    , swagger2             ^>=2.6-    , text                 ^>=1.2.4-    , time                 ^>=1.9.3-    , transformers         ^>=0.5.6-    , uuid                 >=1.3.13 && <1.4-    , wai                  >=3.2.2 && <3.3-    , warp                 >=3.3.13 && <3.4-  +library+  hs-source-dirs:      lib+  exposed-modules:     OryKratos.API+                     , OryKratos.Types+  other-modules:       OryKratos.Types.Admin,+                       OryKratos.Types.Helper,+                       OryKratos.Types.Identity,+                       OryKratos.Types.Other,+                       OryKratos.Types.Payload,+                       OryKratos.Types.SelfService,+                       OryKratos.Types.Types,+                       OryKratos.Types.Ui   ghc-options:         -Wall                        -Wcompat                        -Widentities@@ -49,31 +37,26 @@                        -Wpartial-fields   if impl(ghc >= 8.8)     ghc-options:       -Wmissing-deriving-strategies--  default-language: Haskell2010-  default-extensions:  ApplicativeDo RecordWildCards ViewPatterns DeriveDataTypeable BangPatterns ConstraintKinds DataKinds DefaultSignatures DeriveFoldable DeriveFunctor DeriveGeneric DeriveLift DeriveTraversable DerivingStrategies DuplicateRecordFields EmptyCase ExistentialQuantification FlexibleContexts FlexibleInstances FunctionalDependencies GADTs GeneralizedNewtypeDeriving InstanceSigs KindSignatures LambdaCase MultiParamTypeClasses MultiWayIf NamedFieldPuns NoImplicitPrelude OverloadedStrings PatternSynonyms RankNTypes ScopedTypeVariables StandaloneDeriving TupleSections TypeApplications TypeFamilies TypeFamilyDependencies TypeOperators--library-  import:           common-options-  hs-source-dirs:   lib-  exposed-modules:-    OryKratos.API-    OryKratos.Types-  other-modules:-    Pre-    OryKratos.Types.Login-    OryKratos.Types.Misc-    OryKratos.Types.Recovery-    OryKratos.Types.Registration-    OryKratos.Types.Settings-    OryKratos.Types.Verification-    OryKratos.Types.Ui--test-suite ory-kratos-test-  import:              common-options-  type:                exitcode-stdio-1.0-  hs-source-dirs:      test-  main-is:             Spec.hs-  ghc-options:         -threaded-                       -rtsopts-                       -with-rtsopts=-N+  build-depends:      aeson                         >= 2.0.3 && < 2.1,+                      base                          >= 4.14 && < 4.17,+                      containers                    >= 0.6.5 && < 0.7,+                      mtl                           >= 2.2.2 && < 2.3,+                      transformers                  >= 0.5.6 && < 0.6,+                      text                          >= 1.2.5 && < 1.3,+                      time                          >= 1.11.1 && < 1.12,+                      exceptions                    >= 0.10.4 && < 0.11,+                      http-api-data                 >= 0.4.3 && < 0.5,+                      http-types                    >= 0.12.3 && < 0.13,+                      http-client                   >= 0.7.11 && < 0.8,+                      network-uri                   >= 2.6.4 && < 2.7,+                      http-client-tls               >= 0.3.6 && < 0.4,+                      servant                       >= 0.19 && < 0.20,+                      servant-client                >= 0.19 && < 0.20,+                      servant-client-core           >= 0.19 && < 0.20,+                      servant-server                >= 0.19.1 && < 0.20,+                      wai                           >= 3.2.3 && < 3.3,+                      warp                          >= 3.3.21 && < 3.4,+                      swagger2                      >= 2.8.2 && < 2.9,+                      uuid                          >= 1.3.15 && < 1.4,+  default-language:    Haskell2010+  default-extensions:  ApplicativeDo RecordWildCards ViewPatterns DeriveDataTypeable BangPatterns ConstraintKinds DataKinds DefaultSignatures DeriveFoldable DeriveFunctor DeriveGeneric DeriveLift DeriveTraversable DerivingStrategies DuplicateRecordFields EmptyCase ExistentialQuantification FlexibleContexts FlexibleInstances FunctionalDependencies GADTs GeneralizedNewtypeDeriving InstanceSigs KindSignatures LambdaCase MultiParamTypeClasses MultiWayIf NamedFieldPuns OverloadedStrings PatternSynonyms RankNTypes ScopedTypeVariables StandaloneDeriving TupleSections TypeApplications TypeFamilies TypeFamilyDependencies TypeOperators
− test/Spec.hs
@@ -1,6 +0,0 @@-module Main (main) where--import Prelude--main :: IO ()-main = putStrLn ("Test suite is not implemented" :: String)