|
1149 | 1149 | "description": "Configures the Ory Kratos Session caching max-age feature flag\n\nThis governs the \"feature_flags.cacheable_sessions_max_age\" setting.", |
1150 | 1150 | "type": "string" |
1151 | 1151 | }, |
| 1152 | + "kratos_feature_flags_choose_recovery_address": { |
| 1153 | + "description": "This governs the \"feature_flags.choose_recovery_address\" setting.", |
| 1154 | + "type": "boolean" |
| 1155 | + }, |
1152 | 1156 | "kratos_feature_flags_faster_session_extend": { |
1153 | 1157 | "description": "Configures the Ory Kratos Faster Session Extend setting\n\nIf enabled allows faster session extension by skipping the session lookup and returning 201 instead of 200.\nDisabling this feature will be deprecated in the future.\n\nThis governs the \"feature_flags.faster_session_extend\" setting.", |
1154 | 1158 | "type": "boolean" |
|
1165 | 1169 | "description": "Return a form error if the login identifier is not verified\n\nIf true, the login flow will return a form error if the login identifier is not verified, which restores legacy behavior. If this value is false, the `continue_with` array will contain a `show_verification_ui` hook instead.\n\nThis flag is deprecated and will be removed in the future.\n\nThis governs the \"feature_flags.legacy_require_verified_login_error\" setting.", |
1166 | 1170 | "type": "boolean" |
1167 | 1171 | }, |
| 1172 | + "kratos_feature_flags_password_profile_registration_node_group": { |
| 1173 | + "description": "Configures the group for the password method in the registration flow.\n\nIf true, it sets the password method group value to \"password\" if it is the only method available. This is the legacy behavior.\nIf false is, it sets the password method group value to \"default\".", |
| 1174 | + "type": "boolean" |
| 1175 | + }, |
1168 | 1176 | "kratos_feature_flags_use_continue_with_transitions": { |
1169 | 1177 | "description": "Configures the Ory Kratos Session use_continue_with_transitions flag\n\nThis governs the \"feature_flags.use_continue_with_transitions\" setting.", |
1170 | 1178 | "type": "boolean" |
|
3183 | 3191 | "credentials": { |
3184 | 3192 | "$ref": "#/components/schemas/identityWithCredentials" |
3185 | 3193 | }, |
| 3194 | + "external_id": { |
| 3195 | + "description": "ExternalID is an optional external ID of the identity. This is used to link\nthe identity to an external system. If set, the external ID must be unique\nacross all identities.", |
| 3196 | + "type": "string" |
| 3197 | + }, |
3186 | 3198 | "metadata_admin": { |
3187 | 3199 | "description": "Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/\u003cid\u003e`." |
3188 | 3200 | }, |
|
4063 | 4075 | "description": "Credentials represents all credentials that can be used for authenticating this identity.", |
4064 | 4076 | "type": "object" |
4065 | 4077 | }, |
| 4078 | + "external_id": { |
| 4079 | + "description": "ExternalID is an optional external ID of the identity. This is used to link\nthe identity to an external system. If set, the external ID must be unique\nacross all identities.", |
| 4080 | + "type": "string" |
| 4081 | + }, |
4066 | 4082 | "id": { |
4067 | 4083 | "description": "ID is the identity's unique identifier.\n\nThe Identity ID can not be changed and can not be chosen. This ensures future\ncompatibility and optimization for distributed stores such as CockroachDB.", |
4068 | 4084 | "format": "uuid", |
|
5878 | 5894 | "description": "Configures the Ory Kratos Session caching max-age feature flag\n\nThis governs the \"feature_flags.cacheable_sessions_max_age\" setting.", |
5879 | 5895 | "type": "string" |
5880 | 5896 | }, |
| 5897 | + "kratos_feature_flags_choose_recovery_address": { |
| 5898 | + "description": "This governs the \"feature_flags.choose_recovery_address\" setting.", |
| 5899 | + "type": "boolean" |
| 5900 | + }, |
5881 | 5901 | "kratos_feature_flags_faster_session_extend": { |
5882 | 5902 | "description": "Configures the Ory Kratos Faster Session Extend setting\n\nIf enabled allows faster session extension by skipping the session lookup and returning 201 instead of 200.\nDisabling this feature will be deprecated in the future.\n\nThis governs the \"feature_flags.faster_session_extend\" setting.", |
5883 | 5903 | "type": "boolean" |
|
5894 | 5914 | "description": "Return a form error if the login identifier is not verified\n\nIf true, the login flow will return a form error if the login identifier is not verified, which restores legacy behavior. If this value is false, the `continue_with` array will contain a `show_verification_ui` hook instead.\n\nThis flag is deprecated and will be removed in the future.\n\nThis governs the \"feature_flags.legacy_require_verified_login_error\" setting.", |
5895 | 5915 | "type": "boolean" |
5896 | 5916 | }, |
| 5917 | + "kratos_feature_flags_password_profile_registration_node_group": { |
| 5918 | + "description": "Configures the group for the password method in the registration flow.\n\nIf true, it sets the password method group value to \"password\" if it is the only method available. This is the legacy behavior.\nIf false is, it sets the password method group value to \"default\".", |
| 5919 | + "type": "boolean" |
| 5920 | + }, |
5897 | 5921 | "kratos_feature_flags_use_continue_with_transitions": { |
5898 | 5922 | "description": "Configures the Ory Kratos Session use_continue_with_transitions flag\n\nThis governs the \"feature_flags.use_continue_with_transitions\" setting.", |
5899 | 5923 | "type": "boolean" |
|
10123 | 10147 | "credentials": { |
10124 | 10148 | "$ref": "#/components/schemas/identityWithCredentials" |
10125 | 10149 | }, |
| 10150 | + "external_id": { |
| 10151 | + "description": "ExternalID is an optional external ID of the identity. This is used to link\nthe identity to an external system. If set, the external ID must be unique\nacross all identities.", |
| 10152 | + "type": "string" |
| 10153 | + }, |
10126 | 10154 | "metadata_admin": { |
10127 | 10155 | "description": "Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/\u003cid\u003e`." |
10128 | 10156 | }, |
|
10483 | 10511 | "type": "string", |
10484 | 10512 | "x-go-enum-desc": "link RecoveryStrategyLink\ncode RecoveryStrategyCode" |
10485 | 10513 | }, |
| 10514 | + "recovery_address": { |
| 10515 | + "description": "A recovery address that is registered for the user.\nIt can be an email, a phone number (to receive the code via SMS), etc.\nUsed in RecoveryV2.", |
| 10516 | + "type": "string" |
| 10517 | + }, |
| 10518 | + "recovery_confirm_address": { |
| 10519 | + "description": "If there are multiple recovery addresses registered for the user, and the initially provided address\nis different from the address chosen when the choice (of masked addresses) is presented, then we need to make sure\nthat the user actually knows the full address to avoid information exfiltration, so we ask for the full address.\nUsed in RecoveryV2.", |
| 10520 | + "type": "string" |
| 10521 | + }, |
| 10522 | + "recovery_select_address": { |
| 10523 | + "description": "If there are multiple addresses registered for the user, a choice is presented and this field\nstores the result of this choice.\nAddresses are 'masked' (never sent in full to the client and shown partially in the UI) since at this point in the recovery flow,\nthe user has not yet proven that it knows the full address and we want to avoid\ninformation exfiltration.\nSo for all intents and purposes, the value of this field should be treated as an opaque identifier.\nUsed in RecoveryV2.", |
| 10524 | + "type": "string" |
| 10525 | + }, |
| 10526 | + "screen": { |
| 10527 | + "description": "Set to \"previous\" to return to the previous screen.\nUsed in RecoveryV2.", |
| 10528 | + "type": "string" |
| 10529 | + }, |
10486 | 10530 | "transient_payload": { |
10487 | 10531 | "description": "Transient data to pass along to any webhooks", |
10488 | 10532 | "type": "object" |
|
12266 | 12310 | "tags": ["identity"] |
12267 | 12311 | } |
12268 | 12312 | }, |
| 12313 | + "/admin/identities/by/external/{externalID}": { |
| 12314 | + "get": { |
| 12315 | + "description": "Return an [identity](https://www.ory.sh/docs/kratos/concepts/identity-user-model) by its external ID. You can optionally\ninclude credentials (e.g. social sign in connections) in the response by using the `include_credential` query parameter.", |
| 12316 | + "operationId": "getIdentityByExternalID", |
| 12317 | + "parameters": [ |
| 12318 | + { |
| 12319 | + "description": "ExternalID must be set to the ID of identity you want to get", |
| 12320 | + "in": "path", |
| 12321 | + "name": "externalID", |
| 12322 | + "required": true, |
| 12323 | + "schema": { |
| 12324 | + "type": "string" |
| 12325 | + } |
| 12326 | + }, |
| 12327 | + { |
| 12328 | + "description": "Include Credentials in Response\n\nInclude any credential, for example `password` or `oidc`, in the response. When set to `oidc`, This will return\nthe initial OAuth 2.0 Access Token, OAuth 2.0 Refresh Token and the OpenID Connect ID Token if available.", |
| 12329 | + "in": "query", |
| 12330 | + "name": "include_credential", |
| 12331 | + "schema": { |
| 12332 | + "items": { |
| 12333 | + "enum": [ |
| 12334 | + "password", |
| 12335 | + "oidc", |
| 12336 | + "totp", |
| 12337 | + "lookup_secret", |
| 12338 | + "webauthn", |
| 12339 | + "code", |
| 12340 | + "passkey", |
| 12341 | + "profile", |
| 12342 | + "saml", |
| 12343 | + "link_recovery", |
| 12344 | + "code_recovery" |
| 12345 | + ], |
| 12346 | + "type": "string" |
| 12347 | + }, |
| 12348 | + "type": "array" |
| 12349 | + } |
| 12350 | + } |
| 12351 | + ], |
| 12352 | + "responses": { |
| 12353 | + "200": { |
| 12354 | + "content": { |
| 12355 | + "application/json": { |
| 12356 | + "schema": { |
| 12357 | + "$ref": "#/components/schemas/identity" |
| 12358 | + } |
| 12359 | + } |
| 12360 | + }, |
| 12361 | + "description": "identity" |
| 12362 | + }, |
| 12363 | + "404": { |
| 12364 | + "content": { |
| 12365 | + "application/json": { |
| 12366 | + "schema": { |
| 12367 | + "$ref": "#/components/schemas/errorGeneric" |
| 12368 | + } |
| 12369 | + } |
| 12370 | + }, |
| 12371 | + "description": "errorGeneric" |
| 12372 | + }, |
| 12373 | + "default": { |
| 12374 | + "content": { |
| 12375 | + "application/json": { |
| 12376 | + "schema": { |
| 12377 | + "$ref": "#/components/schemas/errorGeneric" |
| 12378 | + } |
| 12379 | + } |
| 12380 | + }, |
| 12381 | + "description": "errorGeneric" |
| 12382 | + } |
| 12383 | + }, |
| 12384 | + "security": [ |
| 12385 | + { |
| 12386 | + "oryAccessToken": [] |
| 12387 | + } |
| 12388 | + ], |
| 12389 | + "summary": "Get an Identity by its External ID", |
| 12390 | + "tags": ["identity"] |
| 12391 | + } |
| 12392 | + }, |
12269 | 12393 | "/admin/identities/{id}": { |
12270 | 12394 | "delete": { |
12271 | 12395 | "description": "Calling this endpoint irrecoverably and permanently deletes the [identity](https://www.ory.sh/docs/kratos/concepts/identity-user-model) given its ID. This action can not be undone.\nThis endpoint returns 204 when the identity was deleted or 404 if the identity was not found.", |
|
0 commit comments