/**
 * Generated by Orval
 * Do not edit manually.
 * See `gen:api` script in package.json
 */
import type { OidcSettingsResponseSchemaDefaultRootRole } from './oidcSettingsResponseSchemaDefaultRootRole';
import type { OidcSettingsResponseSchemaIdTokenSigningAlgorithm } from './oidcSettingsResponseSchemaIdTokenSigningAlgorithm';

/**
 * Response for OpenID Connect settings
 */
export interface OidcSettingsResponseSchema {
    /** Authentication Context Class Reference, used to request extra values in the acr claim returned from the server. If multiple values are required, they should be space separated. 
 Consult [the OIDC reference](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint) for more information 
 */
    acrValues?: string;
    /** When enabled Unleash will also request the 'groups' scope as part of the login request. */
    addGroupsScope?: boolean;
    /** Auto create users based on email addresses from login tokens */
    autoCreate?: boolean;
    /** The OIDC client ID of this application. */
    clientId?: string;
    /** [Default role](https://docs.getunleash.io/reference/rbac#standard-roles) granted to users auto-created from email. Only relevant if autoCreate is `true` */
    defaultRootRole?: OidcSettingsResponseSchemaDefaultRootRole;
    /** Assign this root role to auto created users. Should be a role ID and takes precedence over `defaultRootRole`. */
    defaultRootRoleId?: number;
    /** The [.well-known OpenID discover URL](https://swagger.io/docs/specification/authentication/openid-connect-discovery/) */
    discoverUrl?: string;
    /** Comma separated list of email domains that are automatically approved for an account in the server. Only relevant if autoCreate is `true` */
    emailDomains?: string;
    /** Whether to enable or disable OpenID Connect for this instance */
    enabled?: boolean;
    /** Should we enable group syncing. Refer to the documentation [Group syncing](https://docs.getunleash.io/how-to/how-to-set-up-group-sso-sync) */
    enableGroupSyncing?: boolean;
    /** Support Single sign out when user clicks logout in Unleash. If `true` user is signed out of all OpenID Connect sessions against the clientId they may have active */
    enableSingleSignOut?: boolean;
    /** Specifies the path in the OIDC token response to read which groups the user belongs to from. */
    groupJsonPath?: string;
    /** The signing algorithm used to sign our token. Refer to the [JWT signatures](https://jwt.io/introduction) documentation for more information. */
    idTokenSigningAlgorithm?: OidcSettingsResponseSchemaIdTokenSigningAlgorithm;
    /** Shared secret from OpenID server. Used to authenticate login requests */
    secret?: string;
}