> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging.auth0-mintlify.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Subscribe to events via Server-Sent Events (SSE)

> Subscribe to events via Server-Sent Events (SSE)

export const Scopes = ({scopes = []}) => {
  return <div>
      <div class="api-section-heading flex flex-col gap-y-4 w-full">
        <div class="flex items-baseline border-b pb-2.5 border-gray-100 dark:border-gray-800 w-full">
          <h4 class="api-section-heading-title flex-1 mb-0">Scopes</h4>
          <div class="flex items-center"></div>
        </div>
      </div>
      <div class="mt-4">
        <div class="space-y-4 whitespace-normal prose prose-sm prose-gray dark:prose-invert overflow-wrap-anywhere [&_*]:overflow-wrap-anywhere">
          <p class="whitespace-pre-line text-xs">
            {"Scopes define permissions and access levels for API requests and authentication tokens."}
          </p>
        </div>
      </div>
      <div class="flex font-mono text-sm group/param-head param-head break-all relative mt-6" id="scopes-scopes">
        <div class="flex-1 flex flex-col content-start py-0.5 mr-5">
          <div class="flex items-center flex-wrap gap-2">
            <div class="absolute -top-1.5">
              <a href="#scopes-scopes" class="-ml-10 flex items-center opacity-0 border-0 group-hover/param-head:opacity-100 focus:opacity-100 focus:outline-0 py-2 [.expandable-content_&]:-ml-[2.1rem] group/link" aria-label="Navigate to header">
                ​
                <div class="w-6 h-6 rounded-md flex items-center justify-center shadow-sm text-gray-400 dark:text-white/50 dark:bg-background-dark dark:brightness-[1.35] dark:ring-1 dark:hover:brightness-150 bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20 group-focus/link:border-2 group-focus/link:border-primary dark:group-focus/link:border-primary-light">
                  <svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512">
                    <path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path>
                  </svg>
                </div>
              </a>
            </div>
            {scopes.map((scope, index) => {
    return <span class="flex items-center px-2 py-0.5 rounded-md bg-gray-100/50 dark:bg-white/5 text-gray-600 dark:text-gray-200 font-medium break-all" style={{
      lineHeight: "1rem",
      fontSize: "0.75rem",
      fontFamily: 'var(--font-jetbrains-mono), ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace'
    }} data-component-part="field-info-pill" key={index}>
                  {scope}
                </span>;
  })}
          </div>
        </div>
      </div>
    </div>;
};

export const ApiReleaseLifecycle = ({releaseLifecycle = 'GA'}) => {
  const lifecycleMap = {
    ea: 'Early Access',
    ga: 'Generally Available',
    deprecated: 'Deprecated',
    planned: 'Planned',
    beta: 'Beta'
  };
  const LIFECYCLE_THEMES = {
    info: {
      light: {
        bg: 'lab(91.896% .077188 -6.94053)',
        text: 'lab(36.091% 25.9241 -68.0384)'
      },
      dark: {
        bg: 'lab(16.0426% 6.71726 -27.2409)',
        text: 'lab(72.6029% 4.08953 -41.9669)'
      }
    },
    secondary: {
      light: {
        bg: 'lab(90.8548% 11.3355 8.01476)',
        text: 'lab(47.5286% 56.4238 43.4706)'
      },
      dark: {
        bg: 'lab(16.3609% 37.191 25.6346)',
        text: 'lab(71.881% 41.5 29.4839)'
      }
    },
    danger: {
      light: {
        bg: 'lab(94.7916% -.0000298023 0)',
        text: 'lab(54.3656% 0 -.0000119209)'
      },
      dark: {
        bg: 'lab(13.232% 0 0)',
        text: 'lab(51.6164% 0 0)'
      }
    }
  };
  const LIFECYCLE_THEME_MAP = {
    ea: 'info',
    ga: 'info',
    beta: 'info',
    deprecated: 'secondary',
    planned: 'danger'
  };
  const lifecycle = releaseLifecycle.toLocaleLowerCase();
  const lifecycleText = lifecycleMap[lifecycle];
  if (!lifecycleText) {
    return null;
  }
  const theme = LIFECYCLE_THEMES[LIFECYCLE_THEME_MAP[lifecycle]];
  return <div>
      <div className="api-section-heading flex flex-col gap-y-4 w-full">
        <div className="flex items-baseline border-b pb-2.5 border-gray-100 dark:border-gray-800 w-full">
          <h4 className="api-section-heading-title flex-1 mb-0">
            Release Lifecycle
          </h4>
        </div>
      </div>
      <div className="flex font-mono text-sm group/param-head param-head break-all relative mt-2.5" id="releaselifecycle-lifecycle">
        <div className="flex-1 flex flex-col content-start py-0.5 mr-5">
          <div className="flex items-center flex-wrap gap-2">
            <div className="absolute -top-1.5">
              <a href="#releaselifecycle-lifecycle" className="-ml-10 flex items-center opacity-0 border-0 group-hover/param-head:opacity-100 focus:opacity-100 focus:outline-0 py-2 [.expandable-content_&]:-ml-[2.1rem] group/link" aria-label="Navigate to header">
                <div className="w-6 h-6 rounded-md flex items-center justify-center shadow-sm text-gray-400 dark:text-white/50 dark:bg-background-dark dark:brightness-[1.35] dark:ring-1 dark:hover:brightness-150 bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20 group-focus/link:border-2 group-focus/link:border-primary dark:group-focus/link:border-primary-light">
                  <svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512">
                    <path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path>
                  </svg>
                </div>
              </a>
            </div>
            <span className="inline-flex items-center w-fit font-medium gap-1 py-0.5 px-2 rounded-md" style={{
    lineHeight: '1rem',
    fontSize: '0.75rem',
    fontFamily: 'var(--font-jetbrains-mono), ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace',
    backgroundColor: `light-dark(${theme.light.bg}, ${theme.dark.bg})`,
    color: `light-dark(${theme.light.text}, ${theme.dark.text})`,
    borderColor: `light-dark(color-mix(in oklab, ${theme.light.text} 25%, transparent), color-mix(in oklab, ${theme.dark.text} 25%, transparent))`
  }}>
              {lifecycleText}
            </span>
          </div>
        </div>
      </div>
    </div>;
};

<ApiReleaseLifecycle releaseLifecycle="GA" />

<Scopes scopes={["read:events"]} />


## OpenAPI

````yaml management-api-oas get /events
openapi: 3.1.0
info:
  title: Auth0 Management API
  description: Auth0 Management API v2.
  termsOfService: https://auth0.com/web-terms/
  contact:
    name: Auth0 Support
    url: https://support.auth0.com
  version: '2.0'
servers:
  - url: https://{tenantDomain}/api/v2
    variables:
      tenantDomain:
        default: '{TENANT}.auth0.com'
        description: Auth0 Tenant Domain
security:
  - bearerAuth: []
externalDocs:
  description: Auth0 Management API Documentation
  url: https://auth0.com/docs/api/management/v2/
paths:
  /events:
    get:
      tags:
        - events
      summary: Subscribe to events via Server-Sent Events (SSE)
      description: Subscribe to events via Server-Sent Events (SSE)
      operationId: subscribe_events
      parameters:
        - name: from
          in: query
          description: >-
            Opaque token representing position in the stream. If not provided,
            stream will start from the latest events.
          schema:
            type: string
            maxLength: 1024
        - name: from_timestamp
          in: query
          description: >-
            RFC-3339 timestamp indicating where to start streaming events from.
            This should only be used on the initial query when a cursor may not
            be available. Subsequent requests should use the cursor (from) as it
            will be more accurate.
          schema:
            type: string
            maxLength: 20
        - name: event_type
          in: query
          description: >-
            Event type(s) to listen for. Specify multiple times for multiple
            types (e.g., ?event_type=user.created&event_type=user.updated). If
            not provided, all event types will be streamed.
          style: form
          explode: true
          schema:
            $ref: '#/components/schemas/EventStreamSubscribeEventsEventTypeParam'
      responses:
        '200':
          description: Event stream successfully established.
          content:
            text/event-stream:
              schema:
                $ref: '#/components/schemas/EventStreamSubscribeEventsResponseContent'
        '400':
          description: Invalid cursor format.
          x-description-1: Unsupported event type.
          x-description-2: >-
            Invalid request query string. The message will vary depending on the
            cause.
        '401':
          description: Invalid token.
          x-description-1: Invalid signature received for JSON Web Token validation.
          x-description-2: Client is not global.
        '403':
          description: >-
            Maximum concurrent event stream connections reached. Please close
            existing connections.
          x-description-1: 'Insufficient scope; expected any of: read:events.'
        '404':
          description: Not found
        '410':
          description: Cursor points to data no longer available in the stream.
        '429':
          description: >-
            Too many requests. Check the X-RateLimit-Limit,
            X-RateLimit-Remaining and X-RateLimit-Reset headers.
      security:
        - bearerAuth: []
        - oAuth2ClientCredentials:
            - read:events
      x-codeSamples:
        - lang: csharp
          label: Subscribe to events via Server-Sent Events (SSE)
          source: |
            using Auth0.ManagementApi;
            using System.Threading.Tasks;

            public partial class Examples
            {
                public async Task Example() {
                    var client = new ManagementClient(
                        token: "<token>"
                    );

                    await foreach (var item in client.Events.SubscribeAsync(
                        new SubscribeEventsRequestParameters {
                            From = "from",
                            FromTimestamp = "from_timestamp",
                            EventType = EventStreamSubscribeEventsEventTypeEnum.GroupCreated
                        }
                    ))
                    {
                        /* consume each item */
                    }
                    ;
                }

            }
        - lang: java
          label: Subscribe to events via Server-Sent Events (SSE)
          source: >-
            package com.example.usage;


            import com.auth0.client.mgmt.ManagementApi;

            import
            com.auth0.client.mgmt.resources.events.requests.SubscribeEventsRequestParameters;

            import
            com.auth0.client.mgmt.types.EventStreamSubscribeEventsEventTypeEnum;

            import
            com.auth0.client.mgmt.types.EventStreamSubscribeEventsEventTypeParam;


            public class Example {
                public static void main(String[] args) {
                    ManagementApi client = ManagementApi
                        .builder()
                        .token("<token>")
                        .build();

                    client.events().subscribe(
                        SubscribeEventsRequestParameters
                            .builder()
                            .from("from")
                            .fromTimestamp("from_timestamp")
                            .eventType(
                                EventStreamSubscribeEventsEventTypeParam.of(EventStreamSubscribeEventsEventTypeEnum.GROUP_CREATED)
                            )
                            .build()
                    );
                }
            }
        - lang: php
          label: Subscribe to events via Server-Sent Events (SSE)
          source: >
            <?php


            namespace Example;


            use Auth0\SDK\API\Management\Management;

            use
            Auth0\SDK\API\Management\Events\Requests\SubscribeEventsRequestParameters;

            use
            Auth0\SDK\API\Management\Types\EventStreamSubscribeEventsEventTypeEnum;


            $client = new Management(
                token: '<token>',
            );

            $client->events->subscribe(
                new SubscribeEventsRequestParameters([
                    'from' => 'from',
                    'fromTimestamp' => 'from_timestamp',
                    'eventType' => EventStreamSubscribeEventsEventTypeEnum::GroupCreated->value,
                ]),
            );
        - lang: python
          label: Subscribe to events via Server-Sent Events (SSE)
          source: |
            from auth0.management import ManagementClient

            client = ManagementClient(
                token="<token>",
            )

            client.events.subscribe(
                from="from",
                from_timestamp="from_timestamp",
                event_type="group.created",
            )
        - lang: ruby
          label: Subscribe to events via Server-Sent Events (SSE)
          source: |
            require "auth0"

            client = Auth0::Management.new(token: "<token>")

            client.events.subscribe(
              from: "from",
              from_timestamp: "from_timestamp",
              event_type: "group.created"
            )
components:
  schemas:
    EventStreamSubscribeEventsEventTypeParam:
      type: array
      items:
        $ref: '#/components/schemas/EventStreamSubscribeEventsEventTypeEnum'
      description: >-
        Event type(s) to listen for. Specify multiple times for multiple types
        (e.g., ?event_type=user.created&event_type=user.updated). If not
        provided, all event types will be streamed.
    EventStreamSubscribeEventsResponseContent:
      description: >-
        The JSON payload delivered in each SSE data line. The type field is
        injected from the SSE event field by the SDK. Discriminated by type: an
        event type name for events, "error" for errors, and "offset-only" for
        cursor-only heartbeats.
      discriminator:
        propertyName: type
        x-discriminator-context: protocol
        mapping:
          connection.created:
            $ref: '#/components/schemas/EventStreamCloudEventConnectionCreated'
          connection.deleted:
            $ref: '#/components/schemas/EventStreamCloudEventConnectionDeleted'
          connection.updated:
            $ref: '#/components/schemas/EventStreamCloudEventConnectionUpdated'
          group.created:
            $ref: '#/components/schemas/EventStreamCloudEventGroupCreated'
          group.deleted:
            $ref: '#/components/schemas/EventStreamCloudEventGroupDeleted'
          group.member.added:
            $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAdded'
          group.member.deleted:
            $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeleted'
          group.role.assigned:
            $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssigned'
          group.role.deleted:
            $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeleted'
          group.updated:
            $ref: '#/components/schemas/EventStreamCloudEventGroupUpdated'
          organization.connection.added:
            $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionAdded'
          organization.connection.removed:
            $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionRemoved'
          organization.connection.updated:
            $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionUpdated'
          organization.created:
            $ref: '#/components/schemas/EventStreamCloudEventOrgCreated'
          organization.deleted:
            $ref: '#/components/schemas/EventStreamCloudEventOrgDeleted'
          organization.group.role.assigned:
            $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssigned'
          organization.group.role.deleted:
            $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeleted'
          organization.member.added:
            $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAdded'
          organization.member.deleted:
            $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeleted'
          organization.member.role.assigned:
            $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleAssigned'
          organization.member.role.deleted:
            $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeleted'
          organization.updated:
            $ref: '#/components/schemas/EventStreamCloudEventOrgUpdated'
          user.created:
            $ref: '#/components/schemas/EventStreamCloudEventUserCreated'
          user.deleted:
            $ref: '#/components/schemas/EventStreamCloudEventUserDeleted'
          user.updated:
            $ref: '#/components/schemas/EventStreamCloudEventUserUpdated'
          error:
            $ref: '#/components/schemas/EventStreamCloudEventErrorMessage'
          offset-only:
            $ref: '#/components/schemas/EventStreamCloudEventOffsetOnlyMessage'
      oneOf:
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionCreated'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionDeleted'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionUpdated'
        - $ref: '#/components/schemas/EventStreamCloudEventGroupCreated'
        - $ref: '#/components/schemas/EventStreamCloudEventGroupDeleted'
        - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAdded'
        - $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeleted'
        - $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssigned'
        - $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeleted'
        - $ref: '#/components/schemas/EventStreamCloudEventGroupUpdated'
        - $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionAdded'
        - $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionRemoved'
        - $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionUpdated'
        - $ref: '#/components/schemas/EventStreamCloudEventOrgCreated'
        - $ref: '#/components/schemas/EventStreamCloudEventOrgDeleted'
        - $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssigned'
        - $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeleted'
        - $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAdded'
        - $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeleted'
        - $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleAssigned'
        - $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeleted'
        - $ref: '#/components/schemas/EventStreamCloudEventOrgUpdated'
        - $ref: '#/components/schemas/EventStreamCloudEventUserCreated'
        - $ref: '#/components/schemas/EventStreamCloudEventUserDeleted'
        - $ref: '#/components/schemas/EventStreamCloudEventUserUpdated'
        - $ref: '#/components/schemas/EventStreamCloudEventErrorMessage'
        - $ref: '#/components/schemas/EventStreamCloudEventOffsetOnlyMessage'
    EventStreamSubscribeEventsEventTypeEnum:
      type: string
      enum:
        - connection.created
        - connection.deleted
        - connection.updated
        - group.created
        - group.deleted
        - group.member.added
        - group.member.deleted
        - group.role.assigned
        - group.role.deleted
        - group.updated
        - organization.connection.added
        - organization.connection.removed
        - organization.connection.updated
        - organization.created
        - organization.deleted
        - organization.group.role.assigned
        - organization.group.role.deleted
        - organization.member.added
        - organization.member.deleted
        - organization.member.role.assigned
        - organization.member.role.deleted
        - organization.updated
        - user.created
        - user.deleted
        - user.updated
    EventStreamCloudEventConnectionCreated:
      type: object
      description: SSE message for connection.created.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventConnectionCreatedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedCloudEvent
    EventStreamCloudEventConnectionDeleted:
      type: object
      description: SSE message for connection.deleted.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventConnectionDeletedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedCloudEvent
    EventStreamCloudEventConnectionUpdated:
      type: object
      description: SSE message for connection.updated.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventConnectionUpdatedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedCloudEvent
    EventStreamCloudEventGroupCreated:
      type: object
      description: SSE message for group.created.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedCloudEvent'
    EventStreamCloudEventGroupDeleted:
      type: object
      description: SSE message for group.deleted.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedCloudEvent'
    EventStreamCloudEventGroupMemberAdded:
      type: object
      description: SSE message for group.member.added.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedCloudEvent'
    EventStreamCloudEventGroupMemberDeleted:
      type: object
      description: SSE message for group.member.deleted.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedCloudEvent
    EventStreamCloudEventGroupRoleAssigned:
      type: object
      description: SSE message for group.role.assigned.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleAssignedCloudEvent
    EventStreamCloudEventGroupRoleDeleted:
      type: object
      description: SSE message for group.role.deleted.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedCloudEvent'
    EventStreamCloudEventGroupUpdated:
      type: object
      description: SSE message for group.updated.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedCloudEvent'
    EventStreamCloudEventOrgConnectionAdded:
      type: object
      description: SSE message for organization.connection.added.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionAddedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionAddedCloudEvent
    EventStreamCloudEventOrgConnectionRemoved:
      type: object
      description: SSE message for organization.connection.removed.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionRemovedTypeEnum
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionRemovedCloudEvent
    EventStreamCloudEventOrgConnectionUpdated:
      type: object
      description: SSE message for organization.connection.updated.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionUpdatedTypeEnum
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionUpdatedCloudEvent
    EventStreamCloudEventOrgCreated:
      type: object
      description: SSE message for organization.created.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedCloudEvent'
    EventStreamCloudEventOrgDeleted:
      type: object
      description: SSE message for organization.deleted.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventOrgDeletedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: '#/components/schemas/EventStreamCloudEventOrgDeletedCloudEvent'
    EventStreamCloudEventOrgGroupRoleAssigned:
      type: object
      description: SSE message for organization.group.role.assigned.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedTypeEnum
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedCloudEvent
    EventStreamCloudEventOrgGroupRoleDeleted:
      type: object
      description: SSE message for organization.group.role.deleted.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedTypeEnum
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedCloudEvent
    EventStreamCloudEventOrgMemberAdded:
      type: object
      description: SSE message for organization.member.added.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAddedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAddedCloudEvent'
    EventStreamCloudEventOrgMemberDeleted:
      type: object
      description: SSE message for organization.member.deleted.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeletedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeletedCloudEvent'
    EventStreamCloudEventOrgMemberRoleAssigned:
      type: object
      description: SSE message for organization.member.role.assigned.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedTypeEnum
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedCloudEvent
    EventStreamCloudEventOrgMemberRoleDeleted:
      type: object
      description: SSE message for organization.member.role.deleted.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedTypeEnum
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedCloudEvent
    EventStreamCloudEventOrgUpdated:
      type: object
      description: SSE message for organization.updated.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedCloudEvent'
    EventStreamCloudEventUserCreated:
      type: object
      description: SSE message for user.created.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventUserCreatedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: '#/components/schemas/EventStreamCloudEventUserCreatedCloudEvent'
    EventStreamCloudEventUserDeleted:
      type: object
      description: SSE message for user.deleted.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventUserDeletedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: '#/components/schemas/EventStreamCloudEventUserDeletedCloudEvent'
    EventStreamCloudEventUserUpdated:
      type: object
      description: SSE message for user.updated.
      additionalProperties: false
      required:
        - type
        - offset
        - event
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing position in the stream. Pass as the
            `from` query parameter to resume.
        event:
          $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedCloudEvent'
    EventStreamCloudEventErrorMessage:
      type: object
      description: >-
        An error message delivered via the SSE stream. The stream closes after
        this message.
      additionalProperties: false
      required:
        - type
        - error
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventErrorMessageTypeEnum'
        error:
          $ref: '#/components/schemas/EventStreamCloudEventErrorDetail'
    EventStreamCloudEventOffsetOnlyMessage:
      type: object
      description: >-
        An offset-only heartbeat message. Advances the cursor without delivering
        an event.
      additionalProperties: false
      required:
        - type
        - offset
      properties:
        type:
          $ref: '#/components/schemas/EventStreamCloudEventOffsetOnlyMessageTypeEnum'
        offset:
          type: string
          description: >-
            Opaque cursor representing the latest position in the stream. Pass
            as the `from` query parameter to resume.
    EventStreamCloudEventConnectionCreatedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - connection.created
    EventStreamCloudEventConnectionCreatedCloudEvent:
      type: object
      description: Represents an event that occurs when a connection is created.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventConnectionCreatedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventConnectionDeletedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - connection.deleted
    EventStreamCloudEventConnectionDeletedCloudEvent:
      type: object
      description: Represents an event that occurs when a connection is deleted.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventConnectionDeletedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventConnectionUpdatedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - connection.updated
    EventStreamCloudEventConnectionUpdatedCloudEvent:
      type: object
      description: Represents an event that occurs when a connection is updated.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventConnectionUpdatedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventGroupCreatedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - group.created
    EventStreamCloudEventGroupCreatedCloudEvent:
      type: object
      description: Represents an event that occurs when a group is created.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupCreatedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventGroupDeletedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - group.deleted
    EventStreamCloudEventGroupDeletedCloudEvent:
      type: object
      description: Represents an event that occurs when a group is deleted.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupDeletedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventGroupMemberAddedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - group.member.added
    EventStreamCloudEventGroupMemberAddedCloudEvent:
      type: object
      description: Represents an event that occurs when a member is added to a group.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberAddedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventGroupMemberDeletedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - group.member.deleted
    EventStreamCloudEventGroupMemberDeletedCloudEvent:
      type: object
      description: Represents an event that occurs when a member is removed from a group.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventGroupRoleAssignedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - group.role.assigned
    EventStreamCloudEventGroupRoleAssignedCloudEvent:
      type: object
      description: Represents an event that occurs when a role is assigned to a group.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleAssignedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventGroupRoleDeletedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - group.role.deleted
    EventStreamCloudEventGroupRoleDeletedCloudEvent:
      type: object
      description: Represents an event that occurs when a role is removed from a group.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleDeletedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventGroupUpdatedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - group.updated
    EventStreamCloudEventGroupUpdatedCloudEvent:
      type: object
      description: Represents an event that occurs when a group is updated.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupUpdatedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventOrgConnectionAddedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - organization.connection.added
    EventStreamCloudEventOrgConnectionAddedCloudEvent:
      type: object
      description: >-
        Represents an event that occurs when a connection is added to an
        organization.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionAddedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionAddedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventOrgConnectionRemovedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - organization.connection.removed
    EventStreamCloudEventOrgConnectionRemovedCloudEvent:
      type: object
      description: >-
        Represents an event that occurs when a connection is removed from an
        organization.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionRemovedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionRemovedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventOrgConnectionUpdatedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - organization.connection.updated
    EventStreamCloudEventOrgConnectionUpdatedCloudEvent:
      type: object
      description: >-
        Represents an event that occurs when a organization connection is
        updated.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionUpdatedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionUpdatedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventOrgCreatedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - organization.created
    EventStreamCloudEventOrgCreatedCloudEvent:
      type: object
      description: Represents an event that occurs when an organization is created.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgCreatedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventOrgDeletedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - organization.deleted
    EventStreamCloudEventOrgDeletedCloudEvent:
      type: object
      description: Represents an event that occurs when an organization is deleted.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgDeletedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventOrgDeletedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventOrgGroupRoleAssignedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - organization.group.role.assigned
    EventStreamCloudEventOrgGroupRoleAssignedCloudEvent:
      type: object
      description: >-
        Represents an event that occurs when a role is assigned to an
        organization group.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventOrgGroupRoleDeletedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - organization.group.role.deleted
    EventStreamCloudEventOrgGroupRoleDeletedCloudEvent:
      type: object
      description: >-
        Represents an event that occurs when a role is removed from an
        organization group.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventOrgMemberAddedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - organization.member.added
    EventStreamCloudEventOrgMemberAddedCloudEvent:
      type: object
      description: >-
        Represents an event that occurs when a member is added to an
        organization.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberAddedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAddedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventOrgMemberDeletedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - organization.member.deleted
    EventStreamCloudEventOrgMemberDeletedCloudEvent:
      type: object
      description: >-
        Represents an event that occurs when a member is removed from an
        organization.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberDeletedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeletedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventOrgMemberRoleAssignedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - organization.member.role.assigned
    EventStreamCloudEventOrgMemberRoleAssignedCloudEvent:
      type: object
      description: >-
        Represents an event that occurs when a member is added to an
        organization.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventOrgMemberRoleDeletedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - organization.member.role.deleted
    EventStreamCloudEventOrgMemberRoleDeletedCloudEvent:
      type: object
      description: >-
        Represents an event that occurs when a member is removed from an
        organization.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventOrgUpdatedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - organization.updated
    EventStreamCloudEventOrgUpdatedCloudEvent:
      type: object
      description: Represents an event that occurs when an organization is updated.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgUpdatedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventUserCreatedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - user.created
    EventStreamCloudEventUserCreatedCloudEvent:
      type: object
      description: Represents an event that occurs when a user is created.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventUserCreatedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventUserDeletedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - user.deleted
    EventStreamCloudEventUserDeletedCloudEvent:
      type: object
      description: Represents an event that occurs when a user is deleted.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventUserDeletedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventUserUpdatedTypeEnum:
      type: string
      description: The event type (injected from the SSE event field).
      enum:
        - user.updated
    EventStreamCloudEventUserUpdatedCloudEvent:
      type: object
      description: Represents an event that occurs when a user is updated.
      additionalProperties: false
      required:
        - specversion
        - type
        - source
        - id
        - time
        - data
        - a0tenant
        - a0stream
      properties:
        specversion:
          $ref: '#/components/schemas/EventStreamCloudEventSpecVersionEnum'
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedCloudEventTypeEnum
        source:
          type: string
          description: >-
            The source of the event. This will take the form
            'urn:auth0:<tenant>.<domain>'.
        id:
          type: string
          description: A unique identifier for the event.
          pattern: evt_[a-zA-Z0-9]{22}
        time:
          type: string
          description: An ISO-8601 timestamp indicating when the event physically occurred.
          format: date-time
        data:
          $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedData'
        a0tenant:
          type: string
          description: The auth0 tenant ID to which the event is associated.
          minLength: 3
          maxLength: 63
          pattern: '[a-z0-9][-a-z0-9]{1,62}[a-z0-9]'
        a0stream:
          type: string
          description: The auth0 event stream ID of the stream the event was delivered on.
          pattern: est_[a-zA-Z0-9]{22}
        a0purpose:
          $ref: '#/components/schemas/EventStreamCloudEventA0PurposeEnum'
    EventStreamCloudEventErrorMessageTypeEnum:
      type: string
      description: Identifies this as an error message (injected from the SSE event field).
      enum:
        - error
    EventStreamCloudEventErrorDetail:
      type: object
      description: Error details.
      additionalProperties: false
      required:
        - code
        - message
      properties:
        code:
          $ref: '#/components/schemas/EventStreamCloudEventErrorCodeEnum'
        message:
          type: string
          description: Human-readable error message.
        offset:
          type: string
          description: >-
            The cursor at the time of the error (when available). Can be used to
            resume from this position.
    EventStreamCloudEventOffsetOnlyMessageTypeEnum:
      type: string
      description: >-
        Identifies this as an offset-only heartbeat message (injected from the
        SSE event field).
      enum:
        - offset-only
    EventStreamCloudEventSpecVersionEnum:
      type: string
      description: The version of the CloudEvents specification which the event uses.
      enum:
        - '1.0'
    EventStreamCloudEventConnectionCreatedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - connection.created
    EventStreamCloudEventConnectionCreatedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventConnectionCreatedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventA0PurposeEnum:
      type: string
      description: >-
        The purpose of this event. This field will typically appear only in
        special cases

        such as sending a test event. For normal events, this field will be
        omitted.
      enum:
        - test
    EventStreamCloudEventConnectionDeletedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - connection.deleted
    EventStreamCloudEventConnectionDeletedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventConnectionDeletedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventConnectionUpdatedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - connection.updated
    EventStreamCloudEventConnectionUpdatedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventConnectionUpdatedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventGroupCreatedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - group.created
    EventStreamCloudEventGroupCreatedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventGroupDeletedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - group.deleted
    EventStreamCloudEventGroupDeletedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventGroupMemberAddedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - group.member.added
    EventStreamCloudEventGroupMemberAddedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventGroupMemberAddedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventGroupMemberDeletedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - group.member.deleted
    EventStreamCloudEventGroupMemberDeletedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventGroupMemberDeletedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventGroupRoleAssignedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - group.role.assigned
    EventStreamCloudEventGroupRoleAssignedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventGroupRoleAssignedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventGroupRoleDeletedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - group.role.deleted
    EventStreamCloudEventGroupRoleDeletedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventGroupUpdatedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - group.updated
    EventStreamCloudEventGroupUpdatedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventOrgConnectionAddedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - organization.connection.added
    EventStreamCloudEventOrgConnectionAddedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionAddedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventOrgConnectionRemovedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - organization.connection.removed
    EventStreamCloudEventOrgConnectionRemovedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionRemovedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventOrgConnectionUpdatedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - organization.connection.updated
    EventStreamCloudEventOrgConnectionUpdatedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventOrgConnectionUpdatedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventOrgCreatedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - organization.created
    EventStreamCloudEventOrgCreatedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventOrgDeletedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - organization.deleted
    EventStreamCloudEventOrgDeletedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventOrgDeletedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventOrgGroupRoleAssignedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - organization.group.role.assigned
    EventStreamCloudEventOrgGroupRoleAssignedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventOrgGroupRoleDeletedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - organization.group.role.deleted
    EventStreamCloudEventOrgGroupRoleDeletedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventOrgMemberAddedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - organization.member.added
    EventStreamCloudEventOrgMemberAddedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAddedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventOrgMemberDeletedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - organization.member.deleted
    EventStreamCloudEventOrgMemberDeletedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeletedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventOrgMemberRoleAssignedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - organization.member.role.assigned
    EventStreamCloudEventOrgMemberRoleAssignedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedObject
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventOrgMemberRoleDeletedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - organization.member.role.deleted
    EventStreamCloudEventOrgMemberRoleDeletedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventOrgUpdatedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - organization.updated
    EventStreamCloudEventOrgUpdatedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventUserCreatedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - user.created
    EventStreamCloudEventUserCreatedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventUserCreatedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventUserDeletedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - user.deleted
    EventStreamCloudEventUserDeletedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventUserDeletedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventUserUpdatedCloudEventTypeEnum:
      type: string
      description: The type of the event which has happened.
      enum:
        - user.updated
    EventStreamCloudEventUserUpdatedData:
      type: object
      description: The event payload.
      additionalProperties: false
      required:
        - object
      properties:
        object:
          $ref: '#/components/schemas/EventStreamCloudEventUserUpdatedObject'
        context:
          $ref: '#/components/schemas/EventStreamCloudEventContext'
    EventStreamCloudEventErrorCodeEnum:
      type: string
      description: Machine-readable error code.
      enum:
        - invalid_cursor
        - cursor_expired
        - timeout
        - payload_too_large
        - processing_error
        - connection_timeout
    EventStreamCloudEventConnectionCreatedObject:
      description: The event content.
      oneOf:
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionCreatedObject0'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionCreatedObject1'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionCreatedObject2'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionCreatedObject3'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionCreatedObject4'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionCreatedObject5'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionCreatedObject6'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionCreatedObject7'
    EventStreamCloudEventContext:
      type: object
      description: >-
        Information about the context in which the event was produced. This may
        include things like

        HTTP request details, client information, connection information, etc.


        Note: This field may not be present on all events, depending on the
        event type and the

        context in which it was generated.
      additionalProperties: false
      required:
        - tenant
      properties:
        client:
          $ref: '#/components/schemas/EventStreamCloudEventContextClient'
        connection:
          $ref: '#/components/schemas/EventStreamCloudEventContextConnection'
        request:
          $ref: '#/components/schemas/EventStreamCloudEventContextRequest'
        tenant:
          $ref: '#/components/schemas/EventStreamCloudEventContextTenant'
    EventStreamCloudEventConnectionDeletedObject:
      description: The event content.
      oneOf:
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionDeletedObject0'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionDeletedObject1'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionDeletedObject2'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionDeletedObject3'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionDeletedObject4'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionDeletedObject5'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionDeletedObject6'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionDeletedObject7'
    EventStreamCloudEventConnectionUpdatedObject:
      description: The event content.
      oneOf:
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionUpdatedObject0'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionUpdatedObject1'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionUpdatedObject2'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionUpdatedObject3'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionUpdatedObject4'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionUpdatedObject5'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionUpdatedObject6'
        - $ref: '#/components/schemas/EventStreamCloudEventConnectionUpdatedObject7'
    EventStreamCloudEventGroupCreatedObject:
      description: The event content.
      oneOf:
        - $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedObject0'
        - $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedObject1'
        - $ref: '#/components/schemas/EventStreamCloudEventGroupCreatedObject2'
    EventStreamCloudEventGroupDeletedObject:
      description: The event content.
      oneOf:
        - $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedObject0'
        - $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedObject1'
        - $ref: '#/components/schemas/EventStreamCloudEventGroupDeletedObject2'
    EventStreamCloudEventGroupMemberAddedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - group
        - member
      properties:
        group:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup
        member:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberAddedObjectMember
    EventStreamCloudEventGroupMemberDeletedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - group
        - member
      properties:
        group:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup
        member:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectMember
    EventStreamCloudEventGroupRoleAssignedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - group
        - role
        - created_at
      properties:
        group:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup
        role:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectRole
        created_at:
          type: string
          description: The time at which the role was assigned to the group.
          format: date-time
    EventStreamCloudEventGroupRoleDeletedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - group
        - role
        - deleted_at
      properties:
        group:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup
        role:
          $ref: '#/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectRole'
        deleted_at:
          type: string
          description: The time at which the role was removed from the group.
          format: date-time
    EventStreamCloudEventGroupUpdatedObject:
      description: The event content.
      oneOf:
        - $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedObject0'
        - $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedObject1'
        - $ref: '#/components/schemas/EventStreamCloudEventGroupUpdatedObject2'
    EventStreamCloudEventOrgConnectionAddedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - organization
        - connection
      properties:
        organization:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionAddedObjectOrganization
        connection:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionAddedObjectConnection
        assign_membership_on_login:
          type: boolean
          description: >-
            When true, all users that log in with this connection will be
            automatically granted membership

            in the organization. When false, users must be granted membership in
            the organization before

            logging in with this connection.
        show_as_button:
          type: boolean
          description: >-
            Determines whether a connection should be displayed on this
            organization’s login prompt.

            Only applicable for enterprise connections.
        is_signup_enabled:
          type: boolean
          description: >-
            Determines whether organization signup should be enabled for this
            organization connection.

            Only applicable for database connections.
    EventStreamCloudEventOrgConnectionRemovedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - organization
        - connection
      properties:
        organization:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionRemovedObjectOrganization
        connection:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionRemovedObjectConnection
    EventStreamCloudEventOrgConnectionUpdatedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - organization
        - connection
      properties:
        organization:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionUpdatedObjectOrganization
        connection:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgConnectionUpdatedObjectConnection
        assign_membership_on_login:
          type: boolean
          description: >-
            When true, all users that log in with this connection will be
            automatically granted membership

            in the organization. When false, users must be granted membership in
            the organization before

            logging in with this connection.
        show_as_button:
          type: boolean
          description: >-
            Determines whether a connection should be displayed on this
            organization’s login prompt.

            Only applicable for enterprise connections.
        is_signup_enabled:
          type: boolean
          description: >-
            Determines whether organization signup should be enabled for this
            organization connection.

            Only applicable for database connections.
    EventStreamCloudEventOrgCreatedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - id
      properties:
        name:
          type: string
          description: >-
            The human-readable identifier for the organization that will be used
            by end-users to direct them to their organization in your
            application..
          pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$
        id:
          type: string
          description: ID of the organization.
          pattern: org_[a-zA-Z0-9]{16}
        display_name:
          type: string
          description: >-
            If set, the name that will be displayed to end-users for this
            organization in any interaction with them.
        metadata:
          $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedObjectMetadata'
        branding:
          $ref: '#/components/schemas/EventStreamCloudEventOrgCreatedObjectBranding'
    EventStreamCloudEventOrgDeletedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - id
      properties:
        name:
          type: string
          description: >-
            The human-readable identifier for the organization that will be used
            by end-users to direct them to their organization in your
            application..
          pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$
        id:
          type: string
          description: ID of the organization.
          pattern: org_[a-zA-Z0-9]{16}
        display_name:
          type: string
          description: >-
            If set, the name that will be displayed to end-users for this
            organization in any interaction with them.
        metadata:
          $ref: '#/components/schemas/EventStreamCloudEventOrgDeletedObjectMetadata'
    EventStreamCloudEventOrgGroupRoleAssignedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - organization
        - role
        - group
        - created_at
      properties:
        organization:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectOrganization
        role:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectRole
        group:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup
        created_at:
          type: string
          description: >-
            The time at which the role was assigned to the group in the
            organization.
          format: date-time
    EventStreamCloudEventOrgGroupRoleDeletedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - organization
        - role
        - group
        - deleted_at
      properties:
        organization:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectOrganization
        role:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectRole
        group:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup
        deleted_at:
          type: string
          description: >-
            The time at which the role was removed from the group in the
            organization.
          format: date-time
    EventStreamCloudEventOrgMemberAddedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - organization
        - user
      properties:
        organization:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberAddedObjectOrganization
        user:
          $ref: '#/components/schemas/EventStreamCloudEventOrgMemberAddedObjectUser'
    EventStreamCloudEventOrgMemberDeletedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - organization
        - user
      properties:
        organization:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberDeletedObjectOrganization
        user:
          $ref: '#/components/schemas/EventStreamCloudEventOrgMemberDeletedObjectUser'
    EventStreamCloudEventOrgMemberRoleAssignedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - organization
        - user
        - role
      properties:
        organization:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedObjectOrganization
        user:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedObjectUser
        role:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberRoleAssignedObjectRole
    EventStreamCloudEventOrgMemberRoleDeletedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - organization
        - user
        - role
      properties:
        organization:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedObjectOrganization
        user:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedObjectUser
        role:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgMemberRoleDeletedObjectRole
    EventStreamCloudEventOrgUpdatedObject:
      type: object
      description: The event content.
      additionalProperties: false
      required:
        - id
      properties:
        name:
          type: string
          description: >-
            The human-readable identifier for the organization that will be used
            by end-users to direct them to their organization in your
            application..
          pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$
        id:
          type: string
          description: ID of the organization.
          pattern: org_[a-zA-Z0-9]{16}
        display_name:
          type: string
          description: >-
            If set, the name that will be displayed to end-users for this
            organization in any interaction with them.
        metadata:
          $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedObjectMetadata'
        branding:
          $ref: '#/components/schemas/EventStreamCloudEventOrgUpdatedObjectBranding'
    EventStreamCloudEventUserCreatedObject:
      type: object
      description: The event content.
      additionalProperties: true
      required:
        - user_id
        - created_at
        - updated_at
        - identities
      properties:
        user_id:
          type: string
          description: ID of the user which can be used when interacting with other APIs.
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
        created_at:
          type: string
          description: Date and time when this entity was created (ISO_8601 format).
          format: date-time
        updated_at:
          type: string
          description: >-
            Date and time when this entity was last updated/modified (ISO_8601
            format).
          format: date-time
        identities:
          type: array
          description: Array of user identity objects when accounts are linked.
          items:
            $ref: >-
              #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItem
        app_metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectAppMetadata
        user_metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectUserMetadata
        picture:
          type: string
          description: URL to picture, photo, or avatar of this user.
          format: uri
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        nickname:
          type: string
          description: Preferred nickname or alias of this user.
          minLength: 1
          maxLength: 300
        multifactor:
          type: array
          description: >-
            List of multi-factor authentication providers with which this user
            has enrolled.
          items:
            type: string
        last_ip:
          type: string
          description: Last IP address from which this user logged in.
        last_login:
          type: string
          description: Last date and time this user logged in (ISO_8601 format).
          format: date-time
        logins_count:
          type: integer
          description: Total number of logins this user has performed.
        blocked:
          type: boolean
          description: >-
            Whether this user was blocked by an administrator (true) or is not
            (false).
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
    EventStreamCloudEventUserDeletedObject:
      type: object
      description: The event content.
      additionalProperties: true
      required:
        - user_id
        - created_at
        - updated_at
        - identities
        - deleted_at
      properties:
        user_id:
          type: string
          description: ID of the user which can be used when interacting with other APIs.
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
        created_at:
          type: string
          description: Date and time when this entity was created (ISO_8601 format).
          format: date-time
        updated_at:
          type: string
          description: >-
            Date and time when this entity was last updated/modified (ISO_8601
            format).
          format: date-time
        identities:
          type: array
          description: Array of user identity objects when accounts are linked.
          items:
            $ref: >-
              #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItem
        app_metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectAppMetadata
        user_metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectUserMetadata
        picture:
          type: string
          description: URL to picture, photo, or avatar of this user.
          format: uri
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        nickname:
          type: string
          description: Preferred nickname or alias of this user.
          minLength: 1
          maxLength: 300
        multifactor:
          type: array
          description: >-
            List of multi-factor authentication providers with which this user
            has enrolled.
          items:
            type: string
        last_ip:
          type: string
          description: Last IP address from which this user logged in.
        last_login:
          type: string
          description: Last date and time this user logged in (ISO_8601 format).
          format: date-time
        logins_count:
          type: integer
          description: Total number of logins this user has performed.
        blocked:
          type: boolean
          description: >-
            Whether this user was blocked by an administrator (true) or is not
            (false).
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        deleted_at:
          type: string
          description: Date and time when this entity was deleted (ISO_8601 format).
          format: date-time
    EventStreamCloudEventUserUpdatedObject:
      type: object
      description: The event content.
      additionalProperties: true
      required:
        - user_id
        - created_at
        - updated_at
        - identities
      properties:
        user_id:
          type: string
          description: ID of the user which can be used when interacting with other APIs.
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
        created_at:
          type: string
          description: Date and time when this entity was created (ISO_8601 format).
          format: date-time
        updated_at:
          type: string
          description: >-
            Date and time when this entity was last updated/modified (ISO_8601
            format).
          format: date-time
        identities:
          type: array
          description: Array of user identity objects when accounts are linked.
          items:
            $ref: >-
              #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItem
        app_metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectAppMetadata
        user_metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectUserMetadata
        picture:
          type: string
          description: URL to picture, photo, or avatar of this user.
          format: uri
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        nickname:
          type: string
          description: Preferred nickname or alias of this user.
          minLength: 1
          maxLength: 300
        multifactor:
          type: array
          description: >-
            List of multi-factor authentication providers with which this user
            has enrolled.
          items:
            type: string
        last_ip:
          type: string
          description: Last IP address from which this user logged in.
        last_login:
          type: string
          description: Last date and time this user logged in (ISO_8601 format).
          format: date-time
        logins_count:
          type: integer
          description: Total number of logins this user has performed.
        blocked:
          type: boolean
          description: >-
            Whether this user was blocked by an administrator (true) or is not
            (false).
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
    EventStreamCloudEventConnectionCreatedObject0:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0Authentication
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0ConnectedAccounts
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0StrategyEnum
    EventStreamCloudEventConnectionCreatedObject1:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1StrategyEnum
    EventStreamCloudEventConnectionCreatedObject2:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2StrategyEnum
    EventStreamCloudEventConnectionCreatedObject3:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3StrategyEnum
    EventStreamCloudEventConnectionCreatedObject4:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject4Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject4ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject4Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject4Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject4StrategyEnum
    EventStreamCloudEventConnectionCreatedObject5:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject5Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject5ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject5Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject5Options
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject5StrategyEnum
    EventStreamCloudEventConnectionCreatedObject6:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject6Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject6ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject6Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject6Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject6StrategyEnum
    EventStreamCloudEventConnectionCreatedObject7:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject7Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject7ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject7Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject7Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject7StrategyEnum
    EventStreamCloudEventContextClient:
      type: object
      description: The OAuth Client requesting or presenting an access token.
      additionalProperties: false
      required:
        - id
        - name
        - metadata
      properties:
        id:
          type: string
          description: The client identifier.
        name:
          type: string
          description: The client name.
        metadata:
          $ref: '#/components/schemas/EventStreamCloudEventContextClientMetadata'
    EventStreamCloudEventContextConnection:
      type: object
      description: >-
        The Auth0 Connection used for the authentication transaction that
        generated the event.
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        id:
          type: string
          description: The ID of the connection.
          pattern: con_[a-zA-Z0-9]{16}
        name:
          type: string
          description: The name of the connection.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        strategy:
          type: string
          description: The auth strategy implemented by the connection.
    EventStreamCloudEventContextRequest:
      type: object
      description: An HTTP request.
      additionalProperties: false
      required:
        - geo
        - hostname
        - ip
        - method
        - user_agent
      properties:
        geo:
          $ref: '#/components/schemas/EventStreamCloudEventContextRequestGeo'
        hostname:
          type: string
          description: The hostname the request is for.
        custom_domain:
          type: string
          description: The custom domain used in the request (if any).
        ip:
          type: string
          description: The originating IP address of the request.
        method:
          type: string
          description: The HTTP method used for the request.
        user_agent:
          type: string
          description: The value of the `User-Agent` header.
    EventStreamCloudEventContextTenant:
      type: object
      description: Reference to a tenant in event context
      additionalProperties: false
      required:
        - tenant_id
      properties:
        tenant_id:
          type: string
          description: Machine-generated unique tenant identifier.
          pattern: ten_[a-zA-Z0-9]{16}
    EventStreamCloudEventConnectionDeletedObject0:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0Authentication
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0ConnectedAccounts
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0StrategyEnum
    EventStreamCloudEventConnectionDeletedObject1:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1StrategyEnum
    EventStreamCloudEventConnectionDeletedObject2:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2StrategyEnum
    EventStreamCloudEventConnectionDeletedObject3:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3StrategyEnum
    EventStreamCloudEventConnectionDeletedObject4:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject4Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject4ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject4Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject4Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject4StrategyEnum
    EventStreamCloudEventConnectionDeletedObject5:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject5Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject5ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject5Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject5Options
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject5StrategyEnum
    EventStreamCloudEventConnectionDeletedObject6:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject6Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject6ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject6Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject6Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject6StrategyEnum
    EventStreamCloudEventConnectionDeletedObject7:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject7Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject7ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject7Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject7Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject7StrategyEnum
    EventStreamCloudEventConnectionUpdatedObject0:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0Authentication
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0ConnectedAccounts
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0StrategyEnum
    EventStreamCloudEventConnectionUpdatedObject1:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1StrategyEnum
    EventStreamCloudEventConnectionUpdatedObject2:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2StrategyEnum
    EventStreamCloudEventConnectionUpdatedObject3:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3StrategyEnum
    EventStreamCloudEventConnectionUpdatedObject4:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject4Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject4ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject4Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject4Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject4StrategyEnum
    EventStreamCloudEventConnectionUpdatedObject5:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject5Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject5ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject5Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject5Options
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject5StrategyEnum
    EventStreamCloudEventConnectionUpdatedObject6:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject6Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject6ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject6Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject6Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject6StrategyEnum
    EventStreamCloudEventConnectionUpdatedObject7:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - strategy
      properties:
        authentication:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject7Authentication
        connected_accounts:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject7ConnectedAccounts
        display_name:
          type: string
          description: Connection name used in the new universal login experience
          maxLength: 128
          minLength: 1
        enabled_clients:
          type: array
          description: >-
            Use of this property is NOT RECOMMENDED. Use the PATCH
            /v2/connections/{id}/clients endpoint to enable the connection for a
            set of clients.
          items:
            type: string
        id:
          type: string
          description: The connection's identifier
          pattern: con_[a-zA-Z0-9]{16}
        is_domain_connection:
          type: boolean
          description: >-
            <code>true</code> promotes to a domain-level connection so that
            third-party applications can use it. <code>false</code> does not
            promote the connection, so only first-party applications with the
            connection enabled can use it. (Defaults to <code>false</code>.)
        metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject7Metadata
        name:
          type: string
          description: >-
            The name of the connection. Must start and end with an alphanumeric
            character and can only contain alphanumeric characters and '-'. Max
            length 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
          minLength: 1
          maxLength: 128
        realms:
          type: array
          description: >-
            Defines the realms for which the connection will be used (ie: email
            domains). If the array is empty or the property is not specified,
            the connection name will be added as realm.
          minItems: 0
          items:
            type: string
        options:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject7Options
        show_as_button:
          type: boolean
          description: >-
            Enables showing a button for the connection in the login page (new
            experience only). If false, it will be usable only by HRD. Defaults
            to `false`.
        strategy:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject7StrategyEnum
    EventStreamCloudEventGroupCreatedObject0:
      type: object
      description: Represents a connection group entity.
      additionalProperties: false
      required:
        - id
        - name
        - created_at
        - type
        - connection_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        name:
          type: string
          description: The name of the group.
        external_id:
          type: string
          description: The external identifier for the group.
        created_at:
          type: string
          description: Date and time when this entity was created (ISO_8601 format).
          format: date-time
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupCreatedObject0TypeEnum
        connection_id:
          type: string
          description: The connection ID associated with the group.
          pattern: con_[a-zA-Z0-9]{16}
    EventStreamCloudEventGroupCreatedObject1:
      type: object
      description: Represents an organization group entity.
      additionalProperties: false
      required:
        - id
        - name
        - created_at
        - type
        - organization_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        name:
          type: string
          description: The name of the group.
        external_id:
          type: string
          description: The external identifier for the group.
        created_at:
          type: string
          description: Date and time when this entity was created (ISO_8601 format).
          format: date-time
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupCreatedObject1TypeEnum
        organization_id:
          type: string
          description: The organization ID associated with the group.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventGroupCreatedObject2:
      type: object
      description: Represents a tenant group entity.
      additionalProperties: false
      required:
        - id
        - name
        - created_at
        - type
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        name:
          type: string
          description: The name of the group.
        external_id:
          type: string
          description: The external identifier for the group.
        created_at:
          type: string
          description: Date and time when this entity was created (ISO_8601 format).
          format: date-time
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupCreatedObject2TypeEnum
    EventStreamCloudEventGroupDeletedObject0:
      type: object
      description: Connection group with updated_at timestamp
      additionalProperties: false
      required:
        - id
        - name
        - created_at
        - type
        - connection_id
        - updated_at
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        name:
          type: string
          description: The name of the group.
        external_id:
          type: string
          description: The external identifier for the group.
        created_at:
          type: string
          description: Date and time when this entity was created (ISO_8601 format).
          format: date-time
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupDeletedObject0TypeEnum
        connection_id:
          type: string
          description: The connection ID associated with the group.
          pattern: con_[a-zA-Z0-9]{16}
        updated_at:
          type: string
          description: >-
            Date and time when this entity was last updated/modified (ISO_8601
            format).
          format: date-time
    EventStreamCloudEventGroupDeletedObject1:
      type: object
      description: Organization group with updated_at timestamp
      additionalProperties: false
      required:
        - id
        - name
        - created_at
        - type
        - organization_id
        - updated_at
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        name:
          type: string
          description: The name of the group.
        external_id:
          type: string
          description: The external identifier for the group.
        created_at:
          type: string
          description: Date and time when this entity was created (ISO_8601 format).
          format: date-time
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupDeletedObject1TypeEnum
        organization_id:
          type: string
          description: The organization ID associated with the group.
          pattern: org_[a-zA-Z0-9]{16}
        updated_at:
          type: string
          description: >-
            Date and time when this entity was last updated/modified (ISO_8601
            format).
          format: date-time
    EventStreamCloudEventGroupDeletedObject2:
      type: object
      description: Tenant group with updated_at timestamp
      additionalProperties: false
      required:
        - id
        - name
        - created_at
        - type
        - updated_at
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        name:
          type: string
          description: The name of the group.
        external_id:
          type: string
          description: The external identifier for the group.
        created_at:
          type: string
          description: Date and time when this entity was created (ISO_8601 format).
          format: date-time
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupDeletedObject2TypeEnum
        updated_at:
          type: string
          description: >-
            Date and time when this entity was last updated/modified (ISO_8601
            format).
          format: date-time
    EventStreamCloudEventGroupMemberAddedObjectGroup:
      description: The group the member belongs to.
      oneOf:
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup0
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup1
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup2
    EventStreamCloudEventGroupMemberAddedObjectMember:
      description: The member that is a part of the group.
      oneOf:
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberAddedObjectMember0
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberAddedObjectMember1
    EventStreamCloudEventGroupMemberDeletedObjectGroup:
      description: The group the member belongs to.
      oneOf:
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup0
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup1
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup2
    EventStreamCloudEventGroupMemberDeletedObjectMember:
      description: The member that is a part of the group.
      oneOf:
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectMember0
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectMember1
    EventStreamCloudEventGroupRoleAssignedObjectGroup:
      description: The group the role is assigned to.
      oneOf:
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup0
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup1
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup2
    EventStreamCloudEventGroupRoleAssignedObjectRole:
      type: object
      description: The role assigned to the group.
      additionalProperties: false
      required:
        - id
        - name
      properties:
        id:
          type: string
          description: The ID of the role.
          pattern: rol_[a-zA-Z0-9]{16}
        name:
          type: string
          description: The name of the role.
    EventStreamCloudEventGroupRoleDeletedObjectGroup:
      description: The group the role is removed from.
      oneOf:
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup0
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup1
        - $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup2
    EventStreamCloudEventGroupRoleDeletedObjectRole:
      type: object
      description: The role removed from the group.
      additionalProperties: false
      required:
        - id
      properties:
        id:
          type: string
          description: The ID of the role.
          pattern: rol_[a-zA-Z0-9]{16}
    EventStreamCloudEventGroupUpdatedObject0:
      type: object
      description: Connection group with updated_at timestamp
      additionalProperties: false
      required:
        - id
        - name
        - created_at
        - type
        - connection_id
        - updated_at
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        name:
          type: string
          description: The name of the group.
        external_id:
          type: string
          description: The external identifier for the group.
        created_at:
          type: string
          description: Date and time when this entity was created (ISO_8601 format).
          format: date-time
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupUpdatedObject0TypeEnum
        connection_id:
          type: string
          description: The connection ID associated with the group.
          pattern: con_[a-zA-Z0-9]{16}
        updated_at:
          type: string
          description: >-
            Date and time when this entity was last updated/modified (ISO_8601
            format).
          format: date-time
    EventStreamCloudEventGroupUpdatedObject1:
      type: object
      description: Organization group with updated_at timestamp
      additionalProperties: false
      required:
        - id
        - name
        - created_at
        - type
        - organization_id
        - updated_at
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        name:
          type: string
          description: The name of the group.
        external_id:
          type: string
          description: The external identifier for the group.
        created_at:
          type: string
          description: Date and time when this entity was created (ISO_8601 format).
          format: date-time
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupUpdatedObject1TypeEnum
        organization_id:
          type: string
          description: The organization ID associated with the group.
          pattern: org_[a-zA-Z0-9]{16}
        updated_at:
          type: string
          description: >-
            Date and time when this entity was last updated/modified (ISO_8601
            format).
          format: date-time
    EventStreamCloudEventGroupUpdatedObject2:
      type: object
      description: Tenant group with updated_at timestamp
      additionalProperties: false
      required:
        - id
        - name
        - created_at
        - type
        - updated_at
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        name:
          type: string
          description: The name of the group.
        external_id:
          type: string
          description: The external identifier for the group.
        created_at:
          type: string
          description: Date and time when this entity was created (ISO_8601 format).
          format: date-time
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupUpdatedObject2TypeEnum
        updated_at:
          type: string
          description: >-
            Date and time when this entity was last updated/modified (ISO_8601
            format).
          format: date-time
    EventStreamCloudEventOrgConnectionAddedObjectOrganization:
      type: object
      description: Information about an Auth0 Organization.
      additionalProperties: false
      required:
        - id
      properties:
        name:
          type: string
          description: >-
            The human-readable identifier for the organization that will be used
            by end-users to direct them to their organization in your
            application..
          pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$
        id:
          type: string
          description: ID of the organization.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgConnectionAddedObjectConnection:
      type: object
      additionalProperties: false
      required:
        - id
      properties:
        id:
          type: string
          description: The ID of the connection.
          pattern: con_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgConnectionRemovedObjectOrganization:
      type: object
      description: Information about an Auth0 Organization.
      additionalProperties: false
      required:
        - id
      properties:
        name:
          type: string
          description: >-
            The human-readable identifier for the organization that will be used
            by end-users to direct them to their organization in your
            application..
          pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$
        id:
          type: string
          description: ID of the organization.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgConnectionRemovedObjectConnection:
      type: object
      additionalProperties: false
      required:
        - id
      properties:
        id:
          type: string
          description: The ID of the connection.
          pattern: con_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgConnectionUpdatedObjectOrganization:
      type: object
      description: Information about an Auth0 Organization.
      additionalProperties: false
      required:
        - id
      properties:
        name:
          type: string
          description: >-
            The human-readable identifier for the organization that will be used
            by end-users to direct them to their organization in your
            application..
          pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$
        id:
          type: string
          description: ID of the organization.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgConnectionUpdatedObjectConnection:
      type: object
      additionalProperties: false
      required:
        - id
      properties:
        id:
          type: string
          description: The ID of the connection.
          pattern: con_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgCreatedObjectMetadata:
      type: object
      description: The metadata associated with the organization.
      additionalProperties: true
      properties: {}
    EventStreamCloudEventOrgCreatedObjectBranding:
      type: object
      description: The branding associated with the organization.
      additionalProperties: false
      properties:
        logo_url:
          type: string
          description: URL of logo to display on login page.
          format: uri
        colors:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgCreatedObjectBrandingColors
    EventStreamCloudEventOrgDeletedObjectMetadata:
      type: object
      description: The metadata associated with the organization.
      additionalProperties: true
      properties: {}
    EventStreamCloudEventOrgGroupRoleAssignedObjectOrganization:
      type: object
      description: The organization the group role is assigned in.
      additionalProperties: false
      required:
        - id
      properties:
        id:
          type: string
          description: ID of the organization.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgGroupRoleAssignedObjectRole:
      type: object
      description: The role assigned to the group in the organization.
      additionalProperties: false
      required:
        - id
        - name
      properties:
        id:
          type: string
          description: The ID of the role.
          pattern: rol_[a-zA-Z0-9]{16}
        name:
          type: string
          description: The name of the role.
    EventStreamCloudEventOrgGroupRoleAssignedObjectGroup:
      description: The group the role is assigned to.
      oneOf:
        - $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup0
        - $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup1
        - $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup2
    EventStreamCloudEventOrgGroupRoleDeletedObjectOrganization:
      type: object
      description: The organization the group role is removed from.
      additionalProperties: false
      required:
        - id
      properties:
        id:
          type: string
          description: ID of the organization.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgGroupRoleDeletedObjectRole:
      type: object
      description: The role removed from the group.
      additionalProperties: false
      required:
        - id
      properties:
        id:
          type: string
          description: The ID of the role.
          pattern: rol_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgGroupRoleDeletedObjectGroup:
      description: The group the role is removed from.
      oneOf:
        - $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup0
        - $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup1
        - $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup2
    EventStreamCloudEventOrgMemberAddedObjectOrganization:
      type: object
      description: The organization the member belongs to.
      additionalProperties: false
      required:
        - id
      properties:
        name:
          type: string
          description: >-
            The human-readable identifier for the organization that will be used
            by end-users to direct them to their organization in your
            application..
          pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$
        id:
          type: string
          description: ID of the organization.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgMemberAddedObjectUser:
      type: object
      description: The user that is a member of the organization.
      additionalProperties: true
      required:
        - user_id
      properties:
        user_id:
          type: string
          description: ID of the user which can be used when interacting with other APIs.
    EventStreamCloudEventOrgMemberDeletedObjectOrganization:
      type: object
      description: The organization the member belongs to.
      additionalProperties: false
      required:
        - id
      properties:
        name:
          type: string
          description: >-
            The human-readable identifier for the organization that will be used
            by end-users to direct them to their organization in your
            application..
          pattern: ^(?:(?!org_))[a-z0-9]([a-z0-9-_]*[a-z0-9])?$
        id:
          type: string
          description: ID of the organization.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgMemberDeletedObjectUser:
      type: object
      description: The user that is a member of the organization.
      additionalProperties: true
      required:
        - user_id
      properties:
        user_id:
          type: string
          description: ID of the user which can be used when interacting with other APIs.
    EventStreamCloudEventOrgMemberRoleAssignedObjectOrganization:
      type: object
      description: The organization the member belongs to.
      additionalProperties: false
      required:
        - id
      properties:
        id:
          type: string
          description: ID of the organization.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgMemberRoleAssignedObjectUser:
      type: object
      description: The user that is a member of the organization.
      additionalProperties: true
      required:
        - user_id
      properties:
        user_id:
          type: string
          description: ID of the user which can be used when interacting with other APIs.
    EventStreamCloudEventOrgMemberRoleAssignedObjectRole:
      type: object
      description: The role assigned to the user in the organization.
      additionalProperties: false
      required:
        - id
        - name
      properties:
        id:
          type: string
          description: The ID of the role.
          pattern: rol_[a-zA-Z0-9]{16}
        name:
          type: string
          description: The name of the role.
    EventStreamCloudEventOrgMemberRoleDeletedObjectOrganization:
      type: object
      description: The organization the member belongs to.
      additionalProperties: false
      required:
        - id
      properties:
        id:
          type: string
          description: ID of the organization.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgMemberRoleDeletedObjectUser:
      type: object
      description: The user that is a member of the organization.
      additionalProperties: true
      required:
        - user_id
      properties:
        user_id:
          type: string
          description: ID of the user which can be used when interacting with other APIs.
    EventStreamCloudEventOrgMemberRoleDeletedObjectRole:
      type: object
      description: The role assigned to the user in the organization.
      additionalProperties: false
      required:
        - id
        - name
      properties:
        id:
          type: string
          description: The ID of the role.
          pattern: rol_[a-zA-Z0-9]{16}
        name:
          type: string
          description: The name of the role.
    EventStreamCloudEventOrgUpdatedObjectMetadata:
      type: object
      description: The metadata associated with the organization.
      additionalProperties: true
      properties: {}
    EventStreamCloudEventOrgUpdatedObjectBranding:
      type: object
      description: The branding associated with the organization.
      additionalProperties: false
      properties:
        logo_url:
          type: string
          description: URL of logo to display on login page.
          format: uri
        colors:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgUpdatedObjectBrandingColors
    EventStreamCloudEventUserCreatedObjectIdentitiesItem:
      description: Identity object when accounts are linked.
      oneOf:
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemCustom
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabase
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterprise
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordless
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemSocial
    EventStreamCloudEventUserCreatedObjectAppMetadata:
      type: object
      description: User metadata to which this user has read-only access.
      additionalProperties: true
      properties: {}
    EventStreamCloudEventUserCreatedObjectUserMetadata:
      type: object
      description: User metadata to which this user has read/write access.
      additionalProperties: true
      properties: {}
    EventStreamCloudEventUserDeletedObjectIdentitiesItem:
      description: Identity object when accounts are linked.
      oneOf:
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemCustom
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabase
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterprise
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordless
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemSocial
    EventStreamCloudEventUserDeletedObjectAppMetadata:
      type: object
      description: User metadata to which this user has read-only access.
      additionalProperties: true
      properties: {}
    EventStreamCloudEventUserDeletedObjectUserMetadata:
      type: object
      description: User metadata to which this user has read/write access.
      additionalProperties: true
      properties: {}
    EventStreamCloudEventUserUpdatedObjectIdentitiesItem:
      description: Identity object when accounts are linked.
      oneOf:
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustom
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabase
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterprise
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordless
        - $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocial
    EventStreamCloudEventUserUpdatedObjectAppMetadata:
      type: object
      description: User metadata to which this user has read-only access.
      additionalProperties: true
      properties: {}
    EventStreamCloudEventUserUpdatedObjectUserMetadata:
      type: object
      description: User metadata to which this user has read/write access.
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionCreatedObject0Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject0Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionCreatedObject0ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
        cross_app_access:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject0Options:
      type: object
      description: Options for the 'oidc' connection
      additionalProperties: false
      required:
        - client_id
      properties:
        authorization_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 authorization endpoint
            where users are redirected for authentication. Must be a valid HTTPS
            URL. This endpoint initiates the OAuth 2.0 authorization code flow.
          minLength: 8
          maxLength: 2083
          format: uri
        client_id:
          type: string
          description: >-
            OAuth 2.0 client identifier issued by the identity provider during
            application registration. This value identifies your Auth0
            connection to the identity provider.
          minLength: 0
          maxLength: 255
        connection_settings:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsConnectionSettings
        domain_aliases:
          type: array
          description: >-
            Email domains associated with this connection for Home Realm
            Discovery (HRD). When a user's email matches one of these domains,
            they are automatically routed to this connection during
            authentication.
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        dpop_signing_alg:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsDpopSigningAlgEnum
        federated_connections_access_tokens:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsFederatedConnectionsAccessTokens
        icon_url:
          type: string
          description: https url of the icon to be shown
          minLength: 8
          maxLength: 255
          format: uri
        id_token_session_expiry_supported:
          type: boolean
          description: >-
            Indicates whether the identity provider supports session expiry via
            the id_token. If true, the system will use the session_expiry claim
            in the id_token to determine session expiry.
        id_token_signed_response_algs:
          type: array
          description: >-
            List of algorithms allowed to verify the ID tokens. Applicable when
            strategy=oidc or okta.
          items:
            $ref: >-
              #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsIdTokenSignedResponseAlgsItemEnum
        issuer:
          type: string
          description: >-
            The identity provider's unique issuer identifier URL (e.g.,
            https://accounts.google.com). Must match the 'iss' claim in ID
            tokens from the identity provider.
          minLength: 8
          maxLength: 255
          format: uri
        jwks_uri:
          type: string
          description: >-
            URL of the identity provider's JSON Web Key Set (JWKS) endpoint
            containing public keys for signature verification. Auth0 retrieves
            these keys to validate ID token signatures.
          minLength: 8
          maxLength: 255
          format: uri
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        oidc_metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsOidcMetadata
        schema_version:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsSchemaVersionEnum
        scope:
          type: string
          description: >-
            Space-separated list of OAuth 2.0 scopes requested during
            authorization. Must include 'openid' (required by OIDC spec). Common
            values: 'openid profile email'. Additional scopes depend on the
            identity provider.
          minLength: 6
          maxLength: 255
        send_back_channel_nonce:
          type: boolean
          description: >-
            When true and type is 'back_channel', includes a cryptographic nonce
            in authorization requests to prevent replay attacks. The identity
            provider must include this nonce in the ID token for validation.
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsSetUserRootAttributesEnum
        tenant_domain:
          description: Tenant domain
          type: string
          minLength: 1
          maxLength: 255
        token_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 token endpoint where
            authorization codes are exchanged for access tokens. Must be a valid
            HTTPS URL. Required for authorization code flow but optional for
            implicit flow.
          minLength: 8
          maxLength: 255
          format: uri
        token_endpoint_auth_method:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsTokenEndpointAuthMethodEnum
        token_endpoint_auth_signing_alg:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsTokenEndpointAuthSigningAlgEnum
        token_endpoint_jwtca_aud_format:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsTokenEndpointJwtcaAudFormatEnum
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsUpstreamParams
        userinfo_endpoint:
          type: string
          description: >-
            Optional URL of the identity provider's UserInfo endpoint. When
            configured with attribute mapping, Auth0 calls this endpoint to
            retrieve additional user profile claims using the access token.
          minLength: 8
          maxLength: 255
          format: uri
        attribute_map:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsAttributeMap
        discovery_url:
          type: string
          description: >-
            URL of the identity provider's OIDC Discovery endpoint
            (/.well-known/openid-configuration). When provided and oidc_metadata
            is empty, Auth0 automatically retrieves the provider's configuration
            including endpoints and supported features.
          minLength: 8
          maxLength: 255
          format: uri
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsTypeEnum
    EventStreamCloudEventConnectionCreatedObject0StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - oidc
    EventStreamCloudEventConnectionCreatedObject1Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject1ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject1Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionCreatedObject1Options:
      type: object
      description: Options for the 'okta' connection
      additionalProperties: false
      required:
        - client_id
      properties:
        authorization_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 authorization endpoint
            where users are redirected for authentication. Must be a valid HTTPS
            URL. This endpoint initiates the OAuth 2.0 authorization code flow.
          minLength: 8
          maxLength: 2083
          format: uri
        client_id:
          type: string
          description: >-
            OAuth 2.0 client identifier issued by the identity provider during
            application registration. This value identifies your Auth0
            connection to the identity provider.
          minLength: 0
          maxLength: 255
        connection_settings:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsConnectionSettings
        domain_aliases:
          type: array
          description: >-
            Email domains associated with this connection for Home Realm
            Discovery (HRD). When a user's email matches one of these domains,
            they are automatically routed to this connection during
            authentication.
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        dpop_signing_alg:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsDpopSigningAlgEnum
        federated_connections_access_tokens:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsFederatedConnectionsAccessTokens
        icon_url:
          type: string
          description: https url of the icon to be shown
          minLength: 8
          maxLength: 255
          format: uri
        id_token_session_expiry_supported:
          type: boolean
          description: >-
            Indicates whether the identity provider supports session expiry via
            the id_token. If true, the system will use the session_expiry claim
            in the id_token to determine session expiry.
        id_token_signed_response_algs:
          type: array
          description: >-
            List of algorithms allowed to verify the ID tokens. Applicable when
            strategy=oidc or okta.
          items:
            $ref: >-
              #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsIdTokenSignedResponseAlgsItemEnum
        issuer:
          type: string
          description: >-
            The identity provider's unique issuer identifier URL (e.g.,
            https://accounts.google.com). Must match the 'iss' claim in ID
            tokens from the identity provider.
          minLength: 8
          maxLength: 255
          format: uri
        jwks_uri:
          type: string
          description: >-
            URL of the identity provider's JSON Web Key Set (JWKS) endpoint
            containing public keys for signature verification. Auth0 retrieves
            these keys to validate ID token signatures.
          minLength: 8
          maxLength: 255
          format: uri
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        oidc_metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsOidcMetadata
        schema_version:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsSchemaVersionEnum
        scope:
          type: string
          description: >-
            Space-separated list of OAuth 2.0 scopes requested during
            authorization. Must include 'openid' (required by OIDC spec). Common
            values: 'openid profile email'. Additional scopes depend on the
            identity provider.
          minLength: 6
          maxLength: 255
        send_back_channel_nonce:
          type: boolean
          description: >-
            When true and type is 'back_channel', includes a cryptographic nonce
            in authorization requests to prevent replay attacks. The identity
            provider must include this nonce in the ID token for validation.
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsSetUserRootAttributesEnum
        tenant_domain:
          description: Tenant domain
          type: string
          minLength: 1
          maxLength: 255
        token_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 token endpoint where
            authorization codes are exchanged for access tokens. Must be a valid
            HTTPS URL. Required for authorization code flow but optional for
            implicit flow.
          minLength: 8
          maxLength: 255
          format: uri
        token_endpoint_auth_method:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsTokenEndpointAuthMethodEnum
        token_endpoint_auth_signing_alg:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsTokenEndpointAuthSigningAlgEnum
        token_endpoint_jwtca_aud_format:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsTokenEndpointJwtcaAudFormatEnum
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsUpstreamParams
        userinfo_endpoint:
          type: string
          description: >-
            Optional URL of the identity provider's UserInfo endpoint. When
            configured with attribute mapping, Auth0 calls this endpoint to
            retrieve additional user profile claims using the access token.
          minLength: 8
          maxLength: 255
          format: uri
        attribute_map:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsAttributeMap
        domain:
          type: string
          description: >-
            Domain of the Okta organization (e.g., dev-123456.okta.com). Should
            be just the domain of the okta server with no scheme or trailing
            backslash. Discovery runs only when connection.options.oidc_metadata
            is empty and a domain is provided
          minLength: 4
          maxLength: 255
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsTypeEnum
    EventStreamCloudEventConnectionCreatedObject1StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - okta
    EventStreamCloudEventConnectionCreatedObject2Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject2ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject2Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionCreatedObject2Options:
      type: object
      description: Options for the 'samlp' connection
      additionalProperties: false
      properties:
        assertion_decryption_settings:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2OptionsAssertionDecryptionSettings
        cert:
          type: string
          description: >-
            X.509 signing certificate from the identity provider in .der format.
            Used to validate signatures in SAML Responses and Assertions. This
            is an alternative to signingCert and is kept for backward
            compatibility. Prefer using signingCert instead.
          minLength: 1
          maxLength: 10240
        cert_rollover_notification:
          type: string
          description: Timestamp of the last certificate expiring soon notification.
          format: date-time
        digestAlgorithm:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2OptionsDigestAlgorithmEnum
        domain_aliases:
          type: array
          description: Domain aliases for the connection
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        entityId:
          description: >-
            The entity identifier (Issuer) for the SAML Service Provider. When
            not provided, defaults to 'urn:auth0:{tenant}:{connection}'. This
            value is included in SAML AuthnRequest messages sent to the identity
            provider.
          type: string
          minLength: 1
          maxLength: 128
        expires:
          type: string
          description: >-
            ISO 8601 formatted datetime indicating when the identity provider's
            signing certificate expires.
          format: date-time
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        idpinitiated:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2OptionsIdpinitiated
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        protocolBinding:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2OptionsProtocolBindingEnum
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2OptionsSetUserRootAttributesEnum
        signatureAlgorithm:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2OptionsSignatureAlgorithmEnum
        signInEndpoint:
          type: string
          description: >-
            Identity provider's SAML SingleSignOnService endpoint URL where
            Auth0 sends SAML authentication requests. This is the primary login
            URL for the SAML connection. Required unless using metadataUrl or
            metadataXml.
          minLength: 8
          maxLength: 2048
          format: uri
        signingCert:
          description: >-
            Base64-encoded X.509 certificate from the identity provider used to
            validate signatures in SAML responses and assertions. The
            certificate is decoded and used for cryptographic signature
            verification.
          type: string
          minLength: 1
          maxLength: 10240
        signSAMLRequest:
          description: >-
            When true, Auth0 signs SAML authentication requests using the
            connection's signing key. The signature includes the request's
            digest and is validated by the identity provider. Defaults to false
            (unsigned requests).
          type: boolean
        subject:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2OptionsSubject
        tenant_domain:
          type: string
          description: >-
            For SAML connections, the tenant domain used to construct the login
            endpoint URL. Can be a string for single-tenant or an array of
            strings for multi-tenant validation.
          minLength: 1
          maxLength: 255
        thumbprints:
          type: array
          description: >-
            SHA-1 thumbprints (fingerprints) of the identity provider's signing
            certificates. Automatically computed from signingCert during
            connection creation. Each thumbprint must be a 40-character
            hexadecimal string.
          minItems: 0
          items:
            type: string
            minLength: 40
            maxLength: 40
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2OptionsUpstreamParams
        debug:
          description: >-
            When true, enables detailed SAML debugging by issuing 'w' (warning)
            events in tenant logs containing SAML request/response details.
            WARNING: Potentially exposes sensitive user information (PII,
            credentials) and should only be enabled temporarily for debugging
            purposes.
          type: boolean
        deflate:
          description: >-
            When true, enables DEFLATE compression for SAML requests sent via
            HTTP-Redirect binding.
          type: boolean
        destinationUrl:
          type: string
          description: >-
            The URL where Auth0 will send SAML authentication requests (the
            Identity Provider's SSO URL). Must be a valid HTTPS URL.
          minLength: 8
          maxLength: 255
          format: uri
        disableSignout:
          description: >-
            When true, disables sending SAML logout requests
            (SingleLogoutService) to the identity provider during user sign-out.
            The user will be logged out of Auth0 but will remain logged into the
            identity provider. Defaults to false (federated logout enabled).
          type: boolean
        fieldsMap:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2OptionsFieldsMap
        global_token_revocation_jwt_iss:
          description: >-
            Expected 'iss' (Issuer) claim value for JWT tokens in Global Token
            Revocation requests from the identity provider. When configured,
            Auth0 validates the JWT issuer matches this value before processing
            token revocation. Must be used together with
            global_token_revocation_jwt_sub.
          type: string
          minLength: 1
          maxLength: 1024
        global_token_revocation_jwt_sub:
          description: >-
            Expected 'sub' (Subject) claim value for JWT tokens in Global Token
            Revocation requests from the identity provider. When configured,
            Auth0 validates the JWT subject matches this value before processing
            token revocation. Must be used together with
            global_token_revocation_jwt_iss.
          type: string
          minLength: 1
          maxLength: 1024
        metadataUrl:
          type: string
          description: >-
            HTTPS URL to the identity provider's SAML metadata document. When
            provided, Auth0 automatically fetches and parses the metadata to
            extract signInEndpoint, signOutEndpoint, signingCert,
            signSAMLRequest, and protocolBinding. Use metadataUrl OR
            metadataXml, not both.
          minLength: 8
          maxLength: 2048
          format: uri
        recipientUrl:
          type: string
          description: >-
            The URL where Auth0 will send SAML authentication requests (the
            Identity Provider's SSO URL). Must be a valid HTTPS URL.
          minLength: 8
          maxLength: 255
          format: uri
        requestTemplate:
          description: >-
            Custom XML template for SAML authentication requests. Supports
            variable substitution using @@variableName@@ syntax. When not
            provided, uses default SAML AuthnRequest template. See
            https://auth0.com/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider#customize-the-request-template
          type: string
          minLength: 1
          maxLength: 10240
        signOutEndpoint:
          type: string
          description: >-
            Identity provider's SAML SingleLogoutService endpoint URL where
            Auth0 sends logout requests for federated sign-out. When not
            provided, defaults to signInEndpoint. Only used if disableSignout is
            false.
          minLength: 8
          maxLength: 2048
          format: uri
        user_id_attribute:
          description: >-
            Custom SAML assertion attribute to use as the unique user
            identifier. When provided, this attribute is prepended to the
            default user_id mapping list with highest priority. Accepts a string
            (single SAML attribute name).
          type: string
          minLength: 1
          maxLength: 2396
    EventStreamCloudEventConnectionCreatedObject2StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - samlp
    EventStreamCloudEventConnectionCreatedObject3Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject3ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject3Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionCreatedObject3Options:
      type: object
      description: Options for the 'pingfederate' connection
      additionalProperties: false
      required:
        - pingFederateBaseUrl
      properties:
        assertion_decryption_settings:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3OptionsAssertionDecryptionSettings
        cert:
          type: string
          description: >-
            X.509 signing certificate from the identity provider in .der format.
            Used to validate signatures in SAML Responses and Assertions. This
            is an alternative to signingCert and is kept for backward
            compatibility. Prefer using signingCert instead.
          minLength: 1
          maxLength: 10240
        cert_rollover_notification:
          type: string
          description: Timestamp of the last certificate expiring soon notification.
          format: date-time
        digestAlgorithm:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3OptionsDigestAlgorithmEnum
        domain_aliases:
          type: array
          description: Domain aliases for the connection
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        entityId:
          description: >-
            The entity identifier (Issuer) for the SAML Service Provider. When
            not provided, defaults to 'urn:auth0:{tenant}:{connection}'. This
            value is included in SAML AuthnRequest messages sent to the identity
            provider.
          type: string
          minLength: 1
          maxLength: 128
        expires:
          type: string
          description: >-
            ISO 8601 formatted datetime indicating when the identity provider's
            signing certificate expires.
          format: date-time
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        idpinitiated:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3OptionsIdpinitiated
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        protocolBinding:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3OptionsProtocolBindingEnum
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3OptionsSetUserRootAttributesEnum
        signatureAlgorithm:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3OptionsSignatureAlgorithmEnum
        signInEndpoint:
          type: string
          description: >-
            Identity provider's SAML SingleSignOnService endpoint URL where
            Auth0 sends SAML authentication requests. This is the primary login
            URL for the SAML connection. Required unless using metadataUrl or
            metadataXml.
          minLength: 8
          maxLength: 2048
          format: uri
        signingCert:
          description: >-
            Base64-encoded X.509 certificate from the identity provider used to
            validate signatures in SAML responses and assertions. The
            certificate is decoded and used for cryptographic signature
            verification.
          type: string
          minLength: 1
          maxLength: 10240
        signSAMLRequest:
          description: >-
            When true, Auth0 signs SAML authentication requests using the
            connection's signing key. The signature includes the request's
            digest and is validated by the identity provider. Defaults to false
            (unsigned requests).
          type: boolean
        subject:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3OptionsSubject
        tenant_domain:
          type: string
          description: >-
            For SAML connections, the tenant domain used to construct the login
            endpoint URL. Can be a string for single-tenant or an array of
            strings for multi-tenant validation.
          minLength: 1
          maxLength: 255
        thumbprints:
          type: array
          description: >-
            SHA-1 thumbprints (fingerprints) of the identity provider's signing
            certificates. Automatically computed from signingCert during
            connection creation. Each thumbprint must be a 40-character
            hexadecimal string.
          minItems: 0
          items:
            type: string
            minLength: 40
            maxLength: 40
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3OptionsUpstreamParams
        pingFederateBaseUrl:
          type: string
          description: >-
            URL provided by PingFederate which returns information used for
            creating the connection
          minLength: 8
          maxLength: 256
          format: uri
    EventStreamCloudEventConnectionCreatedObject3StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - pingfederate
    EventStreamCloudEventConnectionCreatedObject4Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject4ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject4Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionCreatedObject4Options:
      type: object
      description: Options for the 'adfs' connection
      additionalProperties: false
      properties:
        adfs_server:
          type: string
          description: >-
            ADFS federation metadata host or XML URL used to discover WS-Fed
            endpoints and certificates. Errors if adfs_server and fedMetadataXml
            are both absent.
          minLength: 0
          maxLength: 2048
        cert_rollover_notification:
          type: string
          description: Timestamp of the last certificate expiring soon notification.
          format: date-time
        domain_aliases:
          type: array
          description: >-
            Email domains associated with this connection for Home Realm
            Discovery (HRD). When a user's email matches one of these domains,
            they are automatically routed to this connection during
            authentication.
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        entityId:
          description: >-
            The entity identifier (Issuer) for the ADFS Service Provider. When
            not provided, defaults to 'urn:auth0:{tenant}:{connection}'.
          type: string
          minLength: 1
          maxLength: 128
        fedMetadataXml:
          type: string
          description: >-
            Inline XML alternative to 'adfs_server'. Cannot be set together with
            'adfs_server'.
          minLength: 1
          maxLength: 102400
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        prev_thumbprints:
          type: array
          description: >-
            Array of certificate thumbprints (SHA-128/SHA-256/SHA-512 hex
            hashes) for validating SAML signatures. Used with WS-Federation
            protocol. Maximum 20 thumbprints. Each thumbprint must be a
            hexadecimal string.
          minItems: 0
          items:
            type: string
            description: Certificate thumbprints for ADFS and Azure AD connections.
            minLength: 0
            maxLength: 64
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject4OptionsSetUserRootAttributesEnum
        should_trust_email_verified_connection:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject4OptionsShouldTrustEmailVerifiedConnectionEnum
        signInEndpoint:
          type: string
          description: >-
            Passive Requestor (WS-Fed) sign-in endpoint discovered from metadata
            or provided explicitly.
          minLength: 8
          maxLength: 2048
          format: uri
        tenant_domain:
          description: Tenant domain
          type: string
          minLength: 1
          maxLength: 255
        thumbprints:
          type: array
          description: >-
            Array of certificate thumbprints (SHA-128/SHA-256/SHA-512 hex
            hashes) for validating SAML signatures. Used with WS-Federation
            protocol. Maximum 20 thumbprints. Each thumbprint must be a
            hexadecimal string.
          minItems: 0
          items:
            type: string
            description: Certificate thumbprints for ADFS and Azure AD connections.
            minLength: 0
            maxLength: 64
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject4OptionsUpstreamParams
        user_id_attribute:
          description: >-
            Custom ADFS claim to use as the unique user identifier. When
            provided, this attribute is prepended to the default user_id mapping
            list with highest priority. Accepts a string (single ADFS claim
            name).
          type: string
          minLength: 1
          maxLength: 128
    EventStreamCloudEventConnectionCreatedObject4StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - adfs
    EventStreamCloudEventConnectionCreatedObject5Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject5ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject5Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionCreatedObject5Options:
      type: object
      description: Options for the 'ad' connection
      additionalProperties: false
      properties:
        agentIP:
          description: >-
            IP address of the AD connector agent used to validate that
            authentication requests originate from the corporate network for
            Kerberos authentication  (managed by the AD Connector agent).
          type: string
          minLength: 2
          maxLength: 39
        agentMode:
          description: >-
            When enabled, allows direct username/password authentication through
            the AD connector agent instead of WS-Federation protocol (managed by
            the AD Connector agent).
          type: boolean
        agentVersion:
          description: >-
            Version identifier of the installed AD connector agent software
            (managed by the AD Connector agent).
          type: string
          minLength: 5
          maxLength: 12
        brute_force_protection:
          type: boolean
          description: >-
            Enables Auth0's brute force protection to prevent credential
            stuffing attacks. When enabled, blocks suspicious login attempts
            from specific IP addresses after repeated failures.
        certAuth:
          type: boolean
          description: >-
            Enables client SSL certificate authentication for the AD connector,
            requiring HTTPS on the sign-in endpoint
        certs:
          type: array
          description: >-
            Array of X.509 certificates in PEM format used for validating SAML
            signatures from the AD identity provider (managed by the AD
            Connector agent).
          minItems: 0
          items:
            type: string
            minLength: 256
            maxLength: 3072
        disable_cache:
          type: boolean
          description: >-
            When enabled, disables caching of AD connector authentication
            results to ensure real-time validation against the directory
        disable_self_service_change_password:
          type: boolean
          description: >-
            When enabled, hides the 'Forgot Password' link on login pages to
            prevent users from initiating self-service password resets
        domain_aliases:
          type: array
          description: >-
            List of domain names that can be used with identifier-first
            authentication flow to route users to this AD connection; each
            domain must be a valid DNS name up to 256 characters
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        icon_url:
          type: string
          description: https url of the icon to be shown
          minLength: 8
          maxLength: 255
          format: uri
        ips:
          type: array
          description: >-
            Array of IP address ranges in CIDR notation used to determine if
            authentication requests originate from the corporate network for
            Kerberos or certificate authentication.
          minItems: 0
          items:
            type: string
            minLength: 2
            maxLength: 39
        kerberos:
          type: boolean
          description: >-
            Enables Windows Integrated Authentication (Kerberos) for seamless
            SSO when users authenticate from within the corporate network IP
            ranges
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject5OptionsSetUserRootAttributesEnum
        signInEndpoint:
          type: string
          description: >-
            The sign-in endpoint type for the AD-LDAP connector agent (managed
            by the AD Connector agent).
          minLength: 8
          maxLength: 255
          format: uri
        tenant_domain:
          description: Primary AD domain hint used for HRD and discovery.
          type: string
          format: hostname
          minLength: 1
          maxLength: 512
        thumbprints:
          type: array
          description: >-
            Array of certificate SHA-1 thumbprints for validating signatures.
            Managed by Auth0 when using the AD Connector agent.
          minItems: 0
          items:
            type: string
            minLength: 40
            maxLength: 40
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject5OptionsUpstreamParams
    EventStreamCloudEventConnectionCreatedObject5StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - ad
    EventStreamCloudEventConnectionCreatedObject6Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject6ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject6Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionCreatedObject6Options:
      type: object
      description: Options for the 'google-apps' connection
      additionalProperties: false
      required:
        - client_id
      properties:
        admin_access_token_expiresin:
          description: >-
            Expiration timestamp for the `admin_access_token` in ISO 8601
            format. Auth0 uses this value to determine when to refresh the
            token.
          type: string
          format: date-time
        allow_setting_login_scopes:
          type: boolean
          description: >-
            When true, allows customization of OAuth scopes requested during
            user login. Custom scopes are appended to the mandatory email and
            profile scopes. When false or omitted, only the default email and
            profile scopes are used. This property is automatically enabled when
            Token Vault or Connected Accounts features are activated.
        api_enable_groups:
          type: boolean
          description: >-
            Enables integration with the Google Workspace Admin SDK Directory
            API for groups. When true, Auth0 can synchronize groups & group
            memberships and supports inbound directory provisioning for groups.
            Defaults to false.
        api_enable_users:
          type: boolean
          description: >-
            Enables integration with the Google Workspace Admin SDK Directory
            API. When true, Auth0 can retrieve extended user attributes (admin
            status, suspension status, group memberships) and supports inbound
            directory provisioning (SCIM). Defaults to true.
        client_id:
          type: string
          description: >-
            Your Google OAuth 2.0 client ID. You can find this in your [Google
            Cloud Console](https://console.cloud.google.com/apis/credentials)
            under the OAuth 2.0 Client IDs section.
          minLength: 1
          maxLength: 128
        domain:
          description: Primary Google Workspace domain name that users must belong to.
          type: string
          minLength: 1
          maxLength: 1024
        domain_aliases:
          type: array
          description: >-
            Email domains associated with this connection for Home Realm
            Discovery (HRD). When a user's email matches one of these domains,
            they are automatically routed to this connection during
            authentication.
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        email:
          type: boolean
          description: Whether the OAuth flow requests the `email` scope.
        ext_agreed_terms:
          type: boolean
          description: Fetches the `agreedToTerms` flag from the Google Directory profile.
        ext_groups:
          type: boolean
          description: >-
            Enables enrichment with Google group memberships (required for
            `ext_groups_extended`).
        ext_groups_extended:
          type: boolean
          description: >-
            Controls whether enriched group entries include `id`, `email`,
            `name` (true) or only the group name (false); can only be set when
            `ext_groups` is true.
        ext_is_admin:
          type: boolean
          description: Fetches the Google Directory admin flag for the signing-in user.
        ext_is_suspended:
          type: boolean
          description: Fetches the Google Directory suspended flag for the signing-in user.
        federated_connections_access_tokens:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject6OptionsFederatedConnectionsAccessTokens
        handle_login_from_social:
          type: boolean
          description: >-
            When enabled, users who sign in with their Google account through a
            social login will be automatically routed to this Google Workspace
            connection if their email domain matches the configured
            tenant_domain or domain_aliases. This ensures enterprise users
            authenticate through their organization's Google Workspace identity
            provider rather than through a generic Google social login, enabling
            access to directory-based attributes and enforcing organizational
            security policies. Defaults to true for new connections.
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        map_user_id_to_id:
          type: boolean
          description: >-
            Determines how Auth0 generates the user_id for Google Workspace
            users. When false (default), the user's email address is used. When
            true, Google's stable numeric user ID is used instead, which
            persists even if the user's email changes. This setting can only be
            configured when creating the connection and cannot be changed
            afterward.
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        profile:
          type: boolean
          description: Whether the OAuth flow requests the `profile` scope.
        scope:
          type: array
          description: >-
            Additional OAuth scopes requested beyond the default `email profile`
            scopes; ignored unless `allow_setting_login_scopes` is true.
          minItems: 1
          items:
            type: string
            minLength: 1
            maxLength: 255
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject6OptionsSetUserRootAttributesEnum
        tenant_domain:
          type: string
          description: >-
            The Google Workspace primary domain used to identify the
            organization during authentication.
          minLength: 1
          maxLength: 255
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject6OptionsUpstreamParams
    EventStreamCloudEventConnectionCreatedObject6StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - google-apps
    EventStreamCloudEventConnectionCreatedObject7Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject7ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionCreatedObject7Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionCreatedObject7Options:
      type: object
      description: Options for the 'waad' connection
      additionalProperties: false
      required:
        - client_id
      properties:
        api_enable_users:
          type: boolean
          description: Enable users API
        app_domain:
          description: >-
            The Azure AD application domain (e.g., 'contoso.onmicrosoft.com').
            Used primarily with WS-Federation protocol and Azure AD v1
            endpoints.
          type: string
          minLength: 0
          maxLength: 255
        app_id:
          type: string
          description: >-
            The Application ID URI (App ID URI) for the Azure AD application.
            Required when using Azure AD v1 with the Resource Owner Password
            flow. Used to identify the resource being requested in OAuth token
            requests.
          minLength: 0
          maxLength: 500
        basic_profile:
          type: boolean
          description: >-
            Includes basic user profile information from Azure AD (name, email,
            given_name, family_name). Always enabled and required - represents
            the minimum profile data retrieved during authentication.
        cert_rollover_notification:
          type: string
          description: Timestamp of the last certificate expiring soon notification.
          format: date-time
        client_id:
          type: string
          description: >-
            OAuth 2.0 client identifier issued by the identity provider during
            application registration. This value identifies your Auth0
            connection to the identity provider.
          minLength: 0
          maxLength: 100
        domain:
          type: string
          description: >-
            The primary Azure AD tenant domain (e.g., 'contoso.onmicrosoft.com'
            or 'contoso.com').
          minLength: 0
          maxLength: 512
        domain_aliases:
          type: array
          description: >-
            Alternative domain names associated with this Azure AD tenant.
            Allows users from multiple verified domains to authenticate through
            this connection. Can be an array of domain strings.
          minItems: 0
          items:
            type: string
            minLength: 0
            maxLength: 255
        ext_groups:
          type: boolean
          description: >-
            When enabled (true), retrieves and stores Azure AD security group
            memberships for the user. Requires Microsoft Graph API permissions
            (Directory.Read.All). Allows configuring max_groups_to_retrieve.
        ext_nested_groups:
          type: boolean
          description: >-
            When true, stores all groups the user is member of, including
            transitive group memberships (groups within groups). When false
            (default), only direct group memberships are included.
        ext_profile:
          type: boolean
          description: >-
            When enabled (true), retrieves extended profile attributes from
            Azure AD via Microsoft Graph API (job title, department, office
            location, etc.). Requires Graph API permissions. Only available with
            Azure AD v1 or when explicitly enabled for v2.
        federated_connections_access_tokens:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject7OptionsFederatedConnectionsAccessTokens
        granted:
          type: boolean
          description: >-
            Indicates whether admin consent has been granted for the required
            Azure AD permissions. Read-only status field managed by Auth0 during
            the OAuth authorization flow.
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        identity_api:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject7OptionsIdentityApiEnum
        max_groups_to_retrieve:
          type: string
          description: >-
            Maximum number of Azure AD groups to retrieve per user during
            authentication. Helps prevent performance issues for users in many
            groups. Only applies when ext_groups is enabled. Leave empty to use
            platform default.
          minLength: 0
          maxLength: 10
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        scope:
          type: array
          description: >-
            OAuth 2.0 scopes to request from Azure AD during authentication.
            Each scope represents a permission (e.g., 'User.Read',
            'Group.Read.All'). Only applies with Microsoft Identity Platform
            v2.0. See Microsoft Graph permissions reference for available
            scopes.
          minItems: 0
          items:
            type: string
            minLength: 0
            maxLength: 100
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject7OptionsSetUserRootAttributesEnum
        should_trust_email_verified_connection:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject7OptionsShouldTrustEmailVerifiedConnectionEnum
        tenant_domain:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject7OptionsTenantDomain
        tenantId:
          description: >-
            The Azure AD tenant ID as a UUID. The unique identifier for your
            Azure AD organization. Must be a valid 36-character UUID.
          type: string
          format: uuid
          minLength: 36
          maxLength: 36
        thumbprints:
          type: array
          description: >-
            Array of certificate thumbprints (SHA-128/SHA-256/SHA-512 hex
            hashes) for validating SAML signatures. Used with WS-Federation
            protocol. Maximum 20 thumbprints. Each thumbprint must be a
            hexadecimal string.
          minItems: 0
          items:
            type: string
            description: Certificate thumbprints for ADFS and Azure AD connections.
            minLength: 0
            maxLength: 64
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject7OptionsUpstreamParams
        use_wsfed:
          type: boolean
          description: >-
            Indicates WS-Federation protocol usage. When true, uses
            WS-Federation; when false, uses OpenID Connect.
        useCommonEndpoint:
          type: boolean
          description: >-
            When enabled (true), uses the Azure AD common endpoint for
            multi-tenant authentication. Allows users from any Azure AD
            organization to sign in. Requires userid_attribute set to 'sub' (not
            'oid'). Cannot be used with SCIM provisioning. Defaults to false.
        userid_attribute:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject7OptionsUseridAttributeEnum
        waad_protocol:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject7OptionsWaadProtocolEnum
    EventStreamCloudEventConnectionCreatedObject7StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - waad
    EventStreamCloudEventContextClientMetadata:
      type: object
      description: Client metadata.
      additionalProperties: true
      properties: {}
    EventStreamCloudEventContextRequestGeo:
      type: object
      description: Geographic information about the request origin.
      additionalProperties: false
      properties:
        continent_code:
          type: string
          description: Continent code.
        country_code:
          type: string
          description: Country code.
        country_name:
          type: string
          description: Country name.
        latitude:
          type: number
          description: Latitude coordinate.
        longitude:
          type: number
          description: Longitude coordinate.
        subdivision_code:
          type: string
          description: Subdivision (state/province) code.
        subdivision_name:
          type: string
          description: Subdivision (state/province) name.
        city_name:
          type: string
          description: City name.
        time_zone:
          type: string
          description: Time zone.
    EventStreamCloudEventConnectionDeletedObject0Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject0Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionDeletedObject0ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
        cross_app_access:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject0Options:
      type: object
      description: Options for the 'oidc' connection
      additionalProperties: false
      required:
        - client_id
      properties:
        authorization_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 authorization endpoint
            where users are redirected for authentication. Must be a valid HTTPS
            URL. This endpoint initiates the OAuth 2.0 authorization code flow.
          minLength: 8
          maxLength: 2083
          format: uri
        client_id:
          type: string
          description: >-
            OAuth 2.0 client identifier issued by the identity provider during
            application registration. This value identifies your Auth0
            connection to the identity provider.
          minLength: 0
          maxLength: 255
        connection_settings:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsConnectionSettings
        domain_aliases:
          type: array
          description: >-
            Email domains associated with this connection for Home Realm
            Discovery (HRD). When a user's email matches one of these domains,
            they are automatically routed to this connection during
            authentication.
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        dpop_signing_alg:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsDpopSigningAlgEnum
        federated_connections_access_tokens:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsFederatedConnectionsAccessTokens
        icon_url:
          type: string
          description: https url of the icon to be shown
          minLength: 8
          maxLength: 255
          format: uri
        id_token_session_expiry_supported:
          type: boolean
          description: >-
            Indicates whether the identity provider supports session expiry via
            the id_token. If true, the system will use the session_expiry claim
            in the id_token to determine session expiry.
        id_token_signed_response_algs:
          type: array
          description: >-
            List of algorithms allowed to verify the ID tokens. Applicable when
            strategy=oidc or okta.
          items:
            $ref: >-
              #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsIdTokenSignedResponseAlgsItemEnum
        issuer:
          type: string
          description: >-
            The identity provider's unique issuer identifier URL (e.g.,
            https://accounts.google.com). Must match the 'iss' claim in ID
            tokens from the identity provider.
          minLength: 8
          maxLength: 255
          format: uri
        jwks_uri:
          type: string
          description: >-
            URL of the identity provider's JSON Web Key Set (JWKS) endpoint
            containing public keys for signature verification. Auth0 retrieves
            these keys to validate ID token signatures.
          minLength: 8
          maxLength: 255
          format: uri
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        oidc_metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsOidcMetadata
        schema_version:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsSchemaVersionEnum
        scope:
          type: string
          description: >-
            Space-separated list of OAuth 2.0 scopes requested during
            authorization. Must include 'openid' (required by OIDC spec). Common
            values: 'openid profile email'. Additional scopes depend on the
            identity provider.
          minLength: 6
          maxLength: 255
        send_back_channel_nonce:
          type: boolean
          description: >-
            When true and type is 'back_channel', includes a cryptographic nonce
            in authorization requests to prevent replay attacks. The identity
            provider must include this nonce in the ID token for validation.
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsSetUserRootAttributesEnum
        tenant_domain:
          description: Tenant domain
          type: string
          minLength: 1
          maxLength: 255
        token_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 token endpoint where
            authorization codes are exchanged for access tokens. Must be a valid
            HTTPS URL. Required for authorization code flow but optional for
            implicit flow.
          minLength: 8
          maxLength: 255
          format: uri
        token_endpoint_auth_method:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsTokenEndpointAuthMethodEnum
        token_endpoint_auth_signing_alg:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsTokenEndpointAuthSigningAlgEnum
        token_endpoint_jwtca_aud_format:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsTokenEndpointJwtcaAudFormatEnum
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsUpstreamParams
        userinfo_endpoint:
          type: string
          description: >-
            Optional URL of the identity provider's UserInfo endpoint. When
            configured with attribute mapping, Auth0 calls this endpoint to
            retrieve additional user profile claims using the access token.
          minLength: 8
          maxLength: 255
          format: uri
        attribute_map:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsAttributeMap
        discovery_url:
          type: string
          description: >-
            URL of the identity provider's OIDC Discovery endpoint
            (/.well-known/openid-configuration). When provided and oidc_metadata
            is empty, Auth0 automatically retrieves the provider's configuration
            including endpoints and supported features.
          minLength: 8
          maxLength: 255
          format: uri
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsTypeEnum
    EventStreamCloudEventConnectionDeletedObject0StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - oidc
    EventStreamCloudEventConnectionDeletedObject1Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject1ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject1Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionDeletedObject1Options:
      type: object
      description: Options for the 'okta' connection
      additionalProperties: false
      required:
        - client_id
      properties:
        authorization_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 authorization endpoint
            where users are redirected for authentication. Must be a valid HTTPS
            URL. This endpoint initiates the OAuth 2.0 authorization code flow.
          minLength: 8
          maxLength: 2083
          format: uri
        client_id:
          type: string
          description: >-
            OAuth 2.0 client identifier issued by the identity provider during
            application registration. This value identifies your Auth0
            connection to the identity provider.
          minLength: 0
          maxLength: 255
        connection_settings:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsConnectionSettings
        domain_aliases:
          type: array
          description: >-
            Email domains associated with this connection for Home Realm
            Discovery (HRD). When a user's email matches one of these domains,
            they are automatically routed to this connection during
            authentication.
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        dpop_signing_alg:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsDpopSigningAlgEnum
        federated_connections_access_tokens:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsFederatedConnectionsAccessTokens
        icon_url:
          type: string
          description: https url of the icon to be shown
          minLength: 8
          maxLength: 255
          format: uri
        id_token_session_expiry_supported:
          type: boolean
          description: >-
            Indicates whether the identity provider supports session expiry via
            the id_token. If true, the system will use the session_expiry claim
            in the id_token to determine session expiry.
        id_token_signed_response_algs:
          type: array
          description: >-
            List of algorithms allowed to verify the ID tokens. Applicable when
            strategy=oidc or okta.
          items:
            $ref: >-
              #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsIdTokenSignedResponseAlgsItemEnum
        issuer:
          type: string
          description: >-
            The identity provider's unique issuer identifier URL (e.g.,
            https://accounts.google.com). Must match the 'iss' claim in ID
            tokens from the identity provider.
          minLength: 8
          maxLength: 255
          format: uri
        jwks_uri:
          type: string
          description: >-
            URL of the identity provider's JSON Web Key Set (JWKS) endpoint
            containing public keys for signature verification. Auth0 retrieves
            these keys to validate ID token signatures.
          minLength: 8
          maxLength: 255
          format: uri
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        oidc_metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsOidcMetadata
        schema_version:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsSchemaVersionEnum
        scope:
          type: string
          description: >-
            Space-separated list of OAuth 2.0 scopes requested during
            authorization. Must include 'openid' (required by OIDC spec). Common
            values: 'openid profile email'. Additional scopes depend on the
            identity provider.
          minLength: 6
          maxLength: 255
        send_back_channel_nonce:
          type: boolean
          description: >-
            When true and type is 'back_channel', includes a cryptographic nonce
            in authorization requests to prevent replay attacks. The identity
            provider must include this nonce in the ID token for validation.
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsSetUserRootAttributesEnum
        tenant_domain:
          description: Tenant domain
          type: string
          minLength: 1
          maxLength: 255
        token_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 token endpoint where
            authorization codes are exchanged for access tokens. Must be a valid
            HTTPS URL. Required for authorization code flow but optional for
            implicit flow.
          minLength: 8
          maxLength: 255
          format: uri
        token_endpoint_auth_method:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsTokenEndpointAuthMethodEnum
        token_endpoint_auth_signing_alg:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsTokenEndpointAuthSigningAlgEnum
        token_endpoint_jwtca_aud_format:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsTokenEndpointJwtcaAudFormatEnum
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsUpstreamParams
        userinfo_endpoint:
          type: string
          description: >-
            Optional URL of the identity provider's UserInfo endpoint. When
            configured with attribute mapping, Auth0 calls this endpoint to
            retrieve additional user profile claims using the access token.
          minLength: 8
          maxLength: 255
          format: uri
        attribute_map:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsAttributeMap
        domain:
          type: string
          description: >-
            Domain of the Okta organization (e.g., dev-123456.okta.com). Should
            be just the domain of the okta server with no scheme or trailing
            backslash. Discovery runs only when connection.options.oidc_metadata
            is empty and a domain is provided
          minLength: 4
          maxLength: 255
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsTypeEnum
    EventStreamCloudEventConnectionDeletedObject1StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - okta
    EventStreamCloudEventConnectionDeletedObject2Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject2ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject2Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionDeletedObject2Options:
      type: object
      description: Options for the 'samlp' connection
      additionalProperties: false
      properties:
        assertion_decryption_settings:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2OptionsAssertionDecryptionSettings
        cert:
          type: string
          description: >-
            X.509 signing certificate from the identity provider in .der format.
            Used to validate signatures in SAML Responses and Assertions. This
            is an alternative to signingCert and is kept for backward
            compatibility. Prefer using signingCert instead.
          minLength: 1
          maxLength: 10240
        cert_rollover_notification:
          type: string
          description: Timestamp of the last certificate expiring soon notification.
          format: date-time
        digestAlgorithm:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2OptionsDigestAlgorithmEnum
        domain_aliases:
          type: array
          description: Domain aliases for the connection
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        entityId:
          description: >-
            The entity identifier (Issuer) for the SAML Service Provider. When
            not provided, defaults to 'urn:auth0:{tenant}:{connection}'. This
            value is included in SAML AuthnRequest messages sent to the identity
            provider.
          type: string
          minLength: 1
          maxLength: 128
        expires:
          type: string
          description: >-
            ISO 8601 formatted datetime indicating when the identity provider's
            signing certificate expires.
          format: date-time
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        idpinitiated:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2OptionsIdpinitiated
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        protocolBinding:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2OptionsProtocolBindingEnum
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2OptionsSetUserRootAttributesEnum
        signatureAlgorithm:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2OptionsSignatureAlgorithmEnum
        signInEndpoint:
          type: string
          description: >-
            Identity provider's SAML SingleSignOnService endpoint URL where
            Auth0 sends SAML authentication requests. This is the primary login
            URL for the SAML connection. Required unless using metadataUrl or
            metadataXml.
          minLength: 8
          maxLength: 2048
          format: uri
        signingCert:
          description: >-
            Base64-encoded X.509 certificate from the identity provider used to
            validate signatures in SAML responses and assertions. The
            certificate is decoded and used for cryptographic signature
            verification.
          type: string
          minLength: 1
          maxLength: 10240
        signSAMLRequest:
          description: >-
            When true, Auth0 signs SAML authentication requests using the
            connection's signing key. The signature includes the request's
            digest and is validated by the identity provider. Defaults to false
            (unsigned requests).
          type: boolean
        subject:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2OptionsSubject
        tenant_domain:
          type: string
          description: >-
            For SAML connections, the tenant domain used to construct the login
            endpoint URL. Can be a string for single-tenant or an array of
            strings for multi-tenant validation.
          minLength: 1
          maxLength: 255
        thumbprints:
          type: array
          description: >-
            SHA-1 thumbprints (fingerprints) of the identity provider's signing
            certificates. Automatically computed from signingCert during
            connection creation. Each thumbprint must be a 40-character
            hexadecimal string.
          minItems: 0
          items:
            type: string
            minLength: 40
            maxLength: 40
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2OptionsUpstreamParams
        debug:
          description: >-
            When true, enables detailed SAML debugging by issuing 'w' (warning)
            events in tenant logs containing SAML request/response details.
            WARNING: Potentially exposes sensitive user information (PII,
            credentials) and should only be enabled temporarily for debugging
            purposes.
          type: boolean
        deflate:
          description: >-
            When true, enables DEFLATE compression for SAML requests sent via
            HTTP-Redirect binding.
          type: boolean
        destinationUrl:
          type: string
          description: >-
            The URL where Auth0 will send SAML authentication requests (the
            Identity Provider's SSO URL). Must be a valid HTTPS URL.
          minLength: 8
          maxLength: 255
          format: uri
        disableSignout:
          description: >-
            When true, disables sending SAML logout requests
            (SingleLogoutService) to the identity provider during user sign-out.
            The user will be logged out of Auth0 but will remain logged into the
            identity provider. Defaults to false (federated logout enabled).
          type: boolean
        fieldsMap:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2OptionsFieldsMap
        global_token_revocation_jwt_iss:
          description: >-
            Expected 'iss' (Issuer) claim value for JWT tokens in Global Token
            Revocation requests from the identity provider. When configured,
            Auth0 validates the JWT issuer matches this value before processing
            token revocation. Must be used together with
            global_token_revocation_jwt_sub.
          type: string
          minLength: 1
          maxLength: 1024
        global_token_revocation_jwt_sub:
          description: >-
            Expected 'sub' (Subject) claim value for JWT tokens in Global Token
            Revocation requests from the identity provider. When configured,
            Auth0 validates the JWT subject matches this value before processing
            token revocation. Must be used together with
            global_token_revocation_jwt_iss.
          type: string
          minLength: 1
          maxLength: 1024
        metadataUrl:
          type: string
          description: >-
            HTTPS URL to the identity provider's SAML metadata document. When
            provided, Auth0 automatically fetches and parses the metadata to
            extract signInEndpoint, signOutEndpoint, signingCert,
            signSAMLRequest, and protocolBinding. Use metadataUrl OR
            metadataXml, not both.
          minLength: 8
          maxLength: 2048
          format: uri
        recipientUrl:
          type: string
          description: >-
            The URL where Auth0 will send SAML authentication requests (the
            Identity Provider's SSO URL). Must be a valid HTTPS URL.
          minLength: 8
          maxLength: 255
          format: uri
        requestTemplate:
          description: >-
            Custom XML template for SAML authentication requests. Supports
            variable substitution using @@variableName@@ syntax. When not
            provided, uses default SAML AuthnRequest template. See
            https://auth0.com/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider#customize-the-request-template
          type: string
          minLength: 1
          maxLength: 10240
        signOutEndpoint:
          type: string
          description: >-
            Identity provider's SAML SingleLogoutService endpoint URL where
            Auth0 sends logout requests for federated sign-out. When not
            provided, defaults to signInEndpoint. Only used if disableSignout is
            false.
          minLength: 8
          maxLength: 2048
          format: uri
        user_id_attribute:
          description: >-
            Custom SAML assertion attribute to use as the unique user
            identifier. When provided, this attribute is prepended to the
            default user_id mapping list with highest priority. Accepts a string
            (single SAML attribute name).
          type: string
          minLength: 1
          maxLength: 2396
    EventStreamCloudEventConnectionDeletedObject2StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - samlp
    EventStreamCloudEventConnectionDeletedObject3Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject3ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject3Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionDeletedObject3Options:
      type: object
      description: Options for the 'pingfederate' connection
      additionalProperties: false
      required:
        - pingFederateBaseUrl
      properties:
        assertion_decryption_settings:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3OptionsAssertionDecryptionSettings
        cert:
          type: string
          description: >-
            X.509 signing certificate from the identity provider in .der format.
            Used to validate signatures in SAML Responses and Assertions. This
            is an alternative to signingCert and is kept for backward
            compatibility. Prefer using signingCert instead.
          minLength: 1
          maxLength: 10240
        cert_rollover_notification:
          type: string
          description: Timestamp of the last certificate expiring soon notification.
          format: date-time
        digestAlgorithm:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3OptionsDigestAlgorithmEnum
        domain_aliases:
          type: array
          description: Domain aliases for the connection
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        entityId:
          description: >-
            The entity identifier (Issuer) for the SAML Service Provider. When
            not provided, defaults to 'urn:auth0:{tenant}:{connection}'. This
            value is included in SAML AuthnRequest messages sent to the identity
            provider.
          type: string
          minLength: 1
          maxLength: 128
        expires:
          type: string
          description: >-
            ISO 8601 formatted datetime indicating when the identity provider's
            signing certificate expires.
          format: date-time
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        idpinitiated:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3OptionsIdpinitiated
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        protocolBinding:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3OptionsProtocolBindingEnum
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3OptionsSetUserRootAttributesEnum
        signatureAlgorithm:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3OptionsSignatureAlgorithmEnum
        signInEndpoint:
          type: string
          description: >-
            Identity provider's SAML SingleSignOnService endpoint URL where
            Auth0 sends SAML authentication requests. This is the primary login
            URL for the SAML connection. Required unless using metadataUrl or
            metadataXml.
          minLength: 8
          maxLength: 2048
          format: uri
        signingCert:
          description: >-
            Base64-encoded X.509 certificate from the identity provider used to
            validate signatures in SAML responses and assertions. The
            certificate is decoded and used for cryptographic signature
            verification.
          type: string
          minLength: 1
          maxLength: 10240
        signSAMLRequest:
          description: >-
            When true, Auth0 signs SAML authentication requests using the
            connection's signing key. The signature includes the request's
            digest and is validated by the identity provider. Defaults to false
            (unsigned requests).
          type: boolean
        subject:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3OptionsSubject
        tenant_domain:
          type: string
          description: >-
            For SAML connections, the tenant domain used to construct the login
            endpoint URL. Can be a string for single-tenant or an array of
            strings for multi-tenant validation.
          minLength: 1
          maxLength: 255
        thumbprints:
          type: array
          description: >-
            SHA-1 thumbprints (fingerprints) of the identity provider's signing
            certificates. Automatically computed from signingCert during
            connection creation. Each thumbprint must be a 40-character
            hexadecimal string.
          minItems: 0
          items:
            type: string
            minLength: 40
            maxLength: 40
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3OptionsUpstreamParams
        pingFederateBaseUrl:
          type: string
          description: >-
            URL provided by PingFederate which returns information used for
            creating the connection
          minLength: 8
          maxLength: 256
          format: uri
    EventStreamCloudEventConnectionDeletedObject3StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - pingfederate
    EventStreamCloudEventConnectionDeletedObject4Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject4ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject4Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionDeletedObject4Options:
      type: object
      description: Options for the 'adfs' connection
      additionalProperties: false
      properties:
        adfs_server:
          type: string
          description: >-
            ADFS federation metadata host or XML URL used to discover WS-Fed
            endpoints and certificates. Errors if adfs_server and fedMetadataXml
            are both absent.
          minLength: 0
          maxLength: 2048
        cert_rollover_notification:
          type: string
          description: Timestamp of the last certificate expiring soon notification.
          format: date-time
        domain_aliases:
          type: array
          description: >-
            Email domains associated with this connection for Home Realm
            Discovery (HRD). When a user's email matches one of these domains,
            they are automatically routed to this connection during
            authentication.
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        entityId:
          description: >-
            The entity identifier (Issuer) for the ADFS Service Provider. When
            not provided, defaults to 'urn:auth0:{tenant}:{connection}'.
          type: string
          minLength: 1
          maxLength: 128
        fedMetadataXml:
          type: string
          description: >-
            Inline XML alternative to 'adfs_server'. Cannot be set together with
            'adfs_server'.
          minLength: 1
          maxLength: 102400
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        prev_thumbprints:
          type: array
          description: >-
            Array of certificate thumbprints (SHA-128/SHA-256/SHA-512 hex
            hashes) for validating SAML signatures. Used with WS-Federation
            protocol. Maximum 20 thumbprints. Each thumbprint must be a
            hexadecimal string.
          minItems: 0
          items:
            type: string
            description: Certificate thumbprints for ADFS and Azure AD connections.
            minLength: 0
            maxLength: 64
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject4OptionsSetUserRootAttributesEnum
        should_trust_email_verified_connection:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject4OptionsShouldTrustEmailVerifiedConnectionEnum
        signInEndpoint:
          type: string
          description: >-
            Passive Requestor (WS-Fed) sign-in endpoint discovered from metadata
            or provided explicitly.
          minLength: 8
          maxLength: 2048
          format: uri
        tenant_domain:
          description: Tenant domain
          type: string
          minLength: 1
          maxLength: 255
        thumbprints:
          type: array
          description: >-
            Array of certificate thumbprints (SHA-128/SHA-256/SHA-512 hex
            hashes) for validating SAML signatures. Used with WS-Federation
            protocol. Maximum 20 thumbprints. Each thumbprint must be a
            hexadecimal string.
          minItems: 0
          items:
            type: string
            description: Certificate thumbprints for ADFS and Azure AD connections.
            minLength: 0
            maxLength: 64
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject4OptionsUpstreamParams
        user_id_attribute:
          description: >-
            Custom ADFS claim to use as the unique user identifier. When
            provided, this attribute is prepended to the default user_id mapping
            list with highest priority. Accepts a string (single ADFS claim
            name).
          type: string
          minLength: 1
          maxLength: 128
    EventStreamCloudEventConnectionDeletedObject4StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - adfs
    EventStreamCloudEventConnectionDeletedObject5Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject5ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject5Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionDeletedObject5Options:
      type: object
      description: Options for the 'ad' connection
      additionalProperties: false
      properties:
        agentIP:
          description: >-
            IP address of the AD connector agent used to validate that
            authentication requests originate from the corporate network for
            Kerberos authentication  (managed by the AD Connector agent).
          type: string
          minLength: 2
          maxLength: 39
        agentMode:
          description: >-
            When enabled, allows direct username/password authentication through
            the AD connector agent instead of WS-Federation protocol (managed by
            the AD Connector agent).
          type: boolean
        agentVersion:
          description: >-
            Version identifier of the installed AD connector agent software
            (managed by the AD Connector agent).
          type: string
          minLength: 5
          maxLength: 12
        brute_force_protection:
          type: boolean
          description: >-
            Enables Auth0's brute force protection to prevent credential
            stuffing attacks. When enabled, blocks suspicious login attempts
            from specific IP addresses after repeated failures.
        certAuth:
          type: boolean
          description: >-
            Enables client SSL certificate authentication for the AD connector,
            requiring HTTPS on the sign-in endpoint
        certs:
          type: array
          description: >-
            Array of X.509 certificates in PEM format used for validating SAML
            signatures from the AD identity provider (managed by the AD
            Connector agent).
          minItems: 0
          items:
            type: string
            minLength: 256
            maxLength: 3072
        disable_cache:
          type: boolean
          description: >-
            When enabled, disables caching of AD connector authentication
            results to ensure real-time validation against the directory
        disable_self_service_change_password:
          type: boolean
          description: >-
            When enabled, hides the 'Forgot Password' link on login pages to
            prevent users from initiating self-service password resets
        domain_aliases:
          type: array
          description: >-
            List of domain names that can be used with identifier-first
            authentication flow to route users to this AD connection; each
            domain must be a valid DNS name up to 256 characters
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        icon_url:
          type: string
          description: https url of the icon to be shown
          minLength: 8
          maxLength: 255
          format: uri
        ips:
          type: array
          description: >-
            Array of IP address ranges in CIDR notation used to determine if
            authentication requests originate from the corporate network for
            Kerberos or certificate authentication.
          minItems: 0
          items:
            type: string
            minLength: 2
            maxLength: 39
        kerberos:
          type: boolean
          description: >-
            Enables Windows Integrated Authentication (Kerberos) for seamless
            SSO when users authenticate from within the corporate network IP
            ranges
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject5OptionsSetUserRootAttributesEnum
        signInEndpoint:
          type: string
          description: >-
            The sign-in endpoint type for the AD-LDAP connector agent (managed
            by the AD Connector agent).
          minLength: 8
          maxLength: 255
          format: uri
        tenant_domain:
          description: Primary AD domain hint used for HRD and discovery.
          type: string
          format: hostname
          minLength: 1
          maxLength: 512
        thumbprints:
          type: array
          description: >-
            Array of certificate SHA-1 thumbprints for validating signatures.
            Managed by Auth0 when using the AD Connector agent.
          minItems: 0
          items:
            type: string
            minLength: 40
            maxLength: 40
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject5OptionsUpstreamParams
    EventStreamCloudEventConnectionDeletedObject5StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - ad
    EventStreamCloudEventConnectionDeletedObject6Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject6ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject6Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionDeletedObject6Options:
      type: object
      description: Options for the 'google-apps' connection
      additionalProperties: false
      required:
        - client_id
      properties:
        admin_access_token_expiresin:
          description: >-
            Expiration timestamp for the `admin_access_token` in ISO 8601
            format. Auth0 uses this value to determine when to refresh the
            token.
          type: string
          format: date-time
        allow_setting_login_scopes:
          type: boolean
          description: >-
            When true, allows customization of OAuth scopes requested during
            user login. Custom scopes are appended to the mandatory email and
            profile scopes. When false or omitted, only the default email and
            profile scopes are used. This property is automatically enabled when
            Token Vault or Connected Accounts features are activated.
        api_enable_groups:
          type: boolean
          description: >-
            Enables integration with the Google Workspace Admin SDK Directory
            API for groups. When true, Auth0 can synchronize groups & group
            memberships and supports inbound directory provisioning for groups.
            Defaults to false.
        api_enable_users:
          type: boolean
          description: >-
            Enables integration with the Google Workspace Admin SDK Directory
            API. When true, Auth0 can retrieve extended user attributes (admin
            status, suspension status, group memberships) and supports inbound
            directory provisioning (SCIM). Defaults to true.
        client_id:
          type: string
          description: >-
            Your Google OAuth 2.0 client ID. You can find this in your [Google
            Cloud Console](https://console.cloud.google.com/apis/credentials)
            under the OAuth 2.0 Client IDs section.
          minLength: 1
          maxLength: 128
        domain:
          description: Primary Google Workspace domain name that users must belong to.
          type: string
          minLength: 1
          maxLength: 1024
        domain_aliases:
          type: array
          description: >-
            Email domains associated with this connection for Home Realm
            Discovery (HRD). When a user's email matches one of these domains,
            they are automatically routed to this connection during
            authentication.
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        email:
          type: boolean
          description: Whether the OAuth flow requests the `email` scope.
        ext_agreed_terms:
          type: boolean
          description: Fetches the `agreedToTerms` flag from the Google Directory profile.
        ext_groups:
          type: boolean
          description: >-
            Enables enrichment with Google group memberships (required for
            `ext_groups_extended`).
        ext_groups_extended:
          type: boolean
          description: >-
            Controls whether enriched group entries include `id`, `email`,
            `name` (true) or only the group name (false); can only be set when
            `ext_groups` is true.
        ext_is_admin:
          type: boolean
          description: Fetches the Google Directory admin flag for the signing-in user.
        ext_is_suspended:
          type: boolean
          description: Fetches the Google Directory suspended flag for the signing-in user.
        federated_connections_access_tokens:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject6OptionsFederatedConnectionsAccessTokens
        handle_login_from_social:
          type: boolean
          description: >-
            When enabled, users who sign in with their Google account through a
            social login will be automatically routed to this Google Workspace
            connection if their email domain matches the configured
            tenant_domain or domain_aliases. This ensures enterprise users
            authenticate through their organization's Google Workspace identity
            provider rather than through a generic Google social login, enabling
            access to directory-based attributes and enforcing organizational
            security policies. Defaults to true for new connections.
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        map_user_id_to_id:
          type: boolean
          description: >-
            Determines how Auth0 generates the user_id for Google Workspace
            users. When false (default), the user's email address is used. When
            true, Google's stable numeric user ID is used instead, which
            persists even if the user's email changes. This setting can only be
            configured when creating the connection and cannot be changed
            afterward.
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        profile:
          type: boolean
          description: Whether the OAuth flow requests the `profile` scope.
        scope:
          type: array
          description: >-
            Additional OAuth scopes requested beyond the default `email profile`
            scopes; ignored unless `allow_setting_login_scopes` is true.
          minItems: 1
          items:
            type: string
            minLength: 1
            maxLength: 255
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject6OptionsSetUserRootAttributesEnum
        tenant_domain:
          type: string
          description: >-
            The Google Workspace primary domain used to identify the
            organization during authentication.
          minLength: 1
          maxLength: 255
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject6OptionsUpstreamParams
    EventStreamCloudEventConnectionDeletedObject6StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - google-apps
    EventStreamCloudEventConnectionDeletedObject7Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject7ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionDeletedObject7Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionDeletedObject7Options:
      type: object
      description: Options for the 'waad' connection
      additionalProperties: false
      required:
        - client_id
      properties:
        api_enable_users:
          type: boolean
          description: Enable users API
        app_domain:
          description: >-
            The Azure AD application domain (e.g., 'contoso.onmicrosoft.com').
            Used primarily with WS-Federation protocol and Azure AD v1
            endpoints.
          type: string
          minLength: 0
          maxLength: 255
        app_id:
          type: string
          description: >-
            The Application ID URI (App ID URI) for the Azure AD application.
            Required when using Azure AD v1 with the Resource Owner Password
            flow. Used to identify the resource being requested in OAuth token
            requests.
          minLength: 0
          maxLength: 500
        basic_profile:
          type: boolean
          description: >-
            Includes basic user profile information from Azure AD (name, email,
            given_name, family_name). Always enabled and required - represents
            the minimum profile data retrieved during authentication.
        cert_rollover_notification:
          type: string
          description: Timestamp of the last certificate expiring soon notification.
          format: date-time
        client_id:
          type: string
          description: >-
            OAuth 2.0 client identifier issued by the identity provider during
            application registration. This value identifies your Auth0
            connection to the identity provider.
          minLength: 0
          maxLength: 100
        domain:
          type: string
          description: >-
            The primary Azure AD tenant domain (e.g., 'contoso.onmicrosoft.com'
            or 'contoso.com').
          minLength: 0
          maxLength: 512
        domain_aliases:
          type: array
          description: >-
            Alternative domain names associated with this Azure AD tenant.
            Allows users from multiple verified domains to authenticate through
            this connection. Can be an array of domain strings.
          minItems: 0
          items:
            type: string
            minLength: 0
            maxLength: 255
        ext_groups:
          type: boolean
          description: >-
            When enabled (true), retrieves and stores Azure AD security group
            memberships for the user. Requires Microsoft Graph API permissions
            (Directory.Read.All). Allows configuring max_groups_to_retrieve.
        ext_nested_groups:
          type: boolean
          description: >-
            When true, stores all groups the user is member of, including
            transitive group memberships (groups within groups). When false
            (default), only direct group memberships are included.
        ext_profile:
          type: boolean
          description: >-
            When enabled (true), retrieves extended profile attributes from
            Azure AD via Microsoft Graph API (job title, department, office
            location, etc.). Requires Graph API permissions. Only available with
            Azure AD v1 or when explicitly enabled for v2.
        federated_connections_access_tokens:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject7OptionsFederatedConnectionsAccessTokens
        granted:
          type: boolean
          description: >-
            Indicates whether admin consent has been granted for the required
            Azure AD permissions. Read-only status field managed by Auth0 during
            the OAuth authorization flow.
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        identity_api:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject7OptionsIdentityApiEnum
        max_groups_to_retrieve:
          type: string
          description: >-
            Maximum number of Azure AD groups to retrieve per user during
            authentication. Helps prevent performance issues for users in many
            groups. Only applies when ext_groups is enabled. Leave empty to use
            platform default.
          minLength: 0
          maxLength: 10
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        scope:
          type: array
          description: >-
            OAuth 2.0 scopes to request from Azure AD during authentication.
            Each scope represents a permission (e.g., 'User.Read',
            'Group.Read.All'). Only applies with Microsoft Identity Platform
            v2.0. See Microsoft Graph permissions reference for available
            scopes.
          minItems: 0
          items:
            type: string
            minLength: 0
            maxLength: 100
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject7OptionsSetUserRootAttributesEnum
        should_trust_email_verified_connection:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject7OptionsShouldTrustEmailVerifiedConnectionEnum
        tenant_domain:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject7OptionsTenantDomain
        tenantId:
          description: >-
            The Azure AD tenant ID as a UUID. The unique identifier for your
            Azure AD organization. Must be a valid 36-character UUID.
          type: string
          format: uuid
          minLength: 36
          maxLength: 36
        thumbprints:
          type: array
          description: >-
            Array of certificate thumbprints (SHA-128/SHA-256/SHA-512 hex
            hashes) for validating SAML signatures. Used with WS-Federation
            protocol. Maximum 20 thumbprints. Each thumbprint must be a
            hexadecimal string.
          minItems: 0
          items:
            type: string
            description: Certificate thumbprints for ADFS and Azure AD connections.
            minLength: 0
            maxLength: 64
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject7OptionsUpstreamParams
        use_wsfed:
          type: boolean
          description: >-
            Indicates WS-Federation protocol usage. When true, uses
            WS-Federation; when false, uses OpenID Connect.
        useCommonEndpoint:
          type: boolean
          description: >-
            When enabled (true), uses the Azure AD common endpoint for
            multi-tenant authentication. Allows users from any Azure AD
            organization to sign in. Requires userid_attribute set to 'sub' (not
            'oid'). Cannot be used with SCIM provisioning. Defaults to false.
        userid_attribute:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject7OptionsUseridAttributeEnum
        waad_protocol:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject7OptionsWaadProtocolEnum
    EventStreamCloudEventConnectionDeletedObject7StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - waad
    EventStreamCloudEventConnectionUpdatedObject0Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject0Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject0ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
        cross_app_access:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject0Options:
      type: object
      description: Options for the 'oidc' connection
      additionalProperties: false
      required:
        - client_id
      properties:
        authorization_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 authorization endpoint
            where users are redirected for authentication. Must be a valid HTTPS
            URL. This endpoint initiates the OAuth 2.0 authorization code flow.
          minLength: 8
          maxLength: 2083
          format: uri
        client_id:
          type: string
          description: >-
            OAuth 2.0 client identifier issued by the identity provider during
            application registration. This value identifies your Auth0
            connection to the identity provider.
          minLength: 0
          maxLength: 255
        connection_settings:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsConnectionSettings
        domain_aliases:
          type: array
          description: >-
            Email domains associated with this connection for Home Realm
            Discovery (HRD). When a user's email matches one of these domains,
            they are automatically routed to this connection during
            authentication.
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        dpop_signing_alg:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsDpopSigningAlgEnum
        federated_connections_access_tokens:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsFederatedConnectionsAccessTokens
        icon_url:
          type: string
          description: https url of the icon to be shown
          minLength: 8
          maxLength: 255
          format: uri
        id_token_session_expiry_supported:
          type: boolean
          description: >-
            Indicates whether the identity provider supports session expiry via
            the id_token. If true, the system will use the session_expiry claim
            in the id_token to determine session expiry.
        id_token_signed_response_algs:
          type: array
          description: >-
            List of algorithms allowed to verify the ID tokens. Applicable when
            strategy=oidc or okta.
          items:
            $ref: >-
              #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsIdTokenSignedResponseAlgsItemEnum
        issuer:
          type: string
          description: >-
            The identity provider's unique issuer identifier URL (e.g.,
            https://accounts.google.com). Must match the 'iss' claim in ID
            tokens from the identity provider.
          minLength: 8
          maxLength: 255
          format: uri
        jwks_uri:
          type: string
          description: >-
            URL of the identity provider's JSON Web Key Set (JWKS) endpoint
            containing public keys for signature verification. Auth0 retrieves
            these keys to validate ID token signatures.
          minLength: 8
          maxLength: 255
          format: uri
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        oidc_metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsOidcMetadata
        schema_version:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsSchemaVersionEnum
        scope:
          type: string
          description: >-
            Space-separated list of OAuth 2.0 scopes requested during
            authorization. Must include 'openid' (required by OIDC spec). Common
            values: 'openid profile email'. Additional scopes depend on the
            identity provider.
          minLength: 6
          maxLength: 255
        send_back_channel_nonce:
          type: boolean
          description: >-
            When true and type is 'back_channel', includes a cryptographic nonce
            in authorization requests to prevent replay attacks. The identity
            provider must include this nonce in the ID token for validation.
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsSetUserRootAttributesEnum
        tenant_domain:
          description: Tenant domain
          type: string
          minLength: 1
          maxLength: 255
        token_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 token endpoint where
            authorization codes are exchanged for access tokens. Must be a valid
            HTTPS URL. Required for authorization code flow but optional for
            implicit flow.
          minLength: 8
          maxLength: 255
          format: uri
        token_endpoint_auth_method:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsTokenEndpointAuthMethodEnum
        token_endpoint_auth_signing_alg:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsTokenEndpointAuthSigningAlgEnum
        token_endpoint_jwtca_aud_format:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsTokenEndpointJwtcaAudFormatEnum
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsUpstreamParams
        userinfo_endpoint:
          type: string
          description: >-
            Optional URL of the identity provider's UserInfo endpoint. When
            configured with attribute mapping, Auth0 calls this endpoint to
            retrieve additional user profile claims using the access token.
          minLength: 8
          maxLength: 255
          format: uri
        attribute_map:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsAttributeMap
        discovery_url:
          type: string
          description: >-
            URL of the identity provider's OIDC Discovery endpoint
            (/.well-known/openid-configuration). When provided and oidc_metadata
            is empty, Auth0 automatically retrieves the provider's configuration
            including endpoints and supported features.
          minLength: 8
          maxLength: 255
          format: uri
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsTypeEnum
    EventStreamCloudEventConnectionUpdatedObject0StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - oidc
    EventStreamCloudEventConnectionUpdatedObject1Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject1ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject1Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject1Options:
      type: object
      description: Options for the 'okta' connection
      additionalProperties: false
      required:
        - client_id
      properties:
        authorization_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 authorization endpoint
            where users are redirected for authentication. Must be a valid HTTPS
            URL. This endpoint initiates the OAuth 2.0 authorization code flow.
          minLength: 8
          maxLength: 2083
          format: uri
        client_id:
          type: string
          description: >-
            OAuth 2.0 client identifier issued by the identity provider during
            application registration. This value identifies your Auth0
            connection to the identity provider.
          minLength: 0
          maxLength: 255
        connection_settings:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsConnectionSettings
        domain_aliases:
          type: array
          description: >-
            Email domains associated with this connection for Home Realm
            Discovery (HRD). When a user's email matches one of these domains,
            they are automatically routed to this connection during
            authentication.
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        dpop_signing_alg:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsDpopSigningAlgEnum
        federated_connections_access_tokens:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsFederatedConnectionsAccessTokens
        icon_url:
          type: string
          description: https url of the icon to be shown
          minLength: 8
          maxLength: 255
          format: uri
        id_token_session_expiry_supported:
          type: boolean
          description: >-
            Indicates whether the identity provider supports session expiry via
            the id_token. If true, the system will use the session_expiry claim
            in the id_token to determine session expiry.
        id_token_signed_response_algs:
          type: array
          description: >-
            List of algorithms allowed to verify the ID tokens. Applicable when
            strategy=oidc or okta.
          items:
            $ref: >-
              #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsIdTokenSignedResponseAlgsItemEnum
        issuer:
          type: string
          description: >-
            The identity provider's unique issuer identifier URL (e.g.,
            https://accounts.google.com). Must match the 'iss' claim in ID
            tokens from the identity provider.
          minLength: 8
          maxLength: 255
          format: uri
        jwks_uri:
          type: string
          description: >-
            URL of the identity provider's JSON Web Key Set (JWKS) endpoint
            containing public keys for signature verification. Auth0 retrieves
            these keys to validate ID token signatures.
          minLength: 8
          maxLength: 255
          format: uri
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        oidc_metadata:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsOidcMetadata
        schema_version:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsSchemaVersionEnum
        scope:
          type: string
          description: >-
            Space-separated list of OAuth 2.0 scopes requested during
            authorization. Must include 'openid' (required by OIDC spec). Common
            values: 'openid profile email'. Additional scopes depend on the
            identity provider.
          minLength: 6
          maxLength: 255
        send_back_channel_nonce:
          type: boolean
          description: >-
            When true and type is 'back_channel', includes a cryptographic nonce
            in authorization requests to prevent replay attacks. The identity
            provider must include this nonce in the ID token for validation.
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsSetUserRootAttributesEnum
        tenant_domain:
          description: Tenant domain
          type: string
          minLength: 1
          maxLength: 255
        token_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 token endpoint where
            authorization codes are exchanged for access tokens. Must be a valid
            HTTPS URL. Required for authorization code flow but optional for
            implicit flow.
          minLength: 8
          maxLength: 255
          format: uri
        token_endpoint_auth_method:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsTokenEndpointAuthMethodEnum
        token_endpoint_auth_signing_alg:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsTokenEndpointAuthSigningAlgEnum
        token_endpoint_jwtca_aud_format:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsTokenEndpointJwtcaAudFormatEnum
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsUpstreamParams
        userinfo_endpoint:
          type: string
          description: >-
            Optional URL of the identity provider's UserInfo endpoint. When
            configured with attribute mapping, Auth0 calls this endpoint to
            retrieve additional user profile claims using the access token.
          minLength: 8
          maxLength: 255
          format: uri
        attribute_map:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsAttributeMap
        domain:
          type: string
          description: >-
            Domain of the Okta organization (e.g., dev-123456.okta.com). Should
            be just the domain of the okta server with no scheme or trailing
            backslash. Discovery runs only when connection.options.oidc_metadata
            is empty and a domain is provided
          minLength: 4
          maxLength: 255
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsTypeEnum
    EventStreamCloudEventConnectionUpdatedObject1StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - okta
    EventStreamCloudEventConnectionUpdatedObject2Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject2ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject2Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject2Options:
      type: object
      description: Options for the 'samlp' connection
      additionalProperties: false
      properties:
        assertion_decryption_settings:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2OptionsAssertionDecryptionSettings
        cert:
          type: string
          description: >-
            X.509 signing certificate from the identity provider in .der format.
            Used to validate signatures in SAML Responses and Assertions. This
            is an alternative to signingCert and is kept for backward
            compatibility. Prefer using signingCert instead.
          minLength: 1
          maxLength: 10240
        cert_rollover_notification:
          type: string
          description: Timestamp of the last certificate expiring soon notification.
          format: date-time
        digestAlgorithm:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2OptionsDigestAlgorithmEnum
        domain_aliases:
          type: array
          description: Domain aliases for the connection
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        entityId:
          description: >-
            The entity identifier (Issuer) for the SAML Service Provider. When
            not provided, defaults to 'urn:auth0:{tenant}:{connection}'. This
            value is included in SAML AuthnRequest messages sent to the identity
            provider.
          type: string
          minLength: 1
          maxLength: 128
        expires:
          type: string
          description: >-
            ISO 8601 formatted datetime indicating when the identity provider's
            signing certificate expires.
          format: date-time
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        idpinitiated:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2OptionsIdpinitiated
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        protocolBinding:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2OptionsProtocolBindingEnum
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2OptionsSetUserRootAttributesEnum
        signatureAlgorithm:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2OptionsSignatureAlgorithmEnum
        signInEndpoint:
          type: string
          description: >-
            Identity provider's SAML SingleSignOnService endpoint URL where
            Auth0 sends SAML authentication requests. This is the primary login
            URL for the SAML connection. Required unless using metadataUrl or
            metadataXml.
          minLength: 8
          maxLength: 2048
          format: uri
        signingCert:
          description: >-
            Base64-encoded X.509 certificate from the identity provider used to
            validate signatures in SAML responses and assertions. The
            certificate is decoded and used for cryptographic signature
            verification.
          type: string
          minLength: 1
          maxLength: 10240
        signSAMLRequest:
          description: >-
            When true, Auth0 signs SAML authentication requests using the
            connection's signing key. The signature includes the request's
            digest and is validated by the identity provider. Defaults to false
            (unsigned requests).
          type: boolean
        subject:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2OptionsSubject
        tenant_domain:
          type: string
          description: >-
            For SAML connections, the tenant domain used to construct the login
            endpoint URL. Can be a string for single-tenant or an array of
            strings for multi-tenant validation.
          minLength: 1
          maxLength: 255
        thumbprints:
          type: array
          description: >-
            SHA-1 thumbprints (fingerprints) of the identity provider's signing
            certificates. Automatically computed from signingCert during
            connection creation. Each thumbprint must be a 40-character
            hexadecimal string.
          minItems: 0
          items:
            type: string
            minLength: 40
            maxLength: 40
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2OptionsUpstreamParams
        debug:
          description: >-
            When true, enables detailed SAML debugging by issuing 'w' (warning)
            events in tenant logs containing SAML request/response details.
            WARNING: Potentially exposes sensitive user information (PII,
            credentials) and should only be enabled temporarily for debugging
            purposes.
          type: boolean
        deflate:
          description: >-
            When true, enables DEFLATE compression for SAML requests sent via
            HTTP-Redirect binding.
          type: boolean
        destinationUrl:
          type: string
          description: >-
            The URL where Auth0 will send SAML authentication requests (the
            Identity Provider's SSO URL). Must be a valid HTTPS URL.
          minLength: 8
          maxLength: 255
          format: uri
        disableSignout:
          description: >-
            When true, disables sending SAML logout requests
            (SingleLogoutService) to the identity provider during user sign-out.
            The user will be logged out of Auth0 but will remain logged into the
            identity provider. Defaults to false (federated logout enabled).
          type: boolean
        fieldsMap:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2OptionsFieldsMap
        global_token_revocation_jwt_iss:
          description: >-
            Expected 'iss' (Issuer) claim value for JWT tokens in Global Token
            Revocation requests from the identity provider. When configured,
            Auth0 validates the JWT issuer matches this value before processing
            token revocation. Must be used together with
            global_token_revocation_jwt_sub.
          type: string
          minLength: 1
          maxLength: 1024
        global_token_revocation_jwt_sub:
          description: >-
            Expected 'sub' (Subject) claim value for JWT tokens in Global Token
            Revocation requests from the identity provider. When configured,
            Auth0 validates the JWT subject matches this value before processing
            token revocation. Must be used together with
            global_token_revocation_jwt_iss.
          type: string
          minLength: 1
          maxLength: 1024
        metadataUrl:
          type: string
          description: >-
            HTTPS URL to the identity provider's SAML metadata document. When
            provided, Auth0 automatically fetches and parses the metadata to
            extract signInEndpoint, signOutEndpoint, signingCert,
            signSAMLRequest, and protocolBinding. Use metadataUrl OR
            metadataXml, not both.
          minLength: 8
          maxLength: 2048
          format: uri
        recipientUrl:
          type: string
          description: >-
            The URL where Auth0 will send SAML authentication requests (the
            Identity Provider's SSO URL). Must be a valid HTTPS URL.
          minLength: 8
          maxLength: 255
          format: uri
        requestTemplate:
          description: >-
            Custom XML template for SAML authentication requests. Supports
            variable substitution using @@variableName@@ syntax. When not
            provided, uses default SAML AuthnRequest template. See
            https://auth0.com/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider#customize-the-request-template
          type: string
          minLength: 1
          maxLength: 10240
        signOutEndpoint:
          type: string
          description: >-
            Identity provider's SAML SingleLogoutService endpoint URL where
            Auth0 sends logout requests for federated sign-out. When not
            provided, defaults to signInEndpoint. Only used if disableSignout is
            false.
          minLength: 8
          maxLength: 2048
          format: uri
        user_id_attribute:
          description: >-
            Custom SAML assertion attribute to use as the unique user
            identifier. When provided, this attribute is prepended to the
            default user_id mapping list with highest priority. Accepts a string
            (single SAML attribute name).
          type: string
          minLength: 1
          maxLength: 2396
    EventStreamCloudEventConnectionUpdatedObject2StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - samlp
    EventStreamCloudEventConnectionUpdatedObject3Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject3ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject3Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject3Options:
      type: object
      description: Options for the 'pingfederate' connection
      additionalProperties: false
      required:
        - pingFederateBaseUrl
      properties:
        assertion_decryption_settings:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3OptionsAssertionDecryptionSettings
        cert:
          type: string
          description: >-
            X.509 signing certificate from the identity provider in .der format.
            Used to validate signatures in SAML Responses and Assertions. This
            is an alternative to signingCert and is kept for backward
            compatibility. Prefer using signingCert instead.
          minLength: 1
          maxLength: 10240
        cert_rollover_notification:
          type: string
          description: Timestamp of the last certificate expiring soon notification.
          format: date-time
        digestAlgorithm:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3OptionsDigestAlgorithmEnum
        domain_aliases:
          type: array
          description: Domain aliases for the connection
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        entityId:
          description: >-
            The entity identifier (Issuer) for the SAML Service Provider. When
            not provided, defaults to 'urn:auth0:{tenant}:{connection}'. This
            value is included in SAML AuthnRequest messages sent to the identity
            provider.
          type: string
          minLength: 1
          maxLength: 128
        expires:
          type: string
          description: >-
            ISO 8601 formatted datetime indicating when the identity provider's
            signing certificate expires.
          format: date-time
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        idpinitiated:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3OptionsIdpinitiated
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        protocolBinding:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3OptionsProtocolBindingEnum
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3OptionsSetUserRootAttributesEnum
        signatureAlgorithm:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3OptionsSignatureAlgorithmEnum
        signInEndpoint:
          type: string
          description: >-
            Identity provider's SAML SingleSignOnService endpoint URL where
            Auth0 sends SAML authentication requests. This is the primary login
            URL for the SAML connection. Required unless using metadataUrl or
            metadataXml.
          minLength: 8
          maxLength: 2048
          format: uri
        signingCert:
          description: >-
            Base64-encoded X.509 certificate from the identity provider used to
            validate signatures in SAML responses and assertions. The
            certificate is decoded and used for cryptographic signature
            verification.
          type: string
          minLength: 1
          maxLength: 10240
        signSAMLRequest:
          description: >-
            When true, Auth0 signs SAML authentication requests using the
            connection's signing key. The signature includes the request's
            digest and is validated by the identity provider. Defaults to false
            (unsigned requests).
          type: boolean
        subject:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3OptionsSubject
        tenant_domain:
          type: string
          description: >-
            For SAML connections, the tenant domain used to construct the login
            endpoint URL. Can be a string for single-tenant or an array of
            strings for multi-tenant validation.
          minLength: 1
          maxLength: 255
        thumbprints:
          type: array
          description: >-
            SHA-1 thumbprints (fingerprints) of the identity provider's signing
            certificates. Automatically computed from signingCert during
            connection creation. Each thumbprint must be a 40-character
            hexadecimal string.
          minItems: 0
          items:
            type: string
            minLength: 40
            maxLength: 40
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3OptionsUpstreamParams
        pingFederateBaseUrl:
          type: string
          description: >-
            URL provided by PingFederate which returns information used for
            creating the connection
          minLength: 8
          maxLength: 256
          format: uri
    EventStreamCloudEventConnectionUpdatedObject3StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - pingfederate
    EventStreamCloudEventConnectionUpdatedObject4Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject4ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject4Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject4Options:
      type: object
      description: Options for the 'adfs' connection
      additionalProperties: false
      properties:
        adfs_server:
          type: string
          description: >-
            ADFS federation metadata host or XML URL used to discover WS-Fed
            endpoints and certificates. Errors if adfs_server and fedMetadataXml
            are both absent.
          minLength: 0
          maxLength: 2048
        cert_rollover_notification:
          type: string
          description: Timestamp of the last certificate expiring soon notification.
          format: date-time
        domain_aliases:
          type: array
          description: >-
            Email domains associated with this connection for Home Realm
            Discovery (HRD). When a user's email matches one of these domains,
            they are automatically routed to this connection during
            authentication.
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        entityId:
          description: >-
            The entity identifier (Issuer) for the ADFS Service Provider. When
            not provided, defaults to 'urn:auth0:{tenant}:{connection}'.
          type: string
          minLength: 1
          maxLength: 128
        fedMetadataXml:
          type: string
          description: >-
            Inline XML alternative to 'adfs_server'. Cannot be set together with
            'adfs_server'.
          minLength: 1
          maxLength: 102400
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        prev_thumbprints:
          type: array
          description: >-
            Array of certificate thumbprints (SHA-128/SHA-256/SHA-512 hex
            hashes) for validating SAML signatures. Used with WS-Federation
            protocol. Maximum 20 thumbprints. Each thumbprint must be a
            hexadecimal string.
          minItems: 0
          items:
            type: string
            description: Certificate thumbprints for ADFS and Azure AD connections.
            minLength: 0
            maxLength: 64
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject4OptionsSetUserRootAttributesEnum
        should_trust_email_verified_connection:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject4OptionsShouldTrustEmailVerifiedConnectionEnum
        signInEndpoint:
          type: string
          description: >-
            Passive Requestor (WS-Fed) sign-in endpoint discovered from metadata
            or provided explicitly.
          minLength: 8
          maxLength: 2048
          format: uri
        tenant_domain:
          description: Tenant domain
          type: string
          minLength: 1
          maxLength: 255
        thumbprints:
          type: array
          description: >-
            Array of certificate thumbprints (SHA-128/SHA-256/SHA-512 hex
            hashes) for validating SAML signatures. Used with WS-Federation
            protocol. Maximum 20 thumbprints. Each thumbprint must be a
            hexadecimal string.
          minItems: 0
          items:
            type: string
            description: Certificate thumbprints for ADFS and Azure AD connections.
            minLength: 0
            maxLength: 64
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject4OptionsUpstreamParams
        user_id_attribute:
          description: >-
            Custom ADFS claim to use as the unique user identifier. When
            provided, this attribute is prepended to the default user_id mapping
            list with highest priority. Accepts a string (single ADFS claim
            name).
          type: string
          minLength: 1
          maxLength: 128
    EventStreamCloudEventConnectionUpdatedObject4StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - adfs
    EventStreamCloudEventConnectionUpdatedObject5Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject5ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject5Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject5Options:
      type: object
      description: Options for the 'ad' connection
      additionalProperties: false
      properties:
        agentIP:
          description: >-
            IP address of the AD connector agent used to validate that
            authentication requests originate from the corporate network for
            Kerberos authentication  (managed by the AD Connector agent).
          type: string
          minLength: 2
          maxLength: 39
        agentMode:
          description: >-
            When enabled, allows direct username/password authentication through
            the AD connector agent instead of WS-Federation protocol (managed by
            the AD Connector agent).
          type: boolean
        agentVersion:
          description: >-
            Version identifier of the installed AD connector agent software
            (managed by the AD Connector agent).
          type: string
          minLength: 5
          maxLength: 12
        brute_force_protection:
          type: boolean
          description: >-
            Enables Auth0's brute force protection to prevent credential
            stuffing attacks. When enabled, blocks suspicious login attempts
            from specific IP addresses after repeated failures.
        certAuth:
          type: boolean
          description: >-
            Enables client SSL certificate authentication for the AD connector,
            requiring HTTPS on the sign-in endpoint
        certs:
          type: array
          description: >-
            Array of X.509 certificates in PEM format used for validating SAML
            signatures from the AD identity provider (managed by the AD
            Connector agent).
          minItems: 0
          items:
            type: string
            minLength: 256
            maxLength: 3072
        disable_cache:
          type: boolean
          description: >-
            When enabled, disables caching of AD connector authentication
            results to ensure real-time validation against the directory
        disable_self_service_change_password:
          type: boolean
          description: >-
            When enabled, hides the 'Forgot Password' link on login pages to
            prevent users from initiating self-service password resets
        domain_aliases:
          type: array
          description: >-
            List of domain names that can be used with identifier-first
            authentication flow to route users to this AD connection; each
            domain must be a valid DNS name up to 256 characters
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        icon_url:
          type: string
          description: https url of the icon to be shown
          minLength: 8
          maxLength: 255
          format: uri
        ips:
          type: array
          description: >-
            Array of IP address ranges in CIDR notation used to determine if
            authentication requests originate from the corporate network for
            Kerberos or certificate authentication.
          minItems: 0
          items:
            type: string
            minLength: 2
            maxLength: 39
        kerberos:
          type: boolean
          description: >-
            Enables Windows Integrated Authentication (Kerberos) for seamless
            SSO when users authenticate from within the corporate network IP
            ranges
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject5OptionsSetUserRootAttributesEnum
        signInEndpoint:
          type: string
          description: >-
            The sign-in endpoint type for the AD-LDAP connector agent (managed
            by the AD Connector agent).
          minLength: 8
          maxLength: 255
          format: uri
        tenant_domain:
          description: Primary AD domain hint used for HRD and discovery.
          type: string
          format: hostname
          minLength: 1
          maxLength: 512
        thumbprints:
          type: array
          description: >-
            Array of certificate SHA-1 thumbprints for validating signatures.
            Managed by Auth0 when using the AD Connector agent.
          minItems: 0
          items:
            type: string
            minLength: 40
            maxLength: 40
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject5OptionsUpstreamParams
    EventStreamCloudEventConnectionUpdatedObject5StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - ad
    EventStreamCloudEventConnectionUpdatedObject6Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject6ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject6Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject6Options:
      type: object
      description: Options for the 'google-apps' connection
      additionalProperties: false
      required:
        - client_id
      properties:
        admin_access_token_expiresin:
          description: >-
            Expiration timestamp for the `admin_access_token` in ISO 8601
            format. Auth0 uses this value to determine when to refresh the
            token.
          type: string
          format: date-time
        allow_setting_login_scopes:
          type: boolean
          description: >-
            When true, allows customization of OAuth scopes requested during
            user login. Custom scopes are appended to the mandatory email and
            profile scopes. When false or omitted, only the default email and
            profile scopes are used. This property is automatically enabled when
            Token Vault or Connected Accounts features are activated.
        api_enable_groups:
          type: boolean
          description: >-
            Enables integration with the Google Workspace Admin SDK Directory
            API for groups. When true, Auth0 can synchronize groups & group
            memberships and supports inbound directory provisioning for groups.
            Defaults to false.
        api_enable_users:
          type: boolean
          description: >-
            Enables integration with the Google Workspace Admin SDK Directory
            API. When true, Auth0 can retrieve extended user attributes (admin
            status, suspension status, group memberships) and supports inbound
            directory provisioning (SCIM). Defaults to true.
        client_id:
          type: string
          description: >-
            Your Google OAuth 2.0 client ID. You can find this in your [Google
            Cloud Console](https://console.cloud.google.com/apis/credentials)
            under the OAuth 2.0 Client IDs section.
          minLength: 1
          maxLength: 128
        domain:
          description: Primary Google Workspace domain name that users must belong to.
          type: string
          minLength: 1
          maxLength: 1024
        domain_aliases:
          type: array
          description: >-
            Email domains associated with this connection for Home Realm
            Discovery (HRD). When a user's email matches one of these domains,
            they are automatically routed to this connection during
            authentication.
          minItems: 0
          items:
            type: string
            description: A domain alias used for Home Realm Discovery.
            minLength: 1
            maxLength: 255
        email:
          type: boolean
          description: Whether the OAuth flow requests the `email` scope.
        ext_agreed_terms:
          type: boolean
          description: Fetches the `agreedToTerms` flag from the Google Directory profile.
        ext_groups:
          type: boolean
          description: >-
            Enables enrichment with Google group memberships (required for
            `ext_groups_extended`).
        ext_groups_extended:
          type: boolean
          description: >-
            Controls whether enriched group entries include `id`, `email`,
            `name` (true) or only the group name (false); can only be set when
            `ext_groups` is true.
        ext_is_admin:
          type: boolean
          description: Fetches the Google Directory admin flag for the signing-in user.
        ext_is_suspended:
          type: boolean
          description: Fetches the Google Directory suspended flag for the signing-in user.
        federated_connections_access_tokens:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject6OptionsFederatedConnectionsAccessTokens
        handle_login_from_social:
          type: boolean
          description: >-
            When enabled, users who sign in with their Google account through a
            social login will be automatically routed to this Google Workspace
            connection if their email domain matches the configured
            tenant_domain or domain_aliases. This ensures enterprise users
            authenticate through their organization's Google Workspace identity
            provider rather than through a generic Google social login, enabling
            access to directory-based attributes and enforcing organizational
            security policies. Defaults to true for new connections.
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        map_user_id_to_id:
          type: boolean
          description: >-
            Determines how Auth0 generates the user_id for Google Workspace
            users. When false (default), the user's email address is used. When
            true, Google's stable numeric user ID is used instead, which
            persists even if the user's email changes. This setting can only be
            configured when creating the connection and cannot be changed
            afterward.
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        profile:
          type: boolean
          description: Whether the OAuth flow requests the `profile` scope.
        scope:
          type: array
          description: >-
            Additional OAuth scopes requested beyond the default `email profile`
            scopes; ignored unless `allow_setting_login_scopes` is true.
          minItems: 1
          items:
            type: string
            minLength: 1
            maxLength: 255
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject6OptionsSetUserRootAttributesEnum
        tenant_domain:
          type: string
          description: >-
            The Google Workspace primary domain used to identify the
            organization during authentication.
          minLength: 1
          maxLength: 255
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject6OptionsUpstreamParams
    EventStreamCloudEventConnectionUpdatedObject6StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - google-apps
    EventStreamCloudEventConnectionUpdatedObject7Authentication:
      type: object
      description: >-
        Configure the purpose of a connection to be used for authentication
        during login.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject7ConnectedAccounts:
      type: object
      description: >-
        Configure the purpose of a connection to be used for connected accounts
        and Token Vault.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject7Metadata:
      type: object
      description: >-
        Metadata associated with the connection in the form of an object with
        string values (max 255 chars).  Maximum of 10 metadata properties
        allowed.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject7Options:
      type: object
      description: Options for the 'waad' connection
      additionalProperties: false
      required:
        - client_id
      properties:
        api_enable_users:
          type: boolean
          description: Enable users API
        app_domain:
          description: >-
            The Azure AD application domain (e.g., 'contoso.onmicrosoft.com').
            Used primarily with WS-Federation protocol and Azure AD v1
            endpoints.
          type: string
          minLength: 0
          maxLength: 255
        app_id:
          type: string
          description: >-
            The Application ID URI (App ID URI) for the Azure AD application.
            Required when using Azure AD v1 with the Resource Owner Password
            flow. Used to identify the resource being requested in OAuth token
            requests.
          minLength: 0
          maxLength: 500
        basic_profile:
          type: boolean
          description: >-
            Includes basic user profile information from Azure AD (name, email,
            given_name, family_name). Always enabled and required - represents
            the minimum profile data retrieved during authentication.
        cert_rollover_notification:
          type: string
          description: Timestamp of the last certificate expiring soon notification.
          format: date-time
        client_id:
          type: string
          description: >-
            OAuth 2.0 client identifier issued by the identity provider during
            application registration. This value identifies your Auth0
            connection to the identity provider.
          minLength: 0
          maxLength: 100
        domain:
          type: string
          description: >-
            The primary Azure AD tenant domain (e.g., 'contoso.onmicrosoft.com'
            or 'contoso.com').
          minLength: 0
          maxLength: 512
        domain_aliases:
          type: array
          description: >-
            Alternative domain names associated with this Azure AD tenant.
            Allows users from multiple verified domains to authenticate through
            this connection. Can be an array of domain strings.
          minItems: 0
          items:
            type: string
            minLength: 0
            maxLength: 255
        ext_groups:
          type: boolean
          description: >-
            When enabled (true), retrieves and stores Azure AD security group
            memberships for the user. Requires Microsoft Graph API permissions
            (Directory.Read.All). Allows configuring max_groups_to_retrieve.
        ext_nested_groups:
          type: boolean
          description: >-
            When true, stores all groups the user is member of, including
            transitive group memberships (groups within groups). When false
            (default), only direct group memberships are included.
        ext_profile:
          type: boolean
          description: >-
            When enabled (true), retrieves extended profile attributes from
            Azure AD via Microsoft Graph API (job title, department, office
            location, etc.). Requires Graph API permissions. Only available with
            Azure AD v1 or when explicitly enabled for v2.
        federated_connections_access_tokens:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject7OptionsFederatedConnectionsAccessTokens
        granted:
          type: boolean
          description: >-
            Indicates whether admin consent has been granted for the required
            Azure AD permissions. Read-only status field managed by Auth0 during
            the OAuth authorization flow.
        icon_url:
          type: string
          description: >-
            URL for the connection icon displayed in Auth0 login pages. Accepts
            HTTPS URLs. Used for visual branding in authentication flows.
          minLength: 8
          maxLength: 255
          format: uri
        identity_api:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject7OptionsIdentityApiEnum
        max_groups_to_retrieve:
          type: string
          description: >-
            Maximum number of Azure AD groups to retrieve per user during
            authentication. Helps prevent performance issues for users in many
            groups. Only applies when ext_groups is enabled. Leave empty to use
            platform default.
          minLength: 0
          maxLength: 10
        non_persistent_attrs:
          type: array
          description: >-
            An array of user fields that should not be stored in the Auth0
            database (https://auth0.com/docs/security/data-security/denylist)
          minItems: 0
          items:
            type: string
            description: A user field name that should not be stored in the Auth0 database.
            minLength: 0
            maxLength: 255
        scope:
          type: array
          description: >-
            OAuth 2.0 scopes to request from Azure AD during authentication.
            Each scope represents a permission (e.g., 'User.Read',
            'Group.Read.All'). Only applies with Microsoft Identity Platform
            v2.0. See Microsoft Graph permissions reference for available
            scopes.
          minItems: 0
          items:
            type: string
            minLength: 0
            maxLength: 100
        set_user_root_attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject7OptionsSetUserRootAttributesEnum
        should_trust_email_verified_connection:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject7OptionsShouldTrustEmailVerifiedConnectionEnum
        tenant_domain:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject7OptionsTenantDomain
        tenantId:
          description: >-
            The Azure AD tenant ID as a UUID. The unique identifier for your
            Azure AD organization. Must be a valid 36-character UUID.
          type: string
          format: uuid
          minLength: 36
          maxLength: 36
        thumbprints:
          type: array
          description: >-
            Array of certificate thumbprints (SHA-128/SHA-256/SHA-512 hex
            hashes) for validating SAML signatures. Used with WS-Federation
            protocol. Maximum 20 thumbprints. Each thumbprint must be a
            hexadecimal string.
          minItems: 0
          items:
            type: string
            description: Certificate thumbprints for ADFS and Azure AD connections.
            minLength: 0
            maxLength: 64
        upstream_params:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject7OptionsUpstreamParams
        use_wsfed:
          type: boolean
          description: >-
            Indicates WS-Federation protocol usage. When true, uses
            WS-Federation; when false, uses OpenID Connect.
        useCommonEndpoint:
          type: boolean
          description: >-
            When enabled (true), uses the Azure AD common endpoint for
            multi-tenant authentication. Allows users from any Azure AD
            organization to sign in. Requires userid_attribute set to 'sub' (not
            'oid'). Cannot be used with SCIM provisioning. Defaults to false.
        userid_attribute:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject7OptionsUseridAttributeEnum
        waad_protocol:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject7OptionsWaadProtocolEnum
    EventStreamCloudEventConnectionUpdatedObject7StrategyEnum:
      type: string
      description: The connection strategy.
      enum:
        - waad
    EventStreamCloudEventGroupCreatedObject0TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - connection
    EventStreamCloudEventGroupCreatedObject1TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - organization
    EventStreamCloudEventGroupCreatedObject2TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - tenant
    EventStreamCloudEventGroupDeletedObject0TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - connection
    EventStreamCloudEventGroupDeletedObject1TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - organization
    EventStreamCloudEventGroupDeletedObject2TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - tenant
    EventStreamCloudEventGroupMemberAddedObjectGroup0:
      type: object
      description: Reference to a connection group
      additionalProperties: false
      required:
        - id
        - type
        - connection_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup0TypeEnum
        connection_id:
          type: string
          description: The connection ID associated with the group.
          pattern: con_[a-zA-Z0-9]{16}
    EventStreamCloudEventGroupMemberAddedObjectGroup1:
      type: object
      description: Reference to an organization group
      additionalProperties: false
      required:
        - id
        - type
        - organization_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup1TypeEnum
        organization_id:
          type: string
          description: The organization ID associated with the group.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventGroupMemberAddedObjectGroup2:
      type: object
      description: Reference to a tenant group
      additionalProperties: false
      required:
        - id
        - type
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberAddedObjectGroup2TypeEnum
    EventStreamCloudEventGroupMemberAddedObjectMember0:
      type: object
      description: A group member of member_type user
      additionalProperties: false
      required:
        - member_type
        - id
      properties:
        member_type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberAddedObjectMember0MemberTypeEnum
        id:
          type: string
          description: The user's unique identifier
    EventStreamCloudEventGroupMemberAddedObjectMember1:
      type: object
      description: A group member of member_type group
      additionalProperties: false
      required:
        - member_type
        - id
        - type
        - connection_id
      properties:
        member_type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberAddedObjectMember1MemberTypeEnum
        id:
          type: string
          description: The connection member's unique identifier
        type:
          type: string
          description: The type of the connection
        connection_id:
          type: string
          description: Connection ID associated with the member
          pattern: con_[a-zA-Z0-9]{16}
    EventStreamCloudEventGroupMemberDeletedObjectGroup0:
      type: object
      description: Reference to a connection group
      additionalProperties: false
      required:
        - id
        - type
        - connection_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup0TypeEnum
        connection_id:
          type: string
          description: The connection ID associated with the group.
          pattern: con_[a-zA-Z0-9]{16}
    EventStreamCloudEventGroupMemberDeletedObjectGroup1:
      type: object
      description: Reference to an organization group
      additionalProperties: false
      required:
        - id
        - type
        - organization_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup1TypeEnum
        organization_id:
          type: string
          description: The organization ID associated with the group.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventGroupMemberDeletedObjectGroup2:
      type: object
      description: Reference to a tenant group
      additionalProperties: false
      required:
        - id
        - type
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectGroup2TypeEnum
    EventStreamCloudEventGroupMemberDeletedObjectMember0:
      type: object
      description: A group member of member_type user
      additionalProperties: false
      required:
        - member_type
        - id
      properties:
        member_type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectMember0MemberTypeEnum
        id:
          type: string
          description: The user's unique identifier
    EventStreamCloudEventGroupMemberDeletedObjectMember1:
      type: object
      description: A group member of member_type group
      additionalProperties: false
      required:
        - member_type
        - id
        - type
        - connection_id
      properties:
        member_type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupMemberDeletedObjectMember1MemberTypeEnum
        id:
          type: string
          description: The connection member's unique identifier
        type:
          type: string
          description: The type of the connection
        connection_id:
          type: string
          description: Connection ID associated with the member
          pattern: con_[a-zA-Z0-9]{16}
    EventStreamCloudEventGroupRoleAssignedObjectGroup0:
      type: object
      description: Reference to a connection group
      additionalProperties: false
      required:
        - id
        - type
        - connection_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup0TypeEnum
        connection_id:
          type: string
          description: The connection ID associated with the group.
          pattern: con_[a-zA-Z0-9]{16}
    EventStreamCloudEventGroupRoleAssignedObjectGroup1:
      type: object
      description: Reference to an organization group
      additionalProperties: false
      required:
        - id
        - type
        - organization_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup1TypeEnum
        organization_id:
          type: string
          description: The organization ID associated with the group.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventGroupRoleAssignedObjectGroup2:
      type: object
      description: Reference to a tenant group
      additionalProperties: false
      required:
        - id
        - type
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleAssignedObjectGroup2TypeEnum
    EventStreamCloudEventGroupRoleDeletedObjectGroup0:
      type: object
      description: Reference to a connection group
      additionalProperties: false
      required:
        - id
        - type
        - connection_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup0TypeEnum
        connection_id:
          type: string
          description: The connection ID associated with the group.
          pattern: con_[a-zA-Z0-9]{16}
    EventStreamCloudEventGroupRoleDeletedObjectGroup1:
      type: object
      description: Reference to an organization group
      additionalProperties: false
      required:
        - id
        - type
        - organization_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup1TypeEnum
        organization_id:
          type: string
          description: The organization ID associated with the group.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventGroupRoleDeletedObjectGroup2:
      type: object
      description: Reference to a tenant group
      additionalProperties: false
      required:
        - id
        - type
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventGroupRoleDeletedObjectGroup2TypeEnum
    EventStreamCloudEventGroupUpdatedObject0TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - connection
    EventStreamCloudEventGroupUpdatedObject1TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - organization
    EventStreamCloudEventGroupUpdatedObject2TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - tenant
    EventStreamCloudEventOrgCreatedObjectBrandingColors:
      type: object
      description: Color scheme used to customize the login pages.
      additionalProperties: false
      properties:
        primary:
          type: string
          description: HEX Color for primary elements.
        page_background:
          type: string
          description: HEX Color for background.
    EventStreamCloudEventOrgGroupRoleAssignedObjectGroup0:
      type: object
      description: Reference to a connection group
      additionalProperties: false
      required:
        - id
        - type
        - connection_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup0TypeEnum
        connection_id:
          type: string
          description: The connection ID associated with the group.
          pattern: con_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgGroupRoleAssignedObjectGroup1:
      type: object
      description: Reference to an organization group
      additionalProperties: false
      required:
        - id
        - type
        - organization_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup1TypeEnum
        organization_id:
          type: string
          description: The organization ID associated with the group.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgGroupRoleAssignedObjectGroup2:
      type: object
      description: Reference to a tenant group
      additionalProperties: false
      required:
        - id
        - type
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleAssignedObjectGroup2TypeEnum
    EventStreamCloudEventOrgGroupRoleDeletedObjectGroup0:
      type: object
      description: Reference to a connection group
      additionalProperties: false
      required:
        - id
        - type
        - connection_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup0TypeEnum
        connection_id:
          type: string
          description: The connection ID associated with the group.
          pattern: con_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgGroupRoleDeletedObjectGroup1:
      type: object
      description: Reference to an organization group
      additionalProperties: false
      required:
        - id
        - type
        - organization_id
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup1TypeEnum
        organization_id:
          type: string
          description: The organization ID associated with the group.
          pattern: org_[a-zA-Z0-9]{16}
    EventStreamCloudEventOrgGroupRoleDeletedObjectGroup2:
      type: object
      description: Reference to a tenant group
      additionalProperties: false
      required:
        - id
        - type
      properties:
        id:
          type: string
          description: The unique identifier for the group.
          pattern: grp_[1-9a-km-zA-HJ-NP-Z]{14,22}
        external_id:
          type: string
          description: The external identifier for the group.
        type:
          $ref: >-
            #/components/schemas/EventStreamCloudEventOrgGroupRoleDeletedObjectGroup2TypeEnum
    EventStreamCloudEventOrgUpdatedObjectBrandingColors:
      type: object
      description: Color scheme used to customize the login pages.
      additionalProperties: false
      properties:
        primary:
          type: string
          description: HEX Color for primary elements.
        page_background:
          type: string
          description: HEX Color for background.
    EventStreamCloudEventUserCreatedObjectIdentitiesItemCustom:
      type: object
      description: The identity object for custom identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomIsSocialEnum
    EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabase:
      type: object
      description: The identity object for database identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseIsSocialEnum
    EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterprise:
      type: object
      description: The identity object for enterprise identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseIsSocialEnum
    EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordless:
      type: object
      description: The identity object for passwordless identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessIsSocialEnum
    EventStreamCloudEventUserCreatedObjectIdentitiesItemSocial:
      type: object
      description: The identity object for social identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialIsSocialEnum
    EventStreamCloudEventUserDeletedObjectIdentitiesItemCustom:
      type: object
      description: The identity object for custom identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomIsSocialEnum
    EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabase:
      type: object
      description: The identity object for database identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseIsSocialEnum
    EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterprise:
      type: object
      description: The identity object for enterprise identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseIsSocialEnum
    EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordless:
      type: object
      description: The identity object for passwordless identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessIsSocialEnum
    EventStreamCloudEventUserDeletedObjectIdentitiesItemSocial:
      type: object
      description: The identity object for social identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialIsSocialEnum
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustom:
      type: object
      description: The identity object for custom identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomIsSocialEnum
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabase:
      type: object
      description: The identity object for database identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseIsSocialEnum
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterprise:
      type: object
      description: The identity object for enterprise identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseIsSocialEnum
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordless:
      type: object
      description: The identity object for passwordless identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessIsSocialEnum
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocial:
      type: object
      description: The identity object for social identity providers.
      additionalProperties: false
      required:
        - connection
        - user_id
        - provider
        - isSocial
      properties:
        connection:
          type: string
          description: Name of the connection containing this identity.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9](-[a-zA-Z0-9]|[a-zA-Z0-9])*$
        user_id:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialUserId
        profileData:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialProfileData
        provider:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialProviderEnum
        isSocial:
          $ref: >-
            #/components/schemas/EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialIsSocialEnum
    EventStreamCloudEventConnectionCreatedObject0OptionsConnectionSettings:
      type: object
      description: >-
        OAuth 2.0 PKCE (Proof Key for Code Exchange) settings. PKCE enhances
        security for public clients by preventing authorization code
        interception attacks. 'auto' (recommended) uses the strongest method
        supported by the IdP.
      additionalProperties: false
      properties:
        pkce:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsConnectionSettingsPkceEnum
    EventStreamCloudEventConnectionCreatedObject0OptionsDpopSigningAlgEnum:
      type: string
      description: >-
        Algorithm used for DPoP proof JWT signing. Applicable when strategy=oidc
        or okta.
      enum:
        - ES256
        - ES384
        - ES512
        - Ed25519
    EventStreamCloudEventConnectionCreatedObject0OptionsFederatedConnectionsAccessTokens:
      type: object
      description: >-
        Configuration for storing identity provider tokens in Auth0's Token
        Vault. When active, Auth0 securely stores access and refresh tokens from
        federated logins, enabling your application to make authenticated API
        calls on behalf of users.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
          description: >-
            Enables refresh tokens and access tokens collection for federated
            connections
    EventStreamCloudEventConnectionCreatedObject0OptionsIdTokenSignedResponseAlgsItemEnum:
      type: string
      description: Algorithm allowed to verify the ID tokens.
      enum:
        - ES256
        - ES384
        - PS256
        - PS384
        - RS256
        - RS384
        - RS512
    EventStreamCloudEventConnectionCreatedObject0OptionsOidcMetadata:
      type: object
      description: >-
        OpenID Connect Provider Metadata as per
        https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
      additionalProperties: false
      required:
        - authorization_endpoint
        - id_token_signing_alg_values_supported
        - issuer
        - jwks_uri
      properties:
        acr_values_supported:
          type: array
          description: >-
            A list of the Authentication Context Class References that this OP
            supports
          minItems: 0
          items:
            type: string
            maxLength: 100
        authorization_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 authorization endpoint
            where users are redirected for authentication. Must be a valid HTTPS
            URL. This endpoint initiates the OAuth 2.0 authorization code flow.
          minLength: 8
          maxLength: 2083
          format: uri
        claim_types_supported:
          type: array
          description: >-
            JSON array containing a list of the Claim Types that the OpenID
            Provider supports. These Claim Types are described in Section 5.6 of
            OpenID Connect Core 1.0 [OpenID.Core]. If omitted, the
            implementation supports only normal Claims.
          minItems: 0
          items:
            type: string
            maxLength: 25
        claims_locales_supported:
          type: array
          description: >-
            Languages and scripts supported for values in Claims being returned,
            represented as a JSON array of BCP47 [RFC5646] language tag values.
            Not all languages and scripts are necessarily supported for all
            Claim values.
          minItems: 0
          items:
            type: string
            maxLength: 50
        claims_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the claims
            parameter, with true indicating support. If omitted, the default
            value is false.
        claims_supported:
          type: array
          description: >-
            JSON array containing a list of the Claim Names of the Claims that
            the OpenID Provider MAY be able to supply values for. Note that for
            privacy or other reasons, this might not be an exhaustive list.
          minItems: 0
          items:
            type: string
            maxLength: 100
        display_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the Token Endpoint for the signature on the JWT
            [JWT] used to authenticate the Client at the Token Endpoint for the
            private_key_jwt and client_secret_jwt authentication methods.
            Servers SHOULD support RS256. The value none MUST NOT be used.
          minItems: 0
          items:
            type: string
            maxLength: 10
        dpop_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported for DPoP proof JWT signing.
          minItems: 0
          items:
            type: string
            maxLength: 14
        end_session_endpoint:
          type: string
          description: >-
            URL of the identity provider's logout/end session endpoint. When
            configured as a static URL, users are redirected here after logging
            out from Auth0. Must use HTTPS scheme.
          minLength: 8
          maxLength: 255
          format: uri
        grant_types_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 Grant Type values that this OP supports.
            Dynamic OpenID Providers MUST support the authorization_code and
            implicit Grant Type values and MAY support other Grant Types. If
            omitted, the default value is ["authorization_code", "implicit"].
          minItems: 0
          items:
            type: string
            maxLength: 100
        id_token_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (alg
            values) supported by the OP for the ID Token to encode the Claims in
            a JWT
          minItems: 0
          items:
            type: string
            maxLength: 14
        id_token_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) supported by the OP for the ID Token to encode the Claims in
            a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 26
        id_token_signing_alg_values_supported:
          type: array
          description: >-
            A list of the JWS signing algorithms (alg values) supported by the
            OP for the ID Token to encode the Claims in a JWT. The algorithm
            RS256 MUST be included. The value none MAY be supported, but MUST
            NOT be used unless the Response Type used returns no ID Token from
            the Authorization Endpoint (such as when using the Authorization
            Code Flow). https://datatracker.ietf.org/doc/html/rfc7518
          minItems: 1
          items:
            type: string
            description: >-
              JWS signing algorithm supported by the IdP for ID Token signing
              (from OIDC discovery metadata).
            maxLength: 10
        issuer:
          type: string
          description: >-
            The identity provider's unique issuer identifier URL (e.g.,
            https://accounts.google.com). Must match the 'iss' claim in ID
            tokens from the identity provider.
          minLength: 8
          maxLength: 255
          format: uri
        jwks_uri:
          type: string
          description: >-
            URL of the identity provider's JSON Web Key Set (JWKS) endpoint
            containing public keys for signature verification. Auth0 retrieves
            these keys to validate ID token signatures.
          minLength: 8
          maxLength: 255
          format: uri
        op_policy_uri:
          type: string
          description: >-
            URL that the OpenID Provider provides to the person registering the
            Client to read about the OPs requirements on how the Relying Party
            can use the data provided by the OP. The registration process SHOULD
            display this URL to the person registering the Client if it is
            given.
          minLength: 8
          maxLength: 255
          format: uri
        op_tos_uri:
          type: string
          description: >-
            URL that the OpenID Provider provides to the person registering the
            Client to read about OpenID Providers terms of service. The
            registration process SHOULD display this URL to the person
            registering the Client if it is given.
          minLength: 8
          maxLength: 255
          format: uri
        registration_endpoint:
          type: string
          description: >-
            URL of the OPs Dynamic Client Registration Endpoint. RECOMMENDED but
            not REQUIRED.
            https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Registration
          minLength: 8
          maxLength: 255
          format: uri
        request_object_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (alg
            values) supported by the OP for Request Objects. These algorithms
            are used both when the Request Object is passed by value and when it
            is passed by reference.
          minItems: 0
          items:
            type: string
            maxLength: 28
        request_object_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) supported by the OP for Request Objects. These algorithms
            are used both when the Request Object is passed by value and when it
            is passed by reference.
          minItems: 0
          items:
            type: string
            maxLength: 26
        request_object_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the OP for Request Objects, which are described
            in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These
            algorithms are used both when the Request Object is passed by value
            (using the request parameter) and when it is passed by reference
            (using the request_uri parameter). Servers SHOULD support none and
            RS256.
          minItems: 0
          items:
            type: string
            maxLength: 10
        request_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the request
            parameter, with true indicating support. If omitted, the default
            value is false.
        request_uri_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the
            request_uri parameter, with true indicating support. If omitted, the
            default value is false.
        require_request_uri_registration:
          type: boolean
          description: >-
            Boolean value specifying whether the OP requires use of the
            request_uri parameter. If omitted, the default value is false.
        response_modes_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 response_mode values that this OP supports.
            If omitted, the default for Dynamic OpenID Providers is ["query",
            "fragment"]
          minItems: 0
          items:
            type: string
            maxLength: 20
        response_types_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 response_type values that this OP supports.
            Dynamic OpenID Providers MUST support the code, id_token, and the
            token id_token Response Type values
          minItems: 1
          items:
            type: string
            maxLength: 40
        scopes_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 [RFC6749] scope values that this server
            supports. The server MUST support the openid scope value. Servers
            MAY choose not to advertise some supported scope values even when
            this parameter is used, although those defined in [OpenID.Core]
            SHOULD be listed, if supported. RECOMMENDED but not REQUIRED
          minItems: 0
          items:
            type: string
            maxLength: 100
        service_documentation:
          type: string
          description: >-
            URL of a page containing human-readable information that developers
            might want or need to know when using the OpenID Provider. In
            particular, if the OpenID Provider does not support Dynamic Client
            Registration, then information on how to register Clients needs to
            be provided in this documentation.
          minLength: 8
          maxLength: 255
          format: uri
        subject_types_supported:
          type: array
          description: >-
            A list of the Subject Identifier types that this OP supports. Valid
            types include pairwise and public
          minItems: 0
          items:
            type: string
            minLength: 0
            maxLength: 100
        token_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 token endpoint where
            authorization codes are exchanged for access tokens. Must be a valid
            HTTPS URL. Required for authorization code flow but optional for
            implicit flow.
          minLength: 8
          maxLength: 255
          format: uri
        token_endpoint_auth_methods_supported:
          type: array
          description: >-
            JSON array containing a list of Client Authentication methods
            supported by this Token Endpoint. The options are
            client_secret_post, client_secret_basic, client_secret_jwt, and
            private_key_jwt, as described in Section 9 of OpenID Connect Core
            1.0 [OpenID.Core]. Other authentication methods MAY be defined by
            extensions. If omitted, the default is client_secret_basic -- the
            HTTP Basic Authentication Scheme specified in Section 2.3.1 of OAuth
            2.0 [RFC6749].
          minItems: 0
          items:
            type: string
            maxLength: 60
        token_endpoint_auth_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the Token Endpoint for the signature on the JWT
            [JWT] used to authenticate the Client at the Token Endpoint for the
            private_key_jwt and client_secret_jwt authentication methods.
            Servers SHOULD support RS256. The value none MUST NOT be used.
          minItems: 0
          items:
            type: string
            maxLength: 10
        ui_locales_supported:
          type: array
          description: >-
            Languages and scripts supported for the user interface, represented
            as a JSON array of BCP47 [RFC5646] language tag values.
          minItems: 0
          items:
            type: string
            maxLength: 50
        userinfo_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE [JWE] encryption algorithms
            (alg values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 10
        userinfo_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 26
        userinfo_endpoint:
          type: string
          description: >-
            Optional URL of the identity provider's UserInfo endpoint. When
            configured with attribute mapping, Auth0 calls this endpoint to
            retrieve additional user profile claims using the access token.
          minLength: 8
          maxLength: 255
          format: uri
        userinfo_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS [JWS] signing algorithms
            (alg values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT]. The value none MAY be included.
          minItems: 0
          items:
            type: string
            maxLength: 10
    EventStreamCloudEventConnectionCreatedObject0OptionsSchemaVersionEnum:
      type: string
      description: The internal schema version of the connection options.
      enum:
        - openid-1.0.0
        - oidc-v4
    EventStreamCloudEventConnectionCreatedObject0OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionCreatedObject0OptionsTokenEndpointAuthMethodEnum:
      type: string
      description: >-
        Authentication method used at the identity provider's token endpoint.
        'client_secret_post' sends credentials in the request body;
        'private_key_jwt' uses a signed JWT assertion for enhanced security.
        Applicable when strategy=oidc or okta.
      enum:
        - client_secret_post
        - private_key_jwt
    EventStreamCloudEventConnectionCreatedObject0OptionsTokenEndpointAuthSigningAlgEnum:
      type: string
      description: >-
        Algorithm used to sign client_assertions. Applicable when strategy=oidc
        or okta.
      enum:
        - ES256
        - ES384
        - PS256
        - PS384
        - RS256
        - RS384
        - RS512
    EventStreamCloudEventConnectionCreatedObject0OptionsTokenEndpointJwtcaAudFormatEnum:
      type: string
      description: >-
        Specifies the format of the aud (audience) claim included in the JWT
        used for client authentication at the token endpoint. Accepted values
        are: 'issuer' (the aud claim is set to the OIDC issuer URL) or
        'token_endpoint' (the aud claim is set to the token endpoint URL).
      enum:
        - issuer
        - token_endpoint
    EventStreamCloudEventConnectionCreatedObject0OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionCreatedObject0OptionsAttributeMap:
      type: object
      description: >-
        Configuration for mapping claims from the identity provider to Auth0
        user profile attributes. Allows customizing which IdP claims populate
        user fields and how they are transformed.
      additionalProperties: false
      properties:
        attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsAttributeMapAttributes
        userinfo_scope:
          type: string
          description: Scopes to send to the IdP's Userinfo endpoint
          minLength: 0
          maxLength: 255
        mapping_mode:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject0OptionsAttributeMapMappingModeEnum
    EventStreamCloudEventConnectionCreatedObject0OptionsTypeEnum:
      type: string
      description: >-
        OIDC communication channel type. 'back_channel' (confidential client)
        exchanges tokens server-side for stronger security; 'front_channel'
        handles responses in the browser.
      enum:
        - back_channel
        - front_channel
    EventStreamCloudEventConnectionCreatedObject1OptionsConnectionSettings:
      type: object
      description: >-
        OAuth 2.0 PKCE (Proof Key for Code Exchange) settings. PKCE enhances
        security for public clients by preventing authorization code
        interception attacks. 'auto' (recommended) uses the strongest method
        supported by the IdP.
      additionalProperties: false
      properties:
        pkce:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsConnectionSettingsPkceEnum
    EventStreamCloudEventConnectionCreatedObject1OptionsDpopSigningAlgEnum:
      type: string
      description: >-
        Algorithm used for DPoP proof JWT signing. Applicable when strategy=oidc
        or okta.
      enum:
        - ES256
        - ES384
        - ES512
        - Ed25519
    EventStreamCloudEventConnectionCreatedObject1OptionsFederatedConnectionsAccessTokens:
      type: object
      description: >-
        Configuration for storing identity provider tokens in Auth0's Token
        Vault. When active, Auth0 securely stores access and refresh tokens from
        federated logins, enabling your application to make authenticated API
        calls on behalf of users.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
          description: >-
            Enables refresh tokens and access tokens collection for federated
            connections
    EventStreamCloudEventConnectionCreatedObject1OptionsIdTokenSignedResponseAlgsItemEnum:
      type: string
      description: Algorithm allowed to verify the ID tokens.
      enum:
        - ES256
        - ES384
        - PS256
        - PS384
        - RS256
        - RS384
        - RS512
    EventStreamCloudEventConnectionCreatedObject1OptionsOidcMetadata:
      type: object
      description: >-
        OpenID Connect Provider Metadata as per
        https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
      additionalProperties: false
      required:
        - authorization_endpoint
        - id_token_signing_alg_values_supported
        - issuer
        - jwks_uri
      properties:
        acr_values_supported:
          type: array
          description: >-
            A list of the Authentication Context Class References that this OP
            supports
          minItems: 0
          items:
            type: string
            maxLength: 100
        authorization_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 authorization endpoint
            where users are redirected for authentication. Must be a valid HTTPS
            URL. This endpoint initiates the OAuth 2.0 authorization code flow.
          minLength: 8
          maxLength: 2083
          format: uri
        claim_types_supported:
          type: array
          description: >-
            JSON array containing a list of the Claim Types that the OpenID
            Provider supports. These Claim Types are described in Section 5.6 of
            OpenID Connect Core 1.0 [OpenID.Core]. If omitted, the
            implementation supports only normal Claims.
          minItems: 0
          items:
            type: string
            maxLength: 25
        claims_locales_supported:
          type: array
          description: >-
            Languages and scripts supported for values in Claims being returned,
            represented as a JSON array of BCP47 [RFC5646] language tag values.
            Not all languages and scripts are necessarily supported for all
            Claim values.
          minItems: 0
          items:
            type: string
            maxLength: 50
        claims_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the claims
            parameter, with true indicating support. If omitted, the default
            value is false.
        claims_supported:
          type: array
          description: >-
            JSON array containing a list of the Claim Names of the Claims that
            the OpenID Provider MAY be able to supply values for. Note that for
            privacy or other reasons, this might not be an exhaustive list.
          minItems: 0
          items:
            type: string
            maxLength: 100
        display_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the Token Endpoint for the signature on the JWT
            [JWT] used to authenticate the Client at the Token Endpoint for the
            private_key_jwt and client_secret_jwt authentication methods.
            Servers SHOULD support RS256. The value none MUST NOT be used.
          minItems: 0
          items:
            type: string
            maxLength: 10
        dpop_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported for DPoP proof JWT signing.
          minItems: 0
          items:
            type: string
            maxLength: 14
        end_session_endpoint:
          type: string
          description: >-
            URL of the identity provider's logout/end session endpoint. When
            configured as a static URL, users are redirected here after logging
            out from Auth0. Must use HTTPS scheme.
          minLength: 8
          maxLength: 255
          format: uri
        grant_types_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 Grant Type values that this OP supports.
            Dynamic OpenID Providers MUST support the authorization_code and
            implicit Grant Type values and MAY support other Grant Types. If
            omitted, the default value is ["authorization_code", "implicit"].
          minItems: 0
          items:
            type: string
            maxLength: 100
        id_token_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (alg
            values) supported by the OP for the ID Token to encode the Claims in
            a JWT
          minItems: 0
          items:
            type: string
            maxLength: 14
        id_token_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) supported by the OP for the ID Token to encode the Claims in
            a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 26
        id_token_signing_alg_values_supported:
          type: array
          description: >-
            A list of the JWS signing algorithms (alg values) supported by the
            OP for the ID Token to encode the Claims in a JWT. The algorithm
            RS256 MUST be included. The value none MAY be supported, but MUST
            NOT be used unless the Response Type used returns no ID Token from
            the Authorization Endpoint (such as when using the Authorization
            Code Flow). https://datatracker.ietf.org/doc/html/rfc7518
          minItems: 1
          items:
            type: string
            description: >-
              JWS signing algorithm supported by the IdP for ID Token signing
              (from OIDC discovery metadata).
            maxLength: 10
        issuer:
          type: string
          description: >-
            The identity provider's unique issuer identifier URL (e.g.,
            https://accounts.google.com). Must match the 'iss' claim in ID
            tokens from the identity provider.
          minLength: 8
          maxLength: 255
          format: uri
        jwks_uri:
          type: string
          description: >-
            URL of the identity provider's JSON Web Key Set (JWKS) endpoint
            containing public keys for signature verification. Auth0 retrieves
            these keys to validate ID token signatures.
          minLength: 8
          maxLength: 255
          format: uri
        op_policy_uri:
          type: string
          description: >-
            URL that the OpenID Provider provides to the person registering the
            Client to read about the OPs requirements on how the Relying Party
            can use the data provided by the OP. The registration process SHOULD
            display this URL to the person registering the Client if it is
            given.
          minLength: 8
          maxLength: 255
          format: uri
        op_tos_uri:
          type: string
          description: >-
            URL that the OpenID Provider provides to the person registering the
            Client to read about OpenID Providers terms of service. The
            registration process SHOULD display this URL to the person
            registering the Client if it is given.
          minLength: 8
          maxLength: 255
          format: uri
        registration_endpoint:
          type: string
          description: >-
            URL of the OPs Dynamic Client Registration Endpoint. RECOMMENDED but
            not REQUIRED.
            https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Registration
          minLength: 8
          maxLength: 255
          format: uri
        request_object_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (alg
            values) supported by the OP for Request Objects. These algorithms
            are used both when the Request Object is passed by value and when it
            is passed by reference.
          minItems: 0
          items:
            type: string
            maxLength: 28
        request_object_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) supported by the OP for Request Objects. These algorithms
            are used both when the Request Object is passed by value and when it
            is passed by reference.
          minItems: 0
          items:
            type: string
            maxLength: 26
        request_object_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the OP for Request Objects, which are described
            in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These
            algorithms are used both when the Request Object is passed by value
            (using the request parameter) and when it is passed by reference
            (using the request_uri parameter). Servers SHOULD support none and
            RS256.
          minItems: 0
          items:
            type: string
            maxLength: 10
        request_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the request
            parameter, with true indicating support. If omitted, the default
            value is false.
        request_uri_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the
            request_uri parameter, with true indicating support. If omitted, the
            default value is false.
        require_request_uri_registration:
          type: boolean
          description: >-
            Boolean value specifying whether the OP requires use of the
            request_uri parameter. If omitted, the default value is false.
        response_modes_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 response_mode values that this OP supports.
            If omitted, the default for Dynamic OpenID Providers is ["query",
            "fragment"]
          minItems: 0
          items:
            type: string
            maxLength: 20
        response_types_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 response_type values that this OP supports.
            Dynamic OpenID Providers MUST support the code, id_token, and the
            token id_token Response Type values
          minItems: 1
          items:
            type: string
            maxLength: 40
        scopes_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 [RFC6749] scope values that this server
            supports. The server MUST support the openid scope value. Servers
            MAY choose not to advertise some supported scope values even when
            this parameter is used, although those defined in [OpenID.Core]
            SHOULD be listed, if supported. RECOMMENDED but not REQUIRED
          minItems: 0
          items:
            type: string
            maxLength: 100
        service_documentation:
          type: string
          description: >-
            URL of a page containing human-readable information that developers
            might want or need to know when using the OpenID Provider. In
            particular, if the OpenID Provider does not support Dynamic Client
            Registration, then information on how to register Clients needs to
            be provided in this documentation.
          minLength: 8
          maxLength: 255
          format: uri
        subject_types_supported:
          type: array
          description: >-
            A list of the Subject Identifier types that this OP supports. Valid
            types include pairwise and public
          minItems: 0
          items:
            type: string
            minLength: 0
            maxLength: 100
        token_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 token endpoint where
            authorization codes are exchanged for access tokens. Must be a valid
            HTTPS URL. Required for authorization code flow but optional for
            implicit flow.
          minLength: 8
          maxLength: 255
          format: uri
        token_endpoint_auth_methods_supported:
          type: array
          description: >-
            JSON array containing a list of Client Authentication methods
            supported by this Token Endpoint. The options are
            client_secret_post, client_secret_basic, client_secret_jwt, and
            private_key_jwt, as described in Section 9 of OpenID Connect Core
            1.0 [OpenID.Core]. Other authentication methods MAY be defined by
            extensions. If omitted, the default is client_secret_basic -- the
            HTTP Basic Authentication Scheme specified in Section 2.3.1 of OAuth
            2.0 [RFC6749].
          minItems: 0
          items:
            type: string
            maxLength: 60
        token_endpoint_auth_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the Token Endpoint for the signature on the JWT
            [JWT] used to authenticate the Client at the Token Endpoint for the
            private_key_jwt and client_secret_jwt authentication methods.
            Servers SHOULD support RS256. The value none MUST NOT be used.
          minItems: 0
          items:
            type: string
            maxLength: 10
        ui_locales_supported:
          type: array
          description: >-
            Languages and scripts supported for the user interface, represented
            as a JSON array of BCP47 [RFC5646] language tag values.
          minItems: 0
          items:
            type: string
            maxLength: 50
        userinfo_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE [JWE] encryption algorithms
            (alg values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 10
        userinfo_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 26
        userinfo_endpoint:
          type: string
          description: >-
            Optional URL of the identity provider's UserInfo endpoint. When
            configured with attribute mapping, Auth0 calls this endpoint to
            retrieve additional user profile claims using the access token.
          minLength: 8
          maxLength: 255
          format: uri
        userinfo_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS [JWS] signing algorithms
            (alg values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT]. The value none MAY be included.
          minItems: 0
          items:
            type: string
            maxLength: 10
    EventStreamCloudEventConnectionCreatedObject1OptionsSchemaVersionEnum:
      type: string
      description: The internal schema version of the connection options.
      enum:
        - openid-1.0.0
        - oidc-v4
    EventStreamCloudEventConnectionCreatedObject1OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionCreatedObject1OptionsTokenEndpointAuthMethodEnum:
      type: string
      description: >-
        Authentication method used at the identity provider's token endpoint.
        'client_secret_post' sends credentials in the request body;
        'private_key_jwt' uses a signed JWT assertion for enhanced security.
        Applicable when strategy=oidc or okta.
      enum:
        - client_secret_post
        - private_key_jwt
    EventStreamCloudEventConnectionCreatedObject1OptionsTokenEndpointAuthSigningAlgEnum:
      type: string
      description: >-
        Algorithm used to sign client_assertions. Applicable when strategy=oidc
        or okta.
      enum:
        - ES256
        - ES384
        - PS256
        - PS384
        - RS256
        - RS384
        - RS512
    EventStreamCloudEventConnectionCreatedObject1OptionsTokenEndpointJwtcaAudFormatEnum:
      type: string
      description: >-
        Specifies the format of the aud (audience) claim included in the JWT
        used for client authentication at the token endpoint. Accepted values
        are: 'issuer' (the aud claim is set to the OIDC issuer URL) or
        'token_endpoint' (the aud claim is set to the token endpoint URL).
      enum:
        - issuer
        - token_endpoint
    EventStreamCloudEventConnectionCreatedObject1OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionCreatedObject1OptionsAttributeMap:
      type: object
      description: Mapping of claims received from the identity provider (IdP)
      additionalProperties: false
      properties:
        attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsAttributeMapAttributes
        userinfo_scope:
          type: string
          description: Scopes to send to the IdP's Userinfo endpoint
          minLength: 0
          maxLength: 255
        mapping_mode:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject1OptionsAttributeMapMappingModeEnum
    EventStreamCloudEventConnectionCreatedObject1OptionsTypeEnum:
      type: string
      description: Connection type
      enum:
        - back_channel
    EventStreamCloudEventConnectionCreatedObject2OptionsAssertionDecryptionSettings:
      type: object
      description: Settings for SAML assertion decryption.
      additionalProperties: false
      required:
        - algorithm_profile
      properties:
        algorithm_exceptions:
          type: array
          description: >-
            A list of insecure algorithms to allow for SAML assertion
            decryption.
          items:
            type: string
            minLength: 1
            maxLength: 100
        algorithm_profile:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2OptionsAssertionDecryptionSettingsAlgorithmProfileEnum
    EventStreamCloudEventConnectionCreatedObject2OptionsDigestAlgorithmEnum:
      type: string
      description: >-
        Algorithm used for computing digest values when signing SAML requests
        and logout requests. Defaults to 'sha256'.
      enum:
        - sha1
        - sha256
    EventStreamCloudEventConnectionCreatedObject2OptionsIdpinitiated:
      type: object
      description: >-
        Configuration for IdP-Initiated SAML Single Sign-On. When enabled,
        allows users to initiate login directly from their SAML identity
        provider without first visiting Auth0. The IdP must include the
        connection parameter in the post-back URL (Assertion Consumer Service
        URL).
      additionalProperties: false
      properties:
        client_authorizequery:
          description: The query string sent to the default application
          type: string
          minLength: 1
          maxLength: 2048
        client_id:
          description: The client ID to use for IdP-initiated login requests.
          type: string
          minLength: 1
          maxLength: 256
        client_protocol:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject2OptionsIdpinitiatedClientProtocolEnum
        enabled:
          description: >-
            When true, enables IdP-initiated login support for this SAML
            connection. Allows users to log in directly from the identity
            provider without first visiting Auth0.
          type: boolean
    EventStreamCloudEventConnectionCreatedObject2OptionsProtocolBindingEnum:
      type: string
      description: >-
        SAML protocol binding mechanism for sending authentication requests to
        the identity provider.
      enum:
        - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
        - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
    EventStreamCloudEventConnectionCreatedObject2OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionCreatedObject2OptionsSignatureAlgorithmEnum:
      type: string
      description: >-
        Algorithm used to sign SAML authentication requests and logout requests
        using the connection's signing key. Common values: 'rsa-sha256' (RSA
        signature with SHA-256 digest) or 'rsa-sha1'. Defaults to 'rsa-sha256'.
      enum:
        - rsa-sha1
        - rsa-sha256
    EventStreamCloudEventConnectionCreatedObject2OptionsSubject:
      type: object
      description: >-
        Certificate Subject Distinguished Name (DN) extracted from the identity
        provider's signing certificate.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionCreatedObject2OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionCreatedObject2OptionsFieldsMap:
      type: object
      description: >-
        Maps SAML assertion attributes from the identity provider to Auth0 user
        profile attributes. Format: { 'auth0_field': 'saml_attribute' } or {
        'auth0_field': ['saml_attr1', 'saml_attr2'] } for fallback options.
        Merged with default mappings for email, name, given_name, family_name,
        and groups.
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionCreatedObject3OptionsAssertionDecryptionSettings:
      type: object
      description: Settings for SAML assertion decryption.
      additionalProperties: false
      required:
        - algorithm_profile
      properties:
        algorithm_exceptions:
          type: array
          description: >-
            A list of insecure algorithms to allow for SAML assertion
            decryption.
          items:
            type: string
            minLength: 1
            maxLength: 100
        algorithm_profile:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3OptionsAssertionDecryptionSettingsAlgorithmProfileEnum
    EventStreamCloudEventConnectionCreatedObject3OptionsDigestAlgorithmEnum:
      type: string
      description: >-
        Algorithm used for computing digest values when signing SAML requests
        and logout requests. Defaults to 'sha256'.
      enum:
        - sha1
        - sha256
    EventStreamCloudEventConnectionCreatedObject3OptionsIdpinitiated:
      type: object
      description: >-
        Configuration for IdP-Initiated SAML Single Sign-On. When enabled,
        allows users to initiate login directly from their SAML identity
        provider without first visiting Auth0. The IdP must include the
        connection parameter in the post-back URL (Assertion Consumer Service
        URL).
      additionalProperties: false
      properties:
        client_authorizequery:
          description: The query string sent to the default application
          type: string
          minLength: 1
          maxLength: 2048
        client_id:
          description: The client ID to use for IdP-initiated login requests.
          type: string
          minLength: 1
          maxLength: 256
        client_protocol:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionCreatedObject3OptionsIdpinitiatedClientProtocolEnum
        enabled:
          description: >-
            When true, enables IdP-initiated login support for this SAML
            connection. Allows users to log in directly from the identity
            provider without first visiting Auth0.
          type: boolean
    EventStreamCloudEventConnectionCreatedObject3OptionsProtocolBindingEnum:
      type: string
      description: >-
        SAML protocol binding mechanism for sending authentication requests to
        the identity provider.
      enum:
        - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
        - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
    EventStreamCloudEventConnectionCreatedObject3OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionCreatedObject3OptionsSignatureAlgorithmEnum:
      type: string
      description: >-
        Algorithm used to sign SAML authentication requests and logout requests
        using the connection's signing key. Common values: 'rsa-sha256' (RSA
        signature with SHA-256 digest) or 'rsa-sha1'. Defaults to 'rsa-sha256'.
      enum:
        - rsa-sha1
        - rsa-sha256
    EventStreamCloudEventConnectionCreatedObject3OptionsSubject:
      type: object
      description: >-
        Certificate Subject Distinguished Name (DN) extracted from the identity
        provider's signing certificate.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionCreatedObject3OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionCreatedObject4OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionCreatedObject4OptionsShouldTrustEmailVerifiedConnectionEnum:
      type: string
      description: Choose how Auth0 sets the email_verified field in the user profile.
      enum:
        - never_set_emails_as_verified
        - always_set_emails_as_verified
    EventStreamCloudEventConnectionCreatedObject4OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionCreatedObject5OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionCreatedObject5OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionCreatedObject6OptionsFederatedConnectionsAccessTokens:
      type: object
      description: >-
        Configuration for storing identity provider tokens in Auth0's Token
        Vault. When active, Auth0 securely stores access and refresh tokens from
        federated logins, enabling your application to make authenticated API
        calls on behalf of users.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
          description: >-
            Enables refresh tokens and access tokens collection for federated
            connections
    EventStreamCloudEventConnectionCreatedObject6OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionCreatedObject6OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionCreatedObject7OptionsFederatedConnectionsAccessTokens:
      type: object
      description: >-
        Configuration for storing identity provider tokens in Auth0's Token
        Vault. When active, Auth0 securely stores access and refresh tokens from
        federated logins, enabling your application to make authenticated API
        calls on behalf of users.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
          description: >-
            Enables refresh tokens and access tokens collection for federated
            connections
    EventStreamCloudEventConnectionCreatedObject7OptionsIdentityApiEnum:
      type: string
      description: >-
        The Azure AD endpoint version for authentication.
        'microsoft-identity-platform-v2.0' (recommended, default) supports
        modern OAuth 2.0 features. 'azure-active-directory-v1.0' is the legacy
        endpoint with protocol limitations. Selection affects available
        features.
      enum:
        - microsoft-identity-platform-v2.0
        - azure-active-directory-v1.0
    EventStreamCloudEventConnectionCreatedObject7OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionCreatedObject7OptionsShouldTrustEmailVerifiedConnectionEnum:
      type: string
      description: Choose how Auth0 sets the email_verified field in the user profile.
      enum:
        - never_set_emails_as_verified
        - always_set_emails_as_verified
    EventStreamCloudEventConnectionCreatedObject7OptionsTenantDomain:
      description: >-
        The Azure AD tenant domain or tenant ID (UUID). Auto-populated from the
        'domain' field. Can be either a hostname (e.g.,
        'contoso.onmicrosoft.com') or a UUID tenant ID.
      anyOf:
        - type: string
          description: Azure AD tenant domain as a hostname (e.g. contoso.onmicrosoft.com).
          minLength: 0
          maxLength: 512
          format: hostname
        - type: string
          description: Azure AD tenant domain as a UUID tenant ID.
          format: uuid
    EventStreamCloudEventConnectionCreatedObject7OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionCreatedObject7OptionsUseridAttributeEnum:
      type: string
      description: >-
        The Azure AD claim to use as the unique user identifier. 'oid' (Object
        ID) is recommended for single-tenant connections and required for SCIM.
        'sub' (Subject) is required for multi-tenant/common endpoint. Only
        applies with OpenID Connect protocol.
      enum:
        - oid
        - sub
    EventStreamCloudEventConnectionCreatedObject7OptionsWaadProtocolEnum:
      type: string
      description: >-
        The authentication protocol for Azure AD v1 endpoints. 'openid-connect'
        (default, recommended) uses modern OAuth 2.0/OIDC. 'ws-federation' is a
        legacy SAML-based protocol for older integrations. Only available with
        Azure AD v1 API.
      enum:
        - ws-federation
        - openid-connect
    EventStreamCloudEventConnectionDeletedObject0OptionsConnectionSettings:
      type: object
      description: >-
        OAuth 2.0 PKCE (Proof Key for Code Exchange) settings. PKCE enhances
        security for public clients by preventing authorization code
        interception attacks. 'auto' (recommended) uses the strongest method
        supported by the IdP.
      additionalProperties: false
      properties:
        pkce:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsConnectionSettingsPkceEnum
    EventStreamCloudEventConnectionDeletedObject0OptionsDpopSigningAlgEnum:
      type: string
      description: >-
        Algorithm used for DPoP proof JWT signing. Applicable when strategy=oidc
        or okta.
      enum:
        - ES256
        - ES384
        - ES512
        - Ed25519
    EventStreamCloudEventConnectionDeletedObject0OptionsFederatedConnectionsAccessTokens:
      type: object
      description: >-
        Configuration for storing identity provider tokens in Auth0's Token
        Vault. When active, Auth0 securely stores access and refresh tokens from
        federated logins, enabling your application to make authenticated API
        calls on behalf of users.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
          description: >-
            Enables refresh tokens and access tokens collection for federated
            connections
    EventStreamCloudEventConnectionDeletedObject0OptionsIdTokenSignedResponseAlgsItemEnum:
      type: string
      description: Algorithm allowed to verify the ID tokens.
      enum:
        - ES256
        - ES384
        - PS256
        - PS384
        - RS256
        - RS384
        - RS512
    EventStreamCloudEventConnectionDeletedObject0OptionsOidcMetadata:
      type: object
      description: >-
        OpenID Connect Provider Metadata as per
        https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
      additionalProperties: false
      required:
        - authorization_endpoint
        - id_token_signing_alg_values_supported
        - issuer
        - jwks_uri
      properties:
        acr_values_supported:
          type: array
          description: >-
            A list of the Authentication Context Class References that this OP
            supports
          minItems: 0
          items:
            type: string
            maxLength: 100
        authorization_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 authorization endpoint
            where users are redirected for authentication. Must be a valid HTTPS
            URL. This endpoint initiates the OAuth 2.0 authorization code flow.
          minLength: 8
          maxLength: 2083
          format: uri
        claim_types_supported:
          type: array
          description: >-
            JSON array containing a list of the Claim Types that the OpenID
            Provider supports. These Claim Types are described in Section 5.6 of
            OpenID Connect Core 1.0 [OpenID.Core]. If omitted, the
            implementation supports only normal Claims.
          minItems: 0
          items:
            type: string
            maxLength: 25
        claims_locales_supported:
          type: array
          description: >-
            Languages and scripts supported for values in Claims being returned,
            represented as a JSON array of BCP47 [RFC5646] language tag values.
            Not all languages and scripts are necessarily supported for all
            Claim values.
          minItems: 0
          items:
            type: string
            maxLength: 50
        claims_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the claims
            parameter, with true indicating support. If omitted, the default
            value is false.
        claims_supported:
          type: array
          description: >-
            JSON array containing a list of the Claim Names of the Claims that
            the OpenID Provider MAY be able to supply values for. Note that for
            privacy or other reasons, this might not be an exhaustive list.
          minItems: 0
          items:
            type: string
            maxLength: 100
        display_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the Token Endpoint for the signature on the JWT
            [JWT] used to authenticate the Client at the Token Endpoint for the
            private_key_jwt and client_secret_jwt authentication methods.
            Servers SHOULD support RS256. The value none MUST NOT be used.
          minItems: 0
          items:
            type: string
            maxLength: 10
        dpop_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported for DPoP proof JWT signing.
          minItems: 0
          items:
            type: string
            maxLength: 14
        end_session_endpoint:
          type: string
          description: >-
            URL of the identity provider's logout/end session endpoint. When
            configured as a static URL, users are redirected here after logging
            out from Auth0. Must use HTTPS scheme.
          minLength: 8
          maxLength: 255
          format: uri
        grant_types_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 Grant Type values that this OP supports.
            Dynamic OpenID Providers MUST support the authorization_code and
            implicit Grant Type values and MAY support other Grant Types. If
            omitted, the default value is ["authorization_code", "implicit"].
          minItems: 0
          items:
            type: string
            maxLength: 100
        id_token_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (alg
            values) supported by the OP for the ID Token to encode the Claims in
            a JWT
          minItems: 0
          items:
            type: string
            maxLength: 14
        id_token_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) supported by the OP for the ID Token to encode the Claims in
            a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 26
        id_token_signing_alg_values_supported:
          type: array
          description: >-
            A list of the JWS signing algorithms (alg values) supported by the
            OP for the ID Token to encode the Claims in a JWT. The algorithm
            RS256 MUST be included. The value none MAY be supported, but MUST
            NOT be used unless the Response Type used returns no ID Token from
            the Authorization Endpoint (such as when using the Authorization
            Code Flow). https://datatracker.ietf.org/doc/html/rfc7518
          minItems: 1
          items:
            type: string
            description: >-
              JWS signing algorithm supported by the IdP for ID Token signing
              (from OIDC discovery metadata).
            maxLength: 10
        issuer:
          type: string
          description: >-
            The identity provider's unique issuer identifier URL (e.g.,
            https://accounts.google.com). Must match the 'iss' claim in ID
            tokens from the identity provider.
          minLength: 8
          maxLength: 255
          format: uri
        jwks_uri:
          type: string
          description: >-
            URL of the identity provider's JSON Web Key Set (JWKS) endpoint
            containing public keys for signature verification. Auth0 retrieves
            these keys to validate ID token signatures.
          minLength: 8
          maxLength: 255
          format: uri
        op_policy_uri:
          type: string
          description: >-
            URL that the OpenID Provider provides to the person registering the
            Client to read about the OPs requirements on how the Relying Party
            can use the data provided by the OP. The registration process SHOULD
            display this URL to the person registering the Client if it is
            given.
          minLength: 8
          maxLength: 255
          format: uri
        op_tos_uri:
          type: string
          description: >-
            URL that the OpenID Provider provides to the person registering the
            Client to read about OpenID Providers terms of service. The
            registration process SHOULD display this URL to the person
            registering the Client if it is given.
          minLength: 8
          maxLength: 255
          format: uri
        registration_endpoint:
          type: string
          description: >-
            URL of the OPs Dynamic Client Registration Endpoint. RECOMMENDED but
            not REQUIRED.
            https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Registration
          minLength: 8
          maxLength: 255
          format: uri
        request_object_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (alg
            values) supported by the OP for Request Objects. These algorithms
            are used both when the Request Object is passed by value and when it
            is passed by reference.
          minItems: 0
          items:
            type: string
            maxLength: 28
        request_object_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) supported by the OP for Request Objects. These algorithms
            are used both when the Request Object is passed by value and when it
            is passed by reference.
          minItems: 0
          items:
            type: string
            maxLength: 26
        request_object_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the OP for Request Objects, which are described
            in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These
            algorithms are used both when the Request Object is passed by value
            (using the request parameter) and when it is passed by reference
            (using the request_uri parameter). Servers SHOULD support none and
            RS256.
          minItems: 0
          items:
            type: string
            maxLength: 10
        request_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the request
            parameter, with true indicating support. If omitted, the default
            value is false.
        request_uri_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the
            request_uri parameter, with true indicating support. If omitted, the
            default value is false.
        require_request_uri_registration:
          type: boolean
          description: >-
            Boolean value specifying whether the OP requires use of the
            request_uri parameter. If omitted, the default value is false.
        response_modes_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 response_mode values that this OP supports.
            If omitted, the default for Dynamic OpenID Providers is ["query",
            "fragment"]
          minItems: 0
          items:
            type: string
            maxLength: 20
        response_types_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 response_type values that this OP supports.
            Dynamic OpenID Providers MUST support the code, id_token, and the
            token id_token Response Type values
          minItems: 1
          items:
            type: string
            maxLength: 40
        scopes_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 [RFC6749] scope values that this server
            supports. The server MUST support the openid scope value. Servers
            MAY choose not to advertise some supported scope values even when
            this parameter is used, although those defined in [OpenID.Core]
            SHOULD be listed, if supported. RECOMMENDED but not REQUIRED
          minItems: 0
          items:
            type: string
            maxLength: 100
        service_documentation:
          type: string
          description: >-
            URL of a page containing human-readable information that developers
            might want or need to know when using the OpenID Provider. In
            particular, if the OpenID Provider does not support Dynamic Client
            Registration, then information on how to register Clients needs to
            be provided in this documentation.
          minLength: 8
          maxLength: 255
          format: uri
        subject_types_supported:
          type: array
          description: >-
            A list of the Subject Identifier types that this OP supports. Valid
            types include pairwise and public
          minItems: 0
          items:
            type: string
            minLength: 0
            maxLength: 100
        token_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 token endpoint where
            authorization codes are exchanged for access tokens. Must be a valid
            HTTPS URL. Required for authorization code flow but optional for
            implicit flow.
          minLength: 8
          maxLength: 255
          format: uri
        token_endpoint_auth_methods_supported:
          type: array
          description: >-
            JSON array containing a list of Client Authentication methods
            supported by this Token Endpoint. The options are
            client_secret_post, client_secret_basic, client_secret_jwt, and
            private_key_jwt, as described in Section 9 of OpenID Connect Core
            1.0 [OpenID.Core]. Other authentication methods MAY be defined by
            extensions. If omitted, the default is client_secret_basic -- the
            HTTP Basic Authentication Scheme specified in Section 2.3.1 of OAuth
            2.0 [RFC6749].
          minItems: 0
          items:
            type: string
            maxLength: 60
        token_endpoint_auth_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the Token Endpoint for the signature on the JWT
            [JWT] used to authenticate the Client at the Token Endpoint for the
            private_key_jwt and client_secret_jwt authentication methods.
            Servers SHOULD support RS256. The value none MUST NOT be used.
          minItems: 0
          items:
            type: string
            maxLength: 10
        ui_locales_supported:
          type: array
          description: >-
            Languages and scripts supported for the user interface, represented
            as a JSON array of BCP47 [RFC5646] language tag values.
          minItems: 0
          items:
            type: string
            maxLength: 50
        userinfo_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE [JWE] encryption algorithms
            (alg values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 10
        userinfo_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 26
        userinfo_endpoint:
          type: string
          description: >-
            Optional URL of the identity provider's UserInfo endpoint. When
            configured with attribute mapping, Auth0 calls this endpoint to
            retrieve additional user profile claims using the access token.
          minLength: 8
          maxLength: 255
          format: uri
        userinfo_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS [JWS] signing algorithms
            (alg values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT]. The value none MAY be included.
          minItems: 0
          items:
            type: string
            maxLength: 10
    EventStreamCloudEventConnectionDeletedObject0OptionsSchemaVersionEnum:
      type: string
      description: The internal schema version of the connection options.
      enum:
        - openid-1.0.0
        - oidc-v4
    EventStreamCloudEventConnectionDeletedObject0OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionDeletedObject0OptionsTokenEndpointAuthMethodEnum:
      type: string
      description: >-
        Authentication method used at the identity provider's token endpoint.
        'client_secret_post' sends credentials in the request body;
        'private_key_jwt' uses a signed JWT assertion for enhanced security.
        Applicable when strategy=oidc or okta.
      enum:
        - client_secret_post
        - private_key_jwt
    EventStreamCloudEventConnectionDeletedObject0OptionsTokenEndpointAuthSigningAlgEnum:
      type: string
      description: >-
        Algorithm used to sign client_assertions. Applicable when strategy=oidc
        or okta.
      enum:
        - ES256
        - ES384
        - PS256
        - PS384
        - RS256
        - RS384
        - RS512
    EventStreamCloudEventConnectionDeletedObject0OptionsTokenEndpointJwtcaAudFormatEnum:
      type: string
      description: >-
        Specifies the format of the aud (audience) claim included in the JWT
        used for client authentication at the token endpoint. Accepted values
        are: 'issuer' (the aud claim is set to the OIDC issuer URL) or
        'token_endpoint' (the aud claim is set to the token endpoint URL).
      enum:
        - issuer
        - token_endpoint
    EventStreamCloudEventConnectionDeletedObject0OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionDeletedObject0OptionsAttributeMap:
      type: object
      description: >-
        Configuration for mapping claims from the identity provider to Auth0
        user profile attributes. Allows customizing which IdP claims populate
        user fields and how they are transformed.
      additionalProperties: false
      properties:
        attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsAttributeMapAttributes
        userinfo_scope:
          type: string
          description: Scopes to send to the IdP's Userinfo endpoint
          minLength: 0
          maxLength: 255
        mapping_mode:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject0OptionsAttributeMapMappingModeEnum
    EventStreamCloudEventConnectionDeletedObject0OptionsTypeEnum:
      type: string
      description: >-
        OIDC communication channel type. 'back_channel' (confidential client)
        exchanges tokens server-side for stronger security; 'front_channel'
        handles responses in the browser.
      enum:
        - back_channel
        - front_channel
    EventStreamCloudEventConnectionDeletedObject1OptionsConnectionSettings:
      type: object
      description: >-
        OAuth 2.0 PKCE (Proof Key for Code Exchange) settings. PKCE enhances
        security for public clients by preventing authorization code
        interception attacks. 'auto' (recommended) uses the strongest method
        supported by the IdP.
      additionalProperties: false
      properties:
        pkce:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsConnectionSettingsPkceEnum
    EventStreamCloudEventConnectionDeletedObject1OptionsDpopSigningAlgEnum:
      type: string
      description: >-
        Algorithm used for DPoP proof JWT signing. Applicable when strategy=oidc
        or okta.
      enum:
        - ES256
        - ES384
        - ES512
        - Ed25519
    EventStreamCloudEventConnectionDeletedObject1OptionsFederatedConnectionsAccessTokens:
      type: object
      description: >-
        Configuration for storing identity provider tokens in Auth0's Token
        Vault. When active, Auth0 securely stores access and refresh tokens from
        federated logins, enabling your application to make authenticated API
        calls on behalf of users.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
          description: >-
            Enables refresh tokens and access tokens collection for federated
            connections
    EventStreamCloudEventConnectionDeletedObject1OptionsIdTokenSignedResponseAlgsItemEnum:
      type: string
      description: Algorithm allowed to verify the ID tokens.
      enum:
        - ES256
        - ES384
        - PS256
        - PS384
        - RS256
        - RS384
        - RS512
    EventStreamCloudEventConnectionDeletedObject1OptionsOidcMetadata:
      type: object
      description: >-
        OpenID Connect Provider Metadata as per
        https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
      additionalProperties: false
      required:
        - authorization_endpoint
        - id_token_signing_alg_values_supported
        - issuer
        - jwks_uri
      properties:
        acr_values_supported:
          type: array
          description: >-
            A list of the Authentication Context Class References that this OP
            supports
          minItems: 0
          items:
            type: string
            maxLength: 100
        authorization_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 authorization endpoint
            where users are redirected for authentication. Must be a valid HTTPS
            URL. This endpoint initiates the OAuth 2.0 authorization code flow.
          minLength: 8
          maxLength: 2083
          format: uri
        claim_types_supported:
          type: array
          description: >-
            JSON array containing a list of the Claim Types that the OpenID
            Provider supports. These Claim Types are described in Section 5.6 of
            OpenID Connect Core 1.0 [OpenID.Core]. If omitted, the
            implementation supports only normal Claims.
          minItems: 0
          items:
            type: string
            maxLength: 25
        claims_locales_supported:
          type: array
          description: >-
            Languages and scripts supported for values in Claims being returned,
            represented as a JSON array of BCP47 [RFC5646] language tag values.
            Not all languages and scripts are necessarily supported for all
            Claim values.
          minItems: 0
          items:
            type: string
            maxLength: 50
        claims_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the claims
            parameter, with true indicating support. If omitted, the default
            value is false.
        claims_supported:
          type: array
          description: >-
            JSON array containing a list of the Claim Names of the Claims that
            the OpenID Provider MAY be able to supply values for. Note that for
            privacy or other reasons, this might not be an exhaustive list.
          minItems: 0
          items:
            type: string
            maxLength: 100
        display_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the Token Endpoint for the signature on the JWT
            [JWT] used to authenticate the Client at the Token Endpoint for the
            private_key_jwt and client_secret_jwt authentication methods.
            Servers SHOULD support RS256. The value none MUST NOT be used.
          minItems: 0
          items:
            type: string
            maxLength: 10
        dpop_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported for DPoP proof JWT signing.
          minItems: 0
          items:
            type: string
            maxLength: 14
        end_session_endpoint:
          type: string
          description: >-
            URL of the identity provider's logout/end session endpoint. When
            configured as a static URL, users are redirected here after logging
            out from Auth0. Must use HTTPS scheme.
          minLength: 8
          maxLength: 255
          format: uri
        grant_types_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 Grant Type values that this OP supports.
            Dynamic OpenID Providers MUST support the authorization_code and
            implicit Grant Type values and MAY support other Grant Types. If
            omitted, the default value is ["authorization_code", "implicit"].
          minItems: 0
          items:
            type: string
            maxLength: 100
        id_token_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (alg
            values) supported by the OP for the ID Token to encode the Claims in
            a JWT
          minItems: 0
          items:
            type: string
            maxLength: 14
        id_token_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) supported by the OP for the ID Token to encode the Claims in
            a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 26
        id_token_signing_alg_values_supported:
          type: array
          description: >-
            A list of the JWS signing algorithms (alg values) supported by the
            OP for the ID Token to encode the Claims in a JWT. The algorithm
            RS256 MUST be included. The value none MAY be supported, but MUST
            NOT be used unless the Response Type used returns no ID Token from
            the Authorization Endpoint (such as when using the Authorization
            Code Flow). https://datatracker.ietf.org/doc/html/rfc7518
          minItems: 1
          items:
            type: string
            description: >-
              JWS signing algorithm supported by the IdP for ID Token signing
              (from OIDC discovery metadata).
            maxLength: 10
        issuer:
          type: string
          description: >-
            The identity provider's unique issuer identifier URL (e.g.,
            https://accounts.google.com). Must match the 'iss' claim in ID
            tokens from the identity provider.
          minLength: 8
          maxLength: 255
          format: uri
        jwks_uri:
          type: string
          description: >-
            URL of the identity provider's JSON Web Key Set (JWKS) endpoint
            containing public keys for signature verification. Auth0 retrieves
            these keys to validate ID token signatures.
          minLength: 8
          maxLength: 255
          format: uri
        op_policy_uri:
          type: string
          description: >-
            URL that the OpenID Provider provides to the person registering the
            Client to read about the OPs requirements on how the Relying Party
            can use the data provided by the OP. The registration process SHOULD
            display this URL to the person registering the Client if it is
            given.
          minLength: 8
          maxLength: 255
          format: uri
        op_tos_uri:
          type: string
          description: >-
            URL that the OpenID Provider provides to the person registering the
            Client to read about OpenID Providers terms of service. The
            registration process SHOULD display this URL to the person
            registering the Client if it is given.
          minLength: 8
          maxLength: 255
          format: uri
        registration_endpoint:
          type: string
          description: >-
            URL of the OPs Dynamic Client Registration Endpoint. RECOMMENDED but
            not REQUIRED.
            https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Registration
          minLength: 8
          maxLength: 255
          format: uri
        request_object_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (alg
            values) supported by the OP for Request Objects. These algorithms
            are used both when the Request Object is passed by value and when it
            is passed by reference.
          minItems: 0
          items:
            type: string
            maxLength: 28
        request_object_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) supported by the OP for Request Objects. These algorithms
            are used both when the Request Object is passed by value and when it
            is passed by reference.
          minItems: 0
          items:
            type: string
            maxLength: 26
        request_object_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the OP for Request Objects, which are described
            in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These
            algorithms are used both when the Request Object is passed by value
            (using the request parameter) and when it is passed by reference
            (using the request_uri parameter). Servers SHOULD support none and
            RS256.
          minItems: 0
          items:
            type: string
            maxLength: 10
        request_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the request
            parameter, with true indicating support. If omitted, the default
            value is false.
        request_uri_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the
            request_uri parameter, with true indicating support. If omitted, the
            default value is false.
        require_request_uri_registration:
          type: boolean
          description: >-
            Boolean value specifying whether the OP requires use of the
            request_uri parameter. If omitted, the default value is false.
        response_modes_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 response_mode values that this OP supports.
            If omitted, the default for Dynamic OpenID Providers is ["query",
            "fragment"]
          minItems: 0
          items:
            type: string
            maxLength: 20
        response_types_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 response_type values that this OP supports.
            Dynamic OpenID Providers MUST support the code, id_token, and the
            token id_token Response Type values
          minItems: 1
          items:
            type: string
            maxLength: 40
        scopes_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 [RFC6749] scope values that this server
            supports. The server MUST support the openid scope value. Servers
            MAY choose not to advertise some supported scope values even when
            this parameter is used, although those defined in [OpenID.Core]
            SHOULD be listed, if supported. RECOMMENDED but not REQUIRED
          minItems: 0
          items:
            type: string
            maxLength: 100
        service_documentation:
          type: string
          description: >-
            URL of a page containing human-readable information that developers
            might want or need to know when using the OpenID Provider. In
            particular, if the OpenID Provider does not support Dynamic Client
            Registration, then information on how to register Clients needs to
            be provided in this documentation.
          minLength: 8
          maxLength: 255
          format: uri
        subject_types_supported:
          type: array
          description: >-
            A list of the Subject Identifier types that this OP supports. Valid
            types include pairwise and public
          minItems: 0
          items:
            type: string
            minLength: 0
            maxLength: 100
        token_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 token endpoint where
            authorization codes are exchanged for access tokens. Must be a valid
            HTTPS URL. Required for authorization code flow but optional for
            implicit flow.
          minLength: 8
          maxLength: 255
          format: uri
        token_endpoint_auth_methods_supported:
          type: array
          description: >-
            JSON array containing a list of Client Authentication methods
            supported by this Token Endpoint. The options are
            client_secret_post, client_secret_basic, client_secret_jwt, and
            private_key_jwt, as described in Section 9 of OpenID Connect Core
            1.0 [OpenID.Core]. Other authentication methods MAY be defined by
            extensions. If omitted, the default is client_secret_basic -- the
            HTTP Basic Authentication Scheme specified in Section 2.3.1 of OAuth
            2.0 [RFC6749].
          minItems: 0
          items:
            type: string
            maxLength: 60
        token_endpoint_auth_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the Token Endpoint for the signature on the JWT
            [JWT] used to authenticate the Client at the Token Endpoint for the
            private_key_jwt and client_secret_jwt authentication methods.
            Servers SHOULD support RS256. The value none MUST NOT be used.
          minItems: 0
          items:
            type: string
            maxLength: 10
        ui_locales_supported:
          type: array
          description: >-
            Languages and scripts supported for the user interface, represented
            as a JSON array of BCP47 [RFC5646] language tag values.
          minItems: 0
          items:
            type: string
            maxLength: 50
        userinfo_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE [JWE] encryption algorithms
            (alg values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 10
        userinfo_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 26
        userinfo_endpoint:
          type: string
          description: >-
            Optional URL of the identity provider's UserInfo endpoint. When
            configured with attribute mapping, Auth0 calls this endpoint to
            retrieve additional user profile claims using the access token.
          minLength: 8
          maxLength: 255
          format: uri
        userinfo_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS [JWS] signing algorithms
            (alg values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT]. The value none MAY be included.
          minItems: 0
          items:
            type: string
            maxLength: 10
    EventStreamCloudEventConnectionDeletedObject1OptionsSchemaVersionEnum:
      type: string
      description: The internal schema version of the connection options.
      enum:
        - openid-1.0.0
        - oidc-v4
    EventStreamCloudEventConnectionDeletedObject1OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionDeletedObject1OptionsTokenEndpointAuthMethodEnum:
      type: string
      description: >-
        Authentication method used at the identity provider's token endpoint.
        'client_secret_post' sends credentials in the request body;
        'private_key_jwt' uses a signed JWT assertion for enhanced security.
        Applicable when strategy=oidc or okta.
      enum:
        - client_secret_post
        - private_key_jwt
    EventStreamCloudEventConnectionDeletedObject1OptionsTokenEndpointAuthSigningAlgEnum:
      type: string
      description: >-
        Algorithm used to sign client_assertions. Applicable when strategy=oidc
        or okta.
      enum:
        - ES256
        - ES384
        - PS256
        - PS384
        - RS256
        - RS384
        - RS512
    EventStreamCloudEventConnectionDeletedObject1OptionsTokenEndpointJwtcaAudFormatEnum:
      type: string
      description: >-
        Specifies the format of the aud (audience) claim included in the JWT
        used for client authentication at the token endpoint. Accepted values
        are: 'issuer' (the aud claim is set to the OIDC issuer URL) or
        'token_endpoint' (the aud claim is set to the token endpoint URL).
      enum:
        - issuer
        - token_endpoint
    EventStreamCloudEventConnectionDeletedObject1OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionDeletedObject1OptionsAttributeMap:
      type: object
      description: Mapping of claims received from the identity provider (IdP)
      additionalProperties: false
      properties:
        attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsAttributeMapAttributes
        userinfo_scope:
          type: string
          description: Scopes to send to the IdP's Userinfo endpoint
          minLength: 0
          maxLength: 255
        mapping_mode:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject1OptionsAttributeMapMappingModeEnum
    EventStreamCloudEventConnectionDeletedObject1OptionsTypeEnum:
      type: string
      description: Connection type
      enum:
        - back_channel
    EventStreamCloudEventConnectionDeletedObject2OptionsAssertionDecryptionSettings:
      type: object
      description: Settings for SAML assertion decryption.
      additionalProperties: false
      required:
        - algorithm_profile
      properties:
        algorithm_exceptions:
          type: array
          description: >-
            A list of insecure algorithms to allow for SAML assertion
            decryption.
          items:
            type: string
            minLength: 1
            maxLength: 100
        algorithm_profile:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2OptionsAssertionDecryptionSettingsAlgorithmProfileEnum
    EventStreamCloudEventConnectionDeletedObject2OptionsDigestAlgorithmEnum:
      type: string
      description: >-
        Algorithm used for computing digest values when signing SAML requests
        and logout requests. Defaults to 'sha256'.
      enum:
        - sha1
        - sha256
    EventStreamCloudEventConnectionDeletedObject2OptionsIdpinitiated:
      type: object
      description: >-
        Configuration for IdP-Initiated SAML Single Sign-On. When enabled,
        allows users to initiate login directly from their SAML identity
        provider without first visiting Auth0. The IdP must include the
        connection parameter in the post-back URL (Assertion Consumer Service
        URL).
      additionalProperties: false
      properties:
        client_authorizequery:
          description: The query string sent to the default application
          type: string
          minLength: 1
          maxLength: 2048
        client_id:
          description: The client ID to use for IdP-initiated login requests.
          type: string
          minLength: 1
          maxLength: 256
        client_protocol:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject2OptionsIdpinitiatedClientProtocolEnum
        enabled:
          description: >-
            When true, enables IdP-initiated login support for this SAML
            connection. Allows users to log in directly from the identity
            provider without first visiting Auth0.
          type: boolean
    EventStreamCloudEventConnectionDeletedObject2OptionsProtocolBindingEnum:
      type: string
      description: >-
        SAML protocol binding mechanism for sending authentication requests to
        the identity provider.
      enum:
        - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
        - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
    EventStreamCloudEventConnectionDeletedObject2OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionDeletedObject2OptionsSignatureAlgorithmEnum:
      type: string
      description: >-
        Algorithm used to sign SAML authentication requests and logout requests
        using the connection's signing key. Common values: 'rsa-sha256' (RSA
        signature with SHA-256 digest) or 'rsa-sha1'. Defaults to 'rsa-sha256'.
      enum:
        - rsa-sha1
        - rsa-sha256
    EventStreamCloudEventConnectionDeletedObject2OptionsSubject:
      type: object
      description: >-
        Certificate Subject Distinguished Name (DN) extracted from the identity
        provider's signing certificate.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionDeletedObject2OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionDeletedObject2OptionsFieldsMap:
      type: object
      description: >-
        Maps SAML assertion attributes from the identity provider to Auth0 user
        profile attributes. Format: { 'auth0_field': 'saml_attribute' } or {
        'auth0_field': ['saml_attr1', 'saml_attr2'] } for fallback options.
        Merged with default mappings for email, name, given_name, family_name,
        and groups.
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionDeletedObject3OptionsAssertionDecryptionSettings:
      type: object
      description: Settings for SAML assertion decryption.
      additionalProperties: false
      required:
        - algorithm_profile
      properties:
        algorithm_exceptions:
          type: array
          description: >-
            A list of insecure algorithms to allow for SAML assertion
            decryption.
          items:
            type: string
            minLength: 1
            maxLength: 100
        algorithm_profile:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3OptionsAssertionDecryptionSettingsAlgorithmProfileEnum
    EventStreamCloudEventConnectionDeletedObject3OptionsDigestAlgorithmEnum:
      type: string
      description: >-
        Algorithm used for computing digest values when signing SAML requests
        and logout requests. Defaults to 'sha256'.
      enum:
        - sha1
        - sha256
    EventStreamCloudEventConnectionDeletedObject3OptionsIdpinitiated:
      type: object
      description: >-
        Configuration for IdP-Initiated SAML Single Sign-On. When enabled,
        allows users to initiate login directly from their SAML identity
        provider without first visiting Auth0. The IdP must include the
        connection parameter in the post-back URL (Assertion Consumer Service
        URL).
      additionalProperties: false
      properties:
        client_authorizequery:
          description: The query string sent to the default application
          type: string
          minLength: 1
          maxLength: 2048
        client_id:
          description: The client ID to use for IdP-initiated login requests.
          type: string
          minLength: 1
          maxLength: 256
        client_protocol:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionDeletedObject3OptionsIdpinitiatedClientProtocolEnum
        enabled:
          description: >-
            When true, enables IdP-initiated login support for this SAML
            connection. Allows users to log in directly from the identity
            provider without first visiting Auth0.
          type: boolean
    EventStreamCloudEventConnectionDeletedObject3OptionsProtocolBindingEnum:
      type: string
      description: >-
        SAML protocol binding mechanism for sending authentication requests to
        the identity provider.
      enum:
        - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
        - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
    EventStreamCloudEventConnectionDeletedObject3OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionDeletedObject3OptionsSignatureAlgorithmEnum:
      type: string
      description: >-
        Algorithm used to sign SAML authentication requests and logout requests
        using the connection's signing key. Common values: 'rsa-sha256' (RSA
        signature with SHA-256 digest) or 'rsa-sha1'. Defaults to 'rsa-sha256'.
      enum:
        - rsa-sha1
        - rsa-sha256
    EventStreamCloudEventConnectionDeletedObject3OptionsSubject:
      type: object
      description: >-
        Certificate Subject Distinguished Name (DN) extracted from the identity
        provider's signing certificate.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionDeletedObject3OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionDeletedObject4OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionDeletedObject4OptionsShouldTrustEmailVerifiedConnectionEnum:
      type: string
      description: Choose how Auth0 sets the email_verified field in the user profile.
      enum:
        - never_set_emails_as_verified
        - always_set_emails_as_verified
    EventStreamCloudEventConnectionDeletedObject4OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionDeletedObject5OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionDeletedObject5OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionDeletedObject6OptionsFederatedConnectionsAccessTokens:
      type: object
      description: >-
        Configuration for storing identity provider tokens in Auth0's Token
        Vault. When active, Auth0 securely stores access and refresh tokens from
        federated logins, enabling your application to make authenticated API
        calls on behalf of users.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
          description: >-
            Enables refresh tokens and access tokens collection for federated
            connections
    EventStreamCloudEventConnectionDeletedObject6OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionDeletedObject6OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionDeletedObject7OptionsFederatedConnectionsAccessTokens:
      type: object
      description: >-
        Configuration for storing identity provider tokens in Auth0's Token
        Vault. When active, Auth0 securely stores access and refresh tokens from
        federated logins, enabling your application to make authenticated API
        calls on behalf of users.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
          description: >-
            Enables refresh tokens and access tokens collection for federated
            connections
    EventStreamCloudEventConnectionDeletedObject7OptionsIdentityApiEnum:
      type: string
      description: >-
        The Azure AD endpoint version for authentication.
        'microsoft-identity-platform-v2.0' (recommended, default) supports
        modern OAuth 2.0 features. 'azure-active-directory-v1.0' is the legacy
        endpoint with protocol limitations. Selection affects available
        features.
      enum:
        - microsoft-identity-platform-v2.0
        - azure-active-directory-v1.0
    EventStreamCloudEventConnectionDeletedObject7OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionDeletedObject7OptionsShouldTrustEmailVerifiedConnectionEnum:
      type: string
      description: Choose how Auth0 sets the email_verified field in the user profile.
      enum:
        - never_set_emails_as_verified
        - always_set_emails_as_verified
    EventStreamCloudEventConnectionDeletedObject7OptionsTenantDomain:
      description: >-
        The Azure AD tenant domain or tenant ID (UUID). Auto-populated from the
        'domain' field. Can be either a hostname (e.g.,
        'contoso.onmicrosoft.com') or a UUID tenant ID.
      anyOf:
        - type: string
          description: Azure AD tenant domain as a hostname (e.g. contoso.onmicrosoft.com).
          minLength: 0
          maxLength: 512
          format: hostname
        - type: string
          description: Azure AD tenant domain as a UUID tenant ID.
          format: uuid
    EventStreamCloudEventConnectionDeletedObject7OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionDeletedObject7OptionsUseridAttributeEnum:
      type: string
      description: >-
        The Azure AD claim to use as the unique user identifier. 'oid' (Object
        ID) is recommended for single-tenant connections and required for SCIM.
        'sub' (Subject) is required for multi-tenant/common endpoint. Only
        applies with OpenID Connect protocol.
      enum:
        - oid
        - sub
    EventStreamCloudEventConnectionDeletedObject7OptionsWaadProtocolEnum:
      type: string
      description: >-
        The authentication protocol for Azure AD v1 endpoints. 'openid-connect'
        (default, recommended) uses modern OAuth 2.0/OIDC. 'ws-federation' is a
        legacy SAML-based protocol for older integrations. Only available with
        Azure AD v1 API.
      enum:
        - ws-federation
        - openid-connect
    EventStreamCloudEventConnectionUpdatedObject0OptionsConnectionSettings:
      type: object
      description: >-
        OAuth 2.0 PKCE (Proof Key for Code Exchange) settings. PKCE enhances
        security for public clients by preventing authorization code
        interception attacks. 'auto' (recommended) uses the strongest method
        supported by the IdP.
      additionalProperties: false
      properties:
        pkce:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsConnectionSettingsPkceEnum
    EventStreamCloudEventConnectionUpdatedObject0OptionsDpopSigningAlgEnum:
      type: string
      description: >-
        Algorithm used for DPoP proof JWT signing. Applicable when strategy=oidc
        or okta.
      enum:
        - ES256
        - ES384
        - ES512
        - Ed25519
    EventStreamCloudEventConnectionUpdatedObject0OptionsFederatedConnectionsAccessTokens:
      type: object
      description: >-
        Configuration for storing identity provider tokens in Auth0's Token
        Vault. When active, Auth0 securely stores access and refresh tokens from
        federated logins, enabling your application to make authenticated API
        calls on behalf of users.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
          description: >-
            Enables refresh tokens and access tokens collection for federated
            connections
    EventStreamCloudEventConnectionUpdatedObject0OptionsIdTokenSignedResponseAlgsItemEnum:
      type: string
      description: Algorithm allowed to verify the ID tokens.
      enum:
        - ES256
        - ES384
        - PS256
        - PS384
        - RS256
        - RS384
        - RS512
    EventStreamCloudEventConnectionUpdatedObject0OptionsOidcMetadata:
      type: object
      description: >-
        OpenID Connect Provider Metadata as per
        https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
      additionalProperties: false
      required:
        - authorization_endpoint
        - id_token_signing_alg_values_supported
        - issuer
        - jwks_uri
      properties:
        acr_values_supported:
          type: array
          description: >-
            A list of the Authentication Context Class References that this OP
            supports
          minItems: 0
          items:
            type: string
            maxLength: 100
        authorization_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 authorization endpoint
            where users are redirected for authentication. Must be a valid HTTPS
            URL. This endpoint initiates the OAuth 2.0 authorization code flow.
          minLength: 8
          maxLength: 2083
          format: uri
        claim_types_supported:
          type: array
          description: >-
            JSON array containing a list of the Claim Types that the OpenID
            Provider supports. These Claim Types are described in Section 5.6 of
            OpenID Connect Core 1.0 [OpenID.Core]. If omitted, the
            implementation supports only normal Claims.
          minItems: 0
          items:
            type: string
            maxLength: 25
        claims_locales_supported:
          type: array
          description: >-
            Languages and scripts supported for values in Claims being returned,
            represented as a JSON array of BCP47 [RFC5646] language tag values.
            Not all languages and scripts are necessarily supported for all
            Claim values.
          minItems: 0
          items:
            type: string
            maxLength: 50
        claims_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the claims
            parameter, with true indicating support. If omitted, the default
            value is false.
        claims_supported:
          type: array
          description: >-
            JSON array containing a list of the Claim Names of the Claims that
            the OpenID Provider MAY be able to supply values for. Note that for
            privacy or other reasons, this might not be an exhaustive list.
          minItems: 0
          items:
            type: string
            maxLength: 100
        display_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the Token Endpoint for the signature on the JWT
            [JWT] used to authenticate the Client at the Token Endpoint for the
            private_key_jwt and client_secret_jwt authentication methods.
            Servers SHOULD support RS256. The value none MUST NOT be used.
          minItems: 0
          items:
            type: string
            maxLength: 10
        dpop_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported for DPoP proof JWT signing.
          minItems: 0
          items:
            type: string
            maxLength: 14
        end_session_endpoint:
          type: string
          description: >-
            URL of the identity provider's logout/end session endpoint. When
            configured as a static URL, users are redirected here after logging
            out from Auth0. Must use HTTPS scheme.
          minLength: 8
          maxLength: 255
          format: uri
        grant_types_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 Grant Type values that this OP supports.
            Dynamic OpenID Providers MUST support the authorization_code and
            implicit Grant Type values and MAY support other Grant Types. If
            omitted, the default value is ["authorization_code", "implicit"].
          minItems: 0
          items:
            type: string
            maxLength: 100
        id_token_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (alg
            values) supported by the OP for the ID Token to encode the Claims in
            a JWT
          minItems: 0
          items:
            type: string
            maxLength: 14
        id_token_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) supported by the OP for the ID Token to encode the Claims in
            a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 26
        id_token_signing_alg_values_supported:
          type: array
          description: >-
            A list of the JWS signing algorithms (alg values) supported by the
            OP for the ID Token to encode the Claims in a JWT. The algorithm
            RS256 MUST be included. The value none MAY be supported, but MUST
            NOT be used unless the Response Type used returns no ID Token from
            the Authorization Endpoint (such as when using the Authorization
            Code Flow). https://datatracker.ietf.org/doc/html/rfc7518
          minItems: 1
          items:
            type: string
            description: >-
              JWS signing algorithm supported by the IdP for ID Token signing
              (from OIDC discovery metadata).
            maxLength: 10
        issuer:
          type: string
          description: >-
            The identity provider's unique issuer identifier URL (e.g.,
            https://accounts.google.com). Must match the 'iss' claim in ID
            tokens from the identity provider.
          minLength: 8
          maxLength: 255
          format: uri
        jwks_uri:
          type: string
          description: >-
            URL of the identity provider's JSON Web Key Set (JWKS) endpoint
            containing public keys for signature verification. Auth0 retrieves
            these keys to validate ID token signatures.
          minLength: 8
          maxLength: 255
          format: uri
        op_policy_uri:
          type: string
          description: >-
            URL that the OpenID Provider provides to the person registering the
            Client to read about the OPs requirements on how the Relying Party
            can use the data provided by the OP. The registration process SHOULD
            display this URL to the person registering the Client if it is
            given.
          minLength: 8
          maxLength: 255
          format: uri
        op_tos_uri:
          type: string
          description: >-
            URL that the OpenID Provider provides to the person registering the
            Client to read about OpenID Providers terms of service. The
            registration process SHOULD display this URL to the person
            registering the Client if it is given.
          minLength: 8
          maxLength: 255
          format: uri
        registration_endpoint:
          type: string
          description: >-
            URL of the OPs Dynamic Client Registration Endpoint. RECOMMENDED but
            not REQUIRED.
            https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Registration
          minLength: 8
          maxLength: 255
          format: uri
        request_object_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (alg
            values) supported by the OP for Request Objects. These algorithms
            are used both when the Request Object is passed by value and when it
            is passed by reference.
          minItems: 0
          items:
            type: string
            maxLength: 28
        request_object_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) supported by the OP for Request Objects. These algorithms
            are used both when the Request Object is passed by value and when it
            is passed by reference.
          minItems: 0
          items:
            type: string
            maxLength: 26
        request_object_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the OP for Request Objects, which are described
            in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These
            algorithms are used both when the Request Object is passed by value
            (using the request parameter) and when it is passed by reference
            (using the request_uri parameter). Servers SHOULD support none and
            RS256.
          minItems: 0
          items:
            type: string
            maxLength: 10
        request_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the request
            parameter, with true indicating support. If omitted, the default
            value is false.
        request_uri_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the
            request_uri parameter, with true indicating support. If omitted, the
            default value is false.
        require_request_uri_registration:
          type: boolean
          description: >-
            Boolean value specifying whether the OP requires use of the
            request_uri parameter. If omitted, the default value is false.
        response_modes_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 response_mode values that this OP supports.
            If omitted, the default for Dynamic OpenID Providers is ["query",
            "fragment"]
          minItems: 0
          items:
            type: string
            maxLength: 20
        response_types_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 response_type values that this OP supports.
            Dynamic OpenID Providers MUST support the code, id_token, and the
            token id_token Response Type values
          minItems: 1
          items:
            type: string
            maxLength: 40
        scopes_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 [RFC6749] scope values that this server
            supports. The server MUST support the openid scope value. Servers
            MAY choose not to advertise some supported scope values even when
            this parameter is used, although those defined in [OpenID.Core]
            SHOULD be listed, if supported. RECOMMENDED but not REQUIRED
          minItems: 0
          items:
            type: string
            maxLength: 100
        service_documentation:
          type: string
          description: >-
            URL of a page containing human-readable information that developers
            might want or need to know when using the OpenID Provider. In
            particular, if the OpenID Provider does not support Dynamic Client
            Registration, then information on how to register Clients needs to
            be provided in this documentation.
          minLength: 8
          maxLength: 255
          format: uri
        subject_types_supported:
          type: array
          description: >-
            A list of the Subject Identifier types that this OP supports. Valid
            types include pairwise and public
          minItems: 0
          items:
            type: string
            minLength: 0
            maxLength: 100
        token_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 token endpoint where
            authorization codes are exchanged for access tokens. Must be a valid
            HTTPS URL. Required for authorization code flow but optional for
            implicit flow.
          minLength: 8
          maxLength: 255
          format: uri
        token_endpoint_auth_methods_supported:
          type: array
          description: >-
            JSON array containing a list of Client Authentication methods
            supported by this Token Endpoint. The options are
            client_secret_post, client_secret_basic, client_secret_jwt, and
            private_key_jwt, as described in Section 9 of OpenID Connect Core
            1.0 [OpenID.Core]. Other authentication methods MAY be defined by
            extensions. If omitted, the default is client_secret_basic -- the
            HTTP Basic Authentication Scheme specified in Section 2.3.1 of OAuth
            2.0 [RFC6749].
          minItems: 0
          items:
            type: string
            maxLength: 60
        token_endpoint_auth_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the Token Endpoint for the signature on the JWT
            [JWT] used to authenticate the Client at the Token Endpoint for the
            private_key_jwt and client_secret_jwt authentication methods.
            Servers SHOULD support RS256. The value none MUST NOT be used.
          minItems: 0
          items:
            type: string
            maxLength: 10
        ui_locales_supported:
          type: array
          description: >-
            Languages and scripts supported for the user interface, represented
            as a JSON array of BCP47 [RFC5646] language tag values.
          minItems: 0
          items:
            type: string
            maxLength: 50
        userinfo_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE [JWE] encryption algorithms
            (alg values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 10
        userinfo_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 26
        userinfo_endpoint:
          type: string
          description: >-
            Optional URL of the identity provider's UserInfo endpoint. When
            configured with attribute mapping, Auth0 calls this endpoint to
            retrieve additional user profile claims using the access token.
          minLength: 8
          maxLength: 255
          format: uri
        userinfo_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS [JWS] signing algorithms
            (alg values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT]. The value none MAY be included.
          minItems: 0
          items:
            type: string
            maxLength: 10
    EventStreamCloudEventConnectionUpdatedObject0OptionsSchemaVersionEnum:
      type: string
      description: The internal schema version of the connection options.
      enum:
        - openid-1.0.0
        - oidc-v4
    EventStreamCloudEventConnectionUpdatedObject0OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionUpdatedObject0OptionsTokenEndpointAuthMethodEnum:
      type: string
      description: >-
        Authentication method used at the identity provider's token endpoint.
        'client_secret_post' sends credentials in the request body;
        'private_key_jwt' uses a signed JWT assertion for enhanced security.
        Applicable when strategy=oidc or okta.
      enum:
        - client_secret_post
        - private_key_jwt
    EventStreamCloudEventConnectionUpdatedObject0OptionsTokenEndpointAuthSigningAlgEnum:
      type: string
      description: >-
        Algorithm used to sign client_assertions. Applicable when strategy=oidc
        or okta.
      enum:
        - ES256
        - ES384
        - PS256
        - PS384
        - RS256
        - RS384
        - RS512
    EventStreamCloudEventConnectionUpdatedObject0OptionsTokenEndpointJwtcaAudFormatEnum:
      type: string
      description: >-
        Specifies the format of the aud (audience) claim included in the JWT
        used for client authentication at the token endpoint. Accepted values
        are: 'issuer' (the aud claim is set to the OIDC issuer URL) or
        'token_endpoint' (the aud claim is set to the token endpoint URL).
      enum:
        - issuer
        - token_endpoint
    EventStreamCloudEventConnectionUpdatedObject0OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject0OptionsAttributeMap:
      type: object
      description: >-
        Configuration for mapping claims from the identity provider to Auth0
        user profile attributes. Allows customizing which IdP claims populate
        user fields and how they are transformed.
      additionalProperties: false
      properties:
        attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsAttributeMapAttributes
        userinfo_scope:
          type: string
          description: Scopes to send to the IdP's Userinfo endpoint
          minLength: 0
          maxLength: 255
        mapping_mode:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject0OptionsAttributeMapMappingModeEnum
    EventStreamCloudEventConnectionUpdatedObject0OptionsTypeEnum:
      type: string
      description: >-
        OIDC communication channel type. 'back_channel' (confidential client)
        exchanges tokens server-side for stronger security; 'front_channel'
        handles responses in the browser.
      enum:
        - back_channel
        - front_channel
    EventStreamCloudEventConnectionUpdatedObject1OptionsConnectionSettings:
      type: object
      description: >-
        OAuth 2.0 PKCE (Proof Key for Code Exchange) settings. PKCE enhances
        security for public clients by preventing authorization code
        interception attacks. 'auto' (recommended) uses the strongest method
        supported by the IdP.
      additionalProperties: false
      properties:
        pkce:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsConnectionSettingsPkceEnum
    EventStreamCloudEventConnectionUpdatedObject1OptionsDpopSigningAlgEnum:
      type: string
      description: >-
        Algorithm used for DPoP proof JWT signing. Applicable when strategy=oidc
        or okta.
      enum:
        - ES256
        - ES384
        - ES512
        - Ed25519
    EventStreamCloudEventConnectionUpdatedObject1OptionsFederatedConnectionsAccessTokens:
      type: object
      description: >-
        Configuration for storing identity provider tokens in Auth0's Token
        Vault. When active, Auth0 securely stores access and refresh tokens from
        federated logins, enabling your application to make authenticated API
        calls on behalf of users.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
          description: >-
            Enables refresh tokens and access tokens collection for federated
            connections
    EventStreamCloudEventConnectionUpdatedObject1OptionsIdTokenSignedResponseAlgsItemEnum:
      type: string
      description: Algorithm allowed to verify the ID tokens.
      enum:
        - ES256
        - ES384
        - PS256
        - PS384
        - RS256
        - RS384
        - RS512
    EventStreamCloudEventConnectionUpdatedObject1OptionsOidcMetadata:
      type: object
      description: >-
        OpenID Connect Provider Metadata as per
        https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
      additionalProperties: false
      required:
        - authorization_endpoint
        - id_token_signing_alg_values_supported
        - issuer
        - jwks_uri
      properties:
        acr_values_supported:
          type: array
          description: >-
            A list of the Authentication Context Class References that this OP
            supports
          minItems: 0
          items:
            type: string
            maxLength: 100
        authorization_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 authorization endpoint
            where users are redirected for authentication. Must be a valid HTTPS
            URL. This endpoint initiates the OAuth 2.0 authorization code flow.
          minLength: 8
          maxLength: 2083
          format: uri
        claim_types_supported:
          type: array
          description: >-
            JSON array containing a list of the Claim Types that the OpenID
            Provider supports. These Claim Types are described in Section 5.6 of
            OpenID Connect Core 1.0 [OpenID.Core]. If omitted, the
            implementation supports only normal Claims.
          minItems: 0
          items:
            type: string
            maxLength: 25
        claims_locales_supported:
          type: array
          description: >-
            Languages and scripts supported for values in Claims being returned,
            represented as a JSON array of BCP47 [RFC5646] language tag values.
            Not all languages and scripts are necessarily supported for all
            Claim values.
          minItems: 0
          items:
            type: string
            maxLength: 50
        claims_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the claims
            parameter, with true indicating support. If omitted, the default
            value is false.
        claims_supported:
          type: array
          description: >-
            JSON array containing a list of the Claim Names of the Claims that
            the OpenID Provider MAY be able to supply values for. Note that for
            privacy or other reasons, this might not be an exhaustive list.
          minItems: 0
          items:
            type: string
            maxLength: 100
        display_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the Token Endpoint for the signature on the JWT
            [JWT] used to authenticate the Client at the Token Endpoint for the
            private_key_jwt and client_secret_jwt authentication methods.
            Servers SHOULD support RS256. The value none MUST NOT be used.
          minItems: 0
          items:
            type: string
            maxLength: 10
        dpop_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported for DPoP proof JWT signing.
          minItems: 0
          items:
            type: string
            maxLength: 14
        end_session_endpoint:
          type: string
          description: >-
            URL of the identity provider's logout/end session endpoint. When
            configured as a static URL, users are redirected here after logging
            out from Auth0. Must use HTTPS scheme.
          minLength: 8
          maxLength: 255
          format: uri
        grant_types_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 Grant Type values that this OP supports.
            Dynamic OpenID Providers MUST support the authorization_code and
            implicit Grant Type values and MAY support other Grant Types. If
            omitted, the default value is ["authorization_code", "implicit"].
          minItems: 0
          items:
            type: string
            maxLength: 100
        id_token_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (alg
            values) supported by the OP for the ID Token to encode the Claims in
            a JWT
          minItems: 0
          items:
            type: string
            maxLength: 14
        id_token_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) supported by the OP for the ID Token to encode the Claims in
            a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 26
        id_token_signing_alg_values_supported:
          type: array
          description: >-
            A list of the JWS signing algorithms (alg values) supported by the
            OP for the ID Token to encode the Claims in a JWT. The algorithm
            RS256 MUST be included. The value none MAY be supported, but MUST
            NOT be used unless the Response Type used returns no ID Token from
            the Authorization Endpoint (such as when using the Authorization
            Code Flow). https://datatracker.ietf.org/doc/html/rfc7518
          minItems: 1
          items:
            type: string
            description: >-
              JWS signing algorithm supported by the IdP for ID Token signing
              (from OIDC discovery metadata).
            maxLength: 10
        issuer:
          type: string
          description: >-
            The identity provider's unique issuer identifier URL (e.g.,
            https://accounts.google.com). Must match the 'iss' claim in ID
            tokens from the identity provider.
          minLength: 8
          maxLength: 255
          format: uri
        jwks_uri:
          type: string
          description: >-
            URL of the identity provider's JSON Web Key Set (JWKS) endpoint
            containing public keys for signature verification. Auth0 retrieves
            these keys to validate ID token signatures.
          minLength: 8
          maxLength: 255
          format: uri
        op_policy_uri:
          type: string
          description: >-
            URL that the OpenID Provider provides to the person registering the
            Client to read about the OPs requirements on how the Relying Party
            can use the data provided by the OP. The registration process SHOULD
            display this URL to the person registering the Client if it is
            given.
          minLength: 8
          maxLength: 255
          format: uri
        op_tos_uri:
          type: string
          description: >-
            URL that the OpenID Provider provides to the person registering the
            Client to read about OpenID Providers terms of service. The
            registration process SHOULD display this URL to the person
            registering the Client if it is given.
          minLength: 8
          maxLength: 255
          format: uri
        registration_endpoint:
          type: string
          description: >-
            URL of the OPs Dynamic Client Registration Endpoint. RECOMMENDED but
            not REQUIRED.
            https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Registration
          minLength: 8
          maxLength: 255
          format: uri
        request_object_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (alg
            values) supported by the OP for Request Objects. These algorithms
            are used both when the Request Object is passed by value and when it
            is passed by reference.
          minItems: 0
          items:
            type: string
            maxLength: 28
        request_object_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) supported by the OP for Request Objects. These algorithms
            are used both when the Request Object is passed by value and when it
            is passed by reference.
          minItems: 0
          items:
            type: string
            maxLength: 26
        request_object_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the OP for Request Objects, which are described
            in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These
            algorithms are used both when the Request Object is passed by value
            (using the request parameter) and when it is passed by reference
            (using the request_uri parameter). Servers SHOULD support none and
            RS256.
          minItems: 0
          items:
            type: string
            maxLength: 10
        request_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the request
            parameter, with true indicating support. If omitted, the default
            value is false.
        request_uri_parameter_supported:
          type: boolean
          description: >-
            Boolean value specifying whether the OP supports use of the
            request_uri parameter, with true indicating support. If omitted, the
            default value is false.
        require_request_uri_registration:
          type: boolean
          description: >-
            Boolean value specifying whether the OP requires use of the
            request_uri parameter. If omitted, the default value is false.
        response_modes_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 response_mode values that this OP supports.
            If omitted, the default for Dynamic OpenID Providers is ["query",
            "fragment"]
          minItems: 0
          items:
            type: string
            maxLength: 20
        response_types_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 response_type values that this OP supports.
            Dynamic OpenID Providers MUST support the code, id_token, and the
            token id_token Response Type values
          minItems: 1
          items:
            type: string
            maxLength: 40
        scopes_supported:
          type: array
          description: >-
            A list of the OAuth 2.0 [RFC6749] scope values that this server
            supports. The server MUST support the openid scope value. Servers
            MAY choose not to advertise some supported scope values even when
            this parameter is used, although those defined in [OpenID.Core]
            SHOULD be listed, if supported. RECOMMENDED but not REQUIRED
          minItems: 0
          items:
            type: string
            maxLength: 100
        service_documentation:
          type: string
          description: >-
            URL of a page containing human-readable information that developers
            might want or need to know when using the OpenID Provider. In
            particular, if the OpenID Provider does not support Dynamic Client
            Registration, then information on how to register Clients needs to
            be provided in this documentation.
          minLength: 8
          maxLength: 255
          format: uri
        subject_types_supported:
          type: array
          description: >-
            A list of the Subject Identifier types that this OP supports. Valid
            types include pairwise and public
          minItems: 0
          items:
            type: string
            minLength: 0
            maxLength: 100
        token_endpoint:
          type: string
          description: >-
            URL of the identity provider's OAuth 2.0 token endpoint where
            authorization codes are exchanged for access tokens. Must be a valid
            HTTPS URL. Required for authorization code flow but optional for
            implicit flow.
          minLength: 8
          maxLength: 255
          format: uri
        token_endpoint_auth_methods_supported:
          type: array
          description: >-
            JSON array containing a list of Client Authentication methods
            supported by this Token Endpoint. The options are
            client_secret_post, client_secret_basic, client_secret_jwt, and
            private_key_jwt, as described in Section 9 of OpenID Connect Core
            1.0 [OpenID.Core]. Other authentication methods MAY be defined by
            extensions. If omitted, the default is client_secret_basic -- the
            HTTP Basic Authentication Scheme specified in Section 2.3.1 of OAuth
            2.0 [RFC6749].
          minItems: 0
          items:
            type: string
            maxLength: 60
        token_endpoint_auth_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS signing algorithms (alg
            values) supported by the Token Endpoint for the signature on the JWT
            [JWT] used to authenticate the Client at the Token Endpoint for the
            private_key_jwt and client_secret_jwt authentication methods.
            Servers SHOULD support RS256. The value none MUST NOT be used.
          minItems: 0
          items:
            type: string
            maxLength: 10
        ui_locales_supported:
          type: array
          description: >-
            Languages and scripts supported for the user interface, represented
            as a JSON array of BCP47 [RFC5646] language tag values.
          minItems: 0
          items:
            type: string
            maxLength: 50
        userinfo_encryption_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE [JWE] encryption algorithms
            (alg values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 10
        userinfo_encryption_enc_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWE encryption algorithms (enc
            values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT].
          minItems: 0
          items:
            type: string
            maxLength: 26
        userinfo_endpoint:
          type: string
          description: >-
            Optional URL of the identity provider's UserInfo endpoint. When
            configured with attribute mapping, Auth0 calls this endpoint to
            retrieve additional user profile claims using the access token.
          minLength: 8
          maxLength: 255
          format: uri
        userinfo_signing_alg_values_supported:
          type: array
          description: >-
            JSON array containing a list of the JWS [JWS] signing algorithms
            (alg values) [JWA] supported by the UserInfo Endpoint to encode the
            Claims in a JWT [JWT]. The value none MAY be included.
          minItems: 0
          items:
            type: string
            maxLength: 10
    EventStreamCloudEventConnectionUpdatedObject1OptionsSchemaVersionEnum:
      type: string
      description: The internal schema version of the connection options.
      enum:
        - openid-1.0.0
        - oidc-v4
    EventStreamCloudEventConnectionUpdatedObject1OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionUpdatedObject1OptionsTokenEndpointAuthMethodEnum:
      type: string
      description: >-
        Authentication method used at the identity provider's token endpoint.
        'client_secret_post' sends credentials in the request body;
        'private_key_jwt' uses a signed JWT assertion for enhanced security.
        Applicable when strategy=oidc or okta.
      enum:
        - client_secret_post
        - private_key_jwt
    EventStreamCloudEventConnectionUpdatedObject1OptionsTokenEndpointAuthSigningAlgEnum:
      type: string
      description: >-
        Algorithm used to sign client_assertions. Applicable when strategy=oidc
        or okta.
      enum:
        - ES256
        - ES384
        - PS256
        - PS384
        - RS256
        - RS384
        - RS512
    EventStreamCloudEventConnectionUpdatedObject1OptionsTokenEndpointJwtcaAudFormatEnum:
      type: string
      description: >-
        Specifies the format of the aud (audience) claim included in the JWT
        used for client authentication at the token endpoint. Accepted values
        are: 'issuer' (the aud claim is set to the OIDC issuer URL) or
        'token_endpoint' (the aud claim is set to the token endpoint URL).
      enum:
        - issuer
        - token_endpoint
    EventStreamCloudEventConnectionUpdatedObject1OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject1OptionsAttributeMap:
      type: object
      description: Mapping of claims received from the identity provider (IdP)
      additionalProperties: false
      properties:
        attributes:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsAttributeMapAttributes
        userinfo_scope:
          type: string
          description: Scopes to send to the IdP's Userinfo endpoint
          minLength: 0
          maxLength: 255
        mapping_mode:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject1OptionsAttributeMapMappingModeEnum
    EventStreamCloudEventConnectionUpdatedObject1OptionsTypeEnum:
      type: string
      description: Connection type
      enum:
        - back_channel
    EventStreamCloudEventConnectionUpdatedObject2OptionsAssertionDecryptionSettings:
      type: object
      description: Settings for SAML assertion decryption.
      additionalProperties: false
      required:
        - algorithm_profile
      properties:
        algorithm_exceptions:
          type: array
          description: >-
            A list of insecure algorithms to allow for SAML assertion
            decryption.
          items:
            type: string
            minLength: 1
            maxLength: 100
        algorithm_profile:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2OptionsAssertionDecryptionSettingsAlgorithmProfileEnum
    EventStreamCloudEventConnectionUpdatedObject2OptionsDigestAlgorithmEnum:
      type: string
      description: >-
        Algorithm used for computing digest values when signing SAML requests
        and logout requests. Defaults to 'sha256'.
      enum:
        - sha1
        - sha256
    EventStreamCloudEventConnectionUpdatedObject2OptionsIdpinitiated:
      type: object
      description: >-
        Configuration for IdP-Initiated SAML Single Sign-On. When enabled,
        allows users to initiate login directly from their SAML identity
        provider without first visiting Auth0. The IdP must include the
        connection parameter in the post-back URL (Assertion Consumer Service
        URL).
      additionalProperties: false
      properties:
        client_authorizequery:
          description: The query string sent to the default application
          type: string
          minLength: 1
          maxLength: 2048
        client_id:
          description: The client ID to use for IdP-initiated login requests.
          type: string
          minLength: 1
          maxLength: 256
        client_protocol:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject2OptionsIdpinitiatedClientProtocolEnum
        enabled:
          description: >-
            When true, enables IdP-initiated login support for this SAML
            connection. Allows users to log in directly from the identity
            provider without first visiting Auth0.
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject2OptionsProtocolBindingEnum:
      type: string
      description: >-
        SAML protocol binding mechanism for sending authentication requests to
        the identity provider.
      enum:
        - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
        - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
    EventStreamCloudEventConnectionUpdatedObject2OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionUpdatedObject2OptionsSignatureAlgorithmEnum:
      type: string
      description: >-
        Algorithm used to sign SAML authentication requests and logout requests
        using the connection's signing key. Common values: 'rsa-sha256' (RSA
        signature with SHA-256 digest) or 'rsa-sha1'. Defaults to 'rsa-sha256'.
      enum:
        - rsa-sha1
        - rsa-sha256
    EventStreamCloudEventConnectionUpdatedObject2OptionsSubject:
      type: object
      description: >-
        Certificate Subject Distinguished Name (DN) extracted from the identity
        provider's signing certificate.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject2OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject2OptionsFieldsMap:
      type: object
      description: >-
        Maps SAML assertion attributes from the identity provider to Auth0 user
        profile attributes. Format: { 'auth0_field': 'saml_attribute' } or {
        'auth0_field': ['saml_attr1', 'saml_attr2'] } for fallback options.
        Merged with default mappings for email, name, given_name, family_name,
        and groups.
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject3OptionsAssertionDecryptionSettings:
      type: object
      description: Settings for SAML assertion decryption.
      additionalProperties: false
      required:
        - algorithm_profile
      properties:
        algorithm_exceptions:
          type: array
          description: >-
            A list of insecure algorithms to allow for SAML assertion
            decryption.
          items:
            type: string
            minLength: 1
            maxLength: 100
        algorithm_profile:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3OptionsAssertionDecryptionSettingsAlgorithmProfileEnum
    EventStreamCloudEventConnectionUpdatedObject3OptionsDigestAlgorithmEnum:
      type: string
      description: >-
        Algorithm used for computing digest values when signing SAML requests
        and logout requests. Defaults to 'sha256'.
      enum:
        - sha1
        - sha256
    EventStreamCloudEventConnectionUpdatedObject3OptionsIdpinitiated:
      type: object
      description: >-
        Configuration for IdP-Initiated SAML Single Sign-On. When enabled,
        allows users to initiate login directly from their SAML identity
        provider without first visiting Auth0. The IdP must include the
        connection parameter in the post-back URL (Assertion Consumer Service
        URL).
      additionalProperties: false
      properties:
        client_authorizequery:
          description: The query string sent to the default application
          type: string
          minLength: 1
          maxLength: 2048
        client_id:
          description: The client ID to use for IdP-initiated login requests.
          type: string
          minLength: 1
          maxLength: 256
        client_protocol:
          $ref: >-
            #/components/schemas/EventStreamCloudEventConnectionUpdatedObject3OptionsIdpinitiatedClientProtocolEnum
        enabled:
          description: >-
            When true, enables IdP-initiated login support for this SAML
            connection. Allows users to log in directly from the identity
            provider without first visiting Auth0.
          type: boolean
    EventStreamCloudEventConnectionUpdatedObject3OptionsProtocolBindingEnum:
      type: string
      description: >-
        SAML protocol binding mechanism for sending authentication requests to
        the identity provider.
      enum:
        - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
        - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
    EventStreamCloudEventConnectionUpdatedObject3OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionUpdatedObject3OptionsSignatureAlgorithmEnum:
      type: string
      description: >-
        Algorithm used to sign SAML authentication requests and logout requests
        using the connection's signing key. Common values: 'rsa-sha256' (RSA
        signature with SHA-256 digest) or 'rsa-sha1'. Defaults to 'rsa-sha256'.
      enum:
        - rsa-sha1
        - rsa-sha256
    EventStreamCloudEventConnectionUpdatedObject3OptionsSubject:
      type: object
      description: >-
        Certificate Subject Distinguished Name (DN) extracted from the identity
        provider's signing certificate.
      additionalProperties: false
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject3OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject4OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionUpdatedObject4OptionsShouldTrustEmailVerifiedConnectionEnum:
      type: string
      description: Choose how Auth0 sets the email_verified field in the user profile.
      enum:
        - never_set_emails_as_verified
        - always_set_emails_as_verified
    EventStreamCloudEventConnectionUpdatedObject4OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject5OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionUpdatedObject5OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject6OptionsFederatedConnectionsAccessTokens:
      type: object
      description: >-
        Configuration for storing identity provider tokens in Auth0's Token
        Vault. When active, Auth0 securely stores access and refresh tokens from
        federated logins, enabling your application to make authenticated API
        calls on behalf of users.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
          description: >-
            Enables refresh tokens and access tokens collection for federated
            connections
    EventStreamCloudEventConnectionUpdatedObject6OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionUpdatedObject6OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject7OptionsFederatedConnectionsAccessTokens:
      type: object
      description: >-
        Configuration for storing identity provider tokens in Auth0's Token
        Vault. When active, Auth0 securely stores access and refresh tokens from
        federated logins, enabling your application to make authenticated API
        calls on behalf of users.
      additionalProperties: false
      required:
        - active
      properties:
        active:
          type: boolean
          description: >-
            Enables refresh tokens and access tokens collection for federated
            connections
    EventStreamCloudEventConnectionUpdatedObject7OptionsIdentityApiEnum:
      type: string
      description: >-
        The Azure AD endpoint version for authentication.
        'microsoft-identity-platform-v2.0' (recommended, default) supports
        modern OAuth 2.0 features. 'azure-active-directory-v1.0' is the legacy
        endpoint with protocol limitations. Selection affects available
        features.
      enum:
        - microsoft-identity-platform-v2.0
        - azure-active-directory-v1.0
    EventStreamCloudEventConnectionUpdatedObject7OptionsSetUserRootAttributesEnum:
      type: string
      description: >-
        Controls how user profile root attributes (name, nickname, picture,
        etc.) are synchronized from the identity provider. 'on_each_login':
        updates on every authentication (default); 'on_first_login': sets
        attributes only during initial login, allowing independent updates
        afterward; 'never_on_login': never syncs from IdP, preserving
        locally-set values.
      enum:
        - on_each_login
        - on_first_login
        - never_on_login
    EventStreamCloudEventConnectionUpdatedObject7OptionsShouldTrustEmailVerifiedConnectionEnum:
      type: string
      description: Choose how Auth0 sets the email_verified field in the user profile.
      enum:
        - never_set_emails_as_verified
        - always_set_emails_as_verified
    EventStreamCloudEventConnectionUpdatedObject7OptionsTenantDomain:
      description: >-
        The Azure AD tenant domain or tenant ID (UUID). Auto-populated from the
        'domain' field. Can be either a hostname (e.g.,
        'contoso.onmicrosoft.com') or a UUID tenant ID.
      anyOf:
        - type: string
          description: Azure AD tenant domain as a hostname (e.g. contoso.onmicrosoft.com).
          minLength: 0
          maxLength: 512
          format: hostname
        - type: string
          description: Azure AD tenant domain as a UUID tenant ID.
          format: uuid
    EventStreamCloudEventConnectionUpdatedObject7OptionsUpstreamParams:
      type: object
      description: >-
        Additional parameters to include in authorization requests sent to the
        identity provider. Useful for passing custom claims, selecting specific
        identity sources, or configuring provider-specific behavior. See
        https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject7OptionsUseridAttributeEnum:
      type: string
      description: >-
        The Azure AD claim to use as the unique user identifier. 'oid' (Object
        ID) is recommended for single-tenant connections and required for SCIM.
        'sub' (Subject) is required for multi-tenant/common endpoint. Only
        applies with OpenID Connect protocol.
      enum:
        - oid
        - sub
    EventStreamCloudEventConnectionUpdatedObject7OptionsWaadProtocolEnum:
      type: string
      description: >-
        The authentication protocol for Azure AD v1 endpoints. 'openid-connect'
        (default, recommended) uses modern OAuth 2.0/OIDC. 'ws-federation' is a
        legacy SAML-based protocol for older integrations. Only available with
        Azure AD v1 API.
      enum:
        - ws-federation
        - openid-connect
    EventStreamCloudEventGroupMemberAddedObjectGroup0TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - connection
    EventStreamCloudEventGroupMemberAddedObjectGroup1TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - organization
    EventStreamCloudEventGroupMemberAddedObjectGroup2TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - tenant
    EventStreamCloudEventGroupMemberAddedObjectMember0MemberTypeEnum:
      type: string
      description: Type discriminator for user members
      enum:
        - user
    EventStreamCloudEventGroupMemberAddedObjectMember1MemberTypeEnum:
      type: string
      description: Type discriminator for connection members
      enum:
        - connection
    EventStreamCloudEventGroupMemberDeletedObjectGroup0TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - connection
    EventStreamCloudEventGroupMemberDeletedObjectGroup1TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - organization
    EventStreamCloudEventGroupMemberDeletedObjectGroup2TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - tenant
    EventStreamCloudEventGroupMemberDeletedObjectMember0MemberTypeEnum:
      type: string
      description: Type discriminator for user members
      enum:
        - user
    EventStreamCloudEventGroupMemberDeletedObjectMember1MemberTypeEnum:
      type: string
      description: Type discriminator for connection members
      enum:
        - connection
    EventStreamCloudEventGroupRoleAssignedObjectGroup0TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - connection
    EventStreamCloudEventGroupRoleAssignedObjectGroup1TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - organization
    EventStreamCloudEventGroupRoleAssignedObjectGroup2TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - tenant
    EventStreamCloudEventGroupRoleDeletedObjectGroup0TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - connection
    EventStreamCloudEventGroupRoleDeletedObjectGroup1TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - organization
    EventStreamCloudEventGroupRoleDeletedObjectGroup2TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - tenant
    EventStreamCloudEventOrgGroupRoleAssignedObjectGroup0TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - connection
    EventStreamCloudEventOrgGroupRoleAssignedObjectGroup1TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - organization
    EventStreamCloudEventOrgGroupRoleAssignedObjectGroup2TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - tenant
    EventStreamCloudEventOrgGroupRoleDeletedObjectGroup0TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - connection
    EventStreamCloudEventOrgGroupRoleDeletedObjectGroup1TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - organization
    EventStreamCloudEventOrgGroupRoleDeletedObjectGroup2TypeEnum:
      type: string
      description: The type of the group.
      enum:
        - tenant
    EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomProviderEnum:
      type: string
      description: List of custom identity providers.
      enum:
        - custom
    EventStreamCloudEventUserCreatedObjectIdentitiesItemCustomIsSocialEnum:
      type: boolean
      enum:
        - false
    EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseProviderEnum:
      type: string
      description: List of database identity providers.
      enum:
        - auth0
    EventStreamCloudEventUserCreatedObjectIdentitiesItemDatabaseIsSocialEnum:
      type: boolean
      enum:
        - false
    EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseProviderEnum:
      type: string
      description: List of enterprise identity providers.
      enum:
        - ad
        - adfs
        - google-apps
        - ip
        - office365
        - oidc
        - okta
        - pingfederate
        - samlp
        - sharepoint
        - waad
    EventStreamCloudEventUserCreatedObjectIdentitiesItemEnterpriseIsSocialEnum:
      type: boolean
      enum:
        - false
    EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessProviderEnum:
      type: string
      description: List of passwordless identity providers.
      enum:
        - email
        - sms
    EventStreamCloudEventUserCreatedObjectIdentitiesItemPasswordlessIsSocialEnum:
      type: boolean
      enum:
        - false
    EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialProviderEnum:
      type: string
      description: List of social identity providers.
      enum:
        - amazon
        - apple
        - dropbox
        - bitbucket
        - auth0-oidc
        - baidu
        - bitly
        - box
        - daccount
        - dwolla
        - evernote-sandbox
        - evernote
        - exact
        - facebook
        - fitbit
        - github
        - google-oauth2
        - instagram
        - line
        - linkedin
        - oauth1
        - oauth2
        - paypal
        - paypal-sandbox
        - planningcenter
        - salesforce-community
        - salesforce-sandbox
        - salesforce
        - shopify
        - soundcloud
        - thirtysevensignals
        - twitter
        - untapped
        - vkontakte
        - weibo
        - windowslive
        - wordpress
        - yahoo
        - yandex
    EventStreamCloudEventUserCreatedObjectIdentitiesItemSocialIsSocialEnum:
      type: boolean
      enum:
        - true
    EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomProviderEnum:
      type: string
      description: List of custom identity providers.
      enum:
        - custom
    EventStreamCloudEventUserDeletedObjectIdentitiesItemCustomIsSocialEnum:
      type: boolean
      enum:
        - false
    EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseProviderEnum:
      type: string
      description: List of database identity providers.
      enum:
        - auth0
    EventStreamCloudEventUserDeletedObjectIdentitiesItemDatabaseIsSocialEnum:
      type: boolean
      enum:
        - false
    EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseProviderEnum:
      type: string
      description: List of enterprise identity providers.
      enum:
        - ad
        - adfs
        - google-apps
        - ip
        - office365
        - oidc
        - okta
        - pingfederate
        - samlp
        - sharepoint
        - waad
    EventStreamCloudEventUserDeletedObjectIdentitiesItemEnterpriseIsSocialEnum:
      type: boolean
      enum:
        - false
    EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessProviderEnum:
      type: string
      description: List of passwordless identity providers.
      enum:
        - email
        - sms
    EventStreamCloudEventUserDeletedObjectIdentitiesItemPasswordlessIsSocialEnum:
      type: boolean
      enum:
        - false
    EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialProviderEnum:
      type: string
      description: List of social identity providers.
      enum:
        - amazon
        - apple
        - dropbox
        - bitbucket
        - auth0-oidc
        - baidu
        - bitly
        - box
        - daccount
        - dwolla
        - evernote-sandbox
        - evernote
        - exact
        - facebook
        - fitbit
        - github
        - google-oauth2
        - instagram
        - line
        - linkedin
        - oauth1
        - oauth2
        - paypal
        - paypal-sandbox
        - planningcenter
        - salesforce-community
        - salesforce-sandbox
        - salesforce
        - shopify
        - soundcloud
        - thirtysevensignals
        - twitter
        - untapped
        - vkontakte
        - weibo
        - windowslive
        - wordpress
        - yahoo
        - yandex
    EventStreamCloudEventUserDeletedObjectIdentitiesItemSocialIsSocialEnum:
      type: boolean
      enum:
        - true
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomProviderEnum:
      type: string
      description: List of custom identity providers.
      enum:
        - custom
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemCustomIsSocialEnum:
      type: boolean
      enum:
        - false
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseProviderEnum:
      type: string
      description: List of database identity providers.
      enum:
        - auth0
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemDatabaseIsSocialEnum:
      type: boolean
      enum:
        - false
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseProviderEnum:
      type: string
      description: List of enterprise identity providers.
      enum:
        - ad
        - adfs
        - google-apps
        - ip
        - office365
        - oidc
        - okta
        - pingfederate
        - samlp
        - sharepoint
        - waad
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemEnterpriseIsSocialEnum:
      type: boolean
      enum:
        - false
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessProviderEnum:
      type: string
      description: List of passwordless identity providers.
      enum:
        - email
        - sms
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemPasswordlessIsSocialEnum:
      type: boolean
      enum:
        - false
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialUserId:
      description: The IDP-specific identifer for the user.
      anyOf:
        - type: string
        - type: integer
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialProfileData:
      type: object
      description: Profile data for the user.
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
          format: email
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
          minLength: 1
          maxLength: 300
        username:
          type: string
          description: Username of this user.
          minLength: 1
          maxLength: 128
          pattern: ^[a-zA-Z0-9_+\-.!#\$\^`~@']*$
        given_name:
          type: string
          description: Given name/first name/forename of this user.
          minLength: 1
          maxLength: 150
        family_name:
          type: string
          description: Family name/last name/surname of this user.
          minLength: 1
          maxLength: 150
        phone_number:
          type: string
          description: Phone number of this user.
          pattern: ^\+[0-9]{1,15}$
        phone_verified:
          type: boolean
          description: Whether this phone number has been verified (true) or not (false).
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialProviderEnum:
      type: string
      description: List of social identity providers.
      enum:
        - amazon
        - apple
        - dropbox
        - bitbucket
        - auth0-oidc
        - baidu
        - bitly
        - box
        - daccount
        - dwolla
        - evernote-sandbox
        - evernote
        - exact
        - facebook
        - fitbit
        - github
        - google-oauth2
        - instagram
        - line
        - linkedin
        - oauth1
        - oauth2
        - paypal
        - paypal-sandbox
        - planningcenter
        - salesforce-community
        - salesforce-sandbox
        - salesforce
        - shopify
        - soundcloud
        - thirtysevensignals
        - twitter
        - untapped
        - vkontakte
        - weibo
        - windowslive
        - wordpress
        - yahoo
        - yandex
    EventStreamCloudEventUserUpdatedObjectIdentitiesItemSocialIsSocialEnum:
      type: boolean
      enum:
        - true
    EventStreamCloudEventConnectionCreatedObject0OptionsConnectionSettingsPkceEnum:
      type: string
      description: PKCE configuration.
      enum:
        - auto
        - S256
        - plain
        - disabled
    EventStreamCloudEventConnectionCreatedObject0OptionsAttributeMapAttributes:
      type: object
      description: Object containing mapping details for incoming claims
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionCreatedObject0OptionsAttributeMapMappingModeEnum:
      type: string
      description: Method used to map incoming claims when strategy=oidc.
      enum:
        - bind_all
        - use_map
    EventStreamCloudEventConnectionCreatedObject1OptionsConnectionSettingsPkceEnum:
      type: string
      description: PKCE configuration.
      enum:
        - auto
        - S256
        - plain
        - disabled
    EventStreamCloudEventConnectionCreatedObject1OptionsAttributeMapAttributes:
      type: object
      description: Object containing mapping details for incoming claims
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionCreatedObject1OptionsAttributeMapMappingModeEnum:
      type: string
      description: Method used to map incoming claims when strategy=okta.
      enum:
        - basic_profile
        - use_map
    EventStreamCloudEventConnectionCreatedObject2OptionsAssertionDecryptionSettingsAlgorithmProfileEnum:
      type: string
      description: The algorithm profile to use for decrypting SAML assertions.
      enum:
        - v2026-1
    EventStreamCloudEventConnectionCreatedObject2OptionsIdpinitiatedClientProtocolEnum:
      type: string
      description: The response protocol used to communicate with the default application.
      enum:
        - oidc
        - samlp
        - wsfed
    EventStreamCloudEventConnectionCreatedObject3OptionsAssertionDecryptionSettingsAlgorithmProfileEnum:
      type: string
      description: The algorithm profile to use for decrypting SAML assertions.
      enum:
        - v2026-1
    EventStreamCloudEventConnectionCreatedObject3OptionsIdpinitiatedClientProtocolEnum:
      type: string
      description: The response protocol used to communicate with the default application.
      enum:
        - oidc
        - samlp
        - wsfed
    EventStreamCloudEventConnectionDeletedObject0OptionsConnectionSettingsPkceEnum:
      type: string
      description: PKCE configuration.
      enum:
        - auto
        - S256
        - plain
        - disabled
    EventStreamCloudEventConnectionDeletedObject0OptionsAttributeMapAttributes:
      type: object
      description: Object containing mapping details for incoming claims
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionDeletedObject0OptionsAttributeMapMappingModeEnum:
      type: string
      description: Method used to map incoming claims when strategy=oidc.
      enum:
        - bind_all
        - use_map
    EventStreamCloudEventConnectionDeletedObject1OptionsConnectionSettingsPkceEnum:
      type: string
      description: PKCE configuration.
      enum:
        - auto
        - S256
        - plain
        - disabled
    EventStreamCloudEventConnectionDeletedObject1OptionsAttributeMapAttributes:
      type: object
      description: Object containing mapping details for incoming claims
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionDeletedObject1OptionsAttributeMapMappingModeEnum:
      type: string
      description: Method used to map incoming claims when strategy=okta.
      enum:
        - basic_profile
        - use_map
    EventStreamCloudEventConnectionDeletedObject2OptionsAssertionDecryptionSettingsAlgorithmProfileEnum:
      type: string
      description: The algorithm profile to use for decrypting SAML assertions.
      enum:
        - v2026-1
    EventStreamCloudEventConnectionDeletedObject2OptionsIdpinitiatedClientProtocolEnum:
      type: string
      description: The response protocol used to communicate with the default application.
      enum:
        - oidc
        - samlp
        - wsfed
    EventStreamCloudEventConnectionDeletedObject3OptionsAssertionDecryptionSettingsAlgorithmProfileEnum:
      type: string
      description: The algorithm profile to use for decrypting SAML assertions.
      enum:
        - v2026-1
    EventStreamCloudEventConnectionDeletedObject3OptionsIdpinitiatedClientProtocolEnum:
      type: string
      description: The response protocol used to communicate with the default application.
      enum:
        - oidc
        - samlp
        - wsfed
    EventStreamCloudEventConnectionUpdatedObject0OptionsConnectionSettingsPkceEnum:
      type: string
      description: PKCE configuration.
      enum:
        - auto
        - S256
        - plain
        - disabled
    EventStreamCloudEventConnectionUpdatedObject0OptionsAttributeMapAttributes:
      type: object
      description: Object containing mapping details for incoming claims
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject0OptionsAttributeMapMappingModeEnum:
      type: string
      description: Method used to map incoming claims when strategy=oidc.
      enum:
        - bind_all
        - use_map
    EventStreamCloudEventConnectionUpdatedObject1OptionsConnectionSettingsPkceEnum:
      type: string
      description: PKCE configuration.
      enum:
        - auto
        - S256
        - plain
        - disabled
    EventStreamCloudEventConnectionUpdatedObject1OptionsAttributeMapAttributes:
      type: object
      description: Object containing mapping details for incoming claims
      additionalProperties: true
      properties: {}
    EventStreamCloudEventConnectionUpdatedObject1OptionsAttributeMapMappingModeEnum:
      type: string
      description: Method used to map incoming claims when strategy=okta.
      enum:
        - basic_profile
        - use_map
    EventStreamCloudEventConnectionUpdatedObject2OptionsAssertionDecryptionSettingsAlgorithmProfileEnum:
      type: string
      description: The algorithm profile to use for decrypting SAML assertions.
      enum:
        - v2026-1
    EventStreamCloudEventConnectionUpdatedObject2OptionsIdpinitiatedClientProtocolEnum:
      type: string
      description: The response protocol used to communicate with the default application.
      enum:
        - oidc
        - samlp
        - wsfed
    EventStreamCloudEventConnectionUpdatedObject3OptionsAssertionDecryptionSettingsAlgorithmProfileEnum:
      type: string
      description: The algorithm profile to use for decrypting SAML assertions.
      enum:
        - v2026-1
    EventStreamCloudEventConnectionUpdatedObject3OptionsIdpinitiatedClientProtocolEnum:
      type: string
      description: The response protocol used to communicate with the default application.
      enum:
        - oidc
        - samlp
        - wsfed
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: jwt
    oAuth2ClientCredentials:
      type: oauth2
      flows:
        clientCredentials:
          tokenUrl: /oauth/token/
          x-form-parameters:
            audience: /api/v2/
          scopes:
            create:actions: Create Actions
            read:actions: Read Actions
            update:actions: Update Actions
            delete:actions: Delete Actions
            read:anomaly_blocks: Read Anomaly Blocks
            delete:anomaly_blocks: Delete Anomaly Blocks
            read:attack_protection: Read Attack Protection
            update:attack_protection: Update Attack Protection
            create:authentication_methods: Create Authentication Methods
            read:authentication_methods: Read Authentication Methods
            update:authentication_methods: Update Authentication Methods
            delete:authentication_methods: Delete Authentication Methods
            read:branding: Read Branding
            update:branding: Update Branding
            delete:branding: Delete Branding
            create:client_credentials: Create Client Credentials
            read:client_credentials: Read Client Credentials
            update:client_credentials: Update Client Credentials
            delete:client_credentials: Delete Client Credentials
            create:client_grants: Create Client Grants
            read:client_grants: Read Client Grants
            update:client_grants: Update Client Grants
            delete:client_grants: Delete Client Grants
            read:client_keys: Read Client Keys
            update:client_keys: Update Client Keys
            read:client_summary: Read Client Summary
            update:client_token_vault_privileged_access: Update Client Token Vault Privileged Access
            create:clients: Create Clients
            read:clients: Read Clients
            update:clients: Update Clients
            delete:clients: Delete Clients
            create:connection_profiles: Create Connection Profiles
            read:connection_profiles: Read Connection Profiles
            update:connection_profiles: Update Connection Profiles
            delete:connection_profiles: Delete Connection Profiles
            create:connections: Create Connections
            read:connections: Read Connections
            update:connections: Update Connections
            delete:connections: Delete Connections
            create:connections_keys: Create Connections Keys
            read:connections_keys: Read Connections Keys
            update:connections_keys: Update Connections Keys
            read:current_user: Read Current User
            delete:current_user: Delete Current User
            create:current_user_device_credentials: Create Current User Device Credentials
            delete:current_user_device_credentials: Delete Current User Device Credentials
            update:current_user_identities: Update Current User Identities
            update:current_user_metadata: Update Current User Metadata
            create:custom_domains: Create Custom Domains
            read:custom_domains: Read Custom Domains
            update:custom_domains: Update Custom Domains
            delete:custom_domains: Delete Custom Domains
            create:custom_signing_keys: Create Custom Signing Keys
            read:custom_signing_keys: Read Custom Signing Keys
            update:custom_signing_keys: Update Custom Signing Keys
            delete:custom_signing_keys: Delete Custom Signing Keys
            read:device_credentials: Read Device Credentials
            delete:device_credentials: Delete Device Credentials
            create:directory_provisionings: Create Directory Provisionings
            read:directory_provisionings: Read Directory Provisionings
            update:directory_provisionings: Update Directory Provisionings
            delete:directory_provisionings: Delete Directory Provisionings
            create:email_provider: Create Email Provider
            read:email_provider: Read Email Provider
            update:email_provider: Update Email Provider
            delete:email_provider: Delete Email Provider
            create:email_templates: Create Email Templates
            read:email_templates: Read Email Templates
            update:email_templates: Update Email Templates
            create:encryption_keys: Create Encryption Keys
            read:encryption_keys: Read Encryption Keys
            update:encryption_keys: Update Encryption Keys
            delete:encryption_keys: Delete Encryption Keys
            read:event_deliveries: Read Event Deliveries
            update:event_deliveries: Update Event Deliveries
            create:event_streams: Create Event Streams
            read:event_streams: Read Event Streams
            update:event_streams: Update Event Streams
            delete:event_streams: Delete Event Streams
            read:events: Read Events
            create:experimentation: Create Experimentation
            read:experimentation: Read Experimentation
            update:experimentation: Update Experimentation
            delete:experimentation: Delete Experimentation
            read:federated_connections_tokens: Read Federated Connections Tokens
            delete:federated_connections_tokens: Delete Federated Connections Tokens
            create:flows: Create Flows
            read:flows: Read Flows
            update:flows: Update Flows
            delete:flows: Delete Flows
            read:flows_executions: Read Flows Executions
            delete:flows_executions: Delete Flows Executions
            create:flows_vault_connections: Create Flows Vault Connections
            read:flows_vault_connections: Read Flows Vault Connections
            update:flows_vault_connections: Update Flows Vault Connections
            delete:flows_vault_connections: Delete Flows Vault Connections
            create:forms: Create Forms
            read:forms: Read Forms
            update:forms: Update Forms
            delete:forms: Delete Forms
            read:grants: Read Grants
            delete:grants: Delete Grants
            read:group_members: Read Group Members
            create:group_roles: Create Group Roles
            read:group_roles: Read Group Roles
            delete:group_roles: Delete Group Roles
            read:groups: Read Groups
            delete:groups: Delete Groups
            create:guardian_enrollment_tickets: Create Guardian Enrollment Tickets
            read:guardian_enrollments: Read Guardian Enrollments
            delete:guardian_enrollments: Delete Guardian Enrollments
            read:guardian_factors: Read Guardian Factors
            update:guardian_factors: Update Guardian Factors
            create:hooks: Create Hooks
            read:hooks: Read Hooks
            update:hooks: Update Hooks
            delete:hooks: Delete Hooks
            create:log_streams: Create Log Streams
            read:log_streams: Read Log Streams
            update:log_streams: Update Log Streams
            delete:log_streams: Delete Log Streams
            read:logs: Read Logs
            read:logs_users: Read Logs Users
            read:mfa_policies: Read Mfa Policies
            update:mfa_policies: Update Mfa Policies
            create:network_acls: Create Network Acls
            read:network_acls: Read Network Acls
            update:network_acls: Update Network Acls
            delete:network_acls: Delete Network Acls
            create:organization_client_grants: Create Organization Client Grants
            read:organization_client_grants: Read Organization Client Grants
            delete:organization_client_grants: Delete Organization Client Grants
            create:organization_connections: Create Organization Connections
            read:organization_connections: Read Organization Connections
            update:organization_connections: Update Organization Connections
            delete:organization_connections: Delete Organization Connections
            create:organization_discovery_domains: Create Organization Discovery Domains
            read:organization_discovery_domains: Read Organization Discovery Domains
            update:organization_discovery_domains: Update Organization Discovery Domains
            delete:organization_discovery_domains: Delete Organization Discovery Domains
            create:organization_group_roles: Create Organization Group Roles
            read:organization_group_roles: Read Organization Group Roles
            delete:organization_group_roles: Delete Organization Group Roles
            read:organization_groups: Read Organization Groups
            create:organization_invitations: Create Organization Invitations
            read:organization_invitations: Read Organization Invitations
            delete:organization_invitations: Delete Organization Invitations
            read:organization_member_effective_roles: Read Organization Member Effective Roles
            read:organization_member_role_source_groups: Read Organization Member Role Source Groups
            create:organization_member_roles: Create Organization Member Roles
            read:organization_member_roles: Read Organization Member Roles
            delete:organization_member_roles: Delete Organization Member Roles
            create:organization_members: Create Organization Members
            read:organization_members: Read Organization Members
            delete:organization_members: Delete Organization Members
            create:organizations: Create Organizations
            read:organizations: Read Organizations
            update:organizations: Update Organizations
            delete:organizations: Delete Organizations
            read:organizations_summary: Read Organizations Summary
            create:phone_providers: Create Phone Providers
            read:phone_providers: Read Phone Providers
            update:phone_providers: Update Phone Providers
            delete:phone_providers: Delete Phone Providers
            create:phone_templates: Create Phone Templates
            read:phone_templates: Read Phone Templates
            update:phone_templates: Update Phone Templates
            delete:phone_templates: Delete Phone Templates
            read:prompts: Read Prompts
            update:prompts: Update Prompts
            create:rate_limit_policies: Create Rate Limit Policies
            read:rate_limit_policies: Read Rate Limit Policies
            update:rate_limit_policies: Update Rate Limit Policies
            delete:rate_limit_policies: Delete Rate Limit Policies
            read:refresh_tokens: Read Refresh Tokens
            update:refresh_tokens: Update Refresh Tokens
            delete:refresh_tokens: Delete Refresh Tokens
            create:resource_servers: Create Resource Servers
            read:resource_servers: Read Resource Servers
            update:resource_servers: Update Resource Servers
            delete:resource_servers: Delete Resource Servers
            create:role_members: Create Role Members
            read:role_members: Read Role Members
            delete:role_members: Delete Role Members
            create:roles: Create Roles
            read:roles: Read Roles
            update:roles: Update Roles
            delete:roles: Delete Roles
            create:rules: Create Rules
            read:rules: Read Rules
            update:rules: Update Rules
            delete:rules: Delete Rules
            read:rules_configs: Read Rules Configs
            update:rules_configs: Update Rules Configs
            delete:rules_configs: Delete Rules Configs
            create:scim_config: Create Scim Config
            read:scim_config: Read Scim Config
            update:scim_config: Update Scim Config
            delete:scim_config: Delete Scim Config
            create:scim_token: Create Scim Token
            read:scim_token: Read Scim Token
            delete:scim_token: Delete Scim Token
            read:self_service_profile_custom_texts: Read Self Service Profile Custom Texts
            update:self_service_profile_custom_texts: Update Self Service Profile Custom Texts
            create:self_service_profiles: Create Self Service Profiles
            read:self_service_profiles: Read Self Service Profiles
            update:self_service_profiles: Update Self Service Profiles
            delete:self_service_profiles: Delete Self Service Profiles
            read:sessions: Read Sessions
            update:sessions: Update Sessions
            delete:sessions: Delete Sessions
            create:signing_keys: Create Signing Keys
            read:signing_keys: Read Signing Keys
            update:signing_keys: Update Signing Keys
            create:sso_access_tickets: Create Sso Access Tickets
            delete:sso_access_tickets: Delete Sso Access Tickets
            read:stats: Read Stats
            read:tenant_settings: Read Tenant Settings
            update:tenant_settings: Update Tenant Settings
            create:token_exchange_profiles: Create Token Exchange Profiles
            read:token_exchange_profiles: Read Token Exchange Profiles
            update:token_exchange_profiles: Update Token Exchange Profiles
            delete:token_exchange_profiles: Delete Token Exchange Profiles
            create:user_attribute_profiles: Create User Attribute Profiles
            read:user_attribute_profiles: Read User Attribute Profiles
            update:user_attribute_profiles: Update User Attribute Profiles
            delete:user_attribute_profiles: Delete User Attribute Profiles
            read:user_effective_permissions: Read User Effective Permissions
            read:user_effective_roles: Read User Effective Roles
            read:user_idp_tokens: Read User Idp Tokens
            read:user_permission_source_roles: Read User Permission Source Roles
            read:user_role_source_groups: Read User Role Source Groups
            create:user_tickets: Create User Tickets
            create:users: Create Users
            read:users: Read Users
            update:users: Update Users
            delete:users: Delete Users
            update:users_app_metadata: Update Users App Metadata
            create:vdcs_templates: Create Vdcs Templates
            read:vdcs_templates: Read Vdcs Templates
            update:vdcs_templates: Update Vdcs Templates
            delete:vdcs_templates: Delete Vdcs Templates

````