Update API Client

#### What's Changed
---

##### `GET` /providers/oauth2/{id}/

###### Return Type:

Changed response : **200 OK**

* Changed content type : `application/json`

    * Added property `encryption_key` (string)
        > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

    * Changed property `signing_key` (string)
        > Key used to sign the tokens.

##### `PUT` /providers/oauth2/{id}/

###### Request:

Changed content type : `application/json`

* Added property `encryption_key` (string)
    > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

* Changed property `signing_key` (string)
    > Key used to sign the tokens.

###### Return Type:

Changed response : **200 OK**

* Changed content type : `application/json`

    * Added property `encryption_key` (string)
        > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

    * Changed property `signing_key` (string)
        > Key used to sign the tokens.

##### `PATCH` /providers/oauth2/{id}/

###### Request:

Changed content type : `application/json`

* Added property `encryption_key` (string)
    > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

* Changed property `signing_key` (string)
    > Key used to sign the tokens.

###### Return Type:

Changed response : **200 OK**

* Changed content type : `application/json`

    * Added property `encryption_key` (string)
        > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

    * Changed property `signing_key` (string)
        > Key used to sign the tokens.

##### `POST` /providers/oauth2/

###### Request:

Changed content type : `application/json`

* Added property `encryption_key` (string)
    > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

* Changed property `signing_key` (string)
    > Key used to sign the tokens.

###### Return Type:

Changed response : **201 Created**

* Changed content type : `application/json`

    * Added property `encryption_key` (string)
        > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

    * Changed property `signing_key` (string)
        > Key used to sign the tokens.

##### `GET` /providers/oauth2/

###### Return Type:

Changed response : **200 OK**

* Changed content type : `application/json`

    * Changed property `results` (array)

        Changed items (object):
            > OAuth2Provider Serializer

        * Added property `encryption_key` (string)
            > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

        * Changed property `signing_key` (string)
            > Key used to sign the tokens.

##### `GET` /oauth2/access_tokens/{id}/

###### Return Type:

Changed response : **200 OK**

* Changed content type : `application/json`

    * Changed property `provider` (object)
        > OAuth2Provider Serializer

        * Added property `encryption_key` (string)
            > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

        * Changed property `signing_key` (string)
            > Key used to sign the tokens.

##### `GET` /oauth2/authorization_codes/{id}/

###### Return Type:

Changed response : **200 OK**

* Changed content type : `application/json`

    * Changed property `provider` (object)
        > OAuth2Provider Serializer

        * Added property `encryption_key` (string)
            > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

        * Changed property `signing_key` (string)
            > Key used to sign the tokens.

##### `GET` /oauth2/refresh_tokens/{id}/

###### Return Type:

Changed response : **200 OK**

* Changed content type : `application/json`

    * Changed property `provider` (object)
        > OAuth2Provider Serializer

        * Added property `encryption_key` (string)
            > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

        * Changed property `signing_key` (string)
            > Key used to sign the tokens.

##### `PUT` /core/transactional/applications/

###### Request:

Changed content type : `application/json`

* Changed property `provider` (object)

    Updated `authentik_providers_oauth2.oauth2provider` provider_model:
    * Added property `encryption_key` (string)
        > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

    * Changed property `signing_key` (string)
        > Key used to sign the tokens.

##### `GET` /oauth2/access_tokens/

###### Return Type:

Changed response : **200 OK**

* Changed content type : `application/json`

    * Changed property `results` (array)

        Changed items (object):
            > Serializer for BaseGrantModel and RefreshToken

        * Changed property `provider` (object)
            > OAuth2Provider Serializer

            * Added property `encryption_key` (string)
                > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

            * Changed property `signing_key` (string)
                > Key used to sign the tokens.

##### `GET` /oauth2/authorization_codes/

###### Return Type:

Changed response : **200 OK**

* Changed content type : `application/json`

    * Changed property `results` (array)

        Changed items (object):
            > Serializer for BaseGrantModel and ExpiringBaseGrant

        * Changed property `provider` (object)
            > OAuth2Provider Serializer

            * Added property `encryption_key` (string)
                > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

            * Changed property `signing_key` (string)
                > Key used to sign the tokens.

##### `GET` /oauth2/refresh_tokens/

###### Return Type:

Changed response : **200 OK**

* Changed content type : `application/json`

    * Changed property `results` (array)

        Changed items (object):
            > Serializer for BaseGrantModel and RefreshToken

        * Changed property `provider` (object)
            > OAuth2Provider Serializer

            * Added property `encryption_key` (string)
                > Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs.

            * Changed property `signing_key` (string)
                > Key used to sign the tokens.

api/openapi.yaml

@@ -44152,6 +44152,7 @@ components:
           - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
           - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
           name: name
+          encryption_key: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
           pk: 6
         scope:
         - scope
@@ -48272,6 +48273,7 @@ components:
         - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
         - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
         name: name
+        encryption_key: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
         pk: 6
       properties:
         pk:
@@ -48359,8 +48361,13 @@ components:
             \ that don't access the userinfo endpoint."
           type: boolean
         signing_key:
-          description: Key used to sign the tokens. Only required when JWT Algorithm
-            is set to RS256.
+          description: Key used to sign the tokens.
+          format: uuid
+          nullable: true
+          type: string
+        encryption_key:
+          description: "Key used to encrypt the tokens. When set, tokens will be encrypted\
+            \ and returned as JWEs."
           format: uuid
           nullable: true
           type: string
@@ -48418,6 +48425,7 @@ components:
         - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
         - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
         name: name
+        encryption_key: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
         client_secret: client_secret
         property_mappings:
         - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
@@ -48477,8 +48485,13 @@ components:
             \ that don't access the userinfo endpoint."
           type: boolean
         signing_key:
-          description: Key used to sign the tokens. Only required when JWT Algorithm
-            is set to RS256.
+          description: Key used to sign the tokens.
+          format: uuid
+          nullable: true
+          type: string
+        encryption_key:
+          description: "Key used to encrypt the tokens. When set, tokens will be encrypted\
+            \ and returned as JWEs."
           format: uuid
           nullable: true
           type: string
@@ -51043,6 +51056,7 @@ components:
             - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
             - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
             name: name
+            encryption_key: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
             pk: 6
           scope:
           - scope
@@ -51115,6 +51129,7 @@ components:
             - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
             - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
             name: name
+            encryption_key: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
             pk: 6
           scope:
           - scope
@@ -52766,6 +52781,7 @@ components:
           - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
           - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
           name: name
+          encryption_key: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
           pk: 6
         - verbose_name_plural: verbose_name_plural
           signing_key: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
@@ -52796,6 +52812,7 @@ components:
           - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
           - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
           name: name
+          encryption_key: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
           pk: 6
       properties:
         pagination:
@@ -55595,6 +55612,7 @@ components:
             - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
             - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
             name: name
+            encryption_key: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
             pk: 6
           scope:
           - scope
@@ -55669,6 +55687,7 @@ components:
             - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
             - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
             name: name
+            encryption_key: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
             pk: 6
           scope:
           - scope
@@ -59022,6 +59041,7 @@ components:
         - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
         - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
         name: name
+        encryption_key: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
         client_secret: client_secret
         property_mappings:
         - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
@@ -59081,8 +59101,13 @@ components:
             \ that don't access the userinfo endpoint."
           type: boolean
         signing_key:
-          description: Key used to sign the tokens. Only required when JWT Algorithm
-            is set to RS256.
+          description: Key used to sign the tokens.
+          format: uuid
+          nullable: true
+          type: string
+        encryption_key:
+          description: "Key used to encrypt the tokens. When set, tokens will be encrypted\
+            \ and returned as JWEs."
           format: uuid
           nullable: true
           type: string
@@ -66680,6 +66705,7 @@ components:
           - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
           - 046b6c7f-0b8a-43b9-b35d-6489e6daee91
           name: name
+          encryption_key: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
           pk: 6
         scope:
         - scope

docs/ModelRequest.md

@@ -34,7 +34,8 @@ Name | Type | Description | Notes
 **AccessTokenValidity** | Pointer to **string** | Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3). | [optional] 
 **RefreshTokenValidity** | Pointer to **string** | Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3). | [optional] 
 **IncludeClaimsInIdToken** | Pointer to **bool** | Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. | [optional] 
-**SigningKey** | Pointer to **NullableString** | Key used to sign the tokens. Only required when JWT Algorithm is set to RS256. | [optional] 
+**SigningKey** | Pointer to **NullableString** | Key used to sign the tokens. | [optional] 
+**EncryptionKey** | Pointer to **NullableString** | Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. | [optional] 
 **RedirectUris** | Pointer to **string** | Enter each URI on a new line. | [optional] 
 **SubMode** | Pointer to [**SubModeEnum**](SubModeEnum.md) | Configure what data should be used as unique User Identifier. For most cases, the default should be fine. | [optional] 
 **IssuerMode** | Pointer to [**IssuerModeEnum**](IssuerModeEnum.md) | Configure how the issuer field of the ID Token should be filled. | [optional] 
@@ -873,6 +874,41 @@ HasSigningKey returns a boolean if a field has been set.
 `func (o *ModelRequest) UnsetSigningKey()`
 
 UnsetSigningKey ensures that no value is present for SigningKey, not even an explicit nil
+### GetEncryptionKey
+
+`func (o *ModelRequest) GetEncryptionKey() string`
+
+GetEncryptionKey returns the EncryptionKey field if non-nil, zero value otherwise.
+
+### GetEncryptionKeyOk
+
+`func (o *ModelRequest) GetEncryptionKeyOk() (*string, bool)`
+
+GetEncryptionKeyOk returns a tuple with the EncryptionKey field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEncryptionKey
+
+`func (o *ModelRequest) SetEncryptionKey(v string)`
+
+SetEncryptionKey sets EncryptionKey field to given value.
+
+### HasEncryptionKey
+
+`func (o *ModelRequest) HasEncryptionKey() bool`
+
+HasEncryptionKey returns a boolean if a field has been set.
+
+### SetEncryptionKeyNil
+
+`func (o *ModelRequest) SetEncryptionKeyNil(b bool)`
+
+ SetEncryptionKeyNil sets the value for EncryptionKey to be an explicit nil
+
+### UnsetEncryptionKey
+`func (o *ModelRequest) UnsetEncryptionKey()`
+
+UnsetEncryptionKey ensures that no value is present for EncryptionKey, not even an explicit nil
 ### GetRedirectUris
 
 `func (o *ModelRequest) GetRedirectUris() string`

docs/OAuth2Provider.md

@@ -25,7 +25,8 @@ Name | Type | Description | Notes
 **AccessTokenValidity** | Pointer to **string** | Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3). | [optional] 
 **RefreshTokenValidity** | Pointer to **string** | Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3). | [optional] 
 **IncludeClaimsInIdToken** | Pointer to **bool** | Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. | [optional] 
-**SigningKey** | Pointer to **NullableString** | Key used to sign the tokens. Only required when JWT Algorithm is set to RS256. | [optional] 
+**SigningKey** | Pointer to **NullableString** | Key used to sign the tokens. | [optional] 
+**EncryptionKey** | Pointer to **NullableString** | Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. | [optional] 
 **RedirectUris** | Pointer to **string** | Enter each URI on a new line. | [optional] 
 **SubMode** | Pointer to [**SubModeEnum**](SubModeEnum.md) | Configure what data should be used as unique User Identifier. For most cases, the default should be fine. | [optional] 
 **IssuerMode** | Pointer to [**IssuerModeEnum**](IssuerModeEnum.md) | Configure how the issuer field of the ID Token should be filled. | [optional] 
@@ -560,6 +561,41 @@ HasSigningKey returns a boolean if a field has been set.
 `func (o *OAuth2Provider) UnsetSigningKey()`
 
 UnsetSigningKey ensures that no value is present for SigningKey, not even an explicit nil
+### GetEncryptionKey
+
+`func (o *OAuth2Provider) GetEncryptionKey() string`
+
+GetEncryptionKey returns the EncryptionKey field if non-nil, zero value otherwise.
+
+### GetEncryptionKeyOk
+
+`func (o *OAuth2Provider) GetEncryptionKeyOk() (*string, bool)`
+
+GetEncryptionKeyOk returns a tuple with the EncryptionKey field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEncryptionKey
+
+`func (o *OAuth2Provider) SetEncryptionKey(v string)`
+
+SetEncryptionKey sets EncryptionKey field to given value.
+
+### HasEncryptionKey
+
+`func (o *OAuth2Provider) HasEncryptionKey() bool`
+
+HasEncryptionKey returns a boolean if a field has been set.
+
+### SetEncryptionKeyNil
+
+`func (o *OAuth2Provider) SetEncryptionKeyNil(b bool)`
+
+ SetEncryptionKeyNil sets the value for EncryptionKey to be an explicit nil
+
+### UnsetEncryptionKey
+`func (o *OAuth2Provider) UnsetEncryptionKey()`
+
+UnsetEncryptionKey ensures that no value is present for EncryptionKey, not even an explicit nil
 ### GetRedirectUris
 
 `func (o *OAuth2Provider) GetRedirectUris() string`

docs/OAuth2ProviderRequest.md

@@ -16,7 +16,8 @@ Name | Type | Description | Notes
 **AccessTokenValidity** | Pointer to **string** | Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3). | [optional] 
 **RefreshTokenValidity** | Pointer to **string** | Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3). | [optional] 
 **IncludeClaimsInIdToken** | Pointer to **bool** | Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. | [optional] 
-**SigningKey** | Pointer to **NullableString** | Key used to sign the tokens. Only required when JWT Algorithm is set to RS256. | [optional] 
+**SigningKey** | Pointer to **NullableString** | Key used to sign the tokens. | [optional] 
+**EncryptionKey** | Pointer to **NullableString** | Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. | [optional] 
 **RedirectUris** | Pointer to **string** | Enter each URI on a new line. | [optional] 
 **SubMode** | Pointer to [**SubModeEnum**](SubModeEnum.md) | Configure what data should be used as unique User Identifier. For most cases, the default should be fine. | [optional] 
 **IssuerMode** | Pointer to [**IssuerModeEnum**](IssuerModeEnum.md) | Configure how the issuer field of the ID Token should be filled. | [optional] 
@@ -371,6 +372,41 @@ HasSigningKey returns a boolean if a field has been set.
 `func (o *OAuth2ProviderRequest) UnsetSigningKey()`
 
 UnsetSigningKey ensures that no value is present for SigningKey, not even an explicit nil
+### GetEncryptionKey
+
+`func (o *OAuth2ProviderRequest) GetEncryptionKey() string`
+
+GetEncryptionKey returns the EncryptionKey field if non-nil, zero value otherwise.
+
+### GetEncryptionKeyOk
+
+`func (o *OAuth2ProviderRequest) GetEncryptionKeyOk() (*string, bool)`
+
+GetEncryptionKeyOk returns a tuple with the EncryptionKey field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEncryptionKey
+
+`func (o *OAuth2ProviderRequest) SetEncryptionKey(v string)`
+
+SetEncryptionKey sets EncryptionKey field to given value.
+
+### HasEncryptionKey
+
+`func (o *OAuth2ProviderRequest) HasEncryptionKey() bool`
+
+HasEncryptionKey returns a boolean if a field has been set.
+
+### SetEncryptionKeyNil
+
+`func (o *OAuth2ProviderRequest) SetEncryptionKeyNil(b bool)`
+
+ SetEncryptionKeyNil sets the value for EncryptionKey to be an explicit nil
+
+### UnsetEncryptionKey
+`func (o *OAuth2ProviderRequest) UnsetEncryptionKey()`
+
+UnsetEncryptionKey ensures that no value is present for EncryptionKey, not even an explicit nil
 ### GetRedirectUris
 
 `func (o *OAuth2ProviderRequest) GetRedirectUris() string`

docs/PatchedOAuth2ProviderRequest.md

@@ -16,7 +16,8 @@ Name | Type | Description | Notes
 **AccessTokenValidity** | Pointer to **string** | Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3). | [optional] 
 **RefreshTokenValidity** | Pointer to **string** | Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3). | [optional] 
 **IncludeClaimsInIdToken** | Pointer to **bool** | Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. | [optional] 
-**SigningKey** | Pointer to **NullableString** | Key used to sign the tokens. Only required when JWT Algorithm is set to RS256. | [optional] 
+**SigningKey** | Pointer to **NullableString** | Key used to sign the tokens. | [optional] 
+**EncryptionKey** | Pointer to **NullableString** | Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs. | [optional] 
 **RedirectUris** | Pointer to **string** | Enter each URI on a new line. | [optional] 
 **SubMode** | Pointer to [**SubModeEnum**](SubModeEnum.md) | Configure what data should be used as unique User Identifier. For most cases, the default should be fine. | [optional] 
 **IssuerMode** | Pointer to [**IssuerModeEnum**](IssuerModeEnum.md) | Configure how the issuer field of the ID Token should be filled. | [optional] 
@@ -386,6 +387,41 @@ HasSigningKey returns a boolean if a field has been set.
 `func (o *PatchedOAuth2ProviderRequest) UnsetSigningKey()`
 
 UnsetSigningKey ensures that no value is present for SigningKey, not even an explicit nil
+### GetEncryptionKey
+
+`func (o *PatchedOAuth2ProviderRequest) GetEncryptionKey() string`
+
+GetEncryptionKey returns the EncryptionKey field if non-nil, zero value otherwise.
+
+### GetEncryptionKeyOk
+
+`func (o *PatchedOAuth2ProviderRequest) GetEncryptionKeyOk() (*string, bool)`
+
+GetEncryptionKeyOk returns a tuple with the EncryptionKey field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEncryptionKey
+
+`func (o *PatchedOAuth2ProviderRequest) SetEncryptionKey(v string)`
+
+SetEncryptionKey sets EncryptionKey field to given value.
+
+### HasEncryptionKey
+
+`func (o *PatchedOAuth2ProviderRequest) HasEncryptionKey() bool`
+
+HasEncryptionKey returns a boolean if a field has been set.
+
+### SetEncryptionKeyNil
+
+`func (o *PatchedOAuth2ProviderRequest) SetEncryptionKeyNil(b bool)`
+
+ SetEncryptionKeyNil sets the value for EncryptionKey to be an explicit nil
+
+### UnsetEncryptionKey
+`func (o *PatchedOAuth2ProviderRequest) UnsetEncryptionKey()`
+
+UnsetEncryptionKey ensures that no value is present for EncryptionKey, not even an explicit nil
 ### GetRedirectUris
 
 `func (o *PatchedOAuth2ProviderRequest) GetRedirectUris() string`