/**
 * Generated by orval v7.21.0 🍺
 * Do not edit manually.
 * certctl API
 * Certificate lifecycle management platform API. Manages certificates, issuers,
deployment targets, agents, jobs, policies, profiles, teams, owners, agent groups,
audit events, notifications, and observability metrics.

All endpoints under `/api/v1/` require authentication by default (configurable via
`CERTCTL_AUTH_TYPE`). Use `Bearer {api_key}` in the Authorization header.

Paginated list endpoints accept `page` (default 1) and `per_page` (default 50, max 500)
query parameters and return a standard envelope with `data`, `total`, `page`, and `per_page`.

 * OpenAPI spec version: 2.1.7
 */

/**
 * Mirrors internal/api/handler/auth_users.go::userResponse. Federated
user shape (OIDC subject + provider). `deactivated_at` is the soft-
delete marker; nil/absent means the user is active.

 */
export interface AuthUser {
  /** User identifier (UUID-shaped). */
  id: string;
  tenant_id: string;
  /** Federated email claim from the IdP. */
  email: string;
  /** Federated display name (preferred_username or name claim from the IdP). */
  display_name: string;
  /** The IdP's `sub` claim for this user (stable identifier across email changes). */
  oidc_subject: string;
  /** ID of the OIDC provider that minted this user record. */
  oidc_provider_id: string;
  /** RFC 3339 UTC timestamp of the user's most-recent successful login. */
  last_login_at: string;
  /** RFC 3339 UTC timestamp the user row was first created (upserted from an OIDC callback). */
  created_at: string;
  /**
   * RFC 3339 UTC timestamp the user was deactivated. Omitted when the user is active.
   * @nullable
   */
  deactivated_at?: string | null;
}