feat: auto-discover 1 new project_config attribute(s) + regenerate (#192)

* feat: auto-discover 1 new project_config attribute(s) + regenerate

* make format

---------

Co-authored-by: KT-Doan <235441252+KT-Doan@users.noreply.github.com>
Co-authored-by: KT-Doan <kevin.doan@ory.sh>

Author: github-actions[bot]

docs/resources/project_config.md

@@ -463,6 +463,7 @@ terraform plan  # verify no changes
 - `oauth2_mirror_top_level_claims` (Boolean) Mirror top-level claims in OAuth2 ID tokens.
 - `oauth2_pkce_enforced` (Boolean) Enforce PKCE for all OAuth2 clients.
 - `oauth2_pkce_enforced_for_public_clients` (Boolean) Enforce PKCE for public OAuth2 clients only.
+- `oauth2_preserve_ext_claims` (Boolean) Set to true to keep custom claims that are not promoted to the top level in the 'ext' claim. Only applies when mirror_top_level_claims is false.
 - `oauth2_provider_headers` (Map of String) Custom HTTP headers for the OAuth2 provider integration.
 - `oauth2_provider_override_return_to` (Boolean) Allow the OAuth2 provider to automatically set the return_to parameter.
 - `oauth2_provider_url` (String) OAuth2 provider integration URL.

internal/codegen/mappings.yaml

@@ -1564,3 +1564,11 @@ attributes:
     description: "SMTP connection URI for sending emails (e.g., smtps://user:pass@host:port)."
     sensitive: true
     skip_empty_read: true
+
+  # --- Auto-discovered entries (review names/descriptions before merging) ---
+  - name: oauth2_preserve_ext_claims
+    go_field: OAuth2PreserveExtClaims
+    type: bool
+    openapi_property: hydra_oauth2_preserve_ext_claims
+    description: "Set to true to keep custom claims that are not promoted to the top level in the 'ext' claim. Only applies when mirror_top_level_claims is false."
+

internal/resources/projectconfig/patches_gen.go

@@ -427,6 +427,9 @@ type ProjectConfigResourceModel struct {
 	SelfserviceMethodsWebAuthnConfigRPDisplayName types.String `tfsdk:"selfservice_methods_webauthn_config_rp_display_name"`
 	SelfserviceMethodsWebAuthnConfigRPID          types.String `tfsdk:"selfservice_methods_webauthn_config_rp_id"`
 	SelfserviceMethodsWebAuthnConfigPasswordless  types.Bool   `tfsdk:"selfservice_methods_webauthn_config_passwordless"`
+
+	// Auto-discovered (review naming before release)
+	OAuth2PreserveExtClaims types.Bool `tfsdk:"oauth2_preserve_ext_claims"`
 }
 
 // --- Nested model types for session tokenizer templates and courier HTTP ---