@brokerize/client 1.3.9 → 1.3.10

package/dist/swagger/apis/UserApi.d.ts

@@ -9,10 +9,26 @@
  * Do not edit the class manually.
  */
 import * as runtime from "../runtime";
-import { AccessTokenResult, CreateAccessTokenParams, GetAccessTokensResponse, GetAcessTokenAvailablePermissions200Response } from "../models";
+import { AccessTokenResult, CheckRecoveryPhrase200Response, CreateAccessTokenParams, CreateGuestUserResponse, CreateRecoveryPhraseParams, CreateRecoveryPhraseResult, GetAccessTokensResponse, GetAcessTokenAvailablePermissions200Response, GetRecoveryPhrasesResponse, GetUserResponse, ObtainTokenByRecoveryPhraseParams, TokenResponse } from "../models";
+export interface CheckRecoveryPhraseRequest {
+    obtainTokenByRecoveryPhraseParams: ObtainTokenByRecoveryPhraseParams;
+}
 export interface CreateAccessTokenRequest {
     createAccessTokenParams: CreateAccessTokenParams;
 }
+export interface CreateRecoveryPhraseRequest {
+    createRecoveryPhraseParams: CreateRecoveryPhraseParams;
+}
+export interface DeleteRecoveryPhraseRequest {
+    recoveryPhraseId: string;
+}
+export interface ObtainTokenRequest {
+    grantType: string;
+    refreshToken: string;
+}
+export interface ObtainTokenByRecoveryPhraseRequest {
+    obtainTokenByRecoveryPhraseParams: ObtainTokenByRecoveryPhraseParams;
+}
 export interface RevokeAccessTokenRequest {
     accessTokenId: string;
 }
@@ -20,6 +36,14 @@ export interface RevokeAccessTokenRequest {
  *
  */
 export declare class UserApi extends runtime.BaseAPI {
+    /**
+     * Check if the RecoveryPhrase is still valid without obtaining a new token set. This can be used in frontends when users are asked if they still have their RecoveryPhrase.
+     */
+    checkRecoveryPhraseRaw(requestParameters: CheckRecoveryPhraseRequest, initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<runtime.ApiResponse<CheckRecoveryPhrase200Response>>;
+    /**
+     * Check if the RecoveryPhrase is still valid without obtaining a new token set. This can be used in frontends when users are asked if they still have their RecoveryPhrase.
+     */
+    checkRecoveryPhrase(requestParameters: CheckRecoveryPhraseRequest, initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<CheckRecoveryPhrase200Response>;
     /**
      * Create a token for the current user. The token can be used to access resources on behalf of the user.
      */
@@ -28,6 +52,38 @@ export declare class UserApi extends runtime.BaseAPI {
      * Create a token for the current user. The token can be used to access resources on behalf of the user.
      */
     createAccessToken(requestParameters: CreateAccessTokenRequest, initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<AccessTokenResult>;
+    /**
+     * Create a guest user and return a token which can be used to access resources.  The lifetime of the generated temporary user as well as the returned `access_token` depend on the client configuration. It is usually around 24 hours. For some clients, tokens can be expired earlier based on inactivity.  If the client has configured a longer lifetime for their guest users, a `refresh_token`  is included in the response. This token can be used to renew the `access_token` after it has expired.  The `refresh_token` can be used to obtain a new `access_token` after the original token has expired using the `/user/token` endpoint.
+     */
+    createGuestUserRaw(initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<runtime.ApiResponse<CreateGuestUserResponse>>;
+    /**
+     * Create a guest user and return a token which can be used to access resources.  The lifetime of the generated temporary user as well as the returned `access_token` depend on the client configuration. It is usually around 24 hours. For some clients, tokens can be expired earlier based on inactivity.  If the client has configured a longer lifetime for their guest users, a `refresh_token`  is included in the response. This token can be used to renew the `access_token` after it has expired.  The `refresh_token` can be used to obtain a new `access_token` after the original token has expired using the `/user/token` endpoint.
+     */
+    createGuestUser(initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<CreateGuestUserResponse>;
+    /**
+     * Create a RecoveryPhrase for the current guest user.  The brokerize backend uses RecoveryPhrases instead of email + password registration or similar approaches, which can never be guaranteed to be anonymous.  Users can simply generate a RecoveryPhrase and save it in a password manager, memorize it or write it down in a safe location.  The BIP39 word list known from Bitcoins is used to encode a cryptographically safe random token and allows access to the account later (see endpoint `ObtainTokenFromRecoveryPhrase`).
+     */
+    createRecoveryPhraseRaw(requestParameters: CreateRecoveryPhraseRequest, initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<runtime.ApiResponse<CreateRecoveryPhraseResult>>;
+    /**
+     * Create a RecoveryPhrase for the current guest user.  The brokerize backend uses RecoveryPhrases instead of email + password registration or similar approaches, which can never be guaranteed to be anonymous.  Users can simply generate a RecoveryPhrase and save it in a password manager, memorize it or write it down in a safe location.  The BIP39 word list known from Bitcoins is used to encode a cryptographically safe random token and allows access to the account later (see endpoint `ObtainTokenFromRecoveryPhrase`).
+     */
+    createRecoveryPhrase(requestParameters: CreateRecoveryPhraseRequest, initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<CreateRecoveryPhraseResult>;
+    /**
+     * Delete the current user (only allowed if it is a guest account). Also logs out all active broker sessions attached to the user.
+     */
+    deleteGuestUserRaw(initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<runtime.ApiResponse<void>>;
+    /**
+     * Delete the current user (only allowed if it is a guest account). Also logs out all active broker sessions attached to the user.
+     */
+    deleteGuestUser(initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<void>;
+    /**
+     * Delete the RecoveryPhrase from the account.
+     */
+    deleteRecoveryPhraseRaw(requestParameters: DeleteRecoveryPhraseRequest, initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<runtime.ApiResponse<void>>;
+    /**
+     * Delete the RecoveryPhrase from the account.
+     */
+    deleteRecoveryPhrase(requestParameters: DeleteRecoveryPhraseRequest, initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<void>;
     /**
      */
     getAccessTokensRaw(initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<runtime.ApiResponse<GetAccessTokensResponse>>;
@@ -42,6 +98,38 @@ export declare class UserApi extends runtime.BaseAPI {
      * Figure out which permissions are available to select from for a new access token.
      */
     getAcessTokenAvailablePermissions(initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<GetAcessTokenAvailablePermissions200Response>;
+    /**
+     * Lists all the recoveryPhrases metadata the user has in their account.
+     */
+    getRecoveryPhrasesRaw(initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<runtime.ApiResponse<GetRecoveryPhrasesResponse>>;
+    /**
+     * Lists all the recoveryPhrases metadata the user has in their account.
+     */
+    getRecoveryPhrases(initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<GetRecoveryPhrasesResponse>;
+    /**
+     * Checks the provided authentication and returns the logged-in user.
+     */
+    getUserRaw(initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<runtime.ApiResponse<GetUserResponse>>;
+    /**
+     * Checks the provided authentication and returns the logged-in user.
+     */
+    getUser(initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<GetUserResponse>;
+    /**
+     * Obtain a new access token using a refresh token as specified in https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.4. If `CreateGuestUser` has provided a `refresh_token`, this endpoint may be used to obtain a new `access_token` after the original token has expired.
+     */
+    obtainTokenRaw(requestParameters: ObtainTokenRequest, initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<runtime.ApiResponse<TokenResponse>>;
+    /**
+     * Obtain a new access token using a refresh token as specified in https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.4. If `CreateGuestUser` has provided a `refresh_token`, this endpoint may be used to obtain a new `access_token` after the original token has expired.
+     */
+    obtainToken(requestParameters: ObtainTokenRequest, initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<TokenResponse>;
+    /**
+     * Obtain a new access and refresh token set by a RecoveryPhrase. The new set also contains a refresh_token etc, so it can then be used just like the tokens obtained from the `ObtainToken` endpoint.  This also creates a new `trading_session`, as RecoveryPhrases never allow access to an existing trading_session.
+     */
+    obtainTokenByRecoveryPhraseRaw(requestParameters: ObtainTokenByRecoveryPhraseRequest, initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<runtime.ApiResponse<TokenResponse>>;
+    /**
+     * Obtain a new access and refresh token set by a RecoveryPhrase. The new set also contains a refresh_token etc, so it can then be used just like the tokens obtained from the `ObtainToken` endpoint.  This also creates a new `trading_session`, as RecoveryPhrases never allow access to an existing trading_session.
+     */
+    obtainTokenByRecoveryPhrase(requestParameters: ObtainTokenByRecoveryPhraseRequest, initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<TokenResponse>;
     /**
      */
     revokeAccessTokenRaw(requestParameters: RevokeAccessTokenRequest, initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<runtime.ApiResponse<void>>;

package/dist/swagger/apis/UserApi.js

@@ -11,11 +11,42 @@
  * Do not edit the class manually.
  */
 import * as runtime from "../runtime";
-import { AccessTokenResultFromJSON, CreateAccessTokenParamsToJSON, GetAccessTokensResponseFromJSON, GetAcessTokenAvailablePermissions200ResponseFromJSON, } from "../models";
+import { AccessTokenResultFromJSON, CheckRecoveryPhrase200ResponseFromJSON, CreateAccessTokenParamsToJSON, CreateGuestUserResponseFromJSON, CreateRecoveryPhraseParamsToJSON, CreateRecoveryPhraseResultFromJSON, GetAccessTokensResponseFromJSON, GetAcessTokenAvailablePermissions200ResponseFromJSON, GetRecoveryPhrasesResponseFromJSON, GetUserResponseFromJSON, ObtainTokenByRecoveryPhraseParamsToJSON, TokenResponseFromJSON, } from "../models";
 /**
  *
  */
 export class UserApi extends runtime.BaseAPI {
+    /**
+     * Check if the RecoveryPhrase is still valid without obtaining a new token set. This can be used in frontends when users are asked if they still have their RecoveryPhrase.
+     */
+    async checkRecoveryPhraseRaw(requestParameters, initOverrides) {
+        if (requestParameters.obtainTokenByRecoveryPhraseParams === null ||
+            requestParameters.obtainTokenByRecoveryPhraseParams === undefined) {
+            throw new runtime.RequiredError("obtainTokenByRecoveryPhraseParams", "Required parameter requestParameters.obtainTokenByRecoveryPhraseParams was null or undefined when calling checkRecoveryPhrase.");
+        }
+        const queryParameters = {};
+        const headerParameters = {};
+        headerParameters["Content-Type"] = "application/json";
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-brkrz-client-id"] =
+                this.configuration.apiKey("x-brkrz-client-id"); // clientId authentication
+        }
+        const response = await this.request({
+            path: `/user/recoveryPhrases/check`,
+            method: "POST",
+            headers: headerParameters,
+            query: queryParameters,
+            body: ObtainTokenByRecoveryPhraseParamsToJSON(requestParameters.obtainTokenByRecoveryPhraseParams),
+        }, initOverrides);
+        return new runtime.JSONApiResponse(response, (jsonValue) => CheckRecoveryPhrase200ResponseFromJSON(jsonValue));
+    }
+    /**
+     * Check if the RecoveryPhrase is still valid without obtaining a new token set. This can be used in frontends when users are asked if they still have their RecoveryPhrase.
+     */
+    async checkRecoveryPhrase(requestParameters, initOverrides) {
+        const response = await this.checkRecoveryPhraseRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
     /**
      * Create a token for the current user. The token can be used to access resources on behalf of the user.
      */
@@ -54,6 +85,135 @@ export class UserApi extends runtime.BaseAPI {
         const response = await this.createAccessTokenRaw(requestParameters, initOverrides);
         return await response.value();
     }
+    /**
+     * Create a guest user and return a token which can be used to access resources.  The lifetime of the generated temporary user as well as the returned `access_token` depend on the client configuration. It is usually around 24 hours. For some clients, tokens can be expired earlier based on inactivity.  If the client has configured a longer lifetime for their guest users, a `refresh_token`  is included in the response. This token can be used to renew the `access_token` after it has expired.  The `refresh_token` can be used to obtain a new `access_token` after the original token has expired using the `/user/token` endpoint.
+     */
+    async createGuestUserRaw(initOverrides) {
+        const queryParameters = {};
+        const headerParameters = {};
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-brkrz-client-id"] =
+                this.configuration.apiKey("x-brkrz-client-id"); // clientId authentication
+        }
+        const response = await this.request({
+            path: `/user/guest`,
+            method: "POST",
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+        return new runtime.JSONApiResponse(response, (jsonValue) => CreateGuestUserResponseFromJSON(jsonValue));
+    }
+    /**
+     * Create a guest user and return a token which can be used to access resources.  The lifetime of the generated temporary user as well as the returned `access_token` depend on the client configuration. It is usually around 24 hours. For some clients, tokens can be expired earlier based on inactivity.  If the client has configured a longer lifetime for their guest users, a `refresh_token`  is included in the response. This token can be used to renew the `access_token` after it has expired.  The `refresh_token` can be used to obtain a new `access_token` after the original token has expired using the `/user/token` endpoint.
+     */
+    async createGuestUser(initOverrides) {
+        const response = await this.createGuestUserRaw(initOverrides);
+        return await response.value();
+    }
+    /**
+     * Create a RecoveryPhrase for the current guest user.  The brokerize backend uses RecoveryPhrases instead of email + password registration or similar approaches, which can never be guaranteed to be anonymous.  Users can simply generate a RecoveryPhrase and save it in a password manager, memorize it or write it down in a safe location.  The BIP39 word list known from Bitcoins is used to encode a cryptographically safe random token and allows access to the account later (see endpoint `ObtainTokenFromRecoveryPhrase`).
+     */
+    async createRecoveryPhraseRaw(requestParameters, initOverrides) {
+        if (requestParameters.createRecoveryPhraseParams === null ||
+            requestParameters.createRecoveryPhraseParams === undefined) {
+            throw new runtime.RequiredError("createRecoveryPhraseParams", "Required parameter requestParameters.createRecoveryPhraseParams was null or undefined when calling createRecoveryPhrase.");
+        }
+        const queryParameters = {};
+        const headerParameters = {};
+        headerParameters["Content-Type"] = "application/json";
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-brkrz-client-id"] =
+                this.configuration.apiKey("x-brkrz-client-id"); // clientId authentication
+        }
+        if (this.configuration && this.configuration.accessToken) {
+            const token = this.configuration.accessToken;
+            const tokenString = await token("idToken", []);
+            if (tokenString) {
+                headerParameters["Authorization"] = `Bearer ${tokenString}`;
+            }
+        }
+        const response = await this.request({
+            path: `/user/recoveryPhrases`,
+            method: "POST",
+            headers: headerParameters,
+            query: queryParameters,
+            body: CreateRecoveryPhraseParamsToJSON(requestParameters.createRecoveryPhraseParams),
+        }, initOverrides);
+        return new runtime.JSONApiResponse(response, (jsonValue) => CreateRecoveryPhraseResultFromJSON(jsonValue));
+    }
+    /**
+     * Create a RecoveryPhrase for the current guest user.  The brokerize backend uses RecoveryPhrases instead of email + password registration or similar approaches, which can never be guaranteed to be anonymous.  Users can simply generate a RecoveryPhrase and save it in a password manager, memorize it or write it down in a safe location.  The BIP39 word list known from Bitcoins is used to encode a cryptographically safe random token and allows access to the account later (see endpoint `ObtainTokenFromRecoveryPhrase`).
+     */
+    async createRecoveryPhrase(requestParameters, initOverrides) {
+        const response = await this.createRecoveryPhraseRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+    /**
+     * Delete the current user (only allowed if it is a guest account). Also logs out all active broker sessions attached to the user.
+     */
+    async deleteGuestUserRaw(initOverrides) {
+        const queryParameters = {};
+        const headerParameters = {};
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-brkrz-client-id"] =
+                this.configuration.apiKey("x-brkrz-client-id"); // clientId authentication
+        }
+        if (this.configuration && this.configuration.accessToken) {
+            const token = this.configuration.accessToken;
+            const tokenString = await token("idToken", []);
+            if (tokenString) {
+                headerParameters["Authorization"] = `Bearer ${tokenString}`;
+            }
+        }
+        const response = await this.request({
+            path: `/user`,
+            method: "DELETE",
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+        return new runtime.VoidApiResponse(response);
+    }
+    /**
+     * Delete the current user (only allowed if it is a guest account). Also logs out all active broker sessions attached to the user.
+     */
+    async deleteGuestUser(initOverrides) {
+        await this.deleteGuestUserRaw(initOverrides);
+    }
+    /**
+     * Delete the RecoveryPhrase from the account.
+     */
+    async deleteRecoveryPhraseRaw(requestParameters, initOverrides) {
+        if (requestParameters.recoveryPhraseId === null ||
+            requestParameters.recoveryPhraseId === undefined) {
+            throw new runtime.RequiredError("recoveryPhraseId", "Required parameter requestParameters.recoveryPhraseId was null or undefined when calling deleteRecoveryPhrase.");
+        }
+        const queryParameters = {};
+        const headerParameters = {};
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-brkrz-client-id"] =
+                this.configuration.apiKey("x-brkrz-client-id"); // clientId authentication
+        }
+        if (this.configuration && this.configuration.accessToken) {
+            const token = this.configuration.accessToken;
+            const tokenString = await token("idToken", []);
+            if (tokenString) {
+                headerParameters["Authorization"] = `Bearer ${tokenString}`;
+            }
+        }
+        const response = await this.request({
+            path: `/user/recoveryPhrases/{recoveryPhraseId}`.replace(`{${"recoveryPhraseId"}}`, encodeURIComponent(String(requestParameters.recoveryPhraseId))),
+            method: "DELETE",
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+        return new runtime.VoidApiResponse(response);
+    }
+    /**
+     * Delete the RecoveryPhrase from the account.
+     */
+    async deleteRecoveryPhrase(requestParameters, initOverrides) {
+        await this.deleteRecoveryPhraseRaw(requestParameters, initOverrides);
+    }
     /**
      */
     async getAccessTokensRaw(initOverrides) {
@@ -116,6 +276,154 @@ export class UserApi extends runtime.BaseAPI {
         const response = await this.getAcessTokenAvailablePermissionsRaw(initOverrides);
         return await response.value();
     }
+    /**
+     * Lists all the recoveryPhrases metadata the user has in their account.
+     */
+    async getRecoveryPhrasesRaw(initOverrides) {
+        const queryParameters = {};
+        const headerParameters = {};
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-brkrz-client-id"] =
+                this.configuration.apiKey("x-brkrz-client-id"); // clientId authentication
+        }
+        if (this.configuration && this.configuration.accessToken) {
+            const token = this.configuration.accessToken;
+            const tokenString = await token("idToken", []);
+            if (tokenString) {
+                headerParameters["Authorization"] = `Bearer ${tokenString}`;
+            }
+        }
+        const response = await this.request({
+            path: `/user/recoveryPhrases`,
+            method: "GET",
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+        return new runtime.JSONApiResponse(response, (jsonValue) => GetRecoveryPhrasesResponseFromJSON(jsonValue));
+    }
+    /**
+     * Lists all the recoveryPhrases metadata the user has in their account.
+     */
+    async getRecoveryPhrases(initOverrides) {
+        const response = await this.getRecoveryPhrasesRaw(initOverrides);
+        return await response.value();
+    }
+    /**
+     * Checks the provided authentication and returns the logged-in user.
+     */
+    async getUserRaw(initOverrides) {
+        const queryParameters = {};
+        const headerParameters = {};
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-brkrz-client-id"] =
+                this.configuration.apiKey("x-brkrz-client-id"); // clientId authentication
+        }
+        if (this.configuration && this.configuration.accessToken) {
+            const token = this.configuration.accessToken;
+            const tokenString = await token("idToken", []);
+            if (tokenString) {
+                headerParameters["Authorization"] = `Bearer ${tokenString}`;
+            }
+        }
+        const response = await this.request({
+            path: `/user`,
+            method: "GET",
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+        return new runtime.JSONApiResponse(response, (jsonValue) => GetUserResponseFromJSON(jsonValue));
+    }
+    /**
+     * Checks the provided authentication and returns the logged-in user.
+     */
+    async getUser(initOverrides) {
+        const response = await this.getUserRaw(initOverrides);
+        return await response.value();
+    }
+    /**
+     * Obtain a new access token using a refresh token as specified in https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.4. If `CreateGuestUser` has provided a `refresh_token`, this endpoint may be used to obtain a new `access_token` after the original token has expired.
+     */
+    async obtainTokenRaw(requestParameters, initOverrides) {
+        if (requestParameters.grantType === null ||
+            requestParameters.grantType === undefined) {
+            throw new runtime.RequiredError("grantType", "Required parameter requestParameters.grantType was null or undefined when calling obtainToken.");
+        }
+        if (requestParameters.refreshToken === null ||
+            requestParameters.refreshToken === undefined) {
+            throw new runtime.RequiredError("refreshToken", "Required parameter requestParameters.refreshToken was null or undefined when calling obtainToken.");
+        }
+        const queryParameters = {};
+        const headerParameters = {};
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-brkrz-client-id"] =
+                this.configuration.apiKey("x-brkrz-client-id"); // clientId authentication
+        }
+        const consumes = [
+            { contentType: "application/x-www-form-urlencoded" },
+        ];
+        // @ts-ignore: canConsumeForm may be unused
+        const canConsumeForm = runtime.canConsumeForm(consumes);
+        let formParams;
+        let useForm = false;
+        if (useForm) {
+            formParams = new FormData();
+        }
+        else {
+            throw new Error("URLSearchParams support has been dopped due to compatibility problems in mobile apps.");
+        }
+        if (requestParameters.grantType !== undefined) {
+            formParams.append("grant_type", requestParameters.grantType);
+        }
+        if (requestParameters.refreshToken !== undefined) {
+            formParams.append("refresh_token", requestParameters.refreshToken);
+        }
+        const response = await this.request({
+            path: `/user/token`,
+            method: "POST",
+            headers: headerParameters,
+            query: queryParameters,
+            body: formParams,
+        }, initOverrides);
+        return new runtime.JSONApiResponse(response, (jsonValue) => TokenResponseFromJSON(jsonValue));
+    }
+    /**
+     * Obtain a new access token using a refresh token as specified in https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.4. If `CreateGuestUser` has provided a `refresh_token`, this endpoint may be used to obtain a new `access_token` after the original token has expired.
+     */
+    async obtainToken(requestParameters, initOverrides) {
+        const response = await this.obtainTokenRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+    /**
+     * Obtain a new access and refresh token set by a RecoveryPhrase. The new set also contains a refresh_token etc, so it can then be used just like the tokens obtained from the `ObtainToken` endpoint.  This also creates a new `trading_session`, as RecoveryPhrases never allow access to an existing trading_session.
+     */
+    async obtainTokenByRecoveryPhraseRaw(requestParameters, initOverrides) {
+        if (requestParameters.obtainTokenByRecoveryPhraseParams === null ||
+            requestParameters.obtainTokenByRecoveryPhraseParams === undefined) {
+            throw new runtime.RequiredError("obtainTokenByRecoveryPhraseParams", "Required parameter requestParameters.obtainTokenByRecoveryPhraseParams was null or undefined when calling obtainTokenByRecoveryPhrase.");
+        }
+        const queryParameters = {};
+        const headerParameters = {};
+        headerParameters["Content-Type"] = "application/json";
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-brkrz-client-id"] =
+                this.configuration.apiKey("x-brkrz-client-id"); // clientId authentication
+        }
+        const response = await this.request({
+            path: `/user/recoveryPhrases/token`,
+            method: "POST",
+            headers: headerParameters,
+            query: queryParameters,
+            body: ObtainTokenByRecoveryPhraseParamsToJSON(requestParameters.obtainTokenByRecoveryPhraseParams),
+        }, initOverrides);
+        return new runtime.JSONApiResponse(response, (jsonValue) => TokenResponseFromJSON(jsonValue));
+    }
+    /**
+     * Obtain a new access and refresh token set by a RecoveryPhrase. The new set also contains a refresh_token etc, so it can then be used just like the tokens obtained from the `ObtainToken` endpoint.  This also creates a new `trading_session`, as RecoveryPhrases never allow access to an existing trading_session.
+     */
+    async obtainTokenByRecoveryPhrase(requestParameters, initOverrides) {
+        const response = await this.obtainTokenByRecoveryPhraseRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
     /**
      */
     async revokeAccessTokenRaw(requestParameters, initOverrides) {

package/dist/swagger/apis/WebsocketApi.d.ts

@@ -0,0 +1,24 @@
+/**
+ * brokerize
+ * The brokerize API allows clients to implement multi-brokerage with a unified interface. For more information, visit brokerize.com
+ *
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+import * as runtime from "../runtime";
+/**
+ *
+ */
+export declare class WebsocketApi extends runtime.BaseAPI {
+    /**
+     * Most operations at brokerize have asynchronous effects.  For example, consider the flow of an order: when the user creates an order, it will not immediately appear in order list endpoints, because usually brokers take a few seconds until they are retrievable in those lists. Also, after a while, the order may be executed or cancelled asynchronously by the stock exchange.  A common solution for frontends would be to reload the order list regularly. However data is then either delayed or there will be many more requests than needed.  The brokerize websocket endpoint allows getting updates via web sockets. Generally speaking, clients can subscribe by assigning a subscription id and will then receive updates on that subscription.  In this documentation, ⬆️ denotes messages from the client to the server, whereas messages from server to client are marked with ⬇️.  ## authentication  When using cookies for authorization, the WebSocket connection is authenticated with the HTTP upgrade request.  If token headers are used, the _first_ message from client to server must be:  ``` ⬆️ {     \"cmd\": \"authorize\",     \"idToken\": <string> } ```  In all cases, clients must wait for the welcome message before sending other messages:  ``` ⬇️ { \"cmd\": \"authenticated\" } ```  ## ping  After 1 minute of inactivity of a client, the WebSocket connection will be considered stale and will automatically terminated. To prevent this, a ping message can be sent:  ```  ⬆️ {\"cmd\": \"ping\"} ```  The server also sends this message regularly. If no message has been received on a WebSocket connection for more than 1 minute, it should be terminated by the client.  ```  ⬇️ {\"cmd\": \"ping\"} ```  ## subscriptions  Subscriptions can be used to get invalidate events or updates for selected resources.  ### invalidate subscriptions  Invalidation events can be used for the frontend to know when reload requests via the HTTP endpoints are appropriate. Currently only invalidate events can be subscribed, the actual data must then be reloaded using the HTTP endpoints.  To set up a subscription for an invalidate event, use:  ``` ⬆️ {     \"cmd\": \"subscribe\",     \"type\": \"invalidate\",     \"subscriptionId\": 1,     \"entity: \"brokersessions\" /_* \"positions\" | \"orders\" *_/,     \"portfolioId\": 42 /_* required for \"positions\" or \"orders\" *_/ } ```  If the subscription failed to be set up on the server, an error will be sent for the subscription. This also automatically ends the subscription on the server side:  ``` ⬇️ {     \"subscriptionId\": 1,     \"error\": {         \"message\": \"Could not set up invalidation event due to...\"     } } ```  If an invalid `subscriptionId` is provided (or the subscription id is already in use by the connection), an error like this will be sent:  ``` ⬇️ {     \"error\": {         \"message\": \"Could not add subscription due to invalid subscriptionId\"     } } ```  ⚠️ _the connection will then be terminated immediately_.  If the subscription is sucessfuly set up, whenever an invalidation happens, the server will send a message like this:  ``` ⬇️ {     \"cmd\": \"invalidate\",     \"subscriptionId\": 1 } ```  When that invalidation event is received, the client should reload the data using the corresponding endpoints.  Clients can end their subscription with the `unsubscribe` command:  ``` ⬆️ {     \"cmd\": \"unsubscribe\",     \"subscriptionId\": 1 } ```  ### subscribe to the state of a decoupled operation  For decoupled operations (e.g. authorizing a session TAN using a second factor device), the state of the operation can be subscribed:  ``` ⬆️ {     \"cmd\": \"subscribe\",     \"type\": \"decoupledOperationStatus\",     \"subscriptionId\": 1,     \"sessionId\": string,     \"decoupledOperationId\": string } ```  Error handling as well as unsubscribing works as described for invalidate subscriptions. Example message from the server for updating the state:  ``` ⬇️ {     \"cmd\": \"updateDecoupledOperationStatus\",     \"subscriptionId\": number,     \"state\": <DecoupledOperationStatus> } ```
+     */
+    websocketRaw(initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<runtime.ApiResponse<void>>;
+    /**
+     * Most operations at brokerize have asynchronous effects.  For example, consider the flow of an order: when the user creates an order, it will not immediately appear in order list endpoints, because usually brokers take a few seconds until they are retrievable in those lists. Also, after a while, the order may be executed or cancelled asynchronously by the stock exchange.  A common solution for frontends would be to reload the order list regularly. However data is then either delayed or there will be many more requests than needed.  The brokerize websocket endpoint allows getting updates via web sockets. Generally speaking, clients can subscribe by assigning a subscription id and will then receive updates on that subscription.  In this documentation, ⬆️ denotes messages from the client to the server, whereas messages from server to client are marked with ⬇️.  ## authentication  When using cookies for authorization, the WebSocket connection is authenticated with the HTTP upgrade request.  If token headers are used, the _first_ message from client to server must be:  ``` ⬆️ {     \"cmd\": \"authorize\",     \"idToken\": <string> } ```  In all cases, clients must wait for the welcome message before sending other messages:  ``` ⬇️ { \"cmd\": \"authenticated\" } ```  ## ping  After 1 minute of inactivity of a client, the WebSocket connection will be considered stale and will automatically terminated. To prevent this, a ping message can be sent:  ```  ⬆️ {\"cmd\": \"ping\"} ```  The server also sends this message regularly. If no message has been received on a WebSocket connection for more than 1 minute, it should be terminated by the client.  ```  ⬇️ {\"cmd\": \"ping\"} ```  ## subscriptions  Subscriptions can be used to get invalidate events or updates for selected resources.  ### invalidate subscriptions  Invalidation events can be used for the frontend to know when reload requests via the HTTP endpoints are appropriate. Currently only invalidate events can be subscribed, the actual data must then be reloaded using the HTTP endpoints.  To set up a subscription for an invalidate event, use:  ``` ⬆️ {     \"cmd\": \"subscribe\",     \"type\": \"invalidate\",     \"subscriptionId\": 1,     \"entity: \"brokersessions\" /_* \"positions\" | \"orders\" *_/,     \"portfolioId\": 42 /_* required for \"positions\" or \"orders\" *_/ } ```  If the subscription failed to be set up on the server, an error will be sent for the subscription. This also automatically ends the subscription on the server side:  ``` ⬇️ {     \"subscriptionId\": 1,     \"error\": {         \"message\": \"Could not set up invalidation event due to...\"     } } ```  If an invalid `subscriptionId` is provided (or the subscription id is already in use by the connection), an error like this will be sent:  ``` ⬇️ {     \"error\": {         \"message\": \"Could not add subscription due to invalid subscriptionId\"     } } ```  ⚠️ _the connection will then be terminated immediately_.  If the subscription is sucessfuly set up, whenever an invalidation happens, the server will send a message like this:  ``` ⬇️ {     \"cmd\": \"invalidate\",     \"subscriptionId\": 1 } ```  When that invalidation event is received, the client should reload the data using the corresponding endpoints.  Clients can end their subscription with the `unsubscribe` command:  ``` ⬆️ {     \"cmd\": \"unsubscribe\",     \"subscriptionId\": 1 } ```  ### subscribe to the state of a decoupled operation  For decoupled operations (e.g. authorizing a session TAN using a second factor device), the state of the operation can be subscribed:  ``` ⬆️ {     \"cmd\": \"subscribe\",     \"type\": \"decoupledOperationStatus\",     \"subscriptionId\": 1,     \"sessionId\": string,     \"decoupledOperationId\": string } ```  Error handling as well as unsubscribing works as described for invalidate subscriptions. Example message from the server for updating the state:  ``` ⬇️ {     \"cmd\": \"updateDecoupledOperationStatus\",     \"subscriptionId\": number,     \"state\": <DecoupledOperationStatus> } ```
+     */
+    websocket(initOverrides?: RequestInit | runtime.InitOverideFunction): Promise<void>;
+}

package/dist/swagger/apis/WebsocketApi.js

@@ -0,0 +1,38 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * brokerize
+ * The brokerize API allows clients to implement multi-brokerage with a unified interface. For more information, visit brokerize.com
+ *
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+import * as runtime from "../runtime";
+/**
+ *
+ */
+export class WebsocketApi extends runtime.BaseAPI {
+    /**
+     * Most operations at brokerize have asynchronous effects.  For example, consider the flow of an order: when the user creates an order, it will not immediately appear in order list endpoints, because usually brokers take a few seconds until they are retrievable in those lists. Also, after a while, the order may be executed or cancelled asynchronously by the stock exchange.  A common solution for frontends would be to reload the order list regularly. However data is then either delayed or there will be many more requests than needed.  The brokerize websocket endpoint allows getting updates via web sockets. Generally speaking, clients can subscribe by assigning a subscription id and will then receive updates on that subscription.  In this documentation, ⬆️ denotes messages from the client to the server, whereas messages from server to client are marked with ⬇️.  ## authentication  When using cookies for authorization, the WebSocket connection is authenticated with the HTTP upgrade request.  If token headers are used, the _first_ message from client to server must be:  ``` ⬆️ {     \"cmd\": \"authorize\",     \"idToken\": <string> } ```  In all cases, clients must wait for the welcome message before sending other messages:  ``` ⬇️ { \"cmd\": \"authenticated\" } ```  ## ping  After 1 minute of inactivity of a client, the WebSocket connection will be considered stale and will automatically terminated. To prevent this, a ping message can be sent:  ```  ⬆️ {\"cmd\": \"ping\"} ```  The server also sends this message regularly. If no message has been received on a WebSocket connection for more than 1 minute, it should be terminated by the client.  ```  ⬇️ {\"cmd\": \"ping\"} ```  ## subscriptions  Subscriptions can be used to get invalidate events or updates for selected resources.  ### invalidate subscriptions  Invalidation events can be used for the frontend to know when reload requests via the HTTP endpoints are appropriate. Currently only invalidate events can be subscribed, the actual data must then be reloaded using the HTTP endpoints.  To set up a subscription for an invalidate event, use:  ``` ⬆️ {     \"cmd\": \"subscribe\",     \"type\": \"invalidate\",     \"subscriptionId\": 1,     \"entity: \"brokersessions\" /_* \"positions\" | \"orders\" *_/,     \"portfolioId\": 42 /_* required for \"positions\" or \"orders\" *_/ } ```  If the subscription failed to be set up on the server, an error will be sent for the subscription. This also automatically ends the subscription on the server side:  ``` ⬇️ {     \"subscriptionId\": 1,     \"error\": {         \"message\": \"Could not set up invalidation event due to...\"     } } ```  If an invalid `subscriptionId` is provided (or the subscription id is already in use by the connection), an error like this will be sent:  ``` ⬇️ {     \"error\": {         \"message\": \"Could not add subscription due to invalid subscriptionId\"     } } ```  ⚠️ _the connection will then be terminated immediately_.  If the subscription is sucessfuly set up, whenever an invalidation happens, the server will send a message like this:  ``` ⬇️ {     \"cmd\": \"invalidate\",     \"subscriptionId\": 1 } ```  When that invalidation event is received, the client should reload the data using the corresponding endpoints.  Clients can end their subscription with the `unsubscribe` command:  ``` ⬆️ {     \"cmd\": \"unsubscribe\",     \"subscriptionId\": 1 } ```  ### subscribe to the state of a decoupled operation  For decoupled operations (e.g. authorizing a session TAN using a second factor device), the state of the operation can be subscribed:  ``` ⬆️ {     \"cmd\": \"subscribe\",     \"type\": \"decoupledOperationStatus\",     \"subscriptionId\": 1,     \"sessionId\": string,     \"decoupledOperationId\": string } ```  Error handling as well as unsubscribing works as described for invalidate subscriptions. Example message from the server for updating the state:  ``` ⬇️ {     \"cmd\": \"updateDecoupledOperationStatus\",     \"subscriptionId\": number,     \"state\": <DecoupledOperationStatus> } ```
+     */
+    async websocketRaw(initOverrides) {
+        const queryParameters = {};
+        const headerParameters = {};
+        const response = await this.request({
+            path: `/websocket`,
+            method: "GET",
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+        return new runtime.VoidApiResponse(response);
+    }
+    /**
+     * Most operations at brokerize have asynchronous effects.  For example, consider the flow of an order: when the user creates an order, it will not immediately appear in order list endpoints, because usually brokers take a few seconds until they are retrievable in those lists. Also, after a while, the order may be executed or cancelled asynchronously by the stock exchange.  A common solution for frontends would be to reload the order list regularly. However data is then either delayed or there will be many more requests than needed.  The brokerize websocket endpoint allows getting updates via web sockets. Generally speaking, clients can subscribe by assigning a subscription id and will then receive updates on that subscription.  In this documentation, ⬆️ denotes messages from the client to the server, whereas messages from server to client are marked with ⬇️.  ## authentication  When using cookies for authorization, the WebSocket connection is authenticated with the HTTP upgrade request.  If token headers are used, the _first_ message from client to server must be:  ``` ⬆️ {     \"cmd\": \"authorize\",     \"idToken\": <string> } ```  In all cases, clients must wait for the welcome message before sending other messages:  ``` ⬇️ { \"cmd\": \"authenticated\" } ```  ## ping  After 1 minute of inactivity of a client, the WebSocket connection will be considered stale and will automatically terminated. To prevent this, a ping message can be sent:  ```  ⬆️ {\"cmd\": \"ping\"} ```  The server also sends this message regularly. If no message has been received on a WebSocket connection for more than 1 minute, it should be terminated by the client.  ```  ⬇️ {\"cmd\": \"ping\"} ```  ## subscriptions  Subscriptions can be used to get invalidate events or updates for selected resources.  ### invalidate subscriptions  Invalidation events can be used for the frontend to know when reload requests via the HTTP endpoints are appropriate. Currently only invalidate events can be subscribed, the actual data must then be reloaded using the HTTP endpoints.  To set up a subscription for an invalidate event, use:  ``` ⬆️ {     \"cmd\": \"subscribe\",     \"type\": \"invalidate\",     \"subscriptionId\": 1,     \"entity: \"brokersessions\" /_* \"positions\" | \"orders\" *_/,     \"portfolioId\": 42 /_* required for \"positions\" or \"orders\" *_/ } ```  If the subscription failed to be set up on the server, an error will be sent for the subscription. This also automatically ends the subscription on the server side:  ``` ⬇️ {     \"subscriptionId\": 1,     \"error\": {         \"message\": \"Could not set up invalidation event due to...\"     } } ```  If an invalid `subscriptionId` is provided (or the subscription id is already in use by the connection), an error like this will be sent:  ``` ⬇️ {     \"error\": {         \"message\": \"Could not add subscription due to invalid subscriptionId\"     } } ```  ⚠️ _the connection will then be terminated immediately_.  If the subscription is sucessfuly set up, whenever an invalidation happens, the server will send a message like this:  ``` ⬇️ {     \"cmd\": \"invalidate\",     \"subscriptionId\": 1 } ```  When that invalidation event is received, the client should reload the data using the corresponding endpoints.  Clients can end their subscription with the `unsubscribe` command:  ``` ⬆️ {     \"cmd\": \"unsubscribe\",     \"subscriptionId\": 1 } ```  ### subscribe to the state of a decoupled operation  For decoupled operations (e.g. authorizing a session TAN using a second factor device), the state of the operation can be subscribed:  ``` ⬆️ {     \"cmd\": \"subscribe\",     \"type\": \"decoupledOperationStatus\",     \"subscriptionId\": 1,     \"sessionId\": string,     \"decoupledOperationId\": string } ```  Error handling as well as unsubscribing works as described for invalidate subscriptions. Example message from the server for updating the state:  ``` ⬇️ {     \"cmd\": \"updateDecoupledOperationStatus\",     \"subscriptionId\": number,     \"state\": <DecoupledOperationStatus> } ```
+     */
+    async websocket(initOverrides) {
+        await this.websocketRaw(initOverrides);
+    }
+}

package/dist/swagger/apis/index.d.ts

@@ -1,12 +1,13 @@
 export * from "./AdminApi";
-export * from "./BrokerLoginApi";
-export * from "./CancelOrderApi";
-export * from "./ChangeOrderApi";
-export * from "./DefaultApi";
+export * from "./DecoupledOperationsApi";
 export * from "./DemobrokerApi";
 export * from "./ExportApi";
 export * from "./MetaApi";
+export * from "./OrderApi";
+export * from "./PortfolioApi";
 export * from "./SecuritiesApi";
+export * from "./SessionApi";
 export * from "./TradeApi";
 export * from "./TradeDraftApi";
 export * from "./UserApi";
+export * from "./WebsocketApi";

package/dist/swagger/apis/index.js

@@ -1,14 +1,15 @@
 /* tslint:disable */
 /* eslint-disable */
 export * from "./AdminApi";
-export * from "./BrokerLoginApi";
-export * from "./CancelOrderApi";
-export * from "./ChangeOrderApi";
-export * from "./DefaultApi";
+export * from "./DecoupledOperationsApi";
 export * from "./DemobrokerApi";
 export * from "./ExportApi";
 export * from "./MetaApi";
+export * from "./OrderApi";
+export * from "./PortfolioApi";
 export * from "./SecuritiesApi";
+export * from "./SessionApi";
 export * from "./TradeApi";
 export * from "./TradeDraftApi";
 export * from "./UserApi";
+export * from "./WebsocketApi";

package/dist/swagger/models/CheckRecoveryPhrase200Response.d.ts

@@ -0,0 +1,27 @@
+/**
+ * brokerize
+ * The brokerize API allows clients to implement multi-brokerage with a unified interface. For more information, visit brokerize.com
+ *
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+/**
+ *
+ * @export
+ * @interface CheckRecoveryPhrase200Response
+ */
+export interface CheckRecoveryPhrase200Response {
+    /**
+     *
+     * @type {Date}
+     * @memberof CheckRecoveryPhrase200Response
+     */
+    expiresAt: Date;
+}
+export declare function CheckRecoveryPhrase200ResponseFromJSON(json: any): CheckRecoveryPhrase200Response;
+export declare function CheckRecoveryPhrase200ResponseFromJSONTyped(json: any, ignoreDiscriminator: boolean): CheckRecoveryPhrase200Response;
+export declare function CheckRecoveryPhrase200ResponseToJSONRecursive(value?: CheckRecoveryPhrase200Response | null, ignoreParent?: boolean): any;
+export declare function CheckRecoveryPhrase200ResponseToJSON(value?: CheckRecoveryPhrase200Response | null): any;