@cubist-labs/cubesigner-sdk 0.2.2 → 0.2.17

package/src/schema.ts

@@ -385,6 +385,13 @@ export interface paths {
      * If no query parameters are provided, information for the current session is returned
      */
     get: operations["listSessions"];
+    /**
+     * Create new user session (management and/or signing)
+     * @description Create new user session (management and/or signing)
+     *
+     * Create a new user session
+     */
+    post: operations["createSession"];
     /**
      * Revoke existing session(s)
      * @description Revoke existing session(s)
@@ -445,6 +452,42 @@ export interface paths {
      */
     get: operations["aboutMe"];
   };
+  "/v0/org/{org_id}/user/me/export": {
+    /**
+     * List outstanding user-export requests
+     * @description List outstanding user-export requests
+     */
+    get: operations["userExportList"];
+    /**
+     * Initiate a user-export request
+     * @description Initiate a user-export request
+     *
+     * This starts a delay (whose length is determined by Org-wide settings)
+     * before export can be completed, and returns a ticket that can be used
+     * to complete the export once the timer has expired.
+     *
+     * Only one user-export request can be active for a given key. If there
+     * is already an active export, this endpoint will return an error. To
+     * create a new request, first delete the existing one.
+     */
+    post: operations["userExportInit"];
+    /**
+     * Delete an existing user-export request
+     * @description Delete an existing user-export request
+     */
+    delete: operations["userExportDelete"];
+    /**
+     * Complete a user-export request
+     * @description Complete a user-export request
+     *
+     * This endpoint can be called only after initiating a user-export request via
+     * the `user_export_init` API, and only within the subsequent export window
+     * (i.e., after the export delay has passed and before the request has expired).
+     *
+     * To check on the status of an export request, see the `user_export_list` API.
+     */
+    patch: operations["userExportComplete"];
+  };
   "/v0/org/{org_id}/user/me/fido": {
     /**
      * Initiate registration of a FIDO key
@@ -1020,6 +1063,20 @@ export interface components {
        */
       role_id: string;
     };
+    CreateSessionRequest: components["schemas"]["RatchetConfig"] & {
+      /**
+       * @description A human readable description of the session's purpose
+       * @example Manage keys on server foo.bar
+       */
+      purpose: string;
+      /**
+       * @description Controls what capabilities this session will have.
+       * @example [
+       *   "manage:key:*"
+       * ]
+       */
+      scopes: string[];
+    };
     CreateTokenRequest: components["schemas"]["RatchetConfig"] & ({
       /**
        * @description A human readable description of the purpose of the key
@@ -1507,6 +1564,101 @@ export interface components {
        */
       skip_email: boolean;
     };
+    /**
+     * @description Key material contained inside a [`JsonKeyPackage`], which can be either
+     * a raw secret or a mnemonic, password, and derivation path.
+     */
+    JsonKeyMaterial: {
+      /** @enum {string} */
+      material_type: "raw_secret";
+      /** @description The value of the raw secret */
+      secret: string;
+    } | {
+      /** @description The derivation path */
+      derivation_path: string;
+      /** @enum {string} */
+      material_type: "english_mnemonic";
+      /** @description The mnemonic */
+      mnemonic: string;
+      /** @description The password (which may be empty) */
+      password: string;
+    };
+    /**
+     * @description A [`KeyPackage`] serialized into a format that gives a tidier JSON
+     * representation suitable for encryption in the user-export flow.
+     *
+     * We construct values of this type rather than constructing `serde_json::Value`s
+     * directly with `json!()` because this allows us to zeroize values on drop, which
+     * doesn't work with `serde_json::Value`.
+     *
+     * Examples of serialized material:
+     *
+     * - `JsonKeyMaterial::EnglishMnemonic`:
+     *
+     * ```
+     * use cubist_signer_utils::{
+     * DerivationPath, KeyPackage, Mnemonic, MnemonicPackage, Secp256k1Pkg,
+     * };
+     * use serde_json::json;
+     *
+     * const MNEMONIC: &str = "deposit fiscal brain swarm surround cousin horn glare fix love render believe guide shuffle stem cram broccoli resemble beach artefact language gift jar permit";
+     * const DER_PATH: &str = "m/44'/60'/0'/0/0";
+     * const KEY_TYPE: &str = "ecdsa:secp256k1";
+     *
+     * let mne = Mnemonic::try_from(MNEMONIC).expect("good mnemonic");
+     * let derp = DerivationPath::try_from(DER_PATH).expect("good der path");
+     * let mne_pkg = MnemonicPackage::new(mne, "", derp);
+     * let key_pkg = KeyPackage::<Secp256k1Pkg>::EnglishMnemonic(mne_pkg);
+     * let json_pkg = key_pkg.into_json(KEY_TYPE);
+     *
+     * let json_expect = json!({
+     * "key_type": KEY_TYPE,
+     * "material_type": "english_mnemonic",
+     * "mnemonic": MNEMONIC,
+     * "password": "",
+     * "derivation_path": DER_PATH,
+     * });
+     *
+     * assert_eq!(
+     * serde_json::to_value(&json_pkg).expect("json serialization"),
+     * json_expect,
+     * );
+     * ```
+     *
+     * - `JsonKeyMaterial::RawSecret`:
+     *
+     * ```
+     * use cubist_signer_utils::{
+     * get_random_byte_array, hex_encode, KeyPackage, RngCore, Secp256k1Pkg,
+     * };
+     * use serde_json::json;
+     *
+     * const KEY_TYPE: &str = "ecdsa:secp256k1";
+     *
+     * // random 32-byte secret
+     * let sk: [u8; 32] = *get_random_byte_array();
+     *
+     * let key_pkg = KeyPackage::<Secp256k1Pkg>::Secret(sk);
+     * let json_pkg = key_pkg.into_json(KEY_TYPE);
+     *
+     * let json_expect = json!({
+     * "key_type": KEY_TYPE,
+     * "material_type": "raw_secret",
+     * "secret": hex_encode(&sk),
+     * });
+     *
+     * assert_eq!(
+     * serde_json::to_value(&json_pkg).expect("json serialization"),
+     * json_expect,
+     * );
+     * ```
+     */
+    JsonKeyPackage: {
+      material_type: "JsonKeyPackage";
+    } & Omit<components["schemas"]["JsonKeyMaterial"], "material_type"> & {
+      /** @description The type of key this package represents */
+      key_type: string;
+    };
     /** @description Derivation-related metadata for keys derived from a long-lived mnemonic */
     KeyDerivationInfo: {
       /** @description The derivation path used to derive this key */
@@ -1682,6 +1834,8 @@ export interface components {
       sub: string;
     };
     OidcLoginRequest: {
+      /** @description A human readable description of the purpose of the session */
+      purpose?: string | null;
       /**
        * @description Controls what capabilities this session will have.
        * @example [
@@ -1731,6 +1885,22 @@ export interface components {
        * ]
        */
       policy?: Record<string, never>[];
+      /**
+       * Format: int64
+       * @description The organization's currently configured user-export delay, i.e., the minimum
+       * amount of time (in seconds) between when a user-export is initiated and when
+       * it may be completed. (This value is meaningless for organizations that use
+       * org-wide export.)
+       */
+      user_export_delay: number;
+      /**
+       * Format: int64
+       * @description The organization's currently configured user-export window, i.e., the amount
+       * of time (in seconds) between when the user-export delay is completed and when
+       * the user export request has expired and can no longer be completed. (This value
+       * is meaningless for organizations that use org-wide export.)
+       */
+      user_export_window: number;
     };
     /**
      * @description The rocket query parameter representing the page from which to start a paginated query.
@@ -1827,6 +1997,20 @@ export interface components {
        */
       last_evaluated_key?: string | null;
     });
+    /**
+     * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
+     * value (which can the user pass back to use as a url query parameter to continue pagination).
+     */
+    PaginatedUserExportListResponse: {
+      export_requests: components["schemas"]["UserExportInitResponse"][];
+    } & ({
+      /**
+       * @description If set, the content of `response` does not contain the entire result set.
+       * To fetch the next page of the result set, call the same endpoint
+       * but specify this value as the 'page.start' query parameter.
+       */
+      last_evaluated_key?: string | null;
+    });
     /**
      * @description This type represents a wire-encodable form of the PublicKeyCredential interface
      * Clients may need to manually encode into this format to communicate with the server
@@ -1871,7 +2055,7 @@ export interface components {
      */
     PublicKeyCredentialCreationOptions: {
       attestation?: components["schemas"]["AttestationConveyancePreference"];
-      authenticator_selection?: components["schemas"]["AuthenticatorSelectionCriteria"] | null;
+      authenticatorSelection?: components["schemas"]["AuthenticatorSelectionCriteria"] | null;
       /**
        * @description This member contains a challenge intended to be used for generating the
        * newly created credential’s attestation object. See the § 13.4.3
@@ -1889,7 +2073,7 @@ export interface components {
        *
        * https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialcreationoptions-excludecredentials
        */
-      exclude_credentials?: components["schemas"]["PublicKeyCredentialDescriptor"][];
+      excludeCredentials?: components["schemas"]["PublicKeyCredentialDescriptor"][];
       /**
        * @description This member contains additional parameters requesting additional
        * processing by the client and authenticator. For example, the caller may
@@ -1911,7 +2095,7 @@ export interface components {
        *
        * https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialcreationoptions-pubkeycredparams
        */
-      pub_key_cred_params: components["schemas"]["PublicKeyCredentialParameters"][];
+      pubKeyCredParams: components["schemas"]["PublicKeyCredentialParameters"][];
       rp: components["schemas"]["PublicKeyCredentialRpEntity"];
       /**
        * Format: int32
@@ -1987,7 +2171,7 @@ export interface components {
        *
        * https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialrequestoptions-allowcredentials
        */
-      allow_credentials?: components["schemas"]["PublicKeyCredentialDescriptor"][];
+      allowCredentials?: components["schemas"]["PublicKeyCredentialDescriptor"][];
       /**
        * @description This member represents a challenge that the selected authenticator
        * signs, along with other data, when producing an authentication
@@ -2004,7 +2188,7 @@ export interface components {
        *
        * https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialrequestoptions-rpid
        */
-      rp_id?: string | null;
+      rpId?: string | null;
       /**
        * Format: int32
        * @description This OPTIONAL member specifies a time, in milliseconds, that the caller
@@ -2014,7 +2198,7 @@ export interface components {
        * https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialrequestoptions-timeout
        */
       timeout?: number | null;
-      user_verification?: components["schemas"]["UserVerificationRequirement"];
+      userVerification?: components["schemas"]["UserVerificationRequirement"];
     };
     /**
      * @description The PublicKeyCredentialRpEntity dictionary is used to supply additional
@@ -2339,6 +2523,11 @@ export interface components {
        */
       totp_url: string;
     };
+    /** @description Request to reset TOTP. */
+    TotpResetRequest: {
+      /** @description The name of the issuer; defaults to "Cubist". */
+      issuer?: string | null;
+    };
     /** @description Options that should be set only for local devnet testing. */
     UnsafeConf: {
       /**
@@ -2454,6 +2643,23 @@ export interface components {
        * ]
        */
       policy?: Record<string, never>[] | null;
+      /**
+       * Format: int64
+       * @description If set, update this org's user-export delay, i.e., the amount of time
+       * (in seconds) between a user's initiating an export and the time when
+       * export is allowed. For security, this delay cannot be set to less than
+       * 172800, i.e., 2 days.
+       */
+      user_export_delay?: number | null;
+      /**
+       * Format: int64
+       * @description If set, update this org's user-export window, i.e., the amount of time
+       * (in seconds) that export is allowed after the user-export delay. After
+       * this amount of time, the export is canceled and must be re-initiated.
+       * For security, this window cannot be set to greater than 259200, i.e.,
+       * 3 days.
+       */
+      user_export_window?: number | null;
     };
     UpdateOrgResponse: {
       /** @description The new value of the 'enabled' property */
@@ -2482,6 +2688,16 @@ export interface components {
        * ]
        */
       policy?: Record<string, never>[] | null;
+      /**
+       * Format: int64
+       * @description The new value of user-export delay
+       */
+      user_export_delay?: number | null;
+      /**
+       * Format: int64
+       * @description The new value of user-export window
+       */
+      user_export_window?: number | null;
     };
     UpdateRoleRequest: {
       /**
@@ -2502,6 +2718,99 @@ export interface components {
        */
       policy?: Record<string, never>[] | null;
     };
+    /** @description A request to complete a user export */
+    UserExportCompleteRequest: {
+      /**
+       * @description The id of the key to be exported. The key-id must correspond to the one in
+       * the specified export request, and the caller must own this key.
+       * @example Key#0x3c4d90Cc5Af1644C3A3B013Baa5488997381D7C8
+       */
+      key_id: string;
+      /**
+       * @description The NIST P-256 public key (base64-encoded SEC1 with or without compression)
+       * to which the export will be encrypted. If a public key was provided when
+       * `user_export_init` was called, this key must match that one.
+       * @example AkpLT/3dXApJzXSduaPQ7apyT0ADBwqkt1es/aT0iWWf
+       */
+      public_key: string;
+    };
+    /** @description An encrypted user-export */
+    UserExportCompleteResponse: {
+      /**
+       * @description The exported key material, encrypted with AES-256-GCM under a key
+       * derived from the public key supplied in the request via HPKE (RFC9180)
+       * with DHKEM(P-256, HKDF-SHA256) and base64 encoded.
+       */
+      encrypted_key_material: string;
+      /**
+       * @description The ephemeral public key used for HPKE key derivation as base64-encoded
+       * uncompressed SEC1 serialization.
+       */
+      ephemeral_public_key: string;
+      /** @description The user-id to which this key belongs. */
+      user_id: string;
+    };
+    /** @description A request to initiate a user export */
+    UserExportInitRequest: {
+      /**
+       * @description The id of the key to be exported. This key must be owned by the caller.
+       * @example Key#0x3c4d90Cc5Af1644C3A3B013Baa5488997381D7C8
+       */
+      key_id: string;
+      /**
+       * @description An optional NIST P-256 public key (base64-encoded SEC1 with or without
+       * compression) to which the export will be encrypted. If provided, this
+       * public key MUST be the one used to encrypt the export once the delay has
+       * expired. Otherwise, the user can provide any public key when completing
+       * the export request post delay.
+       *
+       * This option may provide extra security when the user has a secure hardware
+       * device (e.g., a phone's secure element or a YubiKey) in which a NIST P-256
+       * secret key can be generated. Providing the corresponding public key here
+       * ensures that only that specific device will be capable of decrypting
+       * the export ciphertext.
+       *
+       * If no secure hardware device is available to store the secret key, this
+       * option SHOULD NOT be used because of the risk of secret key theft during
+       * the export delay period.
+       * @example AkpLT/3dXApJzXSduaPQ7apyT0ADBwqkt1es/aT0iWWf
+       */
+      public_key?: string | null;
+    };
+    /** @description The response to a successful user-export init request */
+    UserExportInitResponse: components["schemas"]["UserExportRequest"] & {
+      /**
+       * @description The key-id being requested.
+       * @example Key#0x3c4d90Cc5Af1644C3A3B013Baa5488997381D7C8
+       */
+      key_id: string;
+    };
+    /** @description Pending user-export request as stored in the database. */
+    UserExportRequest: {
+      exp_epoch: components["schemas"]["EpochDateTime"];
+      /**
+       * @description The org-id in which the key is housed.
+       * @example Org#f361ed6b-5d19-4ccf-a4d5-eba935dc0b90
+       */
+      org_id: string;
+      /**
+       * @description The SHA-256 hash of the public key provided at export initiation,
+       * if any. If a key was provided, only that key can be used to complete
+       * the export procedure. Otherwise, any key can be used.
+       *
+       * IMPORTANT: if a public key is supplied at export initiation, it is
+       * STRONGLY RECOMMENDED that the corresponding secret key be stored in
+       * a secure hardware device, e.g., a YubiKey or a phone's secure element.
+       * If no such hardware is available, supplying a public key at export
+       * initiation is STRONGLY DISCOURAGED because of the risk of theft during
+       * the export delay period.
+       *
+       * (See also the comment in the `public_key` field of `UserInitRequest`.)
+       * @example df457a98d5538540f54d1316b597a0f39b8d96f488f10a2e31a955c146fdf1d3
+       */
+      public_key_hash?: string | null;
+      valid_epoch: components["schemas"]["EpochDateTime"];
+    };
     UserIdInfo: {
       /**
        * @description The user's email
@@ -2909,6 +3218,22 @@ export interface components {
            * ]
            */
           policy?: Record<string, never>[];
+          /**
+           * Format: int64
+           * @description The organization's currently configured user-export delay, i.e., the minimum
+           * amount of time (in seconds) between when a user-export is initiated and when
+           * it may be completed. (This value is meaningless for organizations that use
+           * org-wide export.)
+           */
+          user_export_delay: number;
+          /**
+           * Format: int64
+           * @description The organization's currently configured user-export window, i.e., the amount
+           * of time (in seconds) between when the user-export delay is completed and when
+           * the user export request has expired and can no longer be completed. (This value
+           * is meaningless for organizations that use org-wide export.)
+           */
+          user_export_window: number;
         };
       };
     };
@@ -2986,6 +3311,20 @@ export interface components {
         });
       };
     };
+    PaginatedUserExportListResponse: {
+      content: {
+        "application/json": {
+          export_requests: components["schemas"]["UserExportInitResponse"][];
+        } & ({
+          /**
+           * @description If set, the content of `response` does not contain the entire result set.
+           * To fetch the next page of the result set, call the same endpoint
+           * but specify this value as the 'page.start' query parameter.
+           */
+          last_evaluated_key?: string | null;
+        });
+      };
+    };
     RevokeTokenResponse: {
       content: {
         "application/json": {
@@ -3162,6 +3501,48 @@ export interface components {
            * ]
            */
           policy?: Record<string, never>[] | null;
+          /**
+           * Format: int64
+           * @description The new value of user-export delay
+           */
+          user_export_delay?: number | null;
+          /**
+           * Format: int64
+           * @description The new value of user-export window
+           */
+          user_export_window?: number | null;
+        };
+      };
+    };
+    /** @description An encrypted user-export */
+    UserExportCompleteResponse: {
+      content: {
+        "application/json": {
+          /**
+           * @description The exported key material, encrypted with AES-256-GCM under a key
+           * derived from the public key supplied in the request via HPKE (RFC9180)
+           * with DHKEM(P-256, HKDF-SHA256) and base64 encoded.
+           */
+          encrypted_key_material: string;
+          /**
+           * @description The ephemeral public key used for HPKE key derivation as base64-encoded
+           * uncompressed SEC1 serialization.
+           */
+          ephemeral_public_key: string;
+          /** @description The user-id to which this key belongs. */
+          user_id: string;
+        };
+      };
+    };
+    /** @description The response to a successful user-export init request */
+    UserExportInitResponse: {
+      content: {
+        "application/json": components["schemas"]["UserExportRequest"] & {
+          /**
+           * @description The key-id being requested.
+           * @example Key#0x3c4d90Cc5Af1644C3A3B013Baa5488997381D7C8
+           */
+          key_id: string;
         };
       };
     };
@@ -4537,6 +4918,36 @@ export interface operations {
       };
     };
   };
+  /**
+   * Create new user session (management and/or signing)
+   * @description Create new user session (management and/or signing)
+   *
+   * Create a new user session
+   */
+  createSession: {
+    parameters: {
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["CreateSessionRequest"];
+      };
+    };
+    responses: {
+      200: components["responses"]["NewSessionResponse"];
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
   /**
    * Revoke existing session(s)
    * @description Revoke existing session(s)
@@ -4744,6 +5155,171 @@ export interface operations {
       };
     };
   };
+  /**
+   * List outstanding user-export requests
+   * @description List outstanding user-export requests
+   */
+  userExportList: {
+    parameters: {
+      query?: {
+        /**
+         * @description Max number of items to return per page.
+         *
+         * If the actual number of returned items may be less that this, even if there exist more
+         * data in the result set. To reliably determine if more data is left in the result set,
+         * inspect the [UnencryptedLastEvalKey] value in the response object.
+         */
+        "page.size"?: number;
+        /**
+         * @description The start of the page.  Omit to start from the beginning; otherwise, only specify a
+         * the exact value previously returned as 'last_evaluated_key' from the same endpoint.
+         */
+        "page.start"?: components["schemas"]["LastEvalKey"] | null;
+        /**
+         * @description If provided, the user-id whose user-export requests to list. Defaults to the
+         * current user.  Only the org owner may list requests for another user.
+         * @example User#806c9544-f1fa-4bad-8d4d-1097a1844726
+         */
+        user_id?: string | null;
+        /**
+         * @description If provided, the key-id for which to list an existing user-export request.
+         * @example Key#0x3c4d90Cc5Af1644C3A3B013Baa5488997381D7C8
+         */
+        key_id?: string | null;
+      };
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+      };
+    };
+    responses: {
+      200: components["responses"]["PaginatedUserExportListResponse"];
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
+  /**
+   * Initiate a user-export request
+   * @description Initiate a user-export request
+   *
+   * This starts a delay (whose length is determined by Org-wide settings)
+   * before export can be completed, and returns a ticket that can be used
+   * to complete the export once the timer has expired.
+   *
+   * Only one user-export request can be active for a given key. If there
+   * is already an active export, this endpoint will return an error. To
+   * create a new request, first delete the existing one.
+   */
+  userExportInit: {
+    parameters: {
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["UserExportInitRequest"];
+      };
+    };
+    responses: {
+      200: components["responses"]["UserExportInitResponse"];
+      202: {
+        content: {
+          "application/json": components["schemas"]["AcceptedResponse"];
+        };
+      };
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
+  /**
+   * Delete an existing user-export request
+   * @description Delete an existing user-export request
+   */
+  userExportDelete: {
+    parameters: {
+      query: {
+        /**
+         * @description The key-id whose export request should be deleted
+         * @example Key#0x3c4d90Cc5Af1644C3A3B013Baa5488997381D7C8
+         */
+        key_id: string;
+        /**
+         * @description The user-id who owns this request. If omitted, defaults to the current user.
+         * Only the org owner may delete user-export requests for another user.
+         * @example User#806c9544-f1fa-4bad-8d4d-1097a1844726
+         */
+        user_id?: string | null;
+      };
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+      };
+    };
+    responses: {
+      200: components["responses"]["EmptyImpl"];
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
+  /**
+   * Complete a user-export request
+   * @description Complete a user-export request
+   *
+   * This endpoint can be called only after initiating a user-export request via
+   * the `user_export_init` API, and only within the subsequent export window
+   * (i.e., after the export delay has passed and before the request has expired).
+   *
+   * To check on the status of an export request, see the `user_export_list` API.
+   */
+  userExportComplete: {
+    parameters: {
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["UserExportCompleteRequest"];
+      };
+    };
+    responses: {
+      200: components["responses"]["UserExportCompleteResponse"];
+      202: {
+        content: {
+          "application/json": components["schemas"]["AcceptedResponse"];
+        };
+      };
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
   /**
    * Initiate registration of a FIDO key
    * @description Initiate registration of a FIDO key
@@ -4831,9 +5407,9 @@ export interface operations {
         org_id: string;
       };
     };
-    requestBody: {
+    requestBody?: {
       content: {
-        "application/json": components["schemas"]["Empty"];
+        "application/json": components["schemas"]["TotpResetRequest"] | null;
       };
     };
     responses: {
@@ -5054,9 +5630,9 @@ export interface operations {
    * otherwise, MFA is required.
    */
   resetTotpInitLegacy: {
-    requestBody: {
+    requestBody?: {
       content: {
-        "application/json": components["schemas"]["Empty"];
+        "application/json": components["schemas"]["TotpResetRequest"] | null;
       };
     };
     responses: {