@cubist-labs/cubesigner-sdk 0.3.23 → 0.3.25

package/dist/esm/src/schema_types.d.ts

@@ -29,7 +29,7 @@ export type MemberRole = schemas["MemberRole"];
 export type SchemaKeyType = schemas["KeyType"];
 export type ListKeysResponse = schemas["PaginatedListKeysResponse"];
 export type UpdateKeyRequest = schemas["UpdateKeyRequest"];
-export type UpdateKeyProperties = schemas["UpdateKeyProperties"];
+export type KeyProperties = schemas["CreateAndUpdateKeyProperties"];
 export type CreateKeyRequest = schemas["CreateKeyRequest"];
 export type KeyInfoApi = schemas["KeyInfo"];
 export type KeyInRoleInfo = schemas["KeyInRoleInfo"];
@@ -83,6 +83,8 @@ export type UserExportKeyMaterial = schemas["JsonKeyPackage"];
 export type Empty = schemas["EmptyImpl"];
 /** Options for a new OIDC user */
 export interface CreateOidcUserOptions {
+    /** Optional name */
+    name?: string | null;
     /** The role of an OIDC user, default is "Alien" */
     memberRole?: MemberRole;
     /** Optional MFA policy to associate with the user account */

package/dist/esm/src/schema_types.js

@@ -1,2 +1,2 @@
 export {};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2NoZW1hX3R5cGVzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3NjaGVtYV90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgTWZhUG9saWN5IH0gZnJvbSBcIi4vcm9sZVwiO1xuaW1wb3J0IHsgY29tcG9uZW50cyB9IGZyb20gXCIuL3NjaGVtYVwiO1xuaW1wb3J0IHsgSnNvbk1hcCB9IGZyb20gXCIuL3V0aWxcIjtcblxudHlwZSBzY2hlbWFzID0gY29tcG9uZW50c1tcInNjaGVtYXNcIl07XG5cbmV4cG9ydCB0eXBlIFVzZXJJbmZvID0gc2NoZW1hc1tcIlVzZXJJbmZvXCJdO1xuZXhwb3J0IHR5cGUgVXNlckluT3JnTWVtYmVyc2hpcCA9IHNjaGVtYXNbXCJVc2VySW5PcmdNZW1iZXJzaGlwXCJdO1xuZXhwb3J0IHR5cGUgQ29uZmlndXJlZE1mYSA9IHNjaGVtYXNbXCJDb25maWd1cmVkTWZhXCJdO1xuZXhwb3J0IHR5cGUgUmF0Y2hldENvbmZpZyA9IHNjaGVtYXNbXCJSYXRjaGV0Q29uZmlnXCJdO1xuZXhwb3J0IHR5cGUgSWRlbnRpdHlQcm9vZiA9IHNjaGVtYXNbXCJJZGVudGl0eVByb29mXCJdO1xuZXhwb3J0IHR5cGUgVG90cEluZm8gPSBzY2hlbWFzW1wiVG90cEluZm9cIl07XG5cbmV4cG9ydCB0eXBlIE9pZGNBdXRoUmVzcG9uc2UgPSBzY2hlbWFzW1wiTmV3U2Vzc2lvblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQXBpQWRkRmlkb0NoYWxsZW5nZSA9IHNjaGVtYXNbXCJGaWRvQ3JlYXRlQ2hhbGxlbmdlUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBBcGlNZmFGaWRvQ2hhbGxlbmdlID0gc2NoZW1hc1tcIkZpZG9Bc3NlcnRDaGFsbGVuZ2VcIl07XG5cbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxDcmVhdGlvbk9wdGlvbnMgPSBzY2hlbWFzW1wiUHVibGljS2V5Q3JlZGVudGlhbENyZWF0aW9uT3B0aW9uc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxSZXF1ZXN0T3B0aW9ucyA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsUmVxdWVzdE9wdGlvbnNcIl07XG5leHBvcnQgdHlwZSBQdWJsaWNLZXlDcmVkZW50aWFsUGFyYW1ldGVycyA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsUGFyYW1ldGVyc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlwdG9yID0gc2NoZW1hc1tcIlB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlwdG9yXCJdO1xuZXhwb3J0IHR5cGUgQXV0aGVudGljYXRvclNlbGVjdGlvbkNyaXRlcmlhID0gc2NoZW1hc1tcIkF1dGhlbnRpY2F0b3JTZWxlY3Rpb25Dcml0ZXJpYVwiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxVc2VyRW50aXR5ID0gc2NoZW1hc1tcIlB1YmxpY0tleUNyZWRlbnRpYWxVc2VyRW50aXR5XCJdO1xuZXhwb3J0IHR5cGUgUHVibGljS2V5Q3JlZGVudGlhbCA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsXCJdO1xuXG5leHBvcnQgdHlwZSBPcmdJbmZvID0gc2NoZW1hc1tcIk9yZ0luZm9cIl07XG5leHBvcnQgdHlwZSBVc2VySW5PcmdJbmZvID0gc2NoZW1hc1tcIlVzZXJJbk9yZ0luZm9cIl07XG5leHBvcnQgdHlwZSBVcGRhdGVPcmdSZXF1ZXN0ID0gc2NoZW1hc1tcIlVwZGF0ZU9yZ1JlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBVcGRhdGVPcmdSZXNwb25zZSA9IHNjaGVtYXNbXCJVcGRhdGVPcmdSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIE5vdGlmaWNhdGlvbkVuZHBvaW50Q29uZmlndXJhdGlvbiA9IHNjaGVtYXNbXCJOb3RpZmljYXRpb25FbmRwb2ludENvbmZpZ3VyYXRpb25cIl07XG5leHBvcnQgdHlwZSBPcmdFdmVudHMgPSBzY2hlbWFzW1wiT3JnRXZlbnREaXNjcmltaW5hbnRzXCJdO1xuXG5leHBvcnQgdHlwZSBPaWRjSWRlbnRpdHkgPSBzY2hlbWFzW1wiT0lEQ0lkZW50aXR5XCJdO1xuZXhwb3J0IHR5cGUgTWVtYmVyUm9sZSA9IHNjaGVtYXNbXCJNZW1iZXJSb2xlXCJdO1xuXG5leHBvcnQgdHlwZSBTY2hlbWFLZXlUeXBlID0gc2NoZW1hc1tcIktleVR5cGVcIl07XG5cbmV4cG9ydCB0eXBlIExpc3RLZXlzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdEtleXNSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFVwZGF0ZUtleVJlcXVlc3QgPSBzY2hlbWFzW1wiVXBkYXRlS2V5UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFVwZGF0ZUtleVByb3BlcnRpZXMgPSBzY2hlbWFzW1wiVXBkYXRlS2V5UHJvcGVydGllc1wiXTtcbmV4cG9ydCB0eXBlIENyZWF0ZUtleVJlcXVlc3QgPSBzY2hlbWFzW1wiQ3JlYXRlS2V5UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEtleUluZm9BcGkgPSBzY2hlbWFzW1wiS2V5SW5mb1wiXTtcbmV4cG9ydCB0eXBlIEtleUluUm9sZUluZm8gPSBzY2hlbWFzW1wiS2V5SW5Sb2xlSW5mb1wiXTtcbmV4cG9ydCB0eXBlIFVzZXJJblJvbGVJbmZvID0gc2NoZW1hc1tcIlVzZXJJblJvbGVJbmZvXCJdO1xuZXhwb3J0IHR5cGUgS2V5VHlwZUFwaSA9IHNjaGVtYXNbXCJLZXlUeXBlXCJdO1xuXG5leHBvcnQgdHlwZSBMaXN0S2V5Um9sZXNSZXNwb25zZSA9IHNjaGVtYXNbXCJQYWdpbmF0ZWRMaXN0S2V5Um9sZXNSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIExpc3RSb2xlc1Jlc3BvbnNlID0gc2NoZW1hc1tcIlBhZ2luYXRlZExpc3RSb2xlc1Jlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgTGlzdFJvbGVLZXlzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdFJvbGVLZXlzUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBMaXN0Um9sZVVzZXJzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdFJvbGVVc2Vyc1Jlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXBkYXRlUm9sZVJlcXVlc3QgPSBzY2hlbWFzW1wiVXBkYXRlUm9sZVJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBLZXlXaXRoUG9saWNpZXNJbmZvID0gc2NoZW1hc1tcIktleUluUm9sZUluZm9cIl07XG5leHBvcnQgdHlwZSBSb2xlSW5mbyA9IHNjaGVtYXNbXCJSb2xlSW5mb1wiXTtcblxuZXhwb3J0IHR5cGUgU2Vzc2lvbkluZm8gPSBzY2hlbWFzW1wiU2Vzc2lvbkluZm9cIl07XG5leHBvcnQgdHlwZSBDbGllbnRTZXNzaW9uSW5mbyA9IHNjaGVtYXNbXCJDbGllbnRTZXNzaW9uSW5mb1wiXTtcbmV4cG9ydCB0eXBlIE5ld1Nlc3Npb25SZXNwb25zZSA9IHNjaGVtYXNbXCJOZXdTZXNzaW9uUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBTZXNzaW9uc1Jlc3BvbnNlID0gc2NoZW1hc1tcIlBhZ2luYXRlZFNlc3Npb25zUmVzcG9uc2VcIl07XG5cbmV4cG9ydCB0eXBlIENyZWF0ZVNpZ25lclNlc3Npb25SZXF1ZXN0ID0gc2NoZW1hc1tcIkNyZWF0ZVRva2VuUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFJlZnJlc2hTaWduZXJTZXNzaW9uUmVxdWVzdCA9IHNjaGVtYXNbXCJBdXRoRGF0YVwiXTtcblxuZXhwb3J0IHR5cGUgRXZtU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiRXRoMVNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXZtU2lnblJlc3BvbnNlID0gc2NoZW1hc1tcIkV0aDFTaWduUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFaXAxOTFTaWduUmVxdWVzdCA9IHNjaGVtYXNbXCJFaXAxOTFTaWduUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEVpcDcxMlNpZ25SZXF1ZXN0ID0gc2NoZW1hc1tcIkVpcDcxMlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRWlwMTkxT3I3MTJTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiRWlwMTkxT3I3MTJTaWduUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFdGgyU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiRXRoMlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXRoMlNpZ25SZXNwb25zZSA9IHNjaGVtYXNbXCJFdGgyU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgRXRoMlN0YWtlUmVxdWVzdCA9IHNjaGVtYXNbXCJTdGFrZVJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBFdGgyU3Rha2VSZXNwb25zZSA9IHNjaGVtYXNbXCJTdGFrZVJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgRXRoMlVuc3Rha2VSZXF1ZXN0ID0gc2NoZW1hc1tcIlVuc3Rha2VSZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXRoMlVuc3Rha2VSZXNwb25zZSA9IHNjaGVtYXNbXCJVbnN0YWtlUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBCbG9iU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQmxvYlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgQmxvYlNpZ25SZXNwb25zZSA9IHNjaGVtYXNbXCJCbG9iU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQnRjU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQnRjU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBCdGNTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiQnRjU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgU29sYW5hU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiU29sYW5hU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBTb2xhbmFTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiU29sYW5hU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQXZhU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQXZhU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBBdmFTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiQXZhU2lnblJlc3BvbnNlXCJdO1xuXG5leHBvcnQgdHlwZSBBY2NlcHRlZFJlc3BvbnNlID0gc2NoZW1hc1tcIkFjY2VwdGVkUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFcnJvclJlc3BvbnNlID0gc2NoZW1hc1tcIkVycm9yUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBCdGNTaWduYXR1cmVLaW5kID0gc2NoZW1hc1tcIkJ0Y1NpZ25hdHVyZUtpbmRcIl07XG5leHBvcnQgdHlwZSBDc0VyckNvZGUgPSBzY2hlbWFzW1wiU2lnbmVyRXJyb3JDb2RlXCJdO1xuXG5leHBvcnQgdHlwZSBNZmFUeXBlID0gc2NoZW1hc1tcIk1mYVR5cGVcIl07XG5leHBvcnQgdHlwZSBNZmFWb3RlID0gc2NoZW1hc1tcIk1mYVZvdGVcIl07XG5leHBvcnQgdHlwZSBNZmFSZXF1ZXN0SW5mbyA9IHNjaGVtYXNbXCJNZmFSZXF1ZXN0SW5mb1wiXTtcblxuZXhwb3J0IHR5cGUgVXNlckV4cG9ydEluaXRSZXF1ZXN0ID0gc2NoZW1hc1tcIlVzZXJFeHBvcnRJbml0UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRJbml0UmVzcG9uc2UgPSBzY2hlbWFzW1wiVXNlckV4cG9ydEluaXRSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRDb21wbGV0ZVJlcXVlc3QgPSBzY2hlbWFzW1wiVXNlckV4cG9ydENvbXBsZXRlUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRDb21wbGV0ZVJlc3BvbnNlID0gc2NoZW1hc1tcIlVzZXJFeHBvcnRDb21wbGV0ZVJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXNlckV4cG9ydExpc3RSZXNwb25zZSA9IHNjaGVtYXNbXCJQYWdpbmF0ZWRVc2VyRXhwb3J0TGlzdFJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXNlckV4cG9ydEtleU1hdGVyaWFsID0gc2NoZW1hc1tcIkpzb25LZXlQYWNrYWdlXCJdO1xuXG5leHBvcnQgdHlwZSBFbXB0eSA9IHNjaGVtYXNbXCJFbXB0eUltcGxcIl07XG5cbi8qKiBPcHRpb25zIGZvciBhIG5ldyBPSURDIHVzZXIgKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ3JlYXRlT2lkY1VzZXJPcHRpb25zIHtcbiAgLyoqIFRoZSByb2xlIG9mIGFuIE9JREMgdXNlciwgZGVmYXVsdCBpcyBcIkFsaWVuXCIgKi9cbiAgbWVtYmVyUm9sZT86IE1lbWJlclJvbGU7XG4gIC8qKiBPcHRpb25hbCBNRkEgcG9saWN5IHRvIGFzc29jaWF0ZSB3aXRoIHRoZSB1c2VyIGFjY291bnQgKi9cbiAgbWZhUG9saWN5PzogTWZhUG9saWN5O1xufVxuXG4vKiogQXZhIFAtIG9yIFgtY2hhaW4gdHJhbnNhY3Rpb24gKi9cbmV4cG9ydCB0eXBlIEF2YVR4ID0geyBQOiBBdmFQQ2hhaW5UeCB9IHwgeyBYOiBBdmFYQ2hhaW5UeCB9O1xuXG4vKiogQXZhIFAtY2hhaW4gdHJhbnNhY3Rpb24gKi9cbmV4cG9ydCB0eXBlIEF2YVBDaGFpblR4ID1cbiAgfCB7IEFkZFBlcm1pc3Npb25sZXNzVmFsaWRhdG9yOiBKc29uTWFwIH1cbiAgfCB7IEFkZFN1Ym5ldFZhbGlkYXRvcjogSnNvbk1hcCB9XG4gIHwgeyBBZGRWYWxpZGF0b3I6IEpzb25NYXAgfVxuICB8IHsgQ3JlYXRlQ2hhaW46IEpzb25NYXAgfVxuICB8IHsgQ3JlYXRlU3VibmV0OiBKc29uTWFwIH1cbiAgfCB7IEV4cG9ydDogSnNvbk1hcCB9XG4gIHwgeyBJbXBvcnQ6IEpzb25NYXAgfTtcblxuLyoqIEF2YSBYLWNoYWluIHRyYW5zYWN0aW9uICovXG5leHBvcnQgdHlwZSBBdmFYQ2hhaW5UeCA9IHsgQmFzZTogSnNvbk1hcCB9IHwgeyBFeHBvcnQ6IEpzb25NYXAgfSB8IHsgSW1wb3J0OiBKc29uTWFwIH07XG4iXX0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2NoZW1hX3R5cGVzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3NjaGVtYV90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgTWZhUG9saWN5IH0gZnJvbSBcIi4vcm9sZVwiO1xuaW1wb3J0IHsgY29tcG9uZW50cyB9IGZyb20gXCIuL3NjaGVtYVwiO1xuaW1wb3J0IHsgSnNvbk1hcCB9IGZyb20gXCIuL3V0aWxcIjtcblxudHlwZSBzY2hlbWFzID0gY29tcG9uZW50c1tcInNjaGVtYXNcIl07XG5cbmV4cG9ydCB0eXBlIFVzZXJJbmZvID0gc2NoZW1hc1tcIlVzZXJJbmZvXCJdO1xuZXhwb3J0IHR5cGUgVXNlckluT3JnTWVtYmVyc2hpcCA9IHNjaGVtYXNbXCJVc2VySW5PcmdNZW1iZXJzaGlwXCJdO1xuZXhwb3J0IHR5cGUgQ29uZmlndXJlZE1mYSA9IHNjaGVtYXNbXCJDb25maWd1cmVkTWZhXCJdO1xuZXhwb3J0IHR5cGUgUmF0Y2hldENvbmZpZyA9IHNjaGVtYXNbXCJSYXRjaGV0Q29uZmlnXCJdO1xuZXhwb3J0IHR5cGUgSWRlbnRpdHlQcm9vZiA9IHNjaGVtYXNbXCJJZGVudGl0eVByb29mXCJdO1xuZXhwb3J0IHR5cGUgVG90cEluZm8gPSBzY2hlbWFzW1wiVG90cEluZm9cIl07XG5cbmV4cG9ydCB0eXBlIE9pZGNBdXRoUmVzcG9uc2UgPSBzY2hlbWFzW1wiTmV3U2Vzc2lvblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQXBpQWRkRmlkb0NoYWxsZW5nZSA9IHNjaGVtYXNbXCJGaWRvQ3JlYXRlQ2hhbGxlbmdlUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBBcGlNZmFGaWRvQ2hhbGxlbmdlID0gc2NoZW1hc1tcIkZpZG9Bc3NlcnRDaGFsbGVuZ2VcIl07XG5cbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxDcmVhdGlvbk9wdGlvbnMgPSBzY2hlbWFzW1wiUHVibGljS2V5Q3JlZGVudGlhbENyZWF0aW9uT3B0aW9uc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxSZXF1ZXN0T3B0aW9ucyA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsUmVxdWVzdE9wdGlvbnNcIl07XG5leHBvcnQgdHlwZSBQdWJsaWNLZXlDcmVkZW50aWFsUGFyYW1ldGVycyA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsUGFyYW1ldGVyc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlwdG9yID0gc2NoZW1hc1tcIlB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlwdG9yXCJdO1xuZXhwb3J0IHR5cGUgQXV0aGVudGljYXRvclNlbGVjdGlvbkNyaXRlcmlhID0gc2NoZW1hc1tcIkF1dGhlbnRpY2F0b3JTZWxlY3Rpb25Dcml0ZXJpYVwiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxVc2VyRW50aXR5ID0gc2NoZW1hc1tcIlB1YmxpY0tleUNyZWRlbnRpYWxVc2VyRW50aXR5XCJdO1xuZXhwb3J0IHR5cGUgUHVibGljS2V5Q3JlZGVudGlhbCA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsXCJdO1xuXG5leHBvcnQgdHlwZSBPcmdJbmZvID0gc2NoZW1hc1tcIk9yZ0luZm9cIl07XG5leHBvcnQgdHlwZSBVc2VySW5PcmdJbmZvID0gc2NoZW1hc1tcIlVzZXJJbk9yZ0luZm9cIl07XG5leHBvcnQgdHlwZSBVcGRhdGVPcmdSZXF1ZXN0ID0gc2NoZW1hc1tcIlVwZGF0ZU9yZ1JlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBVcGRhdGVPcmdSZXNwb25zZSA9IHNjaGVtYXNbXCJVcGRhdGVPcmdSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIE5vdGlmaWNhdGlvbkVuZHBvaW50Q29uZmlndXJhdGlvbiA9IHNjaGVtYXNbXCJOb3RpZmljYXRpb25FbmRwb2ludENvbmZpZ3VyYXRpb25cIl07XG5leHBvcnQgdHlwZSBPcmdFdmVudHMgPSBzY2hlbWFzW1wiT3JnRXZlbnREaXNjcmltaW5hbnRzXCJdO1xuXG5leHBvcnQgdHlwZSBPaWRjSWRlbnRpdHkgPSBzY2hlbWFzW1wiT0lEQ0lkZW50aXR5XCJdO1xuZXhwb3J0IHR5cGUgTWVtYmVyUm9sZSA9IHNjaGVtYXNbXCJNZW1iZXJSb2xlXCJdO1xuXG5leHBvcnQgdHlwZSBTY2hlbWFLZXlUeXBlID0gc2NoZW1hc1tcIktleVR5cGVcIl07XG5cbmV4cG9ydCB0eXBlIExpc3RLZXlzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdEtleXNSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFVwZGF0ZUtleVJlcXVlc3QgPSBzY2hlbWFzW1wiVXBkYXRlS2V5UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEtleVByb3BlcnRpZXMgPSBzY2hlbWFzW1wiQ3JlYXRlQW5kVXBkYXRlS2V5UHJvcGVydGllc1wiXTtcbmV4cG9ydCB0eXBlIENyZWF0ZUtleVJlcXVlc3QgPSBzY2hlbWFzW1wiQ3JlYXRlS2V5UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEtleUluZm9BcGkgPSBzY2hlbWFzW1wiS2V5SW5mb1wiXTtcbmV4cG9ydCB0eXBlIEtleUluUm9sZUluZm8gPSBzY2hlbWFzW1wiS2V5SW5Sb2xlSW5mb1wiXTtcbmV4cG9ydCB0eXBlIFVzZXJJblJvbGVJbmZvID0gc2NoZW1hc1tcIlVzZXJJblJvbGVJbmZvXCJdO1xuZXhwb3J0IHR5cGUgS2V5VHlwZUFwaSA9IHNjaGVtYXNbXCJLZXlUeXBlXCJdO1xuXG5leHBvcnQgdHlwZSBMaXN0S2V5Um9sZXNSZXNwb25zZSA9IHNjaGVtYXNbXCJQYWdpbmF0ZWRMaXN0S2V5Um9sZXNSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIExpc3RSb2xlc1Jlc3BvbnNlID0gc2NoZW1hc1tcIlBhZ2luYXRlZExpc3RSb2xlc1Jlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgTGlzdFJvbGVLZXlzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdFJvbGVLZXlzUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBMaXN0Um9sZVVzZXJzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdFJvbGVVc2Vyc1Jlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXBkYXRlUm9sZVJlcXVlc3QgPSBzY2hlbWFzW1wiVXBkYXRlUm9sZVJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBLZXlXaXRoUG9saWNpZXNJbmZvID0gc2NoZW1hc1tcIktleUluUm9sZUluZm9cIl07XG5leHBvcnQgdHlwZSBSb2xlSW5mbyA9IHNjaGVtYXNbXCJSb2xlSW5mb1wiXTtcblxuZXhwb3J0IHR5cGUgU2Vzc2lvbkluZm8gPSBzY2hlbWFzW1wiU2Vzc2lvbkluZm9cIl07XG5leHBvcnQgdHlwZSBDbGllbnRTZXNzaW9uSW5mbyA9IHNjaGVtYXNbXCJDbGllbnRTZXNzaW9uSW5mb1wiXTtcbmV4cG9ydCB0eXBlIE5ld1Nlc3Npb25SZXNwb25zZSA9IHNjaGVtYXNbXCJOZXdTZXNzaW9uUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBTZXNzaW9uc1Jlc3BvbnNlID0gc2NoZW1hc1tcIlBhZ2luYXRlZFNlc3Npb25zUmVzcG9uc2VcIl07XG5cbmV4cG9ydCB0eXBlIENyZWF0ZVNpZ25lclNlc3Npb25SZXF1ZXN0ID0gc2NoZW1hc1tcIkNyZWF0ZVRva2VuUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFJlZnJlc2hTaWduZXJTZXNzaW9uUmVxdWVzdCA9IHNjaGVtYXNbXCJBdXRoRGF0YVwiXTtcblxuZXhwb3J0IHR5cGUgRXZtU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiRXRoMVNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXZtU2lnblJlc3BvbnNlID0gc2NoZW1hc1tcIkV0aDFTaWduUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFaXAxOTFTaWduUmVxdWVzdCA9IHNjaGVtYXNbXCJFaXAxOTFTaWduUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEVpcDcxMlNpZ25SZXF1ZXN0ID0gc2NoZW1hc1tcIkVpcDcxMlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRWlwMTkxT3I3MTJTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiRWlwMTkxT3I3MTJTaWduUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFdGgyU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiRXRoMlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXRoMlNpZ25SZXNwb25zZSA9IHNjaGVtYXNbXCJFdGgyU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgRXRoMlN0YWtlUmVxdWVzdCA9IHNjaGVtYXNbXCJTdGFrZVJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBFdGgyU3Rha2VSZXNwb25zZSA9IHNjaGVtYXNbXCJTdGFrZVJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgRXRoMlVuc3Rha2VSZXF1ZXN0ID0gc2NoZW1hc1tcIlVuc3Rha2VSZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXRoMlVuc3Rha2VSZXNwb25zZSA9IHNjaGVtYXNbXCJVbnN0YWtlUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBCbG9iU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQmxvYlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgQmxvYlNpZ25SZXNwb25zZSA9IHNjaGVtYXNbXCJCbG9iU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQnRjU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQnRjU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBCdGNTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiQnRjU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgU29sYW5hU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiU29sYW5hU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBTb2xhbmFTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiU29sYW5hU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQXZhU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQXZhU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBBdmFTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiQXZhU2lnblJlc3BvbnNlXCJdO1xuXG5leHBvcnQgdHlwZSBBY2NlcHRlZFJlc3BvbnNlID0gc2NoZW1hc1tcIkFjY2VwdGVkUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFcnJvclJlc3BvbnNlID0gc2NoZW1hc1tcIkVycm9yUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBCdGNTaWduYXR1cmVLaW5kID0gc2NoZW1hc1tcIkJ0Y1NpZ25hdHVyZUtpbmRcIl07XG5leHBvcnQgdHlwZSBDc0VyckNvZGUgPSBzY2hlbWFzW1wiU2lnbmVyRXJyb3JDb2RlXCJdO1xuXG5leHBvcnQgdHlwZSBNZmFUeXBlID0gc2NoZW1hc1tcIk1mYVR5cGVcIl07XG5leHBvcnQgdHlwZSBNZmFWb3RlID0gc2NoZW1hc1tcIk1mYVZvdGVcIl07XG5leHBvcnQgdHlwZSBNZmFSZXF1ZXN0SW5mbyA9IHNjaGVtYXNbXCJNZmFSZXF1ZXN0SW5mb1wiXTtcblxuZXhwb3J0IHR5cGUgVXNlckV4cG9ydEluaXRSZXF1ZXN0ID0gc2NoZW1hc1tcIlVzZXJFeHBvcnRJbml0UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRJbml0UmVzcG9uc2UgPSBzY2hlbWFzW1wiVXNlckV4cG9ydEluaXRSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRDb21wbGV0ZVJlcXVlc3QgPSBzY2hlbWFzW1wiVXNlckV4cG9ydENvbXBsZXRlUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRDb21wbGV0ZVJlc3BvbnNlID0gc2NoZW1hc1tcIlVzZXJFeHBvcnRDb21wbGV0ZVJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXNlckV4cG9ydExpc3RSZXNwb25zZSA9IHNjaGVtYXNbXCJQYWdpbmF0ZWRVc2VyRXhwb3J0TGlzdFJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXNlckV4cG9ydEtleU1hdGVyaWFsID0gc2NoZW1hc1tcIkpzb25LZXlQYWNrYWdlXCJdO1xuXG5leHBvcnQgdHlwZSBFbXB0eSA9IHNjaGVtYXNbXCJFbXB0eUltcGxcIl07XG5cbi8qKiBPcHRpb25zIGZvciBhIG5ldyBPSURDIHVzZXIgKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ3JlYXRlT2lkY1VzZXJPcHRpb25zIHtcbiAgLyoqIE9wdGlvbmFsIG5hbWUgKi9cbiAgbmFtZT86IHN0cmluZyB8IG51bGw7XG4gIC8qKiBUaGUgcm9sZSBvZiBhbiBPSURDIHVzZXIsIGRlZmF1bHQgaXMgXCJBbGllblwiICovXG4gIG1lbWJlclJvbGU/OiBNZW1iZXJSb2xlO1xuICAvKiogT3B0aW9uYWwgTUZBIHBvbGljeSB0byBhc3NvY2lhdGUgd2l0aCB0aGUgdXNlciBhY2NvdW50ICovXG4gIG1mYVBvbGljeT86IE1mYVBvbGljeTtcbn1cblxuLyoqIEF2YSBQLSBvciBYLWNoYWluIHRyYW5zYWN0aW9uICovXG5leHBvcnQgdHlwZSBBdmFUeCA9IHsgUDogQXZhUENoYWluVHggfSB8IHsgWDogQXZhWENoYWluVHggfTtcblxuLyoqIEF2YSBQLWNoYWluIHRyYW5zYWN0aW9uICovXG5leHBvcnQgdHlwZSBBdmFQQ2hhaW5UeCA9XG4gIHwgeyBBZGRQZXJtaXNzaW9ubGVzc1ZhbGlkYXRvcjogSnNvbk1hcCB9XG4gIHwgeyBBZGRTdWJuZXRWYWxpZGF0b3I6IEpzb25NYXAgfVxuICB8IHsgQWRkVmFsaWRhdG9yOiBKc29uTWFwIH1cbiAgfCB7IENyZWF0ZUNoYWluOiBKc29uTWFwIH1cbiAgfCB7IENyZWF0ZVN1Ym5ldDogSnNvbk1hcCB9XG4gIHwgeyBFeHBvcnQ6IEpzb25NYXAgfVxuICB8IHsgSW1wb3J0OiBKc29uTWFwIH07XG5cbi8qKiBBdmEgWC1jaGFpbiB0cmFuc2FjdGlvbiAqL1xuZXhwb3J0IHR5cGUgQXZhWENoYWluVHggPSB7IEJhc2U6IEpzb25NYXAgfSB8IHsgRXhwb3J0OiBKc29uTWFwIH0gfCB7IEltcG9ydDogSnNvbk1hcCB9O1xuIl19

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cubist-labs/cubesigner-sdk",
-  "version": "0.3.23",
+  "version": "0.3.25",
   "description": "CubeSigner TypeScript SDK",
   "license": "MIT OR Apache-2.0",
   "author": "Cubist, Inc.",

package/src/api.ts

@@ -74,7 +74,7 @@ import { KeyPolicy } from "./role";
 import { EnvInterface } from "./env";
 import { loadSubtleCrypto } from "./user_export";
 import { EventEmitter } from "./events";
-import { NAME, UpdateKeyProperties, VERSION } from "./index";
+import { NAME, KeyProperties, VERSION } from "./index";
 
 /** @internal */
 export type Client = ReturnType<typeof createClient<paths>>;
@@ -610,7 +610,7 @@ export class CubeSignerApi {
    */
   async orgUserCreateOidc(
     identity: OidcIdentity,
-    email: string,
+    email?: string | null,
     opts: CreateOidcUserOptions = {},
   ): Promise<string> {
     const client = await this.client("createOidcUser");
@@ -619,8 +619,9 @@ export class CubeSignerApi {
       body: {
         identity,
         role: opts.memberRole ?? "Alien",
-        email: email,
-        mfa_policy: opts.mfaPolicy ?? null,
+        email,
+        name: opts.name,
+        mfa_policy: opts.mfaPolicy,
       },
     });
     return data.user_id;
@@ -712,14 +713,14 @@ export class CubeSignerApi {
    * @param {KeyType} keyType The type of key to create.
    * @param {number} count The number of keys to create.
    * @param {string?} ownerId The owner of the keys. Defaults to the session's user.
-   * @param {UpdateKeyProperties?} props Additional key properties
+   * @param {KeyProperties?} props Additional key properties
    * @return {KeyInfoApi[]} The new keys.
    */
   async keysCreate(
     keyType: KeyType,
     count: number,
     ownerId?: string,
-    props?: UpdateKeyProperties,
+    props?: KeyProperties,
   ): Promise<KeyInfoApi[]> {
     const chain_id = 0; // not used anymore
     const client = await this.client("createKey");

package/src/client.ts

@@ -6,7 +6,7 @@ import {
   OrgInfo,
   PublicKeyCredential,
   RatchetConfig,
-  UpdateKeyProperties,
+  KeyProperties,
 } from "./schema_types";
 import { MfaReceipt } from "./mfa";
 import { PageOpts } from "./paginator";
@@ -74,10 +74,10 @@ export class CubeSignerClient extends CubeSignerApi {
    * Create a new signing key.
    * @param {KeyType} type The type of key to create.
    * @param {string?} ownerId The owner of the key. Defaults to the session's user.
-   * @param {UpdateKeyProperties?} props Additional key properties
+   * @param {KeyProperties?} props Additional key properties
    * @return {Key[]} The new keys.
    */
-  async createKey(type: KeyType, ownerId?: string, props?: UpdateKeyProperties): Promise<Key> {
+  async createKey(type: KeyType, ownerId?: string, props?: KeyProperties): Promise<Key> {
     const keys = await this.keysCreate(type, 1, ownerId, props);
     return new Key(this, keys[0]);
   }

package/src/index.ts

@@ -298,8 +298,6 @@ export * from "./role";
 export * from "./env";
 /** Fido */
 export * from "./mfa";
-/** Utils for processing org events */
-export * from "./org_event_processor";
 /** Pagination */
 export * from "./paginator";
 /** Response */

package/src/org.ts

@@ -14,7 +14,29 @@ export type OrgPolicy =
   | SourceIpAllowlistPolicy
   | OidcAuthSourcesPolicy
   | OriginAllowlistPolicy
-  | MaxDailyUnstakePolicy;
+  | MaxDailyUnstakePolicy
+  | WebAuthnRelyingPartiesPolicy
+  | ExclusiveKeyAccessPolicy;
+
+/**
+ * Whether to enforce exclusive access to keys.  Concretely,
+ * - if "LimitToKeyOwner" is set, only key owners are permitted to access
+ *   their keys for signing: a user session (not a role session) is required
+ *   for signing, and adding a key to a role is not permitted.
+ * - if "LimitToSingleRole" is set, each key is permitted to be in at most
+ *   one role, and signing is only allowed when authenticating using a role session token.
+ */
+export interface ExclusiveKeyAccessPolicy {
+  ExclusiveKeyAccess: "LimitToKeyOwner" | "LimitToSingleRole";
+}
+
+/**
+ * The set of relying parties to allow for webauthn registration
+ * These correspond to domains from which browsers can successfully create credentials.
+ */
+export interface WebAuthnRelyingPartiesPolicy {
+  WebAuthnRelyingParties: { id?: string; name: string }[];
+}
 
 /**
  * Provides an allowlist of OIDC Issuers and audiences that are allowed to authenticate into this org.

package/src/role.ts

@@ -142,12 +142,13 @@ type KeyDenyPolicy = TxReceiver | TxDeposit | SourceIpAllowlist | RequireMfa;
  *   }
  * ]
  */
-export type KeyPolicy = (
+export type KeyPolicy = KeyPolicyRule[];
+
+export type KeyPolicyRule =
   | KeyDenyPolicy
   | AllowRawBlobSigning
   | AllowEip191Signing
-  | AllowEip712Signing
-)[];
+  | AllowEip712Signing;
 
 /** Role policy */
 export type RolePolicy = KeyDenyPolicy[];

package/src/schema.ts

@@ -835,10 +835,10 @@ export interface components {
     };
     AddThirdPartyUserRequest: {
       /**
-       * @description User email
+       * @description Optional user email
        * @example alice@example.com
        */
-      email: string;
+      email?: string | null;
       identity: components["schemas"]["OIDCIdentity"];
       /** @description Optional login MFA policy */
       mfa_policy?: unknown;
@@ -1205,6 +1205,31 @@ export interface components {
           /** @enum {string} */
           type: "fido";
         };
+    CreateAndUpdateKeyProperties: {
+      /**
+       * @description Set this key's metadata. Validation regex: ^[A-Za-z0-9_=+/ \-\.\,]{0,1024}$
+       * @example Contract admin key
+       */
+      metadata?: string | null;
+      /**
+       * @description Specify a user other than themselves to be the (potentially new) owner of the key.
+       * The specified owner must be an existing user who is a member of the same org.
+       * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
+       */
+      owner?: string | null;
+      /**
+       * @description Set this key's policies. For an existing key, this overwrites all its policies.
+       * @example [
+       *   "AllowRawBlobSigning",
+       *   {
+       *     "RequireMfa": {
+       *       "count": 1
+       *     }
+       *   }
+       * ]
+       */
+      policy?: Record<string, never>[] | null;
+    };
     CreateKeyImportKeyResponse: components["schemas"]["KeyImportKey"] & {
       /**
        * @description An attestation document from a secure enclave, including an
@@ -1217,7 +1242,7 @@ export interface components {
        */
       enclave_signature: string;
     };
-    CreateKeyRequest: components["schemas"]["UpdateKeyProperties"] & {
+    CreateKeyRequest: components["schemas"]["CreateAndUpdateKeyProperties"] & {
       /**
        * Format: int64
        * @description Chain id for which the key is allowed to sign messages
@@ -3181,32 +3206,7 @@ export interface components {
        */
       signature: string;
     };
-    UpdateKeyProperties: {
-      /**
-       * @description If set, update this key's metadata. Validation regex: ^[A-Za-z0-9_=+/ \-\.\,]{0,1024}$
-       * @example Contract admin key
-       */
-      metadata?: string | null;
-      /**
-       * @description Allows users to specify a user other than themselves to receive the key
-       * The new owner must be an existing user who is a member of the same org.
-       * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
-       */
-      owner?: string | null;
-      /**
-       * @description If set, update this key's policies (old policies will be overwritten!).
-       * @example [
-       *   "AllowRawBlobSigning",
-       *   {
-       *     "RequireMfa": {
-       *       "count": 1
-       *     }
-       *   }
-       * ]
-       */
-      policy?: Record<string, never>[] | null;
-    };
-    UpdateKeyRequest: components["schemas"]["UpdateKeyProperties"] & {
+    UpdateKeyRequest: components["schemas"]["CreateAndUpdateKeyProperties"] & {
       /**
        * @description If set, updates the keys's `enabled` property to this value.
        * Once disabled, a key cannot be used for signing.

package/src/schema_types.ts

@@ -37,7 +37,7 @@ export type SchemaKeyType = schemas["KeyType"];
 
 export type ListKeysResponse = schemas["PaginatedListKeysResponse"];
 export type UpdateKeyRequest = schemas["UpdateKeyRequest"];
-export type UpdateKeyProperties = schemas["UpdateKeyProperties"];
+export type KeyProperties = schemas["CreateAndUpdateKeyProperties"];
 export type CreateKeyRequest = schemas["CreateKeyRequest"];
 export type KeyInfoApi = schemas["KeyInfo"];
 export type KeyInRoleInfo = schemas["KeyInRoleInfo"];
@@ -100,6 +100,8 @@ export type Empty = schemas["EmptyImpl"];
 
 /** Options for a new OIDC user */
 export interface CreateOidcUserOptions {
+  /** Optional name */
+  name?: string | null;
   /** The role of an OIDC user, default is "Alien" */
   memberRole?: MemberRole;
   /** Optional MFA policy to associate with the user account */

package/tsconfig.json

@@ -1,6 +1,7 @@
 {
   "extends": "../../tsconfig.json",
   "compilerOptions": {
+    "module": "ES2022",
     "outDir": "./dist"
   },
   "typedocOptions": {

package/src/org_event_processor.ts

@@ -1,173 +0,0 @@
-import { X509Certificate, createVerify } from "crypto";
-import { Environment, envs } from ".";
-
-// URLs that are safe to retrieve certificates from
-const SNS_CERTIFICATE_URL_HOSTS = ["sns.us-east-1.amazonaws.com"];
-
-const SNS_CERTIFICATE_HOST = "sns.amazonaws.com";
-
-/** The common fields of SNS messages */
-export interface SnsMessage {
-  Type: string;
-  MessageId: string;
-  TopicArn: string;
-  Message: string;
-  Timestamp: string;
-  SignatureVersion: string;
-  Signature: string;
-  SigningCertURL: string;
-}
-
-/** The format of a subscription confirmation sent by SNS */
-export interface SubscriptionConfirmationMessage extends SnsMessage {
-  Token: string;
-  SubscribeURL: string;
-}
-
-/** Common fields for an org event */
-export interface OrgEventBase {
-  org: string;
-  utc_timestamp: number;
-  org_event: string;
-}
-
-/** The format of an event message sent by SNS */
-export interface OrgEventMessage extends SnsMessage {
-  Subject?: string;
-  UnsubscribeURL: string;
-}
-
-/** Options for the processor */
-export interface OrgEventProcessorOptions {
-  env: Environment;
-}
-
-/** A utility for processing org event messages */
-export class OrgEventProcessor {
-  readonly #topicArn: string;
-  readonly #orgId: string;
-  #cachedCertificates: Map<URL, X509Certificate>;
-
-  /**
-   * Constructor.
-   * @param {string} orgId The org id
-   * @param {OrgEventProcessorOptions} options Additional options for the processor
-   */
-  constructor(orgId: string, options?: OrgEventProcessorOptions) {
-    this.#topicArn = envs[options?.env ?? "prod"].OrgEventsTopicArn;
-    this.#orgId = orgId;
-    this.#cachedCertificates = new Map();
-  }
-
-  /**
-   * Checks an SNS message and its signature. Throws an error if the message
-   * invalid or the signature is invalid.
-   *
-   * @param {SnsMessage} message The SNS message to check
-   */
-  async checkMessage(message: SnsMessage) {
-    // Check the topic ARN
-    if (message.TopicArn !== this.#topicArn) {
-      throw new Error(`Expected topic ARN '${this.#topicArn}', found '${message.TopicArn}'`);
-    }
-
-    // Both subscription confirmations and org event messages should have no subject
-    if ("Subject" in message) {
-      throw new Error("Expected a message without a subject");
-    }
-
-    // The org events topic uses signature version 2 (SHA256)
-    if (message.SignatureVersion !== "2") {
-      throw new Error("Expected signature version 2");
-    }
-
-    // Retrieve the certificate and sanity check it
-    const certificate = await this.#fetchAndValidateCertificate(new URL(message.SigningCertURL));
-
-    // Extract fields specific to subscription confirmations
-    const subscribeUrl = (message as SubscriptionConfirmationMessage).SubscribeURL;
-    const token = (message as SubscriptionConfirmationMessage).Token;
-
-    // Check the signature
-    const fields = ["Message", message.Message, "MessageId", message.MessageId]
-      .concat(subscribeUrl !== undefined ? ["SubscribeURL", subscribeUrl] : [])
-      .concat(["Timestamp", message.Timestamp])
-      .concat(token !== undefined ? ["Token", token] : [])
-      .concat(["TopicArn", message.TopicArn, "Type", message.Type]);
-    const verify = createVerify("RSA-SHA256");
-    verify.update(fields.join("\n") + "\n");
-    const isValid = verify.verify(certificate.publicKey, message.Signature, "base64");
-    if (!isValid) {
-      throw new Error("The org event has an invalid signature");
-    }
-  }
-
-  /**
-   * Parse an org event and check its signature. Throws an error if the
-   * message is not a valid org event or the signature is invalid.
-   *
-   * @param {OrgEventMessage} message The org event message to check
-   * @return {OrgEventBase} The org event
-   */
-  async parse(message: OrgEventMessage): Promise<OrgEventBase> {
-    await this.checkMessage(message);
-
-    // Check that the event is for the expected org
-    const orgEvent: OrgEventBase = JSON.parse(message.Message);
-    if (orgEvent.org !== this.#orgId) {
-      throw new Error(`Expected org to be '${this.#orgId}', found '${orgEvent.org}'`);
-    }
-
-    return orgEvent;
-  }
-
-  /**
-   * Fetches a certificate from a given URL or from the certificate cache.
-   * Throws an error if the URL does not correspond to an SNS certificate URL.
-   *
-   * Note: Ideally, this method would verify the certificate chain, but there
-   * is no obvious chain. Instead, this method only fetches certificates from
-   * a small set of allowlisted URLs.
-   *
-   * @param {URL} url The URL of the certificate
-   * @return {X509Certificate} The certificate
-   */
-  async #fetchAndValidateCertificate(url: URL): Promise<X509Certificate> {
-    const currTime = new Date().getTime();
-    const cachedCertificate = this.#cachedCertificates.get(url);
-    if (cachedCertificate && currTime < new Date(cachedCertificate.validTo).getTime()) {
-      return cachedCertificate;
-    }
-
-    // Only fetch certificates from HTTPS URLs
-    if (url.protocol !== "https:") {
-      throw new Error("Expected signing certificate URL to use HTTPS");
-    }
-
-    // Only fetch certificate URLs for SNS
-    if (SNS_CERTIFICATE_URL_HOSTS.indexOf(url.host) === -1) {
-      throw new Error("Expected signing certificate URL for SNS in us-east-1");
-    }
-
-    const response = await fetch(url);
-    if (!response.ok) {
-      throw new Error(`Unable to download certificate. Status: ${response.status}`);
-    }
-    const blob = await response.blob();
-    const certificate = new X509Certificate(await blob.text());
-    if (!certificate.checkHost(SNS_CERTIFICATE_HOST)) {
-      throw new Error(`Expected certificate to be for '${SNS_CERTIFICATE_HOST}'`);
-    }
-
-    // Check validity times
-    if (currTime < new Date(certificate.validFrom).getTime()) {
-      throw new Error("Certificate not valid yet");
-    }
-    if (new Date(certificate.validTo).getTime() < currTime) {
-      throw new Error("Certificate expired");
-    }
-
-    this.#cachedCertificates.set(url, certificate);
-    return certificate;
-  }
-}