npm - @cubist-labs/cubesigner-sdk - Versions diffs - 0.3.8 → 0.3.13 - Mend

@cubist-labs/cubesigner-sdk 0.3.8 → 0.3.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/README.md +1 -0
package/dist/cjs/package.json +1 -1
package/dist/cjs/src/client.d.ts +4 -2
package/dist/cjs/src/error.d.ts +23 -0
package/dist/cjs/src/error.js +63 -1
package/dist/cjs/src/events.d.ts +31 -9
package/dist/cjs/src/events.js +56 -25
package/dist/cjs/src/index.js +3 -2
package/dist/cjs/src/schema.d.ts +104 -5
package/dist/cjs/src/schema.js +1 -1
package/dist/esm/package.json +1 -1
package/dist/esm/src/client.d.ts +4 -2
package/dist/esm/src/error.d.ts +23 -0
package/dist/esm/src/error.js +63 -1
package/dist/esm/src/events.d.ts +31 -9
package/dist/esm/src/events.js +53 -23
package/dist/esm/src/index.js +2 -2
package/dist/esm/src/schema.d.ts +104 -5
package/dist/esm/src/schema.js +1 -1
package/package.json +1 -1
package/src/error.ts +69 -0
package/src/events.ts +53 -24
package/src/schema.ts +103 -4
package/tsconfig.json +3 -3

package/dist/cjs/src/schema.d.ts CHANGED Viewed

@@ -263,6 +263,21 @@ export interface paths {
          */
         patch: operations["mfaVoteTotp"];
     };
+    "/v0/org/{org_id}/oauth2/twitter": {
+        /**
+         * Mint an OIDC ID token for Twitter
+         * @description Mint an OIDC ID token for Twitter
+         *
+         * This function acts identically to Twitter's [`oauth2/token`](https://developer.twitter.com/en/docs/authentication/api-reference/token) endpoint,
+         * but extends the output with an `id_token`.
+         *
+         * This `id_token` can then be used with any CubeSigner endpoint that requires an OIDC token.
+         *
+         * > [!IMPORTANT]
+         * > This endpoint will fail unless the org is configured to allow the issuer `https://shim.oauth2.cubist.dev/twitter` and client ID being used for Twitter.
+         */
+        post: operations["oauth2Twitter"];
+    };
     "/v0/org/{org_id}/oidc": {
         /**
          * Login with OIDC
@@ -983,7 +998,9 @@ export interface components {
         /** @description Wrapper around a zeroizing 32-byte fixed-size array */
         B32: string;
         /** @enum {string} */
-        BadRequestErrorCode: "GenericBadRequest" | "InvalidBody" | "InvalidMfaReceipt" | "InvalidMfaPolicyCount" | "InvalidMfaPolicyNumAuthFactors" | "InvalidMfaPolicyNumAllowedApprovers" | "InvalidMfaPolicyRedundantRule" | "InvalidCreateKeyCount" | "OrgInviteExistingUser" | "OrgNameTaken" | "RoleNameTaken" | "AddKeyToRoleCountTooHigh" | "InvalidKeyId" | "InvalidKeyMetadataLength" | "InvalidKeyMetadata" | "InvalidKeyMaterialId" | "KeyNotFound" | "UserExportDerivedKey" | "UserExportPublicKeyInvalid" | "UserExportInProgress" | "RoleNotFound" | "InvalidMfaReceiptOrgIdMissing" | "InvalidMfaReceiptInvalidOrgId" | "MfaRequestNotFound" | "InvalidKeyType" | "InvalidKeyMaterial" | "InvalidHexValue" | "InvalidBase32Value" | "InvalidBase58Value" | "InvalidForkVersionLength" | "InvalidEthAddress" | "InvalidStellarAddress" | "InvalidOrgNameOrId" | "InvalidStakeDeposit" | "InvalidBlobSignRequest" | "InvalidSolanaSignRequest" | "InvalidEip712SignRequest" | "InvalidEvmSignRequest" | "InvalidEth2SignRequest" | "InvalidDeriveKeyRequest" | "InvalidStakingAmount" | "CustomStakingAmountNotAllowedForWrapperContract" | "InvalidUnstakeRequest" | "InvalidCreateUserRequest" | "UserAlreadyExists" | "UserNotFound" | "PolicyRuleKeyMismatch" | "EmptyScopes" | "InvalidScopesForRoleSession" | "InvalidLifetime" | "NoSingleKeyForUser" | "InvalidOrgPolicyRule" | "SourceIpAllowlistEmpty" | "InvalidOrgPolicyRepeatedRule" | "AvaSignHashError" | "AvaSignError" | "BtcSegwitHashError" | "BtcSignError" | "Eip712SignError" | "InvalidMemberRoleInUserAdd" | "ThirdPartyUserAlreadyExists" | "ThirdPartyUserNotFound" | "DeleteOidcUserError" | "SessionRoleMismatch" | "InvalidOidcToken" | "OidcIssuerUnsupported" | "OidcIssuerNotAllowed" | "OidcIssuerNoApplicableJwk" | "FidoCredentialMissing" | "FidoKeyAlreadyRegistered" | "FidoKeySignCountTooLow" | "FidoVerificationFailed" | "FidoChallengeMfaMismatch" | "UnsupportedLegacyCognitoSession" | "InvalidIdentityProof" | "PaginationDataExpired" | "ExistingKeysViolateExclusiveKeyAccess" | "ExportDelayTooShort" | "ExportWindowTooLong" | "InvalidTotpFailureLimit" | "InvalidEip191SignRequest" | "CannotResendUserInvitation";
+        BadGatewayErrorCode: "OAuthProviderError";
+        /** @enum {string} */
+        BadRequestErrorCode: "GenericBadRequest" | "InvalidBody" | "TokenRequestError" | "InvalidMfaReceipt" | "InvalidMfaPolicyCount" | "InvalidMfaPolicyNumAuthFactors" | "InvalidMfaPolicyNumAllowedApprovers" | "InvalidMfaPolicyRedundantRule" | "InvalidCreateKeyCount" | "OrgInviteExistingUser" | "OrgNameTaken" | "RoleNameTaken" | "AddKeyToRoleCountTooHigh" | "InvalidKeyId" | "InvalidKeyMetadataLength" | "InvalidKeyMetadata" | "InvalidKeyMaterialId" | "KeyNotFound" | "UserExportDerivedKey" | "UserExportPublicKeyInvalid" | "UserExportInProgress" | "RoleNotFound" | "InvalidMfaReceiptOrgIdMissing" | "InvalidMfaReceiptInvalidOrgId" | "MfaRequestNotFound" | "InvalidKeyType" | "InvalidKeyMaterial" | "InvalidHexValue" | "InvalidBase32Value" | "InvalidBase58Value" | "InvalidForkVersionLength" | "InvalidEthAddress" | "InvalidStellarAddress" | "InvalidOrgNameOrId" | "InvalidStakeDeposit" | "InvalidBlobSignRequest" | "InvalidSolanaSignRequest" | "InvalidEip712SignRequest" | "InvalidEvmSignRequest" | "InvalidEth2SignRequest" | "InvalidDeriveKeyRequest" | "InvalidStakingAmount" | "CustomStakingAmountNotAllowedForWrapperContract" | "InvalidUnstakeRequest" | "InvalidCreateUserRequest" | "UserAlreadyExists" | "UserNotFound" | "PolicyRuleKeyMismatch" | "EmptyScopes" | "InvalidScopesForRoleSession" | "InvalidLifetime" | "NoSingleKeyForUser" | "InvalidOrgPolicyRule" | "SourceIpAllowlistEmpty" | "InvalidOrgPolicyRepeatedRule" | "AvaSignHashError" | "AvaSignError" | "BtcSegwitHashError" | "BtcSignError" | "Eip712SignError" | "InvalidMemberRoleInUserAdd" | "ThirdPartyUserAlreadyExists" | "ThirdPartyUserNotFound" | "DeleteOidcUserError" | "SessionRoleMismatch" | "InvalidOidcToken" | "OidcIssuerUnsupported" | "OidcIssuerNotAllowed" | "OidcIssuerNoApplicableJwk" | "FidoKeyAlreadyRegistered" | "FidoKeySignCountTooLow" | "FidoVerificationFailed" | "FidoChallengeMfaMismatch" | "UnsupportedLegacyCognitoSession" | "InvalidIdentityProof" | "PaginationDataExpired" | "ExistingKeysViolateExclusiveKeyAccess" | "ExportDelayTooShort" | "ExportWindowTooLong" | "InvalidTotpFailureLimit" | "InvalidEip191SignRequest" | "CannotResendUserInvitation";
         /**
          * @example {
          *   "message_base64": "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTYK"
@@ -1479,7 +1496,7 @@ export interface components {
             name: string;
         };
         /** @enum {string} */
-        ForbiddenErrorCode: "FidoRequiredToRemoveTotp" | "MfaChallengeExpired" | "ChainIdNotAllowed" | "InvalidOrg" | "SessionForWrongOrg" | "OrgDisabled" | "OrgNotFound" | "OrgWithoutOwner" | "OrphanedUser" | "OidcUserNotFound" | "UserNotInOrg" | "UserNotOrgOwner" | "UserNotKeyOwner" | "InvalidRole" | "DisabledRole" | "KeyDisabled" | "RoleNotInOrg" | "KeyNotInRole" | "KeyNotInOrg" | "UserExportRequestNotInOrg" | "UserExportRequestInvalid" | "UserNotOriginalKeyOwner" | "UserNotInRole" | "MustBeFullMember" | "SessionExpired" | "SessionRevoked" | "ExpectedUserSession" | "SessionRoleChanged" | "ScopedNameNotFound" | "SessionInvalidEpochToken" | "SessionInvalidRefreshToken" | "SessionRefreshTokenExpired" | "InvalidAuthHeader" | "SessionNotFound" | "InvalidArn" | "SessionInvalidAuthToken" | "SessionAuthTokenExpired" | "SessionPossiblyStolenToken" | "MfaDisallowedIdentity" | "MfaDisallowedApprover" | "MfaTypeNotAllowed" | "MfaNotApprovedYet" | "MfaConfirmationCodeMismatch" | "MfaHttpRequestMismatch" | "MfaApprovalFromUserSession" | "MfaRemoveBelowMin" | "TotpAlreadyConfigured" | "TotpConfigurationChanged" | "MfaTotpBadConfiguration" | "MfaTotpBadCode" | "MfaTotpRateLimit" | "ImproperSessionScope" | "FullSessionRequired" | "SessionWithoutAnyScopeUnder" | "UserRoleUnprivileged" | "MfaNotConfigured";
+        ForbiddenErrorCode: "FidoRequiredToRemoveTotp" | "MfaChallengeExpired" | "ChainIdNotAllowed" | "InvalidOrg" | "SessionForWrongOrg" | "OrgDisabled" | "OrgNotFound" | "OrgWithoutOwner" | "OrphanedUser" | "OidcUserNotFound" | "UserNotInOrg" | "UserNotOrgOwner" | "UserNotKeyOwner" | "InvalidRole" | "DisabledRole" | "KeyDisabled" | "RoleNotInOrg" | "KeyNotInRole" | "KeyNotInOrg" | "UserExportRequestNotInOrg" | "UserExportRequestInvalid" | "UserNotOriginalKeyOwner" | "UserNotInRole" | "MustBeFullMember" | "SessionExpired" | "SessionRevoked" | "ExpectedUserSession" | "SessionRoleChanged" | "ScopedNameNotFound" | "SessionInvalidEpochToken" | "SessionInvalidRefreshToken" | "SessionRefreshTokenExpired" | "InvalidAuthHeader" | "SessionNotFound" | "InvalidArn" | "SessionInvalidAuthToken" | "SessionAuthTokenExpired" | "SessionPossiblyStolenToken" | "MfaDisallowedIdentity" | "MfaDisallowedApprover" | "MfaTypeNotAllowed" | "MfaNotApprovedYet" | "MfaConfirmationCodeMismatch" | "MfaHttpRequestMismatch" | "MfaRemoveBelowMin" | "TotpAlreadyConfigured" | "TotpConfigurationChanged" | "MfaTotpBadConfiguration" | "MfaTotpBadCode" | "MfaTotpRateLimit" | "ImproperSessionScope" | "FullSessionRequired" | "SessionWithoutAnyScopeUnder" | "UserRoleUnprivileged" | "MfaNotConfigured";
         /**
          * @description Specifies a fork of the `BeaconChain`, to prevent replay attacks.
          * The schema of `Fork` is defined in the [Beacon chain
@@ -1614,9 +1631,14 @@ export interface components {
              * @description The email associated with the user
              * @example user@email.com
              */
-            email: string;
+            email?: string | null;
             exp_epoch: components["schemas"]["EpochDateTime"];
             identity?: components["schemas"]["OIDCIdentity"] | null;
+            /**
+             * @description The username (if any) associated with the user
+             * @example cubistdev
+             */
+            preferred_username?: string | null;
             user_info?: components["schemas"]["CubeSignerUserInfo"] | null;
         } & {
             /** @description An opaque identifier for the proof */
@@ -2589,7 +2611,7 @@ export interface components {
             /** @description The list of sessions */
             sessions: components["schemas"]["SessionInfo"][];
         };
-        SignerErrorCode: components["schemas"]["SignerErrorOwnCodes"] | components["schemas"]["AcceptedValueCode"] | components["schemas"]["BadRequestErrorCode"] | components["schemas"]["NotFoundErrorCode"] | components["schemas"]["ForbiddenErrorCode"] | components["schemas"]["UnauthorizedErrorCode"] | components["schemas"]["PreconditionErrorCode"] | components["schemas"]["InternalErrorCode"];
+        SignerErrorCode: components["schemas"]["SignerErrorOwnCodes"] | components["schemas"]["AcceptedValueCode"] | components["schemas"]["BadRequestErrorCode"] | components["schemas"]["BadGatewayErrorCode"] | components["schemas"]["NotFoundErrorCode"] | components["schemas"]["ForbiddenErrorCode"] | components["schemas"]["UnauthorizedErrorCode"] | components["schemas"]["PreconditionErrorCode"] | components["schemas"]["InternalErrorCode"];
         /** @enum {string} */
         SignerErrorOwnCodes: "UnhandledError" | "ProxyStartError" | "EnclaveError";
         /**
@@ -2669,6 +2691,21 @@ export interface components {
             /** @description Tokens purpose */
             purpose: string;
         };
+        /**
+         * @description OAuth2 standard Token Response.
+         *
+         * https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.2
+         */
+        TokenResponse: {
+            /** @description The access token issued by the authorization server. */
+            access_token: string;
+            expires_in: components["schemas"]["Seconds"];
+            /** @description An OIDC token issued by Cubist, containing user information */
+            id_token?: string;
+            /** @description The type of the token issued. Value is case insensitive. */
+            token_type: string;
+            [key: string]: unknown;
+        };
         TotpApproveRequest: {
             /** @description TOTP verification code */
             code: string;
@@ -3231,9 +3268,14 @@ export interface components {
                      * @description The email associated with the user
                      * @example user@email.com
                      */
-                    email: string;
+                    email?: string | null;
                     exp_epoch: components["schemas"]["EpochDateTime"];
                     identity?: components["schemas"]["OIDCIdentity"] | null;
+                    /**
+                     * @description The username (if any) associated with the user
+                     * @example cubistdev
+                     */
+                    preferred_username?: string | null;
                     user_info?: components["schemas"]["CubeSignerUserInfo"] | null;
                 } & {
                     /** @description An opaque identifier for the proof */
@@ -3667,6 +3709,25 @@ export interface components {
                 };
             };
         };
+        /**
+         * @description OAuth2 standard Token Response.
+         *
+         * https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.2
+         */
+        TokenResponse: {
+            content: {
+                "application/json": {
+                    /** @description The access token issued by the authorization server. */
+                    access_token: string;
+                    expires_in: components["schemas"]["Seconds"];
+                    /** @description An OIDC token issued by Cubist, containing user information */
+                    id_token?: string;
+                    /** @description The type of the token issued. Value is case insensitive. */
+                    token_type: string;
+                    [key: string]: unknown;
+                };
+            };
+        };
         TotpInfo: {
             content: {
                 "application/json": {
@@ -4685,6 +4746,44 @@ export interface operations {
             };
         };
     };
+    /**
+     * Mint an OIDC ID token for Twitter
+     * @description Mint an OIDC ID token for Twitter
+     *
+     * This function acts identically to Twitter's [`oauth2/token`](https://developer.twitter.com/en/docs/authentication/api-reference/token) endpoint,
+     * but extends the output with an `id_token`.
+     *
+     * This `id_token` can then be used with any CubeSigner endpoint that requires an OIDC token.
+     *
+     * > [!IMPORTANT]
+     * > This endpoint will fail unless the org is configured to allow the issuer `https://shim.oauth2.cubist.dev/twitter` and client ID being used for Twitter.
+     */
+    oauth2Twitter: {
+        parameters: {
+            path: {
+                /**
+                 * @description Name or ID of the desired Org
+                 * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+                 */
+                org_id: string;
+            };
+        };
+        requestBody: {
+            content: {
+                "application/json": {
+                    [key: string]: string;
+                };
+            };
+        };
+        responses: {
+            200: components["responses"]["TokenResponse"];
+            default: {
+                content: {
+                    "application/json": components["schemas"]["ErrorResponse"];
+                };
+            };
+        };
+    };
     /**
      * Login with OIDC
      * @description Login with OIDC