@dfns/sdk 0.7.15 → 0.7.17

package/generated/auth/types.d.ts

@@ -284,15 +284,28 @@ export type CreateCredentialChallengeResponse = {
         authenticatorAttachment?: ("platform" | "cross-platform") | undefined;
         residentKey: "required" | "preferred" | "discouraged";
         requireResidentKey: boolean;
+        /** Value indicating if the user should be prompted for a second factor. Can be one of the following values:
+        * required to indicate the user must be prompted for their pin, biometrics, or another second factor option
+        * preferred to indicate the user should be prompted for a second factor if it is supported
+        * discouraged to indicate the user should not be prompted for their second factor unless the device requires it
+         */
         userVerification: "required" | "preferred" | "discouraged";
     };
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
     pubKeyCredParams: {
         type: "public-key";
         alg: number;
     }[];
     excludeCredentials: {
+        /** Is always `public-key`. */
         type: "public-key";
+        /** ID that identifies the credential. */
         id: string;
     }[];
     /** @deprecated use challengeIdentifier instead */
@@ -310,6 +323,12 @@ export type CreateCredentialChallengeResponse = {
         id: string;
         name: string;
     } | undefined;
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
     pubKeyCredParams: {
         type: "public-key";
@@ -330,6 +349,12 @@ export type CreateCredentialChallengeResponse = {
         id: string;
         name: string;
     } | undefined;
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
     pubKeyCredParams: {
         type: "public-key";
@@ -350,6 +375,12 @@ export type CreateCredentialChallengeResponse = {
         id: string;
         name: string;
     } | undefined;
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
     pubKeyCredParams: {
         type: "public-key";
@@ -411,15 +442,28 @@ export type CreateCredentialChallengeWithCodeResponse = {
         authenticatorAttachment?: ("platform" | "cross-platform") | undefined;
         residentKey: "required" | "preferred" | "discouraged";
         requireResidentKey: boolean;
+        /** Value indicating if the user should be prompted for a second factor. Can be one of the following values:
+        * required to indicate the user must be prompted for their pin, biometrics, or another second factor option
+        * preferred to indicate the user should be prompted for a second factor if it is supported
+        * discouraged to indicate the user should not be prompted for their second factor unless the device requires it
+         */
         userVerification: "required" | "preferred" | "discouraged";
     };
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
     pubKeyCredParams: {
         type: "public-key";
         alg: number;
     }[];
     excludeCredentials: {
+        /** Is always `public-key`. */
         type: "public-key";
+        /** ID that identifies the credential. */
         id: string;
     }[];
     /** @deprecated use challengeIdentifier instead */
@@ -437,6 +481,12 @@ export type CreateCredentialChallengeWithCodeResponse = {
         id: string;
         name: string;
     } | undefined;
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
     pubKeyCredParams: {
         type: "public-key";
@@ -457,6 +507,12 @@ export type CreateCredentialChallengeWithCodeResponse = {
         id: string;
         name: string;
     } | undefined;
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
     pubKeyCredParams: {
         type: "public-key";
@@ -477,6 +533,12 @@ export type CreateCredentialChallengeWithCodeResponse = {
         id: string;
         name: string;
     } | undefined;
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
     pubKeyCredParams: {
         type: "public-key";
@@ -619,15 +681,28 @@ export type CreateDelegatedRecoveryChallengeResponse = {
         authenticatorAttachment?: ("platform" | "cross-platform") | undefined;
         residentKey: "required" | "preferred" | "discouraged";
         requireResidentKey: boolean;
+        /** Value indicating if the user should be prompted for a second factor. Can be one of the following values:
+        * required to indicate the user must be prompted for their pin, biometrics, or another second factor option
+        * preferred to indicate the user should be prompted for a second factor if it is supported
+        * discouraged to indicate the user should not be prompted for their second factor unless the device requires it
+         */
         userVerification: "required" | "preferred" | "discouraged";
     };
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
     pubKeyCredParams: {
         type: "public-key";
         alg: number;
     }[];
     excludeCredentials: {
+        /** Is always `public-key`. */
         type: "public-key";
+        /** ID that identifies the credential. */
         id: string;
     }[];
     otpUrl: string;
@@ -664,15 +739,28 @@ export type CreateDelegatedRegistrationChallengeResponse = {
         authenticatorAttachment?: ("platform" | "cross-platform") | undefined;
         residentKey: "required" | "preferred" | "discouraged";
         requireResidentKey: boolean;
+        /** Value indicating if the user should be prompted for a second factor. Can be one of the following values:
+        * required to indicate the user must be prompted for their pin, biometrics, or another second factor option
+        * preferred to indicate the user should be prompted for a second factor if it is supported
+        * discouraged to indicate the user should not be prompted for their second factor unless the device requires it
+         */
         userVerification: "required" | "preferred" | "discouraged";
     };
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
     pubKeyCredParams: {
         type: "public-key";
         alg: number;
     }[];
     excludeCredentials: {
+        /** Is always `public-key`. */
         type: "public-key";
+        /** ID that identifies the credential. */
         id: string;
     }[];
     otpUrl: string;
@@ -686,34 +774,64 @@ export type CreateLoginChallengeBody = {
     loginCode?: string | undefined;
 };
 export type CreateLoginChallengeResponse = {
+    /** Challenge (string) to be signed by the requester with his private key. */
     challenge: string;
+    /** A JWT that identifies the signing session. */
     challengeIdentifier: string;
+    /** Deprecated. Should not be used. */
     rp?: {
         id: string;
         name: string;
     } | undefined;
+    /** Identifies the kind of credentials that can be used to sign the user action. */
     supportedCredentialKinds: {
+        /** The kind of credential. */
         kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
+        /** Indicates if the credential can be used as a first factor, second factor, or either; can be `first`, `second`, or `either`. */
         factor: "first" | "second" | "either";
+        /** When true indicates a second factor credential is required if the credential is used as a first factor. */
         requiresSecondFactor: boolean;
     }[];
+    /** Value indicating if the user should be prompted for a second factor. Can be one of the following values:
+    * required to indicate the user must be prompted for their pin, biometrics, or another second factor option
+    * preferred to indicate the user should be prompted for a second factor if it is supported
+    * discouraged to indicate the user should not be prompted for their second factor unless the device requires it
+     */
     userVerification: "required" | "preferred" | "discouraged";
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
+    /** List of credentials that the user can use to sign the user action. */
     allowCredentials: {
+        /** List of keys that the user can use to sign the user action. */
         key: {
+            /** Is always `public-key`. */
             type: "public-key";
+            /** ID that identifies the credential. */
             id: string;
         }[];
+        /** List of password protected keys that the user can use to sign the login challenge. */
         passwordProtectedKey?: {
+            /** Is always `public-key`. */
             type: "public-key";
+            /** ID that identifies the credential. */
             id: string;
+            /** Encrypted Private Key. Only the user knows the password to decrypt it and have access to the private key. */
             encryptedPrivateKey: string;
         }[] | undefined;
+        /** List of WebAuthn credentials that the user can use to sign the user action. */
         webauthn: {
+            /** Is always `public-key`. */
             type: "public-key";
+            /** ID that identifies the credential. */
             id: string;
         }[];
     };
+    /** Optional url containing a secret value that can be used to enable cross device/origin signing. */
     externalAuthenticationUrl: string;
 };
 export type CreateLoginChallengeRequest = {
@@ -775,15 +893,28 @@ export type CreateRecoveryChallengeResponse = {
         authenticatorAttachment?: ("platform" | "cross-platform") | undefined;
         residentKey: "required" | "preferred" | "discouraged";
         requireResidentKey: boolean;
+        /** Value indicating if the user should be prompted for a second factor. Can be one of the following values:
+        * required to indicate the user must be prompted for their pin, biometrics, or another second factor option
+        * preferred to indicate the user should be prompted for a second factor if it is supported
+        * discouraged to indicate the user should not be prompted for their second factor unless the device requires it
+         */
         userVerification: "required" | "preferred" | "discouraged";
     };
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
     pubKeyCredParams: {
         type: "public-key";
         alg: number;
     }[];
     excludeCredentials: {
+        /** Is always `public-key`. */
         type: "public-key";
+        /** ID that identifies the credential. */
         id: string;
     }[];
     otpUrl: string;
@@ -820,15 +951,28 @@ export type CreateRegistrationChallengeResponse = {
         authenticatorAttachment?: ("platform" | "cross-platform") | undefined;
         residentKey: "required" | "preferred" | "discouraged";
         requireResidentKey: boolean;
+        /** Value indicating if the user should be prompted for a second factor. Can be one of the following values:
+        * required to indicate the user must be prompted for their pin, biometrics, or another second factor option
+        * preferred to indicate the user should be prompted for a second factor if it is supported
+        * discouraged to indicate the user should not be prompted for their second factor unless the device requires it
+         */
         userVerification: "required" | "preferred" | "discouraged";
     };
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
     pubKeyCredParams: {
         type: "public-key";
         alg: number;
     }[];
     excludeCredentials: {
+        /** Is always `public-key`. */
         type: "public-key";
+        /** ID that identifies the credential. */
         id: string;
     }[];
     otpUrl: string;
@@ -913,15 +1057,28 @@ export type CreateSocialRegistrationChallengeResponse = {
         authenticatorAttachment?: ("platform" | "cross-platform") | undefined;
         residentKey: "required" | "preferred" | "discouraged";
         requireResidentKey: boolean;
+        /** Value indicating if the user should be prompted for a second factor. Can be one of the following values:
+        * required to indicate the user must be prompted for their pin, biometrics, or another second factor option
+        * preferred to indicate the user should be prompted for a second factor if it is supported
+        * discouraged to indicate the user should not be prompted for their second factor unless the device requires it
+         */
         userVerification: "required" | "preferred" | "discouraged";
     };
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
     pubKeyCredParams: {
         type: "public-key";
         alg: number;
     }[];
     excludeCredentials: {
+        /** Is always `public-key`. */
         type: "public-key";
+        /** ID that identifies the credential. */
         id: string;
     }[];
     otpUrl: string;
@@ -966,109 +1123,171 @@ export type CreateUserRequest = {
     body: CreateUserBody;
 };
 export type CreateUserActionChallengeBody = {
+    /** Optional indicator of which Dfns service being called. */
     userActionServerKind?: ("Api" | "Staff") | undefined;
-    userActionHttpMethod: string;
+    /** The HTTP method that will be used to make the request that is being signed. */
+    userActionHttpMethod: "POST" | "PUT" | "DELETE" | "GET";
+    /** The path of the request that is being signed. */
     userActionHttpPath: string;
+    /** The JSON-encoded body of the request that is being signed. */
     userActionPayload: string;
 };
 export type CreateUserActionChallengeResponse = {
+    /** Challenge (string) to be signed by the requester with his private key. */
     challenge: string;
+    /** A JWT that identifies the signing session. */
     challengeIdentifier: string;
+    /** Deprecated. Should not be used. */
     rp?: {
         id: string;
         name: string;
     } | undefined;
+    /** Identifies the kind of credentials that can be used to sign the user action. */
     supportedCredentialKinds: {
+        /** The kind of credential. */
         kind: "Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey";
+        /** Indicates if the credential can be used as a first factor, second factor, or either; can be `first`, `second`, or `either`. */
         factor: "first" | "second" | "either";
+        /** When true indicates a second factor credential is required if the credential is used as a first factor. */
         requiresSecondFactor: boolean;
     }[];
+    /** Value indicating if the user should be prompted for a second factor. Can be one of the following values:
+    * required to indicate the user must be prompted for their pin, biometrics, or another second factor option
+    * preferred to indicate the user should be prompted for a second factor if it is supported
+    * discouraged to indicate the user should not be prompted for their second factor unless the device requires it
+     */
     userVerification: "required" | "preferred" | "discouraged";
+    /** Identifies the information needed to verify the user's signing certificate; can be one of the following:
+    * none: indicates no attestation data is required
+    * indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
+    * direct: indicates the attestation data must be given and should be generated by the authenticator
+    * enterprise: indicates the attestation data should include information to uniquely identify the user's device
+     */
     attestation: "none" | "indirect" | "direct" | "enterprise";
+    /** List of credentials that the user can use to sign the user action. */
     allowCredentials: {
+        /** List of keys that the user can use to sign the user action. */
         key: {
+            /** Is always `public-key`. */
             type: "public-key";
+            /** ID that identifies the credential. */
             id: string;
         }[];
+        /** List of password protected keys that the user can use to sign the login challenge. */
         passwordProtectedKey?: {
+            /** Is always `public-key`. */
             type: "public-key";
+            /** ID that identifies the credential. */
             id: string;
+            /** Encrypted Private Key. Only the user knows the password to decrypt it and have access to the private key. */
             encryptedPrivateKey: string;
         }[] | undefined;
+        /** List of WebAuthn credentials that the user can use to sign the user action. */
         webauthn: {
+            /** Is always `public-key`. */
             type: "public-key";
+            /** ID that identifies the credential. */
             id: string;
         }[];
     };
+    /** Optional url containing a secret value that can be used to enable cross device/origin signing. */
     externalAuthenticationUrl: string;
 };
 export type CreateUserActionChallengeRequest = {
     body: CreateUserActionChallengeBody;
 };
 export type CreateUserActionSignatureBody = {
-    /** Temporary authentication token returned by the [Create User Action Signature Challenge](https://docs.dfns.co/api-reference/auth/create-user-action-challenge) */
+    /** Temporary authentication token returned by the Create Challenge endpoint. */
     challengeIdentifier: string;
-    /** First factor credential used to sign the user action */
+    /** First factor credential used to sign the challenge. */
     firstFactor: {
         kind: "Fido2";
         credentialAssertion: {
+            /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
             credId: string;
+            /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
             clientData: string;
+            /** Base64url-encoded signature returned by the user's WebAuthn client. */
             signature: string;
+            /** The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. */
             algorithm?: string | undefined;
+            /** Base64url encoded authenticator data object returned by the user's WebAuthn client. */
             authenticatorData: string;
+            /** Base64url encoded userHandle returned by the user's WebAuthn client. */
             userHandle?: string | undefined;
         };
     } | {
         kind: "Key";
         credentialAssertion: {
+            /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
             credId: string;
+            /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
             clientData: string;
+            /** Base64url-encoded signature returned by the user's WebAuthn client. */
             signature: string;
+            /** The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. */
             algorithm?: string | undefined;
         };
-    } | {
-        kind: "Password";
-        password: string;
     } | {
         kind: "PasswordProtectedKey";
         credentialAssertion: {
+            /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
             credId: string;
+            /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
             clientData: string;
+            /** Base64url-encoded signature returned by the user's WebAuthn client. */
             signature: string;
+            /** The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. */
             algorithm?: string | undefined;
         };
+    } | {
+        kind: "Password";
+        password: string;
     };
-    /** Second factor credential used to authenticate a user */
+    /** Second factor credential used to authenticate a user. */
     secondFactor?: ({
         kind: "Fido2";
         credentialAssertion: {
+            /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
             credId: string;
+            /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
             clientData: string;
+            /** Base64url-encoded signature returned by the user's WebAuthn client. */
             signature: string;
+            /** The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. */
             algorithm?: string | undefined;
+            /** Base64url encoded authenticator data object returned by the user's WebAuthn client. */
             authenticatorData: string;
+            /** Base64url encoded userHandle returned by the user's WebAuthn client. */
             userHandle?: string | undefined;
         };
     } | {
         kind: "Key";
         credentialAssertion: {
+            /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
             credId: string;
+            /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
             clientData: string;
+            /** Base64url-encoded signature returned by the user's WebAuthn client. */
             signature: string;
+            /** The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. */
             algorithm?: string | undefined;
         };
-    } | {
-        kind: "Totp";
-        otpCode: string;
     } | {
         kind: "PasswordProtectedKey";
         credentialAssertion: {
+            /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
             credId: string;
+            /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
             clientData: string;
+            /** Base64url-encoded signature returned by the user's WebAuthn client. */
             signature: string;
+            /** The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. */
             algorithm?: string | undefined;
         };
+    } | {
+        kind: "Totp";
+        otpCode: string;
     }) | undefined;
 };
 export type CreateUserActionSignatureResponse = {
@@ -1230,22 +1449,35 @@ export type GetApplicationResponse = {
 };
 export type GetApplicationRequest = GetApplicationParams;
 export type GetAuditLogParams = {
-    id: string;
+    /** Log id you need information about. */
+    id: string | string;
 };
 export type GetAuditLogResponse = {
-    id: string;
+    /** Log id. */
+    id: string | string;
+    /** Action performed. */
     action: string;
+    /** User Action Signature used as token for permorming this action. */
     actionToken: string;
+    /** User who performed the action. */
     userId: string | null;
+    /** Username who performed the action. */
     username: string | null;
     datePerformed: string | null;
+    /** Cryptographic Signature details. Use these parameters if you want to validate the signature. */
     firstFactorCredential: {
+        /** Id of the credential used to sign this action. */
         id: string;
-        kind: string;
+        /** Kind of credential used to sign this action. */
+        kind: ("Fido2" | "Key" | "Password" | "Totp" | "RecoveryKey" | "PasswordProtectedKey") | null;
+        /** Public Key which can be used to verify signature. */
         publicKey: string;
         assertion: {
+            /** Used to verify the signature. */
             authenticatorData: string;
+            /** Information, including challenge, which you can use to verify the signature. */
             clientData: string;
+            /** Signature of the clientData and authenticatorData. */
             signature: string;
         };
     };
@@ -1386,6 +1618,7 @@ export type ListApplicationsResponse = {
 export type ListAuditLogsQuery = {
     startTime: string;
     endTime: string;
+    /** Provide a user id to list events from that particular user only. */
     userId?: string | undefined;
 };
 export type ListAuditLogsResponse = string;
@@ -1504,69 +1737,97 @@ export type ListUsersRequest = {
     query?: ListUsersQuery;
 };
 export type LoginBody = {
-    /** Temporary authentication token returned by the [Create User Action Signature Challenge](https://docs.dfns.co/api-reference/auth/create-user-action-challenge) */
+    /** Temporary authentication token returned by the Create Challenge endpoint. */
     challengeIdentifier: string;
-    /** First factor credential used to sign the user action */
+    /** First factor credential used to sign the challenge. */
     firstFactor: {
         kind: "Fido2";
         credentialAssertion: {
+            /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
             credId: string;
+            /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
             clientData: string;
+            /** Base64url-encoded signature returned by the user's WebAuthn client. */
             signature: string;
+            /** The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. */
             algorithm?: string | undefined;
+            /** Base64url encoded authenticator data object returned by the user's WebAuthn client. */
             authenticatorData: string;
+            /** Base64url encoded userHandle returned by the user's WebAuthn client. */
             userHandle?: string | undefined;
         };
     } | {
         kind: "Key";
         credentialAssertion: {
+            /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
             credId: string;
+            /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
             clientData: string;
+            /** Base64url-encoded signature returned by the user's WebAuthn client. */
             signature: string;
+            /** The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. */
             algorithm?: string | undefined;
         };
-    } | {
-        kind: "Password";
-        password: string;
     } | {
         kind: "PasswordProtectedKey";
         credentialAssertion: {
+            /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
             credId: string;
+            /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
             clientData: string;
+            /** Base64url-encoded signature returned by the user's WebAuthn client. */
             signature: string;
+            /** The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. */
             algorithm?: string | undefined;
         };
+    } | {
+        kind: "Password";
+        password: string;
     };
-    /** Second factor credential used to authenticate a user */
+    /** Second factor credential used to authenticate a user. */
     secondFactor?: ({
         kind: "Fido2";
         credentialAssertion: {
+            /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
             credId: string;
+            /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
             clientData: string;
+            /** Base64url-encoded signature returned by the user's WebAuthn client. */
             signature: string;
+            /** The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. */
             algorithm?: string | undefined;
+            /** Base64url encoded authenticator data object returned by the user's WebAuthn client. */
             authenticatorData: string;
+            /** Base64url encoded userHandle returned by the user's WebAuthn client. */
             userHandle?: string | undefined;
         };
     } | {
         kind: "Key";
         credentialAssertion: {
+            /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
             credId: string;
+            /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
             clientData: string;
+            /** Base64url-encoded signature returned by the user's WebAuthn client. */
             signature: string;
+            /** The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. */
             algorithm?: string | undefined;
         };
-    } | {
-        kind: "Totp";
-        otpCode: string;
     } | {
         kind: "PasswordProtectedKey";
         credentialAssertion: {
+            /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
             credId: string;
+            /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
             clientData: string;
+            /** Base64url-encoded signature returned by the user's WebAuthn client. */
             signature: string;
+            /** The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. */
             algorithm?: string | undefined;
         };
+    } | {
+        kind: "Totp";
+        otpCode: string;
     }) | undefined;
 };
 export type LoginResponse = {
@@ -1590,9 +1851,13 @@ export type RecoverBody = {
     recovery: {
         kind: "RecoveryKey";
         credentialAssertion: {
+            /** Base64url-encoded id of the credential returned by the user's WebAuthn client. */
             credId: string;
+            /** Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. */
             clientData: string;
+            /** Base64url-encoded signature returned by the user's WebAuthn client. */
             signature: string;
+            /** The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. */
             algorithm?: string | undefined;
         };
     };