@djangocfg/api 2.1.441 → 2.1.442

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/dist/auth-server.cjs +53 -119
  2. package/dist/auth-server.cjs.map +1 -1
  3. package/dist/auth-server.mjs +53 -119
  4. package/dist/auth-server.mjs.map +1 -1
  5. package/dist/auth.cjs +222 -277
  6. package/dist/auth.cjs.map +1 -1
  7. package/dist/auth.mjs +222 -277
  8. package/dist/auth.mjs.map +1 -1
  9. package/dist/clients.cjs +53 -119
  10. package/dist/clients.cjs.map +1 -1
  11. package/dist/clients.d.cts +50 -1
  12. package/dist/clients.d.ts +50 -1
  13. package/dist/clients.mjs +53 -119
  14. package/dist/clients.mjs.map +1 -1
  15. package/dist/hooks.cjs +102 -20
  16. package/dist/hooks.cjs.map +1 -1
  17. package/dist/hooks.d.cts +13 -0
  18. package/dist/hooks.d.ts +13 -0
  19. package/dist/hooks.mjs +102 -20
  20. package/dist/hooks.mjs.map +1 -1
  21. package/dist/index.cjs +53 -119
  22. package/dist/index.cjs.map +1 -1
  23. package/dist/index.d.cts +70 -5
  24. package/dist/index.d.ts +70 -5
  25. package/dist/index.mjs +53 -119
  26. package/dist/index.mjs.map +1 -1
  27. package/package.json +2 -2
  28. package/src/_api/generated/_cfg_accounts/hooks/index.ts +1 -0
  29. package/src/_api/generated/_cfg_accounts/hooks/useCfgAccountsApiKeyRevealCreate.ts +64 -0
  30. package/src/_api/generated/_cfg_accounts/openapi.json +92 -15
  31. package/src/_api/generated/_cfg_accounts/schemas/APIKeyReveal.ts +13 -0
  32. package/src/_api/generated/_cfg_accounts/schemas/index.ts +1 -0
  33. package/src/_api/generated/_cfg_centrifugo/openapi.json +0 -5
  34. package/src/_api/generated/_cfg_totp/openapi.json +0 -5
  35. package/src/_api/generated/client/index.ts +1 -0
  36. package/src/_api/generated/core/params.gen.ts +18 -11
  37. package/src/_api/generated/core/types.gen.ts +6 -0
  38. package/src/_api/generated/openapi.json +92 -15
  39. package/src/_api/generated/sdk.gen.ts +57 -122
  40. package/src/_api/generated/types.gen.ts +38 -0
  41. package/src/hooks/useApiKey.ts +30 -2
@@ -1,8 +1,8 @@
1
1
  // This file is auto-generated by @hey-api/openapi-ts
2
2
 
3
- import { type Client, formDataBodySerializer, type Options as Options2, type RequestResult, type TDataShape } from './client';
3
+ import { type Client, type ClientMeta, formDataBodySerializer, type Options as Options2, type RequestResult, type TDataShape } from './client';
4
4
  import { client } from './client.gen';
5
- import type { CfgAccountsApiKeyRegenerateCreateData, CfgAccountsApiKeyRegenerateCreateErrors, CfgAccountsApiKeyRegenerateCreateResponses, CfgAccountsApiKeyRetrieveData, CfgAccountsApiKeyRetrieveErrors, CfgAccountsApiKeyRetrieveResponses, CfgAccountsApiKeyTestCreateData, CfgAccountsApiKeyTestCreateResponses, CfgAccountsOauthConnectionsListData, CfgAccountsOauthConnectionsListResponses, CfgAccountsOauthDisconnectCreateData, CfgAccountsOauthDisconnectCreateErrors, CfgAccountsOauthDisconnectCreateResponses, CfgAccountsOauthGithubAuthorizeCreateData, CfgAccountsOauthGithubAuthorizeCreateErrors, CfgAccountsOauthGithubAuthorizeCreateResponses, CfgAccountsOauthGithubCallbackCreateData, CfgAccountsOauthGithubCallbackCreateErrors, CfgAccountsOauthGithubCallbackCreateResponses, CfgAccountsOauthProvidersRetrieveData, CfgAccountsOauthProvidersRetrieveResponses, CfgAccountsOtpRequestCreateData, CfgAccountsOtpRequestCreateErrors, CfgAccountsOtpRequestCreateResponses, CfgAccountsOtpVerifyCreateData, CfgAccountsOtpVerifyCreateErrors, CfgAccountsOtpVerifyCreateResponses, CfgAccountsProfileAvatarCreateData, CfgAccountsProfileAvatarCreateErrors, CfgAccountsProfileAvatarCreateResponses, CfgAccountsProfileDeleteCreateData, CfgAccountsProfileDeleteCreateErrors, CfgAccountsProfileDeleteCreateResponses, CfgAccountsProfilePartialPartialUpdateData, CfgAccountsProfilePartialPartialUpdateErrors, CfgAccountsProfilePartialPartialUpdateResponses, CfgAccountsProfilePartialUpdateData, CfgAccountsProfilePartialUpdateErrors, CfgAccountsProfilePartialUpdateResponses, CfgAccountsProfileRetrieveData, CfgAccountsProfileRetrieveErrors, CfgAccountsProfileRetrieveResponses, CfgAccountsProfileUpdatePartialUpdateData, CfgAccountsProfileUpdatePartialUpdateErrors, CfgAccountsProfileUpdatePartialUpdateResponses, CfgAccountsProfileUpdateUpdateData, CfgAccountsProfileUpdateUpdateErrors, CfgAccountsProfileUpdateUpdateResponses, CfgAccountsTokenRefreshCreateData, CfgAccountsTokenRefreshCreateResponses, CfgCentrifugoAuthTokenRetrieveData, CfgCentrifugoAuthTokenRetrieveErrors, CfgCentrifugoAuthTokenRetrieveResponses, CfgTotpBackupCodesRegenerateCreateData, CfgTotpBackupCodesRegenerateCreateErrors, CfgTotpBackupCodesRegenerateCreateResponses, CfgTotpBackupCodesRetrieveData, CfgTotpBackupCodesRetrieveResponses, CfgTotpDevicesDestroyData, CfgTotpDevicesDestroyResponses, CfgTotpDevicesRetrieveData, CfgTotpDevicesRetrieveResponses, CfgTotpDisableCreateData, CfgTotpDisableCreateErrors, CfgTotpDisableCreateResponses, CfgTotpSetupConfirmCreateData, CfgTotpSetupConfirmCreateErrors, CfgTotpSetupConfirmCreateResponses, CfgTotpSetupCreateData, CfgTotpSetupCreateErrors, CfgTotpSetupCreateResponses, CfgTotpVerifyBackupCreateData, CfgTotpVerifyBackupCreateErrors, CfgTotpVerifyBackupCreateResponses, CfgTotpVerifyCreateData, CfgTotpVerifyCreateErrors, CfgTotpVerifyCreateResponses } from './types.gen';
5
+ import type { CfgAccountsApiKeyRegenerateCreateData, CfgAccountsApiKeyRegenerateCreateErrors, CfgAccountsApiKeyRegenerateCreateResponses, CfgAccountsApiKeyRetrieveData, CfgAccountsApiKeyRetrieveErrors, CfgAccountsApiKeyRetrieveResponses, CfgAccountsApiKeyRevealCreateData, CfgAccountsApiKeyRevealCreateErrors, CfgAccountsApiKeyRevealCreateResponses, CfgAccountsApiKeyTestCreateData, CfgAccountsApiKeyTestCreateResponses, CfgAccountsOauthConnectionsListData, CfgAccountsOauthConnectionsListResponses, CfgAccountsOauthDisconnectCreateData, CfgAccountsOauthDisconnectCreateErrors, CfgAccountsOauthDisconnectCreateResponses, CfgAccountsOauthGithubAuthorizeCreateData, CfgAccountsOauthGithubAuthorizeCreateErrors, CfgAccountsOauthGithubAuthorizeCreateResponses, CfgAccountsOauthGithubCallbackCreateData, CfgAccountsOauthGithubCallbackCreateErrors, CfgAccountsOauthGithubCallbackCreateResponses, CfgAccountsOauthProvidersRetrieveData, CfgAccountsOauthProvidersRetrieveResponses, CfgAccountsOtpRequestCreateData, CfgAccountsOtpRequestCreateErrors, CfgAccountsOtpRequestCreateResponses, CfgAccountsOtpVerifyCreateData, CfgAccountsOtpVerifyCreateErrors, CfgAccountsOtpVerifyCreateResponses, CfgAccountsProfileAvatarCreateData, CfgAccountsProfileAvatarCreateErrors, CfgAccountsProfileAvatarCreateResponses, CfgAccountsProfileDeleteCreateData, CfgAccountsProfileDeleteCreateErrors, CfgAccountsProfileDeleteCreateResponses, CfgAccountsProfilePartialPartialUpdateData, CfgAccountsProfilePartialPartialUpdateErrors, CfgAccountsProfilePartialPartialUpdateResponses, CfgAccountsProfilePartialUpdateData, CfgAccountsProfilePartialUpdateErrors, CfgAccountsProfilePartialUpdateResponses, CfgAccountsProfileRetrieveData, CfgAccountsProfileRetrieveErrors, CfgAccountsProfileRetrieveResponses, CfgAccountsProfileUpdatePartialUpdateData, CfgAccountsProfileUpdatePartialUpdateErrors, CfgAccountsProfileUpdatePartialUpdateResponses, CfgAccountsProfileUpdateUpdateData, CfgAccountsProfileUpdateUpdateErrors, CfgAccountsProfileUpdateUpdateResponses, CfgAccountsTokenRefreshCreateData, CfgAccountsTokenRefreshCreateResponses, CfgCentrifugoAuthTokenRetrieveData, CfgCentrifugoAuthTokenRetrieveErrors, CfgCentrifugoAuthTokenRetrieveResponses, CfgTotpBackupCodesRegenerateCreateData, CfgTotpBackupCodesRegenerateCreateErrors, CfgTotpBackupCodesRegenerateCreateResponses, CfgTotpBackupCodesRetrieveData, CfgTotpBackupCodesRetrieveResponses, CfgTotpDevicesDestroyData, CfgTotpDevicesDestroyResponses, CfgTotpDevicesRetrieveData, CfgTotpDevicesRetrieveResponses, CfgTotpDisableCreateData, CfgTotpDisableCreateErrors, CfgTotpDisableCreateResponses, CfgTotpSetupConfirmCreateData, CfgTotpSetupConfirmCreateErrors, CfgTotpSetupConfirmCreateResponses, CfgTotpSetupCreateData, CfgTotpSetupCreateErrors, CfgTotpSetupCreateResponses, CfgTotpVerifyBackupCreateData, CfgTotpVerifyBackupCreateErrors, CfgTotpVerifyBackupCreateResponses, CfgTotpVerifyCreateData, CfgTotpVerifyCreateErrors, CfgTotpVerifyCreateResponses } from './types.gen';
6
6
 
7
7
  export type Options<TData extends TDataShape = TDataShape, ThrowOnError extends boolean = boolean, TResponse = unknown> = Options2<TData, ThrowOnError, TResponse> & {
8
8
  /**
@@ -15,7 +15,7 @@ export type Options<TData extends TDataShape = TDataShape, ThrowOnError extends
15
15
  * You can pass arbitrary values through the `meta` object. This can be
16
16
  * used to access values that aren't defined as part of the SDK function.
17
17
  */
18
- meta?: Record<string, unknown>;
18
+ meta?: keyof ClientMeta extends never ? Record<string, unknown> : ClientMeta;
19
19
  };
20
20
 
21
21
  export class CfgAccountsApiKey {
@@ -27,11 +27,7 @@ export class CfgAccountsApiKey {
27
27
  public static cfgAccountsApiKeyRetrieve<ThrowOnError extends boolean = false>(options?: Options<CfgAccountsApiKeyRetrieveData, ThrowOnError>): RequestResult<CfgAccountsApiKeyRetrieveResponses, CfgAccountsApiKeyRetrieveErrors, ThrowOnError> {
28
28
  return (options?.client ?? client).get<CfgAccountsApiKeyRetrieveResponses, CfgAccountsApiKeyRetrieveErrors, ThrowOnError>({
29
29
  security: [
30
- {
31
- key: 'jwtAuth',
32
- scheme: 'bearer',
33
- type: 'http'
34
- },
30
+ { scheme: 'bearer', type: 'http' },
35
31
  {
36
32
  in: 'cookie',
37
33
  name: 'sessionid',
@@ -52,11 +48,32 @@ export class CfgAccountsApiKey {
52
48
  public static cfgAccountsApiKeyRegenerateCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsApiKeyRegenerateCreateData, ThrowOnError>): RequestResult<CfgAccountsApiKeyRegenerateCreateResponses, CfgAccountsApiKeyRegenerateCreateErrors, ThrowOnError> {
53
49
  return (options.client ?? client).post<CfgAccountsApiKeyRegenerateCreateResponses, CfgAccountsApiKeyRegenerateCreateErrors, ThrowOnError>({
54
50
  security: [
51
+ { scheme: 'bearer', type: 'http' },
55
52
  {
56
- key: 'jwtAuth',
57
- scheme: 'bearer',
58
- type: 'http'
53
+ in: 'cookie',
54
+ name: 'sessionid',
55
+ type: 'apiKey'
59
56
  },
57
+ { name: 'X-API-Key', type: 'apiKey' }
58
+ ],
59
+ url: '/cfg/accounts/api-key/regenerate/',
60
+ ...options,
61
+ headers: {
62
+ 'Content-Type': 'application/json',
63
+ ...options.headers
64
+ }
65
+ });
66
+ }
67
+
68
+ /**
69
+ * Reveal API key
70
+ *
71
+ * Return the current full API key WITHOUT rotating it. The same durable value every one of the user's agents uses — for the signed-in user to copy and paste into agent onboarding. Default GET stays masked; this is the explicit reveal action.
72
+ */
73
+ public static cfgAccountsApiKeyRevealCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsApiKeyRevealCreateData, ThrowOnError>): RequestResult<CfgAccountsApiKeyRevealCreateResponses, CfgAccountsApiKeyRevealCreateErrors, ThrowOnError> {
74
+ return (options.client ?? client).post<CfgAccountsApiKeyRevealCreateResponses, CfgAccountsApiKeyRevealCreateErrors, ThrowOnError>({
75
+ security: [
76
+ { scheme: 'bearer', type: 'http' },
60
77
  {
61
78
  in: 'cookie',
62
79
  name: 'sessionid',
@@ -64,7 +81,7 @@ export class CfgAccountsApiKey {
64
81
  },
65
82
  { name: 'X-API-Key', type: 'apiKey' }
66
83
  ],
67
- url: '/cfg/accounts/api-key/regenerate/',
84
+ url: '/cfg/accounts/api-key/reveal/',
68
85
  ...options,
69
86
  headers: {
70
87
  'Content-Type': 'application/json',
@@ -81,11 +98,7 @@ export class CfgAccountsApiKey {
81
98
  public static cfgAccountsApiKeyTestCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsApiKeyTestCreateData, ThrowOnError>): RequestResult<CfgAccountsApiKeyTestCreateResponses, unknown, ThrowOnError> {
82
99
  return (options.client ?? client).post<CfgAccountsApiKeyTestCreateResponses, unknown, ThrowOnError>({
83
100
  security: [
84
- {
85
- key: 'jwtAuth',
86
- scheme: 'bearer',
87
- type: 'http'
88
- },
101
+ { scheme: 'bearer', type: 'http' },
89
102
  {
90
103
  in: 'cookie',
91
104
  name: 'sessionid',
@@ -111,11 +124,7 @@ export class CfgAccountsOauth {
111
124
  */
112
125
  public static cfgAccountsOauthConnectionsList<ThrowOnError extends boolean = false>(options?: Options<CfgAccountsOauthConnectionsListData, ThrowOnError>): RequestResult<CfgAccountsOauthConnectionsListResponses, unknown, ThrowOnError> {
113
126
  return (options?.client ?? client).get<CfgAccountsOauthConnectionsListResponses, unknown, ThrowOnError>({
114
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
115
- key: 'jwtAuthWithLastLogin',
116
- scheme: 'bearer',
117
- type: 'http'
118
- }],
127
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
119
128
  url: '/cfg/accounts/oauth/connections/',
120
129
  ...options
121
130
  });
@@ -128,11 +137,7 @@ export class CfgAccountsOauth {
128
137
  */
129
138
  public static cfgAccountsOauthDisconnectCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsOauthDisconnectCreateData, ThrowOnError>): RequestResult<CfgAccountsOauthDisconnectCreateResponses, CfgAccountsOauthDisconnectCreateErrors, ThrowOnError> {
130
139
  return (options.client ?? client).post<CfgAccountsOauthDisconnectCreateResponses, CfgAccountsOauthDisconnectCreateErrors, ThrowOnError>({
131
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
132
- key: 'jwtAuthWithLastLogin',
133
- scheme: 'bearer',
134
- type: 'http'
135
- }],
140
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
136
141
  url: '/cfg/accounts/oauth/disconnect/',
137
142
  ...options,
138
143
  headers: {
@@ -190,11 +195,7 @@ export class CfgAccounts {
190
195
  */
191
196
  public static cfgAccountsOtpRequestCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsOtpRequestCreateData, ThrowOnError>): RequestResult<CfgAccountsOtpRequestCreateResponses, CfgAccountsOtpRequestCreateErrors, ThrowOnError> {
192
197
  return (options.client ?? client).post<CfgAccountsOtpRequestCreateResponses, CfgAccountsOtpRequestCreateErrors, ThrowOnError>({
193
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
194
- key: 'jwtAuthWithLastLogin',
195
- scheme: 'bearer',
196
- type: 'http'
197
- }],
198
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
198
199
  url: '/cfg/accounts/otp/request/',
199
200
  ...options,
200
201
  headers: {
@@ -216,11 +217,7 @@ export class CfgAccounts {
216
217
  */
217
218
  public static cfgAccountsOtpVerifyCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsOtpVerifyCreateData, ThrowOnError>): RequestResult<CfgAccountsOtpVerifyCreateResponses, CfgAccountsOtpVerifyCreateErrors, ThrowOnError> {
218
219
  return (options.client ?? client).post<CfgAccountsOtpVerifyCreateResponses, CfgAccountsOtpVerifyCreateErrors, ThrowOnError>({
219
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
220
- key: 'jwtAuthWithLastLogin',
221
- scheme: 'bearer',
222
- type: 'http'
223
- }],
220
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
224
221
  url: '/cfg/accounts/otp/verify/',
225
222
  ...options,
226
223
  headers: {
@@ -239,11 +236,7 @@ export class CfgAccountsProfile {
239
236
  */
240
237
  public static cfgAccountsProfileRetrieve<ThrowOnError extends boolean = false>(options?: Options<CfgAccountsProfileRetrieveData, ThrowOnError>): RequestResult<CfgAccountsProfileRetrieveResponses, CfgAccountsProfileRetrieveErrors, ThrowOnError> {
241
238
  return (options?.client ?? client).get<CfgAccountsProfileRetrieveResponses, CfgAccountsProfileRetrieveErrors, ThrowOnError>({
242
- security: [{
243
- key: 'jwtAuth',
244
- scheme: 'bearer',
245
- type: 'http'
246
- }, {
239
+ security: [{ scheme: 'bearer', type: 'http' }, {
247
240
  in: 'cookie',
248
241
  name: 'sessionid',
249
242
  type: 'apiKey'
@@ -261,11 +254,7 @@ export class CfgAccountsProfile {
261
254
  public static cfgAccountsProfileAvatarCreate<ThrowOnError extends boolean = false>(options?: Options<CfgAccountsProfileAvatarCreateData, ThrowOnError>): RequestResult<CfgAccountsProfileAvatarCreateResponses, CfgAccountsProfileAvatarCreateErrors, ThrowOnError> {
262
255
  return (options?.client ?? client).post<CfgAccountsProfileAvatarCreateResponses, CfgAccountsProfileAvatarCreateErrors, ThrowOnError>({
263
256
  ...formDataBodySerializer,
264
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
265
- key: 'jwtAuthWithLastLogin',
266
- scheme: 'bearer',
267
- type: 'http'
268
- }],
257
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
269
258
  url: '/cfg/accounts/profile/avatar/',
270
259
  ...options,
271
260
  headers: {
@@ -292,11 +281,7 @@ export class CfgAccountsProfile {
292
281
  */
293
282
  public static cfgAccountsProfileDeleteCreate<ThrowOnError extends boolean = false>(options?: Options<CfgAccountsProfileDeleteCreateData, ThrowOnError>): RequestResult<CfgAccountsProfileDeleteCreateResponses, CfgAccountsProfileDeleteCreateErrors, ThrowOnError> {
294
283
  return (options?.client ?? client).post<CfgAccountsProfileDeleteCreateResponses, CfgAccountsProfileDeleteCreateErrors, ThrowOnError>({
295
- security: [{
296
- key: 'jwtAuth',
297
- scheme: 'bearer',
298
- type: 'http'
299
- }, {
284
+ security: [{ scheme: 'bearer', type: 'http' }, {
300
285
  in: 'cookie',
301
286
  name: 'sessionid',
302
287
  type: 'apiKey'
@@ -313,11 +298,7 @@ export class CfgAccountsProfile {
313
298
  */
314
299
  public static cfgAccountsProfilePartialPartialUpdate<ThrowOnError extends boolean = false>(options?: Options<CfgAccountsProfilePartialPartialUpdateData, ThrowOnError>): RequestResult<CfgAccountsProfilePartialPartialUpdateResponses, CfgAccountsProfilePartialPartialUpdateErrors, ThrowOnError> {
315
300
  return (options?.client ?? client).patch<CfgAccountsProfilePartialPartialUpdateResponses, CfgAccountsProfilePartialPartialUpdateErrors, ThrowOnError>({
316
- security: [{
317
- key: 'jwtAuth',
318
- scheme: 'bearer',
319
- type: 'http'
320
- }, {
301
+ security: [{ scheme: 'bearer', type: 'http' }, {
321
302
  in: 'cookie',
322
303
  name: 'sessionid',
323
304
  type: 'apiKey'
@@ -338,11 +319,7 @@ export class CfgAccountsProfile {
338
319
  */
339
320
  public static cfgAccountsProfilePartialUpdate<ThrowOnError extends boolean = false>(options?: Options<CfgAccountsProfilePartialUpdateData, ThrowOnError>): RequestResult<CfgAccountsProfilePartialUpdateResponses, CfgAccountsProfilePartialUpdateErrors, ThrowOnError> {
340
321
  return (options?.client ?? client).put<CfgAccountsProfilePartialUpdateResponses, CfgAccountsProfilePartialUpdateErrors, ThrowOnError>({
341
- security: [{
342
- key: 'jwtAuth',
343
- scheme: 'bearer',
344
- type: 'http'
345
- }, {
322
+ security: [{ scheme: 'bearer', type: 'http' }, {
346
323
  in: 'cookie',
347
324
  name: 'sessionid',
348
325
  type: 'apiKey'
@@ -363,11 +340,7 @@ export class CfgAccountsProfile {
363
340
  */
364
341
  public static cfgAccountsProfileUpdatePartialUpdate<ThrowOnError extends boolean = false>(options?: Options<CfgAccountsProfileUpdatePartialUpdateData, ThrowOnError>): RequestResult<CfgAccountsProfileUpdatePartialUpdateResponses, CfgAccountsProfileUpdatePartialUpdateErrors, ThrowOnError> {
365
342
  return (options?.client ?? client).patch<CfgAccountsProfileUpdatePartialUpdateResponses, CfgAccountsProfileUpdatePartialUpdateErrors, ThrowOnError>({
366
- security: [{
367
- key: 'jwtAuth',
368
- scheme: 'bearer',
369
- type: 'http'
370
- }, {
343
+ security: [{ scheme: 'bearer', type: 'http' }, {
371
344
  in: 'cookie',
372
345
  name: 'sessionid',
373
346
  type: 'apiKey'
@@ -388,11 +361,7 @@ export class CfgAccountsProfile {
388
361
  */
389
362
  public static cfgAccountsProfileUpdateUpdate<ThrowOnError extends boolean = false>(options?: Options<CfgAccountsProfileUpdateUpdateData, ThrowOnError>): RequestResult<CfgAccountsProfileUpdateUpdateResponses, CfgAccountsProfileUpdateUpdateErrors, ThrowOnError> {
390
363
  return (options?.client ?? client).put<CfgAccountsProfileUpdateUpdateResponses, CfgAccountsProfileUpdateUpdateErrors, ThrowOnError>({
391
- security: [{
392
- key: 'jwtAuth',
393
- scheme: 'bearer',
394
- type: 'http'
395
- }, {
364
+ security: [{ scheme: 'bearer', type: 'http' }, {
396
365
  in: 'cookie',
397
366
  name: 'sessionid',
398
367
  type: 'apiKey'
@@ -410,6 +379,12 @@ export class CfgAccountsProfile {
410
379
  export class CfgAccountsAuth {
411
380
  /**
412
381
  * Refresh JWT token.
382
+ *
383
+ * DPoP-aware: when the incoming refresh token is key-bound (`cnf.jkt`), the
384
+ * rotated access/refresh in the response are re-stamped with the same `cnf`
385
+ * (stock SimpleJWT drops it from the derived access), and a matching DPoP
386
+ * proof is required on the refresh request — so a stolen refresh token can't
387
+ * be used to mint fresh tokens.
413
388
  */
414
389
  public static cfgAccountsTokenRefreshCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsTokenRefreshCreateData, ThrowOnError>): RequestResult<CfgAccountsTokenRefreshCreateResponses, unknown, ThrowOnError> {
415
390
  return (options.client ?? client).post<CfgAccountsTokenRefreshCreateResponses, unknown, ThrowOnError>({
@@ -431,11 +406,7 @@ export class CfgCentrifugo {
431
406
  */
432
407
  public static cfgCentrifugoAuthTokenRetrieve<ThrowOnError extends boolean = false>(options?: Options<CfgCentrifugoAuthTokenRetrieveData, ThrowOnError>): RequestResult<CfgCentrifugoAuthTokenRetrieveResponses, CfgCentrifugoAuthTokenRetrieveErrors, ThrowOnError> {
433
408
  return (options?.client ?? client).get<CfgCentrifugoAuthTokenRetrieveResponses, CfgCentrifugoAuthTokenRetrieveErrors, ThrowOnError>({
434
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
435
- key: 'jwtAuthWithLastLogin',
436
- scheme: 'bearer',
437
- type: 'http'
438
- }],
409
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
439
410
  url: '/cfg/centrifugo/auth/token/',
440
411
  ...options
441
412
  });
@@ -448,11 +419,7 @@ export class CfgTotpBackupCodes {
448
419
  */
449
420
  public static cfgTotpBackupCodesRetrieve<ThrowOnError extends boolean = false>(options?: Options<CfgTotpBackupCodesRetrieveData, ThrowOnError>): RequestResult<CfgTotpBackupCodesRetrieveResponses, unknown, ThrowOnError> {
450
421
  return (options?.client ?? client).get<CfgTotpBackupCodesRetrieveResponses, unknown, ThrowOnError>({
451
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
452
- key: 'jwtAuthWithLastLogin',
453
- scheme: 'bearer',
454
- type: 'http'
455
- }],
422
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
456
423
  url: '/cfg/totp/backup-codes/',
457
424
  ...options
458
425
  });
@@ -466,11 +433,7 @@ export class CfgTotpBackupCodes {
466
433
  */
467
434
  public static cfgTotpBackupCodesRegenerateCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpBackupCodesRegenerateCreateData, ThrowOnError>): RequestResult<CfgTotpBackupCodesRegenerateCreateResponses, CfgTotpBackupCodesRegenerateCreateErrors, ThrowOnError> {
468
435
  return (options.client ?? client).post<CfgTotpBackupCodesRegenerateCreateResponses, CfgTotpBackupCodesRegenerateCreateErrors, ThrowOnError>({
469
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
470
- key: 'jwtAuthWithLastLogin',
471
- scheme: 'bearer',
472
- type: 'http'
473
- }],
436
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
474
437
  url: '/cfg/totp/backup-codes/regenerate/',
475
438
  ...options,
476
439
  headers: {
@@ -487,11 +450,7 @@ export class CfgTotp {
487
450
  */
488
451
  public static cfgTotpDevicesRetrieve<ThrowOnError extends boolean = false>(options?: Options<CfgTotpDevicesRetrieveData, ThrowOnError>): RequestResult<CfgTotpDevicesRetrieveResponses, unknown, ThrowOnError> {
489
452
  return (options?.client ?? client).get<CfgTotpDevicesRetrieveResponses, unknown, ThrowOnError>({
490
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
491
- key: 'jwtAuthWithLastLogin',
492
- scheme: 'bearer',
493
- type: 'http'
494
- }],
453
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
495
454
  url: '/cfg/totp/devices/',
496
455
  ...options
497
456
  });
@@ -504,11 +463,7 @@ export class CfgTotp {
504
463
  */
505
464
  public static cfgTotpDevicesDestroy<ThrowOnError extends boolean = false>(options: Options<CfgTotpDevicesDestroyData, ThrowOnError>): RequestResult<CfgTotpDevicesDestroyResponses, unknown, ThrowOnError> {
506
465
  return (options.client ?? client).delete<CfgTotpDevicesDestroyResponses, unknown, ThrowOnError>({
507
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
508
- key: 'jwtAuthWithLastLogin',
509
- scheme: 'bearer',
510
- type: 'http'
511
- }],
466
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
512
467
  url: '/cfg/totp/devices/{id}/',
513
468
  ...options
514
469
  });
@@ -521,11 +476,7 @@ export class CfgTotp {
521
476
  */
522
477
  public static cfgTotpDisableCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpDisableCreateData, ThrowOnError>): RequestResult<CfgTotpDisableCreateResponses, CfgTotpDisableCreateErrors, ThrowOnError> {
523
478
  return (options.client ?? client).post<CfgTotpDisableCreateResponses, CfgTotpDisableCreateErrors, ThrowOnError>({
524
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
525
- key: 'jwtAuthWithLastLogin',
526
- scheme: 'bearer',
527
- type: 'http'
528
- }],
479
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
529
480
  url: '/cfg/totp/disable/',
530
481
  ...options,
531
482
  headers: {
@@ -544,11 +495,7 @@ export class CfgTotpSetup {
544
495
  */
545
496
  public static cfgTotpSetupCreate<ThrowOnError extends boolean = false>(options?: Options<CfgTotpSetupCreateData, ThrowOnError>): RequestResult<CfgTotpSetupCreateResponses, CfgTotpSetupCreateErrors, ThrowOnError> {
546
497
  return (options?.client ?? client).post<CfgTotpSetupCreateResponses, CfgTotpSetupCreateErrors, ThrowOnError>({
547
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
548
- key: 'jwtAuthWithLastLogin',
549
- scheme: 'bearer',
550
- type: 'http'
551
- }],
498
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
552
499
  url: '/cfg/totp/setup/',
553
500
  ...options,
554
501
  headers: {
@@ -565,11 +512,7 @@ export class CfgTotpSetup {
565
512
  */
566
513
  public static cfgTotpSetupConfirmCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpSetupConfirmCreateData, ThrowOnError>): RequestResult<CfgTotpSetupConfirmCreateResponses, CfgTotpSetupConfirmCreateErrors, ThrowOnError> {
567
514
  return (options.client ?? client).post<CfgTotpSetupConfirmCreateResponses, CfgTotpSetupConfirmCreateErrors, ThrowOnError>({
568
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
569
- key: 'jwtAuthWithLastLogin',
570
- scheme: 'bearer',
571
- type: 'http'
572
- }],
515
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
573
516
  url: '/cfg/totp/setup/confirm/',
574
517
  ...options,
575
518
  headers: {
@@ -588,11 +531,7 @@ export class CfgTotpVerify {
588
531
  */
589
532
  public static cfgTotpVerifyCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpVerifyCreateData, ThrowOnError>): RequestResult<CfgTotpVerifyCreateResponses, CfgTotpVerifyCreateErrors, ThrowOnError> {
590
533
  return (options.client ?? client).post<CfgTotpVerifyCreateResponses, CfgTotpVerifyCreateErrors, ThrowOnError>({
591
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
592
- key: 'jwtAuthWithLastLogin',
593
- scheme: 'bearer',
594
- type: 'http'
595
- }],
534
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
596
535
  url: '/cfg/totp/verify/',
597
536
  ...options,
598
537
  headers: {
@@ -609,11 +548,7 @@ export class CfgTotpVerify {
609
548
  */
610
549
  public static cfgTotpVerifyBackupCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpVerifyBackupCreateData, ThrowOnError>): RequestResult<CfgTotpVerifyBackupCreateResponses, CfgTotpVerifyBackupCreateErrors, ThrowOnError> {
611
550
  return (options.client ?? client).post<CfgTotpVerifyBackupCreateResponses, CfgTotpVerifyBackupCreateErrors, ThrowOnError>({
612
- security: [{ name: 'X-API-Key', type: 'apiKey' }, {
613
- key: 'jwtAuthWithLastLogin',
614
- scheme: 'bearer',
615
- type: 'http'
616
- }],
551
+ security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
617
552
  url: '/cfg/totp/verify/backup/',
618
553
  ...options,
619
554
  headers: {
@@ -54,6 +54,24 @@ export type ApiKeyRequest = {
54
54
  created_at: string;
55
55
  };
56
56
 
57
+ /**
58
+ * Serializer for revealing the current (unrotated) full API key.
59
+ */
60
+ export type ApiKeyReveal = {
61
+ /**
62
+ * Full API key (current value, not rotated)
63
+ */
64
+ key: string;
65
+ /**
66
+ * When the key was created
67
+ */
68
+ created_at: string;
69
+ /**
70
+ * When the key was last regenerated
71
+ */
72
+ reissued_at: string | null;
73
+ };
74
+
57
75
  /**
58
76
  * Serializer for testing an API key.
59
77
  */
@@ -930,6 +948,26 @@ export type CfgAccountsApiKeyRegenerateCreateResponses = {
930
948
 
931
949
  export type CfgAccountsApiKeyRegenerateCreateResponse = CfgAccountsApiKeyRegenerateCreateResponses[keyof CfgAccountsApiKeyRegenerateCreateResponses];
932
950
 
951
+ export type CfgAccountsApiKeyRevealCreateData = {
952
+ body: ApiKeyRequest;
953
+ path?: never;
954
+ query?: never;
955
+ url: '/cfg/accounts/api-key/reveal/';
956
+ };
957
+
958
+ export type CfgAccountsApiKeyRevealCreateErrors = {
959
+ /**
960
+ * Authentication credentials were not provided.
961
+ */
962
+ 401: unknown;
963
+ };
964
+
965
+ export type CfgAccountsApiKeyRevealCreateResponses = {
966
+ 200: ApiKeyReveal;
967
+ };
968
+
969
+ export type CfgAccountsApiKeyRevealCreateResponse = CfgAccountsApiKeyRevealCreateResponses[keyof CfgAccountsApiKeyRevealCreateResponses];
970
+
933
971
  export type CfgAccountsApiKeyTestCreateData = {
934
972
  body: ApiKeyTestRequest;
935
973
  path?: never;
@@ -4,6 +4,7 @@ import { useCallback, useState } from 'react';
4
4
 
5
5
  import { useCfgAccountsApiKeyRegenerateCreate } from '../_api/generated/_cfg_accounts/hooks/useCfgAccountsApiKeyRegenerateCreate';
6
6
  import { useCfgAccountsApiKeyRetrieve } from '../_api/generated/_cfg_accounts/hooks/useCfgAccountsApiKeyRetrieve';
7
+ import { useCfgAccountsApiKeyRevealCreate } from '../_api/generated/_cfg_accounts/hooks/useCfgAccountsApiKeyRevealCreate';
7
8
  import { useCfgAccountsApiKeyTestCreate } from '../_api/generated/_cfg_accounts/hooks/useCfgAccountsApiKeyTestCreate';
8
9
 
9
10
  export interface ApiKeyTestResult {
@@ -12,12 +13,25 @@ export interface ApiKeyTestResult {
12
13
  }
13
14
 
14
15
  export interface UseApiKeyReturn {
16
+ /**
17
+ * The key to display. Masked by default (from retrieve). Becomes the FULL
18
+ * value after `reveal()` or `regenerate()` resolves, so the user can copy it.
19
+ */
15
20
  apiKey: string | null;
21
+ /** True once `reveal()`/`regenerate()` has surfaced the full (unmasked) key. */
22
+ isRevealed: boolean;
16
23
  reissuedAt: string | null;
17
24
  createdAt: string | null;
18
25
  isLoading: boolean;
26
+ isRevealing: boolean;
19
27
  isRegenerating: boolean;
20
28
  isTesting: boolean;
29
+ /**
30
+ * Fetch the current full key WITHOUT rotating it (the durable value every one
31
+ * of the user's agents uses). Use this to let the user copy their key for
32
+ * agent onboarding — `regenerate()` would invalidate the agents already using it.
33
+ */
34
+ reveal: () => Promise<void>;
21
35
  regenerate: () => Promise<void>;
22
36
  testKey: (key: string) => Promise<ApiKeyTestResult>;
23
37
  refresh: () => void;
@@ -25,17 +39,28 @@ export interface UseApiKeyReturn {
25
39
 
26
40
  export function useApiKey(): UseApiKeyReturn {
27
41
  const { data, isLoading, mutate } = useCfgAccountsApiKeyRetrieve();
42
+ const { trigger: revealTrigger, isMutating: isRevealing } = useCfgAccountsApiKeyRevealCreate();
28
43
  const { trigger: regenerateTrigger, isMutating: isRegenerating } = useCfgAccountsApiKeyRegenerateCreate();
29
44
  const { trigger: testTrigger, isMutating: isTesting } = useCfgAccountsApiKeyTestCreate();
30
45
 
31
- // After regenerate, the POST response contains the FULL key (shown once).
32
- // We store it separately so the user can copy it before we refetch.
46
+ // reveal/regenerate POST responses contain the FULL key. We store it
47
+ // separately so the user can copy it before (or instead of) a masked refetch.
33
48
  const [freshKey, setFreshKey] = useState<string | null>(null);
34
49
 
35
50
  const apiKey = freshKey ?? (data?.key ?? null);
51
+ const isRevealed = freshKey !== null;
36
52
  const reissuedAt = (data as Record<string, unknown> | undefined)?.reissued_at as string | null ?? null;
37
53
  const createdAt = (data as Record<string, unknown> | undefined)?.created_at as string | null ?? null;
38
54
 
55
+ const reveal = useCallback(async () => {
56
+ const result = await revealTrigger({} as never);
57
+ // The reveal response has the current full key — surface it WITHOUT rotating.
58
+ const fullKey = (result as Record<string, unknown> | undefined)?.key as string | undefined;
59
+ if (fullKey) {
60
+ setFreshKey(fullKey);
61
+ }
62
+ }, [revealTrigger]);
63
+
39
64
  const regenerate = useCallback(async () => {
40
65
  const result = await regenerateTrigger({} as never);
41
66
  // The POST response has the full key — surface it immediately.
@@ -61,11 +86,14 @@ export function useApiKey(): UseApiKeyReturn {
61
86
 
62
87
  return {
63
88
  apiKey,
89
+ isRevealed,
64
90
  reissuedAt,
65
91
  createdAt,
66
92
  isLoading,
93
+ isRevealing,
67
94
  isRegenerating,
68
95
  isTesting,
96
+ reveal,
69
97
  regenerate,
70
98
  testKey,
71
99
  refresh,