@meeco/svx-api-sdk 1.0.0-stage.20231211153548.58a6d84 → 1.0.0-stage.20240301124316.cffdd63

package/lib/esm/models/VCGenerateCredentialDtoClaims.js

@@ -0,0 +1,40 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * SVX API
+ * No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
+ *
+ * The version of the OpenAPI document: 1.3.1
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+import { exists } from '../runtime';
+import { VCCnfDtoFromJSON, VCCnfDtoToJSON, } from './VCCnfDto';
+/**
+ * Check if a given object implements the VCGenerateCredentialDtoClaims interface.
+ */
+export function instanceOfVCGenerateCredentialDtoClaims(value) {
+    let isInstance = true;
+    return isInstance;
+}
+export function VCGenerateCredentialDtoClaimsFromJSON(json) {
+    return VCGenerateCredentialDtoClaimsFromJSONTyped(json, false);
+}
+export function VCGenerateCredentialDtoClaimsFromJSONTyped(json, ignoreDiscriminator) {
+    if ((json === undefined) || (json === null)) {
+        return json;
+    }
+    return Object.assign(Object.assign({}, json), { 'id': !exists(json, 'id') ? undefined : json['id'], 'cnf': !exists(json, 'cnf') ? undefined : VCCnfDtoFromJSON(json['cnf']) });
+}
+export function VCGenerateCredentialDtoClaimsToJSON(value) {
+    if (value === undefined) {
+        return undefined;
+    }
+    if (value === null) {
+        return null;
+    }
+    return Object.assign(Object.assign({}, value), { 'id': value.id, 'cnf': VCCnfDtoToJSON(value.cnf) });
+}

package/lib/esm/models/VCIdTokenVerificationResultResponseDto.js

@@ -21,7 +21,8 @@ export const VCIdTokenVerificationResultResponseDtoChecksEnum = {
     Expiration: 'expiration',
     Nonce: 'nonce',
     Schema: 'schema',
-    RevocationStatus: 'revocation_status'
+    RevocationStatus: 'revocation_status',
+    Constraints: 'constraints'
 };
 /**
  * Check if a given object implements the VCIdTokenVerificationResultResponseDto interface.

package/lib/esm/models/VCOldPresentationRequestResponseVerificationResultResponseDto.js

@@ -21,7 +21,8 @@ export const VCOldPresentationRequestResponseVerificationResultResponseDtoChecks
     Expiration: 'expiration',
     Nonce: 'nonce',
     Schema: 'schema',
-    RevocationStatus: 'revocation_status'
+    RevocationStatus: 'revocation_status',
+    Constraints: 'constraints'
 };
 /**
  * Check if a given object implements the VCOldPresentationRequestResponseVerificationResultResponseDto interface.

package/lib/esm/models/VCPresentationRequestResponseVerificationOptionsDto.js

@@ -19,7 +19,8 @@ import { VCRequestVerificationOptionsDtoFromJSON, VCRequestVerificationOptionsDt
  * @export
  */
 export const VCPresentationRequestResponseVerificationOptionsDtoChecksEnum = {
-    Format: 'format'
+    Format: 'format',
+    Constraints: 'constraints'
 };
 /**
  * Check if a given object implements the VCPresentationRequestResponseVerificationOptionsDto interface.

package/lib/esm/models/VCPresentationRequestResponseVerificationResultResponseDto.js

@@ -24,7 +24,8 @@ export const VCPresentationRequestResponseVerificationResultResponseDtoChecksEnu
     Expiration: 'expiration',
     Nonce: 'nonce',
     Schema: 'schema',
-    RevocationStatus: 'revocation_status'
+    RevocationStatus: 'revocation_status',
+    Constraints: 'constraints'
 };
 /**
  * Check if a given object implements the VCPresentationRequestResponseVerificationResultResponseDto interface.

package/lib/esm/models/VCPresentationRequestUpdateVerificationResultRequestDto.js

@@ -24,7 +24,8 @@ export const VCPresentationRequestUpdateVerificationResultRequestDtoChecksEnum =
     Expiration: 'expiration',
     Nonce: 'nonce',
     Schema: 'schema',
-    RevocationStatus: 'revocation_status'
+    RevocationStatus: 'revocation_status',
+    Constraints: 'constraints'
 };
 /**
  * Check if a given object implements the VCPresentationRequestUpdateVerificationResultRequestDto interface.

package/lib/esm/models/VCPresentationRequestVerificationResultResponseDto.js

@@ -21,7 +21,8 @@ export const VCPresentationRequestVerificationResultResponseDtoChecksEnum = {
     Expiration: 'expiration',
     Nonce: 'nonce',
     Schema: 'schema',
-    RevocationStatus: 'revocation_status'
+    RevocationStatus: 'revocation_status',
+    Constraints: 'constraints'
 };
 /**
  * Check if a given object implements the VCPresentationRequestVerificationResultResponseDto interface.

package/lib/esm/models/VCPresentationVerificationOptionsDto.js

@@ -19,7 +19,8 @@ export const VCPresentationVerificationOptionsDtoChecksEnum = {
     Format: 'format',
     Signature: 'signature',
     Expiration: 'expiration',
-    Nonce: 'nonce'
+    Nonce: 'nonce',
+    Constraints: 'constraints'
 };
 /**
  * Check if a given object implements the VCPresentationVerificationOptionsDto interface.

package/lib/esm/models/VCPresentationVerificationResultResponseDto.js

@@ -22,7 +22,8 @@ export const VCPresentationVerificationResultResponseDtoChecksEnum = {
     Expiration: 'expiration',
     Nonce: 'nonce',
     Schema: 'schema',
-    RevocationStatus: 'revocation_status'
+    RevocationStatus: 'revocation_status',
+    Constraints: 'constraints'
 };
 /**
  * Check if a given object implements the VCPresentationVerificationResultResponseDto interface.

package/lib/esm/models/index.js

@@ -2,6 +2,8 @@
 /* eslint-disable */
 export * from './ATOMActiveAndArchivedOrgList';
 export * from './ATOMAdmin';
+export * from './ATOMAdministeredArchivedOrg';
+export * from './ATOMAdministeredOrg';
 export * from './ATOMAgentList';
 export * from './ATOMAgentToken';
 export * from './ATOMApplicationVersion';
@@ -25,7 +27,6 @@ export * from './ATOMOneUser';
 export * from './ATOMOrg';
 export * from './ATOMOrgAgent';
 export * from './ATOMOrgDescription';
-export * from './ATOMOrgIdAndName';
 export * from './ATOMOrgList';
 export * from './ATOMPaginatedAdminList';
 export * from './ATOMPaginatedOrgList';
@@ -151,6 +152,7 @@ export * from './IDPEndUserResponseModelDto';
 export * from './IDPEndUsersResponseDto';
 export * from './IDPErrorResponseModel';
 export * from './IDPErrorsResponseModelDto';
+export * from './IDPForgotPasswordDto';
 export * from './IDPGenerateShortLivedAccessTokenDto';
 export * from './IDPGenerateShortLivedAccessTokenPayloadDto';
 export * from './IDPInvitationResponseDto';
@@ -161,6 +163,7 @@ export * from './IDPJwtIssuerJWKSKeys';
 export * from './IDPJwtIssuerResponseDto';
 export * from './IDPLoginRequestDto';
 export * from './IDPMeta';
+export * from './IDPResetPasswordDto';
 export * from './IDPUpdateClientDto';
 export * from './IDPUpdateClientPayloadDto';
 export * from './IDPUserDto';
@@ -248,6 +251,7 @@ export * from './ShreIntentListResponse';
 export * from './UpdateDelegationsRequest';
 export * from './VCApp';
 export * from './VCAppSignal';
+export * from './VCClaimsDto';
 export * from './VCCnfDto';
 export * from './VCComponent';
 export * from './VCConstraintsDto';
@@ -280,9 +284,11 @@ export * from './VCDatabase';
 export * from './VCErrorResponseDto';
 export * from './VCErrorsResponseDto';
 export * from './VCFieldsDto';
+export * from './VCFieldsDtoFilter';
+export * from './VCFilterDto';
 export * from './VCFormatDto';
 export * from './VCGenerateCredentialDto';
-export * from './VCGenerateCredentialDtoCnf';
+export * from './VCGenerateCredentialDtoClaims';
 export * from './VCGenerateCredentialPayloadDto';
 export * from './VCGeneratePresentationDto';
 export * from './VCGeneratePresentationPayloadDto';

package/lib/types/apis/OrganisationsApi.d.ts

@@ -102,6 +102,7 @@ export interface TenantsTenantIdOrgsPostRequest {
     tenantId: string;
     aTOMCreateOrUpdateOrgRequest: ATOMCreateOrUpdateOrgRequest;
     noFirstUser?: boolean;
+    addAllExternalSecurityRights?: boolean;
 }
 export interface VisibleOrgsGetRequest {
     tenantId?: string;
@@ -309,7 +310,7 @@ export declare class OrganisationsApi extends runtime.BaseAPI {
      *   Create an organisation.    In order to execute this action the current user must have security right `atom:tenant:create_org` for the tenant with the ID in parameter `tenant_id`.
      * Create an organisation
      */
-    tenantsTenantIdOrgsPost(tenantId: string, aTOMCreateOrUpdateOrgRequest: ATOMCreateOrUpdateOrgRequest, noFirstUser?: boolean, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<ATOMOneOrg>;
+    tenantsTenantIdOrgsPost(tenantId: string, aTOMCreateOrUpdateOrgRequest: ATOMCreateOrUpdateOrgRequest, noFirstUser?: boolean, addAllExternalSecurityRights?: boolean, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<ATOMOneOrg>;
     /**
      *   Show a list of organisations which the current user can see. These are the following organisations:    * If the current user has global security right `atom:global:view_all_tenants`, all organisations are shown   * Organisations of all tenants for which the current user has tenant security right `atom:tenant:view_tenant_orgs`   * Organisations for which current user is an admin and has security right `atom:org:view_org`    Can take optional parameter `tenant_id` which will restrict the list of organisations to one tenant only.
      * Show a list of organisations which current user can see.

package/lib/types/apis/SharesApi.d.ts

@@ -183,22 +183,22 @@ export declare class SharesApi extends runtime.BaseAPI {
      */
     itemsIdSharesGet(id: string, meecoDelegationId?: string, meecoOrganisationId?: string, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<GetItemSharesResponse>;
     /**
-     * Share your item with connected users.  Each share can be a share of all slots of the item, in that case `slot_id` is `NULL`, or it can be a share of just one slot. In this case `slot_id` references one of the slots of the item.  There are 3 users involved in each share:  * owner - the owner of the shared item * sender -  the user who shares data. Can be the owner or one of the recipients * recipient - the user who recieves the shared data.   Whether a non-owner may on-share a shared slot is defined in field `onsharing_permitted`.  Only the owner of the item can set `onsharing_permitted` to `true`. If `onsharing_permitted` is `false`, the recipient may on-share the item, but when that recipient creates an on-share, `onsharing_permitted` in that on-share is forced to be `false`. In other words, the depth of on-sharing in limited to 3:       OWNER ==> RECIPIENT AND SENDER ==>  RECIPIENT    Some shares require that the recipient accepts the terms of the share. Until the terms are not accepted the share DEK is hidden.   Data in slots is initially encrypted with the DEK in field `encrypted_dek`. The DEK in `encrypted_dek` is encrypted with the public key of the share recipient. When processing a share the client application is expected to decrypt the slot data and re-encrypt with the private DEK.  A public key of the recipient is needed to encrypt the share DEK. Updating all shares of the same item is performed by the owner in one go. In a situation when a share has been created by a recipient, not the owner, and there is no connection between the owner and the recipient, the owner has no access to a public key of the recipient. In order to address this problem when a share is created we also add fields `public_key` and `keypair_external_id` from the connection record between the recipient and the sender. `keypair_external_id` identifies the keypair that the public key belongs to.  When a recipient of a share on-shares the data with someone else, nothing prevents him/her to encrypt some other data instead of the original data. We need a way to enforce integrity of on-shares. We do this with help of HMAC - hash-based message authentication code obtained by running a cryptographic hash function over the data and a shared secret key.    Two fields in each slot are used for this purpose: * `encrypted_value_verification_key` - is a value verification key encrypted in the same way as the value itself: with the share DEK * `value_verification_hash` - the result of the HMAC function run on the slot value using `encrypted_value_verification_key`. `value_verification_hash` is stored as-is, unencrypted.   Only the owner of the data may send `encrypted_value_verification_key` when creating or updating the share. When other senders create a share, `encrypted_value_verification_key` must be `NULL`.  `value_verification_hash` may and should be sent by every sender, owner or not, because `value_verification_hash` must be re-encrypted with the share DEK for each share.  If the sender replaces `encrypted_value_verification_key` and/or the slot value, this will break the client-side verification against `encrypted_value_verification_key`. Field `encrypted_value` may be `NULL`. If `encrypted_value` is `NULL`, then `encrypted_value_verification_key` and `value_verification_hash` may also be `NULL`. If `encrypted_value` is present, then `encrypted_value_verification_key` and `value_verification_hash` are mandatory.
+     * Share your item with connected users.  Each share can be a share of all slots of the item, in that case `slot_id` is `NULL`, or it can be a share of just one slot. In this case `slot_id` references one of the slots of the item.  There are 3 users involved in each share:  * owner - the owner of the shared item * sender -  the user who shares data. Can be the owner or one of the recipients * recipient - the user who recieves the shared data.   Whether a non-owner may on-share a shared slot is defined in field `onsharing_permitted`.  Only the owner of the item can set `onsharing_permitted` to `true`. If `onsharing_permitted` is `false`, the recipient may on-share the item, but when that recipient creates an on-share, `onsharing_permitted` in that on-share is forced to be `false`. In other words, the depth of on-sharing in limited to 3:       OWNER ==> RECIPIENT AND SENDER ==>  RECIPIENT    Some shares require that the recipient accepts the terms of the share. Until the terms are not accepted the share DEK is hidden.   Data in slots is initially encrypted with the DEK in field `encrypted_dek`. The DEK in `encrypted_dek` is encrypted with the public key of the share recipient. When processing a share the client application is expected to decrypt the slot data and re-encrypt with the private DEK.  A public key of the recipient is needed to encrypt the share DEK. Updating all shares of the same item is performed by the owner in one go. In a situation when a share has been created by a recipient, not the owner, and there is no connection between the owner and the recipient, the owner has no access to a public key of the recipient. In order to address this problem when a share is created we also add fields `public_key` and `keypair_external_id` from the connection record between the recipient and the sender. `keypair_external_id` identifies the keypair that the public key belongs to.  When a recipient of a share on-shares the data with someone else, nothing prevents him/her to encrypt some other data instead of the original data. We need a way to enforce integrity of on-shares. We do this with help of HMAC - hash-based message authentication code obtained by running a cryptographic hash function over the data and a shared secret key.    Two fields in each slot are used for this purpose: * `encrypted_value_verification_key` - is a value verification key encrypted in the same way as the value itself: with the share DEK * `value_verification_hash` - the result of the HMAC function run on the slot value using `encrypted_value_verification_key`. `value_verification_hash` is stored as-is, unencrypted.   Only the owner of the data may send `value_verification_hash` when creating or updating the share. When other senders create a share, `value_verification_hash` must be `NULL`.  `encrypted_value_verification_key` may and should be sent by every sender, owner or not, because `encrypted_value_verification_key` must be re-encrypted with the share DEK for each share.  If the sender replaces `encrypted_value_verification_key` and/or the slot value, this will break the client-side verification against `encrypted_value_verification_key`. Field `encrypted_value` may be `NULL`. If `encrypted_value` is `NULL`, then `encrypted_value_verification_key` and `value_verification_hash` may also be `NULL`. If `encrypted_value` is present, then `encrypted_value_verification_key` and `value_verification_hash` are mandatory.
      * Share your item with connected users
      */
     itemsIdSharesPostRaw(requestParameters: ItemsIdSharesPostRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<VaultSharesCreateResponse>>;
     /**
-     * Share your item with connected users.  Each share can be a share of all slots of the item, in that case `slot_id` is `NULL`, or it can be a share of just one slot. In this case `slot_id` references one of the slots of the item.  There are 3 users involved in each share:  * owner - the owner of the shared item * sender -  the user who shares data. Can be the owner or one of the recipients * recipient - the user who recieves the shared data.   Whether a non-owner may on-share a shared slot is defined in field `onsharing_permitted`.  Only the owner of the item can set `onsharing_permitted` to `true`. If `onsharing_permitted` is `false`, the recipient may on-share the item, but when that recipient creates an on-share, `onsharing_permitted` in that on-share is forced to be `false`. In other words, the depth of on-sharing in limited to 3:       OWNER ==> RECIPIENT AND SENDER ==>  RECIPIENT    Some shares require that the recipient accepts the terms of the share. Until the terms are not accepted the share DEK is hidden.   Data in slots is initially encrypted with the DEK in field `encrypted_dek`. The DEK in `encrypted_dek` is encrypted with the public key of the share recipient. When processing a share the client application is expected to decrypt the slot data and re-encrypt with the private DEK.  A public key of the recipient is needed to encrypt the share DEK. Updating all shares of the same item is performed by the owner in one go. In a situation when a share has been created by a recipient, not the owner, and there is no connection between the owner and the recipient, the owner has no access to a public key of the recipient. In order to address this problem when a share is created we also add fields `public_key` and `keypair_external_id` from the connection record between the recipient and the sender. `keypair_external_id` identifies the keypair that the public key belongs to.  When a recipient of a share on-shares the data with someone else, nothing prevents him/her to encrypt some other data instead of the original data. We need a way to enforce integrity of on-shares. We do this with help of HMAC - hash-based message authentication code obtained by running a cryptographic hash function over the data and a shared secret key.    Two fields in each slot are used for this purpose: * `encrypted_value_verification_key` - is a value verification key encrypted in the same way as the value itself: with the share DEK * `value_verification_hash` - the result of the HMAC function run on the slot value using `encrypted_value_verification_key`. `value_verification_hash` is stored as-is, unencrypted.   Only the owner of the data may send `encrypted_value_verification_key` when creating or updating the share. When other senders create a share, `encrypted_value_verification_key` must be `NULL`.  `value_verification_hash` may and should be sent by every sender, owner or not, because `value_verification_hash` must be re-encrypted with the share DEK for each share.  If the sender replaces `encrypted_value_verification_key` and/or the slot value, this will break the client-side verification against `encrypted_value_verification_key`. Field `encrypted_value` may be `NULL`. If `encrypted_value` is `NULL`, then `encrypted_value_verification_key` and `value_verification_hash` may also be `NULL`. If `encrypted_value` is present, then `encrypted_value_verification_key` and `value_verification_hash` are mandatory.
+     * Share your item with connected users.  Each share can be a share of all slots of the item, in that case `slot_id` is `NULL`, or it can be a share of just one slot. In this case `slot_id` references one of the slots of the item.  There are 3 users involved in each share:  * owner - the owner of the shared item * sender -  the user who shares data. Can be the owner or one of the recipients * recipient - the user who recieves the shared data.   Whether a non-owner may on-share a shared slot is defined in field `onsharing_permitted`.  Only the owner of the item can set `onsharing_permitted` to `true`. If `onsharing_permitted` is `false`, the recipient may on-share the item, but when that recipient creates an on-share, `onsharing_permitted` in that on-share is forced to be `false`. In other words, the depth of on-sharing in limited to 3:       OWNER ==> RECIPIENT AND SENDER ==>  RECIPIENT    Some shares require that the recipient accepts the terms of the share. Until the terms are not accepted the share DEK is hidden.   Data in slots is initially encrypted with the DEK in field `encrypted_dek`. The DEK in `encrypted_dek` is encrypted with the public key of the share recipient. When processing a share the client application is expected to decrypt the slot data and re-encrypt with the private DEK.  A public key of the recipient is needed to encrypt the share DEK. Updating all shares of the same item is performed by the owner in one go. In a situation when a share has been created by a recipient, not the owner, and there is no connection between the owner and the recipient, the owner has no access to a public key of the recipient. In order to address this problem when a share is created we also add fields `public_key` and `keypair_external_id` from the connection record between the recipient and the sender. `keypair_external_id` identifies the keypair that the public key belongs to.  When a recipient of a share on-shares the data with someone else, nothing prevents him/her to encrypt some other data instead of the original data. We need a way to enforce integrity of on-shares. We do this with help of HMAC - hash-based message authentication code obtained by running a cryptographic hash function over the data and a shared secret key.    Two fields in each slot are used for this purpose: * `encrypted_value_verification_key` - is a value verification key encrypted in the same way as the value itself: with the share DEK * `value_verification_hash` - the result of the HMAC function run on the slot value using `encrypted_value_verification_key`. `value_verification_hash` is stored as-is, unencrypted.   Only the owner of the data may send `value_verification_hash` when creating or updating the share. When other senders create a share, `value_verification_hash` must be `NULL`.  `encrypted_value_verification_key` may and should be sent by every sender, owner or not, because `encrypted_value_verification_key` must be re-encrypted with the share DEK for each share.  If the sender replaces `encrypted_value_verification_key` and/or the slot value, this will break the client-side verification against `encrypted_value_verification_key`. Field `encrypted_value` may be `NULL`. If `encrypted_value` is `NULL`, then `encrypted_value_verification_key` and `value_verification_hash` may also be `NULL`. If `encrypted_value` is present, then `encrypted_value_verification_key` and `value_verification_hash` are mandatory.
      * Share your item with connected users
      */
     itemsIdSharesPost(id: string, meecoDelegationId?: string, meecoOrganisationId?: string, postItemSharesRequest?: PostItemSharesRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<VaultSharesCreateResponse>;
     /**
-     * Updating all shares of one item is done by the item owner in one go.  Before calling this endpoint the client application is expected to retrieve the list of shares IDs and public keys via `GET /items/{id}/shares`.  The POST body of this endpoint contains  * a list of share DEKs encrypted with public keys of share recipients * a list of slot values for each slot and each share, each encrypted with the DEK of the share that the slot belongs to  * Optionally: a list of completed `ClientTask` tasks  When a recipient of a share on-shares the data with someone else, nothing prevents him/her to encrypt some other data instead of the original data. We need a way to enforce integrity of on-shares. We do this with help of HMAC - hash-based message authentication code obtained by running a cryptographic hash function over the data and a shared secret key.    Two fields in each slot are used for this purpose: * `encrypted_value_verification_key` - is a value verification key encrypted in the same way as the value itself: with the share DEK * `value_verification_hash` - the result of the HMAC function run on the slot value using `encrypted_value_verification_key`. `value_verification_hash` is stored as-is, unencrypted.   Only the owner of the data may send `encrypted_value_verification_key` when creating or updating the share. When other senders create a share, `encrypted_value_verification_key` must be `NULL`.  `value_verification_hash` may and should be sent by every sender, owner or not, because `value_verification_hash` must be re-encrypted with the share DEK for each share.  If the sender replaces `encrypted_value_verification_key` and/or the slot value, this will break the client-side verification against `encrypted_value_verification_key`.  Field `encrypted_value` may be `NULL`. If `encrypted_value` is `NULL`, then `encrypted_value_verification_key` and `value_verification_hash` may also be `NULL`. If `encrypted_value` is present, then `encrypted_value_verification_key` and `value_verification_hash` are mandatory.
+     * Updating all shares of one item is done by the item owner in one go.  Before calling this endpoint the client application is expected to retrieve the list of shares IDs and public keys via `GET /items/{id}/shares`.  The POST body of this endpoint contains  * a list of share DEKs encrypted with public keys of share recipients * a list of slot values for each slot and each share, each encrypted with the DEK of the share that the slot belongs to  * Optionally: a list of completed `ClientTask` tasks  When a recipient of a share on-shares the data with someone else, nothing prevents him/her to encrypt some other data instead of the original data. We need a way to enforce integrity of on-shares. We do this with help of HMAC - hash-based message authentication code obtained by running a cryptographic hash function over the data and a shared secret key.    Two fields in each slot are used for this purpose: * `encrypted_value_verification_key` - is a value verification key encrypted in the same way as the value itself: with the share DEK * `value_verification_hash` - the result of the HMAC function run on the slot value using `encrypted_value_verification_key`. `value_verification_hash` is stored as-is, unencrypted.   Only the owner of the data may send `value_verification_hash` when creating or updating the share. When other senders create a share, `value_verification_hash` must be `NULL`.  `encrypted_value_verification_key` may and should be sent by every sender, owner or not, because `encrypted_value_verification_key` must be re-encrypted with the share DEK for each share.  If the sender replaces `encrypted_value_verification_key` and/or the slot value, this will break the client-side verification against `encrypted_value_verification_key`.  Field `encrypted_value` may be `NULL`. If `encrypted_value` is `NULL`, then `encrypted_value_verification_key` and `value_verification_hash` may also be `NULL`. If `encrypted_value` is present, then `encrypted_value_verification_key` and `value_verification_hash` are mandatory.
      * Update all shares of one item
      */
     itemsIdSharesPutRaw(requestParameters: ItemsIdSharesPutRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<ItemSharesUpdateResponse>>;
     /**
-     * Updating all shares of one item is done by the item owner in one go.  Before calling this endpoint the client application is expected to retrieve the list of shares IDs and public keys via `GET /items/{id}/shares`.  The POST body of this endpoint contains  * a list of share DEKs encrypted with public keys of share recipients * a list of slot values for each slot and each share, each encrypted with the DEK of the share that the slot belongs to  * Optionally: a list of completed `ClientTask` tasks  When a recipient of a share on-shares the data with someone else, nothing prevents him/her to encrypt some other data instead of the original data. We need a way to enforce integrity of on-shares. We do this with help of HMAC - hash-based message authentication code obtained by running a cryptographic hash function over the data and a shared secret key.    Two fields in each slot are used for this purpose: * `encrypted_value_verification_key` - is a value verification key encrypted in the same way as the value itself: with the share DEK * `value_verification_hash` - the result of the HMAC function run on the slot value using `encrypted_value_verification_key`. `value_verification_hash` is stored as-is, unencrypted.   Only the owner of the data may send `encrypted_value_verification_key` when creating or updating the share. When other senders create a share, `encrypted_value_verification_key` must be `NULL`.  `value_verification_hash` may and should be sent by every sender, owner or not, because `value_verification_hash` must be re-encrypted with the share DEK for each share.  If the sender replaces `encrypted_value_verification_key` and/or the slot value, this will break the client-side verification against `encrypted_value_verification_key`.  Field `encrypted_value` may be `NULL`. If `encrypted_value` is `NULL`, then `encrypted_value_verification_key` and `value_verification_hash` may also be `NULL`. If `encrypted_value` is present, then `encrypted_value_verification_key` and `value_verification_hash` are mandatory.
+     * Updating all shares of one item is done by the item owner in one go.  Before calling this endpoint the client application is expected to retrieve the list of shares IDs and public keys via `GET /items/{id}/shares`.  The POST body of this endpoint contains  * a list of share DEKs encrypted with public keys of share recipients * a list of slot values for each slot and each share, each encrypted with the DEK of the share that the slot belongs to  * Optionally: a list of completed `ClientTask` tasks  When a recipient of a share on-shares the data with someone else, nothing prevents him/her to encrypt some other data instead of the original data. We need a way to enforce integrity of on-shares. We do this with help of HMAC - hash-based message authentication code obtained by running a cryptographic hash function over the data and a shared secret key.    Two fields in each slot are used for this purpose: * `encrypted_value_verification_key` - is a value verification key encrypted in the same way as the value itself: with the share DEK * `value_verification_hash` - the result of the HMAC function run on the slot value using `encrypted_value_verification_key`. `value_verification_hash` is stored as-is, unencrypted.   Only the owner of the data may send `value_verification_hash` when creating or updating the share. When other senders create a share, `value_verification_hash` must be `NULL`.  `encrypted_value_verification_key` may and should be sent by every sender, owner or not, because `encrypted_value_verification_key` must be re-encrypted with the share DEK for each share.  If the sender replaces `encrypted_value_verification_key` and/or the slot value, this will break the client-side verification against `encrypted_value_verification_key`.  Field `encrypted_value` may be `NULL`. If `encrypted_value` is `NULL`, then `encrypted_value_verification_key` and `value_verification_hash` may also be `NULL`. If `encrypted_value` is present, then `encrypted_value_verification_key` and `value_verification_hash` are mandatory.
      * Update all shares of one item
      */
     itemsIdSharesPut(id: string, meecoDelegationId?: string, meecoOrganisationId?: string, putItemSharesRequest?: PutItemSharesRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<ItemSharesUpdateResponse>;

package/lib/types/apis/VerifiableCredentialsApi.d.ts

@@ -162,12 +162,12 @@ export declare class VerifiableCredentialsApi extends runtime.BaseAPI {
      */
     credentialTypesPost(meecoOrganisationID: string, vCCreateCredentialTypePayloadDto: VCCreateCredentialTypePayloadDto, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<VCCredentialTypeResponseDto>;
     /**
-     * <h4>Requires the following security rights:</h4><ul><li><code>vc:org:manage</code></li></ul><br /><hr /><p>Generates unsigned verifiable credential token in JWT format. Client is expected to sign it with a private key.</p><hr /><p>An example of how credential signing in Javascript:</p><pre><code>import { generateKeyPairFromSeed } from \'@stablelib/ed25519\'; <br />import { EdDSASigner, hexToBytes } from \'did-jwt\'; <br /><br />const key = generateKeyPairFromSeed(hexToBytes(SECRET_HEX)); <br />const signerFn = EdDSASigner(key.secretKey); <br /><br />const signature = await signerFn(unsignedJwt); <br />const vcJwt = [unsignedJwt, signature].join(\'.\');</code></pre><hr /><br /><h4>Issuer property caveat</h4><p>We use <b>openapi-generator</b> to generate Typescript SDK for the given API swagger definition. However, <b>openapi-generator</b> does not support <b>oneOf</b> configuration properly and generates an invalid Typescript SDK. To avoid the problem, swagger defines <b>issuer</b> property only as string for the moment. While in fact, endpoint accepts issuer as an object in format of <code>{id: string; name: string;}</code> as well.</p>
+     * <h4>Requires the following security rights:</h4><ul><li><code>vc:org:manage</code></li></ul><br /><hr /><p>Generates unsigned verifiable credential token in JWT format. Client is expected to sign it with a private key.</p><hr /><p>An example of how credential signing in Javascript:</p><pre><code>import { generateKeyPairFromSeed } from \'@stablelib/ed25519\'; <br />import { EdDSASigner, hexToBytes } from \'did-jwt\'; <br /><br />const key = generateKeyPairFromSeed(hexToBytes(SECRET_HEX)); <br />const signerFn = EdDSASigner(key.secretKey); <br /><br />const signature = await signerFn(unsignedJwt); <br />const vcJwt = [unsignedJwt, signature].join(\'.\');</code></pre><hr /><br /><h4>Issuer property caveat</h4><p>We use <b>openapi-generator</b> to generate Typescript SDK for the given API swagger definition. However, <b>openapi-generator</b> does not support <b>oneOf</b> configuration properly and generates an invalid Typescript SDK. To avoid the problem, swagger defines <b>issuer</b> property only as string for the moment. While in fact, endpoint accepts issuer as an object in format of <code>{id: string; name: string;}</code> as well.</p><br /><h4>Type property caveat</h4><p> <code>Type</code> is required for <code>vc+sd-jwt</code> format and must be a string <br /> however, endpoint accepts <code>Type</code> as an Array of string for <code>JWT VC</code> in format of <code>[\"VerifiableCredential\", \"AlumniCredential\"]</code> as well. <br /></p>
      * Generate credential based on type and claims provided
      */
     credentialsGeneratePostRaw(requestParameters: CredentialsGeneratePostRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<VCUnsignedCredentialResponseDto>>;
     /**
-     * <h4>Requires the following security rights:</h4><ul><li><code>vc:org:manage</code></li></ul><br /><hr /><p>Generates unsigned verifiable credential token in JWT format. Client is expected to sign it with a private key.</p><hr /><p>An example of how credential signing in Javascript:</p><pre><code>import { generateKeyPairFromSeed } from \'@stablelib/ed25519\'; <br />import { EdDSASigner, hexToBytes } from \'did-jwt\'; <br /><br />const key = generateKeyPairFromSeed(hexToBytes(SECRET_HEX)); <br />const signerFn = EdDSASigner(key.secretKey); <br /><br />const signature = await signerFn(unsignedJwt); <br />const vcJwt = [unsignedJwt, signature].join(\'.\');</code></pre><hr /><br /><h4>Issuer property caveat</h4><p>We use <b>openapi-generator</b> to generate Typescript SDK for the given API swagger definition. However, <b>openapi-generator</b> does not support <b>oneOf</b> configuration properly and generates an invalid Typescript SDK. To avoid the problem, swagger defines <b>issuer</b> property only as string for the moment. While in fact, endpoint accepts issuer as an object in format of <code>{id: string; name: string;}</code> as well.</p>
+     * <h4>Requires the following security rights:</h4><ul><li><code>vc:org:manage</code></li></ul><br /><hr /><p>Generates unsigned verifiable credential token in JWT format. Client is expected to sign it with a private key.</p><hr /><p>An example of how credential signing in Javascript:</p><pre><code>import { generateKeyPairFromSeed } from \'@stablelib/ed25519\'; <br />import { EdDSASigner, hexToBytes } from \'did-jwt\'; <br /><br />const key = generateKeyPairFromSeed(hexToBytes(SECRET_HEX)); <br />const signerFn = EdDSASigner(key.secretKey); <br /><br />const signature = await signerFn(unsignedJwt); <br />const vcJwt = [unsignedJwt, signature].join(\'.\');</code></pre><hr /><br /><h4>Issuer property caveat</h4><p>We use <b>openapi-generator</b> to generate Typescript SDK for the given API swagger definition. However, <b>openapi-generator</b> does not support <b>oneOf</b> configuration properly and generates an invalid Typescript SDK. To avoid the problem, swagger defines <b>issuer</b> property only as string for the moment. While in fact, endpoint accepts issuer as an object in format of <code>{id: string; name: string;}</code> as well.</p><br /><h4>Type property caveat</h4><p> <code>Type</code> is required for <code>vc+sd-jwt</code> format and must be a string <br /> however, endpoint accepts <code>Type</code> as an Array of string for <code>JWT VC</code> in format of <code>[\"VerifiableCredential\", \"AlumniCredential\"]</code> as well. <br /></p>
      * Generate credential based on type and claims provided
      */
     credentialsGeneratePost(meecoOrganisationID: string, vCGenerateCredentialPayloadDto: VCGenerateCredentialPayloadDto, accept?: CredentialsGeneratePostAcceptEnum, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<VCUnsignedCredentialResponseDto>;

package/lib/types/models/{ATOMOrgIdAndName.d.ts → ATOMAdministeredArchivedOrg.d.ts}

@@ -12,50 +12,50 @@
 /**
  *
  * @export
- * @interface ATOMOrgIdAndName
+ * @interface ATOMAdministeredArchivedOrg
  */
-export interface ATOMOrgIdAndName {
+export interface ATOMAdministeredArchivedOrg {
     /**
      * The color associated with the tenant. Used for the UI.
      * @type {string}
-     * @memberof ATOMOrgIdAndName
+     * @memberof ATOMAdministeredArchivedOrg
      */
     color: string;
     /**
      * ID of an organisation
      * @type {string}
-     * @memberof ATOMOrgIdAndName
+     * @memberof ATOMAdministeredArchivedOrg
      */
     id: string;
     /**
      * URL to a logo image
      * @type {string}
-     * @memberof ATOMOrgIdAndName
+     * @memberof ATOMAdministeredArchivedOrg
      */
     logo_url: string;
     /**
      * Name of the organisation
      * @type {string}
-     * @memberof ATOMOrgIdAndName
+     * @memberof ATOMAdministeredArchivedOrg
      */
     name: string;
     /**
      *
      * @type {boolean}
-     * @memberof ATOMOrgIdAndName
+     * @memberof ATOMAdministeredArchivedOrg
      */
     tenant_active?: boolean;
     /**
      * ID of the tenant of the organisation
      * @type {string}
-     * @memberof ATOMOrgIdAndName
+     * @memberof ATOMAdministeredArchivedOrg
      */
     tenant_id: string;
 }
 /**
- * Check if a given object implements the ATOMOrgIdAndName interface.
+ * Check if a given object implements the ATOMAdministeredArchivedOrg interface.
  */
-export declare function instanceOfATOMOrgIdAndName(value: object): boolean;
-export declare function ATOMOrgIdAndNameFromJSON(json: any): ATOMOrgIdAndName;
-export declare function ATOMOrgIdAndNameFromJSONTyped(json: any, ignoreDiscriminator: boolean): ATOMOrgIdAndName;
-export declare function ATOMOrgIdAndNameToJSON(value?: ATOMOrgIdAndName | null): any;
+export declare function instanceOfATOMAdministeredArchivedOrg(value: object): boolean;
+export declare function ATOMAdministeredArchivedOrgFromJSON(json: any): ATOMAdministeredArchivedOrg;
+export declare function ATOMAdministeredArchivedOrgFromJSONTyped(json: any, ignoreDiscriminator: boolean): ATOMAdministeredArchivedOrg;
+export declare function ATOMAdministeredArchivedOrgToJSON(value?: ATOMAdministeredArchivedOrg | null): any;

package/lib/types/models/ATOMAdministeredOrg.d.ts

@@ -0,0 +1,67 @@
+/**
+ * SVX API
+ * No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
+ *
+ * The version of the OpenAPI document: 1.3.1
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+/**
+ *
+ * @export
+ * @interface ATOMAdministeredOrg
+ */
+export interface ATOMAdministeredOrg {
+    /**
+     * The color associated with the tenant. Used for the UI.
+     * @type {string}
+     * @memberof ATOMAdministeredOrg
+     */
+    color: string;
+    /**
+     * ID of an organisation
+     * @type {string}
+     * @memberof ATOMAdministeredOrg
+     */
+    id: string;
+    /**
+     * URL to a logo image
+     * @type {string}
+     * @memberof ATOMAdministeredOrg
+     */
+    logo_url: string;
+    /**
+     * Name of the organisation
+     * @type {string}
+     * @memberof ATOMAdministeredOrg
+     */
+    name: string;
+    /**
+     *
+     * @type {boolean}
+     * @memberof ATOMAdministeredOrg
+     */
+    tenant_active?: boolean;
+    /**
+     * ID of the tenant of the organisation
+     * @type {string}
+     * @memberof ATOMAdministeredOrg
+     */
+    tenant_id: string;
+    /**
+     * When the user became an admin of the organisation
+     * @type {Date}
+     * @memberof ATOMAdministeredOrg
+     */
+    user_became_org_admin_at?: Date;
+}
+/**
+ * Check if a given object implements the ATOMAdministeredOrg interface.
+ */
+export declare function instanceOfATOMAdministeredOrg(value: object): boolean;
+export declare function ATOMAdministeredOrgFromJSON(json: any): ATOMAdministeredOrg;
+export declare function ATOMAdministeredOrgFromJSONTyped(json: any, ignoreDiscriminator: boolean): ATOMAdministeredOrg;
+export declare function ATOMAdministeredOrgToJSON(value?: ATOMAdministeredOrg | null): any;

package/lib/types/models/ATOMTenantInJwtForWhoAmI.d.ts

@@ -34,7 +34,7 @@ export interface ATOMTenantInJwtForWhoAmI {
      */
     tenant_name: string | null;
     /**
-     * When the user because an admin of the tenant
+     * When the user became an admin of the tenant
      * @type {Date}
      * @memberof ATOMTenantInJwtForWhoAmI
      */

package/lib/types/models/ATOMWhoAmI.d.ts

@@ -9,7 +9,8 @@
  * https://openapi-generator.tech
  * Do not edit the class manually.
  */
-import type { ATOMOrgIdAndName } from './ATOMOrgIdAndName';
+import type { ATOMAdministeredArchivedOrg } from './ATOMAdministeredArchivedOrg';
+import type { ATOMAdministeredOrg } from './ATOMAdministeredOrg';
 import type { ATOMTenantIdAndName } from './ATOMTenantIdAndName';
 import type { ATOMTenantInJwtForWhoAmI } from './ATOMTenantInJwtForWhoAmI';
 /**
@@ -18,12 +19,24 @@ import type { ATOMTenantInJwtForWhoAmI } from './ATOMTenantInJwtForWhoAmI';
  * @interface ATOMWhoAmI
  */
 export interface ATOMWhoAmI {
+    /**
+     * Names and IDs of the archived organizations the user administered
+     * @type {Array<ATOMAdministeredArchivedOrg>}
+     * @memberof ATOMWhoAmI
+     */
+    administered_archived_orgs?: Array<ATOMAdministeredArchivedOrg>;
+    /**
+     * Names and IDs of the archived tenants the user administered
+     * @type {Array<ATOMTenantIdAndName>}
+     * @memberof ATOMWhoAmI
+     */
+    administered_archived_tenants?: Array<ATOMTenantIdAndName>;
     /**
      * Names and IDs of the organizations the user administers
-     * @type {Array<ATOMOrgIdAndName>}
+     * @type {Array<ATOMAdministeredOrg>}
      * @memberof ATOMWhoAmI
      */
-    administered_orgs: Array<ATOMOrgIdAndName>;
+    administered_orgs: Array<ATOMAdministeredOrg>;
     /**
      * Names and IDs of the tenants the user administers
      * @type {Array<ATOMTenantIdAndName>}

package/lib/types/models/IDPForgotPasswordDto.d.ts

@@ -0,0 +1,31 @@
+/**
+ * SVX API
+ * No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
+ *
+ * The version of the OpenAPI document: 1.3.1
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+/**
+ *
+ * @export
+ * @interface IDPForgotPasswordDto
+ */
+export interface IDPForgotPasswordDto {
+    /**
+     *
+     * @type {string}
+     * @memberof IDPForgotPasswordDto
+     */
+    g_recaptcha_response: string;
+}
+/**
+ * Check if a given object implements the IDPForgotPasswordDto interface.
+ */
+export declare function instanceOfIDPForgotPasswordDto(value: object): boolean;
+export declare function IDPForgotPasswordDtoFromJSON(json: any): IDPForgotPasswordDto;
+export declare function IDPForgotPasswordDtoFromJSONTyped(json: any, ignoreDiscriminator: boolean): IDPForgotPasswordDto;
+export declare function IDPForgotPasswordDtoToJSON(value?: IDPForgotPasswordDto | null): any;

package/lib/types/models/IDPLoginRequestDto.d.ts

@@ -15,6 +15,12 @@
  * @interface IDPLoginRequestDto
  */
 export interface IDPLoginRequestDto {
+    /**
+     *
+     * @type {string}
+     * @memberof IDPLoginRequestDto
+     */
+    g_recaptcha_response: string;
     /**
      *
      * @type {string}

package/lib/types/models/IDPResetPasswordDto.d.ts

@@ -0,0 +1,31 @@
+/**
+ * SVX API
+ * No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
+ *
+ * The version of the OpenAPI document: 1.3.1
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+/**
+ *
+ * @export
+ * @interface IDPResetPasswordDto
+ */
+export interface IDPResetPasswordDto {
+    /**
+     *
+     * @type {string}
+     * @memberof IDPResetPasswordDto
+     */
+    g_recaptcha_response: string;
+}
+/**
+ * Check if a given object implements the IDPResetPasswordDto interface.
+ */
+export declare function instanceOfIDPResetPasswordDto(value: object): boolean;
+export declare function IDPResetPasswordDtoFromJSON(json: any): IDPResetPasswordDto;
+export declare function IDPResetPasswordDtoFromJSONTyped(json: any, ignoreDiscriminator: boolean): IDPResetPasswordDto;
+export declare function IDPResetPasswordDtoToJSON(value?: IDPResetPasswordDto | null): any;

package/lib/types/models/VCClaimsDto.d.ts

@@ -0,0 +1,38 @@
+/**
+ * SVX API
+ * No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
+ *
+ * The version of the OpenAPI document: 1.3.1
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+import type { VCCnfDto } from './VCCnfDto';
+/**
+ *
+ * @export
+ * @interface VCClaimsDto
+ */
+export interface VCClaimsDto {
+    /**
+     *
+     * @type {string}
+     * @memberof VCClaimsDto
+     */
+    id?: string;
+    /**
+     *
+     * @type {VCCnfDto}
+     * @memberof VCClaimsDto
+     */
+    cnf?: VCCnfDto;
+}
+/**
+ * Check if a given object implements the VCClaimsDto interface.
+ */
+export declare function instanceOfVCClaimsDto(value: object): boolean;
+export declare function VCClaimsDtoFromJSON(json: any): VCClaimsDto;
+export declare function VCClaimsDtoFromJSONTyped(json: any, ignoreDiscriminator: boolean): VCClaimsDto;
+export declare function VCClaimsDtoToJSON(value?: VCClaimsDto | null): any;

package/lib/types/models/VCCredentialVerificationResultResponseDto.d.ts

@@ -51,6 +51,7 @@ export declare const VCCredentialVerificationResultResponseDtoChecksEnum: {
     readonly Nonce: "nonce";
     readonly Schema: "schema";
     readonly RevocationStatus: "revocation_status";
+    readonly Constraints: "constraints";
 };
 export type VCCredentialVerificationResultResponseDtoChecksEnum = typeof VCCredentialVerificationResultResponseDtoChecksEnum[keyof typeof VCCredentialVerificationResultResponseDtoChecksEnum];
 /**

package/lib/types/models/VCFieldsDto.d.ts

@@ -9,6 +9,7 @@
  * https://openapi-generator.tech
  * Do not edit the class manually.
  */
+import type { VCFieldsDtoFilter } from './VCFieldsDtoFilter';
 /**
  *
  * @export
@@ -29,10 +30,10 @@ export interface VCFieldsDto {
     purpose?: string;
     /**
      *
-     * @type {object}
+     * @type {VCFieldsDtoFilter}
      * @memberof VCFieldsDto
      */
-    filter?: object;
+    filter?: VCFieldsDtoFilter;
 }
 /**
  * Check if a given object implements the VCFieldsDto interface.