From 5a96fe80db4c4c45e09ad8c613695ee4c2b8e51f Mon Sep 17 00:00:00 2001 From: Amir Cheikh Date: Fri, 19 Sep 2025 11:24:33 -0400 Subject: [PATCH] otpLength and alphanumeric now properly apply --- .changeset/plenty-waves-check.md | 9 ++ .changeset/polite-candles-lick.md | 5 + .../core/src/__generated__/sdk-client-base.ts | 45 ++++++++ .../src/__inputs__/auth_proxy.swagger.json | 50 ++++++++- .../src/__inputs__/public_api.swagger.json | 101 ++++++++++++++++++ .../core/src/__inputs__/public_api.types.ts | 49 +++++++++ .../public/v1/public_api.client.ts | 35 ++++++ .../public/v1/public_api.fetcher.ts | 46 ++++++++ .../public/v1/public_api.swagger.json | 101 ++++++++++++++++++ .../coordinator/public/v1/public_api.types.ts | 49 +++++++++ .../src/components/auth/OTP.tsx | 6 +- .../src/components/auth/index.tsx | 13 +++ .../src/components/user/UpdateEmail.tsx | 8 +- .../src/components/user/UpdatePhoneNumber.tsx | 9 +- .../src/providers/client/Provider.tsx | 49 ++++++++- packages/react-wallet-kit/src/types/base.ts | 6 +- .../src/__generated__/sdk-client-base.ts | 30 ++++++ .../src/__generated__/sdk_api_types.ts | 11 ++ .../src/__inputs__/public_api.swagger.json | 101 ++++++++++++++++++ .../src/__inputs__/public_api.types.ts | 49 +++++++++ .../src/__generated__/sdk-client-base.ts | 25 +++++ .../src/__generated__/sdk_api_types.ts | 11 ++ .../src/__inputs__/public_api.swagger.json | 101 ++++++++++++++++++ .../src/__inputs__/public_api.types.ts | 49 +++++++++ packages/sdk-types/src/__generated__/types.ts | 56 ++++++++++ .../src/__inputs__/auth_proxy.swagger.json | 50 ++++++++- .../src/__inputs__/public_api.swagger.json | 101 ++++++++++++++++++ .../src/__inputs__/public_api.types.ts | 49 +++++++++ 28 files changed, 1205 insertions(+), 9 deletions(-) create mode 100644 .changeset/plenty-waves-check.md create mode 100644 .changeset/polite-candles-lick.md diff --git a/.changeset/plenty-waves-check.md b/.changeset/plenty-waves-check.md new file mode 100644 index 000000000..a9a45a673 --- /dev/null +++ b/.changeset/plenty-waves-check.md @@ -0,0 +1,9 @@ +--- +"@turnkey/sdk-browser": patch +"@turnkey/sdk-server": patch +"@turnkey/sdk-types": patch +"@turnkey/core": patch +"@turnkey/http": patch +--- + +- Synced api with mono diff --git a/.changeset/polite-candles-lick.md b/.changeset/polite-candles-lick.md new file mode 100644 index 000000000..57b5e9b33 --- /dev/null +++ b/.changeset/polite-candles-lick.md @@ -0,0 +1,5 @@ +--- +"@turnkey/react-wallet-kit": patch +--- + +- otpLength and alphanumeric settings now properly apply from dashboard diff --git a/packages/core/src/__generated__/sdk-client-base.ts b/packages/core/src/__generated__/sdk-client-base.ts index cd6c96aed..ec6e91a79 100644 --- a/packages/core/src/__generated__/sdk-client-base.ts +++ b/packages/core/src/__generated__/sdk-client-base.ts @@ -1145,6 +1145,51 @@ export class TurnkeySDKClientBase { }; }; + getAppProofs = async ( + input: SdkTypes.TGetAppProofsBody, + stampWith?: StamperType, + ): Promise => { + const session = await this.storageManager?.getActiveSession(); + return this.request( + "/public/v1/query/list_app_proofs", + { + ...input, + organizationId: + input.organizationId ?? + session?.organizationId ?? + this.config.organizationId, + }, + stampWith, + ); + }; + + stampGetAppProofs = async ( + input: SdkTypes.TGetAppProofsBody, + stampWith?: StamperType, + ): Promise => { + const activeStamper = this.getStamper(stampWith); + if (!activeStamper) { + return undefined; + } + + const { organizationId, ...parameters } = input; + + const fullUrl = this.config.apiBaseUrl + "/public/v1/query/list_app_proofs"; + const bodyWithType = { + parameters, + organizationId, + type: "ACTIVITY_TYPE_GET_APP_PROOFS", + }; + + const stringifiedBody = JSON.stringify(bodyWithType); + const stamp = await activeStamper.stamp(stringifiedBody); + return { + body: stringifiedBody, + stamp: stamp, + url: fullUrl, + }; + }; + listOauth2Credentials = async ( input: SdkTypes.TListOauth2CredentialsBody, stampWith?: StamperType, diff --git a/packages/core/src/__inputs__/auth_proxy.swagger.json b/packages/core/src/__inputs__/auth_proxy.swagger.json index c8c471d51..ad7bad980 100644 --- a/packages/core/src/__inputs__/auth_proxy.swagger.json +++ b/packages/core/src/__inputs__/auth_proxy.swagger.json @@ -490,6 +490,12 @@ "type": "string", "description": "OAuth redirect URL to be used for social login flows.", "title": "OAuth Redirect URL" + }, + "otpAlphanumeric": { + "type": "boolean" + }, + "otpLength": { + "type": "string" } }, "required": [ @@ -582,6 +588,10 @@ "invalidateExisting": { "type": "boolean", "description": "Invalidate all other previously generated Login API keys" + }, + "organizationId": { + "type": "string", + "description": "Unique identifier for a given Organization. If provided, this organization id will be used directly. If omitted, uses the OIDC token to look up the associated organization id." } }, "required": ["oidcToken", "publicKey"] @@ -628,6 +638,14 @@ "invalidateExisting": { "type": "boolean", "description": "Invalidate all other previously generated Login API keys" + }, + "organizationId": { + "type": "string", + "description": "Unique identifier for a given Organization. If provided, this organization id will be used directly. If omitted, uses the verification token to look up the verified sub-organization based on the contact and verification type." + }, + "clientSignature": { + "type": "string", + "description": "Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step." } }, "required": ["verificationToken", "publicKey"] @@ -703,9 +721,19 @@ "properties": { "organizationId": { "type": "string" + }, + "wallet": { + "$ref": "#/definitions/v1WalletResult", + "description": "Wallet created for the sub-organization, if provided in the request", + "title": "Wallet" + }, + "userId": { + "type": "string", + "description": "Root user ID created for this sub-organization", + "title": "User ID" } }, - "required": ["organizationId"] + "required": ["organizationId", "userId"] }, "v1VerifyOtpRequest": { "type": "object", @@ -717,6 +745,10 @@ "otpCode": { "type": "string", "description": "OTP sent out to a user's contact (email or SMS)" + }, + "publicKey": { + "type": "string", + "description": "Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature" } }, "required": ["otpId", "otpCode"] @@ -775,6 +807,22 @@ } }, "required": ["walletName", "accounts"] + }, + "v1WalletResult": { + "type": "object", + "properties": { + "walletId": { + "type": "string" + }, + "addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of account addresses." + } + }, + "required": ["walletId", "addresses"] } } } diff --git a/packages/core/src/__inputs__/public_api.swagger.json b/packages/core/src/__inputs__/public_api.swagger.json index 54b8cc154..fbe698888 100644 --- a/packages/core/src/__inputs__/public_api.swagger.json +++ b/packages/core/src/__inputs__/public_api.swagger.json @@ -708,6 +708,38 @@ "tags": ["Activities"] } }, + "/public/v1/query/list_app_proofs": { + "post": { + "summary": "List app proofs for an activity", + "description": "List the app proofs for the given activity.", + "operationId": "PublicApiService_GetAppProofs", + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v1GetAppProofsResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/rpcStatus" + } + } + }, + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1GetAppProofsRequest" + } + } + ], + "tags": ["App Proof"] + } + }, "/public/v1/query/list_oauth2_credentials": { "post": { "summary": "List OAuth 2.0 Credentials", @@ -3709,6 +3741,14 @@ }, "description": "A list of objects representing a particular User's approval or rejection of a Consensus request, including all relevant metadata." }, + "appProofs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/v1AppProof" + }, + "description": "A list of app proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations." + }, "fingerprint": { "type": "string", "description": "An artifact verifying a User's action." @@ -4007,6 +4047,28 @@ }, "required": ["userName", "userTags", "apiKeys"] }, + "v1AppProof": { + "type": "object", + "properties": { + "scheme": { + "$ref": "#/definitions/v1SignatureScheme", + "description": "Scheme of signing key." + }, + "publicKey": { + "type": "string", + "description": "Ephemeral public key." + }, + "proofPayload": { + "type": "string", + "description": "JSON serialized AppProofPayload." + }, + "signature": { + "type": "string", + "description": "Signature over hashed proof_payload." + } + }, + "required": ["scheme", "publicKey", "proofPayload", "signature"] + }, "v1ApproveActivityIntent": { "type": "object", "properties": { @@ -7023,6 +7085,33 @@ }, "required": ["apiKeys"] }, + "v1GetAppProofsRequest": { + "type": "object", + "properties": { + "organizationId": { + "type": "string", + "description": "Unique identifier for a given Organization." + }, + "activityId": { + "type": "string", + "description": "Unique identifier for a given activity." + } + }, + "required": ["organizationId", "activityId"] + }, + "v1GetAppProofsResponse": { + "type": "object", + "properties": { + "appProofs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/v1AppProof" + } + } + }, + "required": ["appProofs"] + }, "v1GetAttestationDocumentRequest": { "type": "object", "properties": { @@ -9189,6 +9278,10 @@ "invalidateExisting": { "type": "boolean", "description": "Invalidate all other previously generated Login API keys" + }, + "clientSignature": { + "type": "string", + "description": "Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step." } }, "required": ["verificationToken", "publicKey"] @@ -10267,6 +10360,10 @@ }, "required": ["signedTransaction"] }, + "v1SignatureScheme": { + "type": "string", + "enum": ["SIGNATURE_SCHEME_EPHEMERAL_KEY_P256"] + }, "v1SimpleClientExtensionResults": { "type": "object", "properties": { @@ -11328,6 +11425,10 @@ "expirationSeconds": { "type": "string", "description": "Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours)" + }, + "publicKey": { + "type": "string", + "description": "Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature" } }, "required": ["otpId", "otpCode"] diff --git a/packages/core/src/__inputs__/public_api.types.ts b/packages/core/src/__inputs__/public_api.types.ts index d9e50642a..910d62e81 100644 --- a/packages/core/src/__inputs__/public_api.types.ts +++ b/packages/core/src/__inputs__/public_api.types.ts @@ -84,6 +84,10 @@ export type paths = { /** List all activities within an organization. */ post: operations["PublicApiService_GetActivities"]; }; + "/public/v1/query/list_app_proofs": { + /** List the app proofs for the given activity. */ + post: operations["PublicApiService_GetAppProofs"]; + }; "/public/v1/query/list_oauth2_credentials": { /** List all OAuth 2.0 credentials within an organization. */ post: operations["PublicApiService_ListOauth2Credentials"]; @@ -568,6 +572,8 @@ export type definitions = { result: definitions["v1Result"]; /** @description A list of objects representing a particular User's approval or rejection of a Consensus request, including all relevant metadata. */ votes: definitions["v1Vote"][]; + /** @description A list of app proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations. */ + appProofs?: definitions["v1AppProof"][]; /** @description An artifact verifying a User's action. */ fingerprint: string; canApprove: boolean; @@ -770,6 +776,16 @@ export type definitions = { /** @description A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: definitions["apiApiKeyParams"][]; }; + v1AppProof: { + /** @description Scheme of signing key. */ + scheme: definitions["v1SignatureScheme"]; + /** @description Ephemeral public key. */ + publicKey: string; + /** @description JSON serialized AppProofPayload. */ + proofPayload: string; + /** @description Signature over hashed proof_payload. */ + signature: string; + }; v1ApproveActivityIntent: { /** @description An artifact verifying a User's action. */ fingerprint: string; @@ -1994,6 +2010,15 @@ export type definitions = { /** @description A list of API keys. */ apiKeys: definitions["v1ApiKey"][]; }; + v1GetAppProofsRequest: { + /** @description Unique identifier for a given Organization. */ + organizationId: string; + /** @description Unique identifier for a given activity. */ + activityId: string; + }; + v1GetAppProofsResponse: { + appProofs: definitions["v1AppProof"][]; + }; v1GetAttestationDocumentRequest: { /** @description Unique identifier for a given organization. */ organizationId: string; @@ -2853,6 +2878,8 @@ export type definitions = { expirationSeconds?: string; /** @description Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; + /** @description Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step. */ + clientSignature?: string; }; v1OtpLoginRequest: { /** @enum {string} */ @@ -3250,6 +3277,8 @@ export type definitions = { v1SignTransactionResult: { signedTransaction: string; }; + /** @enum {string} */ + v1SignatureScheme: "SIGNATURE_SCHEME_EPHEMERAL_KEY_P256"; v1SimpleClientExtensionResults: { appid?: boolean; appidExclude?: boolean; @@ -3684,6 +3713,8 @@ export type definitions = { otpCode: string; /** @description Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours) */ expirationSeconds?: string; + /** @description Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature */ + publicKey?: string; }; v1VerifyOtpRequest: { /** @enum {string} */ @@ -4171,6 +4202,24 @@ export type operations = { }; }; }; + /** List the app proofs for the given activity. */ + PublicApiService_GetAppProofs: { + parameters: { + body: { + body: definitions["v1GetAppProofsRequest"]; + }; + }; + responses: { + /** A successful response. */ + 200: { + schema: definitions["v1GetAppProofsResponse"]; + }; + /** An unexpected error response. */ + default: { + schema: definitions["rpcStatus"]; + }; + }; + }; /** List all OAuth 2.0 credentials within an organization. */ PublicApiService_ListOauth2Credentials: { parameters: { diff --git a/packages/http/src/__generated__/services/coordinator/public/v1/public_api.client.ts b/packages/http/src/__generated__/services/coordinator/public/v1/public_api.client.ts index de64ec75f..f136373ca 100644 --- a/packages/http/src/__generated__/services/coordinator/public/v1/public_api.client.ts +++ b/packages/http/src/__generated__/services/coordinator/public/v1/public_api.client.ts @@ -77,6 +77,10 @@ import type { TGetActivitiesBody, TGetActivitiesResponse, } from "./public_api.fetcher"; +import type { + TGetAppProofsBody, + TGetAppProofsResponse, +} from "./public_api.fetcher"; import type { TListOauth2CredentialsBody, TListOauth2CredentialsResponse, @@ -1030,6 +1034,37 @@ export class TurnkeyClient { }; }; + /** + * List the app proofs for the given activity. + * + * Sign the provided `TGetAppProofsBody` with the client's `stamp` function, and submit the request (POST /public/v1/query/list_app_proofs). + * + * See also {@link stampGetAppProofs}. + */ + getAppProofs = async ( + input: TGetAppProofsBody, + ): Promise => { + return this.request("/public/v1/query/list_app_proofs", input); + }; + + /** + * Produce a `SignedRequest` from `TGetAppProofsBody` by using the client's `stamp` function. + * + * See also {@link GetAppProofs}. + */ + stampGetAppProofs = async ( + input: TGetAppProofsBody, + ): Promise => { + const fullUrl = this.config.baseUrl + "/public/v1/query/list_app_proofs"; + const body = JSON.stringify(input); + const stamp = await this.stamper.stamp(body); + return { + body: body, + stamp: stamp, + url: fullUrl, + }; + }; + /** * List all OAuth 2.0 credentials within an organization. * diff --git a/packages/http/src/__generated__/services/coordinator/public/v1/public_api.fetcher.ts b/packages/http/src/__generated__/services/coordinator/public/v1/public_api.fetcher.ts index fe2e6964f..3c9a32f11 100644 --- a/packages/http/src/__generated__/services/coordinator/public/v1/public_api.fetcher.ts +++ b/packages/http/src/__generated__/services/coordinator/public/v1/public_api.fetcher.ts @@ -995,6 +995,52 @@ export const signGetActivities = ( options, }); +/** + * `POST /public/v1/query/list_app_proofs` + */ +export type TGetAppProofsResponse = + operations["PublicApiService_GetAppProofs"]["responses"]["200"]["schema"]; + +/** + * `POST /public/v1/query/list_app_proofs` + */ +export type TGetAppProofsInput = { body: TGetAppProofsBody }; + +/** + * `POST /public/v1/query/list_app_proofs` + */ +export type TGetAppProofsBody = + operations["PublicApiService_GetAppProofs"]["parameters"]["body"]["body"]; + +/** + * List app proofs for an activity + * + * List the app proofs for the given activity. + * + * `POST /public/v1/query/list_app_proofs` + */ +export const getAppProofs = (input: TGetAppProofsInput) => + request({ + uri: "/public/v1/query/list_app_proofs", + method: "POST", + body: input.body, + }); + +/** + * Request a WebAuthn assertion and return a signed `GetAppProofs` request, ready to be POSTed to Turnkey. + * + * See {@link GetAppProofs} + */ +export const signGetAppProofs = ( + input: TGetAppProofsInput, + options?: TurnkeyCredentialRequestOptions, +) => + signedRequest({ + uri: "/public/v1/query/list_app_proofs", + body: input.body, + options, + }); + /** * `POST /public/v1/query/list_oauth2_credentials` */ diff --git a/packages/http/src/__generated__/services/coordinator/public/v1/public_api.swagger.json b/packages/http/src/__generated__/services/coordinator/public/v1/public_api.swagger.json index 54b8cc154..fbe698888 100644 --- a/packages/http/src/__generated__/services/coordinator/public/v1/public_api.swagger.json +++ b/packages/http/src/__generated__/services/coordinator/public/v1/public_api.swagger.json @@ -708,6 +708,38 @@ "tags": ["Activities"] } }, + "/public/v1/query/list_app_proofs": { + "post": { + "summary": "List app proofs for an activity", + "description": "List the app proofs for the given activity.", + "operationId": "PublicApiService_GetAppProofs", + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v1GetAppProofsResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/rpcStatus" + } + } + }, + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1GetAppProofsRequest" + } + } + ], + "tags": ["App Proof"] + } + }, "/public/v1/query/list_oauth2_credentials": { "post": { "summary": "List OAuth 2.0 Credentials", @@ -3709,6 +3741,14 @@ }, "description": "A list of objects representing a particular User's approval or rejection of a Consensus request, including all relevant metadata." }, + "appProofs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/v1AppProof" + }, + "description": "A list of app proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations." + }, "fingerprint": { "type": "string", "description": "An artifact verifying a User's action." @@ -4007,6 +4047,28 @@ }, "required": ["userName", "userTags", "apiKeys"] }, + "v1AppProof": { + "type": "object", + "properties": { + "scheme": { + "$ref": "#/definitions/v1SignatureScheme", + "description": "Scheme of signing key." + }, + "publicKey": { + "type": "string", + "description": "Ephemeral public key." + }, + "proofPayload": { + "type": "string", + "description": "JSON serialized AppProofPayload." + }, + "signature": { + "type": "string", + "description": "Signature over hashed proof_payload." + } + }, + "required": ["scheme", "publicKey", "proofPayload", "signature"] + }, "v1ApproveActivityIntent": { "type": "object", "properties": { @@ -7023,6 +7085,33 @@ }, "required": ["apiKeys"] }, + "v1GetAppProofsRequest": { + "type": "object", + "properties": { + "organizationId": { + "type": "string", + "description": "Unique identifier for a given Organization." + }, + "activityId": { + "type": "string", + "description": "Unique identifier for a given activity." + } + }, + "required": ["organizationId", "activityId"] + }, + "v1GetAppProofsResponse": { + "type": "object", + "properties": { + "appProofs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/v1AppProof" + } + } + }, + "required": ["appProofs"] + }, "v1GetAttestationDocumentRequest": { "type": "object", "properties": { @@ -9189,6 +9278,10 @@ "invalidateExisting": { "type": "boolean", "description": "Invalidate all other previously generated Login API keys" + }, + "clientSignature": { + "type": "string", + "description": "Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step." } }, "required": ["verificationToken", "publicKey"] @@ -10267,6 +10360,10 @@ }, "required": ["signedTransaction"] }, + "v1SignatureScheme": { + "type": "string", + "enum": ["SIGNATURE_SCHEME_EPHEMERAL_KEY_P256"] + }, "v1SimpleClientExtensionResults": { "type": "object", "properties": { @@ -11328,6 +11425,10 @@ "expirationSeconds": { "type": "string", "description": "Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours)" + }, + "publicKey": { + "type": "string", + "description": "Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature" } }, "required": ["otpId", "otpCode"] diff --git a/packages/http/src/__generated__/services/coordinator/public/v1/public_api.types.ts b/packages/http/src/__generated__/services/coordinator/public/v1/public_api.types.ts index d9e50642a..910d62e81 100644 --- a/packages/http/src/__generated__/services/coordinator/public/v1/public_api.types.ts +++ b/packages/http/src/__generated__/services/coordinator/public/v1/public_api.types.ts @@ -84,6 +84,10 @@ export type paths = { /** List all activities within an organization. */ post: operations["PublicApiService_GetActivities"]; }; + "/public/v1/query/list_app_proofs": { + /** List the app proofs for the given activity. */ + post: operations["PublicApiService_GetAppProofs"]; + }; "/public/v1/query/list_oauth2_credentials": { /** List all OAuth 2.0 credentials within an organization. */ post: operations["PublicApiService_ListOauth2Credentials"]; @@ -568,6 +572,8 @@ export type definitions = { result: definitions["v1Result"]; /** @description A list of objects representing a particular User's approval or rejection of a Consensus request, including all relevant metadata. */ votes: definitions["v1Vote"][]; + /** @description A list of app proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations. */ + appProofs?: definitions["v1AppProof"][]; /** @description An artifact verifying a User's action. */ fingerprint: string; canApprove: boolean; @@ -770,6 +776,16 @@ export type definitions = { /** @description A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: definitions["apiApiKeyParams"][]; }; + v1AppProof: { + /** @description Scheme of signing key. */ + scheme: definitions["v1SignatureScheme"]; + /** @description Ephemeral public key. */ + publicKey: string; + /** @description JSON serialized AppProofPayload. */ + proofPayload: string; + /** @description Signature over hashed proof_payload. */ + signature: string; + }; v1ApproveActivityIntent: { /** @description An artifact verifying a User's action. */ fingerprint: string; @@ -1994,6 +2010,15 @@ export type definitions = { /** @description A list of API keys. */ apiKeys: definitions["v1ApiKey"][]; }; + v1GetAppProofsRequest: { + /** @description Unique identifier for a given Organization. */ + organizationId: string; + /** @description Unique identifier for a given activity. */ + activityId: string; + }; + v1GetAppProofsResponse: { + appProofs: definitions["v1AppProof"][]; + }; v1GetAttestationDocumentRequest: { /** @description Unique identifier for a given organization. */ organizationId: string; @@ -2853,6 +2878,8 @@ export type definitions = { expirationSeconds?: string; /** @description Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; + /** @description Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step. */ + clientSignature?: string; }; v1OtpLoginRequest: { /** @enum {string} */ @@ -3250,6 +3277,8 @@ export type definitions = { v1SignTransactionResult: { signedTransaction: string; }; + /** @enum {string} */ + v1SignatureScheme: "SIGNATURE_SCHEME_EPHEMERAL_KEY_P256"; v1SimpleClientExtensionResults: { appid?: boolean; appidExclude?: boolean; @@ -3684,6 +3713,8 @@ export type definitions = { otpCode: string; /** @description Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours) */ expirationSeconds?: string; + /** @description Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature */ + publicKey?: string; }; v1VerifyOtpRequest: { /** @enum {string} */ @@ -4171,6 +4202,24 @@ export type operations = { }; }; }; + /** List the app proofs for the given activity. */ + PublicApiService_GetAppProofs: { + parameters: { + body: { + body: definitions["v1GetAppProofsRequest"]; + }; + }; + responses: { + /** A successful response. */ + 200: { + schema: definitions["v1GetAppProofsResponse"]; + }; + /** An unexpected error response. */ + default: { + schema: definitions["rpcStatus"]; + }; + }; + }; /** List all OAuth 2.0 credentials within an organization. */ PublicApiService_ListOauth2Credentials: { parameters: { diff --git a/packages/react-wallet-kit/src/components/auth/OTP.tsx b/packages/react-wallet-kit/src/components/auth/OTP.tsx index b1df9a61f..3970a3568 100644 --- a/packages/react-wallet-kit/src/components/auth/OTP.tsx +++ b/packages/react-wallet-kit/src/components/auth/OTP.tsx @@ -13,8 +13,8 @@ interface OtpVerificationProps { contact: string; otpId: string; otpType: OtpType; - otpLength?: number; - alphanumeric?: boolean; + otpLength?: number | undefined; // Length of the OTP code. Defaults to 6. + alphanumeric?: boolean | undefined; // Whether the OTP is alphanumeric or numeric only. Defaults to true (alphanumeric). formattedContact?: string; // Optional formatted contact for display purposes sessionKey?: string; // Optional sessionKey for multisession onContinue?: (optCode: string) => Promise; // Optional callback for continue action @@ -62,7 +62,7 @@ export function OtpVerification(props: OtpVerificationProps) { const niceError = (error as TurnkeyError).code === TurnkeyErrorCodes.INVALID_OTP_CODE ? "Invalid OTP code" - : "An error has occurred"; // eek! maybe this is bad! + : "An error has occurred"; setError(niceError); shakeInput(); throw new Error(`Error completing OTP: ${error}`); diff --git a/packages/react-wallet-kit/src/components/auth/index.tsx b/packages/react-wallet-kit/src/components/auth/index.tsx index 1a63b205d..5a10537bc 100644 --- a/packages/react-wallet-kit/src/components/auth/index.tsx +++ b/packages/react-wallet-kit/src/components/auth/index.tsx @@ -79,6 +79,12 @@ export function AuthComponent({ contact={email} otpId={otpId} otpType={OtpType.Email} + otpLength={ + config.auth?.otpLength !== undefined + ? Number(config.auth.otpLength) + : undefined + } + alphanumeric={config.auth?.otpAlphanumeric} {...(sessionKey && { sessionKey })} /> ), @@ -104,6 +110,13 @@ export function AuthComponent({ formattedContact={formattedPhone} otpId={otpId} otpType={OtpType.Sms} + otpLength={ + config.auth?.otpLength !== undefined + ? Number(config.auth.otpLength) + : undefined + } + alphanumeric={config.auth?.otpAlphanumeric} + {...(sessionKey && { sessionKey })} /> ), showTitle: false, diff --git a/packages/react-wallet-kit/src/components/user/UpdateEmail.tsx b/packages/react-wallet-kit/src/components/user/UpdateEmail.tsx index ea4c2b6fd..9472d6f7c 100644 --- a/packages/react-wallet-kit/src/components/user/UpdateEmail.tsx +++ b/packages/react-wallet-kit/src/components/user/UpdateEmail.tsx @@ -28,7 +28,7 @@ export function UpdateEmail(params: { stampWith, userId, } = params; - const { user, updateUserEmail, initOtp, verifyOtp } = useTurnkey(); + const { config, user, updateUserEmail, initOtp, verifyOtp } = useTurnkey(); const { isMobile, pushPage, closeModal } = useModal(); const email = user?.userEmail || ""; const [emailInput, setEmailInput] = useState(email); @@ -53,6 +53,12 @@ export function UpdateEmail(params: { contact={emailInput} otpId={otpId} otpType={OtpType.Email} + otpLength={ + config?.auth?.otpLength !== undefined + ? Number(config.auth.otpLength) + : undefined + } + alphanumeric={config?.auth?.otpAlphanumeric} onContinue={async (otpCode: string) => { const { verificationToken } = await verifyOtp({ otpId, diff --git a/packages/react-wallet-kit/src/components/user/UpdatePhoneNumber.tsx b/packages/react-wallet-kit/src/components/user/UpdatePhoneNumber.tsx index e09751f59..032414509 100644 --- a/packages/react-wallet-kit/src/components/user/UpdatePhoneNumber.tsx +++ b/packages/react-wallet-kit/src/components/user/UpdatePhoneNumber.tsx @@ -20,7 +20,8 @@ export function UpdatePhoneNumber(params: { subTitle?: string; stampWith?: StamperType | undefined; }) { - const { user, initOtp, verifyOtp, updateUserPhoneNumber } = useTurnkey(); + const { config, user, initOtp, verifyOtp, updateUserPhoneNumber } = + useTurnkey(); const { isMobile, pushPage, closeModal } = useModal(); const phone = user?.userPhoneNumber || ""; const [phoneInput, setPhoneInput] = useState(phone); @@ -52,6 +53,12 @@ export function UpdatePhoneNumber(params: { {...(formattedPhone && { formattedPhone })} otpId={otpId} otpType={OtpType.Sms} + otpLength={ + config?.auth?.otpLength !== undefined + ? Number(config.auth.otpLength) + : undefined + } + alphanumeric={config?.auth?.otpAlphanumeric} onContinue={async (otpCode: string) => { const { verificationToken } = await verifyOtp({ otpId, diff --git a/packages/react-wallet-kit/src/providers/client/Provider.tsx b/packages/react-wallet-kit/src/providers/client/Provider.tsx index cba88f308..30c78a929 100644 --- a/packages/react-wallet-kit/src/providers/client/Provider.tsx +++ b/packages/react-wallet-kit/src/providers/client/Provider.tsx @@ -618,12 +618,36 @@ export const ClientProvider: React.FC = ({ "socials" | "email" | "sms" | "passkey" | "wallet" >); + // Warn if they are trying to set auth proxy only settings directly + if (config.auth?.sessionExpirationSeconds) { + console.warn( + "Turnkey SDK warning. You have set sessionExpirationSeconds directly in the TurnkeyProvider. This setting will be ignored because you are using an auth proxy. Please configure session expiration in the Turnkey dashboard.", + ); + } + if (config.auth?.otpAlphanumeric !== undefined) { + console.warn( + "Turnkey SDK warning. You have set otpAlphanumeric directly in the TurnkeyProvider. This setting will be ignored because you are using an auth proxy. Please configure OTP settings in the Turnkey dashboard.", + ); + } + if (config.auth?.otpLength) { + console.warn( + "Turnkey SDK warning. You have set otpLength directly in the TurnkeyProvider. This setting will be ignored because you are using an auth proxy. Please configure OTP settings in the Turnkey dashboard.", + ); + } + // These are settings that can only be set via the auth proxy config + const authProxyOnlySettings = { + sessionExpirationSeconds: proxyAuthConfig?.sessionExpirationSeconds, + otpAlphanumeric: proxyAuthConfig?.otpAlphanumeric ?? true, // This fallback will never be hit. This is purely for the tests to pass before mono is released + otpLength: proxyAuthConfig?.otpLength ?? "6", // This fallback will never be hit. This is purely for the tests to pass before mono is released + }; + return { ...config, // Overrides: auth: { ...config.auth, + ...authProxyOnlySettings, methods: resolvedMethods, oauthConfig: { ...config.auth?.oauthConfig, @@ -636,7 +660,6 @@ export const ClientProvider: React.FC = ({ ? true : config.auth?.oauthConfig?.openOauthInPage, }, - sessionExpirationSeconds: proxyAuthConfig?.sessionExpirationSeconds, methodOrder, oauthOrder, autoRefreshSession: config.auth?.autoRefreshSession ?? true, @@ -4041,6 +4064,12 @@ export const ClientProvider: React.FC = ({ otpType={OtpType.Sms} contact={params.phoneNumber!} otpId={otpId} + otpLength={ + masterConfig.auth?.otpLength !== undefined + ? Number(masterConfig.auth.otpLength) + : undefined + } + alphanumeric={masterConfig.auth?.otpAlphanumeric} onContinue={async (otpCode: string) => { try { const { verificationToken } = await verifyOtp({ @@ -4183,6 +4212,12 @@ export const ClientProvider: React.FC = ({ otpType={OtpType.Email} contact={params.email!} otpId={otpId} + otpLength={ + masterConfig?.auth?.otpLength !== undefined + ? Number(masterConfig.auth.otpLength) + : undefined + } + alphanumeric={masterConfig?.auth?.otpAlphanumeric} onContinue={async (otpCode: string) => { try { const { verificationToken } = await verifyOtp({ @@ -4324,6 +4359,12 @@ export const ClientProvider: React.FC = ({ otpType={OtpType.Email} contact={params.email!} otpId={otpId} + otpLength={ + masterConfig?.auth?.otpLength !== undefined + ? Number(masterConfig.auth.otpLength) + : undefined + } + alphanumeric={masterConfig?.auth?.otpAlphanumeric} onContinue={async (otpCode: string) => { try { const { verificationToken } = await verifyOtp({ @@ -4483,6 +4524,12 @@ export const ClientProvider: React.FC = ({ otpType={OtpType.Sms} contact={params.phoneNumber!} otpId={otpId} + otpLength={ + masterConfig.auth?.otpLength !== undefined + ? Number(masterConfig.auth.otpLength) + : undefined + } + alphanumeric={masterConfig?.auth?.otpAlphanumeric} onContinue={async (otpCode: string) => { try { const { verificationToken } = await verifyOtp({ diff --git a/packages/react-wallet-kit/src/types/base.ts b/packages/react-wallet-kit/src/types/base.ts index 0ed022e1a..f97f1a5a7 100644 --- a/packages/react-wallet-kit/src/types/base.ts +++ b/packages/react-wallet-kit/src/types/base.ts @@ -76,8 +76,12 @@ export interface TurnkeyProviderConfig extends TurnkeySDKClientConfig { /** whether to open OAuth in the same page. Always true on mobile. */ openOauthInPage?: boolean; }; - /** session expiration time in seconds. */ + /** session expiration time in seconds. If using the auth proxy, you must configure this setting through the dashboard. Changing this through the TurnkeyProvider will have no effect. */ sessionExpirationSeconds?: string; + /** If otp sent will be alphanumeric. If using the auth proxy, you must configure this setting through the dashboard. Changing this through the TurnkeyProvider will have no effect. */ + otpAlphanumeric?: boolean; + /** length of the OTP. If using the auth proxy, you must configure this setting through the dashboard. Changing this through the TurnkeyProvider will have no effect. */ + otpLength?: string; /** parameters for creating a sub-organization for each authentication method. */ createSuborgParams?: { /** parameters for email OTP authentication. */ diff --git a/packages/sdk-browser/src/__generated__/sdk-client-base.ts b/packages/sdk-browser/src/__generated__/sdk-client-base.ts index 927afc976..3a322a729 100644 --- a/packages/sdk-browser/src/__generated__/sdk-client-base.ts +++ b/packages/sdk-browser/src/__generated__/sdk-client-base.ts @@ -762,6 +762,36 @@ export class TurnkeySDKClientBase { }; }; + getAppProofs = async ( + input: SdkApiTypes.TGetAppProofsBody, + ): Promise => { + let session = await getStorageValue(StorageKeys.Session); + session = parseSession(session!); + return this.request("/public/v1/query/list_app_proofs", { + ...input, + organizationId: + input.organizationId ?? + session?.organizationId ?? + this.config.organizationId, + }); + }; + + stampGetAppProofs = async ( + input: SdkApiTypes.TGetAppProofsBody, + ): Promise => { + if (!this.stamper) { + return undefined; + } + const fullUrl = this.config.apiBaseUrl + "/public/v1/query/list_app_proofs"; + const body = JSON.stringify(input); + const stamp = await this.stamper.stamp(body); + return { + body: body, + stamp: stamp, + url: fullUrl, + }; + }; + listOauth2Credentials = async ( input: SdkApiTypes.TListOauth2CredentialsBody, ): Promise => { diff --git a/packages/sdk-browser/src/__generated__/sdk_api_types.ts b/packages/sdk-browser/src/__generated__/sdk_api_types.ts index fe09a4b79..baae0b97e 100644 --- a/packages/sdk-browser/src/__generated__/sdk_api_types.ts +++ b/packages/sdk-browser/src/__generated__/sdk_api_types.ts @@ -233,6 +233,17 @@ export type TGetActivitiesBody = Omit< > & queryOverrideParams; +export type TGetAppProofsResponse = + operations["PublicApiService_GetAppProofs"]["responses"]["200"]["schema"]; + +export type TGetAppProofsInput = { body: TGetAppProofsBody }; + +export type TGetAppProofsBody = Omit< + operations["PublicApiService_GetAppProofs"]["parameters"]["body"]["body"], + "organizationId" +> & + queryOverrideParams; + export type TListOauth2CredentialsResponse = operations["PublicApiService_ListOauth2Credentials"]["responses"]["200"]["schema"]; diff --git a/packages/sdk-browser/src/__inputs__/public_api.swagger.json b/packages/sdk-browser/src/__inputs__/public_api.swagger.json index 54b8cc154..fbe698888 100644 --- a/packages/sdk-browser/src/__inputs__/public_api.swagger.json +++ b/packages/sdk-browser/src/__inputs__/public_api.swagger.json @@ -708,6 +708,38 @@ "tags": ["Activities"] } }, + "/public/v1/query/list_app_proofs": { + "post": { + "summary": "List app proofs for an activity", + "description": "List the app proofs for the given activity.", + "operationId": "PublicApiService_GetAppProofs", + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v1GetAppProofsResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/rpcStatus" + } + } + }, + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1GetAppProofsRequest" + } + } + ], + "tags": ["App Proof"] + } + }, "/public/v1/query/list_oauth2_credentials": { "post": { "summary": "List OAuth 2.0 Credentials", @@ -3709,6 +3741,14 @@ }, "description": "A list of objects representing a particular User's approval or rejection of a Consensus request, including all relevant metadata." }, + "appProofs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/v1AppProof" + }, + "description": "A list of app proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations." + }, "fingerprint": { "type": "string", "description": "An artifact verifying a User's action." @@ -4007,6 +4047,28 @@ }, "required": ["userName", "userTags", "apiKeys"] }, + "v1AppProof": { + "type": "object", + "properties": { + "scheme": { + "$ref": "#/definitions/v1SignatureScheme", + "description": "Scheme of signing key." + }, + "publicKey": { + "type": "string", + "description": "Ephemeral public key." + }, + "proofPayload": { + "type": "string", + "description": "JSON serialized AppProofPayload." + }, + "signature": { + "type": "string", + "description": "Signature over hashed proof_payload." + } + }, + "required": ["scheme", "publicKey", "proofPayload", "signature"] + }, "v1ApproveActivityIntent": { "type": "object", "properties": { @@ -7023,6 +7085,33 @@ }, "required": ["apiKeys"] }, + "v1GetAppProofsRequest": { + "type": "object", + "properties": { + "organizationId": { + "type": "string", + "description": "Unique identifier for a given Organization." + }, + "activityId": { + "type": "string", + "description": "Unique identifier for a given activity." + } + }, + "required": ["organizationId", "activityId"] + }, + "v1GetAppProofsResponse": { + "type": "object", + "properties": { + "appProofs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/v1AppProof" + } + } + }, + "required": ["appProofs"] + }, "v1GetAttestationDocumentRequest": { "type": "object", "properties": { @@ -9189,6 +9278,10 @@ "invalidateExisting": { "type": "boolean", "description": "Invalidate all other previously generated Login API keys" + }, + "clientSignature": { + "type": "string", + "description": "Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step." } }, "required": ["verificationToken", "publicKey"] @@ -10267,6 +10360,10 @@ }, "required": ["signedTransaction"] }, + "v1SignatureScheme": { + "type": "string", + "enum": ["SIGNATURE_SCHEME_EPHEMERAL_KEY_P256"] + }, "v1SimpleClientExtensionResults": { "type": "object", "properties": { @@ -11328,6 +11425,10 @@ "expirationSeconds": { "type": "string", "description": "Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours)" + }, + "publicKey": { + "type": "string", + "description": "Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature" } }, "required": ["otpId", "otpCode"] diff --git a/packages/sdk-browser/src/__inputs__/public_api.types.ts b/packages/sdk-browser/src/__inputs__/public_api.types.ts index d9e50642a..910d62e81 100644 --- a/packages/sdk-browser/src/__inputs__/public_api.types.ts +++ b/packages/sdk-browser/src/__inputs__/public_api.types.ts @@ -84,6 +84,10 @@ export type paths = { /** List all activities within an organization. */ post: operations["PublicApiService_GetActivities"]; }; + "/public/v1/query/list_app_proofs": { + /** List the app proofs for the given activity. */ + post: operations["PublicApiService_GetAppProofs"]; + }; "/public/v1/query/list_oauth2_credentials": { /** List all OAuth 2.0 credentials within an organization. */ post: operations["PublicApiService_ListOauth2Credentials"]; @@ -568,6 +572,8 @@ export type definitions = { result: definitions["v1Result"]; /** @description A list of objects representing a particular User's approval or rejection of a Consensus request, including all relevant metadata. */ votes: definitions["v1Vote"][]; + /** @description A list of app proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations. */ + appProofs?: definitions["v1AppProof"][]; /** @description An artifact verifying a User's action. */ fingerprint: string; canApprove: boolean; @@ -770,6 +776,16 @@ export type definitions = { /** @description A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: definitions["apiApiKeyParams"][]; }; + v1AppProof: { + /** @description Scheme of signing key. */ + scheme: definitions["v1SignatureScheme"]; + /** @description Ephemeral public key. */ + publicKey: string; + /** @description JSON serialized AppProofPayload. */ + proofPayload: string; + /** @description Signature over hashed proof_payload. */ + signature: string; + }; v1ApproveActivityIntent: { /** @description An artifact verifying a User's action. */ fingerprint: string; @@ -1994,6 +2010,15 @@ export type definitions = { /** @description A list of API keys. */ apiKeys: definitions["v1ApiKey"][]; }; + v1GetAppProofsRequest: { + /** @description Unique identifier for a given Organization. */ + organizationId: string; + /** @description Unique identifier for a given activity. */ + activityId: string; + }; + v1GetAppProofsResponse: { + appProofs: definitions["v1AppProof"][]; + }; v1GetAttestationDocumentRequest: { /** @description Unique identifier for a given organization. */ organizationId: string; @@ -2853,6 +2878,8 @@ export type definitions = { expirationSeconds?: string; /** @description Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; + /** @description Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step. */ + clientSignature?: string; }; v1OtpLoginRequest: { /** @enum {string} */ @@ -3250,6 +3277,8 @@ export type definitions = { v1SignTransactionResult: { signedTransaction: string; }; + /** @enum {string} */ + v1SignatureScheme: "SIGNATURE_SCHEME_EPHEMERAL_KEY_P256"; v1SimpleClientExtensionResults: { appid?: boolean; appidExclude?: boolean; @@ -3684,6 +3713,8 @@ export type definitions = { otpCode: string; /** @description Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours) */ expirationSeconds?: string; + /** @description Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature */ + publicKey?: string; }; v1VerifyOtpRequest: { /** @enum {string} */ @@ -4171,6 +4202,24 @@ export type operations = { }; }; }; + /** List the app proofs for the given activity. */ + PublicApiService_GetAppProofs: { + parameters: { + body: { + body: definitions["v1GetAppProofsRequest"]; + }; + }; + responses: { + /** A successful response. */ + 200: { + schema: definitions["v1GetAppProofsResponse"]; + }; + /** An unexpected error response. */ + default: { + schema: definitions["rpcStatus"]; + }; + }; + }; /** List all OAuth 2.0 credentials within an organization. */ PublicApiService_ListOauth2Credentials: { parameters: { diff --git a/packages/sdk-server/src/__generated__/sdk-client-base.ts b/packages/sdk-server/src/__generated__/sdk-client-base.ts index 1c341d3b0..4f1e4ea88 100644 --- a/packages/sdk-server/src/__generated__/sdk-client-base.ts +++ b/packages/sdk-server/src/__generated__/sdk-client-base.ts @@ -649,6 +649,31 @@ export class TurnkeySDKClientBase { }; }; + getAppProofs = async ( + input: SdkApiTypes.TGetAppProofsBody, + ): Promise => { + return this.request("/public/v1/query/list_app_proofs", { + ...input, + organizationId: input.organizationId ?? this.config.organizationId, + }); + }; + + stampGetAppProofs = async ( + input: SdkApiTypes.TGetAppProofsBody, + ): Promise => { + if (!this.stamper) { + return undefined; + } + const fullUrl = this.config.apiBaseUrl + "/public/v1/query/list_app_proofs"; + const body = JSON.stringify(input); + const stamp = await this.stamper.stamp(body); + return { + body: body, + stamp: stamp, + url: fullUrl, + }; + }; + listOauth2Credentials = async ( input: SdkApiTypes.TListOauth2CredentialsBody, ): Promise => { diff --git a/packages/sdk-server/src/__generated__/sdk_api_types.ts b/packages/sdk-server/src/__generated__/sdk_api_types.ts index fe09a4b79..baae0b97e 100644 --- a/packages/sdk-server/src/__generated__/sdk_api_types.ts +++ b/packages/sdk-server/src/__generated__/sdk_api_types.ts @@ -233,6 +233,17 @@ export type TGetActivitiesBody = Omit< > & queryOverrideParams; +export type TGetAppProofsResponse = + operations["PublicApiService_GetAppProofs"]["responses"]["200"]["schema"]; + +export type TGetAppProofsInput = { body: TGetAppProofsBody }; + +export type TGetAppProofsBody = Omit< + operations["PublicApiService_GetAppProofs"]["parameters"]["body"]["body"], + "organizationId" +> & + queryOverrideParams; + export type TListOauth2CredentialsResponse = operations["PublicApiService_ListOauth2Credentials"]["responses"]["200"]["schema"]; diff --git a/packages/sdk-server/src/__inputs__/public_api.swagger.json b/packages/sdk-server/src/__inputs__/public_api.swagger.json index 54b8cc154..fbe698888 100644 --- a/packages/sdk-server/src/__inputs__/public_api.swagger.json +++ b/packages/sdk-server/src/__inputs__/public_api.swagger.json @@ -708,6 +708,38 @@ "tags": ["Activities"] } }, + "/public/v1/query/list_app_proofs": { + "post": { + "summary": "List app proofs for an activity", + "description": "List the app proofs for the given activity.", + "operationId": "PublicApiService_GetAppProofs", + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v1GetAppProofsResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/rpcStatus" + } + } + }, + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1GetAppProofsRequest" + } + } + ], + "tags": ["App Proof"] + } + }, "/public/v1/query/list_oauth2_credentials": { "post": { "summary": "List OAuth 2.0 Credentials", @@ -3709,6 +3741,14 @@ }, "description": "A list of objects representing a particular User's approval or rejection of a Consensus request, including all relevant metadata." }, + "appProofs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/v1AppProof" + }, + "description": "A list of app proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations." + }, "fingerprint": { "type": "string", "description": "An artifact verifying a User's action." @@ -4007,6 +4047,28 @@ }, "required": ["userName", "userTags", "apiKeys"] }, + "v1AppProof": { + "type": "object", + "properties": { + "scheme": { + "$ref": "#/definitions/v1SignatureScheme", + "description": "Scheme of signing key." + }, + "publicKey": { + "type": "string", + "description": "Ephemeral public key." + }, + "proofPayload": { + "type": "string", + "description": "JSON serialized AppProofPayload." + }, + "signature": { + "type": "string", + "description": "Signature over hashed proof_payload." + } + }, + "required": ["scheme", "publicKey", "proofPayload", "signature"] + }, "v1ApproveActivityIntent": { "type": "object", "properties": { @@ -7023,6 +7085,33 @@ }, "required": ["apiKeys"] }, + "v1GetAppProofsRequest": { + "type": "object", + "properties": { + "organizationId": { + "type": "string", + "description": "Unique identifier for a given Organization." + }, + "activityId": { + "type": "string", + "description": "Unique identifier for a given activity." + } + }, + "required": ["organizationId", "activityId"] + }, + "v1GetAppProofsResponse": { + "type": "object", + "properties": { + "appProofs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/v1AppProof" + } + } + }, + "required": ["appProofs"] + }, "v1GetAttestationDocumentRequest": { "type": "object", "properties": { @@ -9189,6 +9278,10 @@ "invalidateExisting": { "type": "boolean", "description": "Invalidate all other previously generated Login API keys" + }, + "clientSignature": { + "type": "string", + "description": "Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step." } }, "required": ["verificationToken", "publicKey"] @@ -10267,6 +10360,10 @@ }, "required": ["signedTransaction"] }, + "v1SignatureScheme": { + "type": "string", + "enum": ["SIGNATURE_SCHEME_EPHEMERAL_KEY_P256"] + }, "v1SimpleClientExtensionResults": { "type": "object", "properties": { @@ -11328,6 +11425,10 @@ "expirationSeconds": { "type": "string", "description": "Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours)" + }, + "publicKey": { + "type": "string", + "description": "Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature" } }, "required": ["otpId", "otpCode"] diff --git a/packages/sdk-server/src/__inputs__/public_api.types.ts b/packages/sdk-server/src/__inputs__/public_api.types.ts index d9e50642a..910d62e81 100644 --- a/packages/sdk-server/src/__inputs__/public_api.types.ts +++ b/packages/sdk-server/src/__inputs__/public_api.types.ts @@ -84,6 +84,10 @@ export type paths = { /** List all activities within an organization. */ post: operations["PublicApiService_GetActivities"]; }; + "/public/v1/query/list_app_proofs": { + /** List the app proofs for the given activity. */ + post: operations["PublicApiService_GetAppProofs"]; + }; "/public/v1/query/list_oauth2_credentials": { /** List all OAuth 2.0 credentials within an organization. */ post: operations["PublicApiService_ListOauth2Credentials"]; @@ -568,6 +572,8 @@ export type definitions = { result: definitions["v1Result"]; /** @description A list of objects representing a particular User's approval or rejection of a Consensus request, including all relevant metadata. */ votes: definitions["v1Vote"][]; + /** @description A list of app proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations. */ + appProofs?: definitions["v1AppProof"][]; /** @description An artifact verifying a User's action. */ fingerprint: string; canApprove: boolean; @@ -770,6 +776,16 @@ export type definitions = { /** @description A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: definitions["apiApiKeyParams"][]; }; + v1AppProof: { + /** @description Scheme of signing key. */ + scheme: definitions["v1SignatureScheme"]; + /** @description Ephemeral public key. */ + publicKey: string; + /** @description JSON serialized AppProofPayload. */ + proofPayload: string; + /** @description Signature over hashed proof_payload. */ + signature: string; + }; v1ApproveActivityIntent: { /** @description An artifact verifying a User's action. */ fingerprint: string; @@ -1994,6 +2010,15 @@ export type definitions = { /** @description A list of API keys. */ apiKeys: definitions["v1ApiKey"][]; }; + v1GetAppProofsRequest: { + /** @description Unique identifier for a given Organization. */ + organizationId: string; + /** @description Unique identifier for a given activity. */ + activityId: string; + }; + v1GetAppProofsResponse: { + appProofs: definitions["v1AppProof"][]; + }; v1GetAttestationDocumentRequest: { /** @description Unique identifier for a given organization. */ organizationId: string; @@ -2853,6 +2878,8 @@ export type definitions = { expirationSeconds?: string; /** @description Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; + /** @description Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step. */ + clientSignature?: string; }; v1OtpLoginRequest: { /** @enum {string} */ @@ -3250,6 +3277,8 @@ export type definitions = { v1SignTransactionResult: { signedTransaction: string; }; + /** @enum {string} */ + v1SignatureScheme: "SIGNATURE_SCHEME_EPHEMERAL_KEY_P256"; v1SimpleClientExtensionResults: { appid?: boolean; appidExclude?: boolean; @@ -3684,6 +3713,8 @@ export type definitions = { otpCode: string; /** @description Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours) */ expirationSeconds?: string; + /** @description Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature */ + publicKey?: string; }; v1VerifyOtpRequest: { /** @enum {string} */ @@ -4171,6 +4202,24 @@ export type operations = { }; }; }; + /** List the app proofs for the given activity. */ + PublicApiService_GetAppProofs: { + parameters: { + body: { + body: definitions["v1GetAppProofsRequest"]; + }; + }; + responses: { + /** A successful response. */ + 200: { + schema: definitions["v1GetAppProofsResponse"]; + }; + /** An unexpected error response. */ + default: { + schema: definitions["rpcStatus"]; + }; + }; + }; /** List all OAuth 2.0 credentials within an organization. */ PublicApiService_ListOauth2Credentials: { parameters: { diff --git a/packages/sdk-types/src/__generated__/types.ts b/packages/sdk-types/src/__generated__/types.ts index 58e2fc091..81c7d4677 100644 --- a/packages/sdk-types/src/__generated__/types.ts +++ b/packages/sdk-types/src/__generated__/types.ts @@ -176,6 +176,8 @@ export type v1Activity = { result: v1Result; /** A list of objects representing a particular User's approval or rejection of a Consensus request, including all relevant metadata. */ votes: v1Vote[]; + /** A list of app proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations. */ + appProofs?: v1AppProof[]; /** An artifact verifying a User's action. */ fingerprint: string; canApprove: boolean; @@ -380,6 +382,17 @@ export type v1ApiOnlyUserParams = { apiKeys: apiApiKeyParams[]; }; +export type v1AppProof = { + /** Scheme of signing key. */ + scheme: v1SignatureScheme; + /** Ephemeral public key. */ + publicKey: string; + /** JSON serialized AppProofPayload. */ + proofPayload: string; + /** Signature over hashed proof_payload. */ + signature: string; +}; + export type v1ApproveActivityIntent = { /** An artifact verifying a User's action. */ fingerprint: string; @@ -1697,6 +1710,17 @@ export type v1GetApiKeysResponse = { apiKeys: v1ApiKey[]; }; +export type v1GetAppProofsRequest = { + /** Unique identifier for a given Organization. */ + organizationId: string; + /** Unique identifier for a given activity. */ + activityId: string; +}; + +export type v1GetAppProofsResponse = { + appProofs: v1AppProof[]; +}; + export type v1GetAttestationDocumentRequest = { /** Unique identifier for a given organization. */ organizationId: string; @@ -2635,6 +2659,8 @@ export type v1OtpLoginIntent = { expirationSeconds?: string; /** Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; + /** Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step. */ + clientSignature?: string; }; export type v1OtpLoginRequest = { @@ -3060,6 +3086,8 @@ export type v1SignTransactionResult = { signedTransaction: string; }; +export type v1SignatureScheme = "SIGNATURE_SCHEME_EPHEMERAL_KEY_P256"; + export type v1SimpleClientExtensionResults = { appid?: boolean; appidExclude?: boolean; @@ -3511,6 +3539,8 @@ export type v1VerifyOtpIntent = { otpCode: string; /** Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours) */ expirationSeconds?: string; + /** Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature */ + publicKey?: string; }; export type v1VerifyOtpRequest = { @@ -3899,6 +3929,18 @@ export type TGetActivitiesBody = { export type TGetActivitiesInput = { body: TGetActivitiesBody }; +export type TGetAppProofsResponse = { + appProofs: v1AppProof[]; +}; + +export type TGetAppProofsBody = { + organizationId?: string; + /** Unique identifier for a given activity. */ + activityId: string; +}; + +export type TGetAppProofsInput = { body: TGetAppProofsBody }; + export type TListOauth2CredentialsResponse = { oauth2Credentials: v1Oauth2Credential[]; }; @@ -5056,6 +5098,8 @@ export type TOtpLoginBody = { expirationSeconds?: string; /** Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; + /** Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step. */ + clientSignature?: string; }; export type TOtpLoginInput = { body: TOtpLoginBody }; @@ -5422,6 +5466,8 @@ export type TVerifyOtpBody = { otpCode: string; /** Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours) */ expirationSeconds?: string; + /** Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature */ + publicKey?: string; }; export type TVerifyOtpInput = { body: TVerifyOtpBody }; @@ -5521,6 +5567,8 @@ export type ProxyTOtpLoginBody = { publicKey: string; /** Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; + /** Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step. */ + clientSignature?: string; }; export type ProxyTOtpLoginInput = { body: ProxyTOtpLoginBody }; @@ -5535,12 +5583,18 @@ export type ProxyTVerifyOtpBody = { otpId: string; /** OTP sent out to a user's contact (email or SMS) */ otpCode: string; + /** Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature */ + publicKey?: string; }; export type ProxyTVerifyOtpInput = { body: ProxyTVerifyOtpBody }; export type ProxyTSignupResponse = { organizationId: string; + /** Wallet created for the sub-organization, if provided in the request */ + wallet?: v1WalletResult; + /** Root user ID created for this sub-organization */ + userId: string; }; export type ProxyTSignupBody = { @@ -5573,6 +5627,8 @@ export type ProxyTGetWalletKitConfigResponse = { oauthClientIds?: Record; /** OAuth redirect URL to be used for social login flows. */ oauthRedirectUrl?: string; + otpAlphanumeric?: boolean; + otpLength?: string; }; export type ProxyTGetWalletKitConfigBody = {}; diff --git a/packages/sdk-types/src/__inputs__/auth_proxy.swagger.json b/packages/sdk-types/src/__inputs__/auth_proxy.swagger.json index c8c471d51..ad7bad980 100644 --- a/packages/sdk-types/src/__inputs__/auth_proxy.swagger.json +++ b/packages/sdk-types/src/__inputs__/auth_proxy.swagger.json @@ -490,6 +490,12 @@ "type": "string", "description": "OAuth redirect URL to be used for social login flows.", "title": "OAuth Redirect URL" + }, + "otpAlphanumeric": { + "type": "boolean" + }, + "otpLength": { + "type": "string" } }, "required": [ @@ -582,6 +588,10 @@ "invalidateExisting": { "type": "boolean", "description": "Invalidate all other previously generated Login API keys" + }, + "organizationId": { + "type": "string", + "description": "Unique identifier for a given Organization. If provided, this organization id will be used directly. If omitted, uses the OIDC token to look up the associated organization id." } }, "required": ["oidcToken", "publicKey"] @@ -628,6 +638,14 @@ "invalidateExisting": { "type": "boolean", "description": "Invalidate all other previously generated Login API keys" + }, + "organizationId": { + "type": "string", + "description": "Unique identifier for a given Organization. If provided, this organization id will be used directly. If omitted, uses the verification token to look up the verified sub-organization based on the contact and verification type." + }, + "clientSignature": { + "type": "string", + "description": "Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step." } }, "required": ["verificationToken", "publicKey"] @@ -703,9 +721,19 @@ "properties": { "organizationId": { "type": "string" + }, + "wallet": { + "$ref": "#/definitions/v1WalletResult", + "description": "Wallet created for the sub-organization, if provided in the request", + "title": "Wallet" + }, + "userId": { + "type": "string", + "description": "Root user ID created for this sub-organization", + "title": "User ID" } }, - "required": ["organizationId"] + "required": ["organizationId", "userId"] }, "v1VerifyOtpRequest": { "type": "object", @@ -717,6 +745,10 @@ "otpCode": { "type": "string", "description": "OTP sent out to a user's contact (email or SMS)" + }, + "publicKey": { + "type": "string", + "description": "Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature" } }, "required": ["otpId", "otpCode"] @@ -775,6 +807,22 @@ } }, "required": ["walletName", "accounts"] + }, + "v1WalletResult": { + "type": "object", + "properties": { + "walletId": { + "type": "string" + }, + "addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of account addresses." + } + }, + "required": ["walletId", "addresses"] } } } diff --git a/packages/sdk-types/src/__inputs__/public_api.swagger.json b/packages/sdk-types/src/__inputs__/public_api.swagger.json index 54b8cc154..fbe698888 100644 --- a/packages/sdk-types/src/__inputs__/public_api.swagger.json +++ b/packages/sdk-types/src/__inputs__/public_api.swagger.json @@ -708,6 +708,38 @@ "tags": ["Activities"] } }, + "/public/v1/query/list_app_proofs": { + "post": { + "summary": "List app proofs for an activity", + "description": "List the app proofs for the given activity.", + "operationId": "PublicApiService_GetAppProofs", + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v1GetAppProofsResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/rpcStatus" + } + } + }, + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1GetAppProofsRequest" + } + } + ], + "tags": ["App Proof"] + } + }, "/public/v1/query/list_oauth2_credentials": { "post": { "summary": "List OAuth 2.0 Credentials", @@ -3709,6 +3741,14 @@ }, "description": "A list of objects representing a particular User's approval or rejection of a Consensus request, including all relevant metadata." }, + "appProofs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/v1AppProof" + }, + "description": "A list of app proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations." + }, "fingerprint": { "type": "string", "description": "An artifact verifying a User's action." @@ -4007,6 +4047,28 @@ }, "required": ["userName", "userTags", "apiKeys"] }, + "v1AppProof": { + "type": "object", + "properties": { + "scheme": { + "$ref": "#/definitions/v1SignatureScheme", + "description": "Scheme of signing key." + }, + "publicKey": { + "type": "string", + "description": "Ephemeral public key." + }, + "proofPayload": { + "type": "string", + "description": "JSON serialized AppProofPayload." + }, + "signature": { + "type": "string", + "description": "Signature over hashed proof_payload." + } + }, + "required": ["scheme", "publicKey", "proofPayload", "signature"] + }, "v1ApproveActivityIntent": { "type": "object", "properties": { @@ -7023,6 +7085,33 @@ }, "required": ["apiKeys"] }, + "v1GetAppProofsRequest": { + "type": "object", + "properties": { + "organizationId": { + "type": "string", + "description": "Unique identifier for a given Organization." + }, + "activityId": { + "type": "string", + "description": "Unique identifier for a given activity." + } + }, + "required": ["organizationId", "activityId"] + }, + "v1GetAppProofsResponse": { + "type": "object", + "properties": { + "appProofs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/v1AppProof" + } + } + }, + "required": ["appProofs"] + }, "v1GetAttestationDocumentRequest": { "type": "object", "properties": { @@ -9189,6 +9278,10 @@ "invalidateExisting": { "type": "boolean", "description": "Invalidate all other previously generated Login API keys" + }, + "clientSignature": { + "type": "string", + "description": "Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step." } }, "required": ["verificationToken", "publicKey"] @@ -10267,6 +10360,10 @@ }, "required": ["signedTransaction"] }, + "v1SignatureScheme": { + "type": "string", + "enum": ["SIGNATURE_SCHEME_EPHEMERAL_KEY_P256"] + }, "v1SimpleClientExtensionResults": { "type": "object", "properties": { @@ -11328,6 +11425,10 @@ "expirationSeconds": { "type": "string", "description": "Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours)" + }, + "publicKey": { + "type": "string", + "description": "Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature" } }, "required": ["otpId", "otpCode"] diff --git a/packages/sdk-types/src/__inputs__/public_api.types.ts b/packages/sdk-types/src/__inputs__/public_api.types.ts index d9e50642a..910d62e81 100644 --- a/packages/sdk-types/src/__inputs__/public_api.types.ts +++ b/packages/sdk-types/src/__inputs__/public_api.types.ts @@ -84,6 +84,10 @@ export type paths = { /** List all activities within an organization. */ post: operations["PublicApiService_GetActivities"]; }; + "/public/v1/query/list_app_proofs": { + /** List the app proofs for the given activity. */ + post: operations["PublicApiService_GetAppProofs"]; + }; "/public/v1/query/list_oauth2_credentials": { /** List all OAuth 2.0 credentials within an organization. */ post: operations["PublicApiService_ListOauth2Credentials"]; @@ -568,6 +572,8 @@ export type definitions = { result: definitions["v1Result"]; /** @description A list of objects representing a particular User's approval or rejection of a Consensus request, including all relevant metadata. */ votes: definitions["v1Vote"][]; + /** @description A list of app proofs generated by enclaves during activity execution, providing verifiable attestations of performed operations. */ + appProofs?: definitions["v1AppProof"][]; /** @description An artifact verifying a User's action. */ fingerprint: string; canApprove: boolean; @@ -770,6 +776,16 @@ export type definitions = { /** @description A list of API Key parameters. This field, if not needed, should be an empty array in your request body. */ apiKeys: definitions["apiApiKeyParams"][]; }; + v1AppProof: { + /** @description Scheme of signing key. */ + scheme: definitions["v1SignatureScheme"]; + /** @description Ephemeral public key. */ + publicKey: string; + /** @description JSON serialized AppProofPayload. */ + proofPayload: string; + /** @description Signature over hashed proof_payload. */ + signature: string; + }; v1ApproveActivityIntent: { /** @description An artifact verifying a User's action. */ fingerprint: string; @@ -1994,6 +2010,15 @@ export type definitions = { /** @description A list of API keys. */ apiKeys: definitions["v1ApiKey"][]; }; + v1GetAppProofsRequest: { + /** @description Unique identifier for a given Organization. */ + organizationId: string; + /** @description Unique identifier for a given activity. */ + activityId: string; + }; + v1GetAppProofsResponse: { + appProofs: definitions["v1AppProof"][]; + }; v1GetAttestationDocumentRequest: { /** @description Unique identifier for a given organization. */ organizationId: string; @@ -2853,6 +2878,8 @@ export type definitions = { expirationSeconds?: string; /** @description Invalidate all other previously generated Login API keys */ invalidateExisting?: boolean; + /** @description Optional signature associated with the public key passed into the verification step. This must be a hex-encoded ECDSA signature over the verification token. Only required if a public key was provided during the verification step. */ + clientSignature?: string; }; v1OtpLoginRequest: { /** @enum {string} */ @@ -3250,6 +3277,8 @@ export type definitions = { v1SignTransactionResult: { signedTransaction: string; }; + /** @enum {string} */ + v1SignatureScheme: "SIGNATURE_SCHEME_EPHEMERAL_KEY_P256"; v1SimpleClientExtensionResults: { appid?: boolean; appidExclude?: boolean; @@ -3684,6 +3713,8 @@ export type definitions = { otpCode: string; /** @description Expiration window (in seconds) indicating how long the verification token is valid for. If not provided, a default of 1 hour will be used. Maximum value is 86400 seconds (24 hours) */ expirationSeconds?: string; + /** @description Client-side public key generated by the user, which will be added to the JWT response and verified in subsequent requests via a client proof signature */ + publicKey?: string; }; v1VerifyOtpRequest: { /** @enum {string} */ @@ -4171,6 +4202,24 @@ export type operations = { }; }; }; + /** List the app proofs for the given activity. */ + PublicApiService_GetAppProofs: { + parameters: { + body: { + body: definitions["v1GetAppProofsRequest"]; + }; + }; + responses: { + /** A successful response. */ + 200: { + schema: definitions["v1GetAppProofsResponse"]; + }; + /** An unexpected error response. */ + default: { + schema: definitions["rpcStatus"]; + }; + }; + }; /** List all OAuth 2.0 credentials within an organization. */ PublicApiService_ListOauth2Credentials: { parameters: {