This document provides migration guides between versions which introduced breaking changes.
The CubeSigner TypeScript SDK provides client-side utilities for calling the remote CubeSigner REST API.
Two clients are provided:
- low-level
ApiClient(defined inpackages/sdk/src/client/api_client.ts) - higher-level
CubeSignerClient(defined inpackages/sdk/src/client.ts).
ApiClient is a strongly-typed thin wrapper around the remote CubeSigner API.
As such, it primarily operates on primitive JavaScript values and plain objects, i.e., it takes
plain values as inputs, uses them to construct an HTTP request, calls the
API and returns the response as a plain JSON object.
One notable exception to this rule are the methods that return CubeSignerResponse<U>,
which is not a plain JSON object.
Many CubeSigner API requests may require Multi-User or Multi-Factor Authentication (for short MFA), and so,
whenever that's the case the ApiClient returns a CubeSignerResponse<U> instance
to help you deal with MFAs (e.g., call requiresMfa() to see if MFA is required, then
subsequently approve or reject it). When MFA is not required, the underlying JSON
response is accessible via the data() method.
The method names in the ApiClient class tend to follow the underlying HTTP request route, e.g.,
roleGetforGET /v0/org/{org_id}/roles/{role_id}roleKeysRemoveforDELETE /v0/org/{org_id}/roles/{role_id}/keys/{key_id}.
The higher-level client, CubeSignerClient, does not directly expose the methods
from ApiClient and instead provides more structured data types with more friendly
method names.
The CubeSignerClient class is meant to be the starting point of your interactions
with this SDK and the CubeSigner API. It is essentially a representation of a session.
Most of the CubeSignerMethods return an instance of a higher-level class like, Org,
Key, Role, MfaRequest. Such classes are designed to reflect the object hierarchy (e.g., keys belong to orgs) and provide convenient access to CubeSigner
services, e.g., without having to pass plain string IDs. To achieve that goal, they
embed a low-level client, typically carry some additional state (often hidden in private
fields), implement internal mutations, and sometimes even allow external mutations.
As such, unlike the plain JavaScript objects, they are not suitable for
caching, cloning, and/or serialization.
-
SessionStorageinterface removed- what used to be split between
SessionStorageandSignerSessionManageris now unified behind a singleSessionManagerinterface; the following concrete implementation are provided:MemorySessionManagerJsonFileSessionManager(by the@cubist-labs/cubesigner-sdk-fs-storagepackage)BrowserStorageManager(by the@cubist-labs/cubesigner-sdk-browser-storagepackage)
- what used to be split between
-
CubeSignerClientinstantiation- to instantiate from default default management session, what used to be
now is
const client = await cs.loadManagementSession();
const mgr = cs.defaultManagementSessionManager(); const client = await cs.CubeSignerClient.create(mgr);
- to instantiate from file, what used to be
now is
const fileStorage = new cs.JsonFileSessionStorage<cs.SignerSessionData>( "management-session.json", ); const mgr = await cs.SignerSessionManager.loadFromStorage(fileStorage); const client = new cs.CubeSignerClient(mgr);
const fileStorage = new cs.JsonFileSessionManager("management-session.json"); const client = await cs.CubeSignerClient.create(fileStorage);
- to instantiate from default default management session, what used to be
-
SignerSessionDatarenamed toSessionData -
KeyInfoApirenamed toKeyInfo -
CubeSignerClientandOrgdo not directly expose the methods fromApiClient- those methods are still available via the
apiClientreadonly property (e.g.,client.apiClient.orgGet()) - examples of removed methods
orgGet,orgUserInvite,orgUsersList,keysCreate, ...
- most of the time, the same functionality exists in higher-level classes, e.g.,
await client.org().createUser()await client.org().users()await client.org().createKey(...)
- those methods are still available via the
-
OidcClientclass deleted-
the methods from the old
OidcClientclass are now static methods onCubeSignerClientCubeSignerClient.createOidcSessionCubeSignerClient.proveOidcIdentity
For example, what used to be
const oidcClient = new OidcClient(env, orgId, token); const resp = await oidcClient.sessionCreate(["manage:*", "sign:*"]);
now is
const resp = await CubeSignerClient.createOidcSession(env, orgId, token, [ "manage:*", "sign:*", ]);
-
-
CubeSignerResponse.mfaSessionInfo()method replaced withmfaClient()- the new method returns a
CubeSignerClientinstance, so what used to benow isconst sessionInfo = resp.mfaSessionInfo(); const mgr = await SignerSessionManager.createFromSessionInfo(deploy, orgId, sessionInfo); const client = new CubeSignerClient(mgr);
const client = await resp.mfaClient();
- the new method returns a