npm - @authhero/adapter-interfaces - Versions diffs - 0.148.0 → 0.149.0 - Mend

@authhero/adapter-interfaces 0.148.0 → 0.149.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/adapter-interfaces.cjs +1 -1
package/dist/adapter-interfaces.d.ts +153 -8
package/dist/adapter-interfaces.mjs +472 -433
package/package.json +1 -1

package/dist/adapter-interfaces.d.ts CHANGED Viewed

@@ -10368,6 +10368,7 @@ export declare const codeTypeSchema: z.ZodEnum<[
 	"password_reset",
 	"email_verification",
 	"otp",
+	"mfa_otp",
 	"authorization_code",
 	"oauth2_state",
 	"ticket"
@@ -10381,6 +10382,7 @@ export declare const codeInsertSchema: z.ZodObject<{
 		"password_reset",
 		"email_verification",
 		"otp",
+		"mfa_otp",
 		"authorization_code",
 		"oauth2_state",
 		"ticket"
@@ -10392,6 +10394,7 @@ export declare const codeInsertSchema: z.ZodObject<{
 		"S256"
 	]>>;
 	redirect_uri: z.ZodOptional<z.ZodString>;
+	otp: z.ZodOptional<z.ZodString>;
 	nonce: z.ZodOptional<z.ZodString>;
 	state: z.ZodOptional<z.ZodString>;
 	expires_at: z.ZodString;
@@ -10400,7 +10403,7 @@ export declare const codeInsertSchema: z.ZodObject<{
 }, "strip", z.ZodTypeAny, {
 	code_id: string;
 	login_id: string;
-	code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
+	code_type: "password_reset" | "email_verification" | "otp" | "mfa_otp" | "authorization_code" | "oauth2_state" | "ticket";
 	expires_at: string;
 	connection_id?: string | undefined;
 	user_id?: string | undefined;
@@ -10409,12 +10412,13 @@ export declare const codeInsertSchema: z.ZodObject<{
 	nonce?: string | undefined;
 	code_challenge_method?: "S256" | "plain" | undefined;
 	code_challenge?: string | undefined;
+	otp?: string | undefined;
 	code_verifier?: string | undefined;
 	used_at?: string | undefined;
 }, {
 	code_id: string;
 	login_id: string;
-	code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
+	code_type: "password_reset" | "email_verification" | "otp" | "mfa_otp" | "authorization_code" | "oauth2_state" | "ticket";
 	expires_at: string;
 	connection_id?: string | undefined;
 	user_id?: string | undefined;
@@ -10423,6 +10427,7 @@ export declare const codeInsertSchema: z.ZodObject<{
 	nonce?: string | undefined;
 	code_challenge_method?: "S256" | "plain" | undefined;
 	code_challenge?: string | undefined;
+	otp?: string | undefined;
 	code_verifier?: string | undefined;
 	used_at?: string | undefined;
 }>;
@@ -10436,6 +10441,7 @@ export declare const codeSchema: z.ZodObject<{
 		"password_reset",
 		"email_verification",
 		"otp",
+		"mfa_otp",
 		"authorization_code",
 		"oauth2_state",
 		"ticket"
@@ -10447,6 +10453,7 @@ export declare const codeSchema: z.ZodObject<{
 		"S256"
 	]>>;
 	redirect_uri: z.ZodOptional<z.ZodString>;
+	otp: z.ZodOptional<z.ZodString>;
 	nonce: z.ZodOptional<z.ZodString>;
 	state: z.ZodOptional<z.ZodString>;
 	expires_at: z.ZodString;
@@ -10456,7 +10463,7 @@ export declare const codeSchema: z.ZodObject<{
 	created_at: string;
 	code_id: string;
 	login_id: string;
-	code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
+	code_type: "password_reset" | "email_verification" | "otp" | "mfa_otp" | "authorization_code" | "oauth2_state" | "ticket";
 	expires_at: string;
 	connection_id?: string | undefined;
 	user_id?: string | undefined;
@@ -10465,13 +10472,14 @@ export declare const codeSchema: z.ZodObject<{
 	nonce?: string | undefined;
 	code_challenge_method?: "S256" | "plain" | undefined;
 	code_challenge?: string | undefined;
+	otp?: string | undefined;
 	code_verifier?: string | undefined;
 	used_at?: string | undefined;
 }, {
 	created_at: string;
 	code_id: string;
 	login_id: string;
-	code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
+	code_type: "password_reset" | "email_verification" | "otp" | "mfa_otp" | "authorization_code" | "oauth2_state" | "ticket";
 	expires_at: string;
 	connection_id?: string | undefined;
 	user_id?: string | undefined;
@@ -10480,6 +10488,7 @@ export declare const codeSchema: z.ZodObject<{
 	nonce?: string | undefined;
 	code_challenge_method?: "S256" | "plain" | undefined;
 	code_challenge?: string | undefined;
+	otp?: string | undefined;
 	code_verifier?: string | undefined;
 	used_at?: string | undefined;
 }>;
@@ -41924,6 +41933,8 @@ export declare enum LoginSessionState {
 	AUTHENTICATED = "authenticated",
 	/** Waiting for email verification */
 	AWAITING_EMAIL_VERIFICATION = "awaiting_email_verification",
+	/** Waiting for MFA verification */
+	AWAITING_MFA = "awaiting_mfa",
 	/** Waiting for hook/flow completion (form, page redirect) */
 	AWAITING_HOOK = "awaiting_hook",
 	/** Waiting for user to complete action on continuation page (change-email, account, etc.) */
@@ -43192,6 +43203,10 @@ export declare const tenantInsertSchema: z.ZodObject<{
 	pushed_authorization_requests_supported: z.ZodOptional<z.ZodBoolean>;
 	authorization_response_iss_parameter_supported: z.ZodOptional<z.ZodBoolean>;
 	mfa: z.ZodOptional<z.ZodObject<{
+		policy: z.ZodOptional<z.ZodDefault<z.ZodEnum<[
+			"never",
+			"always"
+		]>>>;
 		factors: z.ZodOptional<z.ZodObject<{
 			sms: z.ZodDefault<z.ZodBoolean>;
 			otp: z.ZodDefault<z.ZodBoolean>;
@@ -43256,6 +43271,7 @@ export declare const tenantInsertSchema: z.ZodObject<{
 			message?: string | undefined;
 		}>>;
 	}, "strip", z.ZodTypeAny, {
+		policy?: "never" | "always" | undefined;
 		factors?: {
 			email: boolean;
 			otp: boolean;
@@ -43279,6 +43295,7 @@ export declare const tenantInsertSchema: z.ZodObject<{
 			message?: string | undefined;
 		} | undefined;
 	}, {
+		policy?: "never" | "always" | undefined;
 		factors?: {
 			email?: boolean | undefined;
 			otp?: boolean | undefined;
@@ -43402,6 +43419,7 @@ export declare const tenantInsertSchema: z.ZodObject<{
 	pushed_authorization_requests_supported?: boolean | undefined;
 	authorization_response_iss_parameter_supported?: boolean | undefined;
 	mfa?: {
+		policy?: "never" | "always" | undefined;
 		factors?: {
 			email: boolean;
 			otp: boolean;
@@ -43525,6 +43543,7 @@ export declare const tenantInsertSchema: z.ZodObject<{
 	pushed_authorization_requests_supported?: boolean | undefined;
 	authorization_response_iss_parameter_supported?: boolean | undefined;
 	mfa?: {
+		policy?: "never" | "always" | undefined;
 		factors?: {
 			email?: boolean | undefined;
 			otp?: boolean | undefined;
@@ -43787,6 +43806,10 @@ export declare const tenantSchema: z.ZodObject<{
 	pushed_authorization_requests_supported: z.ZodOptional<z.ZodBoolean>;
 	authorization_response_iss_parameter_supported: z.ZodOptional<z.ZodBoolean>;
 	mfa: z.ZodOptional<z.ZodObject<{
+		policy: z.ZodOptional<z.ZodDefault<z.ZodEnum<[
+			"never",
+			"always"
+		]>>>;
 		factors: z.ZodOptional<z.ZodObject<{
 			sms: z.ZodDefault<z.ZodBoolean>;
 			otp: z.ZodDefault<z.ZodBoolean>;
@@ -43851,6 +43874,7 @@ export declare const tenantSchema: z.ZodObject<{
 			message?: string | undefined;
 		}>>;
 	}, "strip", z.ZodTypeAny, {
+		policy?: "never" | "always" | undefined;
 		factors?: {
 			email: boolean;
 			otp: boolean;
@@ -43874,6 +43898,7 @@ export declare const tenantSchema: z.ZodObject<{
 			message?: string | undefined;
 		} | undefined;
 	}, {
+		policy?: "never" | "always" | undefined;
 		factors?: {
 			email?: boolean | undefined;
 			otp?: boolean | undefined;
@@ -44001,6 +44026,7 @@ export declare const tenantSchema: z.ZodObject<{
 	pushed_authorization_requests_supported?: boolean | undefined;
 	authorization_response_iss_parameter_supported?: boolean | undefined;
 	mfa?: {
+		policy?: "never" | "always" | undefined;
 		factors?: {
 			email: boolean;
 			otp: boolean;
@@ -44126,6 +44152,7 @@ export declare const tenantSchema: z.ZodObject<{
 	pushed_authorization_requests_supported?: boolean | undefined;
 	authorization_response_iss_parameter_supported?: boolean | undefined;
 	mfa?: {
+		policy?: "never" | "always" | undefined;
 		factors?: {
 			email?: boolean | undefined;
 			otp?: boolean | undefined;
@@ -46875,6 +46902,10 @@ export declare const tenantSettingsSchema: z.ZodObject<{
 		oidc_logout_prompt_enabled?: boolean | undefined;
 	}>>;
 	mfa: z.ZodOptional<z.ZodObject<{
+		policy: z.ZodOptional<z.ZodDefault<z.ZodEnum<[
+			"never",
+			"always"
+		]>>>;
 		factors: z.ZodOptional<z.ZodObject<{
 			sms: z.ZodDefault<z.ZodBoolean>;
 			otp: z.ZodDefault<z.ZodBoolean>;
@@ -46939,6 +46970,7 @@ export declare const tenantSettingsSchema: z.ZodObject<{
 			message?: string | undefined;
 		}>>;
 	}, "strip", z.ZodTypeAny, {
+		policy?: "never" | "always" | undefined;
 		factors?: {
 			email: boolean;
 			otp: boolean;
@@ -46962,6 +46994,7 @@ export declare const tenantSettingsSchema: z.ZodObject<{
 			message?: string | undefined;
 		} | undefined;
 	}, {
+		policy?: "never" | "always" | undefined;
 		factors?: {
 			email?: boolean | undefined;
 			otp?: boolean | undefined;
@@ -47043,6 +47076,7 @@ export declare const tenantSettingsSchema: z.ZodObject<{
 		oidc_logout_prompt_enabled?: boolean | undefined;
 	} | undefined;
 	mfa?: {
+		policy?: "never" | "always" | undefined;
 		factors?: {
 			email: boolean;
 			otp: boolean;
@@ -47124,6 +47158,7 @@ export declare const tenantSettingsSchema: z.ZodObject<{
 		oidc_logout_prompt_enabled?: boolean | undefined;
 	} | undefined;
 	mfa?: {
+		policy?: "never" | "always" | undefined;
 		factors?: {
 			email?: boolean | undefined;
 			otp?: boolean | undefined;
@@ -47193,7 +47228,6 @@ export declare const promptScreenSchema: z.ZodEnum<[
 	"mfa-voice",
 	"mfa-phone",
 	"mfa-webauthn",
-	"mfa-sms",
 	"mfa-email",
 	"mfa-recovery-code",
 	"status",
@@ -47235,7 +47269,6 @@ export declare const customTextEntrySchema: z.ZodObject<{
 		"mfa-voice",
 		"mfa-phone",
 		"mfa-webauthn",
-		"mfa-sms",
 		"mfa-email",
 		"mfa-recovery-code",
 		"status",
@@ -47253,11 +47286,11 @@ export declare const customTextEntrySchema: z.ZodObject<{
 	language: z.ZodString;
 	custom_text: z.ZodRecord<z.ZodString, z.ZodRecord<z.ZodString, z.ZodString>>;
 }, "strip", z.ZodTypeAny, {
-	prompt: "status" | "signup" | "organizations" | "mfa" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-sms" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "invitation" | "common" | "passkeys" | "captcha" | "custom-form" | "login-passwordless";
+	prompt: "status" | "signup" | "organizations" | "mfa" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "invitation" | "common" | "passkeys" | "captcha" | "custom-form" | "login-passwordless";
 	language: string;
 	custom_text: Record<string, Record<string, string>>;
 }, {
-	prompt: "status" | "signup" | "organizations" | "mfa" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-sms" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "invitation" | "common" | "passkeys" | "captcha" | "custom-form" | "login-passwordless";
+	prompt: "status" | "signup" | "organizations" | "mfa" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "invitation" | "common" | "passkeys" | "captcha" | "custom-form" | "login-passwordless";
 	language: string;
 	custom_text: Record<string, Record<string, string>>;
 }>;
@@ -47283,6 +47316,105 @@ export declare const StrategyType: {
 	readonly SOCIAL: "social";
 	readonly PASSWORDLESS: "passwordless";
 };
+export declare const mfaEnrollmentTypeSchema: z.ZodEnum<[
+	"phone",
+	"totp",
+	"email",
+	"push",
+	"webauthn"
+]>;
+export type MfaEnrollmentType = z.infer<typeof mfaEnrollmentTypeSchema>;
+export declare const mfaEnrollmentInsertSchema: z.ZodEffects<z.ZodObject<{
+	user_id: z.ZodString;
+	type: z.ZodEnum<[
+		"phone",
+		"totp",
+		"email",
+		"push",
+		"webauthn"
+	]>;
+	phone_number: z.ZodOptional<z.ZodString>;
+	totp_secret: z.ZodOptional<z.ZodString>;
+	confirmed: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+	type: "push" | "email" | "phone" | "totp" | "webauthn";
+	user_id: string;
+	confirmed: boolean;
+	phone_number?: string | undefined;
+	totp_secret?: string | undefined;
+}, {
+	type: "push" | "email" | "phone" | "totp" | "webauthn";
+	user_id: string;
+	phone_number?: string | undefined;
+	totp_secret?: string | undefined;
+	confirmed?: boolean | undefined;
+}>, {
+	type: "push" | "email" | "phone" | "totp" | "webauthn";
+	user_id: string;
+	confirmed: boolean;
+	phone_number?: string | undefined;
+	totp_secret?: string | undefined;
+}, {
+	type: "push" | "email" | "phone" | "totp" | "webauthn";
+	user_id: string;
+	phone_number?: string | undefined;
+	totp_secret?: string | undefined;
+	confirmed?: boolean | undefined;
+}>;
+export type MfaEnrollmentInsert = z.infer<typeof mfaEnrollmentInsertSchema>;
+export declare const mfaEnrollmentSchema: z.ZodEffects<z.ZodObject<{
+	id: z.ZodString;
+	created_at: z.ZodString;
+	updated_at: z.ZodString;
+	user_id: z.ZodString;
+	type: z.ZodEnum<[
+		"phone",
+		"totp",
+		"email",
+		"push",
+		"webauthn"
+	]>;
+	phone_number: z.ZodOptional<z.ZodString>;
+	totp_secret: z.ZodOptional<z.ZodString>;
+	confirmed: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+	created_at: string;
+	updated_at: string;
+	type: "push" | "email" | "phone" | "totp" | "webauthn";
+	id: string;
+	user_id: string;
+	confirmed: boolean;
+	phone_number?: string | undefined;
+	totp_secret?: string | undefined;
+}, {
+	created_at: string;
+	updated_at: string;
+	type: "push" | "email" | "phone" | "totp" | "webauthn";
+	id: string;
+	user_id: string;
+	phone_number?: string | undefined;
+	totp_secret?: string | undefined;
+	confirmed?: boolean | undefined;
+}>, {
+	created_at: string;
+	updated_at: string;
+	type: "push" | "email" | "phone" | "totp" | "webauthn";
+	id: string;
+	user_id: string;
+	confirmed: boolean;
+	phone_number?: string | undefined;
+	totp_secret?: string | undefined;
+}, {
+	created_at: string;
+	updated_at: string;
+	type: "push" | "email" | "phone" | "totp" | "webauthn";
+	id: string;
+	user_id: string;
+	phone_number?: string | undefined;
+	totp_secret?: string | undefined;
+	confirmed?: boolean | undefined;
+}>;
+export type MfaEnrollment = z.infer<typeof mfaEnrollmentSchema>;
 export declare function parseUserId(user_id: string): {
 	connection: string;
 	id: string;
@@ -47532,6 +47664,11 @@ export interface CodesAdapter {
 	get: (tenant_id: string, code_id: string, type: CodeType) => Promise<Code | null>;
 	list: (tenant_id: string, params?: ListParams) => Promise<ListCodesResponse>;
 	used: (tenant_id: string, code_id: string) => Promise<boolean>;
+	/**
+	 * Atomically mark a code as used only if it has not been used yet.
+	 * Returns true if the code was successfully consumed (was unused), false otherwise.
+	 */
+	consume: (tenant_id: string, code_id: string) => Promise<boolean>;
 	remove: (tenant_id: string, code_id: string) => Promise<boolean>;
 }
 export interface PasswordsAdapter {
@@ -47768,6 +47905,13 @@ export interface GeoAdapter {
 	 */
 	getGeoInfo(headers: Record<string, string>): Promise<GeoInfo | null>;
 }
+export interface MfaEnrollmentsAdapter {
+	create: (tenant_id: string, enrollment: MfaEnrollmentInsert) => Promise<MfaEnrollment>;
+	get: (tenant_id: string, enrollment_id: string) => Promise<MfaEnrollment | null>;
+	list: (tenant_id: string, user_id: string) => Promise<MfaEnrollment[]>;
+	update: (tenant_id: string, enrollment_id: string, data: Partial<MfaEnrollmentInsert>) => Promise<MfaEnrollment>;
+	remove: (tenant_id: string, enrollment_id: string) => Promise<boolean>;
+}
 export interface StatsListParams {
 	from?: string;
 	to?: string;
@@ -47854,6 +47998,7 @@ export interface DataAdapters {
 	users: UserDataAdapter;
 	userRoles: UserRolesAdapter;
 	organizations: OrganizationsAdapter;
+	mfaEnrollments: MfaEnrollmentsAdapter;
 	userOrganizations: UserOrganizationsAdapter;
 	/**
 	 * Optional session cleanup function.