@inkeep/agents-core 0.58.21 → 0.59.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/dist/auth/auth-config-utils.d.ts +49 -0
  2. package/dist/auth/auth-config-utils.js +133 -0
  3. package/dist/auth/auth-schema.d.ts +102 -85
  4. package/dist/auth/auth-schema.js +1 -0
  5. package/dist/auth/auth-types.d.ts +170 -0
  6. package/dist/auth/auth-types.js +53 -0
  7. package/dist/auth/auth-validation-schemas.d.ts +186 -152
  8. package/dist/auth/auth.d.ts +43 -1286
  9. package/dist/auth/auth.js +61 -70
  10. package/dist/auth/email-send-status-store.js +15 -3
  11. package/dist/auth/init.js +2 -1
  12. package/dist/auth/password-reset-link-store.js +8 -1
  13. package/dist/auth/permissions.d.ts +13 -13
  14. package/dist/data-access/index.d.ts +4 -3
  15. package/dist/data-access/index.js +3 -3
  16. package/dist/data-access/manage/skills.d.ts +1 -1
  17. package/dist/data-access/runtime/auth.d.ts +9 -9
  18. package/dist/data-access/runtime/auth.js +19 -21
  19. package/dist/data-access/runtime/conversations.d.ts +4 -4
  20. package/dist/data-access/runtime/messages.d.ts +9 -9
  21. package/dist/data-access/runtime/organizations.d.ts +28 -4
  22. package/dist/data-access/runtime/organizations.js +131 -9
  23. package/dist/data-access/runtime/tasks.d.ts +2 -2
  24. package/dist/db/manage/manage-schema.d.ts +357 -357
  25. package/dist/db/runtime/runtime-schema.d.ts +298 -298
  26. package/dist/index.d.ts +4 -3
  27. package/dist/index.js +3 -3
  28. package/dist/middleware/no-auth.d.ts +2 -2
  29. package/dist/utils/error.d.ts +51 -48
  30. package/dist/utils/error.js +3 -0
  31. package/dist/validation/drizzle-schema-helpers.d.ts +3 -3
  32. package/dist/validation/schemas.d.ts +1535 -1535
  33. package/drizzle/runtime/0023_lazy_energizer.sql +1 -0
  34. package/drizzle/runtime/0024_moaning_kingpin.sql +1 -0
  35. package/drizzle/runtime/meta/0024_snapshot.json +4270 -0
  36. package/drizzle/runtime/meta/_journal.json +7 -0
  37. package/package.json +8 -3
package/dist/auth/auth.d.ts CHANGED
@@ -1,266 +1,27 @@
1
- import { AgentsRunDatabaseClient } from "../db/runtime/runtime-client.js";
2
- import * as pg0 from "pg";
1
+ import { BetterAuthConfig, EmailServiceConfig, OIDCProviderConfig, SAMLProviderConfig, SSOProviderConfig, UserAuthConfig } from "./auth-types.js";
2
+ import { extractCookieDomain, hasCredentialAccount } from "./auth-config-utils.js";
3
3
  import * as zod0 from "zod";
4
4
  import * as better_auth0 from "better-auth";
5
- import { BetterAuthAdvancedOptions } from "better-auth";
6
- import * as _better_auth_sso0 from "@better-auth/sso";
7
5
  import * as better_auth_plugins0 from "better-auth/plugins";
8
- import { GoogleOptions } from "better-auth/social-providers";
9
6
 
10
7
  //#region src/auth/auth.d.ts
11
- interface OIDCProviderConfig {
12
- clientId: string;
13
- clientSecret: string;
14
- authorizationEndpoint?: string;
15
- tokenEndpoint?: string;
16
- userinfoEndpoint?: string;
17
- jwksEndpoint?: string;
18
- discoveryEndpoint?: string;
19
- scopes?: string[];
20
- pkce?: boolean;
21
- mapping?: {
22
- id?: string;
23
- email?: string;
24
- emailVerified?: string;
25
- name?: string;
26
- image?: string;
27
- extraFields?: Record<string, string>;
28
- };
29
- }
30
- interface SAMLProviderConfig {
31
- entryPoint: string;
32
- cert: string;
33
- callbackUrl: string;
34
- audience?: string;
35
- wantAssertionsSigned?: boolean;
36
- signatureAlgorithm?: string;
37
- digestAlgorithm?: string;
38
- identifierFormat?: string;
39
- mapping?: {
40
- id?: string;
41
- email?: string;
42
- name?: string;
43
- firstName?: string;
44
- lastName?: string;
45
- emailVerified?: string;
46
- extraFields?: Record<string, string>;
47
- };
48
- }
49
- interface SSOProviderConfig {
50
- providerId: string;
51
- issuer: string;
52
- domain: string;
53
- organizationId?: string;
54
- oidcConfig?: OIDCProviderConfig;
55
- samlConfig?: SAMLProviderConfig;
56
- }
57
- interface EmailServiceConfig {
58
- sendInvitationEmail(data: {
59
- to: string;
60
- inviterName: string;
61
- organizationName: string;
62
- role: string;
63
- invitationUrl: string;
64
- authMethod?: string;
65
- expiresInDays?: number;
66
- }): Promise<{
67
- emailSent: boolean;
68
- error?: string;
69
- }>;
70
- sendPasswordResetEmail(data: {
71
- to: string;
72
- resetUrl: string;
73
- expiresInMinutes?: number;
74
- }): Promise<{
75
- emailSent: boolean;
76
- error?: string;
77
- }>;
78
- isConfigured: boolean;
79
- }
80
- interface BetterAuthConfig {
81
- baseURL: string;
82
- secret: string;
83
- dbClient: AgentsRunDatabaseClient;
84
- manageDbPool?: pg0.Pool;
85
- cookieDomain?: string;
86
- ssoProviders?: SSOProviderConfig[];
87
- socialProviders?: {
88
- google?: GoogleOptions;
89
- };
90
- advanced?: BetterAuthAdvancedOptions;
91
- emailService?: EmailServiceConfig;
92
- }
93
- interface UserAuthConfig {
94
- ssoProviders?: SSOProviderConfig[];
95
- socialProviders?: {
96
- google?: GoogleOptions;
97
- };
98
- advanced?: BetterAuthAdvancedOptions;
99
- }
8
+
100
9
  /**
101
- * Extracts the root domain from a URL for cross-subdomain cookie sharing.
102
- *
103
- * When the API and UI share a common 3-part parent (e.g., api.pilot.inkeep.com
104
- * and pilot.inkeep.com both share .pilot.inkeep.com), the function auto-computes
105
- * the shared parent. When domains don't share a 3-part parent (e.g.,
106
- * api.agents.inkeep.com and app.inkeep.com), set AUTH_COOKIE_DOMAIN explicitly.
107
- *
108
- * Examples (auto-computed from baseURL):
109
- * - https://api.pilot.inkeep.com -> .pilot.inkeep.com
110
- * - https://pilot.inkeep.com -> .pilot.inkeep.com
111
- * - http://localhost:3002 -> undefined (no domain for localhost)
10
+ * Type-only helper: a simplified betterAuth call that TypeScript can evaluate
11
+ * cheaply to produce precise API types. The real createAuth() has complex
12
+ * callbacks/closures that cause TypeScript to fall back to index signatures.
13
+ * This function is never called at runtime.
112
14
  *
113
- * With AUTH_COOKIE_DOMAIN=.inkeep.com:
114
- * - Any *.inkeep.com URL -> .inkeep.com
15
+ * Note: sso() and dash() are intentionally excluded here. They come from
16
+ * @better-auth/sso and @better-auth/infra which resolve @better-auth/core
17
+ * through different pnpm virtual store paths (due to @better-auth/infra
18
+ * bundling better-call@beta). This creates duplicate @better-auth/core
19
+ * instances that TypeScript treats as incompatible, causing the plugins
20
+ * array to widen to BetterAuthPlugin[] and producing an index signature
21
+ * on .api. Since no auth.api.* calls use SSO or dash methods, omitting
22
+ * them is safe and preserves precise types.
115
23
  */
116
- declare function extractCookieDomain(baseURL: string, explicitDomain?: string): string | undefined;
117
- declare function hasCredentialAccount(dbClient: AgentsRunDatabaseClient, userId: string): Promise<boolean>;
118
- declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
119
- baseURL: string;
120
- secret: string;
121
- database: (options: better_auth0.BetterAuthOptions) => better_auth0.DBAdapter<better_auth0.BetterAuthOptions>;
122
- emailAndPassword: {
123
- enabled: true;
124
- minPasswordLength: number;
125
- maxPasswordLength: number;
126
- requireEmailVerification: false;
127
- autoSignIn: true;
128
- resetPasswordTokenExpiresIn: number;
129
- sendResetPassword: ({
130
- user,
131
- url,
132
- token
133
- }: {
134
- user: better_auth0.User;
135
- url: string;
136
- token: string;
137
- }) => Promise<void>;
138
- };
139
- account: {
140
- accountLinking: {
141
- enabled: true;
142
- trustedProviders: ("google" | "email-password" | "auth0")[];
143
- };
144
- };
145
- databaseHooks: {
146
- session: {
147
- create: {
148
- before: (session: {
149
- id: string;
150
- createdAt: Date;
151
- updatedAt: Date;
152
- userId: string;
153
- expiresAt: Date;
154
- token: string;
155
- ipAddress?: string | null | undefined;
156
- userAgent?: string | null | undefined;
157
- } & Record<string, unknown>) => Promise<{
158
- data: {
159
- activeOrganizationId: string | null;
160
- id: string;
161
- createdAt: Date;
162
- updatedAt: Date;
163
- userId: string;
164
- expiresAt: Date;
165
- token: string;
166
- ipAddress?: string | null | undefined;
167
- userAgent?: string | null | undefined;
168
- };
169
- }>;
170
- };
171
- };
172
- };
173
- socialProviders: {
174
- google: {
175
- redirectURI?: string | undefined;
176
- clientId: string;
177
- accessType?: ("offline" | "online") | undefined;
178
- display?: ("page" | "popup" | "touch" | "wap") | undefined;
179
- hd?: string | undefined;
180
- clientSecret?: string | undefined;
181
- scope?: string[] | undefined;
182
- disableDefaultScope?: boolean | undefined;
183
- authorizationEndpoint?: string | undefined;
184
- clientKey?: string | undefined;
185
- disableIdTokenSignIn?: boolean | undefined;
186
- verifyIdToken?: ((token: string, nonce?: string) => Promise<boolean>) | undefined;
187
- getUserInfo?: ((token: better_auth0.OAuth2Tokens) => Promise<{
188
- user: {
189
- id: string;
190
- name?: string;
191
- email?: string | null;
192
- image?: string;
193
- emailVerified: boolean;
194
- [key: string]: any;
195
- };
196
- data: any;
197
- } | null>) | undefined;
198
- refreshAccessToken?: ((refreshToken: string) => Promise<better_auth0.OAuth2Tokens>) | undefined;
199
- mapProfileToUser?: ((profile: better_auth0.GoogleProfile) => {
200
- id?: string;
201
- name?: string;
202
- email?: string | null;
203
- image?: string;
204
- emailVerified?: boolean;
205
- [key: string]: any;
206
- } | Promise<{
207
- id?: string;
208
- name?: string;
209
- email?: string | null;
210
- image?: string;
211
- emailVerified?: boolean;
212
- [key: string]: any;
213
- }>) | undefined;
214
- disableImplicitSignUp?: boolean | undefined;
215
- disableSignUp?: boolean | undefined;
216
- prompt?: ("select_account" | "consent" | "login" | "none" | "select_account consent") | undefined;
217
- responseMode?: ("query" | "form_post") | undefined;
218
- overrideUserInfoOnSignIn?: boolean | undefined;
219
- };
220
- } | undefined;
221
- session: {
222
- expiresIn: number;
223
- updateAge: number;
224
- cookieCache: {
225
- enabled: true;
226
- maxAge: number;
227
- strategy: "compact";
228
- };
229
- };
230
- advanced: {
231
- ipAddress?: {
232
- ipAddressHeaders?: string[];
233
- disableIpTracking?: boolean;
234
- ipv6Subnet?: 128 | 64 | 48 | 32 | undefined;
235
- } | undefined;
236
- useSecureCookies?: boolean | undefined;
237
- disableCSRFCheck?: boolean | undefined;
238
- disableOriginCheck?: boolean | undefined;
239
- crossSubDomainCookies?: {
240
- enabled: boolean;
241
- additionalCookies?: string[];
242
- domain?: string;
243
- } | undefined;
244
- cookies?: {
245
- [key: string]: {
246
- name?: string;
247
- attributes?: better_auth0.CookieOptions;
248
- };
249
- } | undefined;
250
- defaultCookieAttributes: better_auth0.CookieOptions;
251
- cookiePrefix?: string | undefined;
252
- database?: {
253
- defaultFindManyLimit?: number;
254
- useNumberId?: boolean;
255
- generateId?: better_auth0.GenerateIdFn | false | "serial" | "uuid";
256
- } | undefined;
257
- trustedProxyHeaders?: boolean | undefined;
258
- backgroundTasks?: {
259
- handler: (promise: Promise<unknown>) => void;
260
- };
261
- skipTrailingSlashes?: boolean | undefined;
262
- };
263
- trustedOrigins: string[];
24
+ declare function _inferAuthType(): better_auth0.Auth<{
264
25
  plugins: [{
265
26
  id: "bearer";
266
27
  hooks: {
@@ -278,969 +39,33 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
278
39
  }[];
279
40
  };
280
41
  options: better_auth_plugins0.BearerOptions | undefined;
281
- }, {
282
- id: "sso";
283
- endpoints: {
284
- spMetadata: ReturnType<() => better_auth0.StrictEndpoint<"/sso/saml2/sp/metadata", {
285
- method: "GET";
286
- query: zod0.ZodObject<{
287
- providerId: zod0.ZodString;
288
- format: zod0.ZodDefault<zod0.ZodEnum<{
289
- xml: "xml";
290
- json: "json";
291
- }>>;
292
- }, better_auth0.$strip>;
293
- metadata: {
294
- openapi: {
295
- operationId: string;
296
- summary: string;
297
- description: string;
298
- responses: {
299
- "200": {
300
- description: string;
301
- };
302
- };
303
- };
304
- };
305
- }, Response>>;
306
- registerSSOProvider: better_auth0.StrictEndpoint<"/sso/register", {
307
- method: "POST";
308
- body: zod0.ZodObject<{
309
- providerId: zod0.ZodString;
310
- issuer: zod0.ZodString;
311
- domain: zod0.ZodString;
312
- oidcConfig: zod0.ZodOptional<zod0.ZodObject<{
313
- clientId: zod0.ZodString;
314
- clientSecret: zod0.ZodString;
315
- authorizationEndpoint: zod0.ZodOptional<zod0.ZodString>;
316
- tokenEndpoint: zod0.ZodOptional<zod0.ZodString>;
317
- userInfoEndpoint: zod0.ZodOptional<zod0.ZodString>;
318
- tokenEndpointAuthentication: zod0.ZodOptional<zod0.ZodEnum<{
319
- client_secret_post: "client_secret_post";
320
- client_secret_basic: "client_secret_basic";
321
- }>>;
322
- jwksEndpoint: zod0.ZodOptional<zod0.ZodString>;
323
- discoveryEndpoint: zod0.ZodOptional<zod0.ZodString>;
324
- skipDiscovery: zod0.ZodOptional<zod0.ZodBoolean>;
325
- scopes: zod0.ZodOptional<zod0.ZodArray<zod0.ZodString>>;
326
- pkce: zod0.ZodOptional<zod0.ZodDefault<zod0.ZodBoolean>>;
327
- mapping: zod0.ZodOptional<zod0.ZodObject<{
328
- id: zod0.ZodString;
329
- email: zod0.ZodString;
330
- emailVerified: zod0.ZodOptional<zod0.ZodString>;
331
- name: zod0.ZodString;
332
- image: zod0.ZodOptional<zod0.ZodString>;
333
- extraFields: zod0.ZodOptional<zod0.ZodRecord<zod0.ZodString, zod0.ZodAny>>;
334
- }, better_auth0.$strip>>;
335
- }, better_auth0.$strip>>;
336
- samlConfig: zod0.ZodOptional<zod0.ZodObject<{
337
- entryPoint: zod0.ZodString;
338
- cert: zod0.ZodString;
339
- callbackUrl: zod0.ZodString;
340
- audience: zod0.ZodOptional<zod0.ZodString>;
341
- idpMetadata: zod0.ZodOptional<zod0.ZodObject<{
342
- metadata: zod0.ZodOptional<zod0.ZodString>;
343
- entityID: zod0.ZodOptional<zod0.ZodString>;
344
- cert: zod0.ZodOptional<zod0.ZodString>;
345
- privateKey: zod0.ZodOptional<zod0.ZodString>;
346
- privateKeyPass: zod0.ZodOptional<zod0.ZodString>;
347
- isAssertionEncrypted: zod0.ZodOptional<zod0.ZodBoolean>;
348
- encPrivateKey: zod0.ZodOptional<zod0.ZodString>;
349
- encPrivateKeyPass: zod0.ZodOptional<zod0.ZodString>;
350
- singleSignOnService: zod0.ZodOptional<zod0.ZodArray<zod0.ZodObject<{
351
- Binding: zod0.ZodString;
352
- Location: zod0.ZodString;
353
- }, better_auth0.$strip>>>;
354
- }, better_auth0.$strip>>;
355
- spMetadata: zod0.ZodObject<{
356
- metadata: zod0.ZodOptional<zod0.ZodString>;
357
- entityID: zod0.ZodOptional<zod0.ZodString>;
358
- binding: zod0.ZodOptional<zod0.ZodString>;
359
- privateKey: zod0.ZodOptional<zod0.ZodString>;
360
- privateKeyPass: zod0.ZodOptional<zod0.ZodString>;
361
- isAssertionEncrypted: zod0.ZodOptional<zod0.ZodBoolean>;
362
- encPrivateKey: zod0.ZodOptional<zod0.ZodString>;
363
- encPrivateKeyPass: zod0.ZodOptional<zod0.ZodString>;
364
- }, better_auth0.$strip>;
365
- wantAssertionsSigned: zod0.ZodOptional<zod0.ZodBoolean>;
366
- signatureAlgorithm: zod0.ZodOptional<zod0.ZodString>;
367
- digestAlgorithm: zod0.ZodOptional<zod0.ZodString>;
368
- identifierFormat: zod0.ZodOptional<zod0.ZodString>;
369
- privateKey: zod0.ZodOptional<zod0.ZodString>;
370
- decryptionPvk: zod0.ZodOptional<zod0.ZodString>;
371
- additionalParams: zod0.ZodOptional<zod0.ZodRecord<zod0.ZodString, zod0.ZodAny>>;
372
- mapping: zod0.ZodOptional<zod0.ZodObject<{
373
- id: zod0.ZodString;
374
- email: zod0.ZodString;
375
- emailVerified: zod0.ZodOptional<zod0.ZodString>;
376
- name: zod0.ZodString;
377
- firstName: zod0.ZodOptional<zod0.ZodString>;
378
- lastName: zod0.ZodOptional<zod0.ZodString>;
379
- extraFields: zod0.ZodOptional<zod0.ZodRecord<zod0.ZodString, zod0.ZodAny>>;
380
- }, better_auth0.$strip>>;
381
- }, better_auth0.$strip>>;
382
- organizationId: zod0.ZodOptional<zod0.ZodString>;
383
- overrideUserInfo: zod0.ZodOptional<zod0.ZodDefault<zod0.ZodBoolean>>;
384
- }, better_auth0.$strip>;
385
- use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
386
- session: {
387
- session: Record<string, any> & {
388
- id: string;
389
- createdAt: Date;
390
- updatedAt: Date;
391
- userId: string;
392
- expiresAt: Date;
393
- token: string;
394
- ipAddress?: string | null | undefined;
395
- userAgent?: string | null | undefined;
396
- };
397
- user: Record<string, any> & {
398
- id: string;
399
- createdAt: Date;
400
- updatedAt: Date;
401
- email: string;
402
- emailVerified: boolean;
403
- name: string;
404
- image?: string | null | undefined;
405
- };
406
- };
407
- }>)[];
408
- metadata: {
409
- openapi: {
410
- operationId: string;
411
- summary: string;
412
- description: string;
413
- responses: {
414
- "200": {
415
- description: string;
416
- content: {
417
- "application/json": {
418
- schema: {
419
- type: "object";
420
- properties: {
421
- issuer: {
422
- type: string;
423
- format: string;
424
- description: string;
425
- };
426
- domain: {
427
- type: string;
428
- description: string;
429
- };
430
- domainVerified: {
431
- type: string;
432
- description: string;
433
- };
434
- domainVerificationToken: {
435
- type: string;
436
- description: string;
437
- };
438
- oidcConfig: {
439
- type: string;
440
- properties: {
441
- issuer: {
442
- type: string;
443
- format: string;
444
- description: string;
445
- };
446
- pkce: {
447
- type: string;
448
- description: string;
449
- };
450
- clientId: {
451
- type: string;
452
- description: string;
453
- };
454
- clientSecret: {
455
- type: string;
456
- description: string;
457
- };
458
- authorizationEndpoint: {
459
- type: string;
460
- format: string;
461
- nullable: boolean;
462
- description: string;
463
- };
464
- discoveryEndpoint: {
465
- type: string;
466
- format: string;
467
- description: string;
468
- };
469
- userInfoEndpoint: {
470
- type: string;
471
- format: string;
472
- nullable: boolean;
473
- description: string;
474
- };
475
- scopes: {
476
- type: string;
477
- items: {
478
- type: string;
479
- };
480
- nullable: boolean;
481
- description: string;
482
- };
483
- tokenEndpoint: {
484
- type: string;
485
- format: string;
486
- nullable: boolean;
487
- description: string;
488
- };
489
- tokenEndpointAuthentication: {
490
- type: string;
491
- enum: string[];
492
- nullable: boolean;
493
- description: string;
494
- };
495
- jwksEndpoint: {
496
- type: string;
497
- format: string;
498
- nullable: boolean;
499
- description: string;
500
- };
501
- mapping: {
502
- type: string;
503
- nullable: boolean;
504
- properties: {
505
- id: {
506
- type: string;
507
- description: string;
508
- };
509
- email: {
510
- type: string;
511
- description: string;
512
- };
513
- emailVerified: {
514
- type: string;
515
- nullable: boolean;
516
- description: string;
517
- };
518
- name: {
519
- type: string;
520
- description: string;
521
- };
522
- image: {
523
- type: string;
524
- nullable: boolean;
525
- description: string;
526
- };
527
- extraFields: {
528
- type: string;
529
- additionalProperties: {
530
- type: string;
531
- };
532
- nullable: boolean;
533
- description: string;
534
- };
535
- };
536
- required: string[];
537
- };
538
- };
539
- required: string[];
540
- description: string;
541
- };
542
- organizationId: {
543
- type: string;
544
- nullable: boolean;
545
- description: string;
546
- };
547
- userId: {
548
- type: string;
549
- description: string;
550
- };
551
- providerId: {
552
- type: string;
553
- description: string;
554
- };
555
- redirectURI: {
556
- type: string;
557
- format: string;
558
- description: string;
559
- };
560
- };
561
- required: string[];
562
- };
563
- };
564
- };
565
- };
566
- };
567
- };
568
- };
569
- }, {
570
- redirectURI: string;
571
- oidcConfig: _better_auth_sso0.OIDCConfig | null;
572
- samlConfig: _better_auth_sso0.SAMLConfig | null;
573
- } & Omit<{
574
- issuer: string;
575
- oidcConfig?: _better_auth_sso0.OIDCConfig | undefined;
576
- samlConfig?: _better_auth_sso0.SAMLConfig | undefined;
577
- userId: string;
578
- providerId: string;
579
- organizationId?: string | undefined;
580
- domain: string;
581
- }, "oidcConfig" | "samlConfig">>;
582
- signInSSO: ReturnType<(options?: _better_auth_sso0.SSOOptions) => better_auth0.StrictEndpoint<"/sign-in/sso", {
583
- method: "POST";
584
- body: zod0.ZodObject<{
585
- email: zod0.ZodOptional<zod0.ZodString>;
586
- organizationSlug: zod0.ZodOptional<zod0.ZodString>;
587
- providerId: zod0.ZodOptional<zod0.ZodString>;
588
- domain: zod0.ZodOptional<zod0.ZodString>;
589
- callbackURL: zod0.ZodString;
590
- errorCallbackURL: zod0.ZodOptional<zod0.ZodString>;
591
- newUserCallbackURL: zod0.ZodOptional<zod0.ZodString>;
592
- scopes: zod0.ZodOptional<zod0.ZodArray<zod0.ZodString>>;
593
- loginHint: zod0.ZodOptional<zod0.ZodString>;
594
- requestSignUp: zod0.ZodOptional<zod0.ZodBoolean>;
595
- providerType: zod0.ZodOptional<zod0.ZodEnum<{
596
- saml: "saml";
597
- oidc: "oidc";
598
- }>>;
599
- }, better_auth0.$strip>;
600
- metadata: {
601
- openapi: {
602
- operationId: string;
603
- summary: string;
604
- description: string;
605
- requestBody: {
606
- content: {
607
- "application/json": {
608
- schema: {
609
- type: "object";
610
- properties: {
611
- email: {
612
- type: string;
613
- description: string;
614
- };
615
- issuer: {
616
- type: string;
617
- description: string;
618
- };
619
- providerId: {
620
- type: string;
621
- description: string;
622
- };
623
- callbackURL: {
624
- type: string;
625
- description: string;
626
- };
627
- errorCallbackURL: {
628
- type: string;
629
- description: string;
630
- };
631
- newUserCallbackURL: {
632
- type: string;
633
- description: string;
634
- };
635
- loginHint: {
636
- type: string;
637
- description: string;
638
- };
639
- };
640
- required: string[];
641
- };
642
- };
643
- };
644
- };
645
- responses: {
646
- "200": {
647
- description: string;
648
- content: {
649
- "application/json": {
650
- schema: {
651
- type: "object";
652
- properties: {
653
- url: {
654
- type: string;
655
- format: string;
656
- description: string;
657
- };
658
- redirect: {
659
- type: string;
660
- description: string;
661
- enum: boolean[];
662
- };
663
- };
664
- required: string[];
665
- };
666
- };
667
- };
668
- };
669
- };
670
- };
671
- };
672
- }, {
673
- url: string;
674
- redirect: boolean;
675
- }>>;
676
- callbackSSO: ReturnType<(options?: _better_auth_sso0.SSOOptions) => better_auth0.StrictEndpoint<"/sso/callback/:providerId", {
677
- method: "GET";
678
- query: zod0.ZodObject<{
679
- code: zod0.ZodOptional<zod0.ZodString>;
680
- state: zod0.ZodString;
681
- error: zod0.ZodOptional<zod0.ZodString>;
682
- error_description: zod0.ZodOptional<zod0.ZodString>;
683
- }, better_auth0.$strip>;
684
- allowedMediaTypes: string[];
685
- metadata: {
686
- openapi: {
687
- operationId: string;
688
- summary: string;
689
- description: string;
690
- responses: {
691
- "302": {
692
- description: string;
693
- };
694
- };
695
- };
696
- scope: "server";
697
- };
698
- }, never>>;
699
- callbackSSOSAML: ReturnType<(options?: _better_auth_sso0.SSOOptions) => better_auth0.StrictEndpoint<"/sso/saml2/callback/:providerId", {
700
- method: ("POST" | "GET")[];
701
- body: zod0.ZodOptional<zod0.ZodObject<{
702
- SAMLResponse: zod0.ZodString;
703
- RelayState: zod0.ZodOptional<zod0.ZodString>;
704
- }, better_auth0.$strip>>;
705
- query: zod0.ZodOptional<zod0.ZodObject<{
706
- RelayState: zod0.ZodOptional<zod0.ZodString>;
707
- }, better_auth0.$strip>>;
708
- metadata: {
709
- allowedMediaTypes: string[];
710
- openapi: {
711
- operationId: string;
712
- summary: string;
713
- description: string;
714
- responses: {
715
- "302": {
716
- description: string;
717
- };
718
- "400": {
719
- description: string;
720
- };
721
- "401": {
722
- description: string;
723
- };
724
- };
725
- };
726
- scope: "server";
727
- };
728
- }, never>>;
729
- acsEndpoint: ReturnType<(options?: _better_auth_sso0.SSOOptions) => better_auth0.StrictEndpoint<"/sso/saml2/sp/acs/:providerId", {
730
- method: "POST";
731
- body: zod0.ZodObject<{
732
- SAMLResponse: zod0.ZodString;
733
- RelayState: zod0.ZodOptional<zod0.ZodString>;
734
- }, better_auth0.$strip>;
735
- metadata: {
736
- allowedMediaTypes: string[];
737
- openapi: {
738
- operationId: string;
739
- summary: string;
740
- description: string;
741
- responses: {
742
- "302": {
743
- description: string;
744
- };
745
- };
746
- };
747
- scope: "server";
748
- };
749
- }, never>>;
750
- listSSOProviders: ReturnType<() => better_auth0.StrictEndpoint<"/sso/providers", {
751
- method: "GET";
752
- use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
753
- session: {
754
- session: Record<string, any> & {
755
- id: string;
756
- createdAt: Date;
757
- updatedAt: Date;
758
- userId: string;
759
- expiresAt: Date;
760
- token: string;
761
- ipAddress?: string | null | undefined;
762
- userAgent?: string | null | undefined;
763
- };
764
- user: Record<string, any> & {
765
- id: string;
766
- createdAt: Date;
767
- updatedAt: Date;
768
- email: string;
769
- emailVerified: boolean;
770
- name: string;
771
- image?: string | null | undefined;
772
- };
773
- };
774
- }>)[];
775
- metadata: {
776
- openapi: {
777
- operationId: string;
778
- summary: string;
779
- description: string;
780
- responses: {
781
- "200": {
782
- description: string;
783
- };
784
- };
785
- };
786
- };
787
- }, {
788
- providers: {
789
- providerId: string;
790
- type: string;
791
- issuer: string;
792
- domain: string;
793
- organizationId: string | null;
794
- domainVerified: boolean;
795
- oidcConfig: {
796
- discoveryEndpoint: string;
797
- clientIdLastFour: string;
798
- pkce: boolean;
799
- authorizationEndpoint: string | undefined;
800
- tokenEndpoint: string | undefined;
801
- userInfoEndpoint: string | undefined;
802
- jwksEndpoint: string | undefined;
803
- scopes: string[] | undefined;
804
- tokenEndpointAuthentication: "client_secret_post" | "client_secret_basic" | undefined;
805
- } | undefined;
806
- samlConfig: {
807
- entryPoint: string;
808
- callbackUrl: string;
809
- audience: string | undefined;
810
- wantAssertionsSigned: boolean | undefined;
811
- identifierFormat: string | undefined;
812
- signatureAlgorithm: string | undefined;
813
- digestAlgorithm: string | undefined;
814
- certificate: {
815
- fingerprintSha256: string;
816
- notBefore: string;
817
- notAfter: string;
818
- publicKeyAlgorithm: string;
819
- } | {
820
- error: string;
821
- };
822
- } | undefined;
823
- spMetadataUrl: string;
824
- }[];
825
- }>>;
826
- getSSOProvider: ReturnType<() => better_auth0.StrictEndpoint<"/sso/providers/:providerId", {
827
- method: "GET";
828
- use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
829
- session: {
830
- session: Record<string, any> & {
831
- id: string;
832
- createdAt: Date;
833
- updatedAt: Date;
834
- userId: string;
835
- expiresAt: Date;
836
- token: string;
837
- ipAddress?: string | null | undefined;
838
- userAgent?: string | null | undefined;
839
- };
840
- user: Record<string, any> & {
841
- id: string;
842
- createdAt: Date;
843
- updatedAt: Date;
844
- email: string;
845
- emailVerified: boolean;
846
- name: string;
847
- image?: string | null | undefined;
848
- };
849
- };
850
- }>)[];
851
- params: zod0.ZodObject<{
852
- providerId: zod0.ZodString;
853
- }, better_auth0.$strip>;
854
- metadata: {
855
- openapi: {
856
- operationId: string;
857
- summary: string;
858
- description: string;
859
- responses: {
860
- "200": {
861
- description: string;
862
- };
863
- "404": {
864
- description: string;
865
- };
866
- "403": {
867
- description: string;
868
- };
869
- };
870
- };
871
- };
872
- }, {
873
- providerId: string;
874
- type: string;
875
- issuer: string;
876
- domain: string;
877
- organizationId: string | null;
878
- domainVerified: boolean;
879
- oidcConfig: {
880
- discoveryEndpoint: string;
881
- clientIdLastFour: string;
882
- pkce: boolean;
883
- authorizationEndpoint: string | undefined;
884
- tokenEndpoint: string | undefined;
885
- userInfoEndpoint: string | undefined;
886
- jwksEndpoint: string | undefined;
887
- scopes: string[] | undefined;
888
- tokenEndpointAuthentication: "client_secret_post" | "client_secret_basic" | undefined;
889
- } | undefined;
890
- samlConfig: {
891
- entryPoint: string;
892
- callbackUrl: string;
893
- audience: string | undefined;
894
- wantAssertionsSigned: boolean | undefined;
895
- identifierFormat: string | undefined;
896
- signatureAlgorithm: string | undefined;
897
- digestAlgorithm: string | undefined;
898
- certificate: {
899
- fingerprintSha256: string;
900
- notBefore: string;
901
- notAfter: string;
902
- publicKeyAlgorithm: string;
903
- } | {
904
- error: string;
905
- };
906
- } | undefined;
907
- spMetadataUrl: string;
908
- }>>;
909
- updateSSOProvider: ReturnType<(options: _better_auth_sso0.SSOOptions) => better_auth0.StrictEndpoint<"/sso/providers/:providerId", {
910
- method: "PATCH";
911
- use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
912
- session: {
913
- session: Record<string, any> & {
914
- id: string;
915
- createdAt: Date;
916
- updatedAt: Date;
917
- userId: string;
918
- expiresAt: Date;
919
- token: string;
920
- ipAddress?: string | null | undefined;
921
- userAgent?: string | null | undefined;
922
- };
923
- user: Record<string, any> & {
924
- id: string;
925
- createdAt: Date;
926
- updatedAt: Date;
927
- email: string;
928
- emailVerified: boolean;
929
- name: string;
930
- image?: string | null | undefined;
931
- };
932
- };
933
- }>)[];
934
- params: zod0.ZodObject<{
935
- providerId: zod0.ZodString;
936
- }, better_auth0.$strip>;
937
- body: zod0.ZodObject<{
938
- issuer: zod0.ZodOptional<zod0.ZodString>;
939
- domain: zod0.ZodOptional<zod0.ZodString>;
940
- oidcConfig: zod0.ZodOptional<zod0.ZodObject<{
941
- clientId: zod0.ZodOptional<zod0.ZodString>;
942
- clientSecret: zod0.ZodOptional<zod0.ZodString>;
943
- authorizationEndpoint: zod0.ZodOptional<zod0.ZodString>;
944
- tokenEndpoint: zod0.ZodOptional<zod0.ZodString>;
945
- userInfoEndpoint: zod0.ZodOptional<zod0.ZodString>;
946
- tokenEndpointAuthentication: zod0.ZodOptional<zod0.ZodEnum<{
947
- client_secret_post: "client_secret_post";
948
- client_secret_basic: "client_secret_basic";
949
- }>>;
950
- jwksEndpoint: zod0.ZodOptional<zod0.ZodString>;
951
- discoveryEndpoint: zod0.ZodOptional<zod0.ZodString>;
952
- scopes: zod0.ZodOptional<zod0.ZodArray<zod0.ZodString>>;
953
- pkce: zod0.ZodOptional<zod0.ZodBoolean>;
954
- overrideUserInfo: zod0.ZodOptional<zod0.ZodBoolean>;
955
- mapping: zod0.ZodOptional<zod0.ZodObject<{
956
- id: zod0.ZodOptional<zod0.ZodString>;
957
- email: zod0.ZodOptional<zod0.ZodString>;
958
- emailVerified: zod0.ZodOptional<zod0.ZodString>;
959
- name: zod0.ZodOptional<zod0.ZodString>;
960
- image: zod0.ZodOptional<zod0.ZodString>;
961
- extraFields: zod0.ZodOptional<zod0.ZodRecord<zod0.ZodString, zod0.ZodAny>>;
962
- }, better_auth0.$strip>>;
963
- }, better_auth0.$strip>>;
964
- samlConfig: zod0.ZodOptional<zod0.ZodObject<{
965
- entryPoint: zod0.ZodOptional<zod0.ZodString>;
966
- cert: zod0.ZodOptional<zod0.ZodString>;
967
- callbackUrl: zod0.ZodOptional<zod0.ZodString>;
968
- audience: zod0.ZodOptional<zod0.ZodString>;
969
- idpMetadata: zod0.ZodOptional<zod0.ZodObject<{
970
- metadata: zod0.ZodOptional<zod0.ZodString>;
971
- entityID: zod0.ZodOptional<zod0.ZodString>;
972
- cert: zod0.ZodOptional<zod0.ZodString>;
973
- privateKey: zod0.ZodOptional<zod0.ZodString>;
974
- privateKeyPass: zod0.ZodOptional<zod0.ZodString>;
975
- isAssertionEncrypted: zod0.ZodOptional<zod0.ZodBoolean>;
976
- encPrivateKey: zod0.ZodOptional<zod0.ZodString>;
977
- encPrivateKeyPass: zod0.ZodOptional<zod0.ZodString>;
978
- singleSignOnService: zod0.ZodOptional<zod0.ZodArray<zod0.ZodObject<{
979
- Binding: zod0.ZodString;
980
- Location: zod0.ZodString;
981
- }, better_auth0.$strip>>>;
982
- }, better_auth0.$strip>>;
983
- spMetadata: zod0.ZodOptional<zod0.ZodObject<{
984
- metadata: zod0.ZodOptional<zod0.ZodString>;
985
- entityID: zod0.ZodOptional<zod0.ZodString>;
986
- binding: zod0.ZodOptional<zod0.ZodString>;
987
- privateKey: zod0.ZodOptional<zod0.ZodString>;
988
- privateKeyPass: zod0.ZodOptional<zod0.ZodString>;
989
- isAssertionEncrypted: zod0.ZodOptional<zod0.ZodBoolean>;
990
- encPrivateKey: zod0.ZodOptional<zod0.ZodString>;
991
- encPrivateKeyPass: zod0.ZodOptional<zod0.ZodString>;
992
- }, better_auth0.$strip>>;
993
- wantAssertionsSigned: zod0.ZodOptional<zod0.ZodBoolean>;
994
- signatureAlgorithm: zod0.ZodOptional<zod0.ZodString>;
995
- digestAlgorithm: zod0.ZodOptional<zod0.ZodString>;
996
- identifierFormat: zod0.ZodOptional<zod0.ZodString>;
997
- privateKey: zod0.ZodOptional<zod0.ZodString>;
998
- decryptionPvk: zod0.ZodOptional<zod0.ZodString>;
999
- additionalParams: zod0.ZodOptional<zod0.ZodRecord<zod0.ZodString, zod0.ZodAny>>;
1000
- mapping: zod0.ZodOptional<zod0.ZodObject<{
1001
- id: zod0.ZodOptional<zod0.ZodString>;
1002
- email: zod0.ZodOptional<zod0.ZodString>;
1003
- emailVerified: zod0.ZodOptional<zod0.ZodString>;
1004
- name: zod0.ZodOptional<zod0.ZodString>;
1005
- firstName: zod0.ZodOptional<zod0.ZodString>;
1006
- lastName: zod0.ZodOptional<zod0.ZodString>;
1007
- extraFields: zod0.ZodOptional<zod0.ZodRecord<zod0.ZodString, zod0.ZodAny>>;
1008
- }, better_auth0.$strip>>;
1009
- }, better_auth0.$strip>>;
1010
- }, better_auth0.$strip>;
1011
- metadata: {
1012
- openapi: {
1013
- operationId: string;
1014
- summary: string;
1015
- description: string;
1016
- responses: {
1017
- "200": {
1018
- description: string;
1019
- };
1020
- "404": {
1021
- description: string;
1022
- };
1023
- "403": {
1024
- description: string;
1025
- };
1026
- };
1027
- };
1028
- };
1029
- }, {
1030
- providerId: string;
1031
- type: string;
1032
- issuer: string;
1033
- domain: string;
1034
- organizationId: string | null;
1035
- domainVerified: boolean;
1036
- oidcConfig: {
1037
- discoveryEndpoint: string;
1038
- clientIdLastFour: string;
1039
- pkce: boolean;
1040
- authorizationEndpoint: string | undefined;
1041
- tokenEndpoint: string | undefined;
1042
- userInfoEndpoint: string | undefined;
1043
- jwksEndpoint: string | undefined;
1044
- scopes: string[] | undefined;
1045
- tokenEndpointAuthentication: "client_secret_post" | "client_secret_basic" | undefined;
1046
- } | undefined;
1047
- samlConfig: {
1048
- entryPoint: string;
1049
- callbackUrl: string;
1050
- audience: string | undefined;
1051
- wantAssertionsSigned: boolean | undefined;
1052
- identifierFormat: string | undefined;
1053
- signatureAlgorithm: string | undefined;
1054
- digestAlgorithm: string | undefined;
1055
- certificate: {
1056
- fingerprintSha256: string;
1057
- notBefore: string;
1058
- notAfter: string;
1059
- publicKeyAlgorithm: string;
1060
- } | {
1061
- error: string;
1062
- };
1063
- } | undefined;
1064
- spMetadataUrl: string;
1065
- }>>;
1066
- deleteSSOProvider: ReturnType<() => better_auth0.StrictEndpoint<"/sso/providers/:providerId", {
1067
- method: "DELETE";
1068
- use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
1069
- session: {
1070
- session: Record<string, any> & {
1071
- id: string;
1072
- createdAt: Date;
1073
- updatedAt: Date;
1074
- userId: string;
1075
- expiresAt: Date;
1076
- token: string;
1077
- ipAddress?: string | null | undefined;
1078
- userAgent?: string | null | undefined;
1079
- };
1080
- user: Record<string, any> & {
1081
- id: string;
1082
- createdAt: Date;
1083
- updatedAt: Date;
1084
- email: string;
1085
- emailVerified: boolean;
1086
- name: string;
1087
- image?: string | null | undefined;
1088
- };
1089
- };
1090
- }>)[];
1091
- params: zod0.ZodObject<{
1092
- providerId: zod0.ZodString;
1093
- }, better_auth0.$strip>;
1094
- metadata: {
1095
- openapi: {
1096
- operationId: string;
1097
- summary: string;
1098
- description: string;
1099
- responses: {
1100
- "200": {
1101
- description: string;
1102
- };
1103
- "404": {
1104
- description: string;
1105
- };
1106
- "403": {
1107
- description: string;
1108
- };
1109
- };
1110
- };
1111
- };
1112
- }, {
1113
- success: boolean;
1114
- }>>;
1115
- } & {
1116
- requestDomainVerification: ReturnType<(options: _better_auth_sso0.SSOOptions) => better_auth0.StrictEndpoint<"/sso/request-domain-verification", {
1117
- method: "POST";
1118
- body: zod0.ZodObject<{
1119
- providerId: zod0.ZodString;
1120
- }, better_auth0.$strip>;
1121
- metadata: {
1122
- openapi: {
1123
- summary: string;
1124
- description: string;
1125
- responses: {
1126
- "404": {
1127
- description: string;
1128
- };
1129
- "409": {
1130
- description: string;
1131
- };
1132
- "201": {
1133
- description: string;
1134
- };
1135
- };
1136
- };
1137
- };
1138
- use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
1139
- session: {
1140
- session: Record<string, any> & {
1141
- id: string;
1142
- createdAt: Date;
1143
- updatedAt: Date;
1144
- userId: string;
1145
- expiresAt: Date;
1146
- token: string;
1147
- ipAddress?: string | null | undefined;
1148
- userAgent?: string | null | undefined;
1149
- };
1150
- user: Record<string, any> & {
1151
- id: string;
1152
- createdAt: Date;
1153
- updatedAt: Date;
1154
- email: string;
1155
- emailVerified: boolean;
1156
- name: string;
1157
- image?: string | null | undefined;
1158
- };
1159
- };
1160
- }>)[];
1161
- }, {
1162
- domainVerificationToken: string;
1163
- }>>;
1164
- verifyDomain: ReturnType<(options: _better_auth_sso0.SSOOptions) => better_auth0.StrictEndpoint<"/sso/verify-domain", {
1165
- method: "POST";
1166
- body: zod0.ZodObject<{
1167
- providerId: zod0.ZodString;
1168
- }, better_auth0.$strip>;
1169
- metadata: {
1170
- openapi: {
1171
- summary: string;
1172
- description: string;
1173
- responses: {
1174
- "404": {
1175
- description: string;
1176
- };
1177
- "409": {
1178
- description: string;
1179
- };
1180
- "502": {
1181
- description: string;
1182
- };
1183
- "204": {
1184
- description: string;
1185
- };
1186
- };
1187
- };
1188
- };
1189
- use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
1190
- session: {
1191
- session: Record<string, any> & {
1192
- id: string;
1193
- createdAt: Date;
1194
- updatedAt: Date;
1195
- userId: string;
1196
- expiresAt: Date;
1197
- token: string;
1198
- ipAddress?: string | null | undefined;
1199
- userAgent?: string | null | undefined;
1200
- };
1201
- user: Record<string, any> & {
1202
- id: string;
1203
- createdAt: Date;
1204
- updatedAt: Date;
1205
- email: string;
1206
- emailVerified: boolean;
1207
- name: string;
1208
- image?: string | null | undefined;
1209
- };
1210
- };
1211
- }>)[];
1212
- }, void>>;
1213
- };
1214
- schema: NonNullable<better_auth0.BetterAuthPlugin["schema"]>;
1215
- options: _better_auth_sso0.SSOOptions & {
1216
- domainVerification?: {
1217
- enabled: true;
1218
- };
1219
- };
1220
42
  }, {
1221
43
  id: "oauth-proxy";
1222
- options: NoInfer<{
1223
- productionURL: string;
1224
- }>;
44
+ options: NoInfer<better_auth_plugins0.OAuthProxyOptions>;
1225
45
  endpoints: {
1226
46
  oAuthProxy: better_auth0.StrictEndpoint<"/oauth-proxy-callback", {
1227
47
  method: "GET";
1228
48
  operationId: string;
1229
49
  query: zod0.ZodObject<{
1230
50
  callbackURL: zod0.ZodString;
1231
- cookies: zod0.ZodString;
51
+ profile: zod0.ZodOptional<zod0.ZodString>;
1232
52
  }, better_auth0.$strip>;
1233
53
  use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<void>)[];
1234
54
  metadata: {
1235
55
  openapi: {
1236
56
  operationId: string;
1237
57
  description: string;
1238
- parameters: {
58
+ parameters: ({
1239
59
  in: "query";
1240
60
  name: string;
1241
61
  required: true;
1242
62
  description: string;
1243
- }[];
63
+ } | {
64
+ in: "query";
65
+ name: string;
66
+ required: false;
67
+ description: string;
68
+ })[];
1244
69
  responses: {
1245
70
  302: {
1246
71
  description: string;
@@ -1269,51 +94,11 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
1269
94
  }[];
1270
95
  };
1271
96
  }, better_auth_plugins0.DefaultOrganizationPlugin<{
1272
- allowUserToCreateOrganization: true;
1273
- ac: better_auth_plugins0.AccessControl;
1274
- roles: {
1275
- member: {
1276
- authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
1277
- actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
1278
- connector: "OR" | "AND";
1279
- } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
1280
- statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
1281
- };
1282
- admin: {
1283
- authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
1284
- actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
1285
- connector: "OR" | "AND";
1286
- } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
1287
- statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
1288
- };
1289
- owner: {
1290
- authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key] | {
1291
- actions: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>[key];
1292
- connector: "OR" | "AND";
1293
- } | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins0.AuthorizeResponse;
1294
- statements: better_auth_plugins0.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins0.Statements>;
1295
- };
1296
- };
1297
- creatorRole: "admin";
1298
- membershipLimit: number;
1299
- invitationLimit: number;
1300
- invitationExpiresIn: number;
1301
- sendInvitationEmail(data: {
1302
- id: string;
1303
- role: string;
1304
- email: string;
1305
- organization: better_auth_plugins0.Organization;
1306
- invitation: better_auth_plugins0.Invitation;
1307
- inviter: better_auth_plugins0.Member & {
1308
- user: better_auth0.User;
1309
- };
1310
- }): Promise<void>;
1311
97
  schema: {
1312
98
  invitation: {
1313
99
  additionalFields: {
1314
100
  authMethod: {
1315
101
  type: "string";
1316
- input: true;
1317
102
  required: false;
1318
103
  };
1319
104
  };
@@ -1333,36 +118,6 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
1333
118
  };
1334
119
  };
1335
120
  };
1336
- organizationHooks: {
1337
- afterAcceptInvitation: ({
1338
- member,
1339
- user,
1340
- organization: org
1341
- }: {
1342
- invitation: better_auth_plugins0.Invitation & Record<string, any>;
1343
- member: better_auth_plugins0.Member & Record<string, any>;
1344
- user: better_auth0.User & Record<string, any>;
1345
- organization: better_auth_plugins0.Organization & Record<string, any>;
1346
- }) => Promise<void>;
1347
- beforeUpdateMemberRole: ({
1348
- member,
1349
- organization: org,
1350
- newRole
1351
- }: {
1352
- member: better_auth_plugins0.Member & Record<string, any>;
1353
- newRole: string;
1354
- user: better_auth0.User & Record<string, any>;
1355
- organization: better_auth_plugins0.Organization & Record<string, any>;
1356
- }) => Promise<void>;
1357
- beforeRemoveMember: ({
1358
- member,
1359
- organization: org
1360
- }: {
1361
- member: better_auth_plugins0.Member & Record<string, any>;
1362
- user: better_auth0.User & Record<string, any>;
1363
- organization: better_auth_plugins0.Organization & Record<string, any>;
1364
- }) => Promise<void>;
1365
- };
1366
121
  }>, {
1367
122
  id: "device-authorization";
1368
123
  schema: {
@@ -1611,11 +366,11 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
1611
366
  }, better_auth0.$strip>;
1612
367
  error: zod0.ZodObject<{
1613
368
  error: zod0.ZodEnum<{
1614
- unauthorized: "unauthorized";
1615
369
  invalid_request: "invalid_request";
1616
370
  expired_token: "expired_token";
1617
371
  access_denied: "access_denied";
1618
372
  device_code_already_processed: "device_code_already_processed";
373
+ unauthorized: "unauthorized";
1619
374
  }>;
1620
375
  error_description: zod0.ZodString;
1621
376
  }, better_auth0.$strip>;
@@ -1652,10 +407,10 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
1652
407
  }, better_auth0.$strip>;
1653
408
  error: zod0.ZodObject<{
1654
409
  error: zod0.ZodEnum<{
1655
- unauthorized: "unauthorized";
1656
410
  invalid_request: "invalid_request";
1657
411
  expired_token: "expired_token";
1658
412
  access_denied: "access_denied";
413
+ unauthorized: "unauthorized";
1659
414
  }>;
1660
415
  error_description: zod0.ZodString;
1661
416
  }, better_auth0.$strip>;
@@ -1687,18 +442,18 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
1687
442
  }>;
1688
443
  };
1689
444
  $ERROR_CODES: {
1690
- readonly INVALID_DEVICE_CODE: "Invalid device code";
1691
- readonly EXPIRED_DEVICE_CODE: "Device code has expired";
1692
- readonly EXPIRED_USER_CODE: "User code has expired";
1693
- readonly AUTHORIZATION_PENDING: "Authorization pending";
1694
- readonly ACCESS_DENIED: "Access denied";
1695
- readonly INVALID_USER_CODE: "Invalid user code";
1696
- readonly DEVICE_CODE_ALREADY_PROCESSED: "Device code already processed";
1697
- readonly POLLING_TOO_FREQUENTLY: "Polling too frequently";
1698
- readonly USER_NOT_FOUND: "User not found";
1699
- readonly FAILED_TO_CREATE_SESSION: "Failed to create session";
1700
- readonly INVALID_DEVICE_CODE_STATUS: "Invalid device code status";
1701
- readonly AUTHENTICATION_REQUIRED: "Authentication required";
445
+ USER_NOT_FOUND: better_auth0.RawError<"USER_NOT_FOUND">;
446
+ FAILED_TO_CREATE_SESSION: better_auth0.RawError<"FAILED_TO_CREATE_SESSION">;
447
+ INVALID_DEVICE_CODE: better_auth0.RawError<"INVALID_DEVICE_CODE">;
448
+ EXPIRED_DEVICE_CODE: better_auth0.RawError<"EXPIRED_DEVICE_CODE">;
449
+ EXPIRED_USER_CODE: better_auth0.RawError<"EXPIRED_USER_CODE">;
450
+ AUTHORIZATION_PENDING: better_auth0.RawError<"AUTHORIZATION_PENDING">;
451
+ ACCESS_DENIED: better_auth0.RawError<"ACCESS_DENIED">;
452
+ INVALID_USER_CODE: better_auth0.RawError<"INVALID_USER_CODE">;
453
+ DEVICE_CODE_ALREADY_PROCESSED: better_auth0.RawError<"DEVICE_CODE_ALREADY_PROCESSED">;
454
+ POLLING_TOO_FREQUENTLY: better_auth0.RawError<"POLLING_TOO_FREQUENTLY">;
455
+ INVALID_DEVICE_CODE_STATUS: better_auth0.RawError<"INVALID_DEVICE_CODE_STATUS">;
456
+ AUTHENTICATION_REQUIRED: better_auth0.RawError<"AUTHENTICATION_REQUIRED">;
1702
457
  };
1703
458
  options: Partial<{
1704
459
  expiresIn: better_auth_plugins0.TimeString;
@@ -1729,6 +484,8 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
1729
484
  }>;
1730
485
  }];
1731
486
  }>;
1732
- declare const auth: ReturnType<typeof createAuth>;
487
+ type AuthInstance = ReturnType<typeof _inferAuthType>;
488
+ declare function createAuth(config: BetterAuthConfig): AuthInstance;
489
+ declare const auth: AuthInstance;
1733
490
  //#endregion
1734
- export { BetterAuthConfig, EmailServiceConfig, OIDCProviderConfig, SAMLProviderConfig, SSOProviderConfig, UserAuthConfig, auth, createAuth, extractCookieDomain, hasCredentialAccount };
491
+ export { type BetterAuthConfig, type EmailServiceConfig, type OIDCProviderConfig, type SAMLProviderConfig, type SSOProviderConfig, type UserAuthConfig, auth, createAuth, extractCookieDomain, hasCredentialAccount };