@kya-os/contracts 1.6.4 → 1.6.6

package/dist/audit/index.d.ts

@@ -65,38 +65,38 @@ export declare const AuditContextSchema: z.ZodObject<{
      */
     scopeId: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
-    requestHash: string;
-    responseHash: string;
+    identity: {
+        did: string;
+        kid: string;
+    } & {
+        [k: string]: unknown;
+    };
     session: {
         sessionId: string;
         audience: string;
     } & {
         [k: string]: unknown;
     };
+    requestHash: string;
+    responseHash: string;
     verified: "yes" | "no";
+    scopeId?: string | undefined;
+}, {
     identity: {
         did: string;
         kid: string;
     } & {
         [k: string]: unknown;
     };
-    scopeId?: string | undefined;
-}, {
-    requestHash: string;
-    responseHash: string;
     session: {
         sessionId: string;
         audience: string;
     } & {
         [k: string]: unknown;
     };
+    requestHash: string;
+    responseHash: string;
     verified: "yes" | "no";
-    identity: {
-        did: string;
-        kid: string;
-    } & {
-        [k: string]: unknown;
-    };
     scopeId?: string | undefined;
 }>;
 export type AuditContext = {
@@ -153,33 +153,33 @@ export declare const AuditEventContextSchema: z.ZodObject<{
      */
     eventData: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, "strip", z.ZodTypeAny, {
-    session: {
-        sessionId: string;
-        audience: string;
-    } & {
-        [k: string]: unknown;
-    };
     identity: {
         did: string;
         kid: string;
     } & {
         [k: string]: unknown;
     };
-    eventType: string;
-    eventData?: Record<string, unknown> | undefined;
-}, {
     session: {
         sessionId: string;
         audience: string;
     } & {
         [k: string]: unknown;
     };
+    eventType: string;
+    eventData?: Record<string, unknown> | undefined;
+}, {
     identity: {
         did: string;
         kid: string;
     } & {
         [k: string]: unknown;
     };
+    session: {
+        sessionId: string;
+        audience: string;
+    } & {
+        [k: string]: unknown;
+    };
     eventType: string;
     eventData?: Record<string, unknown> | undefined;
 }>;

package/dist/config/identity.d.ts

@@ -74,6 +74,219 @@ export interface RuntimeIdentityConfig {
      */
     userDidStorage?: "ephemeral" | "persistent";
 }
+/**
+ * Auth Provider Type
+ *
+ * Discriminator for provider configuration types.
+ */
+export type AuthProviderType = "oauth2" | "credential";
+/**
+ * Base Provider Configuration
+ *
+ * Common fields shared by all provider types.
+ */
+export interface BaseProviderConfig {
+    /** Provider type discriminator */
+    type: AuthProviderType;
+    /** Human-readable display name for the provider */
+    displayName?: string;
+}
+/**
+ * Credential Provider Configuration
+ *
+ * Configuration for credential-based authentication (email/password).
+ * Used for customers who don't use OAuth and want direct login.
+ */
+export interface CredentialProviderConfig extends BaseProviderConfig {
+    type: "credential";
+    /** Authentication endpoint URL to POST credentials */
+    authEndpoint: string;
+    /**
+     * Request body template mapping form fields to API fields
+     * Use {{fieldName}} placeholders that will be replaced with form values
+     * @example { email: "{{email}}", password: "{{password}}" }
+     */
+    requestBodyTemplate: Record<string, string>;
+    /**
+     * Response field mappings to extract data from auth response
+     */
+    responseFields: {
+        /** JSON path to session token, or "cookie" to extract from Set-Cookie header */
+        sessionToken: string;
+        /** JSON path to user ID (optional) */
+        userId?: string;
+        /** JSON path to user email (optional) */
+        userEmail?: string;
+        /** JSON path to user display name (optional) */
+        userDisplayName?: string;
+        /** JSON path to token expiration in seconds (optional) */
+        expiresIn?: string;
+    };
+    /**
+     * Success validation configuration
+     * Checks if a field in the response matches an expected value
+     */
+    successCheck?: {
+        /** JSON path to check in response */
+        path: string;
+        /** Expected value (string, boolean, or number) */
+        expectedValue: string | boolean | number;
+    };
+    /** Custom headers to include in auth request */
+    headers?: Record<string, string>;
+    /**
+     * How to use the token for subsequent API calls
+     * - "cookie": Send as Cookie header
+     * - "bearer": Send as Authorization: Bearer xxx
+     * - "header": Send as custom header (specify tokenHeader)
+     * @default "cookie"
+     */
+    tokenUsage?: "cookie" | "bearer" | "header";
+    /** Custom header name when tokenUsage is "header" */
+    tokenHeader?: string;
+    /**
+     * Cookie format template when tokenUsage is "cookie"
+     * Use {{token}} placeholder for the token value
+     * @example "CIX={{token}}; customerCookie={{token}}"
+     */
+    cookieFormat?: string;
+    /** Additional headers to include in subsequent API calls */
+    apiHeaders?: Record<string, string>;
+    /**
+     * Consent page customization overrides
+     */
+    consentOverrides?: {
+        branding?: Record<string, unknown>;
+        formTitle?: string;
+        formDescription?: string;
+        identityFieldLabel?: string;
+        passwordFieldLabel?: string;
+        submitButtonText?: string;
+    };
+}
+/**
+ * Zod schema for CredentialProviderConfig validation
+ */
+export declare const CredentialProviderConfigSchema: z.ZodObject<{
+    type: z.ZodLiteral<"credential">;
+    displayName: z.ZodOptional<z.ZodString>;
+    authEndpoint: z.ZodString;
+    requestBodyTemplate: z.ZodRecord<z.ZodString, z.ZodString>;
+    responseFields: z.ZodObject<{
+        sessionToken: z.ZodString;
+        userId: z.ZodOptional<z.ZodString>;
+        userEmail: z.ZodOptional<z.ZodString>;
+        userDisplayName: z.ZodOptional<z.ZodString>;
+        expiresIn: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        sessionToken: string;
+        userId?: string | undefined;
+        userEmail?: string | undefined;
+        userDisplayName?: string | undefined;
+        expiresIn?: string | undefined;
+    }, {
+        sessionToken: string;
+        userId?: string | undefined;
+        userEmail?: string | undefined;
+        userDisplayName?: string | undefined;
+        expiresIn?: string | undefined;
+    }>;
+    successCheck: z.ZodOptional<z.ZodObject<{
+        path: z.ZodString;
+        expectedValue: z.ZodUnion<[z.ZodString, z.ZodBoolean, z.ZodNumber]>;
+    }, "strip", z.ZodTypeAny, {
+        path: string;
+        expectedValue: string | number | boolean;
+    }, {
+        path: string;
+        expectedValue: string | number | boolean;
+    }>>;
+    headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    tokenUsage: z.ZodOptional<z.ZodEnum<["cookie", "bearer", "header"]>>;
+    tokenHeader: z.ZodOptional<z.ZodString>;
+    cookieFormat: z.ZodOptional<z.ZodString>;
+    apiHeaders: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    consentOverrides: z.ZodOptional<z.ZodObject<{
+        branding: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+        formTitle: z.ZodOptional<z.ZodString>;
+        formDescription: z.ZodOptional<z.ZodString>;
+        identityFieldLabel: z.ZodOptional<z.ZodString>;
+        passwordFieldLabel: z.ZodOptional<z.ZodString>;
+        submitButtonText: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        branding?: Record<string, unknown> | undefined;
+        formTitle?: string | undefined;
+        formDescription?: string | undefined;
+        identityFieldLabel?: string | undefined;
+        passwordFieldLabel?: string | undefined;
+        submitButtonText?: string | undefined;
+    }, {
+        branding?: Record<string, unknown> | undefined;
+        formTitle?: string | undefined;
+        formDescription?: string | undefined;
+        identityFieldLabel?: string | undefined;
+        passwordFieldLabel?: string | undefined;
+        submitButtonText?: string | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    type: "credential";
+    authEndpoint: string;
+    requestBodyTemplate: Record<string, string>;
+    responseFields: {
+        sessionToken: string;
+        userId?: string | undefined;
+        userEmail?: string | undefined;
+        userDisplayName?: string | undefined;
+        expiresIn?: string | undefined;
+    };
+    displayName?: string | undefined;
+    successCheck?: {
+        path: string;
+        expectedValue: string | number | boolean;
+    } | undefined;
+    headers?: Record<string, string> | undefined;
+    tokenUsage?: "cookie" | "bearer" | "header" | undefined;
+    tokenHeader?: string | undefined;
+    cookieFormat?: string | undefined;
+    apiHeaders?: Record<string, string> | undefined;
+    consentOverrides?: {
+        branding?: Record<string, unknown> | undefined;
+        formTitle?: string | undefined;
+        formDescription?: string | undefined;
+        identityFieldLabel?: string | undefined;
+        passwordFieldLabel?: string | undefined;
+        submitButtonText?: string | undefined;
+    } | undefined;
+}, {
+    type: "credential";
+    authEndpoint: string;
+    requestBodyTemplate: Record<string, string>;
+    responseFields: {
+        sessionToken: string;
+        userId?: string | undefined;
+        userEmail?: string | undefined;
+        userDisplayName?: string | undefined;
+        expiresIn?: string | undefined;
+    };
+    displayName?: string | undefined;
+    successCheck?: {
+        path: string;
+        expectedValue: string | number | boolean;
+    } | undefined;
+    headers?: Record<string, string> | undefined;
+    tokenUsage?: "cookie" | "bearer" | "header" | undefined;
+    tokenHeader?: string | undefined;
+    cookieFormat?: string | undefined;
+    apiHeaders?: Record<string, string> | undefined;
+    consentOverrides?: {
+        branding?: Record<string, unknown> | undefined;
+        formTitle?: string | undefined;
+        formDescription?: string | undefined;
+        identityFieldLabel?: string | undefined;
+        passwordFieldLabel?: string | undefined;
+        submitButtonText?: string | undefined;
+    } | undefined;
+}>;
 /**
  * OAuth Provider Configuration
  *
@@ -155,9 +368,9 @@ export declare const OAuthProviderSchema: z.ZodObject<{
     requiresClientSecret: boolean;
     responseType: string;
     grantType: string;
-    scopes?: string[] | undefined;
     clientSecret?: string | null | undefined;
     userInfoUrl?: string | undefined;
+    scopes?: string[] | undefined;
     defaultScopes?: string[] | undefined;
     proxyMode?: boolean | undefined;
     customParams?: Record<string, string> | undefined;
@@ -168,9 +381,9 @@ export declare const OAuthProviderSchema: z.ZodObject<{
     tokenUrl: string;
     supportsPKCE: boolean;
     requiresClientSecret: boolean;
-    scopes?: string[] | undefined;
     clientSecret?: string | null | undefined;
     userInfoUrl?: string | undefined;
+    scopes?: string[] | undefined;
     defaultScopes?: string[] | undefined;
     proxyMode?: boolean | undefined;
     customParams?: Record<string, string> | undefined;
@@ -205,9 +418,9 @@ export declare const OAuthConfigSchema: z.ZodObject<{
         requiresClientSecret: boolean;
         responseType: string;
         grantType: string;
-        scopes?: string[] | undefined;
         clientSecret?: string | null | undefined;
         userInfoUrl?: string | undefined;
+        scopes?: string[] | undefined;
         defaultScopes?: string[] | undefined;
         proxyMode?: boolean | undefined;
         customParams?: Record<string, string> | undefined;
@@ -218,9 +431,9 @@ export declare const OAuthConfigSchema: z.ZodObject<{
         tokenUrl: string;
         supportsPKCE: boolean;
         requiresClientSecret: boolean;
-        scopes?: string[] | undefined;
         clientSecret?: string | null | undefined;
         userInfoUrl?: string | undefined;
+        scopes?: string[] | undefined;
         defaultScopes?: string[] | undefined;
         proxyMode?: boolean | undefined;
         customParams?: Record<string, string> | undefined;
@@ -238,9 +451,9 @@ export declare const OAuthConfigSchema: z.ZodObject<{
         requiresClientSecret: boolean;
         responseType: string;
         grantType: string;
-        scopes?: string[] | undefined;
         clientSecret?: string | null | undefined;
         userInfoUrl?: string | undefined;
+        scopes?: string[] | undefined;
         defaultScopes?: string[] | undefined;
         proxyMode?: boolean | undefined;
         customParams?: Record<string, string> | undefined;
@@ -254,9 +467,9 @@ export declare const OAuthConfigSchema: z.ZodObject<{
         tokenUrl: string;
         supportsPKCE: boolean;
         requiresClientSecret: boolean;
-        scopes?: string[] | undefined;
         clientSecret?: string | null | undefined;
         userInfoUrl?: string | undefined;
+        scopes?: string[] | undefined;
         defaultScopes?: string[] | undefined;
         proxyMode?: boolean | undefined;
         customParams?: Record<string, string> | undefined;
@@ -266,6 +479,264 @@ export declare const OAuthConfigSchema: z.ZodObject<{
     }>;
     configuredProvider?: string | null | undefined;
 }>;
+/**
+ * OAuth2 Provider Configuration (explicit type for discriminated union)
+ *
+ * Wrapper around OAuthProvider with explicit type discriminator.
+ */
+export interface OAuth2ProviderConfig extends BaseProviderConfig {
+    type: "oauth2";
+    clientId: string;
+    clientSecret?: string | null;
+    authorizationUrl: string;
+    tokenUrl: string;
+    userInfoUrl?: string;
+    supportsPKCE: boolean;
+    requiresClientSecret: boolean;
+    scopes?: string[];
+    defaultScopes?: string[];
+    proxyMode?: boolean;
+    customParams?: Record<string, string>;
+    tokenEndpointAuthMethod?: "client_secret_post" | "client_secret_basic";
+    responseType?: string;
+    grantType?: string;
+}
+/**
+ * Zod schema for OAuth2ProviderConfig validation
+ */
+export declare const OAuth2ProviderConfigSchema: z.ZodObject<{
+    type: z.ZodLiteral<"oauth2">;
+    displayName: z.ZodOptional<z.ZodString>;
+    clientId: z.ZodString;
+    clientSecret: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    authorizationUrl: z.ZodString;
+    tokenUrl: z.ZodString;
+    userInfoUrl: z.ZodOptional<z.ZodString>;
+    supportsPKCE: z.ZodBoolean;
+    requiresClientSecret: z.ZodBoolean;
+    scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    defaultScopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    proxyMode: z.ZodOptional<z.ZodBoolean>;
+    customParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    tokenEndpointAuthMethod: z.ZodOptional<z.ZodEnum<["client_secret_post", "client_secret_basic"]>>;
+    responseType: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    grantType: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}, "strip", z.ZodTypeAny, {
+    type: "oauth2";
+    clientId: string;
+    authorizationUrl: string;
+    tokenUrl: string;
+    supportsPKCE: boolean;
+    requiresClientSecret: boolean;
+    responseType: string;
+    grantType: string;
+    displayName?: string | undefined;
+    clientSecret?: string | null | undefined;
+    userInfoUrl?: string | undefined;
+    scopes?: string[] | undefined;
+    defaultScopes?: string[] | undefined;
+    proxyMode?: boolean | undefined;
+    customParams?: Record<string, string> | undefined;
+    tokenEndpointAuthMethod?: "client_secret_post" | "client_secret_basic" | undefined;
+}, {
+    type: "oauth2";
+    clientId: string;
+    authorizationUrl: string;
+    tokenUrl: string;
+    supportsPKCE: boolean;
+    requiresClientSecret: boolean;
+    displayName?: string | undefined;
+    clientSecret?: string | null | undefined;
+    userInfoUrl?: string | undefined;
+    scopes?: string[] | undefined;
+    defaultScopes?: string[] | undefined;
+    proxyMode?: boolean | undefined;
+    customParams?: Record<string, string> | undefined;
+    tokenEndpointAuthMethod?: "client_secret_post" | "client_secret_basic" | undefined;
+    responseType?: string | undefined;
+    grantType?: string | undefined;
+}>;
+/**
+ * Unified Auth Provider Type
+ *
+ * Discriminated union of all supported authentication provider types.
+ * Use `type` field to determine which configuration shape to expect.
+ */
+export type AuthProvider = OAuth2ProviderConfig | CredentialProviderConfig;
+/**
+ * Zod schema for AuthProvider validation (discriminated union)
+ */
+export declare const AuthProviderSchema: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
+    type: z.ZodLiteral<"oauth2">;
+    displayName: z.ZodOptional<z.ZodString>;
+    clientId: z.ZodString;
+    clientSecret: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    authorizationUrl: z.ZodString;
+    tokenUrl: z.ZodString;
+    userInfoUrl: z.ZodOptional<z.ZodString>;
+    supportsPKCE: z.ZodBoolean;
+    requiresClientSecret: z.ZodBoolean;
+    scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    defaultScopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    proxyMode: z.ZodOptional<z.ZodBoolean>;
+    customParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    tokenEndpointAuthMethod: z.ZodOptional<z.ZodEnum<["client_secret_post", "client_secret_basic"]>>;
+    responseType: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    grantType: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}, "strip", z.ZodTypeAny, {
+    type: "oauth2";
+    clientId: string;
+    authorizationUrl: string;
+    tokenUrl: string;
+    supportsPKCE: boolean;
+    requiresClientSecret: boolean;
+    responseType: string;
+    grantType: string;
+    displayName?: string | undefined;
+    clientSecret?: string | null | undefined;
+    userInfoUrl?: string | undefined;
+    scopes?: string[] | undefined;
+    defaultScopes?: string[] | undefined;
+    proxyMode?: boolean | undefined;
+    customParams?: Record<string, string> | undefined;
+    tokenEndpointAuthMethod?: "client_secret_post" | "client_secret_basic" | undefined;
+}, {
+    type: "oauth2";
+    clientId: string;
+    authorizationUrl: string;
+    tokenUrl: string;
+    supportsPKCE: boolean;
+    requiresClientSecret: boolean;
+    displayName?: string | undefined;
+    clientSecret?: string | null | undefined;
+    userInfoUrl?: string | undefined;
+    scopes?: string[] | undefined;
+    defaultScopes?: string[] | undefined;
+    proxyMode?: boolean | undefined;
+    customParams?: Record<string, string> | undefined;
+    tokenEndpointAuthMethod?: "client_secret_post" | "client_secret_basic" | undefined;
+    responseType?: string | undefined;
+    grantType?: string | undefined;
+}>, z.ZodObject<{
+    type: z.ZodLiteral<"credential">;
+    displayName: z.ZodOptional<z.ZodString>;
+    authEndpoint: z.ZodString;
+    requestBodyTemplate: z.ZodRecord<z.ZodString, z.ZodString>;
+    responseFields: z.ZodObject<{
+        sessionToken: z.ZodString;
+        userId: z.ZodOptional<z.ZodString>;
+        userEmail: z.ZodOptional<z.ZodString>;
+        userDisplayName: z.ZodOptional<z.ZodString>;
+        expiresIn: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        sessionToken: string;
+        userId?: string | undefined;
+        userEmail?: string | undefined;
+        userDisplayName?: string | undefined;
+        expiresIn?: string | undefined;
+    }, {
+        sessionToken: string;
+        userId?: string | undefined;
+        userEmail?: string | undefined;
+        userDisplayName?: string | undefined;
+        expiresIn?: string | undefined;
+    }>;
+    successCheck: z.ZodOptional<z.ZodObject<{
+        path: z.ZodString;
+        expectedValue: z.ZodUnion<[z.ZodString, z.ZodBoolean, z.ZodNumber]>;
+    }, "strip", z.ZodTypeAny, {
+        path: string;
+        expectedValue: string | number | boolean;
+    }, {
+        path: string;
+        expectedValue: string | number | boolean;
+    }>>;
+    headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    tokenUsage: z.ZodOptional<z.ZodEnum<["cookie", "bearer", "header"]>>;
+    tokenHeader: z.ZodOptional<z.ZodString>;
+    cookieFormat: z.ZodOptional<z.ZodString>;
+    apiHeaders: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    consentOverrides: z.ZodOptional<z.ZodObject<{
+        branding: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+        formTitle: z.ZodOptional<z.ZodString>;
+        formDescription: z.ZodOptional<z.ZodString>;
+        identityFieldLabel: z.ZodOptional<z.ZodString>;
+        passwordFieldLabel: z.ZodOptional<z.ZodString>;
+        submitButtonText: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        branding?: Record<string, unknown> | undefined;
+        formTitle?: string | undefined;
+        formDescription?: string | undefined;
+        identityFieldLabel?: string | undefined;
+        passwordFieldLabel?: string | undefined;
+        submitButtonText?: string | undefined;
+    }, {
+        branding?: Record<string, unknown> | undefined;
+        formTitle?: string | undefined;
+        formDescription?: string | undefined;
+        identityFieldLabel?: string | undefined;
+        passwordFieldLabel?: string | undefined;
+        submitButtonText?: string | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    type: "credential";
+    authEndpoint: string;
+    requestBodyTemplate: Record<string, string>;
+    responseFields: {
+        sessionToken: string;
+        userId?: string | undefined;
+        userEmail?: string | undefined;
+        userDisplayName?: string | undefined;
+        expiresIn?: string | undefined;
+    };
+    displayName?: string | undefined;
+    successCheck?: {
+        path: string;
+        expectedValue: string | number | boolean;
+    } | undefined;
+    headers?: Record<string, string> | undefined;
+    tokenUsage?: "cookie" | "bearer" | "header" | undefined;
+    tokenHeader?: string | undefined;
+    cookieFormat?: string | undefined;
+    apiHeaders?: Record<string, string> | undefined;
+    consentOverrides?: {
+        branding?: Record<string, unknown> | undefined;
+        formTitle?: string | undefined;
+        formDescription?: string | undefined;
+        identityFieldLabel?: string | undefined;
+        passwordFieldLabel?: string | undefined;
+        submitButtonText?: string | undefined;
+    } | undefined;
+}, {
+    type: "credential";
+    authEndpoint: string;
+    requestBodyTemplate: Record<string, string>;
+    responseFields: {
+        sessionToken: string;
+        userId?: string | undefined;
+        userEmail?: string | undefined;
+        userDisplayName?: string | undefined;
+        expiresIn?: string | undefined;
+    };
+    displayName?: string | undefined;
+    successCheck?: {
+        path: string;
+        expectedValue: string | number | boolean;
+    } | undefined;
+    headers?: Record<string, string> | undefined;
+    tokenUsage?: "cookie" | "bearer" | "header" | undefined;
+    tokenHeader?: string | undefined;
+    cookieFormat?: string | undefined;
+    apiHeaders?: Record<string, string> | undefined;
+    consentOverrides?: {
+        branding?: Record<string, unknown> | undefined;
+        formTitle?: string | undefined;
+        formDescription?: string | undefined;
+        identityFieldLabel?: string | undefined;
+        passwordFieldLabel?: string | undefined;
+        submitButtonText?: string | undefined;
+    } | undefined;
+}>]>;
 /**
  * IDP Tokens
  *