@objectstack/spec 0.1.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (152) hide show
  1. package/README.md +127 -5
  2. package/dist/ai/index.d.ts +14 -0
  3. package/dist/ai/index.d.ts.map +1 -0
  4. package/dist/ai/index.js +29 -0
  5. package/dist/ai/model-registry.zod.d.ts +1389 -0
  6. package/dist/ai/model-registry.zod.d.ts.map +1 -0
  7. package/dist/ai/model-registry.zod.js +164 -0
  8. package/dist/ai/nlq.zod.d.ts +1126 -0
  9. package/dist/ai/nlq.zod.d.ts.map +1 -0
  10. package/dist/ai/nlq.zod.js +246 -0
  11. package/dist/ai/rag-pipeline.zod.d.ts +1034 -0
  12. package/dist/ai/rag-pipeline.zod.d.ts.map +1 -0
  13. package/dist/ai/rag-pipeline.zod.js +244 -0
  14. package/dist/api/index.d.ts +9 -0
  15. package/dist/api/index.d.ts.map +1 -0
  16. package/dist/api/index.js +24 -0
  17. package/dist/data/filter.zod.d.ts +295 -0
  18. package/dist/data/filter.zod.d.ts.map +1 -0
  19. package/dist/data/filter.zod.js +226 -0
  20. package/dist/data/index.d.ts +21 -0
  21. package/dist/data/index.d.ts.map +1 -0
  22. package/dist/data/index.js +36 -0
  23. package/dist/data/query.zod.d.ts +386 -3
  24. package/dist/data/query.zod.d.ts.map +1 -1
  25. package/dist/data/query.zod.js +386 -3
  26. package/dist/data/validation.zod.d.ts +349 -0
  27. package/dist/data/validation.zod.d.ts.map +1 -1
  28. package/dist/data/validation.zod.js +395 -0
  29. package/dist/index.d.ts +36 -39
  30. package/dist/index.d.ts.map +1 -1
  31. package/dist/index.js +64 -47
  32. package/dist/system/auth-protocol.d.ts +175 -0
  33. package/dist/system/auth-protocol.d.ts.map +1 -0
  34. package/dist/system/auth-protocol.js +60 -0
  35. package/dist/system/auth.zod.d.ts +3319 -0
  36. package/dist/system/auth.zod.d.ts.map +1 -0
  37. package/dist/system/auth.zod.js +499 -0
  38. package/dist/system/datasource.zod.d.ts +118 -38
  39. package/dist/system/datasource.zod.d.ts.map +1 -1
  40. package/dist/system/datasource.zod.js +25 -6
  41. package/dist/system/driver.zod.d.ts +106 -0
  42. package/dist/system/driver.zod.d.ts.map +1 -1
  43. package/dist/system/driver.zod.js +47 -0
  44. package/dist/system/identity.zod.d.ts +234 -180
  45. package/dist/system/identity.zod.d.ts.map +1 -1
  46. package/dist/system/identity.zod.js +168 -51
  47. package/dist/system/index.d.ts +28 -0
  48. package/dist/system/index.d.ts.map +1 -0
  49. package/dist/system/index.js +43 -0
  50. package/dist/system/manifest.zod.d.ts +10 -10
  51. package/dist/system/organization.zod.d.ts +179 -0
  52. package/dist/system/organization.zod.d.ts.map +1 -0
  53. package/dist/system/organization.zod.js +129 -0
  54. package/dist/system/policy.zod.d.ts +10 -10
  55. package/dist/ui/action.zod.d.ts +2 -2
  56. package/dist/ui/dashboard.zod.d.ts +10 -10
  57. package/dist/ui/dashboard.zod.d.ts.map +1 -1
  58. package/dist/ui/dashboard.zod.js +3 -2
  59. package/dist/ui/index.d.ts +17 -0
  60. package/dist/ui/index.d.ts.map +1 -0
  61. package/dist/ui/index.js +32 -0
  62. package/dist/ui/report.zod.d.ts +4 -32
  63. package/dist/ui/report.zod.d.ts.map +1 -1
  64. package/dist/ui/report.zod.js +3 -8
  65. package/dist/ui/theme.zod.d.ts +6 -6
  66. package/json-schema/Account.json +87 -0
  67. package/json-schema/AccountLinkingConfig.json +27 -0
  68. package/json-schema/AuthConfig.json +841 -0
  69. package/json-schema/AuthPluginConfig.json +28 -0
  70. package/json-schema/AuthStrategy.json +17 -0
  71. package/json-schema/AuthenticationConfig.json +601 -0
  72. package/json-schema/AuthenticationProvider.json +617 -0
  73. package/json-schema/CSRFConfig.json +31 -0
  74. package/json-schema/ChunkingStrategy.json +133 -0
  75. package/json-schema/ComparisonOperator.json +56 -0
  76. package/json-schema/Dashboard.json +20 -0
  77. package/json-schema/DashboardWidget.json +20 -0
  78. package/json-schema/DatabaseAdapter.json +38 -0
  79. package/json-schema/DatabaseMapping.json +48 -0
  80. package/json-schema/Datasource.json +25 -5
  81. package/json-schema/DatasourceCapabilities.json +25 -5
  82. package/json-schema/DocumentChunk.json +97 -0
  83. package/json-schema/DocumentLoaderConfig.json +69 -0
  84. package/json-schema/DocumentMetadata.json +61 -0
  85. package/json-schema/DriverCapabilities.json +30 -0
  86. package/json-schema/DriverDefinition.json +25 -5
  87. package/json-schema/DriverInterface.json +30 -0
  88. package/json-schema/EmailPasswordConfig.json +43 -0
  89. package/json-schema/EmbeddingModel.json +57 -0
  90. package/json-schema/EnterpriseAuthConfig.json +172 -0
  91. package/json-schema/Entity.json +55 -0
  92. package/json-schema/EqualityOperator.json +14 -0
  93. package/json-schema/FieldOperators.json +108 -0
  94. package/json-schema/FieldSynonymConfig.json +39 -0
  95. package/json-schema/FilterCondition.json +28 -0
  96. package/json-schema/Invitation.json +69 -0
  97. package/json-schema/InvitationStatus.json +15 -0
  98. package/json-schema/LDAPConfig.json +22 -5
  99. package/json-schema/MagicLinkConfig.json +21 -0
  100. package/json-schema/Member.json +46 -0
  101. package/json-schema/ModelCapability.json +47 -0
  102. package/json-schema/ModelConfig.json +181 -0
  103. package/json-schema/ModelLimits.json +45 -0
  104. package/json-schema/ModelPricing.json +28 -0
  105. package/json-schema/ModelProvider.json +19 -0
  106. package/json-schema/ModelRegistry.json +427 -0
  107. package/json-schema/ModelRegistryEntry.json +239 -0
  108. package/json-schema/ModelSelectionCriteria.json +50 -0
  109. package/json-schema/NLQAnalytics.json +106 -0
  110. package/json-schema/NLQFieldMapping.json +40 -0
  111. package/json-schema/NLQModelConfig.json +78 -0
  112. package/json-schema/NLQParseResult.json +252 -0
  113. package/json-schema/NLQRequest.json +110 -0
  114. package/json-schema/NLQResponse.json +288 -0
  115. package/json-schema/NLQTrainingExample.json +120 -0
  116. package/json-schema/NormalizedFilter.json +348 -0
  117. package/json-schema/OAuthProvider.json +66 -0
  118. package/json-schema/OIDCConfig.json +18 -3
  119. package/json-schema/Organization.json +52 -0
  120. package/json-schema/PasskeyConfig.json +54 -0
  121. package/json-schema/PromptTemplate.json +163 -0
  122. package/json-schema/PromptVariable.json +56 -0
  123. package/json-schema/QueryContext.json +72 -0
  124. package/json-schema/QueryFilter.json +34 -0
  125. package/json-schema/QueryIntent.json +21 -0
  126. package/json-schema/QueryTemplate.json +81 -0
  127. package/json-schema/RAGPipelineConfig.json +552 -0
  128. package/json-schema/RAGPipelineStatus.json +66 -0
  129. package/json-schema/RAGQueryRequest.json +64 -0
  130. package/json-schema/RAGQueryResponse.json +108 -0
  131. package/json-schema/RangeOperator.json +41 -0
  132. package/json-schema/RateLimitConfig.json +36 -0
  133. package/json-schema/Report.json +20 -26
  134. package/json-schema/RerankingConfig.json +34 -0
  135. package/json-schema/RetrievalStrategy.json +121 -0
  136. package/json-schema/SAMLConfig.json +17 -3
  137. package/json-schema/Session.json +63 -0
  138. package/json-schema/SessionConfig.json +56 -0
  139. package/json-schema/SetOperator.json +18 -0
  140. package/json-schema/SpecialOperator.json +18 -0
  141. package/json-schema/StandardAuthProvider.json +857 -0
  142. package/json-schema/StringOperator.json +21 -0
  143. package/json-schema/Timeframe.json +68 -0
  144. package/json-schema/TwoFactorConfig.json +40 -0
  145. package/json-schema/User.json +51 -0
  146. package/json-schema/UserFieldMapping.json +47 -0
  147. package/json-schema/VectorStoreConfig.json +82 -0
  148. package/json-schema/VectorStoreProvider.json +21 -0
  149. package/json-schema/VerificationToken.json +36 -0
  150. package/package.json +27 -1
  151. package/json-schema/AuthProtocol.json +0 -17
  152. package/json-schema/AuthProvider.json +0 -171
package/dist/system/auth.zod.d.ts ADDED
@@ -0,0 +1,3319 @@
1
+ import { z } from 'zod';
2
+ /**
3
+ * Authentication Protocol
4
+ *
5
+ * Defines the standard authentication specification for the ObjectStack ecosystem.
6
+ * This protocol supports multiple authentication strategies, session management,
7
+ * and comprehensive security features.
8
+ *
9
+ * This is a framework-agnostic specification that can be implemented with any
10
+ * authentication library (better-auth, Auth.js, Passport, etc.)
11
+ */
12
+ /**
13
+ * Supported authentication strategies
14
+ */
15
+ export declare const AuthStrategy: z.ZodEnum<["email_password", "magic_link", "oauth", "passkey", "otp", "anonymous"]>;
16
+ export type AuthStrategy = z.infer<typeof AuthStrategy>;
17
+ /**
18
+ * OAuth Provider Configuration
19
+ * Supports popular OAuth2 providers
20
+ */
21
+ export declare const OAuthProviderSchema: z.ZodObject<{
22
+ provider: z.ZodEnum<["google", "github", "facebook", "twitter", "linkedin", "microsoft", "apple", "discord", "gitlab", "custom"]>;
23
+ clientId: z.ZodString;
24
+ clientSecret: z.ZodString;
25
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
26
+ redirectUri: z.ZodOptional<z.ZodString>;
27
+ enabled: z.ZodDefault<z.ZodBoolean>;
28
+ displayName: z.ZodOptional<z.ZodString>;
29
+ icon: z.ZodOptional<z.ZodString>;
30
+ }, "strip", z.ZodTypeAny, {
31
+ enabled: boolean;
32
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
33
+ clientId: string;
34
+ clientSecret: string;
35
+ icon?: string | undefined;
36
+ scopes?: string[] | undefined;
37
+ redirectUri?: string | undefined;
38
+ displayName?: string | undefined;
39
+ }, {
40
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
41
+ clientId: string;
42
+ clientSecret: string;
43
+ icon?: string | undefined;
44
+ enabled?: boolean | undefined;
45
+ scopes?: string[] | undefined;
46
+ redirectUri?: string | undefined;
47
+ displayName?: string | undefined;
48
+ }>;
49
+ export type OAuthProvider = z.infer<typeof OAuthProviderSchema>;
50
+ /**
51
+ * Email & Password Strategy Configuration
52
+ */
53
+ export declare const EmailPasswordConfigSchema: z.ZodObject<{
54
+ enabled: z.ZodDefault<z.ZodBoolean>;
55
+ requireEmailVerification: z.ZodDefault<z.ZodBoolean>;
56
+ minPasswordLength: z.ZodDefault<z.ZodNumber>;
57
+ requirePasswordComplexity: z.ZodDefault<z.ZodBoolean>;
58
+ allowPasswordReset: z.ZodDefault<z.ZodBoolean>;
59
+ passwordResetExpiry: z.ZodDefault<z.ZodNumber>;
60
+ }, "strip", z.ZodTypeAny, {
61
+ enabled: boolean;
62
+ requireEmailVerification: boolean;
63
+ minPasswordLength: number;
64
+ requirePasswordComplexity: boolean;
65
+ allowPasswordReset: boolean;
66
+ passwordResetExpiry: number;
67
+ }, {
68
+ enabled?: boolean | undefined;
69
+ requireEmailVerification?: boolean | undefined;
70
+ minPasswordLength?: number | undefined;
71
+ requirePasswordComplexity?: boolean | undefined;
72
+ allowPasswordReset?: boolean | undefined;
73
+ passwordResetExpiry?: number | undefined;
74
+ }>;
75
+ export type EmailPasswordConfig = z.infer<typeof EmailPasswordConfigSchema>;
76
+ /**
77
+ * Magic Link Strategy Configuration
78
+ */
79
+ export declare const MagicLinkConfigSchema: z.ZodObject<{
80
+ enabled: z.ZodDefault<z.ZodBoolean>;
81
+ expiryTime: z.ZodDefault<z.ZodNumber>;
82
+ sendEmail: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
83
+ to: z.ZodString;
84
+ link: z.ZodString;
85
+ token: z.ZodString;
86
+ }, "strip", z.ZodTypeAny, {
87
+ token: string;
88
+ to: string;
89
+ link: string;
90
+ }, {
91
+ token: string;
92
+ to: string;
93
+ link: string;
94
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
95
+ }, "strip", z.ZodTypeAny, {
96
+ enabled: boolean;
97
+ expiryTime: number;
98
+ sendEmail?: ((args_0: {
99
+ token: string;
100
+ to: string;
101
+ link: string;
102
+ }, ...args: unknown[]) => Promise<void>) | undefined;
103
+ }, {
104
+ enabled?: boolean | undefined;
105
+ expiryTime?: number | undefined;
106
+ sendEmail?: ((args_0: {
107
+ token: string;
108
+ to: string;
109
+ link: string;
110
+ }, ...args: unknown[]) => Promise<void>) | undefined;
111
+ }>;
112
+ export type MagicLinkConfig = z.infer<typeof MagicLinkConfigSchema>;
113
+ /**
114
+ * Passkey (WebAuthn) Strategy Configuration
115
+ */
116
+ export declare const PasskeyConfigSchema: z.ZodObject<{
117
+ enabled: z.ZodDefault<z.ZodBoolean>;
118
+ rpName: z.ZodString;
119
+ rpId: z.ZodOptional<z.ZodString>;
120
+ allowedOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
121
+ userVerification: z.ZodDefault<z.ZodEnum<["required", "preferred", "discouraged"]>>;
122
+ attestation: z.ZodDefault<z.ZodEnum<["none", "indirect", "direct", "enterprise"]>>;
123
+ }, "strip", z.ZodTypeAny, {
124
+ enabled: boolean;
125
+ rpName: string;
126
+ userVerification: "required" | "preferred" | "discouraged";
127
+ attestation: "none" | "indirect" | "direct" | "enterprise";
128
+ rpId?: string | undefined;
129
+ allowedOrigins?: string[] | undefined;
130
+ }, {
131
+ rpName: string;
132
+ enabled?: boolean | undefined;
133
+ rpId?: string | undefined;
134
+ allowedOrigins?: string[] | undefined;
135
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
136
+ attestation?: "none" | "indirect" | "direct" | "enterprise" | undefined;
137
+ }>;
138
+ export type PasskeyConfig = z.infer<typeof PasskeyConfigSchema>;
139
+ /**
140
+ * Session Configuration
141
+ */
142
+ export declare const SessionConfigSchema: z.ZodObject<{
143
+ expiresIn: z.ZodDefault<z.ZodNumber>;
144
+ updateAge: z.ZodDefault<z.ZodNumber>;
145
+ cookieName: z.ZodDefault<z.ZodString>;
146
+ cookieSecure: z.ZodDefault<z.ZodBoolean>;
147
+ cookieSameSite: z.ZodDefault<z.ZodEnum<["strict", "lax", "none"]>>;
148
+ cookieDomain: z.ZodOptional<z.ZodString>;
149
+ cookiePath: z.ZodDefault<z.ZodString>;
150
+ cookieHttpOnly: z.ZodDefault<z.ZodBoolean>;
151
+ }, "strip", z.ZodTypeAny, {
152
+ expiresIn: number;
153
+ updateAge: number;
154
+ cookieName: string;
155
+ cookieSecure: boolean;
156
+ cookieSameSite: "strict" | "none" | "lax";
157
+ cookiePath: string;
158
+ cookieHttpOnly: boolean;
159
+ cookieDomain?: string | undefined;
160
+ }, {
161
+ expiresIn?: number | undefined;
162
+ updateAge?: number | undefined;
163
+ cookieName?: string | undefined;
164
+ cookieSecure?: boolean | undefined;
165
+ cookieSameSite?: "strict" | "none" | "lax" | undefined;
166
+ cookieDomain?: string | undefined;
167
+ cookiePath?: string | undefined;
168
+ cookieHttpOnly?: boolean | undefined;
169
+ }>;
170
+ export type SessionConfig = z.infer<typeof SessionConfigSchema>;
171
+ /**
172
+ * Rate Limiting Configuration
173
+ */
174
+ export declare const RateLimitConfigSchema: z.ZodObject<{
175
+ enabled: z.ZodDefault<z.ZodBoolean>;
176
+ maxAttempts: z.ZodDefault<z.ZodNumber>;
177
+ windowMs: z.ZodDefault<z.ZodNumber>;
178
+ blockDuration: z.ZodDefault<z.ZodNumber>;
179
+ skipSuccessfulRequests: z.ZodDefault<z.ZodBoolean>;
180
+ }, "strip", z.ZodTypeAny, {
181
+ enabled: boolean;
182
+ windowMs: number;
183
+ maxAttempts: number;
184
+ blockDuration: number;
185
+ skipSuccessfulRequests: boolean;
186
+ }, {
187
+ enabled?: boolean | undefined;
188
+ windowMs?: number | undefined;
189
+ maxAttempts?: number | undefined;
190
+ blockDuration?: number | undefined;
191
+ skipSuccessfulRequests?: boolean | undefined;
192
+ }>;
193
+ export type RateLimitConfig = z.infer<typeof RateLimitConfigSchema>;
194
+ /**
195
+ * CSRF Protection Configuration
196
+ */
197
+ export declare const CSRFConfigSchema: z.ZodObject<{
198
+ enabled: z.ZodDefault<z.ZodBoolean>;
199
+ tokenLength: z.ZodDefault<z.ZodNumber>;
200
+ cookieName: z.ZodDefault<z.ZodString>;
201
+ headerName: z.ZodDefault<z.ZodString>;
202
+ }, "strip", z.ZodTypeAny, {
203
+ enabled: boolean;
204
+ cookieName: string;
205
+ tokenLength: number;
206
+ headerName: string;
207
+ }, {
208
+ enabled?: boolean | undefined;
209
+ cookieName?: string | undefined;
210
+ tokenLength?: number | undefined;
211
+ headerName?: string | undefined;
212
+ }>;
213
+ export type CSRFConfig = z.infer<typeof CSRFConfigSchema>;
214
+ /**
215
+ * Account Linking Configuration
216
+ * Allows linking multiple auth methods to a single user account
217
+ */
218
+ export declare const AccountLinkingConfigSchema: z.ZodObject<{
219
+ enabled: z.ZodDefault<z.ZodBoolean>;
220
+ autoLink: z.ZodDefault<z.ZodBoolean>;
221
+ requireVerification: z.ZodDefault<z.ZodBoolean>;
222
+ }, "strip", z.ZodTypeAny, {
223
+ enabled: boolean;
224
+ autoLink: boolean;
225
+ requireVerification: boolean;
226
+ }, {
227
+ enabled?: boolean | undefined;
228
+ autoLink?: boolean | undefined;
229
+ requireVerification?: boolean | undefined;
230
+ }>;
231
+ export type AccountLinkingConfig = z.infer<typeof AccountLinkingConfigSchema>;
232
+ /**
233
+ * Two-Factor Authentication (2FA) Configuration
234
+ */
235
+ export declare const TwoFactorConfigSchema: z.ZodObject<{
236
+ enabled: z.ZodDefault<z.ZodBoolean>;
237
+ issuer: z.ZodOptional<z.ZodString>;
238
+ qrCodeSize: z.ZodDefault<z.ZodNumber>;
239
+ backupCodes: z.ZodOptional<z.ZodObject<{
240
+ enabled: z.ZodDefault<z.ZodBoolean>;
241
+ count: z.ZodDefault<z.ZodNumber>;
242
+ }, "strip", z.ZodTypeAny, {
243
+ count: number;
244
+ enabled: boolean;
245
+ }, {
246
+ count?: number | undefined;
247
+ enabled?: boolean | undefined;
248
+ }>>;
249
+ }, "strip", z.ZodTypeAny, {
250
+ enabled: boolean;
251
+ qrCodeSize: number;
252
+ issuer?: string | undefined;
253
+ backupCodes?: {
254
+ count: number;
255
+ enabled: boolean;
256
+ } | undefined;
257
+ }, {
258
+ enabled?: boolean | undefined;
259
+ issuer?: string | undefined;
260
+ qrCodeSize?: number | undefined;
261
+ backupCodes?: {
262
+ count?: number | undefined;
263
+ enabled?: boolean | undefined;
264
+ } | undefined;
265
+ }>;
266
+ export type TwoFactorConfig = z.infer<typeof TwoFactorConfigSchema>;
267
+ /**
268
+ * OIDC / OAuth2 Enterprise Configuration
269
+ * OpenID Connect configuration for enterprise SSO
270
+ */
271
+ export declare const OIDCConfigSchema: z.ZodObject<{
272
+ enabled: z.ZodDefault<z.ZodBoolean>;
273
+ issuer: z.ZodString;
274
+ clientId: z.ZodString;
275
+ clientSecret: z.ZodString;
276
+ scopes: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
277
+ attributeMapping: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
278
+ displayName: z.ZodOptional<z.ZodString>;
279
+ icon: z.ZodOptional<z.ZodString>;
280
+ }, "strip", z.ZodTypeAny, {
281
+ enabled: boolean;
282
+ clientId: string;
283
+ clientSecret: string;
284
+ scopes: string[];
285
+ issuer: string;
286
+ icon?: string | undefined;
287
+ displayName?: string | undefined;
288
+ attributeMapping?: Record<string, string> | undefined;
289
+ }, {
290
+ clientId: string;
291
+ clientSecret: string;
292
+ issuer: string;
293
+ icon?: string | undefined;
294
+ enabled?: boolean | undefined;
295
+ scopes?: string[] | undefined;
296
+ displayName?: string | undefined;
297
+ attributeMapping?: Record<string, string> | undefined;
298
+ }>;
299
+ export type OIDCConfig = z.infer<typeof OIDCConfigSchema>;
300
+ /**
301
+ * SAML 2.0 Enterprise Configuration
302
+ * SAML configuration for legacy enterprise SSO
303
+ */
304
+ export declare const SAMLConfigSchema: z.ZodObject<{
305
+ enabled: z.ZodDefault<z.ZodBoolean>;
306
+ entryPoint: z.ZodString;
307
+ cert: z.ZodString;
308
+ issuer: z.ZodString;
309
+ signatureAlgorithm: z.ZodDefault<z.ZodEnum<["sha256", "sha512"]>>;
310
+ attributeMapping: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
311
+ displayName: z.ZodOptional<z.ZodString>;
312
+ icon: z.ZodOptional<z.ZodString>;
313
+ }, "strip", z.ZodTypeAny, {
314
+ enabled: boolean;
315
+ issuer: string;
316
+ entryPoint: string;
317
+ cert: string;
318
+ signatureAlgorithm: "sha256" | "sha512";
319
+ icon?: string | undefined;
320
+ displayName?: string | undefined;
321
+ attributeMapping?: Record<string, string> | undefined;
322
+ }, {
323
+ issuer: string;
324
+ entryPoint: string;
325
+ cert: string;
326
+ icon?: string | undefined;
327
+ enabled?: boolean | undefined;
328
+ displayName?: string | undefined;
329
+ attributeMapping?: Record<string, string> | undefined;
330
+ signatureAlgorithm?: "sha256" | "sha512" | undefined;
331
+ }>;
332
+ export type SAMLConfig = z.infer<typeof SAMLConfigSchema>;
333
+ /**
334
+ * LDAP / Active Directory Enterprise Configuration
335
+ * LDAP configuration for on-premise directory services
336
+ */
337
+ export declare const LDAPConfigSchema: z.ZodObject<{
338
+ enabled: z.ZodDefault<z.ZodBoolean>;
339
+ url: z.ZodString;
340
+ bindDn: z.ZodString;
341
+ bindCredentials: z.ZodString;
342
+ searchBase: z.ZodString;
343
+ searchFilter: z.ZodString;
344
+ groupSearchBase: z.ZodOptional<z.ZodString>;
345
+ displayName: z.ZodOptional<z.ZodString>;
346
+ icon: z.ZodOptional<z.ZodString>;
347
+ }, "strip", z.ZodTypeAny, {
348
+ url: string;
349
+ enabled: boolean;
350
+ bindDn: string;
351
+ bindCredentials: string;
352
+ searchBase: string;
353
+ searchFilter: string;
354
+ icon?: string | undefined;
355
+ displayName?: string | undefined;
356
+ groupSearchBase?: string | undefined;
357
+ }, {
358
+ url: string;
359
+ bindDn: string;
360
+ bindCredentials: string;
361
+ searchBase: string;
362
+ searchFilter: string;
363
+ icon?: string | undefined;
364
+ enabled?: boolean | undefined;
365
+ displayName?: string | undefined;
366
+ groupSearchBase?: string | undefined;
367
+ }>;
368
+ export type LDAPConfig = z.infer<typeof LDAPConfigSchema>;
369
+ /**
370
+ * Enterprise Authentication Configuration
371
+ * Combines SAML, LDAP, and OIDC configurations for enterprise SSO
372
+ */
373
+ export declare const EnterpriseAuthConfigSchema: z.ZodObject<{
374
+ oidc: z.ZodOptional<z.ZodObject<{
375
+ enabled: z.ZodDefault<z.ZodBoolean>;
376
+ issuer: z.ZodString;
377
+ clientId: z.ZodString;
378
+ clientSecret: z.ZodString;
379
+ scopes: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
380
+ attributeMapping: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
381
+ displayName: z.ZodOptional<z.ZodString>;
382
+ icon: z.ZodOptional<z.ZodString>;
383
+ }, "strip", z.ZodTypeAny, {
384
+ enabled: boolean;
385
+ clientId: string;
386
+ clientSecret: string;
387
+ scopes: string[];
388
+ issuer: string;
389
+ icon?: string | undefined;
390
+ displayName?: string | undefined;
391
+ attributeMapping?: Record<string, string> | undefined;
392
+ }, {
393
+ clientId: string;
394
+ clientSecret: string;
395
+ issuer: string;
396
+ icon?: string | undefined;
397
+ enabled?: boolean | undefined;
398
+ scopes?: string[] | undefined;
399
+ displayName?: string | undefined;
400
+ attributeMapping?: Record<string, string> | undefined;
401
+ }>>;
402
+ saml: z.ZodOptional<z.ZodObject<{
403
+ enabled: z.ZodDefault<z.ZodBoolean>;
404
+ entryPoint: z.ZodString;
405
+ cert: z.ZodString;
406
+ issuer: z.ZodString;
407
+ signatureAlgorithm: z.ZodDefault<z.ZodEnum<["sha256", "sha512"]>>;
408
+ attributeMapping: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
409
+ displayName: z.ZodOptional<z.ZodString>;
410
+ icon: z.ZodOptional<z.ZodString>;
411
+ }, "strip", z.ZodTypeAny, {
412
+ enabled: boolean;
413
+ issuer: string;
414
+ entryPoint: string;
415
+ cert: string;
416
+ signatureAlgorithm: "sha256" | "sha512";
417
+ icon?: string | undefined;
418
+ displayName?: string | undefined;
419
+ attributeMapping?: Record<string, string> | undefined;
420
+ }, {
421
+ issuer: string;
422
+ entryPoint: string;
423
+ cert: string;
424
+ icon?: string | undefined;
425
+ enabled?: boolean | undefined;
426
+ displayName?: string | undefined;
427
+ attributeMapping?: Record<string, string> | undefined;
428
+ signatureAlgorithm?: "sha256" | "sha512" | undefined;
429
+ }>>;
430
+ ldap: z.ZodOptional<z.ZodObject<{
431
+ enabled: z.ZodDefault<z.ZodBoolean>;
432
+ url: z.ZodString;
433
+ bindDn: z.ZodString;
434
+ bindCredentials: z.ZodString;
435
+ searchBase: z.ZodString;
436
+ searchFilter: z.ZodString;
437
+ groupSearchBase: z.ZodOptional<z.ZodString>;
438
+ displayName: z.ZodOptional<z.ZodString>;
439
+ icon: z.ZodOptional<z.ZodString>;
440
+ }, "strip", z.ZodTypeAny, {
441
+ url: string;
442
+ enabled: boolean;
443
+ bindDn: string;
444
+ bindCredentials: string;
445
+ searchBase: string;
446
+ searchFilter: string;
447
+ icon?: string | undefined;
448
+ displayName?: string | undefined;
449
+ groupSearchBase?: string | undefined;
450
+ }, {
451
+ url: string;
452
+ bindDn: string;
453
+ bindCredentials: string;
454
+ searchBase: string;
455
+ searchFilter: string;
456
+ icon?: string | undefined;
457
+ enabled?: boolean | undefined;
458
+ displayName?: string | undefined;
459
+ groupSearchBase?: string | undefined;
460
+ }>>;
461
+ }, "strip", z.ZodTypeAny, {
462
+ oidc?: {
463
+ enabled: boolean;
464
+ clientId: string;
465
+ clientSecret: string;
466
+ scopes: string[];
467
+ issuer: string;
468
+ icon?: string | undefined;
469
+ displayName?: string | undefined;
470
+ attributeMapping?: Record<string, string> | undefined;
471
+ } | undefined;
472
+ saml?: {
473
+ enabled: boolean;
474
+ issuer: string;
475
+ entryPoint: string;
476
+ cert: string;
477
+ signatureAlgorithm: "sha256" | "sha512";
478
+ icon?: string | undefined;
479
+ displayName?: string | undefined;
480
+ attributeMapping?: Record<string, string> | undefined;
481
+ } | undefined;
482
+ ldap?: {
483
+ url: string;
484
+ enabled: boolean;
485
+ bindDn: string;
486
+ bindCredentials: string;
487
+ searchBase: string;
488
+ searchFilter: string;
489
+ icon?: string | undefined;
490
+ displayName?: string | undefined;
491
+ groupSearchBase?: string | undefined;
492
+ } | undefined;
493
+ }, {
494
+ oidc?: {
495
+ clientId: string;
496
+ clientSecret: string;
497
+ issuer: string;
498
+ icon?: string | undefined;
499
+ enabled?: boolean | undefined;
500
+ scopes?: string[] | undefined;
501
+ displayName?: string | undefined;
502
+ attributeMapping?: Record<string, string> | undefined;
503
+ } | undefined;
504
+ saml?: {
505
+ issuer: string;
506
+ entryPoint: string;
507
+ cert: string;
508
+ icon?: string | undefined;
509
+ enabled?: boolean | undefined;
510
+ displayName?: string | undefined;
511
+ attributeMapping?: Record<string, string> | undefined;
512
+ signatureAlgorithm?: "sha256" | "sha512" | undefined;
513
+ } | undefined;
514
+ ldap?: {
515
+ url: string;
516
+ bindDn: string;
517
+ bindCredentials: string;
518
+ searchBase: string;
519
+ searchFilter: string;
520
+ icon?: string | undefined;
521
+ enabled?: boolean | undefined;
522
+ displayName?: string | undefined;
523
+ groupSearchBase?: string | undefined;
524
+ } | undefined;
525
+ }>;
526
+ export type EnterpriseAuthConfig = z.infer<typeof EnterpriseAuthConfigSchema>;
527
+ /**
528
+ * User Field Mapping Configuration
529
+ * Maps authentication user fields to ObjectStack user object fields
530
+ */
531
+ export declare const UserFieldMappingSchema: z.ZodObject<{
532
+ id: z.ZodDefault<z.ZodString>;
533
+ email: z.ZodDefault<z.ZodString>;
534
+ name: z.ZodDefault<z.ZodString>;
535
+ image: z.ZodOptional<z.ZodDefault<z.ZodString>>;
536
+ emailVerified: z.ZodDefault<z.ZodString>;
537
+ createdAt: z.ZodDefault<z.ZodString>;
538
+ updatedAt: z.ZodDefault<z.ZodString>;
539
+ }, "strip", z.ZodTypeAny, {
540
+ email: string;
541
+ name: string;
542
+ id: string;
543
+ emailVerified: string;
544
+ createdAt: string;
545
+ updatedAt: string;
546
+ image?: string | undefined;
547
+ }, {
548
+ email?: string | undefined;
549
+ image?: string | undefined;
550
+ name?: string | undefined;
551
+ id?: string | undefined;
552
+ emailVerified?: string | undefined;
553
+ createdAt?: string | undefined;
554
+ updatedAt?: string | undefined;
555
+ }>;
556
+ export type UserFieldMapping = z.infer<typeof UserFieldMappingSchema>;
557
+ /**
558
+ * Database Adapter Configuration
559
+ */
560
+ export declare const DatabaseAdapterSchema: z.ZodObject<{
561
+ type: z.ZodEnum<["prisma", "drizzle", "kysely", "custom"]>;
562
+ connectionString: z.ZodOptional<z.ZodString>;
563
+ tablePrefix: z.ZodDefault<z.ZodString>;
564
+ schema: z.ZodOptional<z.ZodString>;
565
+ }, "strip", z.ZodTypeAny, {
566
+ type: "custom" | "prisma" | "drizzle" | "kysely";
567
+ tablePrefix: string;
568
+ connectionString?: string | undefined;
569
+ schema?: string | undefined;
570
+ }, {
571
+ type: "custom" | "prisma" | "drizzle" | "kysely";
572
+ connectionString?: string | undefined;
573
+ tablePrefix?: string | undefined;
574
+ schema?: string | undefined;
575
+ }>;
576
+ export type DatabaseAdapter = z.infer<typeof DatabaseAdapterSchema>;
577
+ /**
578
+ * Default field mappings for better-auth compatibility
579
+ * These mappings bridge the gap between ObjectStack standard (Auth.js conventions)
580
+ * and better-auth's field naming conventions
581
+ */
582
+ export declare const BETTER_AUTH_FIELD_MAPPINGS: {
583
+ readonly session: {
584
+ readonly sessionToken: "token";
585
+ readonly expires: "expiresAt";
586
+ };
587
+ readonly account: {
588
+ readonly providerAccountId: "accountId";
589
+ readonly provider: "providerId";
590
+ };
591
+ };
592
+ /**
593
+ * Database Field Mapping Configuration
594
+ * Maps ObjectStack standard field names to driver-specific field names.
595
+ *
596
+ * Useful when the underlying authentication driver (e.g., better-auth) uses
597
+ * different column names than the ObjectStack standard schemas (which follow
598
+ * Auth.js conventions).
599
+ *
600
+ * @example
601
+ * ```typescript
602
+ * mapping: {
603
+ * session: {
604
+ * sessionToken: 'token', // better-auth uses 'token'
605
+ * expires: 'expiresAt' // better-auth uses 'expiresAt'
606
+ * },
607
+ * account: {
608
+ * providerAccountId: 'accountId', // better-auth uses 'accountId'
609
+ * provider: 'providerId' // better-auth uses 'providerId'
610
+ * }
611
+ * }
612
+ * ```
613
+ */
614
+ export declare const DatabaseMappingSchema: z.ZodObject<{
615
+ /**
616
+ * User model field mapping
617
+ * Maps ObjectStack User fields to driver fields
618
+ */
619
+ user: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
620
+ /**
621
+ * Session model field mapping
622
+ * Maps ObjectStack Session fields to driver fields
623
+ */
624
+ session: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodString>>;
625
+ /**
626
+ * Account model field mapping
627
+ * Maps ObjectStack Account fields to driver fields
628
+ */
629
+ account: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodString>>;
630
+ /**
631
+ * Verification token field mapping
632
+ * Maps ObjectStack VerificationToken fields to driver fields
633
+ */
634
+ verificationToken: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
635
+ }, "strip", z.ZodTypeAny, {
636
+ session: Record<string, string>;
637
+ account: Record<string, string>;
638
+ user?: Record<string, string> | undefined;
639
+ verificationToken?: Record<string, string> | undefined;
640
+ }, {
641
+ user?: Record<string, string> | undefined;
642
+ session?: Record<string, string> | undefined;
643
+ account?: Record<string, string> | undefined;
644
+ verificationToken?: Record<string, string> | undefined;
645
+ }>;
646
+ export type DatabaseMapping = z.infer<typeof DatabaseMappingSchema>;
647
+ /**
648
+ * Authentication Plugin Configuration
649
+ * Extends authentication with additional features
650
+ */
651
+ export declare const AuthPluginConfigSchema: z.ZodObject<{
652
+ name: z.ZodString;
653
+ enabled: z.ZodDefault<z.ZodBoolean>;
654
+ options: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
655
+ }, "strip", z.ZodTypeAny, {
656
+ name: string;
657
+ enabled: boolean;
658
+ options?: Record<string, any> | undefined;
659
+ }, {
660
+ name: string;
661
+ options?: Record<string, any> | undefined;
662
+ enabled?: boolean | undefined;
663
+ }>;
664
+ export type AuthPluginConfig = z.infer<typeof AuthPluginConfigSchema>;
665
+ /**
666
+ * Complete Authentication Configuration Schema
667
+ *
668
+ * This is the main configuration object for authentication
669
+ * in an ObjectStack application.
670
+ *
671
+ * @example
672
+ * ```typescript
673
+ * const authConfig: AuthConfig = {
674
+ * name: 'main_auth',
675
+ * label: 'Main Authentication',
676
+ * strategies: ['email_password', 'oauth'],
677
+ * baseUrl: 'https://app.example.com',
678
+ * secret: process.env.AUTH_SECRET,
679
+ * driver: 'better-auth', // Optional, defaults to 'better-auth'
680
+ * emailPassword: {
681
+ * enabled: true,
682
+ * minPasswordLength: 8,
683
+ * },
684
+ * oauth: {
685
+ * providers: [{
686
+ * provider: 'google',
687
+ * clientId: process.env.GOOGLE_CLIENT_ID,
688
+ * clientSecret: process.env.GOOGLE_CLIENT_SECRET,
689
+ * }],
690
+ * },
691
+ * session: {
692
+ * expiresIn: 604800, // 7 days
693
+ * },
694
+ * };
695
+ * ```
696
+ */
697
+ export declare const AuthConfigSchema: z.ZodObject<{
698
+ /**
699
+ * Unique identifier for this auth configuration
700
+ * Must be in snake_case following ObjectStack conventions
701
+ */
702
+ name: z.ZodString;
703
+ /**
704
+ * Human-readable label
705
+ */
706
+ label: z.ZodString;
707
+ /**
708
+ * The underlying authentication implementation driver
709
+ * Default: 'better-auth' (the reference implementation)
710
+ * Can be: 'better-auth', 'auth-js', 'passport', or custom driver name
711
+ */
712
+ driver: z.ZodDefault<z.ZodString>;
713
+ /**
714
+ * Enabled authentication strategies
715
+ */
716
+ strategies: z.ZodArray<z.ZodEnum<["email_password", "magic_link", "oauth", "passkey", "otp", "anonymous"]>, "many">;
717
+ /**
718
+ * Base URL for the application
719
+ */
720
+ baseUrl: z.ZodString;
721
+ /**
722
+ * Secret key for signing tokens and cookies
723
+ * Should be loaded from environment variables
724
+ */
725
+ secret: z.ZodString;
726
+ /**
727
+ * Email & Password configuration
728
+ */
729
+ emailPassword: z.ZodOptional<z.ZodObject<{
730
+ enabled: z.ZodDefault<z.ZodBoolean>;
731
+ requireEmailVerification: z.ZodDefault<z.ZodBoolean>;
732
+ minPasswordLength: z.ZodDefault<z.ZodNumber>;
733
+ requirePasswordComplexity: z.ZodDefault<z.ZodBoolean>;
734
+ allowPasswordReset: z.ZodDefault<z.ZodBoolean>;
735
+ passwordResetExpiry: z.ZodDefault<z.ZodNumber>;
736
+ }, "strip", z.ZodTypeAny, {
737
+ enabled: boolean;
738
+ requireEmailVerification: boolean;
739
+ minPasswordLength: number;
740
+ requirePasswordComplexity: boolean;
741
+ allowPasswordReset: boolean;
742
+ passwordResetExpiry: number;
743
+ }, {
744
+ enabled?: boolean | undefined;
745
+ requireEmailVerification?: boolean | undefined;
746
+ minPasswordLength?: number | undefined;
747
+ requirePasswordComplexity?: boolean | undefined;
748
+ allowPasswordReset?: boolean | undefined;
749
+ passwordResetExpiry?: number | undefined;
750
+ }>>;
751
+ /**
752
+ * Magic Link configuration
753
+ */
754
+ magicLink: z.ZodOptional<z.ZodObject<{
755
+ enabled: z.ZodDefault<z.ZodBoolean>;
756
+ expiryTime: z.ZodDefault<z.ZodNumber>;
757
+ sendEmail: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
758
+ to: z.ZodString;
759
+ link: z.ZodString;
760
+ token: z.ZodString;
761
+ }, "strip", z.ZodTypeAny, {
762
+ token: string;
763
+ to: string;
764
+ link: string;
765
+ }, {
766
+ token: string;
767
+ to: string;
768
+ link: string;
769
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
770
+ }, "strip", z.ZodTypeAny, {
771
+ enabled: boolean;
772
+ expiryTime: number;
773
+ sendEmail?: ((args_0: {
774
+ token: string;
775
+ to: string;
776
+ link: string;
777
+ }, ...args: unknown[]) => Promise<void>) | undefined;
778
+ }, {
779
+ enabled?: boolean | undefined;
780
+ expiryTime?: number | undefined;
781
+ sendEmail?: ((args_0: {
782
+ token: string;
783
+ to: string;
784
+ link: string;
785
+ }, ...args: unknown[]) => Promise<void>) | undefined;
786
+ }>>;
787
+ /**
788
+ * Passkey (WebAuthn) configuration
789
+ */
790
+ passkey: z.ZodOptional<z.ZodObject<{
791
+ enabled: z.ZodDefault<z.ZodBoolean>;
792
+ rpName: z.ZodString;
793
+ rpId: z.ZodOptional<z.ZodString>;
794
+ allowedOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
795
+ userVerification: z.ZodDefault<z.ZodEnum<["required", "preferred", "discouraged"]>>;
796
+ attestation: z.ZodDefault<z.ZodEnum<["none", "indirect", "direct", "enterprise"]>>;
797
+ }, "strip", z.ZodTypeAny, {
798
+ enabled: boolean;
799
+ rpName: string;
800
+ userVerification: "required" | "preferred" | "discouraged";
801
+ attestation: "none" | "indirect" | "direct" | "enterprise";
802
+ rpId?: string | undefined;
803
+ allowedOrigins?: string[] | undefined;
804
+ }, {
805
+ rpName: string;
806
+ enabled?: boolean | undefined;
807
+ rpId?: string | undefined;
808
+ allowedOrigins?: string[] | undefined;
809
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
810
+ attestation?: "none" | "indirect" | "direct" | "enterprise" | undefined;
811
+ }>>;
812
+ /**
813
+ * OAuth configuration
814
+ */
815
+ oauth: z.ZodOptional<z.ZodObject<{
816
+ providers: z.ZodArray<z.ZodObject<{
817
+ provider: z.ZodEnum<["google", "github", "facebook", "twitter", "linkedin", "microsoft", "apple", "discord", "gitlab", "custom"]>;
818
+ clientId: z.ZodString;
819
+ clientSecret: z.ZodString;
820
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
821
+ redirectUri: z.ZodOptional<z.ZodString>;
822
+ enabled: z.ZodDefault<z.ZodBoolean>;
823
+ displayName: z.ZodOptional<z.ZodString>;
824
+ icon: z.ZodOptional<z.ZodString>;
825
+ }, "strip", z.ZodTypeAny, {
826
+ enabled: boolean;
827
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
828
+ clientId: string;
829
+ clientSecret: string;
830
+ icon?: string | undefined;
831
+ scopes?: string[] | undefined;
832
+ redirectUri?: string | undefined;
833
+ displayName?: string | undefined;
834
+ }, {
835
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
836
+ clientId: string;
837
+ clientSecret: string;
838
+ icon?: string | undefined;
839
+ enabled?: boolean | undefined;
840
+ scopes?: string[] | undefined;
841
+ redirectUri?: string | undefined;
842
+ displayName?: string | undefined;
843
+ }>, "many">;
844
+ }, "strip", z.ZodTypeAny, {
845
+ providers: {
846
+ enabled: boolean;
847
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
848
+ clientId: string;
849
+ clientSecret: string;
850
+ icon?: string | undefined;
851
+ scopes?: string[] | undefined;
852
+ redirectUri?: string | undefined;
853
+ displayName?: string | undefined;
854
+ }[];
855
+ }, {
856
+ providers: {
857
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
858
+ clientId: string;
859
+ clientSecret: string;
860
+ icon?: string | undefined;
861
+ enabled?: boolean | undefined;
862
+ scopes?: string[] | undefined;
863
+ redirectUri?: string | undefined;
864
+ displayName?: string | undefined;
865
+ }[];
866
+ }>>;
867
+ /**
868
+ * Session configuration
869
+ */
870
+ session: z.ZodDefault<z.ZodObject<{
871
+ expiresIn: z.ZodDefault<z.ZodNumber>;
872
+ updateAge: z.ZodDefault<z.ZodNumber>;
873
+ cookieName: z.ZodDefault<z.ZodString>;
874
+ cookieSecure: z.ZodDefault<z.ZodBoolean>;
875
+ cookieSameSite: z.ZodDefault<z.ZodEnum<["strict", "lax", "none"]>>;
876
+ cookieDomain: z.ZodOptional<z.ZodString>;
877
+ cookiePath: z.ZodDefault<z.ZodString>;
878
+ cookieHttpOnly: z.ZodDefault<z.ZodBoolean>;
879
+ }, "strip", z.ZodTypeAny, {
880
+ expiresIn: number;
881
+ updateAge: number;
882
+ cookieName: string;
883
+ cookieSecure: boolean;
884
+ cookieSameSite: "strict" | "none" | "lax";
885
+ cookiePath: string;
886
+ cookieHttpOnly: boolean;
887
+ cookieDomain?: string | undefined;
888
+ }, {
889
+ expiresIn?: number | undefined;
890
+ updateAge?: number | undefined;
891
+ cookieName?: string | undefined;
892
+ cookieSecure?: boolean | undefined;
893
+ cookieSameSite?: "strict" | "none" | "lax" | undefined;
894
+ cookieDomain?: string | undefined;
895
+ cookiePath?: string | undefined;
896
+ cookieHttpOnly?: boolean | undefined;
897
+ }>>;
898
+ /**
899
+ * Rate limiting configuration
900
+ */
901
+ rateLimit: z.ZodDefault<z.ZodObject<{
902
+ enabled: z.ZodDefault<z.ZodBoolean>;
903
+ maxAttempts: z.ZodDefault<z.ZodNumber>;
904
+ windowMs: z.ZodDefault<z.ZodNumber>;
905
+ blockDuration: z.ZodDefault<z.ZodNumber>;
906
+ skipSuccessfulRequests: z.ZodDefault<z.ZodBoolean>;
907
+ }, "strip", z.ZodTypeAny, {
908
+ enabled: boolean;
909
+ windowMs: number;
910
+ maxAttempts: number;
911
+ blockDuration: number;
912
+ skipSuccessfulRequests: boolean;
913
+ }, {
914
+ enabled?: boolean | undefined;
915
+ windowMs?: number | undefined;
916
+ maxAttempts?: number | undefined;
917
+ blockDuration?: number | undefined;
918
+ skipSuccessfulRequests?: boolean | undefined;
919
+ }>>;
920
+ /**
921
+ * CSRF protection configuration
922
+ */
923
+ csrf: z.ZodDefault<z.ZodObject<{
924
+ enabled: z.ZodDefault<z.ZodBoolean>;
925
+ tokenLength: z.ZodDefault<z.ZodNumber>;
926
+ cookieName: z.ZodDefault<z.ZodString>;
927
+ headerName: z.ZodDefault<z.ZodString>;
928
+ }, "strip", z.ZodTypeAny, {
929
+ enabled: boolean;
930
+ cookieName: string;
931
+ tokenLength: number;
932
+ headerName: string;
933
+ }, {
934
+ enabled?: boolean | undefined;
935
+ cookieName?: string | undefined;
936
+ tokenLength?: number | undefined;
937
+ headerName?: string | undefined;
938
+ }>>;
939
+ /**
940
+ * Account linking configuration
941
+ */
942
+ accountLinking: z.ZodDefault<z.ZodObject<{
943
+ enabled: z.ZodDefault<z.ZodBoolean>;
944
+ autoLink: z.ZodDefault<z.ZodBoolean>;
945
+ requireVerification: z.ZodDefault<z.ZodBoolean>;
946
+ }, "strip", z.ZodTypeAny, {
947
+ enabled: boolean;
948
+ autoLink: boolean;
949
+ requireVerification: boolean;
950
+ }, {
951
+ enabled?: boolean | undefined;
952
+ autoLink?: boolean | undefined;
953
+ requireVerification?: boolean | undefined;
954
+ }>>;
955
+ /**
956
+ * Two-factor authentication configuration
957
+ */
958
+ twoFactor: z.ZodOptional<z.ZodObject<{
959
+ enabled: z.ZodDefault<z.ZodBoolean>;
960
+ issuer: z.ZodOptional<z.ZodString>;
961
+ qrCodeSize: z.ZodDefault<z.ZodNumber>;
962
+ backupCodes: z.ZodOptional<z.ZodObject<{
963
+ enabled: z.ZodDefault<z.ZodBoolean>;
964
+ count: z.ZodDefault<z.ZodNumber>;
965
+ }, "strip", z.ZodTypeAny, {
966
+ count: number;
967
+ enabled: boolean;
968
+ }, {
969
+ count?: number | undefined;
970
+ enabled?: boolean | undefined;
971
+ }>>;
972
+ }, "strip", z.ZodTypeAny, {
973
+ enabled: boolean;
974
+ qrCodeSize: number;
975
+ issuer?: string | undefined;
976
+ backupCodes?: {
977
+ count: number;
978
+ enabled: boolean;
979
+ } | undefined;
980
+ }, {
981
+ enabled?: boolean | undefined;
982
+ issuer?: string | undefined;
983
+ qrCodeSize?: number | undefined;
984
+ backupCodes?: {
985
+ count?: number | undefined;
986
+ enabled?: boolean | undefined;
987
+ } | undefined;
988
+ }>>;
989
+ /**
990
+ * Organization (Multi-tenant) configuration
991
+ * Enables B2B SaaS scenarios where users belong to multiple teams/workspaces
992
+ */
993
+ organization: z.ZodOptional<z.ZodObject<{
994
+ enabled: z.ZodDefault<z.ZodBoolean>;
995
+ allowUserToCreateOrg: z.ZodDefault<z.ZodBoolean>;
996
+ defaultRole: z.ZodDefault<z.ZodString>;
997
+ creatorRole: z.ZodDefault<z.ZodString>;
998
+ }, "strip", z.ZodTypeAny, {
999
+ enabled: boolean;
1000
+ allowUserToCreateOrg: boolean;
1001
+ defaultRole: string;
1002
+ creatorRole: string;
1003
+ }, {
1004
+ enabled?: boolean | undefined;
1005
+ allowUserToCreateOrg?: boolean | undefined;
1006
+ defaultRole?: string | undefined;
1007
+ creatorRole?: string | undefined;
1008
+ }>>;
1009
+ /**
1010
+ * Enterprise authentication configuration (SAML, LDAP, OIDC)
1011
+ */
1012
+ enterprise: z.ZodOptional<z.ZodObject<{
1013
+ oidc: z.ZodOptional<z.ZodObject<{
1014
+ enabled: z.ZodDefault<z.ZodBoolean>;
1015
+ issuer: z.ZodString;
1016
+ clientId: z.ZodString;
1017
+ clientSecret: z.ZodString;
1018
+ scopes: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1019
+ attributeMapping: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1020
+ displayName: z.ZodOptional<z.ZodString>;
1021
+ icon: z.ZodOptional<z.ZodString>;
1022
+ }, "strip", z.ZodTypeAny, {
1023
+ enabled: boolean;
1024
+ clientId: string;
1025
+ clientSecret: string;
1026
+ scopes: string[];
1027
+ issuer: string;
1028
+ icon?: string | undefined;
1029
+ displayName?: string | undefined;
1030
+ attributeMapping?: Record<string, string> | undefined;
1031
+ }, {
1032
+ clientId: string;
1033
+ clientSecret: string;
1034
+ issuer: string;
1035
+ icon?: string | undefined;
1036
+ enabled?: boolean | undefined;
1037
+ scopes?: string[] | undefined;
1038
+ displayName?: string | undefined;
1039
+ attributeMapping?: Record<string, string> | undefined;
1040
+ }>>;
1041
+ saml: z.ZodOptional<z.ZodObject<{
1042
+ enabled: z.ZodDefault<z.ZodBoolean>;
1043
+ entryPoint: z.ZodString;
1044
+ cert: z.ZodString;
1045
+ issuer: z.ZodString;
1046
+ signatureAlgorithm: z.ZodDefault<z.ZodEnum<["sha256", "sha512"]>>;
1047
+ attributeMapping: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1048
+ displayName: z.ZodOptional<z.ZodString>;
1049
+ icon: z.ZodOptional<z.ZodString>;
1050
+ }, "strip", z.ZodTypeAny, {
1051
+ enabled: boolean;
1052
+ issuer: string;
1053
+ entryPoint: string;
1054
+ cert: string;
1055
+ signatureAlgorithm: "sha256" | "sha512";
1056
+ icon?: string | undefined;
1057
+ displayName?: string | undefined;
1058
+ attributeMapping?: Record<string, string> | undefined;
1059
+ }, {
1060
+ issuer: string;
1061
+ entryPoint: string;
1062
+ cert: string;
1063
+ icon?: string | undefined;
1064
+ enabled?: boolean | undefined;
1065
+ displayName?: string | undefined;
1066
+ attributeMapping?: Record<string, string> | undefined;
1067
+ signatureAlgorithm?: "sha256" | "sha512" | undefined;
1068
+ }>>;
1069
+ ldap: z.ZodOptional<z.ZodObject<{
1070
+ enabled: z.ZodDefault<z.ZodBoolean>;
1071
+ url: z.ZodString;
1072
+ bindDn: z.ZodString;
1073
+ bindCredentials: z.ZodString;
1074
+ searchBase: z.ZodString;
1075
+ searchFilter: z.ZodString;
1076
+ groupSearchBase: z.ZodOptional<z.ZodString>;
1077
+ displayName: z.ZodOptional<z.ZodString>;
1078
+ icon: z.ZodOptional<z.ZodString>;
1079
+ }, "strip", z.ZodTypeAny, {
1080
+ url: string;
1081
+ enabled: boolean;
1082
+ bindDn: string;
1083
+ bindCredentials: string;
1084
+ searchBase: string;
1085
+ searchFilter: string;
1086
+ icon?: string | undefined;
1087
+ displayName?: string | undefined;
1088
+ groupSearchBase?: string | undefined;
1089
+ }, {
1090
+ url: string;
1091
+ bindDn: string;
1092
+ bindCredentials: string;
1093
+ searchBase: string;
1094
+ searchFilter: string;
1095
+ icon?: string | undefined;
1096
+ enabled?: boolean | undefined;
1097
+ displayName?: string | undefined;
1098
+ groupSearchBase?: string | undefined;
1099
+ }>>;
1100
+ }, "strip", z.ZodTypeAny, {
1101
+ oidc?: {
1102
+ enabled: boolean;
1103
+ clientId: string;
1104
+ clientSecret: string;
1105
+ scopes: string[];
1106
+ issuer: string;
1107
+ icon?: string | undefined;
1108
+ displayName?: string | undefined;
1109
+ attributeMapping?: Record<string, string> | undefined;
1110
+ } | undefined;
1111
+ saml?: {
1112
+ enabled: boolean;
1113
+ issuer: string;
1114
+ entryPoint: string;
1115
+ cert: string;
1116
+ signatureAlgorithm: "sha256" | "sha512";
1117
+ icon?: string | undefined;
1118
+ displayName?: string | undefined;
1119
+ attributeMapping?: Record<string, string> | undefined;
1120
+ } | undefined;
1121
+ ldap?: {
1122
+ url: string;
1123
+ enabled: boolean;
1124
+ bindDn: string;
1125
+ bindCredentials: string;
1126
+ searchBase: string;
1127
+ searchFilter: string;
1128
+ icon?: string | undefined;
1129
+ displayName?: string | undefined;
1130
+ groupSearchBase?: string | undefined;
1131
+ } | undefined;
1132
+ }, {
1133
+ oidc?: {
1134
+ clientId: string;
1135
+ clientSecret: string;
1136
+ issuer: string;
1137
+ icon?: string | undefined;
1138
+ enabled?: boolean | undefined;
1139
+ scopes?: string[] | undefined;
1140
+ displayName?: string | undefined;
1141
+ attributeMapping?: Record<string, string> | undefined;
1142
+ } | undefined;
1143
+ saml?: {
1144
+ issuer: string;
1145
+ entryPoint: string;
1146
+ cert: string;
1147
+ icon?: string | undefined;
1148
+ enabled?: boolean | undefined;
1149
+ displayName?: string | undefined;
1150
+ attributeMapping?: Record<string, string> | undefined;
1151
+ signatureAlgorithm?: "sha256" | "sha512" | undefined;
1152
+ } | undefined;
1153
+ ldap?: {
1154
+ url: string;
1155
+ bindDn: string;
1156
+ bindCredentials: string;
1157
+ searchBase: string;
1158
+ searchFilter: string;
1159
+ icon?: string | undefined;
1160
+ enabled?: boolean | undefined;
1161
+ displayName?: string | undefined;
1162
+ groupSearchBase?: string | undefined;
1163
+ } | undefined;
1164
+ }>>;
1165
+ /**
1166
+ * User field mapping
1167
+ */
1168
+ userFieldMapping: z.ZodDefault<z.ZodObject<{
1169
+ id: z.ZodDefault<z.ZodString>;
1170
+ email: z.ZodDefault<z.ZodString>;
1171
+ name: z.ZodDefault<z.ZodString>;
1172
+ image: z.ZodOptional<z.ZodDefault<z.ZodString>>;
1173
+ emailVerified: z.ZodDefault<z.ZodString>;
1174
+ createdAt: z.ZodDefault<z.ZodString>;
1175
+ updatedAt: z.ZodDefault<z.ZodString>;
1176
+ }, "strip", z.ZodTypeAny, {
1177
+ email: string;
1178
+ name: string;
1179
+ id: string;
1180
+ emailVerified: string;
1181
+ createdAt: string;
1182
+ updatedAt: string;
1183
+ image?: string | undefined;
1184
+ }, {
1185
+ email?: string | undefined;
1186
+ image?: string | undefined;
1187
+ name?: string | undefined;
1188
+ id?: string | undefined;
1189
+ emailVerified?: string | undefined;
1190
+ createdAt?: string | undefined;
1191
+ updatedAt?: string | undefined;
1192
+ }>>;
1193
+ /**
1194
+ * Database adapter configuration
1195
+ */
1196
+ database: z.ZodOptional<z.ZodObject<{
1197
+ type: z.ZodEnum<["prisma", "drizzle", "kysely", "custom"]>;
1198
+ connectionString: z.ZodOptional<z.ZodString>;
1199
+ tablePrefix: z.ZodDefault<z.ZodString>;
1200
+ schema: z.ZodOptional<z.ZodString>;
1201
+ }, "strip", z.ZodTypeAny, {
1202
+ type: "custom" | "prisma" | "drizzle" | "kysely";
1203
+ tablePrefix: string;
1204
+ connectionString?: string | undefined;
1205
+ schema?: string | undefined;
1206
+ }, {
1207
+ type: "custom" | "prisma" | "drizzle" | "kysely";
1208
+ connectionString?: string | undefined;
1209
+ tablePrefix?: string | undefined;
1210
+ schema?: string | undefined;
1211
+ }>>;
1212
+ /**
1213
+ * Database field mapping configuration
1214
+ * Maps ObjectStack standard field names to driver-specific field names.
1215
+ *
1216
+ * This is distinct from the database adapter configuration and provides
1217
+ * instructions for the driver to map our standard schema fields to the
1218
+ * underlying engine's fields (e.g., better-auth uses 'token' instead of 'sessionToken').
1219
+ */
1220
+ mapping: z.ZodOptional<z.ZodObject<{
1221
+ /**
1222
+ * User model field mapping
1223
+ * Maps ObjectStack User fields to driver fields
1224
+ */
1225
+ user: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1226
+ /**
1227
+ * Session model field mapping
1228
+ * Maps ObjectStack Session fields to driver fields
1229
+ */
1230
+ session: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodString>>;
1231
+ /**
1232
+ * Account model field mapping
1233
+ * Maps ObjectStack Account fields to driver fields
1234
+ */
1235
+ account: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodString>>;
1236
+ /**
1237
+ * Verification token field mapping
1238
+ * Maps ObjectStack VerificationToken fields to driver fields
1239
+ */
1240
+ verificationToken: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1241
+ }, "strip", z.ZodTypeAny, {
1242
+ session: Record<string, string>;
1243
+ account: Record<string, string>;
1244
+ user?: Record<string, string> | undefined;
1245
+ verificationToken?: Record<string, string> | undefined;
1246
+ }, {
1247
+ user?: Record<string, string> | undefined;
1248
+ session?: Record<string, string> | undefined;
1249
+ account?: Record<string, string> | undefined;
1250
+ verificationToken?: Record<string, string> | undefined;
1251
+ }>>;
1252
+ /**
1253
+ * Additional authentication plugins
1254
+ */
1255
+ plugins: z.ZodDefault<z.ZodArray<z.ZodObject<{
1256
+ name: z.ZodString;
1257
+ enabled: z.ZodDefault<z.ZodBoolean>;
1258
+ options: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
1259
+ }, "strip", z.ZodTypeAny, {
1260
+ name: string;
1261
+ enabled: boolean;
1262
+ options?: Record<string, any> | undefined;
1263
+ }, {
1264
+ name: string;
1265
+ options?: Record<string, any> | undefined;
1266
+ enabled?: boolean | undefined;
1267
+ }>, "many">>;
1268
+ /**
1269
+ * Custom hooks for authentication events
1270
+ */
1271
+ hooks: z.ZodOptional<z.ZodObject<{
1272
+ beforeSignIn: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1273
+ email: z.ZodString;
1274
+ }, "strip", z.ZodTypeAny, {
1275
+ email: string;
1276
+ }, {
1277
+ email: string;
1278
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1279
+ afterSignIn: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1280
+ user: z.ZodAny;
1281
+ session: z.ZodAny;
1282
+ }, "strip", z.ZodTypeAny, {
1283
+ user?: any;
1284
+ session?: any;
1285
+ }, {
1286
+ user?: any;
1287
+ session?: any;
1288
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1289
+ beforeSignUp: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1290
+ email: z.ZodString;
1291
+ name: z.ZodOptional<z.ZodString>;
1292
+ }, "strip", z.ZodTypeAny, {
1293
+ email: string;
1294
+ name?: string | undefined;
1295
+ }, {
1296
+ email: string;
1297
+ name?: string | undefined;
1298
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1299
+ afterSignUp: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1300
+ user: z.ZodAny;
1301
+ }, "strip", z.ZodTypeAny, {
1302
+ user?: any;
1303
+ }, {
1304
+ user?: any;
1305
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1306
+ beforeSignOut: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1307
+ sessionId: z.ZodString;
1308
+ }, "strip", z.ZodTypeAny, {
1309
+ sessionId: string;
1310
+ }, {
1311
+ sessionId: string;
1312
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1313
+ afterSignOut: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1314
+ sessionId: z.ZodString;
1315
+ }, "strip", z.ZodTypeAny, {
1316
+ sessionId: string;
1317
+ }, {
1318
+ sessionId: string;
1319
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1320
+ }, "strip", z.ZodTypeAny, {
1321
+ beforeSignIn?: ((args_0: {
1322
+ email: string;
1323
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1324
+ afterSignIn?: ((args_0: {
1325
+ user?: any;
1326
+ session?: any;
1327
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1328
+ beforeSignUp?: ((args_0: {
1329
+ email: string;
1330
+ name?: string | undefined;
1331
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1332
+ afterSignUp?: ((args_0: {
1333
+ user?: any;
1334
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1335
+ beforeSignOut?: ((args_0: {
1336
+ sessionId: string;
1337
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1338
+ afterSignOut?: ((args_0: {
1339
+ sessionId: string;
1340
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1341
+ }, {
1342
+ beforeSignIn?: ((args_0: {
1343
+ email: string;
1344
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1345
+ afterSignIn?: ((args_0: {
1346
+ user?: any;
1347
+ session?: any;
1348
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1349
+ beforeSignUp?: ((args_0: {
1350
+ email: string;
1351
+ name?: string | undefined;
1352
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1353
+ afterSignUp?: ((args_0: {
1354
+ user?: any;
1355
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1356
+ beforeSignOut?: ((args_0: {
1357
+ sessionId: string;
1358
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1359
+ afterSignOut?: ((args_0: {
1360
+ sessionId: string;
1361
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1362
+ }>>;
1363
+ /**
1364
+ * Advanced security settings
1365
+ */
1366
+ security: z.ZodOptional<z.ZodObject<{
1367
+ allowedOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1368
+ trustProxy: z.ZodDefault<z.ZodBoolean>;
1369
+ ipRateLimiting: z.ZodDefault<z.ZodBoolean>;
1370
+ sessionFingerprinting: z.ZodDefault<z.ZodBoolean>;
1371
+ maxSessions: z.ZodDefault<z.ZodNumber>;
1372
+ }, "strip", z.ZodTypeAny, {
1373
+ trustProxy: boolean;
1374
+ ipRateLimiting: boolean;
1375
+ sessionFingerprinting: boolean;
1376
+ maxSessions: number;
1377
+ allowedOrigins?: string[] | undefined;
1378
+ }, {
1379
+ allowedOrigins?: string[] | undefined;
1380
+ trustProxy?: boolean | undefined;
1381
+ ipRateLimiting?: boolean | undefined;
1382
+ sessionFingerprinting?: boolean | undefined;
1383
+ maxSessions?: number | undefined;
1384
+ }>>;
1385
+ /**
1386
+ * Email configuration for transactional emails
1387
+ */
1388
+ email: z.ZodOptional<z.ZodObject<{
1389
+ from: z.ZodString;
1390
+ fromName: z.ZodOptional<z.ZodString>;
1391
+ provider: z.ZodEnum<["smtp", "sendgrid", "mailgun", "ses", "resend", "custom"]>;
1392
+ config: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
1393
+ }, "strip", z.ZodTypeAny, {
1394
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
1395
+ from: string;
1396
+ config?: Record<string, any> | undefined;
1397
+ fromName?: string | undefined;
1398
+ }, {
1399
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
1400
+ from: string;
1401
+ config?: Record<string, any> | undefined;
1402
+ fromName?: string | undefined;
1403
+ }>>;
1404
+ /**
1405
+ * UI customization options
1406
+ */
1407
+ ui: z.ZodOptional<z.ZodObject<{
1408
+ brandName: z.ZodOptional<z.ZodString>;
1409
+ logo: z.ZodOptional<z.ZodString>;
1410
+ primaryColor: z.ZodOptional<z.ZodString>;
1411
+ customCss: z.ZodOptional<z.ZodString>;
1412
+ }, "strip", z.ZodTypeAny, {
1413
+ primaryColor?: string | undefined;
1414
+ logo?: string | undefined;
1415
+ brandName?: string | undefined;
1416
+ customCss?: string | undefined;
1417
+ }, {
1418
+ primaryColor?: string | undefined;
1419
+ logo?: string | undefined;
1420
+ brandName?: string | undefined;
1421
+ customCss?: string | undefined;
1422
+ }>>;
1423
+ /**
1424
+ * Whether this auth provider is active
1425
+ */
1426
+ active: z.ZodDefault<z.ZodBoolean>;
1427
+ /**
1428
+ * Whether to allow new user registration
1429
+ */
1430
+ allowRegistration: z.ZodDefault<z.ZodBoolean>;
1431
+ }, "strip", z.ZodTypeAny, {
1432
+ label: string;
1433
+ name: string;
1434
+ active: boolean;
1435
+ driver: string;
1436
+ secret: string;
1437
+ rateLimit: {
1438
+ enabled: boolean;
1439
+ windowMs: number;
1440
+ maxAttempts: number;
1441
+ blockDuration: number;
1442
+ skipSuccessfulRequests: boolean;
1443
+ };
1444
+ session: {
1445
+ expiresIn: number;
1446
+ updateAge: number;
1447
+ cookieName: string;
1448
+ cookieSecure: boolean;
1449
+ cookieSameSite: "strict" | "none" | "lax";
1450
+ cookiePath: string;
1451
+ cookieHttpOnly: boolean;
1452
+ cookieDomain?: string | undefined;
1453
+ };
1454
+ strategies: ("oauth" | "email_password" | "magic_link" | "passkey" | "otp" | "anonymous")[];
1455
+ baseUrl: string;
1456
+ csrf: {
1457
+ enabled: boolean;
1458
+ cookieName: string;
1459
+ tokenLength: number;
1460
+ headerName: string;
1461
+ };
1462
+ accountLinking: {
1463
+ enabled: boolean;
1464
+ autoLink: boolean;
1465
+ requireVerification: boolean;
1466
+ };
1467
+ userFieldMapping: {
1468
+ email: string;
1469
+ name: string;
1470
+ id: string;
1471
+ emailVerified: string;
1472
+ createdAt: string;
1473
+ updatedAt: string;
1474
+ image?: string | undefined;
1475
+ };
1476
+ plugins: {
1477
+ name: string;
1478
+ enabled: boolean;
1479
+ options?: Record<string, any> | undefined;
1480
+ }[];
1481
+ allowRegistration: boolean;
1482
+ email?: {
1483
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
1484
+ from: string;
1485
+ config?: Record<string, any> | undefined;
1486
+ fromName?: string | undefined;
1487
+ } | undefined;
1488
+ oauth?: {
1489
+ providers: {
1490
+ enabled: boolean;
1491
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
1492
+ clientId: string;
1493
+ clientSecret: string;
1494
+ icon?: string | undefined;
1495
+ scopes?: string[] | undefined;
1496
+ redirectUri?: string | undefined;
1497
+ displayName?: string | undefined;
1498
+ }[];
1499
+ } | undefined;
1500
+ passkey?: {
1501
+ enabled: boolean;
1502
+ rpName: string;
1503
+ userVerification: "required" | "preferred" | "discouraged";
1504
+ attestation: "none" | "indirect" | "direct" | "enterprise";
1505
+ rpId?: string | undefined;
1506
+ allowedOrigins?: string[] | undefined;
1507
+ } | undefined;
1508
+ enterprise?: {
1509
+ oidc?: {
1510
+ enabled: boolean;
1511
+ clientId: string;
1512
+ clientSecret: string;
1513
+ scopes: string[];
1514
+ issuer: string;
1515
+ icon?: string | undefined;
1516
+ displayName?: string | undefined;
1517
+ attributeMapping?: Record<string, string> | undefined;
1518
+ } | undefined;
1519
+ saml?: {
1520
+ enabled: boolean;
1521
+ issuer: string;
1522
+ entryPoint: string;
1523
+ cert: string;
1524
+ signatureAlgorithm: "sha256" | "sha512";
1525
+ icon?: string | undefined;
1526
+ displayName?: string | undefined;
1527
+ attributeMapping?: Record<string, string> | undefined;
1528
+ } | undefined;
1529
+ ldap?: {
1530
+ url: string;
1531
+ enabled: boolean;
1532
+ bindDn: string;
1533
+ bindCredentials: string;
1534
+ searchBase: string;
1535
+ searchFilter: string;
1536
+ icon?: string | undefined;
1537
+ displayName?: string | undefined;
1538
+ groupSearchBase?: string | undefined;
1539
+ } | undefined;
1540
+ } | undefined;
1541
+ emailPassword?: {
1542
+ enabled: boolean;
1543
+ requireEmailVerification: boolean;
1544
+ minPasswordLength: number;
1545
+ requirePasswordComplexity: boolean;
1546
+ allowPasswordReset: boolean;
1547
+ passwordResetExpiry: number;
1548
+ } | undefined;
1549
+ magicLink?: {
1550
+ enabled: boolean;
1551
+ expiryTime: number;
1552
+ sendEmail?: ((args_0: {
1553
+ token: string;
1554
+ to: string;
1555
+ link: string;
1556
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1557
+ } | undefined;
1558
+ twoFactor?: {
1559
+ enabled: boolean;
1560
+ qrCodeSize: number;
1561
+ issuer?: string | undefined;
1562
+ backupCodes?: {
1563
+ count: number;
1564
+ enabled: boolean;
1565
+ } | undefined;
1566
+ } | undefined;
1567
+ organization?: {
1568
+ enabled: boolean;
1569
+ allowUserToCreateOrg: boolean;
1570
+ defaultRole: string;
1571
+ creatorRole: string;
1572
+ } | undefined;
1573
+ database?: {
1574
+ type: "custom" | "prisma" | "drizzle" | "kysely";
1575
+ tablePrefix: string;
1576
+ connectionString?: string | undefined;
1577
+ schema?: string | undefined;
1578
+ } | undefined;
1579
+ mapping?: {
1580
+ session: Record<string, string>;
1581
+ account: Record<string, string>;
1582
+ user?: Record<string, string> | undefined;
1583
+ verificationToken?: Record<string, string> | undefined;
1584
+ } | undefined;
1585
+ hooks?: {
1586
+ beforeSignIn?: ((args_0: {
1587
+ email: string;
1588
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1589
+ afterSignIn?: ((args_0: {
1590
+ user?: any;
1591
+ session?: any;
1592
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1593
+ beforeSignUp?: ((args_0: {
1594
+ email: string;
1595
+ name?: string | undefined;
1596
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1597
+ afterSignUp?: ((args_0: {
1598
+ user?: any;
1599
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1600
+ beforeSignOut?: ((args_0: {
1601
+ sessionId: string;
1602
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1603
+ afterSignOut?: ((args_0: {
1604
+ sessionId: string;
1605
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1606
+ } | undefined;
1607
+ security?: {
1608
+ trustProxy: boolean;
1609
+ ipRateLimiting: boolean;
1610
+ sessionFingerprinting: boolean;
1611
+ maxSessions: number;
1612
+ allowedOrigins?: string[] | undefined;
1613
+ } | undefined;
1614
+ ui?: {
1615
+ primaryColor?: string | undefined;
1616
+ logo?: string | undefined;
1617
+ brandName?: string | undefined;
1618
+ customCss?: string | undefined;
1619
+ } | undefined;
1620
+ }, {
1621
+ label: string;
1622
+ name: string;
1623
+ secret: string;
1624
+ strategies: ("oauth" | "email_password" | "magic_link" | "passkey" | "otp" | "anonymous")[];
1625
+ baseUrl: string;
1626
+ email?: {
1627
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
1628
+ from: string;
1629
+ config?: Record<string, any> | undefined;
1630
+ fromName?: string | undefined;
1631
+ } | undefined;
1632
+ active?: boolean | undefined;
1633
+ driver?: string | undefined;
1634
+ rateLimit?: {
1635
+ enabled?: boolean | undefined;
1636
+ windowMs?: number | undefined;
1637
+ maxAttempts?: number | undefined;
1638
+ blockDuration?: number | undefined;
1639
+ skipSuccessfulRequests?: boolean | undefined;
1640
+ } | undefined;
1641
+ oauth?: {
1642
+ providers: {
1643
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
1644
+ clientId: string;
1645
+ clientSecret: string;
1646
+ icon?: string | undefined;
1647
+ enabled?: boolean | undefined;
1648
+ scopes?: string[] | undefined;
1649
+ redirectUri?: string | undefined;
1650
+ displayName?: string | undefined;
1651
+ }[];
1652
+ } | undefined;
1653
+ passkey?: {
1654
+ rpName: string;
1655
+ enabled?: boolean | undefined;
1656
+ rpId?: string | undefined;
1657
+ allowedOrigins?: string[] | undefined;
1658
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
1659
+ attestation?: "none" | "indirect" | "direct" | "enterprise" | undefined;
1660
+ } | undefined;
1661
+ enterprise?: {
1662
+ oidc?: {
1663
+ clientId: string;
1664
+ clientSecret: string;
1665
+ issuer: string;
1666
+ icon?: string | undefined;
1667
+ enabled?: boolean | undefined;
1668
+ scopes?: string[] | undefined;
1669
+ displayName?: string | undefined;
1670
+ attributeMapping?: Record<string, string> | undefined;
1671
+ } | undefined;
1672
+ saml?: {
1673
+ issuer: string;
1674
+ entryPoint: string;
1675
+ cert: string;
1676
+ icon?: string | undefined;
1677
+ enabled?: boolean | undefined;
1678
+ displayName?: string | undefined;
1679
+ attributeMapping?: Record<string, string> | undefined;
1680
+ signatureAlgorithm?: "sha256" | "sha512" | undefined;
1681
+ } | undefined;
1682
+ ldap?: {
1683
+ url: string;
1684
+ bindDn: string;
1685
+ bindCredentials: string;
1686
+ searchBase: string;
1687
+ searchFilter: string;
1688
+ icon?: string | undefined;
1689
+ enabled?: boolean | undefined;
1690
+ displayName?: string | undefined;
1691
+ groupSearchBase?: string | undefined;
1692
+ } | undefined;
1693
+ } | undefined;
1694
+ session?: {
1695
+ expiresIn?: number | undefined;
1696
+ updateAge?: number | undefined;
1697
+ cookieName?: string | undefined;
1698
+ cookieSecure?: boolean | undefined;
1699
+ cookieSameSite?: "strict" | "none" | "lax" | undefined;
1700
+ cookieDomain?: string | undefined;
1701
+ cookiePath?: string | undefined;
1702
+ cookieHttpOnly?: boolean | undefined;
1703
+ } | undefined;
1704
+ emailPassword?: {
1705
+ enabled?: boolean | undefined;
1706
+ requireEmailVerification?: boolean | undefined;
1707
+ minPasswordLength?: number | undefined;
1708
+ requirePasswordComplexity?: boolean | undefined;
1709
+ allowPasswordReset?: boolean | undefined;
1710
+ passwordResetExpiry?: number | undefined;
1711
+ } | undefined;
1712
+ magicLink?: {
1713
+ enabled?: boolean | undefined;
1714
+ expiryTime?: number | undefined;
1715
+ sendEmail?: ((args_0: {
1716
+ token: string;
1717
+ to: string;
1718
+ link: string;
1719
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1720
+ } | undefined;
1721
+ csrf?: {
1722
+ enabled?: boolean | undefined;
1723
+ cookieName?: string | undefined;
1724
+ tokenLength?: number | undefined;
1725
+ headerName?: string | undefined;
1726
+ } | undefined;
1727
+ accountLinking?: {
1728
+ enabled?: boolean | undefined;
1729
+ autoLink?: boolean | undefined;
1730
+ requireVerification?: boolean | undefined;
1731
+ } | undefined;
1732
+ twoFactor?: {
1733
+ enabled?: boolean | undefined;
1734
+ issuer?: string | undefined;
1735
+ qrCodeSize?: number | undefined;
1736
+ backupCodes?: {
1737
+ count?: number | undefined;
1738
+ enabled?: boolean | undefined;
1739
+ } | undefined;
1740
+ } | undefined;
1741
+ organization?: {
1742
+ enabled?: boolean | undefined;
1743
+ allowUserToCreateOrg?: boolean | undefined;
1744
+ defaultRole?: string | undefined;
1745
+ creatorRole?: string | undefined;
1746
+ } | undefined;
1747
+ userFieldMapping?: {
1748
+ email?: string | undefined;
1749
+ image?: string | undefined;
1750
+ name?: string | undefined;
1751
+ id?: string | undefined;
1752
+ emailVerified?: string | undefined;
1753
+ createdAt?: string | undefined;
1754
+ updatedAt?: string | undefined;
1755
+ } | undefined;
1756
+ database?: {
1757
+ type: "custom" | "prisma" | "drizzle" | "kysely";
1758
+ connectionString?: string | undefined;
1759
+ tablePrefix?: string | undefined;
1760
+ schema?: string | undefined;
1761
+ } | undefined;
1762
+ mapping?: {
1763
+ user?: Record<string, string> | undefined;
1764
+ session?: Record<string, string> | undefined;
1765
+ account?: Record<string, string> | undefined;
1766
+ verificationToken?: Record<string, string> | undefined;
1767
+ } | undefined;
1768
+ plugins?: {
1769
+ name: string;
1770
+ options?: Record<string, any> | undefined;
1771
+ enabled?: boolean | undefined;
1772
+ }[] | undefined;
1773
+ hooks?: {
1774
+ beforeSignIn?: ((args_0: {
1775
+ email: string;
1776
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1777
+ afterSignIn?: ((args_0: {
1778
+ user?: any;
1779
+ session?: any;
1780
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1781
+ beforeSignUp?: ((args_0: {
1782
+ email: string;
1783
+ name?: string | undefined;
1784
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1785
+ afterSignUp?: ((args_0: {
1786
+ user?: any;
1787
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1788
+ beforeSignOut?: ((args_0: {
1789
+ sessionId: string;
1790
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1791
+ afterSignOut?: ((args_0: {
1792
+ sessionId: string;
1793
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1794
+ } | undefined;
1795
+ security?: {
1796
+ allowedOrigins?: string[] | undefined;
1797
+ trustProxy?: boolean | undefined;
1798
+ ipRateLimiting?: boolean | undefined;
1799
+ sessionFingerprinting?: boolean | undefined;
1800
+ maxSessions?: number | undefined;
1801
+ } | undefined;
1802
+ ui?: {
1803
+ primaryColor?: string | undefined;
1804
+ logo?: string | undefined;
1805
+ brandName?: string | undefined;
1806
+ customCss?: string | undefined;
1807
+ } | undefined;
1808
+ allowRegistration?: boolean | undefined;
1809
+ }>;
1810
+ /**
1811
+ * TypeScript type inferred from AuthConfigSchema
1812
+ */
1813
+ export type AuthConfig = z.infer<typeof AuthConfigSchema>;
1814
+ /**
1815
+ * Standard Authentication Provider Schema
1816
+ * Wraps the configuration for use in the identity system
1817
+ */
1818
+ export declare const StandardAuthProviderSchema: z.ZodObject<{
1819
+ type: z.ZodLiteral<"standard_auth">;
1820
+ config: z.ZodObject<{
1821
+ /**
1822
+ * Unique identifier for this auth configuration
1823
+ * Must be in snake_case following ObjectStack conventions
1824
+ */
1825
+ name: z.ZodString;
1826
+ /**
1827
+ * Human-readable label
1828
+ */
1829
+ label: z.ZodString;
1830
+ /**
1831
+ * The underlying authentication implementation driver
1832
+ * Default: 'better-auth' (the reference implementation)
1833
+ * Can be: 'better-auth', 'auth-js', 'passport', or custom driver name
1834
+ */
1835
+ driver: z.ZodDefault<z.ZodString>;
1836
+ /**
1837
+ * Enabled authentication strategies
1838
+ */
1839
+ strategies: z.ZodArray<z.ZodEnum<["email_password", "magic_link", "oauth", "passkey", "otp", "anonymous"]>, "many">;
1840
+ /**
1841
+ * Base URL for the application
1842
+ */
1843
+ baseUrl: z.ZodString;
1844
+ /**
1845
+ * Secret key for signing tokens and cookies
1846
+ * Should be loaded from environment variables
1847
+ */
1848
+ secret: z.ZodString;
1849
+ /**
1850
+ * Email & Password configuration
1851
+ */
1852
+ emailPassword: z.ZodOptional<z.ZodObject<{
1853
+ enabled: z.ZodDefault<z.ZodBoolean>;
1854
+ requireEmailVerification: z.ZodDefault<z.ZodBoolean>;
1855
+ minPasswordLength: z.ZodDefault<z.ZodNumber>;
1856
+ requirePasswordComplexity: z.ZodDefault<z.ZodBoolean>;
1857
+ allowPasswordReset: z.ZodDefault<z.ZodBoolean>;
1858
+ passwordResetExpiry: z.ZodDefault<z.ZodNumber>;
1859
+ }, "strip", z.ZodTypeAny, {
1860
+ enabled: boolean;
1861
+ requireEmailVerification: boolean;
1862
+ minPasswordLength: number;
1863
+ requirePasswordComplexity: boolean;
1864
+ allowPasswordReset: boolean;
1865
+ passwordResetExpiry: number;
1866
+ }, {
1867
+ enabled?: boolean | undefined;
1868
+ requireEmailVerification?: boolean | undefined;
1869
+ minPasswordLength?: number | undefined;
1870
+ requirePasswordComplexity?: boolean | undefined;
1871
+ allowPasswordReset?: boolean | undefined;
1872
+ passwordResetExpiry?: number | undefined;
1873
+ }>>;
1874
+ /**
1875
+ * Magic Link configuration
1876
+ */
1877
+ magicLink: z.ZodOptional<z.ZodObject<{
1878
+ enabled: z.ZodDefault<z.ZodBoolean>;
1879
+ expiryTime: z.ZodDefault<z.ZodNumber>;
1880
+ sendEmail: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1881
+ to: z.ZodString;
1882
+ link: z.ZodString;
1883
+ token: z.ZodString;
1884
+ }, "strip", z.ZodTypeAny, {
1885
+ token: string;
1886
+ to: string;
1887
+ link: string;
1888
+ }, {
1889
+ token: string;
1890
+ to: string;
1891
+ link: string;
1892
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1893
+ }, "strip", z.ZodTypeAny, {
1894
+ enabled: boolean;
1895
+ expiryTime: number;
1896
+ sendEmail?: ((args_0: {
1897
+ token: string;
1898
+ to: string;
1899
+ link: string;
1900
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1901
+ }, {
1902
+ enabled?: boolean | undefined;
1903
+ expiryTime?: number | undefined;
1904
+ sendEmail?: ((args_0: {
1905
+ token: string;
1906
+ to: string;
1907
+ link: string;
1908
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1909
+ }>>;
1910
+ /**
1911
+ * Passkey (WebAuthn) configuration
1912
+ */
1913
+ passkey: z.ZodOptional<z.ZodObject<{
1914
+ enabled: z.ZodDefault<z.ZodBoolean>;
1915
+ rpName: z.ZodString;
1916
+ rpId: z.ZodOptional<z.ZodString>;
1917
+ allowedOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1918
+ userVerification: z.ZodDefault<z.ZodEnum<["required", "preferred", "discouraged"]>>;
1919
+ attestation: z.ZodDefault<z.ZodEnum<["none", "indirect", "direct", "enterprise"]>>;
1920
+ }, "strip", z.ZodTypeAny, {
1921
+ enabled: boolean;
1922
+ rpName: string;
1923
+ userVerification: "required" | "preferred" | "discouraged";
1924
+ attestation: "none" | "indirect" | "direct" | "enterprise";
1925
+ rpId?: string | undefined;
1926
+ allowedOrigins?: string[] | undefined;
1927
+ }, {
1928
+ rpName: string;
1929
+ enabled?: boolean | undefined;
1930
+ rpId?: string | undefined;
1931
+ allowedOrigins?: string[] | undefined;
1932
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
1933
+ attestation?: "none" | "indirect" | "direct" | "enterprise" | undefined;
1934
+ }>>;
1935
+ /**
1936
+ * OAuth configuration
1937
+ */
1938
+ oauth: z.ZodOptional<z.ZodObject<{
1939
+ providers: z.ZodArray<z.ZodObject<{
1940
+ provider: z.ZodEnum<["google", "github", "facebook", "twitter", "linkedin", "microsoft", "apple", "discord", "gitlab", "custom"]>;
1941
+ clientId: z.ZodString;
1942
+ clientSecret: z.ZodString;
1943
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1944
+ redirectUri: z.ZodOptional<z.ZodString>;
1945
+ enabled: z.ZodDefault<z.ZodBoolean>;
1946
+ displayName: z.ZodOptional<z.ZodString>;
1947
+ icon: z.ZodOptional<z.ZodString>;
1948
+ }, "strip", z.ZodTypeAny, {
1949
+ enabled: boolean;
1950
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
1951
+ clientId: string;
1952
+ clientSecret: string;
1953
+ icon?: string | undefined;
1954
+ scopes?: string[] | undefined;
1955
+ redirectUri?: string | undefined;
1956
+ displayName?: string | undefined;
1957
+ }, {
1958
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
1959
+ clientId: string;
1960
+ clientSecret: string;
1961
+ icon?: string | undefined;
1962
+ enabled?: boolean | undefined;
1963
+ scopes?: string[] | undefined;
1964
+ redirectUri?: string | undefined;
1965
+ displayName?: string | undefined;
1966
+ }>, "many">;
1967
+ }, "strip", z.ZodTypeAny, {
1968
+ providers: {
1969
+ enabled: boolean;
1970
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
1971
+ clientId: string;
1972
+ clientSecret: string;
1973
+ icon?: string | undefined;
1974
+ scopes?: string[] | undefined;
1975
+ redirectUri?: string | undefined;
1976
+ displayName?: string | undefined;
1977
+ }[];
1978
+ }, {
1979
+ providers: {
1980
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
1981
+ clientId: string;
1982
+ clientSecret: string;
1983
+ icon?: string | undefined;
1984
+ enabled?: boolean | undefined;
1985
+ scopes?: string[] | undefined;
1986
+ redirectUri?: string | undefined;
1987
+ displayName?: string | undefined;
1988
+ }[];
1989
+ }>>;
1990
+ /**
1991
+ * Session configuration
1992
+ */
1993
+ session: z.ZodDefault<z.ZodObject<{
1994
+ expiresIn: z.ZodDefault<z.ZodNumber>;
1995
+ updateAge: z.ZodDefault<z.ZodNumber>;
1996
+ cookieName: z.ZodDefault<z.ZodString>;
1997
+ cookieSecure: z.ZodDefault<z.ZodBoolean>;
1998
+ cookieSameSite: z.ZodDefault<z.ZodEnum<["strict", "lax", "none"]>>;
1999
+ cookieDomain: z.ZodOptional<z.ZodString>;
2000
+ cookiePath: z.ZodDefault<z.ZodString>;
2001
+ cookieHttpOnly: z.ZodDefault<z.ZodBoolean>;
2002
+ }, "strip", z.ZodTypeAny, {
2003
+ expiresIn: number;
2004
+ updateAge: number;
2005
+ cookieName: string;
2006
+ cookieSecure: boolean;
2007
+ cookieSameSite: "strict" | "none" | "lax";
2008
+ cookiePath: string;
2009
+ cookieHttpOnly: boolean;
2010
+ cookieDomain?: string | undefined;
2011
+ }, {
2012
+ expiresIn?: number | undefined;
2013
+ updateAge?: number | undefined;
2014
+ cookieName?: string | undefined;
2015
+ cookieSecure?: boolean | undefined;
2016
+ cookieSameSite?: "strict" | "none" | "lax" | undefined;
2017
+ cookieDomain?: string | undefined;
2018
+ cookiePath?: string | undefined;
2019
+ cookieHttpOnly?: boolean | undefined;
2020
+ }>>;
2021
+ /**
2022
+ * Rate limiting configuration
2023
+ */
2024
+ rateLimit: z.ZodDefault<z.ZodObject<{
2025
+ enabled: z.ZodDefault<z.ZodBoolean>;
2026
+ maxAttempts: z.ZodDefault<z.ZodNumber>;
2027
+ windowMs: z.ZodDefault<z.ZodNumber>;
2028
+ blockDuration: z.ZodDefault<z.ZodNumber>;
2029
+ skipSuccessfulRequests: z.ZodDefault<z.ZodBoolean>;
2030
+ }, "strip", z.ZodTypeAny, {
2031
+ enabled: boolean;
2032
+ windowMs: number;
2033
+ maxAttempts: number;
2034
+ blockDuration: number;
2035
+ skipSuccessfulRequests: boolean;
2036
+ }, {
2037
+ enabled?: boolean | undefined;
2038
+ windowMs?: number | undefined;
2039
+ maxAttempts?: number | undefined;
2040
+ blockDuration?: number | undefined;
2041
+ skipSuccessfulRequests?: boolean | undefined;
2042
+ }>>;
2043
+ /**
2044
+ * CSRF protection configuration
2045
+ */
2046
+ csrf: z.ZodDefault<z.ZodObject<{
2047
+ enabled: z.ZodDefault<z.ZodBoolean>;
2048
+ tokenLength: z.ZodDefault<z.ZodNumber>;
2049
+ cookieName: z.ZodDefault<z.ZodString>;
2050
+ headerName: z.ZodDefault<z.ZodString>;
2051
+ }, "strip", z.ZodTypeAny, {
2052
+ enabled: boolean;
2053
+ cookieName: string;
2054
+ tokenLength: number;
2055
+ headerName: string;
2056
+ }, {
2057
+ enabled?: boolean | undefined;
2058
+ cookieName?: string | undefined;
2059
+ tokenLength?: number | undefined;
2060
+ headerName?: string | undefined;
2061
+ }>>;
2062
+ /**
2063
+ * Account linking configuration
2064
+ */
2065
+ accountLinking: z.ZodDefault<z.ZodObject<{
2066
+ enabled: z.ZodDefault<z.ZodBoolean>;
2067
+ autoLink: z.ZodDefault<z.ZodBoolean>;
2068
+ requireVerification: z.ZodDefault<z.ZodBoolean>;
2069
+ }, "strip", z.ZodTypeAny, {
2070
+ enabled: boolean;
2071
+ autoLink: boolean;
2072
+ requireVerification: boolean;
2073
+ }, {
2074
+ enabled?: boolean | undefined;
2075
+ autoLink?: boolean | undefined;
2076
+ requireVerification?: boolean | undefined;
2077
+ }>>;
2078
+ /**
2079
+ * Two-factor authentication configuration
2080
+ */
2081
+ twoFactor: z.ZodOptional<z.ZodObject<{
2082
+ enabled: z.ZodDefault<z.ZodBoolean>;
2083
+ issuer: z.ZodOptional<z.ZodString>;
2084
+ qrCodeSize: z.ZodDefault<z.ZodNumber>;
2085
+ backupCodes: z.ZodOptional<z.ZodObject<{
2086
+ enabled: z.ZodDefault<z.ZodBoolean>;
2087
+ count: z.ZodDefault<z.ZodNumber>;
2088
+ }, "strip", z.ZodTypeAny, {
2089
+ count: number;
2090
+ enabled: boolean;
2091
+ }, {
2092
+ count?: number | undefined;
2093
+ enabled?: boolean | undefined;
2094
+ }>>;
2095
+ }, "strip", z.ZodTypeAny, {
2096
+ enabled: boolean;
2097
+ qrCodeSize: number;
2098
+ issuer?: string | undefined;
2099
+ backupCodes?: {
2100
+ count: number;
2101
+ enabled: boolean;
2102
+ } | undefined;
2103
+ }, {
2104
+ enabled?: boolean | undefined;
2105
+ issuer?: string | undefined;
2106
+ qrCodeSize?: number | undefined;
2107
+ backupCodes?: {
2108
+ count?: number | undefined;
2109
+ enabled?: boolean | undefined;
2110
+ } | undefined;
2111
+ }>>;
2112
+ /**
2113
+ * Organization (Multi-tenant) configuration
2114
+ * Enables B2B SaaS scenarios where users belong to multiple teams/workspaces
2115
+ */
2116
+ organization: z.ZodOptional<z.ZodObject<{
2117
+ enabled: z.ZodDefault<z.ZodBoolean>;
2118
+ allowUserToCreateOrg: z.ZodDefault<z.ZodBoolean>;
2119
+ defaultRole: z.ZodDefault<z.ZodString>;
2120
+ creatorRole: z.ZodDefault<z.ZodString>;
2121
+ }, "strip", z.ZodTypeAny, {
2122
+ enabled: boolean;
2123
+ allowUserToCreateOrg: boolean;
2124
+ defaultRole: string;
2125
+ creatorRole: string;
2126
+ }, {
2127
+ enabled?: boolean | undefined;
2128
+ allowUserToCreateOrg?: boolean | undefined;
2129
+ defaultRole?: string | undefined;
2130
+ creatorRole?: string | undefined;
2131
+ }>>;
2132
+ /**
2133
+ * Enterprise authentication configuration (SAML, LDAP, OIDC)
2134
+ */
2135
+ enterprise: z.ZodOptional<z.ZodObject<{
2136
+ oidc: z.ZodOptional<z.ZodObject<{
2137
+ enabled: z.ZodDefault<z.ZodBoolean>;
2138
+ issuer: z.ZodString;
2139
+ clientId: z.ZodString;
2140
+ clientSecret: z.ZodString;
2141
+ scopes: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2142
+ attributeMapping: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2143
+ displayName: z.ZodOptional<z.ZodString>;
2144
+ icon: z.ZodOptional<z.ZodString>;
2145
+ }, "strip", z.ZodTypeAny, {
2146
+ enabled: boolean;
2147
+ clientId: string;
2148
+ clientSecret: string;
2149
+ scopes: string[];
2150
+ issuer: string;
2151
+ icon?: string | undefined;
2152
+ displayName?: string | undefined;
2153
+ attributeMapping?: Record<string, string> | undefined;
2154
+ }, {
2155
+ clientId: string;
2156
+ clientSecret: string;
2157
+ issuer: string;
2158
+ icon?: string | undefined;
2159
+ enabled?: boolean | undefined;
2160
+ scopes?: string[] | undefined;
2161
+ displayName?: string | undefined;
2162
+ attributeMapping?: Record<string, string> | undefined;
2163
+ }>>;
2164
+ saml: z.ZodOptional<z.ZodObject<{
2165
+ enabled: z.ZodDefault<z.ZodBoolean>;
2166
+ entryPoint: z.ZodString;
2167
+ cert: z.ZodString;
2168
+ issuer: z.ZodString;
2169
+ signatureAlgorithm: z.ZodDefault<z.ZodEnum<["sha256", "sha512"]>>;
2170
+ attributeMapping: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2171
+ displayName: z.ZodOptional<z.ZodString>;
2172
+ icon: z.ZodOptional<z.ZodString>;
2173
+ }, "strip", z.ZodTypeAny, {
2174
+ enabled: boolean;
2175
+ issuer: string;
2176
+ entryPoint: string;
2177
+ cert: string;
2178
+ signatureAlgorithm: "sha256" | "sha512";
2179
+ icon?: string | undefined;
2180
+ displayName?: string | undefined;
2181
+ attributeMapping?: Record<string, string> | undefined;
2182
+ }, {
2183
+ issuer: string;
2184
+ entryPoint: string;
2185
+ cert: string;
2186
+ icon?: string | undefined;
2187
+ enabled?: boolean | undefined;
2188
+ displayName?: string | undefined;
2189
+ attributeMapping?: Record<string, string> | undefined;
2190
+ signatureAlgorithm?: "sha256" | "sha512" | undefined;
2191
+ }>>;
2192
+ ldap: z.ZodOptional<z.ZodObject<{
2193
+ enabled: z.ZodDefault<z.ZodBoolean>;
2194
+ url: z.ZodString;
2195
+ bindDn: z.ZodString;
2196
+ bindCredentials: z.ZodString;
2197
+ searchBase: z.ZodString;
2198
+ searchFilter: z.ZodString;
2199
+ groupSearchBase: z.ZodOptional<z.ZodString>;
2200
+ displayName: z.ZodOptional<z.ZodString>;
2201
+ icon: z.ZodOptional<z.ZodString>;
2202
+ }, "strip", z.ZodTypeAny, {
2203
+ url: string;
2204
+ enabled: boolean;
2205
+ bindDn: string;
2206
+ bindCredentials: string;
2207
+ searchBase: string;
2208
+ searchFilter: string;
2209
+ icon?: string | undefined;
2210
+ displayName?: string | undefined;
2211
+ groupSearchBase?: string | undefined;
2212
+ }, {
2213
+ url: string;
2214
+ bindDn: string;
2215
+ bindCredentials: string;
2216
+ searchBase: string;
2217
+ searchFilter: string;
2218
+ icon?: string | undefined;
2219
+ enabled?: boolean | undefined;
2220
+ displayName?: string | undefined;
2221
+ groupSearchBase?: string | undefined;
2222
+ }>>;
2223
+ }, "strip", z.ZodTypeAny, {
2224
+ oidc?: {
2225
+ enabled: boolean;
2226
+ clientId: string;
2227
+ clientSecret: string;
2228
+ scopes: string[];
2229
+ issuer: string;
2230
+ icon?: string | undefined;
2231
+ displayName?: string | undefined;
2232
+ attributeMapping?: Record<string, string> | undefined;
2233
+ } | undefined;
2234
+ saml?: {
2235
+ enabled: boolean;
2236
+ issuer: string;
2237
+ entryPoint: string;
2238
+ cert: string;
2239
+ signatureAlgorithm: "sha256" | "sha512";
2240
+ icon?: string | undefined;
2241
+ displayName?: string | undefined;
2242
+ attributeMapping?: Record<string, string> | undefined;
2243
+ } | undefined;
2244
+ ldap?: {
2245
+ url: string;
2246
+ enabled: boolean;
2247
+ bindDn: string;
2248
+ bindCredentials: string;
2249
+ searchBase: string;
2250
+ searchFilter: string;
2251
+ icon?: string | undefined;
2252
+ displayName?: string | undefined;
2253
+ groupSearchBase?: string | undefined;
2254
+ } | undefined;
2255
+ }, {
2256
+ oidc?: {
2257
+ clientId: string;
2258
+ clientSecret: string;
2259
+ issuer: string;
2260
+ icon?: string | undefined;
2261
+ enabled?: boolean | undefined;
2262
+ scopes?: string[] | undefined;
2263
+ displayName?: string | undefined;
2264
+ attributeMapping?: Record<string, string> | undefined;
2265
+ } | undefined;
2266
+ saml?: {
2267
+ issuer: string;
2268
+ entryPoint: string;
2269
+ cert: string;
2270
+ icon?: string | undefined;
2271
+ enabled?: boolean | undefined;
2272
+ displayName?: string | undefined;
2273
+ attributeMapping?: Record<string, string> | undefined;
2274
+ signatureAlgorithm?: "sha256" | "sha512" | undefined;
2275
+ } | undefined;
2276
+ ldap?: {
2277
+ url: string;
2278
+ bindDn: string;
2279
+ bindCredentials: string;
2280
+ searchBase: string;
2281
+ searchFilter: string;
2282
+ icon?: string | undefined;
2283
+ enabled?: boolean | undefined;
2284
+ displayName?: string | undefined;
2285
+ groupSearchBase?: string | undefined;
2286
+ } | undefined;
2287
+ }>>;
2288
+ /**
2289
+ * User field mapping
2290
+ */
2291
+ userFieldMapping: z.ZodDefault<z.ZodObject<{
2292
+ id: z.ZodDefault<z.ZodString>;
2293
+ email: z.ZodDefault<z.ZodString>;
2294
+ name: z.ZodDefault<z.ZodString>;
2295
+ image: z.ZodOptional<z.ZodDefault<z.ZodString>>;
2296
+ emailVerified: z.ZodDefault<z.ZodString>;
2297
+ createdAt: z.ZodDefault<z.ZodString>;
2298
+ updatedAt: z.ZodDefault<z.ZodString>;
2299
+ }, "strip", z.ZodTypeAny, {
2300
+ email: string;
2301
+ name: string;
2302
+ id: string;
2303
+ emailVerified: string;
2304
+ createdAt: string;
2305
+ updatedAt: string;
2306
+ image?: string | undefined;
2307
+ }, {
2308
+ email?: string | undefined;
2309
+ image?: string | undefined;
2310
+ name?: string | undefined;
2311
+ id?: string | undefined;
2312
+ emailVerified?: string | undefined;
2313
+ createdAt?: string | undefined;
2314
+ updatedAt?: string | undefined;
2315
+ }>>;
2316
+ /**
2317
+ * Database adapter configuration
2318
+ */
2319
+ database: z.ZodOptional<z.ZodObject<{
2320
+ type: z.ZodEnum<["prisma", "drizzle", "kysely", "custom"]>;
2321
+ connectionString: z.ZodOptional<z.ZodString>;
2322
+ tablePrefix: z.ZodDefault<z.ZodString>;
2323
+ schema: z.ZodOptional<z.ZodString>;
2324
+ }, "strip", z.ZodTypeAny, {
2325
+ type: "custom" | "prisma" | "drizzle" | "kysely";
2326
+ tablePrefix: string;
2327
+ connectionString?: string | undefined;
2328
+ schema?: string | undefined;
2329
+ }, {
2330
+ type: "custom" | "prisma" | "drizzle" | "kysely";
2331
+ connectionString?: string | undefined;
2332
+ tablePrefix?: string | undefined;
2333
+ schema?: string | undefined;
2334
+ }>>;
2335
+ /**
2336
+ * Database field mapping configuration
2337
+ * Maps ObjectStack standard field names to driver-specific field names.
2338
+ *
2339
+ * This is distinct from the database adapter configuration and provides
2340
+ * instructions for the driver to map our standard schema fields to the
2341
+ * underlying engine's fields (e.g., better-auth uses 'token' instead of 'sessionToken').
2342
+ */
2343
+ mapping: z.ZodOptional<z.ZodObject<{
2344
+ /**
2345
+ * User model field mapping
2346
+ * Maps ObjectStack User fields to driver fields
2347
+ */
2348
+ user: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2349
+ /**
2350
+ * Session model field mapping
2351
+ * Maps ObjectStack Session fields to driver fields
2352
+ */
2353
+ session: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodString>>;
2354
+ /**
2355
+ * Account model field mapping
2356
+ * Maps ObjectStack Account fields to driver fields
2357
+ */
2358
+ account: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodString>>;
2359
+ /**
2360
+ * Verification token field mapping
2361
+ * Maps ObjectStack VerificationToken fields to driver fields
2362
+ */
2363
+ verificationToken: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2364
+ }, "strip", z.ZodTypeAny, {
2365
+ session: Record<string, string>;
2366
+ account: Record<string, string>;
2367
+ user?: Record<string, string> | undefined;
2368
+ verificationToken?: Record<string, string> | undefined;
2369
+ }, {
2370
+ user?: Record<string, string> | undefined;
2371
+ session?: Record<string, string> | undefined;
2372
+ account?: Record<string, string> | undefined;
2373
+ verificationToken?: Record<string, string> | undefined;
2374
+ }>>;
2375
+ /**
2376
+ * Additional authentication plugins
2377
+ */
2378
+ plugins: z.ZodDefault<z.ZodArray<z.ZodObject<{
2379
+ name: z.ZodString;
2380
+ enabled: z.ZodDefault<z.ZodBoolean>;
2381
+ options: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
2382
+ }, "strip", z.ZodTypeAny, {
2383
+ name: string;
2384
+ enabled: boolean;
2385
+ options?: Record<string, any> | undefined;
2386
+ }, {
2387
+ name: string;
2388
+ options?: Record<string, any> | undefined;
2389
+ enabled?: boolean | undefined;
2390
+ }>, "many">>;
2391
+ /**
2392
+ * Custom hooks for authentication events
2393
+ */
2394
+ hooks: z.ZodOptional<z.ZodObject<{
2395
+ beforeSignIn: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
2396
+ email: z.ZodString;
2397
+ }, "strip", z.ZodTypeAny, {
2398
+ email: string;
2399
+ }, {
2400
+ email: string;
2401
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
2402
+ afterSignIn: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
2403
+ user: z.ZodAny;
2404
+ session: z.ZodAny;
2405
+ }, "strip", z.ZodTypeAny, {
2406
+ user?: any;
2407
+ session?: any;
2408
+ }, {
2409
+ user?: any;
2410
+ session?: any;
2411
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
2412
+ beforeSignUp: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
2413
+ email: z.ZodString;
2414
+ name: z.ZodOptional<z.ZodString>;
2415
+ }, "strip", z.ZodTypeAny, {
2416
+ email: string;
2417
+ name?: string | undefined;
2418
+ }, {
2419
+ email: string;
2420
+ name?: string | undefined;
2421
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
2422
+ afterSignUp: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
2423
+ user: z.ZodAny;
2424
+ }, "strip", z.ZodTypeAny, {
2425
+ user?: any;
2426
+ }, {
2427
+ user?: any;
2428
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
2429
+ beforeSignOut: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
2430
+ sessionId: z.ZodString;
2431
+ }, "strip", z.ZodTypeAny, {
2432
+ sessionId: string;
2433
+ }, {
2434
+ sessionId: string;
2435
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
2436
+ afterSignOut: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
2437
+ sessionId: z.ZodString;
2438
+ }, "strip", z.ZodTypeAny, {
2439
+ sessionId: string;
2440
+ }, {
2441
+ sessionId: string;
2442
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
2443
+ }, "strip", z.ZodTypeAny, {
2444
+ beforeSignIn?: ((args_0: {
2445
+ email: string;
2446
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2447
+ afterSignIn?: ((args_0: {
2448
+ user?: any;
2449
+ session?: any;
2450
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2451
+ beforeSignUp?: ((args_0: {
2452
+ email: string;
2453
+ name?: string | undefined;
2454
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2455
+ afterSignUp?: ((args_0: {
2456
+ user?: any;
2457
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2458
+ beforeSignOut?: ((args_0: {
2459
+ sessionId: string;
2460
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2461
+ afterSignOut?: ((args_0: {
2462
+ sessionId: string;
2463
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2464
+ }, {
2465
+ beforeSignIn?: ((args_0: {
2466
+ email: string;
2467
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2468
+ afterSignIn?: ((args_0: {
2469
+ user?: any;
2470
+ session?: any;
2471
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2472
+ beforeSignUp?: ((args_0: {
2473
+ email: string;
2474
+ name?: string | undefined;
2475
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2476
+ afterSignUp?: ((args_0: {
2477
+ user?: any;
2478
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2479
+ beforeSignOut?: ((args_0: {
2480
+ sessionId: string;
2481
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2482
+ afterSignOut?: ((args_0: {
2483
+ sessionId: string;
2484
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2485
+ }>>;
2486
+ /**
2487
+ * Advanced security settings
2488
+ */
2489
+ security: z.ZodOptional<z.ZodObject<{
2490
+ allowedOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2491
+ trustProxy: z.ZodDefault<z.ZodBoolean>;
2492
+ ipRateLimiting: z.ZodDefault<z.ZodBoolean>;
2493
+ sessionFingerprinting: z.ZodDefault<z.ZodBoolean>;
2494
+ maxSessions: z.ZodDefault<z.ZodNumber>;
2495
+ }, "strip", z.ZodTypeAny, {
2496
+ trustProxy: boolean;
2497
+ ipRateLimiting: boolean;
2498
+ sessionFingerprinting: boolean;
2499
+ maxSessions: number;
2500
+ allowedOrigins?: string[] | undefined;
2501
+ }, {
2502
+ allowedOrigins?: string[] | undefined;
2503
+ trustProxy?: boolean | undefined;
2504
+ ipRateLimiting?: boolean | undefined;
2505
+ sessionFingerprinting?: boolean | undefined;
2506
+ maxSessions?: number | undefined;
2507
+ }>>;
2508
+ /**
2509
+ * Email configuration for transactional emails
2510
+ */
2511
+ email: z.ZodOptional<z.ZodObject<{
2512
+ from: z.ZodString;
2513
+ fromName: z.ZodOptional<z.ZodString>;
2514
+ provider: z.ZodEnum<["smtp", "sendgrid", "mailgun", "ses", "resend", "custom"]>;
2515
+ config: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
2516
+ }, "strip", z.ZodTypeAny, {
2517
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
2518
+ from: string;
2519
+ config?: Record<string, any> | undefined;
2520
+ fromName?: string | undefined;
2521
+ }, {
2522
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
2523
+ from: string;
2524
+ config?: Record<string, any> | undefined;
2525
+ fromName?: string | undefined;
2526
+ }>>;
2527
+ /**
2528
+ * UI customization options
2529
+ */
2530
+ ui: z.ZodOptional<z.ZodObject<{
2531
+ brandName: z.ZodOptional<z.ZodString>;
2532
+ logo: z.ZodOptional<z.ZodString>;
2533
+ primaryColor: z.ZodOptional<z.ZodString>;
2534
+ customCss: z.ZodOptional<z.ZodString>;
2535
+ }, "strip", z.ZodTypeAny, {
2536
+ primaryColor?: string | undefined;
2537
+ logo?: string | undefined;
2538
+ brandName?: string | undefined;
2539
+ customCss?: string | undefined;
2540
+ }, {
2541
+ primaryColor?: string | undefined;
2542
+ logo?: string | undefined;
2543
+ brandName?: string | undefined;
2544
+ customCss?: string | undefined;
2545
+ }>>;
2546
+ /**
2547
+ * Whether this auth provider is active
2548
+ */
2549
+ active: z.ZodDefault<z.ZodBoolean>;
2550
+ /**
2551
+ * Whether to allow new user registration
2552
+ */
2553
+ allowRegistration: z.ZodDefault<z.ZodBoolean>;
2554
+ }, "strip", z.ZodTypeAny, {
2555
+ label: string;
2556
+ name: string;
2557
+ active: boolean;
2558
+ driver: string;
2559
+ secret: string;
2560
+ rateLimit: {
2561
+ enabled: boolean;
2562
+ windowMs: number;
2563
+ maxAttempts: number;
2564
+ blockDuration: number;
2565
+ skipSuccessfulRequests: boolean;
2566
+ };
2567
+ session: {
2568
+ expiresIn: number;
2569
+ updateAge: number;
2570
+ cookieName: string;
2571
+ cookieSecure: boolean;
2572
+ cookieSameSite: "strict" | "none" | "lax";
2573
+ cookiePath: string;
2574
+ cookieHttpOnly: boolean;
2575
+ cookieDomain?: string | undefined;
2576
+ };
2577
+ strategies: ("oauth" | "email_password" | "magic_link" | "passkey" | "otp" | "anonymous")[];
2578
+ baseUrl: string;
2579
+ csrf: {
2580
+ enabled: boolean;
2581
+ cookieName: string;
2582
+ tokenLength: number;
2583
+ headerName: string;
2584
+ };
2585
+ accountLinking: {
2586
+ enabled: boolean;
2587
+ autoLink: boolean;
2588
+ requireVerification: boolean;
2589
+ };
2590
+ userFieldMapping: {
2591
+ email: string;
2592
+ name: string;
2593
+ id: string;
2594
+ emailVerified: string;
2595
+ createdAt: string;
2596
+ updatedAt: string;
2597
+ image?: string | undefined;
2598
+ };
2599
+ plugins: {
2600
+ name: string;
2601
+ enabled: boolean;
2602
+ options?: Record<string, any> | undefined;
2603
+ }[];
2604
+ allowRegistration: boolean;
2605
+ email?: {
2606
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
2607
+ from: string;
2608
+ config?: Record<string, any> | undefined;
2609
+ fromName?: string | undefined;
2610
+ } | undefined;
2611
+ oauth?: {
2612
+ providers: {
2613
+ enabled: boolean;
2614
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
2615
+ clientId: string;
2616
+ clientSecret: string;
2617
+ icon?: string | undefined;
2618
+ scopes?: string[] | undefined;
2619
+ redirectUri?: string | undefined;
2620
+ displayName?: string | undefined;
2621
+ }[];
2622
+ } | undefined;
2623
+ passkey?: {
2624
+ enabled: boolean;
2625
+ rpName: string;
2626
+ userVerification: "required" | "preferred" | "discouraged";
2627
+ attestation: "none" | "indirect" | "direct" | "enterprise";
2628
+ rpId?: string | undefined;
2629
+ allowedOrigins?: string[] | undefined;
2630
+ } | undefined;
2631
+ enterprise?: {
2632
+ oidc?: {
2633
+ enabled: boolean;
2634
+ clientId: string;
2635
+ clientSecret: string;
2636
+ scopes: string[];
2637
+ issuer: string;
2638
+ icon?: string | undefined;
2639
+ displayName?: string | undefined;
2640
+ attributeMapping?: Record<string, string> | undefined;
2641
+ } | undefined;
2642
+ saml?: {
2643
+ enabled: boolean;
2644
+ issuer: string;
2645
+ entryPoint: string;
2646
+ cert: string;
2647
+ signatureAlgorithm: "sha256" | "sha512";
2648
+ icon?: string | undefined;
2649
+ displayName?: string | undefined;
2650
+ attributeMapping?: Record<string, string> | undefined;
2651
+ } | undefined;
2652
+ ldap?: {
2653
+ url: string;
2654
+ enabled: boolean;
2655
+ bindDn: string;
2656
+ bindCredentials: string;
2657
+ searchBase: string;
2658
+ searchFilter: string;
2659
+ icon?: string | undefined;
2660
+ displayName?: string | undefined;
2661
+ groupSearchBase?: string | undefined;
2662
+ } | undefined;
2663
+ } | undefined;
2664
+ emailPassword?: {
2665
+ enabled: boolean;
2666
+ requireEmailVerification: boolean;
2667
+ minPasswordLength: number;
2668
+ requirePasswordComplexity: boolean;
2669
+ allowPasswordReset: boolean;
2670
+ passwordResetExpiry: number;
2671
+ } | undefined;
2672
+ magicLink?: {
2673
+ enabled: boolean;
2674
+ expiryTime: number;
2675
+ sendEmail?: ((args_0: {
2676
+ token: string;
2677
+ to: string;
2678
+ link: string;
2679
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2680
+ } | undefined;
2681
+ twoFactor?: {
2682
+ enabled: boolean;
2683
+ qrCodeSize: number;
2684
+ issuer?: string | undefined;
2685
+ backupCodes?: {
2686
+ count: number;
2687
+ enabled: boolean;
2688
+ } | undefined;
2689
+ } | undefined;
2690
+ organization?: {
2691
+ enabled: boolean;
2692
+ allowUserToCreateOrg: boolean;
2693
+ defaultRole: string;
2694
+ creatorRole: string;
2695
+ } | undefined;
2696
+ database?: {
2697
+ type: "custom" | "prisma" | "drizzle" | "kysely";
2698
+ tablePrefix: string;
2699
+ connectionString?: string | undefined;
2700
+ schema?: string | undefined;
2701
+ } | undefined;
2702
+ mapping?: {
2703
+ session: Record<string, string>;
2704
+ account: Record<string, string>;
2705
+ user?: Record<string, string> | undefined;
2706
+ verificationToken?: Record<string, string> | undefined;
2707
+ } | undefined;
2708
+ hooks?: {
2709
+ beforeSignIn?: ((args_0: {
2710
+ email: string;
2711
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2712
+ afterSignIn?: ((args_0: {
2713
+ user?: any;
2714
+ session?: any;
2715
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2716
+ beforeSignUp?: ((args_0: {
2717
+ email: string;
2718
+ name?: string | undefined;
2719
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2720
+ afterSignUp?: ((args_0: {
2721
+ user?: any;
2722
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2723
+ beforeSignOut?: ((args_0: {
2724
+ sessionId: string;
2725
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2726
+ afterSignOut?: ((args_0: {
2727
+ sessionId: string;
2728
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2729
+ } | undefined;
2730
+ security?: {
2731
+ trustProxy: boolean;
2732
+ ipRateLimiting: boolean;
2733
+ sessionFingerprinting: boolean;
2734
+ maxSessions: number;
2735
+ allowedOrigins?: string[] | undefined;
2736
+ } | undefined;
2737
+ ui?: {
2738
+ primaryColor?: string | undefined;
2739
+ logo?: string | undefined;
2740
+ brandName?: string | undefined;
2741
+ customCss?: string | undefined;
2742
+ } | undefined;
2743
+ }, {
2744
+ label: string;
2745
+ name: string;
2746
+ secret: string;
2747
+ strategies: ("oauth" | "email_password" | "magic_link" | "passkey" | "otp" | "anonymous")[];
2748
+ baseUrl: string;
2749
+ email?: {
2750
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
2751
+ from: string;
2752
+ config?: Record<string, any> | undefined;
2753
+ fromName?: string | undefined;
2754
+ } | undefined;
2755
+ active?: boolean | undefined;
2756
+ driver?: string | undefined;
2757
+ rateLimit?: {
2758
+ enabled?: boolean | undefined;
2759
+ windowMs?: number | undefined;
2760
+ maxAttempts?: number | undefined;
2761
+ blockDuration?: number | undefined;
2762
+ skipSuccessfulRequests?: boolean | undefined;
2763
+ } | undefined;
2764
+ oauth?: {
2765
+ providers: {
2766
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
2767
+ clientId: string;
2768
+ clientSecret: string;
2769
+ icon?: string | undefined;
2770
+ enabled?: boolean | undefined;
2771
+ scopes?: string[] | undefined;
2772
+ redirectUri?: string | undefined;
2773
+ displayName?: string | undefined;
2774
+ }[];
2775
+ } | undefined;
2776
+ passkey?: {
2777
+ rpName: string;
2778
+ enabled?: boolean | undefined;
2779
+ rpId?: string | undefined;
2780
+ allowedOrigins?: string[] | undefined;
2781
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
2782
+ attestation?: "none" | "indirect" | "direct" | "enterprise" | undefined;
2783
+ } | undefined;
2784
+ enterprise?: {
2785
+ oidc?: {
2786
+ clientId: string;
2787
+ clientSecret: string;
2788
+ issuer: string;
2789
+ icon?: string | undefined;
2790
+ enabled?: boolean | undefined;
2791
+ scopes?: string[] | undefined;
2792
+ displayName?: string | undefined;
2793
+ attributeMapping?: Record<string, string> | undefined;
2794
+ } | undefined;
2795
+ saml?: {
2796
+ issuer: string;
2797
+ entryPoint: string;
2798
+ cert: string;
2799
+ icon?: string | undefined;
2800
+ enabled?: boolean | undefined;
2801
+ displayName?: string | undefined;
2802
+ attributeMapping?: Record<string, string> | undefined;
2803
+ signatureAlgorithm?: "sha256" | "sha512" | undefined;
2804
+ } | undefined;
2805
+ ldap?: {
2806
+ url: string;
2807
+ bindDn: string;
2808
+ bindCredentials: string;
2809
+ searchBase: string;
2810
+ searchFilter: string;
2811
+ icon?: string | undefined;
2812
+ enabled?: boolean | undefined;
2813
+ displayName?: string | undefined;
2814
+ groupSearchBase?: string | undefined;
2815
+ } | undefined;
2816
+ } | undefined;
2817
+ session?: {
2818
+ expiresIn?: number | undefined;
2819
+ updateAge?: number | undefined;
2820
+ cookieName?: string | undefined;
2821
+ cookieSecure?: boolean | undefined;
2822
+ cookieSameSite?: "strict" | "none" | "lax" | undefined;
2823
+ cookieDomain?: string | undefined;
2824
+ cookiePath?: string | undefined;
2825
+ cookieHttpOnly?: boolean | undefined;
2826
+ } | undefined;
2827
+ emailPassword?: {
2828
+ enabled?: boolean | undefined;
2829
+ requireEmailVerification?: boolean | undefined;
2830
+ minPasswordLength?: number | undefined;
2831
+ requirePasswordComplexity?: boolean | undefined;
2832
+ allowPasswordReset?: boolean | undefined;
2833
+ passwordResetExpiry?: number | undefined;
2834
+ } | undefined;
2835
+ magicLink?: {
2836
+ enabled?: boolean | undefined;
2837
+ expiryTime?: number | undefined;
2838
+ sendEmail?: ((args_0: {
2839
+ token: string;
2840
+ to: string;
2841
+ link: string;
2842
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2843
+ } | undefined;
2844
+ csrf?: {
2845
+ enabled?: boolean | undefined;
2846
+ cookieName?: string | undefined;
2847
+ tokenLength?: number | undefined;
2848
+ headerName?: string | undefined;
2849
+ } | undefined;
2850
+ accountLinking?: {
2851
+ enabled?: boolean | undefined;
2852
+ autoLink?: boolean | undefined;
2853
+ requireVerification?: boolean | undefined;
2854
+ } | undefined;
2855
+ twoFactor?: {
2856
+ enabled?: boolean | undefined;
2857
+ issuer?: string | undefined;
2858
+ qrCodeSize?: number | undefined;
2859
+ backupCodes?: {
2860
+ count?: number | undefined;
2861
+ enabled?: boolean | undefined;
2862
+ } | undefined;
2863
+ } | undefined;
2864
+ organization?: {
2865
+ enabled?: boolean | undefined;
2866
+ allowUserToCreateOrg?: boolean | undefined;
2867
+ defaultRole?: string | undefined;
2868
+ creatorRole?: string | undefined;
2869
+ } | undefined;
2870
+ userFieldMapping?: {
2871
+ email?: string | undefined;
2872
+ image?: string | undefined;
2873
+ name?: string | undefined;
2874
+ id?: string | undefined;
2875
+ emailVerified?: string | undefined;
2876
+ createdAt?: string | undefined;
2877
+ updatedAt?: string | undefined;
2878
+ } | undefined;
2879
+ database?: {
2880
+ type: "custom" | "prisma" | "drizzle" | "kysely";
2881
+ connectionString?: string | undefined;
2882
+ tablePrefix?: string | undefined;
2883
+ schema?: string | undefined;
2884
+ } | undefined;
2885
+ mapping?: {
2886
+ user?: Record<string, string> | undefined;
2887
+ session?: Record<string, string> | undefined;
2888
+ account?: Record<string, string> | undefined;
2889
+ verificationToken?: Record<string, string> | undefined;
2890
+ } | undefined;
2891
+ plugins?: {
2892
+ name: string;
2893
+ options?: Record<string, any> | undefined;
2894
+ enabled?: boolean | undefined;
2895
+ }[] | undefined;
2896
+ hooks?: {
2897
+ beforeSignIn?: ((args_0: {
2898
+ email: string;
2899
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2900
+ afterSignIn?: ((args_0: {
2901
+ user?: any;
2902
+ session?: any;
2903
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2904
+ beforeSignUp?: ((args_0: {
2905
+ email: string;
2906
+ name?: string | undefined;
2907
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2908
+ afterSignUp?: ((args_0: {
2909
+ user?: any;
2910
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2911
+ beforeSignOut?: ((args_0: {
2912
+ sessionId: string;
2913
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2914
+ afterSignOut?: ((args_0: {
2915
+ sessionId: string;
2916
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2917
+ } | undefined;
2918
+ security?: {
2919
+ allowedOrigins?: string[] | undefined;
2920
+ trustProxy?: boolean | undefined;
2921
+ ipRateLimiting?: boolean | undefined;
2922
+ sessionFingerprinting?: boolean | undefined;
2923
+ maxSessions?: number | undefined;
2924
+ } | undefined;
2925
+ ui?: {
2926
+ primaryColor?: string | undefined;
2927
+ logo?: string | undefined;
2928
+ brandName?: string | undefined;
2929
+ customCss?: string | undefined;
2930
+ } | undefined;
2931
+ allowRegistration?: boolean | undefined;
2932
+ }>;
2933
+ }, "strip", z.ZodTypeAny, {
2934
+ type: "standard_auth";
2935
+ config: {
2936
+ label: string;
2937
+ name: string;
2938
+ active: boolean;
2939
+ driver: string;
2940
+ secret: string;
2941
+ rateLimit: {
2942
+ enabled: boolean;
2943
+ windowMs: number;
2944
+ maxAttempts: number;
2945
+ blockDuration: number;
2946
+ skipSuccessfulRequests: boolean;
2947
+ };
2948
+ session: {
2949
+ expiresIn: number;
2950
+ updateAge: number;
2951
+ cookieName: string;
2952
+ cookieSecure: boolean;
2953
+ cookieSameSite: "strict" | "none" | "lax";
2954
+ cookiePath: string;
2955
+ cookieHttpOnly: boolean;
2956
+ cookieDomain?: string | undefined;
2957
+ };
2958
+ strategies: ("oauth" | "email_password" | "magic_link" | "passkey" | "otp" | "anonymous")[];
2959
+ baseUrl: string;
2960
+ csrf: {
2961
+ enabled: boolean;
2962
+ cookieName: string;
2963
+ tokenLength: number;
2964
+ headerName: string;
2965
+ };
2966
+ accountLinking: {
2967
+ enabled: boolean;
2968
+ autoLink: boolean;
2969
+ requireVerification: boolean;
2970
+ };
2971
+ userFieldMapping: {
2972
+ email: string;
2973
+ name: string;
2974
+ id: string;
2975
+ emailVerified: string;
2976
+ createdAt: string;
2977
+ updatedAt: string;
2978
+ image?: string | undefined;
2979
+ };
2980
+ plugins: {
2981
+ name: string;
2982
+ enabled: boolean;
2983
+ options?: Record<string, any> | undefined;
2984
+ }[];
2985
+ allowRegistration: boolean;
2986
+ email?: {
2987
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
2988
+ from: string;
2989
+ config?: Record<string, any> | undefined;
2990
+ fromName?: string | undefined;
2991
+ } | undefined;
2992
+ oauth?: {
2993
+ providers: {
2994
+ enabled: boolean;
2995
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
2996
+ clientId: string;
2997
+ clientSecret: string;
2998
+ icon?: string | undefined;
2999
+ scopes?: string[] | undefined;
3000
+ redirectUri?: string | undefined;
3001
+ displayName?: string | undefined;
3002
+ }[];
3003
+ } | undefined;
3004
+ passkey?: {
3005
+ enabled: boolean;
3006
+ rpName: string;
3007
+ userVerification: "required" | "preferred" | "discouraged";
3008
+ attestation: "none" | "indirect" | "direct" | "enterprise";
3009
+ rpId?: string | undefined;
3010
+ allowedOrigins?: string[] | undefined;
3011
+ } | undefined;
3012
+ enterprise?: {
3013
+ oidc?: {
3014
+ enabled: boolean;
3015
+ clientId: string;
3016
+ clientSecret: string;
3017
+ scopes: string[];
3018
+ issuer: string;
3019
+ icon?: string | undefined;
3020
+ displayName?: string | undefined;
3021
+ attributeMapping?: Record<string, string> | undefined;
3022
+ } | undefined;
3023
+ saml?: {
3024
+ enabled: boolean;
3025
+ issuer: string;
3026
+ entryPoint: string;
3027
+ cert: string;
3028
+ signatureAlgorithm: "sha256" | "sha512";
3029
+ icon?: string | undefined;
3030
+ displayName?: string | undefined;
3031
+ attributeMapping?: Record<string, string> | undefined;
3032
+ } | undefined;
3033
+ ldap?: {
3034
+ url: string;
3035
+ enabled: boolean;
3036
+ bindDn: string;
3037
+ bindCredentials: string;
3038
+ searchBase: string;
3039
+ searchFilter: string;
3040
+ icon?: string | undefined;
3041
+ displayName?: string | undefined;
3042
+ groupSearchBase?: string | undefined;
3043
+ } | undefined;
3044
+ } | undefined;
3045
+ emailPassword?: {
3046
+ enabled: boolean;
3047
+ requireEmailVerification: boolean;
3048
+ minPasswordLength: number;
3049
+ requirePasswordComplexity: boolean;
3050
+ allowPasswordReset: boolean;
3051
+ passwordResetExpiry: number;
3052
+ } | undefined;
3053
+ magicLink?: {
3054
+ enabled: boolean;
3055
+ expiryTime: number;
3056
+ sendEmail?: ((args_0: {
3057
+ token: string;
3058
+ to: string;
3059
+ link: string;
3060
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3061
+ } | undefined;
3062
+ twoFactor?: {
3063
+ enabled: boolean;
3064
+ qrCodeSize: number;
3065
+ issuer?: string | undefined;
3066
+ backupCodes?: {
3067
+ count: number;
3068
+ enabled: boolean;
3069
+ } | undefined;
3070
+ } | undefined;
3071
+ organization?: {
3072
+ enabled: boolean;
3073
+ allowUserToCreateOrg: boolean;
3074
+ defaultRole: string;
3075
+ creatorRole: string;
3076
+ } | undefined;
3077
+ database?: {
3078
+ type: "custom" | "prisma" | "drizzle" | "kysely";
3079
+ tablePrefix: string;
3080
+ connectionString?: string | undefined;
3081
+ schema?: string | undefined;
3082
+ } | undefined;
3083
+ mapping?: {
3084
+ session: Record<string, string>;
3085
+ account: Record<string, string>;
3086
+ user?: Record<string, string> | undefined;
3087
+ verificationToken?: Record<string, string> | undefined;
3088
+ } | undefined;
3089
+ hooks?: {
3090
+ beforeSignIn?: ((args_0: {
3091
+ email: string;
3092
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3093
+ afterSignIn?: ((args_0: {
3094
+ user?: any;
3095
+ session?: any;
3096
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3097
+ beforeSignUp?: ((args_0: {
3098
+ email: string;
3099
+ name?: string | undefined;
3100
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3101
+ afterSignUp?: ((args_0: {
3102
+ user?: any;
3103
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3104
+ beforeSignOut?: ((args_0: {
3105
+ sessionId: string;
3106
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3107
+ afterSignOut?: ((args_0: {
3108
+ sessionId: string;
3109
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3110
+ } | undefined;
3111
+ security?: {
3112
+ trustProxy: boolean;
3113
+ ipRateLimiting: boolean;
3114
+ sessionFingerprinting: boolean;
3115
+ maxSessions: number;
3116
+ allowedOrigins?: string[] | undefined;
3117
+ } | undefined;
3118
+ ui?: {
3119
+ primaryColor?: string | undefined;
3120
+ logo?: string | undefined;
3121
+ brandName?: string | undefined;
3122
+ customCss?: string | undefined;
3123
+ } | undefined;
3124
+ };
3125
+ }, {
3126
+ type: "standard_auth";
3127
+ config: {
3128
+ label: string;
3129
+ name: string;
3130
+ secret: string;
3131
+ strategies: ("oauth" | "email_password" | "magic_link" | "passkey" | "otp" | "anonymous")[];
3132
+ baseUrl: string;
3133
+ email?: {
3134
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
3135
+ from: string;
3136
+ config?: Record<string, any> | undefined;
3137
+ fromName?: string | undefined;
3138
+ } | undefined;
3139
+ active?: boolean | undefined;
3140
+ driver?: string | undefined;
3141
+ rateLimit?: {
3142
+ enabled?: boolean | undefined;
3143
+ windowMs?: number | undefined;
3144
+ maxAttempts?: number | undefined;
3145
+ blockDuration?: number | undefined;
3146
+ skipSuccessfulRequests?: boolean | undefined;
3147
+ } | undefined;
3148
+ oauth?: {
3149
+ providers: {
3150
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
3151
+ clientId: string;
3152
+ clientSecret: string;
3153
+ icon?: string | undefined;
3154
+ enabled?: boolean | undefined;
3155
+ scopes?: string[] | undefined;
3156
+ redirectUri?: string | undefined;
3157
+ displayName?: string | undefined;
3158
+ }[];
3159
+ } | undefined;
3160
+ passkey?: {
3161
+ rpName: string;
3162
+ enabled?: boolean | undefined;
3163
+ rpId?: string | undefined;
3164
+ allowedOrigins?: string[] | undefined;
3165
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
3166
+ attestation?: "none" | "indirect" | "direct" | "enterprise" | undefined;
3167
+ } | undefined;
3168
+ enterprise?: {
3169
+ oidc?: {
3170
+ clientId: string;
3171
+ clientSecret: string;
3172
+ issuer: string;
3173
+ icon?: string | undefined;
3174
+ enabled?: boolean | undefined;
3175
+ scopes?: string[] | undefined;
3176
+ displayName?: string | undefined;
3177
+ attributeMapping?: Record<string, string> | undefined;
3178
+ } | undefined;
3179
+ saml?: {
3180
+ issuer: string;
3181
+ entryPoint: string;
3182
+ cert: string;
3183
+ icon?: string | undefined;
3184
+ enabled?: boolean | undefined;
3185
+ displayName?: string | undefined;
3186
+ attributeMapping?: Record<string, string> | undefined;
3187
+ signatureAlgorithm?: "sha256" | "sha512" | undefined;
3188
+ } | undefined;
3189
+ ldap?: {
3190
+ url: string;
3191
+ bindDn: string;
3192
+ bindCredentials: string;
3193
+ searchBase: string;
3194
+ searchFilter: string;
3195
+ icon?: string | undefined;
3196
+ enabled?: boolean | undefined;
3197
+ displayName?: string | undefined;
3198
+ groupSearchBase?: string | undefined;
3199
+ } | undefined;
3200
+ } | undefined;
3201
+ session?: {
3202
+ expiresIn?: number | undefined;
3203
+ updateAge?: number | undefined;
3204
+ cookieName?: string | undefined;
3205
+ cookieSecure?: boolean | undefined;
3206
+ cookieSameSite?: "strict" | "none" | "lax" | undefined;
3207
+ cookieDomain?: string | undefined;
3208
+ cookiePath?: string | undefined;
3209
+ cookieHttpOnly?: boolean | undefined;
3210
+ } | undefined;
3211
+ emailPassword?: {
3212
+ enabled?: boolean | undefined;
3213
+ requireEmailVerification?: boolean | undefined;
3214
+ minPasswordLength?: number | undefined;
3215
+ requirePasswordComplexity?: boolean | undefined;
3216
+ allowPasswordReset?: boolean | undefined;
3217
+ passwordResetExpiry?: number | undefined;
3218
+ } | undefined;
3219
+ magicLink?: {
3220
+ enabled?: boolean | undefined;
3221
+ expiryTime?: number | undefined;
3222
+ sendEmail?: ((args_0: {
3223
+ token: string;
3224
+ to: string;
3225
+ link: string;
3226
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3227
+ } | undefined;
3228
+ csrf?: {
3229
+ enabled?: boolean | undefined;
3230
+ cookieName?: string | undefined;
3231
+ tokenLength?: number | undefined;
3232
+ headerName?: string | undefined;
3233
+ } | undefined;
3234
+ accountLinking?: {
3235
+ enabled?: boolean | undefined;
3236
+ autoLink?: boolean | undefined;
3237
+ requireVerification?: boolean | undefined;
3238
+ } | undefined;
3239
+ twoFactor?: {
3240
+ enabled?: boolean | undefined;
3241
+ issuer?: string | undefined;
3242
+ qrCodeSize?: number | undefined;
3243
+ backupCodes?: {
3244
+ count?: number | undefined;
3245
+ enabled?: boolean | undefined;
3246
+ } | undefined;
3247
+ } | undefined;
3248
+ organization?: {
3249
+ enabled?: boolean | undefined;
3250
+ allowUserToCreateOrg?: boolean | undefined;
3251
+ defaultRole?: string | undefined;
3252
+ creatorRole?: string | undefined;
3253
+ } | undefined;
3254
+ userFieldMapping?: {
3255
+ email?: string | undefined;
3256
+ image?: string | undefined;
3257
+ name?: string | undefined;
3258
+ id?: string | undefined;
3259
+ emailVerified?: string | undefined;
3260
+ createdAt?: string | undefined;
3261
+ updatedAt?: string | undefined;
3262
+ } | undefined;
3263
+ database?: {
3264
+ type: "custom" | "prisma" | "drizzle" | "kysely";
3265
+ connectionString?: string | undefined;
3266
+ tablePrefix?: string | undefined;
3267
+ schema?: string | undefined;
3268
+ } | undefined;
3269
+ mapping?: {
3270
+ user?: Record<string, string> | undefined;
3271
+ session?: Record<string, string> | undefined;
3272
+ account?: Record<string, string> | undefined;
3273
+ verificationToken?: Record<string, string> | undefined;
3274
+ } | undefined;
3275
+ plugins?: {
3276
+ name: string;
3277
+ options?: Record<string, any> | undefined;
3278
+ enabled?: boolean | undefined;
3279
+ }[] | undefined;
3280
+ hooks?: {
3281
+ beforeSignIn?: ((args_0: {
3282
+ email: string;
3283
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3284
+ afterSignIn?: ((args_0: {
3285
+ user?: any;
3286
+ session?: any;
3287
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3288
+ beforeSignUp?: ((args_0: {
3289
+ email: string;
3290
+ name?: string | undefined;
3291
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3292
+ afterSignUp?: ((args_0: {
3293
+ user?: any;
3294
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3295
+ beforeSignOut?: ((args_0: {
3296
+ sessionId: string;
3297
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3298
+ afterSignOut?: ((args_0: {
3299
+ sessionId: string;
3300
+ }, ...args: unknown[]) => Promise<void>) | undefined;
3301
+ } | undefined;
3302
+ security?: {
3303
+ allowedOrigins?: string[] | undefined;
3304
+ trustProxy?: boolean | undefined;
3305
+ ipRateLimiting?: boolean | undefined;
3306
+ sessionFingerprinting?: boolean | undefined;
3307
+ maxSessions?: number | undefined;
3308
+ } | undefined;
3309
+ ui?: {
3310
+ primaryColor?: string | undefined;
3311
+ logo?: string | undefined;
3312
+ brandName?: string | undefined;
3313
+ customCss?: string | undefined;
3314
+ } | undefined;
3315
+ allowRegistration?: boolean | undefined;
3316
+ };
3317
+ }>;
3318
+ export type StandardAuthProvider = z.infer<typeof StandardAuthProviderSchema>;
3319
+ //# sourceMappingURL=auth.zod.d.ts.map