@supabase/auth-js 2.72.1-rc.1 → 2.73.0-rc.5

package/dist/module/lib/types.d.ts

@@ -1,8 +1,9 @@
-import { EIP1193Provider } from './web3/ethereum';
 import { AuthError } from './errors';
 import { Fetch } from './fetch';
+import { EIP1193Provider, EthereumSignInInput, Hex } from './web3/ethereum';
 import type { SolanaSignInInput, SolanaSignInOutput } from './web3/solana';
-import { EthereumSignInInput, Hex } from './web3/ethereum';
+import { ServerCredentialCreationOptions, ServerCredentialRequestOptions, WebAuthnApi } from './webauthn';
+import { AuthenticationCredential, PublicKeyCredentialCreationOptionsFuture, PublicKeyCredentialRequestOptionsFuture, RegistrationCredential } from './webauthn.dom';
 /** One of the providers supported by GoTrue. */
 export declare type Provider = 'apple' | 'azure' | 'bitbucket' | 'discord' | 'facebook' | 'figma' | 'github' | 'gitlab' | 'google' | 'kakao' | 'keycloak' | 'linkedin' | 'linkedin_oidc' | 'notion' | 'slack' | 'slack_oidc' | 'spotify' | 'twitch' | 'twitter' | 'workos' | 'zoom' | 'fly';
 export declare type AuthChangeEventMFA = 'MFA_CHALLENGE_VERIFIED';
@@ -56,86 +57,76 @@ export declare type GoTrueClientOptions = {
      */
     hasCustomAuthorizationHeader?: boolean;
 };
-export declare type WeakPasswordReasons = 'length' | 'characters' | 'pwned' | (string & {});
+declare const WeakPasswordReasons: readonly ["length", "characters", "pwned"];
+export declare type WeakPasswordReasons = typeof WeakPasswordReasons[number];
 export declare type WeakPassword = {
     reasons: WeakPasswordReasons[];
     message: string;
 };
-export declare type AuthResponse = {
-    data: {
-        user: User | null;
-        session: Session | null;
-    };
+/**
+ * Resolve mapped types and show the derived keys and their types when hovering in
+ * VS Code, instead of just showing the names those mapped types are defined with.
+ */
+export declare type Prettify<T> = T extends Function ? T : {
+    [K in keyof T]: T[K];
+};
+/**
+ * A stricter version of TypeScript's Omit that only allows omitting keys that actually exist.
+ * This prevents typos and ensures type safety at compile time.
+ * Unlike regular Omit, this will error if you try to omit a non-existent key.
+ */
+export declare type StrictOmit<T, K extends keyof T> = Omit<T, K>;
+/**
+ * a shared result type that encapsulates errors instead of throwing them, allows you to optionally specify the ErrorType
+ */
+export declare type RequestResult<T, ErrorType extends Error = AuthError> = {
+    data: T;
     error: null;
 } | {
-    data: {
-        user: null;
-        session: null;
-    };
-    error: AuthError;
+    data: null;
+    error: Error extends AuthError ? AuthError : ErrorType;
 };
-export declare type AuthResponsePassword = {
-    data: {
-        user: User | null;
-        session: Session | null;
-        weak_password?: WeakPassword | null;
-    };
+/**
+ * similar to RequestResult except it allows you to destructure the possible shape of the success response
+ *  {@see RequestResult}
+ */
+export declare type RequestResultSafeDestructure<T> = {
+    data: T;
     error: null;
 } | {
-    data: {
-        user: null;
-        session: null;
-    };
+    data: T extends object ? {
+        [K in keyof T]: null;
+    } : null;
     error: AuthError;
 };
+export declare type AuthResponse = RequestResultSafeDestructure<{
+    user: User | null;
+    session: Session | null;
+}>;
+export declare type AuthResponsePassword = RequestResultSafeDestructure<{
+    user: User | null;
+    session: Session | null;
+    weak_password?: WeakPassword | null;
+}>;
 /**
  * AuthOtpResponse is returned when OTP is used.
  *
  * {@see AuthResponse}
  */
-export declare type AuthOtpResponse = {
-    data: {
-        user: null;
-        session: null;
-        messageId?: string | null;
-    };
-    error: null;
-} | {
-    data: {
-        user: null;
-        session: null;
-        messageId?: string | null;
-    };
-    error: AuthError;
-};
-export declare type AuthTokenResponse = {
-    data: {
-        user: User;
-        session: Session;
-    };
-    error: null;
-} | {
-    data: {
-        user: null;
-        session: null;
-    };
-    error: AuthError;
-};
-export declare type AuthTokenResponsePassword = {
-    data: {
-        user: User;
-        session: Session;
-        weakPassword?: WeakPassword;
-    };
-    error: null;
-} | {
-    data: {
-        user: null;
-        session: null;
-        weakPassword?: null;
-    };
-    error: AuthError;
-};
+export declare type AuthOtpResponse = RequestResultSafeDestructure<{
+    user: null;
+    session: null;
+    messageId?: string | null;
+}>;
+export declare type AuthTokenResponse = RequestResultSafeDestructure<{
+    user: User;
+    session: Session;
+}>;
+export declare type AuthTokenResponsePassword = RequestResultSafeDestructure<{
+    user: User;
+    session: Session;
+    weakPassword?: WeakPassword;
+}>;
 export declare type OAuthResponse = {
     data: {
         provider: Provider;
@@ -149,33 +140,19 @@ export declare type OAuthResponse = {
     };
     error: AuthError;
 };
-export declare type SSOResponse = {
-    data: {
-        /**
-         * URL to open in a browser which will complete the sign-in flow by
-         * taking the user to the identity provider's authentication flow.
-         *
-         * On browsers you can set the URL to `window.location.href` to take
-         * the user to the authentication flow.
-         */
-        url: string;
-    };
-    error: null;
-} | {
-    data: null;
-    error: AuthError;
-};
-export declare type UserResponse = {
-    data: {
-        user: User;
-    };
-    error: null;
-} | {
-    data: {
-        user: null;
-    };
-    error: AuthError;
-};
+export declare type SSOResponse = RequestResult<{
+    /**
+     * URL to open in a browser which will complete the sign-in flow by
+     * taking the user to the identity provider's authentication flow.
+     *
+     * On browsers you can set the URL to `window.location.href` to take
+     * the user to the authentication flow.
+     */
+    url: string;
+}>;
+export declare type UserResponse = RequestResultSafeDestructure<{
+    user: User;
+}>;
 export interface Session {
     /**
      * The oauth provider token. If present, this can be used to make external API requests to the oauth provider used.
@@ -202,12 +179,14 @@ export interface Session {
      * A timestamp of when the token will expire. Returned when a login is confirmed.
      */
     expires_at?: number;
-    token_type: string;
+    token_type: 'bearer';
     /**
      * When using a separate user storage, accessing properties of this object will throw an error.
      */
     user: User;
 }
+declare const AMRMethods: readonly ["password", "otp", "oauth", "totp", "mfa/totp", "mfa/phone", "mfa/webauthn", "anonymous", "sso/saml", "magiclink", "web3"];
+export declare type AMRMethod = typeof AMRMethods[number] | (string & {});
 /**
  * An authentication methord reference (AMR) entry.
  *
@@ -218,7 +197,7 @@ export interface Session {
  */
 export interface AMREntry {
     /** Authentication method name. */
-    method: 'password' | 'otp' | 'oauth' | 'mfa/totp' | (string & {});
+    method: AMRMethod;
     /**
      * Timestamp when the method was successfully used. Represents number of
      * seconds since 1st January 1970 (UNIX epoch) in UTC.
@@ -237,6 +216,16 @@ export interface UserIdentity {
     last_sign_in_at?: string;
     updated_at?: string;
 }
+declare const FactorTypes: readonly ["totp", "phone", "webauthn"];
+/**
+ * Type of factor. `totp` and `phone` supported with this version
+ */
+export declare type FactorType = typeof FactorTypes[number];
+declare const FactorVerificationStatuses: readonly ["verified", "unverified"];
+/**
+ * The verification status of the factor, default is `unverified` after `.enroll()`, then `verified` after the user verifies it with `.verify()`
+ */
+declare type FactorVerificationStatus = typeof FactorVerificationStatuses[number];
 /**
  * A MFA factor.
  *
@@ -244,7 +233,7 @@ export interface UserIdentity {
  * @see {@link GoTrueMFAApi#listFactors}
  * @see {@link GoTrueMFAAdminApi#listFactors}
  */
-export interface Factor {
+export declare type Factor<Type extends FactorType = FactorType, Status extends FactorVerificationStatus = typeof FactorVerificationStatuses[number]> = {
     /** ID of the factor. */
     id: string;
     /** Friendly name of the factor, useful to disambiguate between multiple factors. */
@@ -252,12 +241,14 @@ export interface Factor {
     /**
      * Type of factor. `totp` and `phone` supported with this version
      */
-    factor_type: 'totp' | 'phone' | (string & {});
-    /** Factor's status. */
-    status: 'verified' | 'unverified';
+    factor_type: Type;
+    /**
+     * The verification status of the factor, default is `unverified` after `.enroll()`, then `verified` after the user verifies it with `.verify()`
+     */
+    status: Status;
     created_at: string;
     updated_at: string;
-}
+};
 export interface UserAppMetadata {
     provider?: string;
     [key: string]: any;
@@ -289,7 +280,7 @@ export interface User {
     identities?: UserIdentity[];
     is_anonymous?: boolean;
     is_sso_user?: boolean;
-    factors?: Factor[];
+    factors?: (Factor<FactorType, 'verified'> | Factor<FactorType, 'unverified'>)[];
     deleted_at?: string;
 }
 export interface UserAttributes {
@@ -412,57 +403,23 @@ export declare type SignInAnonymouslyCredentials = {
         captchaToken?: string;
     };
 };
-export declare type SignUpWithPasswordCredentials = {
-    /** The user's email address. */
-    email: string;
-    /** The user's password. */
-    password: string;
+export declare type SignUpWithPasswordCredentials = Prettify<PasswordCredentialsBase & {
     options?: {
-        /** The redirect url embedded in the email link */
         emailRedirectTo?: string;
-        /**
-         * A custom data object to store the user's metadata. This maps to the `auth.users.raw_user_meta_data` column.
-         *
-         * The `data` should be a JSON object that includes user-specific info, such as their first and last name.
-         */
         data?: object;
-        /** Verification token received when the user completes the captcha on the site. */
         captchaToken?: string;
-    };
-} | {
-    /** The user's phone number. */
-    phone: string;
-    /** The user's password. */
-    password: string;
-    options?: {
-        /**
-         * A custom data object to store the user's metadata. This maps to the `auth.users.raw_user_meta_data` column.
-         *
-         * The `data` should be a JSON object that includes user-specific info, such as their first and last name.
-         */
-        data?: object;
-        /** Verification token received when the user completes the captcha on the site. Requires a configured WhatsApp sender on Twilio */
-        captchaToken?: string;
-        /** Messaging channel to use (e.g. whatsapp or sms) */
         channel?: 'sms' | 'whatsapp';
     };
-};
-export declare type SignInWithPasswordCredentials = {
-    /** The user's email address. */
+}>;
+declare type PasswordCredentialsBase = {
     email: string;
-    /** The user's password. */
     password: string;
-    options?: {
-        /** Verification token received when the user completes the captcha on the site. */
-        captchaToken?: string;
-    };
 } | {
-    /** The user's phone number. */
     phone: string;
-    /** The user's password. */
     password: string;
+};
+export declare type SignInWithPasswordCredentials = PasswordCredentialsBase & {
     options?: {
-        /** Verification token received when the user completes the captcha on the site. */
         captchaToken?: string;
     };
 };
@@ -708,19 +665,10 @@ export interface GenerateLinkOptions {
     redirectTo?: string;
 }
 export declare type GenerateLinkParams = GenerateSignupLinkParams | GenerateInviteOrMagiclinkParams | GenerateRecoveryLinkParams | GenerateEmailChangeLinkParams;
-export declare type GenerateLinkResponse = {
-    data: {
-        properties: GenerateLinkProperties;
-        user: User;
-    };
-    error: null;
-} | {
-    data: {
-        properties: null;
-        user: null;
-    };
-    error: AuthError;
-};
+export declare type GenerateLinkResponse = RequestResultSafeDestructure<{
+    properties: GenerateLinkProperties;
+    user: User;
+}>;
 /** The properties related to the email link generated  */
 export declare type GenerateLinkProperties = {
     /**
@@ -743,112 +691,190 @@ export declare type GenerateLinkProperties = {
     verification_type: GenerateLinkType;
 };
 export declare type GenerateLinkType = 'signup' | 'invite' | 'magiclink' | 'recovery' | 'email_change_current' | 'email_change_new';
-export declare type MFAEnrollParams = MFAEnrollTOTPParams | MFAEnrollPhoneParams;
+export declare type MFAEnrollParams = MFAEnrollTOTPParams | MFAEnrollPhoneParams | MFAEnrollWebauthnParams;
 export declare type MFAUnenrollParams = {
     /** ID of the factor being unenrolled. */
     factorId: string;
 };
-export declare type MFAVerifyParams = {
+declare type MFAVerifyParamsBase = {
     /** ID of the factor being verified. Returned in enroll(). */
     factorId: string;
     /** ID of the challenge being verified. Returned in challenge(). */
     challengeId: string;
+};
+declare type MFAVerifyTOTPParamFields = {
     /** Verification code provided by the user. */
     code: string;
 };
-export declare type MFAChallengeParams = {
+export declare type MFAVerifyTOTPParams = Prettify<MFAVerifyParamsBase & MFAVerifyTOTPParamFields>;
+declare type MFAVerifyPhoneParamFields = MFAVerifyTOTPParamFields;
+export declare type MFAVerifyPhoneParams = Prettify<MFAVerifyParamsBase & MFAVerifyPhoneParamFields>;
+declare type MFAVerifyWebauthnParamFieldsBase = {
+    /** Relying party ID */
+    rpId: string;
+    /** Relying party origins */
+    rpOrigins?: string[];
+};
+declare type MFAVerifyWebauthnCredentialParamFields<T extends 'create' | 'request' = 'create' | 'request'> = {
+    /** Operation type */
+    type: T;
+    /** Creation response from the authenticator (for enrollment/unverified factors) */
+    credential_response: T extends 'create' ? RegistrationCredential : AuthenticationCredential;
+};
+/**
+ * WebAuthn-specific fields for MFA verification.
+ * Supports both credential creation (registration) and request (authentication) flows.
+ * @template T - Type of WebAuthn operation: 'create' for registration, 'request' for authentication
+ */
+export declare type MFAVerifyWebauthnParamFields<T extends 'create' | 'request' = 'create' | 'request'> = {
+    webauthn: MFAVerifyWebauthnParamFieldsBase & MFAVerifyWebauthnCredentialParamFields<T>;
+};
+/**
+ * Parameters for WebAuthn MFA verification.
+ * Used to verify WebAuthn credentials after challenge.
+ * @template T - Type of WebAuthn operation: 'create' for registration, 'request' for authentication
+ * @see {@link https://w3c.github.io/webauthn/#sctn-verifying-assertion W3C WebAuthn Spec - Verifying an Authentication Assertion}
+ */
+export declare type MFAVerifyWebauthnParams<T extends 'create' | 'request' = 'create' | 'request'> = Prettify<MFAVerifyParamsBase & MFAVerifyWebauthnParamFields<T>>;
+export declare type MFAVerifyParams = MFAVerifyTOTPParams | MFAVerifyPhoneParams | MFAVerifyWebauthnParams;
+declare type MFAChallengeParamsBase = {
     /** ID of the factor to be challenged. Returned in enroll(). */
     factorId: string;
-    /** Messaging channel to use (e.g. whatsapp or sms). Only relevant for phone factors */
-    channel?: 'sms' | 'whatsapp';
 };
-export declare type MFAChallengeAndVerifyParams = {
-    /** ID of the factor being verified. Returned in enroll(). */
-    factorId: string;
-    /** Verification code provided by the user. */
-    code: string;
+declare const MFATOTPChannels: readonly ["sms", "whatsapp"];
+export declare type MFATOTPChannel = typeof MFATOTPChannels[number];
+export declare type MFAChallengeTOTPParams = Prettify<MFAChallengeParamsBase>;
+declare type MFAChallengePhoneParamFields<Channel extends MFATOTPChannel = MFATOTPChannel> = {
+    /** Messaging channel to use (e.g. whatsapp or sms). Only relevant for phone factors */
+    channel: Channel;
 };
-export declare type AuthMFAVerifyResponse = {
-    data: {
-        /** New access token (JWT) after successful verification. */
-        access_token: string;
-        /** Type of token, typically `Bearer`. */
-        token_type: string;
-        /** Number of seconds in which the access token will expire. */
-        expires_in: number;
-        /** Refresh token you can use to obtain new access tokens when expired. */
-        refresh_token: string;
-        /** Updated user profile. */
-        user: User;
+export declare type MFAChallengePhoneParams = Prettify<MFAChallengeParamsBase & MFAChallengePhoneParamFields>;
+/** WebAuthn parameters for WebAuthn factor challenge */
+declare type MFAChallengeWebauthnParamFields = {
+    webauthn: {
+        /** Relying party ID */
+        rpId: string;
+        /** Relying party origins*/
+        rpOrigins?: string[];
     };
-    error: null;
-} | {
-    data: null;
-    error: AuthError;
 };
-export declare type AuthMFAEnrollResponse = AuthMFAEnrollTOTPResponse | AuthMFAEnrollPhoneResponse;
-export declare type AuthMFAUnenrollResponse = {
-    data: {
-        /** ID of the factor that was successfully unenrolled. */
-        id: string;
-    };
-    error: null;
-} | {
-    data: null;
-    error: AuthError;
+/**
+ * Parameters for initiating a WebAuthn MFA challenge.
+ * Includes Relying Party information needed for WebAuthn ceremonies.
+ * @see {@link https://w3c.github.io/webauthn/#sctn-rp-operations W3C WebAuthn Spec - Relying Party Operations}
+ */
+export declare type MFAChallengeWebauthnParams = Prettify<MFAChallengeParamsBase & MFAChallengeWebauthnParamFields>;
+export declare type MFAChallengeParams = MFAChallengeTOTPParams | MFAChallengePhoneParams | MFAChallengeWebauthnParams;
+declare type MFAChallengeAndVerifyParamsBase = Omit<MFAVerifyParamsBase, 'challengeId'>;
+declare type MFAChallengeAndVerifyTOTPParamFields = MFAVerifyTOTPParamFields;
+declare type MFAChallengeAndVerifyTOTPParams = Prettify<MFAChallengeAndVerifyParamsBase & MFAChallengeAndVerifyTOTPParamFields>;
+export declare type MFAChallengeAndVerifyParams = MFAChallengeAndVerifyTOTPParams;
+/**
+ * Data returned after successful MFA verification.
+ * Contains new session tokens and updated user information.
+ */
+export declare type AuthMFAVerifyResponseData = {
+    /** New access token (JWT) after successful verification. */
+    access_token: string;
+    /** Type of token, always `bearer`. */
+    token_type: 'bearer';
+    /** Number of seconds in which the access token will expire. */
+    expires_in: number;
+    /** Refresh token you can use to obtain new access tokens when expired. */
+    refresh_token: string;
+    /** Updated user profile. */
+    user: User;
 };
-export declare type AuthMFAChallengeResponse = {
-    data: {
-        /** ID of the newly created challenge. */
-        id: string;
-        /** Factor Type which generated the challenge */
-        type: 'totp' | 'phone';
-        /** Timestamp in UNIX seconds when this challenge will no longer be usable. */
-        expires_at: number;
-    };
-    error: null;
-} | {
-    data: null;
-    error: AuthError;
+/**
+ * Response type for MFA verification operations.
+ * Returns session tokens on successful verification.
+ */
+export declare type AuthMFAVerifyResponse = RequestResult<AuthMFAVerifyResponseData>;
+export declare type AuthMFAEnrollResponse = AuthMFAEnrollTOTPResponse | AuthMFAEnrollPhoneResponse | AuthMFAEnrollWebauthnResponse;
+export declare type AuthMFAUnenrollResponse = RequestResult<{
+    /** ID of the factor that was successfully unenrolled. */
+    id: string;
+}>;
+declare type AuthMFAChallengeResponseBase<T extends FactorType> = {
+    /** ID of the newly created challenge. */
+    id: string;
+    /** Factor Type which generated the challenge */
+    type: T;
+    /** Timestamp in UNIX seconds when this challenge will no longer be usable. */
+    expires_at: number;
 };
-export declare type AuthMFAListFactorsResponse = {
-    data: {
-        /** All available factors (verified and unverified). */
-        all: Factor[];
-        /** Only verified TOTP factors. (A subset of `all`.) */
-        totp: Factor[];
-        /** Only verified Phone factors. (A subset of `all`.) */
-        phone: Factor[];
+declare type AuthMFAChallengeTOTPResponseFields = {};
+export declare type AuthMFAChallengeTOTPResponse = RequestResult<Prettify<AuthMFAChallengeResponseBase<'totp'> & AuthMFAChallengeTOTPResponseFields>>;
+declare type AuthMFAChallengePhoneResponseFields = {};
+export declare type AuthMFAChallengePhoneResponse = RequestResult<Prettify<AuthMFAChallengeResponseBase<'phone'> & AuthMFAChallengePhoneResponseFields>>;
+declare type AuthMFAChallengeWebauthnResponseFields = {
+    webauthn: {
+        type: 'create';
+        credential_options: {
+            publicKey: PublicKeyCredentialCreationOptionsFuture;
+        };
+    } | {
+        type: 'request';
+        credential_options: {
+            publicKey: PublicKeyCredentialRequestOptionsFuture;
+        };
     };
-    error: null;
-} | {
-    data: null;
-    error: AuthError;
 };
-export declare type AuthenticatorAssuranceLevels = 'aal1' | 'aal2';
-export declare type AuthMFAGetAuthenticatorAssuranceLevelResponse = {
-    data: {
-        /** Current AAL level of the session. */
-        currentLevel: AuthenticatorAssuranceLevels | null;
-        /**
-         * Next possible AAL level for the session. If the next level is higher
-         * than the current one, the user should go through MFA.
-         *
-         * @see {@link GoTrueMFAApi#challenge}
-         */
-        nextLevel: AuthenticatorAssuranceLevels | null;
-        /**
-         * A list of all authentication methods attached to this session. Use
-         * the information here to detect the last time a user verified a
-         * factor, for example if implementing a step-up scenario.
-         */
-        currentAuthenticationMethods: AMREntry[];
+/**
+ * Response type for WebAuthn MFA challenge.
+ * Contains credential creation or request options from the server.
+ * @see {@link https://w3c.github.io/webauthn/#sctn-credential-creation W3C WebAuthn Spec - Credential Creation}
+ */
+export declare type AuthMFAChallengeWebauthnResponse = RequestResult<Prettify<AuthMFAChallengeResponseBase<'webauthn'> & AuthMFAChallengeWebauthnResponseFields>>;
+declare type AuthMFAChallengeWebauthnResponseFieldsJSON = {
+    webauthn: {
+        type: 'create';
+        credential_options: {
+            publicKey: ServerCredentialCreationOptions;
+        };
+    } | {
+        type: 'request';
+        credential_options: {
+            publicKey: ServerCredentialRequestOptions;
+        };
     };
-    error: null;
-} | {
-    data: null;
-    error: AuthError;
 };
+/**
+ * JSON-serializable version of WebAuthn challenge response.
+ * Used for server communication with base64url-encoded binary fields.
+ */
+export declare type AuthMFAChallengeWebauthnResponseDataJSON = Prettify<AuthMFAChallengeResponseBase<'webauthn'> & AuthMFAChallengeWebauthnResponseFieldsJSON>;
+/**
+ * Server response type for WebAuthn MFA challenge.
+ * Contains JSON-formatted WebAuthn options ready for browser API.
+ */
+export declare type AuthMFAChallengeWebauthnServerResponse = RequestResult<AuthMFAChallengeWebauthnResponseDataJSON>;
+export declare type AuthMFAChallengeResponse = AuthMFAChallengeTOTPResponse | AuthMFAChallengePhoneResponse | AuthMFAChallengeWebauthnResponse;
+/** response of ListFactors, which should contain all the types of factors that are available, this ensures we always include all */
+export declare type AuthMFAListFactorsResponse<T extends typeof FactorTypes = typeof FactorTypes> = RequestResult<{
+    /** All available factors (verified and unverified). */
+    all: Prettify<Factor>[];
+} & {
+    [K in T[number]]: Prettify<Factor<K, 'verified'>>[];
+}>;
+export declare type AuthenticatorAssuranceLevels = 'aal1' | 'aal2';
+export declare type AuthMFAGetAuthenticatorAssuranceLevelResponse = RequestResult<{
+    /** Current AAL level of the session. */
+    currentLevel: AuthenticatorAssuranceLevels | null;
+    /**
+     * Next possible AAL level for the session. If the next level is higher
+     * than the current one, the user should go through MFA.
+     *
+     * @see {@link GoTrueMFAApi#challenge}
+     */
+    nextLevel: AuthenticatorAssuranceLevels | null;
+    /**
+     * A list of all authentication methods attached to this session. Use
+     * the information here to detect the last time a user verified a
+     * factor, for example if implementing a step-up scenario.
+     */
+    currentAuthenticationMethods: AMREntry[];
+}>;
 /**
  * Contains the full multi-factor authentication API.
  *
@@ -862,20 +888,26 @@ export interface GoTrueMFAApi {
      * The user has to enter the code from their authenticator app to verify it.
      *
      * Upon verifying a factor, all other sessions are logged out and the current session's authenticator level is promoted to `aal2`.
-     *
      */
     enroll(params: MFAEnrollTOTPParams): Promise<AuthMFAEnrollTOTPResponse>;
     enroll(params: MFAEnrollPhoneParams): Promise<AuthMFAEnrollPhoneResponse>;
+    enroll(params: MFAEnrollWebauthnParams): Promise<AuthMFAEnrollWebauthnResponse>;
     enroll(params: MFAEnrollParams): Promise<AuthMFAEnrollResponse>;
     /**
      * Prepares a challenge used to verify that a user has access to a MFA
      * factor.
      */
+    challenge(params: MFAChallengeTOTPParams): Promise<Prettify<AuthMFAChallengeTOTPResponse>>;
+    challenge(params: MFAChallengePhoneParams): Promise<Prettify<AuthMFAChallengePhoneResponse>>;
+    challenge(params: MFAChallengeWebauthnParams): Promise<Prettify<AuthMFAChallengeWebauthnResponse>>;
     challenge(params: MFAChallengeParams): Promise<AuthMFAChallengeResponse>;
     /**
      * Verifies a code against a challenge. The verification code is
      * provided by the user by entering a code seen in their authenticator app.
      */
+    verify(params: MFAVerifyTOTPParams): Promise<AuthMFAVerifyResponse>;
+    verify(params: MFAVerifyPhoneParams): Promise<AuthMFAVerifyResponse>;
+    verify(params: MFAVerifyWebauthnParams): Promise<AuthMFAVerifyResponse>;
     verify(params: MFAVerifyParams): Promise<AuthMFAVerifyResponse>;
     /**
      * Unenroll removes a MFA factor.
@@ -910,20 +942,15 @@ export interface GoTrueMFAApi {
      *
      */
     getAuthenticatorAssuranceLevel(): Promise<AuthMFAGetAuthenticatorAssuranceLevelResponse>;
+    webauthn: WebAuthnApi;
 }
 /**
  * @expermental
  */
-export declare type AuthMFAAdminDeleteFactorResponse = {
-    data: {
-        /** ID of the factor that was successfully deleted. */
-        id: string;
-    };
-    error: null;
-} | {
-    data: null;
-    error: AuthError;
-};
+export declare type AuthMFAAdminDeleteFactorResponse = RequestResult<{
+    /** ID of the factor that was successfully deleted. */
+    id: string;
+}>;
 /**
  * @expermental
  */
@@ -936,16 +963,10 @@ export declare type AuthMFAAdminDeleteFactorParams = {
 /**
  * @expermental
  */
-export declare type AuthMFAAdminListFactorsResponse = {
-    data: {
-        /** All factors attached to the user. */
-        factors: Factor[];
-    };
-    error: null;
-} | {
-    data: null;
-    error: AuthError;
-};
+export declare type AuthMFAAdminListFactorsResponse = RequestResult<{
+    /** All factors attached to the user. */
+    factors: Factor[];
+}>;
 /**
  * @expermental
  */
@@ -992,13 +1013,7 @@ export declare type SupportedStorage = PromisifyMethods<Pick<Storage, 'getItem'
 export declare type InitializeResult = {
     error: AuthError | null;
 };
-export declare type CallRefreshTokenResult = {
-    session: Session;
-    error: null;
-} | {
-    session: null;
-    error: AuthError;
-};
+export declare type CallRefreshTokenResult = RequestResult<Session>;
 export declare type Pagination = {
     [key: string]: any;
     nextPage: number | null;
@@ -1024,66 +1039,66 @@ export declare type SignOut = {
      */
     scope?: 'global' | 'local' | 'others';
 };
-export declare type MFAEnrollTOTPParams = {
+declare type MFAEnrollParamsBase<T extends FactorType> = {
     /** The type of factor being enrolled. */
-    factorType: 'totp';
-    /** Domain which the user is enrolled with. */
-    issuer?: string;
+    factorType: T;
     /** Human readable name assigned to the factor. */
     friendlyName?: string;
 };
-export declare type MFAEnrollPhoneParams = {
-    /** The type of factor being enrolled. */
-    factorType: 'phone';
-    /** Human readable name assigned to the factor. */
-    friendlyName?: string;
+declare type MFAEnrollTOTPParamFields = {
+    /** Domain which the user is enrolled with. */
+    issuer?: string;
+};
+export declare type MFAEnrollTOTPParams = Prettify<MFAEnrollParamsBase<'totp'> & MFAEnrollTOTPParamFields>;
+declare type MFAEnrollPhoneParamFields = {
     /** Phone number associated with a factor. Number should conform to E.164 format */
     phone: string;
 };
-export declare type AuthMFAEnrollTOTPResponse = {
-    data: {
-        /** ID of the factor that was just enrolled (in an unverified state). */
-        id: string;
-        /** Type of MFA factor.*/
-        type: 'totp';
-        /** TOTP enrollment information. */
-        totp: {
-            /** Contains a QR code encoding the authenticator URI. You can
-             * convert it to a URL by prepending `data:image/svg+xml;utf-8,` to
-             * the value. Avoid logging this value to the console. */
-            qr_code: string;
-            /** The TOTP secret (also encoded in the QR code). Show this secret
-             * in a password-style field to the user, in case they are unable to
-             * scan the QR code. Avoid logging this value to the console. */
-            secret: string;
-            /** The authenticator URI encoded within the QR code, should you need
-             * to use it. Avoid loggin this value to the console. */
-            uri: string;
-        };
-        /** Friendly name of the factor, useful for distinguishing between factors **/
-        friendly_name?: string;
-    };
-    error: null;
-} | {
-    data: null;
-    error: AuthError;
+export declare type MFAEnrollPhoneParams = Prettify<MFAEnrollParamsBase<'phone'> & MFAEnrollPhoneParamFields>;
+declare type MFAEnrollWebauthnFields = {};
+/**
+ * Parameters for enrolling a WebAuthn factor.
+ * Creates an unverified WebAuthn factor that must be verified with a credential.
+ * @see {@link https://w3c.github.io/webauthn/#sctn-registering-a-new-credential W3C WebAuthn Spec - Registering a New Credential}
+ */
+export declare type MFAEnrollWebauthnParams = Prettify<MFAEnrollParamsBase<'webauthn'> & MFAEnrollWebauthnFields>;
+declare type AuthMFAEnrollResponseBase<T extends FactorType> = {
+    /** ID of the factor that was just enrolled (in an unverified state). */
+    id: string;
+    /** Type of MFA factor.*/
+    type: T;
+    /** Friendly name of the factor, useful for distinguishing between factors **/
+    friendly_name?: string;
 };
-export declare type AuthMFAEnrollPhoneResponse = {
-    data: {
-        /** ID of the factor that was just enrolled (in an unverified state). */
-        id: string;
-        /** Type of MFA factor. */
-        type: 'phone';
-        /** Friendly name of the factor, useful for distinguishing between factors **/
-        friendly_name?: string;
-        /** Phone number of the MFA factor in E.164 format. Used to send messages  */
-        phone: string;
+declare type AuthMFAEnrollTOTPResponseFields = {
+    /** TOTP enrollment information. */
+    totp: {
+        /** Contains a QR code encoding the authenticator URI. You can
+         * convert it to a URL by prepending `data:image/svg+xml;utf-8,` to
+         * the value. Avoid logging this value to the console. */
+        qr_code: string;
+        /** The TOTP secret (also encoded in the QR code). Show this secret
+         * in a password-style field to the user, in case they are unable to
+         * scan the QR code. Avoid logging this value to the console. */
+        secret: string;
+        /** The authenticator URI encoded within the QR code, should you need
+         * to use it. Avoid loggin this value to the console. */
+        uri: string;
     };
-    error: null;
-} | {
-    data: null;
-    error: AuthError;
 };
+export declare type AuthMFAEnrollTOTPResponse = RequestResult<Prettify<AuthMFAEnrollResponseBase<'totp'> & AuthMFAEnrollTOTPResponseFields>>;
+declare type AuthMFAEnrollPhoneResponseFields = {
+    /** Phone number of the MFA factor in E.164 format. Used to send messages  */
+    phone: string;
+};
+export declare type AuthMFAEnrollPhoneResponse = RequestResult<Prettify<AuthMFAEnrollResponseBase<'phone'> & AuthMFAEnrollPhoneResponseFields>>;
+declare type AuthMFAEnrollWebauthnFields = {};
+/**
+ * Response type for WebAuthn factor enrollment.
+ * Returns the enrolled factor ID and metadata.
+ * @see {@link https://w3c.github.io/webauthn/#sctn-registering-a-new-credential W3C WebAuthn Spec - Registering a New Credential}
+ */
+export declare type AuthMFAEnrollWebauthnResponse = RequestResult<Prettify<AuthMFAEnrollResponseBase<'webauthn'> & AuthMFAEnrollWebauthnFields>>;
 export declare type JwtHeader = {
     alg: 'RS256' | 'ES256' | 'HS256';
     kid: string;